New Open-Source Tool Spotlight

Google's GRR (GRR Rapid Response) is an open-source framework for remote live forensics and incident response. It allows security teams to investigate systems at scale without interrupting operations. Used for data collection, analysis, and hunting. #CyberSecurity #DFIR

Project link on #GitHub https://github.com/google/grr

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

Active Directory Certificate Services (AD CS) can be a goldmine if misconfigured. Tools like Certipy simplify enumeration and abuse, leveraging techniques like Shadow Credentials, Golden Certificates, and domain escalation paths (ESC1-ESC11). #CyberSecurity #RedTeam

Certipy's `shadow` command exemplifies ADCS weaknesses. By manipulating `msDS-KeyCredentialLink`, you can take over accounts via PKINIT. It's seamless but devastating for privilege escalation. #Pentesting #ActiveDirectory

Golden Certificates mimic Golden Tickets but target ADCS. Using a compromised CA private key, an attacker can forge certs for domain controllers or users. Certipy automates this process—caution with CA backups. #InfoSec #PKI

Project link on #GitHub https://github.com/ly4k/Certipy

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

Want to keep your files safe on Google Drive?

With Cryptomator, it's super easy: Encrypt your data before it ever reaches the cloud!

Follow these simple steps to get started with Google Drive + Cryptomator.

How can a DNS mail record be used to trick you into giving up your login credentials?

Researchers at Infoblox have identified a phishing-as-a-service (PhaaS) platform called Morphing Meerkat that’s been quietly operating for over five years. What makes it notable is its use of DNS MX (Mail Exchange) records in ways rarely reported before. Instead of the usual static phishing page setups, Morphing Meerkat queries the victim’s email provider’s MX record—using DNS-over-HTTPS via Google or Cloudflare—to tailor the phishing page dynamically. This means victims are shown spoofed login interfaces that mimic the exact service they use, complete with matching branding and pre-filled email fields.

The platform supports more than 114 brand templates and uses obfuscated JavaScript to evade detection. It also includes built-in translation capabilities based on browser profile or geolocation, making the fake login pages appear native to the user's language. Earlier versions began in 2020 targeting just five email services (Gmail, Outlook, Yahoo, AOL, Office 365). By mid-2023, they could generate phishing pages dynamically using MX records and now operate in over a dozen languages.

Morphing Meerkat campaigns rely on a set of centralized email servers, primarily hosted by UK ISP iomart and US-based HostPapa, indicating a coordinated infrastructure rather than a loose network of attackers. The phishing emails often impersonate trusted services—banks, shipping companies, etc.—and are distributed using compromised WordPress sites, open redirects from platforms like Google’s DoubleClick, and embedded links in shortened URLs.

Once a user submits credentials, the system may display a fake “Invalid Password” error to lure them into re-entering data, after which they are redirected to the real login page. This not only reduces suspicion but also increases the chance of capturing correct credentials. Stolen data is sent back via AJAX, PHP scripts, or Telegram bots, sometimes with evidence removed in real-time.

This operation shows a deep understanding of modern security blind spots—including how content delivery and DNS infrastructure can be turned against end users.

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

Some of my colleagues at #AWS have created an open-source serverless #AI assisted #threatmodel solution. You upload architecture diagrams to it, and it uses Claude Sonnet via Amazon Bedrock to analyze it.

I'm not too impressed with the threats it comes up with. But I am very impressed with the amount of typing it saves. Given nothing more than a picture and about 2 minutes of computation, it spits out a very good list of what is depicted in the diagram and the flows between them. To the extent that the diagram is accurate/well-labeled, this solution seems to do a very good job writing out what is depicted.

I deployed this "Threat Designer" app. Then I took the architecture image from this blog post and dropped that picture into it. The image analysis produced some of the list of things you see attached.

This is a specialized, context-aware kind of OCR. I was impressed at boundaries, flows, and assets pulled from a graphic. Could save a lot of typing time. I was not impressed with the threats it identifies. Having said that, it did identify a handful of things I hadn't thought of before, like EventBridge event injection. But the majority of the threats are low value.

I suspect this app is not cheap to run. So caveat deployor.
#cloud #cloudsecurity #appsec #threatmodeling

Free Cybersecurity Webcasts from SANS — Now Open for Registration!

SANS Institute has released its latest schedule of free, expert-led webcasts throughout 2025. Topics span the most critical areas of cybersecurity today:

Microsoft Defender for Cloud – Best practices & insights
ICS Security & Management of Change – Resilience and risk
Threat Intelligence & SOC Trends – Based on global survey data
Multicloud & GenAI Security – How organizations are adapting
Attack Surface Management – Stay ahead of hacker tactics

Flexible live or on-demand viewing
Earn CPE credits
Stay current on the latest in cyber

This is a great opportunity for pros at all levels to grow their skills and stay sharp in a fast-evolving field.

#CyberSecurity #SANS #ProfessionalDevelopment #FreeTraining #ThreatIntel #SOC #CloudSecurity
@sans_isc
@sans_isc@mastodon.social

https://view.email.sans.org/?qs=69e0423f47b163c10422e42e78f288b1ccd6a87e76506420328fda341009ee42763f21ede68cb31569b62cbbaa38aa3792a19b908f03af20cdaeca844e5fa9ec285d2bb1d239bbb0bfc583cd46493f984d8f5f21647ae6b7

Hot take, If you develop for cloud environments you need to get used to a default deny on egress and only allow dependencies to be pulled during the build phase. You should know exactly what is talking to where and why. allow all on egress is the equivalent to I chmod 777'd it and it works so whatever...

Cloud Computing: The Backbone of Modern Digital Transformation

#CloudComputing #TechInnovation #DigitalTransformation #CloudTechnology #BusinessGrowth #AI #CloudSecurity #CloudServices #HybridCloud #MultiCloud #ITInfrastructure #FutureOfTech #CloudStorage #CyberSecurity #SaaS #PaaS #IaaS #DataSecurity #Scalability #CloudAdoption #TechTrends

https://www.techi.com/the-history-of-cloud-computing/

Whoa, 112 SaaS apps per company? Seriously?! Most folks don't even realize what's going on...

SaaS security is a *huge* deal. I mean, who's actually patching Office 365 correctly? And are you really keeping an eye on permissions? Probably not.

We've got Shadow IT, misconfigurations, and third-party risks – the whole shebang! Every app's different. One wrong setting? It is Jackpot time for attackers!

As a pentester, I often see how much SaaS is underestimated. I had a client once tell me, "We've got a firewall!" Yeah, but that doesn't cover, well, *everything*.

Your SaaS security needs a holistic approach. AI can help, sure, but it's not a magic bullet. Data is crucial for AI, as we know! And AI likes to, shall we say, make stuff up sometimes!

So, go check your SaaS configs! Keep an eye out for Shadow IT and third-party vendors. AI tools are cool for monitoring. But, you know, keep it real! Don't forget about those penetration tests!

How are *you* securing your SaaS environment? What red flags have you spotted? Let's hear it!

New Open-Source Tool Spotlight

Azure Sentinel is Microsoft's cloud-native SIEM tool. It integrates AI to detect threats, automate responses, and monitor logs across environments. Useful for hybrid clouds, it supports connectors for platforms like AWS, Office 365, and more. #CloudSecurity #SIEM

Project link on #GitHub https://github.com/Azure/Azure-Sentinel

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

Vault Recon (Azure KeyVault Secrets Metadata Control Plane Exfiltration)

#cloudsecurity

https://www.cloudvulndb.org/azure-vault-recon-keyvault-secret-metadata-control-plane-exfiltration

I am curating the Supply Chain Security track at #Rootconf2025!

Got stories, tools, or lessons from the trenches? Come speak — or just show up and learn.

hasgeek.com/rootconf/2025/

#Germany's #cloudcomputing market is booming, with significant trends and challenges shaping its future. According to the "KPMG Cloud Monitor 2024," almost all companies (98%) are now in the cloud, with 55% relying on hybrid cloud models combining public and private cloud solutions. This shift is driven by the increasing integration of AI into cloud services, with 97% of cloud-using companies obtaining AI solutions from cloud providers.

Market Size: The German cloud computing market is projected to reach USD 56.52 billion in 2025, growing at a CAGR of 15.51% until 2030.

Challenges: Stringent data protection regulations, such as GDPR, pose significant challenges for cloud adoption.

#CloudEngineering #Germany #TechHive #StaffingSolutions #CloudComputing #AI #DataSovereignty #HybridCloud #MultiCloud #Ionos #GaiaX #GDPR #DataProtection #ITInfrastructure #DigitalTransformation #CloudSecurity #CloudTrends #CloudMarket #CloudProviders

https://kpmg.com/de/en/home/media/press-releases/2024/10/the-success-of-artificial-intelligence-also-reaches-the-cloud.html

https://www.mordorintelligence.com/industry-reports/germany-cloud-computing-market

Spring is here – and so is our Spring Sale!

From March 20 to 31, get 25%* off #Cryptomator and Cryptomator Hub!

No subscription, no hidden fees – just one-time encryption security for your cloud files.

Now only €14.99!*

Hurry! Offer ends on World Backup Day, March 31.

Learn more: https://cryptomator.org/blog/2025/03/20/spring-sale/?utm_source=mastodon&utm_medium=social&utm_campaign=spring-sale

*Discount and final price may vary by region.

Google’s Threat Intelligence Group (GTIG) has released a report analyzing how advanced persistent threat (APT) groups & coordinated information operations (IO) actors are leveraging #GenerativeAI.

Their findings Read #InfoQ to find out: https://bit.ly/4hHyDFE

New Open-Source Tool Spotlight

DataDog's KubeHound is a tool that queries Kubernetes clusters and surfaces Pod Security Standard violations. It works by analyzing a cluster against best practices with minimal setup. Useful for teams focused on securing their workloads in Kubernetes environments. #Kubernetes #CyberSecurity

Project link on #GitHub https://github.com/DataDog/KubeHound

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

Hey everyone, does this sound familiar? You install a Python package and suddenly feel like you've been robbed blind?

Right now, there's a nasty campaign going on targeting PyPI, and it's misusing "time" utilities to swipe cloud credentials. Get this – it's already had over 14,000 downloads! The malware hides in packages that are *supposed* to just check the time. But instead, they're snatching cloud keys (AWS, Azure, the works) and sending them straight to the bad guys.

Honestly, it reminds me of a pentest we did where we *almost* missed a similar camouflage trick. Seriously creepy! So, heads up: Double-check your dependencies, run those scans, review your cloud configurations, and above all, be suspicious! And hey, just a friendly reminder: automated scans are no substitute for a manual pentest!

Have you run into anything similar? What tools are you using to beef up your security? Let's chat about it!

I hold a #CloudSecurity training for a company twice a year for a couple of years now. That means, that I log into #AWS every 6 months, rarely in between.
And every single time the user interface gets substantially slower.
How are people handling this, who have to use this stuff on a daily basis?

New Open-Source Tool Spotlight

Mimikatz is a well-known open-source tool for extracting credentials from Windows systems. It can retrieve plaintext passwords, hash credentials, and even Kerberos tickets from memory. Used by both researchers and attackers, it highlights the importance of secure credential management in Active Directory environments. #CyberSecurity #WindowsSecurity

Project link on #GitHub https://github.com/gentilkiwi/mimikatz

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

with everybody freaking out about TrumpMusk and what that means for our digital sovereignty, here's a little "don't panic, please"

Europe is not as much of a powerless victim in this as it may seem

https://infosec.press/jaythvv/19