delivr.to
@delivrto.bsky.social
Updates from the https://delivr.to team, including new payloads, features and announcements.
It's here.
The latest iteration of our Top 10 includes the most important developments in initial access tradecraft; from macOS targeting of ClickFix, to Zip Smuggling, to QRLJacking.
Blog:
The latest iteration of our Top 10 includes the most important developments in initial access tradecraft; from macOS targeting of ClickFix, to Zip Smuggling, to QRLJacking.
Blog:
delivr.to’s Top 10 Payloads (July ‘25): FileFix, Zip Smuggling and QRLJacking
The fifth iteration of the delivr.to Top 10, including FileFix, Zip Smuggling and QRLJacking
blog.delivr.to
July 14, 2025 at 8:00 AM
It's here.
The latest iteration of our Top 10 includes the most important developments in initial access tradecraft; from macOS targeting of ClickFix, to Zip Smuggling, to QRLJacking.
Blog:
The latest iteration of our Top 10 includes the most important developments in initial access tradecraft; from macOS targeting of ClickFix, to Zip Smuggling, to QRLJacking.
Blog:
Our Phishing Attack Technique Explorer is now live! 😈🔍
Next time you browse our catalogue, you'll see a new view to find payloads combining popular attack techniques; from Pastejacking and Bring Your Own Interpreter, to HTML Smuggling and Auth Coercion.
Find out more at delivr.to/app/payloads
Next time you browse our catalogue, you'll see a new view to find payloads combining popular attack techniques; from Pastejacking and Bring Your Own Interpreter, to HTML Smuggling and Auth Coercion.
Find out more at delivr.to/app/payloads
April 28, 2025 at 8:00 AM
Our Phishing Attack Technique Explorer is now live! 😈🔍
Next time you browse our catalogue, you'll see a new view to find payloads combining popular attack techniques; from Pastejacking and Bring Your Own Interpreter, to HTML Smuggling and Auth Coercion.
Find out more at delivr.to/app/payloads
Next time you browse our catalogue, you'll see a new view to find payloads combining popular attack techniques; from Pastejacking and Bring Your Own Interpreter, to HTML Smuggling and Auth Coercion.
Find out more at delivr.to/app/payloads
⚠️ CVE-2025-21298 - A vuln in Windows could enable remote code execution via a crafted RTF file, just by the user previewing the file in Outlook
🛡️ We've added a POC to delivr.to to test deliverability: delivr.to/?id=d22c9632...
🔍 Detect RTFs with our Sublime rule: sublime.security/feeds/delivr...
🛡️ We've added a POC to delivr.to to test deliverability: delivr.to/?id=d22c9632...
🔍 Detect RTFs with our Sublime rule: sublime.security/feeds/delivr...
Home | delivr.to
Bringing purple teaming to email. Emulate the latest offensive techniques to measure your stack's effectiveness, track improvement, and quantify the threats that can reach your users.
delivr.to
January 22, 2025 at 4:10 PM
⚠️ CVE-2025-21298 - A vuln in Windows could enable remote code execution via a crafted RTF file, just by the user previewing the file in Outlook
🛡️ We've added a POC to delivr.to to test deliverability: delivr.to/?id=d22c9632...
🔍 Detect RTFs with our Sublime rule: sublime.security/feeds/delivr...
🛡️ We've added a POC to delivr.to to test deliverability: delivr.to/?id=d22c9632...
🔍 Detect RTFs with our Sublime rule: sublime.security/feeds/delivr...
Closing the books on 2024! ✨
Thank you to everyone who's been a part of delivr.to's journey this year! We’re incredibly excited about what’s coming your way in 2025—stay tuned!
Happy New Year everyone! 🎉
Thank you to everyone who's been a part of delivr.to's journey this year! We’re incredibly excited about what’s coming your way in 2025—stay tuned!
Happy New Year everyone! 🎉
December 31, 2024 at 10:01 AM
Closing the books on 2024! ✨
Thank you to everyone who's been a part of delivr.to's journey this year! We’re incredibly excited about what’s coming your way in 2025—stay tuned!
Happy New Year everyone! 🎉
Thank you to everyone who's been a part of delivr.to's journey this year! We’re incredibly excited about what’s coming your way in 2025—stay tuned!
Happy New Year everyone! 🎉
Twice a year we take a deep dive into the latest, notable tradecraft that has caught our attention in the world of phishing and initial access over the past six months. From Pastejacking, to image-less QR codes, to zip concatenation.
📚 Read our new Top 10: blog.delivr.to/delivr-tos-t...
📚 Read our new Top 10: blog.delivr.to/delivr-tos-t...
December 19, 2024 at 9:00 AM
Twice a year we take a deep dive into the latest, notable tradecraft that has caught our attention in the world of phishing and initial access over the past six months. From Pastejacking, to image-less QR codes, to zip concatenation.
📚 Read our new Top 10: blog.delivr.to/delivr-tos-t...
📚 Read our new Top 10: blog.delivr.to/delivr-tos-t...
New SVG Weaponisation Techniques ⚠️
Recent threat actor activity has demonstrated new techniques for weaponising SVGs, allowing them to be used for new attack types including credential stealing!
We've updated our research blog with more details: blog.delivr.to/svg-smugglin...
Recent threat actor activity has demonstrated new techniques for weaponising SVGs, allowing them to be used for new attack types including credential stealing!
We've updated our research blog with more details: blog.delivr.to/svg-smugglin...
SVG Smuggling: A picture worth a thousand words
HTML Smuggling is a common phishing technique, but did you know SVG image files can be used for smuggling too?
blog.delivr.to
December 3, 2024 at 2:14 PM
New SVG Weaponisation Techniques ⚠️
Recent threat actor activity has demonstrated new techniques for weaponising SVGs, allowing them to be used for new attack types including credential stealing!
We've updated our research blog with more details: blog.delivr.to/svg-smugglin...
Recent threat actor activity has demonstrated new techniques for weaponising SVGs, allowing them to be used for new attack types including credential stealing!
We've updated our research blog with more details: blog.delivr.to/svg-smugglin...
Zip Concatenation 📦⚠️
A recent blog from Perception Point (perception-point.io/blog/evasive-c…) shows how actors are concatenating zip files to evade mail filters and deliver malicious content
🛡️ Test deliverability: delivr.to/?search=conc...
🔍 Detect with YARA: github.com/delivr-to/de...
🧵1/3
A recent blog from Perception Point (perception-point.io/blog/evasive-c…) shows how actors are concatenating zip files to evade mail filters and deliver malicious content
🛡️ Test deliverability: delivr.to/?search=conc...
🔍 Detect with YARA: github.com/delivr-to/de...
🧵1/3
Evasive ZIP Concatenation: Trojan Targets Windows Users | Perception Point
Attackers exploit concatenated ZIP files, embedding malware that specifically targets users of certain tools to evade detection.
perception-point.io
November 15, 2024 at 10:00 AM
Zip Concatenation 📦⚠️
A recent blog from Perception Point (perception-point.io/blog/evasive-c…) shows how actors are concatenating zip files to evade mail filters and deliver malicious content
🛡️ Test deliverability: delivr.to/?search=conc...
🔍 Detect with YARA: github.com/delivr-to/de...
🧵1/3
A recent blog from Perception Point (perception-point.io/blog/evasive-c…) shows how actors are concatenating zip files to evade mail filters and deliver malicious content
🛡️ Test deliverability: delivr.to/?search=conc...
🔍 Detect with YARA: github.com/delivr-to/de...
🧵1/3