Ahmed
@mawg0ud.bsky.social
A Researcher by Day • Coffee Connoisseur by Passion • An Insatiable Explorer of the Written Word.
Book Recommendation:
Mastering post-exploitation?
'The Hacker Playbook 3' 👌
by Peter Kim is a must-read, as it covers:
a. Actual Attack Chains,
b. Evasion Techniques,
c. Red Team Strategies.
Practical over theory.
Link: digtvbg.com/files/books-...
#RedTeam #OffSec #infosec
Mastering post-exploitation?
'The Hacker Playbook 3' 👌
by Peter Kim is a must-read, as it covers:
a. Actual Attack Chains,
b. Evasion Techniques,
c. Red Team Strategies.
Practical over theory.
Link: digtvbg.com/files/books-...
#RedTeam #OffSec #infosec
March 15, 2025 at 9:33 AM
Book Recommendation:
Mastering post-exploitation?
'The Hacker Playbook 3' 👌
by Peter Kim is a must-read, as it covers:
a. Actual Attack Chains,
b. Evasion Techniques,
c. Red Team Strategies.
Practical over theory.
Link: digtvbg.com/files/books-...
#RedTeam #OffSec #infosec
Mastering post-exploitation?
'The Hacker Playbook 3' 👌
by Peter Kim is a must-read, as it covers:
a. Actual Attack Chains,
b. Evasion Techniques,
c. Red Team Strategies.
Practical over theory.
Link: digtvbg.com/files/books-...
#RedTeam #OffSec #infosec
Inline hooking too noisy?
Use hardware breakpoints via 'SetThreadContext' to hijack execution flow without modifying code.
Silent, reversible & hard to detect.
#RedTeam #Malware #infosec #cybersecurity #bugbounty
Use hardware breakpoints via 'SetThreadContext' to hijack execution flow without modifying code.
Silent, reversible & hard to detect.
#RedTeam #Malware #infosec #cybersecurity #bugbounty
March 15, 2025 at 9:29 AM
Inline hooking too noisy?
Use hardware breakpoints via 'SetThreadContext' to hijack execution flow without modifying code.
Silent, reversible & hard to detect.
#RedTeam #Malware #infosec #cybersecurity #bugbounty
Use hardware breakpoints via 'SetThreadContext' to hijack execution flow without modifying code.
Silent, reversible & hard to detect.
#RedTeam #Malware #infosec #cybersecurity #bugbounty
Turn your Raspberry Pi into a 𝐩𝐨𝐜𝐤𝐞𝐭-𝐬𝐢𝐳𝐞𝐝 𝐩𝐞𝐧𝐭𝐞𝐬𝐭𝐢𝐧𝐠 𝐩𝐨𝐰𝐞𝐫𝐡𝐨𝐮𝐬𝐞 with Kali.
⚡Stealthy, portable & packed with offensive tools, as real security pros test anytime, anywhere.
🔍 Topic: medium.com/@mawgoud/bui...
#KaliLinux #CyberSecurity #Infosec
⚡Stealthy, portable & packed with offensive tools, as real security pros test anytime, anywhere.
🔍 Topic: medium.com/@mawgoud/bui...
#KaliLinux #CyberSecurity #Infosec
Build the Ultimate On-the-Go Penetration Testing Machine with Kali Linux & Raspberry Pi
Table of Contents:
medium.com
March 9, 2025 at 5:23 AM
Turn your Raspberry Pi into a 𝐩𝐨𝐜𝐤𝐞𝐭-𝐬𝐢𝐳𝐞𝐝 𝐩𝐞𝐧𝐭𝐞𝐬𝐭𝐢𝐧𝐠 𝐩𝐨𝐰𝐞𝐫𝐡𝐨𝐮𝐬𝐞 with Kali.
⚡Stealthy, portable & packed with offensive tools, as real security pros test anytime, anywhere.
🔍 Topic: medium.com/@mawgoud/bui...
#KaliLinux #CyberSecurity #Infosec
⚡Stealthy, portable & packed with offensive tools, as real security pros test anytime, anywhere.
🔍 Topic: medium.com/@mawgoud/bui...
#KaliLinux #CyberSecurity #Infosec
Goodbye Skype
Once the king of VoIP, now just a ghost in the digital graveyard. ☠️
From P2P-powered resilience to Microsoft's EDR-infested bloat, it never stood a chance.
Source: mybroadband.co.za/news/interne...
#Skype #Tech #VoIP #EDR #Teams #Zoom
Once the king of VoIP, now just a ghost in the digital graveyard. ☠️
From P2P-powered resilience to Microsoft's EDR-infested bloat, it never stood a chance.
Source: mybroadband.co.za/news/interne...
#Skype #Tech #VoIP #EDR #Teams #Zoom
Say goodbye to Skype
The 22-year-old video calling tool will reportedly retire in May 2025.
mybroadband.co.za
March 9, 2025 at 4:19 AM
Three VMware zero-days exploited in the wild.
CVE-2025-22224,
CVE-2025-22225,
CVE-2025-22226.
Attackers with admin access can chain these to escape VM sandboxes & control the hypervisor.
#VMware #ZeroDay #CyberSecurity #Infosec #Cybersecurity
Source: www.infosecurity-magazine.com/news/vmware-...
CVE-2025-22224,
CVE-2025-22225,
CVE-2025-22226.
Attackers with admin access can chain these to escape VM sandboxes & control the hypervisor.
#VMware #ZeroDay #CyberSecurity #Infosec #Cybersecurity
Source: www.infosecurity-magazine.com/news/vmware-...
VMware Warns Customers to Patch Actively Exploited Zero-Day Flaws
Cloud software firm VMware has issued a critical security advisory, detailing three zero-day vulnerabilities being actively exploited in the wild
www.infosecurity-magazine.com
March 6, 2025 at 7:01 AM
Three VMware zero-days exploited in the wild.
CVE-2025-22224,
CVE-2025-22225,
CVE-2025-22226.
Attackers with admin access can chain these to escape VM sandboxes & control the hypervisor.
#VMware #ZeroDay #CyberSecurity #Infosec #Cybersecurity
Source: www.infosecurity-magazine.com/news/vmware-...
CVE-2025-22224,
CVE-2025-22225,
CVE-2025-22226.
Attackers with admin access can chain these to escape VM sandboxes & control the hypervisor.
#VMware #ZeroDay #CyberSecurity #Infosec #Cybersecurity
Source: www.infosecurity-magazine.com/news/vmware-...
EDRs love API hooking?
PatchGuard doesn’t.
Instead of unhooking,
do this ... redirect execution using Heaven’s Gate (switching to 64-bit from 32-bit in WoW64) / indirect syscalls.
Stay ahead, stay silent. 🕵️♂️
#RedTeam #Malware #infosec #cybersecurity #bugbounty #EDR #WoW64
PatchGuard doesn’t.
Instead of unhooking,
do this ... redirect execution using Heaven’s Gate (switching to 64-bit from 32-bit in WoW64) / indirect syscalls.
Stay ahead, stay silent. 🕵️♂️
#RedTeam #Malware #infosec #cybersecurity #bugbounty #EDR #WoW64
March 4, 2025 at 6:17 AM
EDRs love API hooking?
PatchGuard doesn’t.
Instead of unhooking,
do this ... redirect execution using Heaven’s Gate (switching to 64-bit from 32-bit in WoW64) / indirect syscalls.
Stay ahead, stay silent. 🕵️♂️
#RedTeam #Malware #infosec #cybersecurity #bugbounty #EDR #WoW64
PatchGuard doesn’t.
Instead of unhooking,
do this ... redirect execution using Heaven’s Gate (switching to 64-bit from 32-bit in WoW64) / indirect syscalls.
Stay ahead, stay silent. 🕵️♂️
#RedTeam #Malware #infosec #cybersecurity #bugbounty #EDR #WoW64
Process injection via Atom Tables is an underrated stealth tactic.
Store shellcode in an atom, retrieve it in a remote process, and execute via callback.
Avoids common memory scanning detections.
#RedTeam #EDREvasion #Infosec #CyberSecurity
Store shellcode in an atom, retrieve it in a remote process, and execute via callback.
Avoids common memory scanning detections.
#RedTeam #EDREvasion #Infosec #CyberSecurity
March 4, 2025 at 4:52 AM
Process injection via Atom Tables is an underrated stealth tactic.
Store shellcode in an atom, retrieve it in a remote process, and execute via callback.
Avoids common memory scanning detections.
#RedTeam #EDREvasion #Infosec #CyberSecurity
Store shellcode in an atom, retrieve it in a remote process, and execute via callback.
Avoids common memory scanning detections.
#RedTeam #EDREvasion #Infosec #CyberSecurity
🔧Transform your Raspberry Pi into a portable pentesting powerhouse with a 3.5-inch touchscreen & Kali Linux!
--Ideal for on-the-go cybersecurity assessments.
🔍Details: mobile-hacker.com/2025/02/26/b...
#Pentesting #Infosec #KaliLinux #RaspberryPi #cybersecurity
--Ideal for on-the-go cybersecurity assessments.
🔍Details: mobile-hacker.com/2025/02/26/b...
#Pentesting #Infosec #KaliLinux #RaspberryPi #cybersecurity
March 1, 2025 at 8:08 AM
🔧Transform your Raspberry Pi into a portable pentesting powerhouse with a 3.5-inch touchscreen & Kali Linux!
--Ideal for on-the-go cybersecurity assessments.
🔍Details: mobile-hacker.com/2025/02/26/b...
#Pentesting #Infosec #KaliLinux #RaspberryPi #cybersecurity
--Ideal for on-the-go cybersecurity assessments.
🔍Details: mobile-hacker.com/2025/02/26/b...
#Pentesting #Infosec #KaliLinux #RaspberryPi #cybersecurity
🔍Leaked code reveals a token refresh script used in adversary-in-the-middle (AITM) attacks.
If you're not monitoring OAuth token activity, you're flying blind.
Stay vigilant.
#CyberSecurity #AITM #OAuth #infosec #MiTM
github.com/zolderio/AIT...
If you're not monitoring OAuth token activity, you're flying blind.
Stay vigilant.
#CyberSecurity #AITM #OAuth #infosec #MiTM
github.com/zolderio/AIT...
github.com
February 22, 2025 at 8:21 AM
🔍Leaked code reveals a token refresh script used in adversary-in-the-middle (AITM) attacks.
If you're not monitoring OAuth token activity, you're flying blind.
Stay vigilant.
#CyberSecurity #AITM #OAuth #infosec #MiTM
github.com/zolderio/AIT...
If you're not monitoring OAuth token activity, you're flying blind.
Stay vigilant.
#CyberSecurity #AITM #OAuth #infosec #MiTM
github.com/zolderio/AIT...
⤼ Early Grok-3 ('chocolate') leads the 'Chatbot Arena ELO rankings' edging out top-tier models
Are novel training paradigms (e.g., retrieval-augmented generation, improved instruction tuning) playing a larger role?
Feb, 2025
#AI #MachineLearning #LLMs #NLP #DeepLearning #Grok
Are novel training paradigms (e.g., retrieval-augmented generation, improved instruction tuning) playing a larger role?
Feb, 2025
#AI #MachineLearning #LLMs #NLP #DeepLearning #Grok
February 21, 2025 at 6:15 AM
⤼ Early Grok-3 ('chocolate') leads the 'Chatbot Arena ELO rankings' edging out top-tier models
Are novel training paradigms (e.g., retrieval-augmented generation, improved instruction tuning) playing a larger role?
Feb, 2025
#AI #MachineLearning #LLMs #NLP #DeepLearning #Grok
Are novel training paradigms (e.g., retrieval-augmented generation, improved instruction tuning) playing a larger role?
Feb, 2025
#AI #MachineLearning #LLMs #NLP #DeepLearning #Grok
Morning / Evening all ☕️
Let's talk about Active Directory (AD) security.
Attackers 'love' targeting AD for domain admin privileges.
Here's a thread on the top techniques they use!
Image Credit: (cyber.gov.au, 2024)
A Thread 1/10🧵
#CyberSecurity #infosec #CVE
Let's talk about Active Directory (AD) security.
Attackers 'love' targeting AD for domain admin privileges.
Here's a thread on the top techniques they use!
Image Credit: (cyber.gov.au, 2024)
A Thread 1/10🧵
#CyberSecurity #infosec #CVE
February 18, 2025 at 2:32 PM
Morning / Evening all ☕️
Let's talk about Active Directory (AD) security.
Attackers 'love' targeting AD for domain admin privileges.
Here's a thread on the top techniques they use!
Image Credit: (cyber.gov.au, 2024)
A Thread 1/10🧵
#CyberSecurity #infosec #CVE
Let's talk about Active Directory (AD) security.
Attackers 'love' targeting AD for domain admin privileges.
Here's a thread on the top techniques they use!
Image Credit: (cyber.gov.au, 2024)
A Thread 1/10🧵
#CyberSecurity #infosec #CVE
You will enjoy reading this ☕
🔬What IF: Scientists Choose Rust Over Python for AI Development.
📖 Read the full story ..
🔗https://mawgoud.medium.com/earth-72-scientists-adapted-rust-instead-of-python-for-artificial-intelligence-development-84b705459613
#AI #Rust #Python #Tech #Multiverse #ML
🔬What IF: Scientists Choose Rust Over Python for AI Development.
📖 Read the full story ..
🔗https://mawgoud.medium.com/earth-72-scientists-adapted-rust-instead-of-python-for-artificial-intelligence-development-84b705459613
#AI #Rust #Python #Tech #Multiverse #ML
February 15, 2025 at 12:49 PM
🚨 DeepSeek's iOS app is sending sensitive user data to a ByteDance (TikTok) .. affiliated cloud platform without encryption.
👉 Full Report: thehackernews.com/2025/02/deep...
#Cybersecurity #Privacy #Bug #Encryption #Tech #News #Security #TikTok #DeepSeek #OpenAI
👉 Full Report: thehackernews.com/2025/02/deep...
#Cybersecurity #Privacy #Bug #Encryption #Tech #News #Security #TikTok #DeepSeek #OpenAI
February 15, 2025 at 5:37 AM
🚨 DeepSeek's iOS app is sending sensitive user data to a ByteDance (TikTok) .. affiliated cloud platform without encryption.
👉 Full Report: thehackernews.com/2025/02/deep...
#Cybersecurity #Privacy #Bug #Encryption #Tech #News #Security #TikTok #DeepSeek #OpenAI
👉 Full Report: thehackernews.com/2025/02/deep...
#Cybersecurity #Privacy #Bug #Encryption #Tech #News #Security #TikTok #DeepSeek #OpenAI
Reposted by Ahmed
Ups and downs of #redteam engagements. When the standard payloads don’t cut it, innovation wins. Learn how we misused a screenshot tool to load shellcode… at the fifth attempt!…
blog.compass-security.com/2024/12/a-ni...
blog.compass-security.com/2024/12/a-ni...
December 17, 2024 at 9:12 AM
Ups and downs of #redteam engagements. When the standard payloads don’t cut it, innovation wins. Learn how we misused a screenshot tool to load shellcode… at the fifth attempt!…
blog.compass-security.com/2024/12/a-ni...
blog.compass-security.com/2024/12/a-ni...
Reposted by Ahmed
Red Teamers: do NOT neglect SNMP like sysadmins usually do! SO many networks have granted me very quick wins through SNMP enumeration, which can be done with Metasploit, snmpwalk, and onesixtyone:
Enum Windows accounts (spray?):
snmpwalk -c public -v1 $TARGET 1.3.6.1.4.1.77.1.2.25
#hacking #redteam
Enum Windows accounts (spray?):
snmpwalk -c public -v1 $TARGET 1.3.6.1.4.1.77.1.2.25
#hacking #redteam
January 24, 2025 at 5:33 PM
Bypass 'FindWindow' anti-debug checks by hooking 'NtUserFindWindowEx' & returning a fake handle.
🕵️♂️ Malware loves to check for debuggers this way ... feed it garbage & watch it fail.
#ReverseEngineering #Malware #infosec #bug #exploitation #pentesting
🕵️♂️ Malware loves to check for debuggers this way ... feed it garbage & watch it fail.
#ReverseEngineering #Malware #infosec #bug #exploitation #pentesting
February 13, 2025 at 6:16 AM
Bypass 'FindWindow' anti-debug checks by hooking 'NtUserFindWindowEx' & returning a fake handle.
🕵️♂️ Malware loves to check for debuggers this way ... feed it garbage & watch it fail.
#ReverseEngineering #Malware #infosec #bug #exploitation #pentesting
🕵️♂️ Malware loves to check for debuggers this way ... feed it garbage & watch it fail.
#ReverseEngineering #Malware #infosec #bug #exploitation #pentesting
Everyone's worried about DeepSeek stealing data, but what about AI tools like ChatGPT? 🤔
your sensitive data is likely going to the USA. Do you know where it's stored & how it's used?
Time to think about AI data security!
#AI #Privacy #OpenAI #ChatGPT #DeepSeek #Tech #data
your sensitive data is likely going to the USA. Do you know where it's stored & how it's used?
Time to think about AI data security!
#AI #Privacy #OpenAI #ChatGPT #DeepSeek #Tech #data
February 13, 2025 at 3:17 AM
This worth the time to read for your time today ☕
I believe the 'formal' title for that can fit in this case:
Salt Typhoon Cyberattack 2024:
The Largest Telecom Hack in the US History.
A Thread 🧵
+
📎Sources ↷
I believe the 'formal' title for that can fit in this case:
Salt Typhoon Cyberattack 2024:
The Largest Telecom Hack in the US History.
A Thread 🧵
+
📎Sources ↷
February 11, 2025 at 6:43 PM
This worth the time to read for your time today ☕
I believe the 'formal' title for that can fit in this case:
Salt Typhoon Cyberattack 2024:
The Largest Telecom Hack in the US History.
A Thread 🧵
+
📎Sources ↷
I believe the 'formal' title for that can fit in this case:
Salt Typhoon Cyberattack 2024:
The Largest Telecom Hack in the US History.
A Thread 🧵
+
📎Sources ↷
So .. this is how it feels like #OpenAI vs #DeepSeek !
#AI #Copyright #DataPrivacy #Privacy #OpenAI #Google #Microsoft #Tech #Meme #BigTech #Privacy #MachineLearning #ML #DeepSeekR1 #ArtificialIntelligence
#AI #Copyright #DataPrivacy #Privacy #OpenAI #Google #Microsoft #Tech #Meme #BigTech #Privacy #MachineLearning #ML #DeepSeekR1 #ArtificialIntelligence
February 8, 2025 at 5:03 AM
So .. this is how it feels like #OpenAI vs #DeepSeek !
#AI #Copyright #DataPrivacy #Privacy #OpenAI #Google #Microsoft #Tech #Meme #BigTech #Privacy #MachineLearning #ML #DeepSeekR1 #ArtificialIntelligence
#AI #Copyright #DataPrivacy #Privacy #OpenAI #Google #Microsoft #Tech #Meme #BigTech #Privacy #MachineLearning #ML #DeepSeekR1 #ArtificialIntelligence
Want to detect malware abusing 'CreateRemoteThread'?
Hook 'NtMapViewOfSection' instead.
Most payloads get mapped before execution, making it a solid choke point for EDR logic.
Timing is everything. ⏳
#ThreatHunting #Malware #Infosec #EDR
Hook 'NtMapViewOfSection' instead.
Most payloads get mapped before execution, making it a solid choke point for EDR logic.
Timing is everything. ⏳
#ThreatHunting #Malware #Infosec #EDR
February 5, 2025 at 5:35 AM
Want to detect malware abusing 'CreateRemoteThread'?
Hook 'NtMapViewOfSection' instead.
Most payloads get mapped before execution, making it a solid choke point for EDR logic.
Timing is everything. ⏳
#ThreatHunting #Malware #Infosec #EDR
Hook 'NtMapViewOfSection' instead.
Most payloads get mapped before execution, making it a solid choke point for EDR logic.
Timing is everything. ⏳
#ThreatHunting #Malware #Infosec #EDR
Worth time reading 👌
🗞️ Don't miss Nextron Systems' latest piece: 'Cyber Security 2025: Practical Trends Beyond the Hype.'
They cut through the noise to highlight threats like supply chain attacks and token abuse.
Link: www.nextron-systems.com/2025/02/03/c...
#CyberSecurity #SupplyChain #Infosec
🗞️ Don't miss Nextron Systems' latest piece: 'Cyber Security 2025: Practical Trends Beyond the Hype.'
They cut through the noise to highlight threats like supply chain attacks and token abuse.
Link: www.nextron-systems.com/2025/02/03/c...
#CyberSecurity #SupplyChain #Infosec
Cyber Security 2025: Practical Trends Beyond the Hype - Nextron Systems
www.nextron-systems.com
February 5, 2025 at 5:26 AM
Worth time reading 👌
🗞️ Don't miss Nextron Systems' latest piece: 'Cyber Security 2025: Practical Trends Beyond the Hype.'
They cut through the noise to highlight threats like supply chain attacks and token abuse.
Link: www.nextron-systems.com/2025/02/03/c...
#CyberSecurity #SupplyChain #Infosec
🗞️ Don't miss Nextron Systems' latest piece: 'Cyber Security 2025: Practical Trends Beyond the Hype.'
They cut through the noise to highlight threats like supply chain attacks and token abuse.
Link: www.nextron-systems.com/2025/02/03/c...
#CyberSecurity #SupplyChain #Infosec