Heard of bulletproof hosting? This refers to service providers who will host any and all kinds of malicious content. You don't want to see any traffic to or from these service providers. One of the worst (and most documented) is Proton66. I highly recommend you block all of their IP address ranges.

Their IP ranges are available here:
https://ipinfo.io/AS198953

An article about some of their malicious hosted content courtesy of @DomainTools is available here:
https://dti.domaintools.com/proton66-where-to-find-aspiring-hackers/

How does a cyber threat group evolve from imitation to innovation?

An espionage-focused hacking group with links to Pakistan, identified as SideCopy—a sub-group within APT36 (Transparent Tribe)—has expanded its operations in India with a more refined toolkit and a broader victim profile. According to SEQRITE, their recent campaigns have moved beyond traditional targets like defense or maritime sectors to now include Indian ministries responsible for railways, oil and gas, and external affairs.

This shift is not just in targets but also tactics. The group has stopped relying on HTA files and now uses Microsoft Installer (MSI) packages for initial malware delivery. This change likely reflects an attempt to bypass growing detection rates associated with older techniques. These MSI files are often disguised as legitimate documents—like holiday schedules or security guidelines—and delivered via phishing emails.

Technically, the group relies on a mix of open-source remote access trojans (RATs) like Spark RAT and Xeno RAT, which have been modified to serve specific campaign needs. Spark RAT is cross-platform, while Xeno RAT has been customized using basic obfuscation methods. A key highlight is the emergence of CurlBack RAT, a previously undocumented Windows-based tool with advanced capabilities: system reconnaissance, command execution, file downloads, privilege escalation, and user enumeration.

SideCopy makes use of multiple post-exploitation methods including DLL side-loading, reflective payload loading, and AES-encrypted PowerShell scripts. They're also drawing from other known tools—borrowing features such as browser data theft from AsyncRAT, and using Cheex to extract images and documents.

Overall, the group’s progression reflects a maturing operation that integrates reused code, custom malware, and targeted social engineering to conduct surveillance and data theft at scale.

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

Kubernetes Goat is a deliberately vulnerable Kubernetes cluster for hands-on security learning. From container escapes to RBAC misconfigurations, it’s packed with scenarios to explore real-world vulnerabilities in a safe environment. #Kubernetes #CloudSecurity

Project link on #GitHub https://github.com/madhuakula/kubernetes-goat

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

True or False?

"Blue team security is 90% influencing."

New Open-Source Tool Spotlight

The "Damn Vulnerable MCP Server" is a deliberately vulnerable implementation of the Model Context Protocol (MCP), designed for educational use. It includes 10 challenges that highlight specific security flaws, from prompt injection to multi-vector attacks. A hands-on tool for security researchers learning to secure MCP in LLM contexts. #Cybersecurity #AI

Project link on #GitHub https://github.com/harishsg993010/damn-vulnerable-MCP-server

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

WinPwn simplifies internal Windows penetration testing by automating reconnaissance and exploitation through PowerShell. Features include domain recon, privilege escalation, Kerberoasting, UAC bypasses, and proxy-aware scripting. Also works offline with `Offline_Winpwn.ps1`. #cybersecurity #pentesting

Project link on #GitHub https://github.com/S3cur3Th1sSh1t/WinPwn

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

PAYGoat is a deliberately vulnerable banking app designed to explore business logic flaws like BOLAC, race conditions, and balance tampering. A hands-on tool for researchers, pen testers, and devs studying secure backend design. #AppSec #CyberSecurity

Project link on #GitHub https://github.com/stuxctf/PAYGoat

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

Weren't we just talking about defenses for GenAI and whatnot? Huh. Wonder if LlamaFirewall is endorsed by @jerry ...

https://ai.meta.com/blog/ai-defenders-program-llama-protection-tools/

New Open-Source Tool Spotlight

AggressorScripts is a curated collection of .cna scripts enhancing Cobalt Strike's functionality. From Beacon-to-Empire migrations to Slack notifications for new Beacons, it’s packed with Red Team utilities. Highlights: OPSEC profiles, mimikatz automation, and stale beacon alerts. #RedTeam #CobaltStrike

Project link on #GitHub https://github.com/bluscreenofjeff/AggressorScripts

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

angr is a Python-based framework for binary analysis, spanning capabilities like symbolic execution, control-flow analysis, and decompilation. Ideal for CTF challenges and reverse engineering tasks. #binaryanalysis #reverseengineering

Project link on #GitHub https://github.com/angr/angr

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

GOAD (Game of Active Directory) by Orange-Cyberdefense is a lab for pentesting Active Directory environments. With multiple configurations like GOAD-Mini and SCCM labs, it helps security professionals practice AD attack techniques. Caution: Designed for isolated lab use only. #ActiveDirectory #Cybersecurity

Project link on #GitHub https://github.com/Orange-Cyberdefense/GOAD

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

Independent Bookstore Day - happy that all of my books are available on Bookshop.org, which supports local bookstores, thus:

https://bookshop.org/contributors/mike-sheward

Found the assumed breach pen test box and downed the port, then was told to bring it back up so they could continue. Briefly considered applying the following config for #blueteam revenge

mtu 1492
duplex half
speed 100
flowcontrol receive on
flowcontrol send off
power efficient-ethernet auto

New Open-Source Tool Spotlight

Mapping your threat-hunting workflows to the MITRE ATT&CK framework? Check out olafhartong's ThreatHunting Splunk app. With 130+ reports and dashboards, it simplifies hunting while integrating Sysmon data for deep insights. Requires tuning for best results. #ThreatHunting #MITREATTACK

Project link on #GitHub https://github.com/olafhartong/ThreatHunting

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

Scopify is a Python-based recon tool for pentesters, leveraging `netify.ai` to analyze CDNs, hosting, and SaaS infra of target companies. Optional OpenAI integration adds AI-guided insights for deeper testing. Built by @Jhaddix & Arcanum-Sec. #CyberSecurity #BugBounty

Project link on #GitHub https://github.com/Arcanum-Sec/Scopify

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking