New Open-Source Tool Spotlight

TheHive is an open-source incident response platform designed to help teams investigate and manage cybersecurity incidents efficiently. It integrates with tools like MISP for threat intelligence sharing and supports automation through APIs. #CyberSecurity #IncidentResponse

Project link on #GitHub https://github.com/TheHive-Project/TheHive

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

Some of my colleagues at #AWS have created an open-source serverless #AI assisted #threatmodel solution. You upload architecture diagrams to it, and it uses Claude Sonnet via Amazon Bedrock to analyze it.

I'm not too impressed with the threats it comes up with. But I am very impressed with the amount of typing it saves. Given nothing more than a picture and about 2 minutes of computation, it spits out a very good list of what is depicted in the diagram and the flows between them. To the extent that the diagram is accurate/well-labeled, this solution seems to do a very good job writing out what is depicted.

I deployed this "Threat Designer" app. Then I took the architecture image from this blog post and dropped that picture into it. The image analysis produced some of the list of things you see attached.

This is a specialized, context-aware kind of OCR. I was impressed at boundaries, flows, and assets pulled from a graphic. Could save a lot of typing time. I was not impressed with the threats it identifies. Having said that, it did identify a handful of things I hadn't thought of before, like EventBridge event injection. But the majority of the threats are low value.

I suspect this app is not cheap to run. So caveat deployor.
#cloud #cloudsecurity #appsec #threatmodeling

https://github.com/UseAlloy/customizing-config-remediation-notifications #cloudsecurity

New Open-Source Tool Spotlight

APTSimulator is a tool for security teams to simulate advanced persistent threat (APT) behavior in a controlled environment. It uses batch scripts to mimic common attack techniques, like privilege escalation or ransomware actions, without real payloads. Useful for testing detection rules. #CyberSecurity #ThreatSimulation

Project link on #GitHub https://github.com/NextronSystems/APTSimulator

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

Velociraptor is an advanced DFIR (Digital Forensics and Incident Response) tool. It focuses on endpoint monitoring, hunting, and data collection using flexible artifact-based queries. Its scripting language, VQL, allows custom queries tailored for specific investigations. #DigitalForensics #CyberSecurity

Project link on #GitHub https://github.com/Velocidex/velociraptor

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

Oracle customers confirm threat actor's data samples as authentic after Oracle denied a breach of its Cloud servers. #OracleBreach #Cybersecurity #DataBreach #CloudSecurity #Infosec #Oracle #Hacking #ThreatActor #CyberThreats #SecurityNews #TechNews

New Open-Source Tool Spotlight

Rubeus is a post-exploitation tool for Kerberos-related tasks on Windows. It supports ticket extraction, pass-the-ticket attacks, ticket forging, and more. A powerful choice for understanding and simulating Kerberos security flaws.

#CyberSecurity #Kerberos #RedTeam

Project link on #GitHub https://github.com/GhostPack/Rubeus

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

Oracle Cloud Breach Alert

6 million records exposed, placing 140,000 businesses at risk. This significant security breach highlights the urgency for robust data protection measures.

Stay informed, stay protected.

Learn more via the link https://bit.ly/420w8Zy and Join our channel for in-depth insights: https://discord.gg/c9JaJAb6

New Open-Source Tool Spotlight

Blacksmith is a cloud-native adversary simulation tool that scales offensive testing in Azure. It’s built to automate simulation setups, leveraging Azure services like Sentinel for detection validation. Useful for red teaming and continuous security improvement.

#ThreatHunting #AzureSecurity

Project link on #GitHub https://github.com/OTRF/Blacksmith

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

Azure Sentinel is Microsoft's cloud-native SIEM tool. It integrates AI to detect threats, automate responses, and monitor logs across environments. Useful for hybrid clouds, it supports connectors for platforms like AWS, Office 365, and more. #CloudSecurity #SIEM

Project link on #GitHub https://github.com/Azure/Azure-Sentinel

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

Friendly reminder that if my blogs and tools and research, which I provide for free, are useful to you, I have a Ko-Fi page at https://ko-fi.com/cirriustech and I currently have a funding goal that would significantly improve my research capabilities.

I’ve incurred modest costs up until now but deeper dives require more cloud resources and licensing which also comes with minimum licence term commitments.

So if it’s ever been useful and continues to be, I’d love it for you to buy me a Ko-Fi ️

Thank you for your continued support and engagement!

New Open-Source Tool Spotlight

CrackMapExec is a post-exploitation tool for penetration testers. It automates tasks like credential validation, lateral movement, and Active Directory enumeration on Windows environments. Built on Python, it supports SMB, WinRM, and other protocols. Extremely useful for red team assessments. #CyberSecurity #PenTest

Project link on #GitHub https://github.com/byt3bl33d3r/CrackMapExec

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

This is kinda cool - my #Azure #SilentReaper vulnerability (that #Microsoft say is by design and is not a vulnerability) is now listed in the #CloudVulnDB #SecurityResearch —#CloudSecurity #KeyVault #LogicApps #CredentialTheft #Undetectable #SharingIsSecuring #WeAllWinTogether

https://www.cloudvulndb.org/azure-logic-apps-secrets-control-plane-exfiltration

This is kinda cool - my #Azure #VaultRecon vulnerability (that #Microsoft say is by design and is not a vulnerability) is now listed in the #CloudVulnDB #SecurityResearch —#CloudSecurity #KeyVault #Enumeration #SharingIsSecuring #WeAllWinTogether

https://www.cloudvulndb.org/azure-vault-recon-keyvault-secret-metadata-control-plane-exfiltration

New Open-Source Tool Spotlight

Log4Shell still has lingering risks. If you're managing Java apps, check out Log4shell-detector on GitHub. It scans for vulnerable Log4j usage with minimal setup. Regular audits help keep your environment secure. #cybersecurity #Log4Shell

Project link on #GitHub https://github.com/Neo23x0/log4shell-detector

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

Spring is here – and so is our Spring Sale!

From March 20 to 31, get 25%* off #Cryptomator and Cryptomator Hub!

No subscription, no hidden fees – just one-time encryption security for your cloud files.

Now only €14.99!*

Hurry! Offer ends on World Backup Day, March 31.

Learn more: https://cryptomator.org/blog/2025/03/20/spring-sale/?utm_source=mastodon&utm_medium=social&utm_campaign=spring-sale

*Discount and final price may vary by region.

TECH | CYBERSECURITY
Google Eyes $30B Wiz Acquisition

Google renews talks to acquire cloud security firm Wiz for ~$30B.
Wiz targets $1B in ARR by 2025; last valued at $16B in late 2024.
Regulatory concerns previously blocked the deal under Biden’s FTC.

New Open-Source Tool Spotlight

Sigma is a platform-independent framework to create security detections in a unified and structured way. Write rules once, convert them into formats like Splunk, Elastic, or SIEM-specific queries. It's a must-have for blue teams aiming for consistency and reuse. #Cybersecurity #ThreatHunting

Project link on #GitHub https://github.com/Neo23x0/sigma

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

DataDog's KubeHound is a tool that queries Kubernetes clusters and surfaces Pod Security Standard violations. It works by analyzing a cluster against best practices with minimal setup. Useful for teams focused on securing their workloads in Kubernetes environments. #Kubernetes #CyberSecurity

Project link on #GitHub https://github.com/DataDog/KubeHound

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

Hey everyone, does this sound familiar? You install a Python package and suddenly feel like you've been robbed blind?

Right now, there's a nasty campaign going on targeting PyPI, and it's misusing "time" utilities to swipe cloud credentials. Get this – it's already had over 14,000 downloads! The malware hides in packages that are *supposed* to just check the time. But instead, they're snatching cloud keys (AWS, Azure, the works) and sending them straight to the bad guys.

Honestly, it reminds me of a pentest we did where we *almost* missed a similar camouflage trick. Seriously creepy! So, heads up: Double-check your dependencies, run those scans, review your cloud configurations, and above all, be suspicious! And hey, just a friendly reminder: automated scans are no substitute for a manual pentest!

Have you run into anything similar? What tools are you using to beef up your security? Let's chat about it!