A methodology to formulate attack paths in a quiet manner using a back-to-basics approach. Originally presented at DEFCON/Red Team Village.

Training and fine tuning LLMs is an incredibly complex process, but thanks to different libraries and frameworks we can easily find our own data and fine tune open source models like Llama 3.1. This talk will be the story of how I scraped Telegram channels operated by threat actors

Offensive Security War Stories: How to Prep & Plan for Red Team EngagementsJoin us for an evening of sharing tips, tricks, and real-life experiences from Red Team engagements.Eventbrite Come join us for an evening of sharing war stories and strategies from Red Team engagements on November 19, 2024 from

Zero Trust was created by John Kindervag in 2010 while he was a principal analyst at Forrester Research. It emphasizes 'never trust, always verify,' regardless of whether the request comes from inside or outside the network.Notably, incidents like Operation Aurora and Google's development of BeyondCorp

As the Offensive Security Team, we do our best to fly below the radar on penetration testing engagements. But yes, sometimes we get caught! Here's the top three things that get us busted. 1. Heuristic Analysis in EDR - Jim from Accounting doesn't have a use

There were over 400 M&A Cybersecurity deals in 2023. We're out of the growth phase of the industry lifecycle and into the maturation phase. This is a good thing right? Possibly.. Research has shown that when an industry enters the maturity phase and consolidation begins, innovation

Microsoft recently announced their AI Recall feature for Windows 11. It creates a timeline that lets you search past interactions on your device. It's a goldmine for attackers and here's why. Microsoft says, "With Recall, you have an explorable timeline of your PC’s past.

You might remember the Play ransomware crew from when they took down the city of Oakland... They have been very active since their emergence in June of 2022, targeting a wide range of businesses and critical infrastructure in North America, South America, Europe, and Australia. In October of 2023, the

The lockbit drama continues. Yesterday law enforcement resurrected one of the groups darkweb sites to tease forthcoming updates from the US and UK. Updates appear to include the real identity of the lockbit admin, lockbitsupp. And other ominous post titles like "What have we been up to?" show