To take part in the capture the flag competition by Hackeriet, go to https://bv25ctf.hackeriet.no and join in at the fun! The registration code is "braaainz".
To take part in the capture the flag competition by Hackeriet, go to https://bv25ctf.hackeriet.no and join in at the fun! The registration code is "braaainz".
i'm capturing the flag #ctf at #bsidespgh. and eating a sumptuous lunch here at the casino. thanks, bsidespgh.com sponsors!
New Open-Source Tool Spotlight
Scrapling is redefining Python web scraping. Adaptive, stealthy, and fast, it can bypass anti-bot measures while auto-tracking changes in website structure. A standout: 4.5x faster than AutoScraper for text-based extractions. #Python #WebScraping
Project link on #GitHub
https://github.com/D4Vinci/Scrapling
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking
#Apple presents how it will charge developers who distribute their apps without Apple's involvement (outside the AppStore) with a new fee, the #CTC (yes, it's just a renamed #CTF Core Technology Fee).
IMHO no world in which Apple remains a #gatekeeper over which code people run on their devices and, worse, demands money for it, cannot be compatible with the #DigitalMarketAct.
Challenge Spotlight: AIS Sudden Death
At DEFCON 33’s Maritime Hacking Village, satellite comms are down, and spoofed AIS signals are your only clue. One ship is real. One’s a trap. Choose right or sink trying.
5 rounds. Zero forgiveness. Can you spot the spoof?
#DEFCON33 #CTF #MaritimeHacking #AIS #CyberSecurity #InfoSec @defcon
CTF ANNOUNCEMENT: Maritime Hacking Village at DEF CON 33
Join the fight to lift the digital blockade on Isla Hexa in MHV's premiere CTF featuring real AI-controlled unmanned watercraft, port crane systems, a narco-smuggling vessel confiscated by the feds, and much more!
Come test your skills in the most ambitious, cross-domain village CTF at DEF CON yet.
Details: https://maritimehackingvillage.com/ctf
#DEFCON #DC33 #MaritimeSecurity #CTF #DEFCONVillages #Hacking #Cybersecurity @defcon
CTF ANNOUNCEMENT: Maritime Hacking Village at DEF CON 33
Join the fight to lift the digital blockade on Isla Hexa in MHV's premiere CTF featuring real AI-controlled unmanned watercraft, port crane systems, a narco-smuggling vessel confiscated by the feds, and much more!
Come test your skills in the most ambitious, cross-domain village CTF at DEF CON yet.
Details: https://maritimehackingvillage.com/ctf
#DEFCON #DC33 #MaritimeSecurity #CTF #DEFCONVillages #Hacking #Cybersecurity @defcon
Hey, I'd like to share the best talks/papers/videos/tools/CTF challenges I encountered in 2025 H1.
This is the official "Cryptax Award 2025 H1" (lol). Congratulations to those of you on the list!
https://medium.com/@txrattler/dont-call-it-training-if-you-ve-hidden-the-keys-92d157219869
Grinding CTFs lately. Here's the truth:
If I'm trying to get into cyber to make a living, the keys shouldn't be hidden.
CTFs aren't training—they're filtering. No hints, no structure, just “guess what I’m thinking.”
That’s not teaching. That’s gatekeeping.
New Open-Source Tool Spotlight
Kubernetes History Inspector (KHI) is an agentless log viewer built for visualizing Kubernetes audit logs. Its timeline-based log analysis and resource relationship diagrams simplify cluster troubleshooting—no complex setups or commands required. #Kubernetes #Observability
Project link on #GitHub
https://github.com/GoogleCloudPlatform/khi
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking
New Open-Source Tool Spotlight
Pocket ID is an OIDC provider simplifying authentication with passkeys. No passwords. Think secure logins using Yubikeys or biometrics. Lightweight compared to Keycloak or Hydra and ideal for focused use cases. Built for Docker setups. #Passkeys #OIDC
Project link on #GitHub
https://github.com/pocket-id/pocket-id
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking
New Open-Source Tool Spotlight
tfmcp simplifies Terraform management by letting AI assistants like Claude Desktop handle config, plans, and state via the Model Context Protocol (MCP). Built with Rust, it offers robust security, Docker support, and detailed analysis. #Terraform #DevOps
Project link on #GitHub
https://github.com/nwiizo/tfmcp
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking
Still finding my footing in this space.
Been working through high-difficulty geolocation challenges solo — learning a lot, failing a lot, tracking until something clicks.
Not sure who else works like this — patient, slow, detail-first.
If you're out there, I’d value knowing. Even just to follow along.
https://medium.com/@txrattler/from-handle-to-human-solo-osint-profiling-with-free-tools-68f5672f94ca
Weekly OSINT Download – May 27
Signals tracked. Tools tested. Gaps closed.
Applied Recon:
Practiced identity profiling from minimal data: usernames, metadata, old accounts.
Refined solo background check flow — efficient, client-ready, no fluff.
Geolocation drills: worked image verification and failed trails to sharpen instinct and exit discipline.
Began longform narrative analysis — tracking how pacing and structure shape viewer retention and emotional targeting.
Signal Shaping:
Studied why 20-min, 3-arc formats dominate high-retention media.
Logged passive audio elements as ambient framing tools.
Tuned voice delivery for clarity and precision — applied to case narration and info drops.
In Progress:
CTF prep: US Cyber Games open soon.
Building quiet authority — showing work through process, not hype.
Laying down content as proof-of-skill, not just noise.
OSIRIS, the student-run #cybersecurity research lab at NYU, is seeking #challenge writers for our upcoming CSAW #CTF later this year! (For those who don't know CSAW, it's one of the largest student-run #cybersec events in the world: https://csaw.io ) Web, #ReverseEngineering, #pwn, and #cryptography challenges are prioritized, and all experience levels welcome. Interested? Shoot me a DM or email osiris@osiris.cyber.nyu.edu.
New Open-Source Tool Spotlight
CVEMap by ProjectDiscovery simplifies vulnerability intelligence with a CLI tool that maps CVEs to EPSS, KEV, CPE, GitHub PoCs, and more. Customizable filters, JSON output, and integration-ready. Requires Go 1.21. #cybersecurity #opensource
Project link on #GitHub
https://github.com/projectdiscovery/cvemap
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking
What happens when a single Go module can wipe your entire Linux system?
Researchers have uncovered three malicious Go packages that, once installed, can render a Linux machine completely unbootable. These modules—`prototransform`, `go-mcp`, and `tlsproxy`—were hosted on GitHub and disguised as legitimate open-source tools. What sets them apart isn’t just the malware, but how it’s delivered: hidden in obfuscated code that quietly checks if the OS is Linux, then downloads a shell script using `wget`. That script doesn’t just corrupt the system—it zeroes out `/dev/sda`, the primary disk, erasing all data beyond recovery.
These aren't isolated incidents. A parallel wave of threats has hit JavaScript and Python ecosystems too. Several npm packages—such as `crypto-encrypt-ts` and `userbridge-paypal`—were found stealing cryptocurrency wallet seed phrases and exfiltrating private keys. Meanwhile, other PyPI packages like `web3x` and `herewalletbot` targeted similar data and have already been downloaded over 6,800 times.
More concerning, another group of seven PyPI packages communicated through Gmail’s SMTP servers and WebSockets to exfiltrate data and enable remote command execution. Using hardcoded Gmail credentials, they sent success notifications back to attackers and opened persistent channels for control. Since Gmail traffic often bypasses scrutiny from corporate firewalls and endpoint protection systems, these packages operated with minimal detection.
The recurring theme here is trust—developers importing open-source packages assume some degree of safety if a library has been around or appears well-maintained. But attackers are exploiting that assumption, embedding silent functionality behind familiar names and benign-looking codebases.
Defensive practices matter. Teams should scrutinize dependency trees, validate GitHub sources, monitor for unusual outbound connections—including SMTP—and treat every third-party library as a potential threat vector, regardless of its age or download count. Ignoring this risk is no longer viable.
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking
Compétition Capture The Flag - SecureIT
https://fsm.rnu.tn/fra/articles/4908/competition-capture-the-flag---secureit
New Open-Source Tool Spotlight
Scopify is a Python-based recon tool for pentesters, leveraging `netify.ai` to analyze CDNs, hosting, and SaaS infra of target companies. Optional OpenAI integration adds AI-guided insights for deeper testing. Built by @Jhaddix & Arcanum-Sec. #CyberSecurity #BugBounty
Project link on #GitHub
https://github.com/Arcanum-Sec/Scopify
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking