Profile avatar
gzobra.bsky.social
Previously Blue team, now more on the Threat Intel side and interested by OSINT. Learning ARM reverse engineering for fun. Books and Music when possible. Opinions are my own. Reposts are not endorsements.
24 posts 39 followers 195 following
Regular Contributor
Conversation Starter
Posts 29 Comments 19

"Headless browsers" accounted for 30% of all DDoS attacks last year? Ha? That's new! blog.kybervandals.com/state-of-ddo...

submitted 12 days ago • 2 comments

We discover 119 vulnerabilities in LTE/5G core infrastructure, each of which can result in persistent denial of cell service to an entire metropolitan area or city and some of which can be used to remotely compromise and access the cellular core. https://cellularsecurity.org/ransacked

submitted 12 days ago • 0 comments

Need to hack thousands of AWS customers? What about on internal AWS systems? Datadog Security Research found that a number of tools, including one published by AWS, are susceptible to name confusion attacks, leading to RCE in vulnerable environments! securitylabs.datadoghq.com/articles/who...

submitted 19 days ago • 1 comment

Radare conf material, #reverseengineering #infosec #r2 radare.org/con/2024/

submitted 107 days ago • 0 comments

@hrbrmstr.dev I though free speech was very important in US because it is in the US constitution, as the First Amendment. Is it the start of the end ?

submitted 25 days ago • 1 comment

Here it is: your complete guide to building a Wireguard network that doesn't require any open ports at home, and doesn't require any third-party tools. Just Wireguard, your devices, and a little elbow grease. taggart-tech.com/wir...

submitted 32 days ago • 1 comment

The next blog in our #Kubernetes #Security fundamentals series is out now. This time we're taking a look at the world of network security! securitylabs.datadoghq.com/articles/kub...

submitted 34 days ago • 0 comments

Two years, 31 OSINT exercises, and over 300 walkthroughs later, I’m humbled by the knowledge, creativity, of the OSINT community ❤️ To celebrate I made it easier to share your walkthroughs, highlighted the best ones, and shared my top favourite. Read it all below: gralhix.com/2025/01/27/t...

submitted 36 days ago • 0 comments

Delighted to announce that I'll give a keynote talk at DIC Munich. Topic: Dissecting Emotion: The Hidden Layer of Influence in OSINT Sign up here: www.arina.ch/de/events/di... #DIC25 #DICMunich #osintforgood #OSINT #ShadowDragon @shadowdragonio.bsky.social

submitted 35 days ago • 1 comment

🌟New report out today!🌟 Cobalt Strike and a Pair of SOCKS Lead to LockBit Ransomware Analysis & reporting completed by @r3nzsec, @MyDFIR & @MittenSec. Audio: Available on Spotify, Apple, YouTube and more! thedfirreport.com/2025/01/27/c...

submitted 36 days ago • 1 comment

Je vous recommande de lire le tweet de Acanoa qui est en train de se taper la lecture du code source de Lucie. Lisez aussi les échanges en commentaire. x.com/_Akanoa_/sta...

submitted 36 days ago • 1 comment

Part 2 of @hotnops.bsky.social's blog series on Entra Connect attacker tradecraft has dropped! 🙌 Check out this installment to learn more fundamentals of the Entra sync engine & how to interpret the sync rules. ghst.ly/3WqAQO4

submitted 40 days ago • 0 comments

Insurance companies collect a lot of sensitive information—which makes them prime targets for a hack. How can they fight back? Read Kirsten Gibson's blog post on how companies can use Attack Path Management to stay secure. ghst.ly/4jqF1mV

submitted 39 days ago • 0 comments

December 2024 was the most active month on record for ransomware groups. Ransomware gangs have published over 570 victims on dark web leak sites, breaking all previous records. A new group named FunkSec was the most active threat actor. www.nccgroup.com/us/newsroom/...

submitted 40 days ago • 0 comments

MonitorsThree from HackTheBox, like Monitors and MonitorsTwo, starts with an instance of Cacti. This time I'll get creds from a different site, and abuse those to get RCE. For root, I'll abuse a CVE in Duplicati. In Beyond Root, I'll dig at port 8084

submitted 44 days ago • 0 comments

Why it is difficult to say what a tool does? 🤔 In Part 16 of his On Detection blog series, Jared Atkinson unpacks two examples demonstrating this problem and why it exists. ghst.ly/3C9uA6u

submitted 49 days ago • 0 comments

I've made an interactive list of #eBPF research papers. Only papers from the top academic conferences, including lots of papers on eBPF verification, kernel offloads, security analysis, etc. pchaigno.github.io/bpf/2025/01/... I plan to keep the list up-to-date.

submitted 55 days ago • 1 comment

It’s time to root for the Red Team (shell) underdog 📣 In our latest blog, Principal Security Consultant Oddvar Moe walks us through how to use WMIC as an alternative shell in a pinch. Read it now! trustedsec.com/blog/command...

submitted 48 days ago • 0 comments

I just finished our #shmoocon talk on container security. Here's my seccomp bpf disassembler and diffing tool. github.com/antitree/sec...

submitted 51 days ago • 0 comments

Telegram has banned the channels of several Russian state-run or controlled news orgs, such as RIA Novosti, Izvestia, Rossiya 1, Channel One, NTV, and Rossiyskaya Gazeta. The ban applies only in the EU, and the channels remain accessible across other countries. kyivindependent.com/telegram-blo...

submitted 61 days ago • 0 comments

A hot topic in the OT space lately has been whether it's better to stack multiple vendors' firewalls in environments. Here are our thoughts on this complex issue. https://www.dragos.com/blog/exploring-the-use-of-multi-vendor-firewalls-in-ot-network-security/

submitted 84 days ago • 8 comments

A few years ago, I wrote a book. It was the culmination of my most important posts and the stories behind them. Writing this book also helped keep me sane during insane times, and as of today, I'm giving it away for free 😊 www.troyhunt.com/pwned-the-bo...

submitted 88 days ago • 3 comments

At this year's #DEATHCon I was fortunate enough to present my workshop on #Kusto graph semantics. Now I release it for free to everybody. #KQL #Security #Kraph

submitted 88 days ago • 0 comments

Great article on ESC15 especially after you realise PKInit won't work to auth but there is a workaround supplied too. medium.com/@offsecdeer/...

submitted 109 days ago • 0 comments

My talk about (non-distributed) denial of service at OWASP Manchester is now online! #appsec youtu.be/watch?v=b2o4...

submitted 465 days ago • 1 comment

Bonjour @rancune.org Tes émissions twitch, c'est quel(s) soir(s) de la semaine dorénavant ? Je m'y perds depuis la rentrée (et j'en loupe du fait du $TAF) Merci

submitted 500 days ago • 1 comment

The other articles were still about Windows, first a blog about sedebugprivilege www.binarydefense.com/resources/bl... And to finish, a blog about MS Defender telemetry, not always easy medium.com/falconforce/... 2/2 Have a nice week-end

submitted 507 days ago • 0 comments

Some article that i really envoyed this week for #dfir #blueteam A serie about AD DACLn both from the offensive side and the detection side trustedsec.com/blog/a-hitch... trustedsec.com/blog/a-hitch... trustedsec.com/blog/a-hitch... There will be a last article to be published. 1/2

submitted 507 days ago • 0 comments

#introduction Hello, I am Gzobra French, European and cyber defense analyst. Was part of a blue team, now a Threat Intel analyst with a little bit of OSINT. Next step, Threat hunnting. Happy to meet you

submitted 514 days ago • 0 comments