Want to master Linux Kernel Exploitation?

Check out https://github.com/Gr3ytrac3/linux-kernel-exploitation — a curated arsenal of exploits, labs, write-ups & fuzzing tools.

From Dirty Pipe to modern bypasses
Credits: @andreyknvl

Challenge Spotlight: AIS Sudden Death

At DEFCON 33’s Maritime Hacking Village, satellite comms are down, and spoofed AIS signals are your only clue. One ship is real. One’s a trap. Choose right or sink trying.

5 rounds. Zero forgiveness. Can you spot the spoof?

#DEFCON33 #CTF #MaritimeHacking #AIS #CyberSecurity #InfoSec @defcon

CTF ANNOUNCEMENT: Maritime Hacking Village at DEF CON 33

Join the fight to lift the digital blockade on Isla Hexa in MHV's premiere CTF featuring real AI-controlled unmanned watercraft, port crane systems, a narco-smuggling vessel confiscated by the feds, and much more!

Come test your skills in the most ambitious, cross-domain village CTF at DEF CON yet.

Details: https://maritimehackingvillage.com/ctf

#DEFCON #DC33 #MaritimeSecurity #CTF #DEFCONVillages #Hacking #Cybersecurity @defcon

CTF ANNOUNCEMENT: Maritime Hacking Village at DEF CON 33

Join the fight to lift the digital blockade on Isla Hexa in MHV's premiere CTF featuring real AI-controlled unmanned watercraft, port crane systems, a narco-smuggling vessel confiscated by the feds, and much more!

Come test your skills in the most ambitious, cross-domain village CTF at DEF CON yet.

Details: https://maritimehackingvillage.com/ctf

#DEFCON #DC33 #MaritimeSecurity #CTF #DEFCONVillages #Hacking #Cybersecurity @defcon

What is a CTF? What makes our CTF different and why does it matter?

Check out Danny, one of the technical minds behind the creation our CTF: Code Crimson.

Can't wait to see you all #defcon33 @defcon

Two countries, one week, and so many amazing humans!

I just flapped my way through BSidesLuxembourg and BSidesLeeds — and wow, what an incredible adventure! From hallway hacks to powerhouse talks, from café chats to deep dives into security nerdery, I made a whole flock of new friends (and possibly a few suspicious dance circles...).

Massive shout out to the fabulous teams who pulled it all together with style, sparkle, and serious skill!! Your hard work makes this community soar.

And of course, none of this would be possible without my human @rnbwkat who made sure I didn’t get tangled in badge lanyards or accidentally enroll in a #CTF team named “The Beaked Bandits.”

#BSidesLuxembourg #BSidesLeed @bsidesleeds @BSidesLuxembourg #CyberSecurity

New Open-Source Tool Spotlight

gVisor: a user-space application kernel designed for container isolation. It mimics a Linux kernel interface while being written in Go for memory safety, running in user space. Ideal for sandboxing workloads in Docker or Kubernetes. #Containers #Sandbox

Project link on #GitHub https://github.com/google/gvisor

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

Kubernetes History Inspector (KHI) is an agentless log viewer built for visualizing Kubernetes audit logs. Its timeline-based log analysis and resource relationship diagrams simplify cluster troubleshooting—no complex setups or commands required. #Kubernetes #Observability

Project link on #GitHub https://github.com/GoogleCloudPlatform/khi

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

tfmcp simplifies Terraform management by letting AI assistants like Claude Desktop handle config, plans, and state via the Model Context Protocol (MCP). Built with Rust, it offers robust security, Docker support, and detailed analysis. #Terraform #DevOps

Project link on #GitHub https://github.com/nwiizo/tfmcp

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

Pre-planning for 2026.

We would like to offer a #CTF at #BSidesLuxembourg2026.

Who would like to volunteer to help build it?

/Your BSidesLux team

MetaCTF has joined with BSides Saskatoon again to be our official CTF Partner!

With their generous sponsorship, we're able to hold a CTF for all your hacking needs at the conference.

They have an amazing, user friendly, CTF platform that breaks down complex cybersecurity concepts into engaging challenges that simulate real world scenarios.

We're so gracious that they agreed to sponsor BSides Saskatoon again in 2025 as our official CTF Partner!

OSIRIS, the student-run #cybersecurity research lab at NYU, is seeking #challenge writers for our upcoming CSAW #CTF later this year! (For those who don't know CSAW, it's one of the largest student-run #cybersec events in the world: https://csaw.io ) Web, #ReverseEngineering, #pwn, and #cryptography challenges are prioritized, and all experience levels welcome. Interested? Shoot me a DM or email osiris@osiris.cyber.nyu.edu.

New Open-Source Tool Spotlight

CVEMap by ProjectDiscovery simplifies vulnerability intelligence with a CLI tool that maps CVEs to EPSS, KEV, CPE, GitHub PoCs, and more. Customizable filters, JSON output, and integration-ready. Requires Go 1.21. #cybersecurity #opensource

Project link on #GitHub https://github.com/projectdiscovery/cvemap

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

Membros do GELOS participaram da CTF de qualificação para a DEF CON 33, conseguindo a melhor posição já conquistada pelo Brasil no evento!

https://gelos.club/2025/05/07/dcquals2025.html

What happens when a single Go module can wipe your entire Linux system?

Researchers have uncovered three malicious Go packages that, once installed, can render a Linux machine completely unbootable. These modules—`prototransform`, `go-mcp`, and `tlsproxy`—were hosted on GitHub and disguised as legitimate open-source tools. What sets them apart isn’t just the malware, but how it’s delivered: hidden in obfuscated code that quietly checks if the OS is Linux, then downloads a shell script using `wget`. That script doesn’t just corrupt the system—it zeroes out `/dev/sda`, the primary disk, erasing all data beyond recovery.

These aren't isolated incidents. A parallel wave of threats has hit JavaScript and Python ecosystems too. Several npm packages—such as `crypto-encrypt-ts` and `userbridge-paypal`—were found stealing cryptocurrency wallet seed phrases and exfiltrating private keys. Meanwhile, other PyPI packages like `web3x` and `herewalletbot` targeted similar data and have already been downloaded over 6,800 times.

More concerning, another group of seven PyPI packages communicated through Gmail’s SMTP servers and WebSockets to exfiltrate data and enable remote command execution. Using hardcoded Gmail credentials, they sent success notifications back to attackers and opened persistent channels for control. Since Gmail traffic often bypasses scrutiny from corporate firewalls and endpoint protection systems, these packages operated with minimal detection.

The recurring theme here is trust—developers importing open-source packages assume some degree of safety if a library has been around or appears well-maintained. But attackers are exploiting that assumption, embedding silent functionality behind familiar names and benign-looking codebases.

Defensive practices matter. Teams should scrutinize dependency trees, validate GitHub sources, monitor for unusual outbound connections—including SMTP—and treat every third-party library as a potential threat vector, regardless of its age or download count. Ignoring this risk is no longer viable.

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

From Vibe Coding to Vibe Decoding
Using AI to decompile a binary and reverse engineer functions including S-boxes.

https://c.mov/nfuncs-agent/

New Open-Source Tool Spotlight

Google's GRR (GRR Rapid Response) is an open-source framework for remote live forensics and incident response. It allows security teams to investigate systems at scale without interrupting operations. Used for data collection, analysis, and hunting. #CyberSecurity #DFIR

Project link on #GitHub https://github.com/google/grr

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking