Forwarded from Cyber Vanguard @ CTBE
Are you ready to join today and tomorrow's cybersecurity foot soldiers?
picoCTF-Africa 2026 is back! Bigger, better and upto 80 students to be awarded!
Join our picoCTF-Africa prep info session
📅 24 January
⏰ 11 am Rwanda time ( convert time to your own country )
⛓️💥 bit.ly/picoCTF2026
Registration for the CTF opens on 1 February 2026, so get ready.
Competition runs 9 - 19 March 2026
stay alert. protect your accounts. share this with a friend
https://www.instagram.com/p/DTxI73ZDAS2/?igsh=MWlzYWgwbTZ1c3UyMA==
picoCTF-Africa 2026 is back! Bigger, better and upto 80 students to be awarded!
Join our picoCTF-Africa prep info session
📅 24 January
⏰ 11 am Rwanda time ( convert time to your own country )
⛓️💥 bit.ly/picoCTF2026
Registration for the CTF opens on 1 February 2026, so get ready.
Competition runs 9 - 19 March 2026
stay alert. protect your accounts. share this with a friend
https://www.instagram.com/p/DTxI73ZDAS2/?igsh=MWlzYWgwbTZ1c3UyMA==
⚡3
fearsoff.org
Cloudflare Zero-day: Accessing Any Host Globally
Discover how a Cloudflare WAF bypass in /.well-known/acme-challenge/ exposed origins, its impact, and the fix. A must-read for security pros.
https://fearsoff.org/research/cloudflare-acme
so i was Just reading about logic bug in Cloudflare's ACME validation Found by Fearsoff .
when Cloudflare handles SSL cert challenges (/.well-known/acme-challenge/*), it turns off WAF so CAs can validate without interference but the old logic sometimes disabled WAF even for invalid tokens, letting malicious requests slip through to origin. smooth bypass path.
i also saw that Cloudflare posted about it Cloudflare blog
they patched it quick and they said that no evidence of exploitation so far,
( nah i dont believe that tho 🙄)
@AfroSec
so i was Just reading about logic bug in Cloudflare's ACME validation Found by Fearsoff .
when Cloudflare handles SSL cert challenges (/.well-known/acme-challenge/*), it turns off WAF so CAs can validate without interference but the old logic sometimes disabled WAF even for invalid tokens, letting malicious requests slip through to origin. smooth bypass path.
i also saw that Cloudflare posted about it Cloudflare blog
they patched it quick and they said that no evidence of exploitation so far,
@AfroSec
1⚡1🤔1🤯1
aight guys
one step forward always ✨
today i took the CRTA exam and passed uk it was a bit tricky at some point but i handled it 💪
through this cert i learned:
• Red Teaming
• Pentesting
• MITRE ATT&CK
• Web & Network Attacks
• Enterprise Tech
• Windows Security
• Adversary Simulation
• Red Team Methodologies
but look you gotta have a researcher mindset. you gotta explore beyond the course and the syslabs.
tbh i subscribed to this for the sake of infra, yk… for pivot and stuff like that.
anyway let's celebrate small wins here 🎉
thanks that you guys are here all the time.
like i said always one step forward
@AfroSec
one step forward always ✨
today i took the CRTA exam and passed uk it was a bit tricky at some point but i handled it 💪
through this cert i learned:
• Red Teaming
• Pentesting
• MITRE ATT&CK
• Web & Network Attacks
• Enterprise Tech
• Windows Security
• Adversary Simulation
• Red Team Methodologies
but look you gotta have a researcher mindset. you gotta explore beyond the course and the syslabs.
tbh i subscribed to this for the sake of infra, yk… for pivot and stuff like that.
anyway let's celebrate small wins here 🎉
thanks that you guys are here all the time.
like i said always one step forward
@AfroSec
3🔥26🎉3🏆2⚡1
Forwarded from Android Security & Malware
Android spyware campaign targeting users in Pakistan via romance scam tactics, revealing links to a broader spy operation
https://www.welivesecurity.com/en/eset-research/love-actually-fake-dating-app-used-lure-targeted-spyware-campaign-pakistan/
https://www.welivesecurity.com/en/eset-research/love-actually-fake-dating-app-used-lure-targeted-spyware-campaign-pakistan/
Welivesecurity
Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan
ESET researchers discover an Android spyware campaign targeting users in Pakistan via romance scam tactics, revealing links to a broader spy operation.
🤯3
the moment you find your passion, your goal, your path… life starts to feel lighter
Not because it’s easy but because it finally makes sense
People might look at you and say “Damn man , you’re doing too much”
But you don’t even feel the weight.
You’re already immersed.
You enjoy the struggle, every single part of it.
Others won’t always understand your vision they might call you a dreamer, delusional, unrealistic, but inside? You feel nothing but gratitude,You just keep thanking God for letting you see what they can’t yet 🙏
So keep pushing
Keep grinding
Don’t hold back
and nah, I’m not saying this because I’m some big successful person and u know am not
I’m saying it because I see it in myself, in my own life, that’s all
don’t get bored of me tho :)
love y’all ❤️
@AfroSec
Not because it’s easy but because it finally makes sense
People might look at you and say “Damn man , you’re doing too much”
But you don’t even feel the weight.
You’re already immersed.
You enjoy the struggle, every single part of it.
Others won’t always understand your vision they might call you a dreamer, delusional, unrealistic, but inside? You feel nothing but gratitude,You just keep thanking God for letting you see what they can’t yet 🙏
So keep pushing
Keep grinding
Don’t hold back
and nah, I’m not saying this because I’m some big successful person and u know am not
I’m saying it because I see it in myself, in my own life, that’s all
don’t get bored of me tho :)
love y’all ❤️
@AfroSec
❤20💯1
Forwarded from Buna Byte Cybersecurity
THE LONG AWAITED ANNOUNCEMENT IS HERE 🔥
The most intensive Cybersecurity training in Ethiopia BBJST Batch 04 is officially open for registration. 🛡💻
You’ve been asking for it. Now it’s here. This is your chance to stop being a spectator and start becoming a Junior Security Tester.
Why now?
✅ High-demand skill set
✅ Practical, lab-based learning
✅ Limited seats for maximum focus
Stop waiting for the "perfect time." The perfect time is now.
🚀 REGISTER BEFORE SLOTS FILL UP: 👉 bunabyte.com/bbjst
@bunabytecs
The most intensive Cybersecurity training in Ethiopia BBJST Batch 04 is officially open for registration. 🛡💻
You’ve been asking for it. Now it’s here. This is your chance to stop being a spectator and start becoming a Junior Security Tester.
Why now?
✅ High-demand skill set
✅ Practical, lab-based learning
✅ Limited seats for maximum focus
Stop waiting for the "perfect time." The perfect time is now.
🚀 REGISTER BEFORE SLOTS FILL UP: 👉 bunabyte.com/bbjst
@bunabytecs
🔥3❤2
I just built APTsearch a red-team–oriented search engine for APT groups & MITRE ATT&CK TTPs kinda MITRE ATT&CK lite lool :)
thanks to antigravity ofc 😅
MITRE is powerful… but let’s be real, it’s also confusing
APTsearch flips it into attacker logic.
🔍 Search APT groups
🧠 Explore their real-world TTPs
🤖 AI-assisted explanations (why attackers use a technique, how it fits the kill chain)
🧱 No backend static, hosted, clean
🔄 Data auto-refreshed every month
i will add kinda IOC soon like detection and mitigation thingy
so i built this as a red team / blue team / learning tool and as a portfolio-grade project
Would love feedback from yall
website :> APTsearch
@AfroSec
thanks to antigravity ofc 😅
MITRE is powerful… but let’s be real, it’s also confusing
APTsearch flips it into attacker logic.
🔍 Search APT groups
🧠 Explore their real-world TTPs
🤖 AI-assisted explanations (why attackers use a technique, how it fits the kill chain)
🧱 No backend static, hosted, clean
🔄 Data auto-refreshed every month
i will add kinda IOC soon like detection and mitigation thingy
so i built this as a red team / blue team / learning tool and as a portfolio-grade project
Would love feedback from yall
website :> APTsearch
@AfroSec
⚡15🔥3🎉2❤1
#redteam_yap
Have you heard about MOTW (Mark of the Web)?
aight let’s cook
MOTW is basically a trust badge Windows slaps on files that come from the internet.
Think of it as Windows saying:
> “yoo hold up bro, you’re a guest here ”
What’s really happening?
* MOTW is implemented using NTFS Alternate Data Streams (ADS)
* When a file is downloaded from the internet, Windows attaches metadata like:
- ZoneId
- Source URL
- Referrer info
- Most common case: ZoneId = 3 (Internet Zone)
there are 5 zones
ZoneId, Meaning
0 Local computer
1 Local intranet
2 Trusted sites
3 Internet (most common for downloads)
4 Restricted sites
Once that tag exists, Windows components start acting paranoid:
- 🛑 Microsoft SmartScreen
- 🛑 Microsoft Office (Protected View)
- 🛑 Other security-aware apps
Result?
Pop-ups like:
> “Are you _sure_ you want to open this file?”
> “This file came from an untrusted source.”
From an attacker’s perspective… yeah, that’s annoying 😏
😈 Attacker mindset: Okay, how do we blend in?
Since MOTW depends on ADS, the game becomes:
> Deliver the payload without inheriting ADS
Especially useful for multi-stage payloads, loaders, or initial access files.
and yup there are well-known, still-used ways to do this :)
This is gold for lateral movement and internal phishing 🎯
Real Threat Actors Using These Techniques
Groups known to abuse MOTW bypass paths:
- TA505
- APT38
- APT29
@AfroSec
Have you heard about MOTW (Mark of the Web)?
aight let’s cook
MOTW is basically a trust badge Windows slaps on files that come from the internet.
Think of it as Windows saying:
> “yoo hold up bro, you’re a guest here ”
What’s really happening?
* MOTW is implemented using NTFS Alternate Data Streams (ADS)
* When a file is downloaded from the internet, Windows attaches metadata like:
- ZoneId
- Source URL
- Referrer info
- Most common case: ZoneId = 3 (Internet Zone)
there are 5 zones
ZoneId, Meaning
0 Local computer
1 Local intranet
2 Trusted sites
3 Internet (most common for downloads)
4 Restricted sites
Once that tag exists, Windows components start acting paranoid:
- 🛑 Microsoft SmartScreen
- 🛑 Microsoft Office (Protected View)
- 🛑 Other security-aware apps
Result?
Pop-ups like:
> “Are you _sure_ you want to open this file?”
> “This file came from an untrusted source.”
From an attacker’s perspective… yeah, that’s annoying 😏
😈 Attacker mindset: Okay, how do we blend in?
Since MOTW depends on ADS, the game becomes:
> Deliver the payload without inheriting ADS
Especially useful for multi-stage payloads, loaders, or initial access files.
and yup there are well-known, still-used ways to do this :)
1. MOTW Evasion Techniques (Still Wildly Relevant) Container / Disk Image Formats
Examples:
- .iso
- .vhd
- .vhdx
- .img
Why this works:
- When mounted via Windows Explorer, files inside the virtual disk do NOT inherit MOTW
- Payload comes out looking “local” 👌
> Still abused heavily in real-world campaigns btw.
2. Physical Transfer / Internal Copy
- USB devices
- Copying from another internal machine
No browser → no ADS → no MOTW
Old-school, but effective.
3. Internal Email Attachments
- Payload archived (ZIP/RAR)
- Password-protected archive
- Sent from a compromised internal mailbox
> Even in modern Microsoft 365 environments (as of 2026):
> Internal emails do NOT apply MOTW by default
> Unless orgs explicitly enforce custom policies
This is gold for lateral movement and internal phishing 🎯
Real Threat Actors Using These Techniques
Groups known to abuse MOTW bypass paths:
- TA505
- APT38
- APT29
@AfroSec
✍3🔥2⚡1
Forwarded from Tech Nerd (Tech Nerd)
“Comparison is the thief of joy” is advice for people already in motion … not for those who haven’t started
@selfmadecoder
@selfmadecoder
🔥12❤2⚡1