Forwarded from Buna Byte Cybersecurity
THE LONG AWAITED ANNOUNCEMENT IS HERE 🔥
The most intensive Cybersecurity training in Ethiopia BBJST Batch 04 is officially open for registration. 🛡💻
You’ve been asking for it. Now it’s here. This is your chance to stop being a spectator and start becoming a Junior Security Tester.
Why now?
✅ High-demand skill set
✅ Practical, lab-based learning
✅ Limited seats for maximum focus
Stop waiting for the "perfect time." The perfect time is now.
🚀 REGISTER BEFORE SLOTS FILL UP: 👉 bunabyte.com/bbjst
@bunabytecs
The most intensive Cybersecurity training in Ethiopia BBJST Batch 04 is officially open for registration. 🛡💻
You’ve been asking for it. Now it’s here. This is your chance to stop being a spectator and start becoming a Junior Security Tester.
Why now?
✅ High-demand skill set
✅ Practical, lab-based learning
✅ Limited seats for maximum focus
Stop waiting for the "perfect time." The perfect time is now.
🚀 REGISTER BEFORE SLOTS FILL UP: 👉 bunabyte.com/bbjst
@bunabytecs
🔥3❤2
I just built APTsearch a red-team–oriented search engine for APT groups & MITRE ATT&CK TTPs kinda MITRE ATT&CK lite lool :)
thanks to antigravity ofc 😅
MITRE is powerful… but let’s be real, it’s also confusing
APTsearch flips it into attacker logic.
🔍 Search APT groups
🧠 Explore their real-world TTPs
🤖 AI-assisted explanations (why attackers use a technique, how it fits the kill chain)
🧱 No backend static, hosted, clean
🔄 Data auto-refreshed every month
i will add kinda IOC soon like detection and mitigation thingy
so i built this as a red team / blue team / learning tool and as a portfolio-grade project
Would love feedback from yall
website :> APTsearch
@AfroSec
thanks to antigravity ofc 😅
MITRE is powerful… but let’s be real, it’s also confusing
APTsearch flips it into attacker logic.
🔍 Search APT groups
🧠 Explore their real-world TTPs
🤖 AI-assisted explanations (why attackers use a technique, how it fits the kill chain)
🧱 No backend static, hosted, clean
🔄 Data auto-refreshed every month
i will add kinda IOC soon like detection and mitigation thingy
so i built this as a red team / blue team / learning tool and as a portfolio-grade project
Would love feedback from yall
website :> APTsearch
@AfroSec
⚡15🔥3🎉2❤1
#redteam_yap
Have you heard about MOTW (Mark of the Web)?
aight let’s cook
MOTW is basically a trust badge Windows slaps on files that come from the internet.
Think of it as Windows saying:
> “yoo hold up bro, you’re a guest here ”
What’s really happening?
* MOTW is implemented using NTFS Alternate Data Streams (ADS)
* When a file is downloaded from the internet, Windows attaches metadata like:
- ZoneId
- Source URL
- Referrer info
- Most common case: ZoneId = 3 (Internet Zone)
there are 5 zones
ZoneId, Meaning
0 Local computer
1 Local intranet
2 Trusted sites
3 Internet (most common for downloads)
4 Restricted sites
Once that tag exists, Windows components start acting paranoid:
- 🛑 Microsoft SmartScreen
- 🛑 Microsoft Office (Protected View)
- 🛑 Other security-aware apps
Result?
Pop-ups like:
> “Are you _sure_ you want to open this file?”
> “This file came from an untrusted source.”
From an attacker’s perspective… yeah, that’s annoying 😏
😈 Attacker mindset: Okay, how do we blend in?
Since MOTW depends on ADS, the game becomes:
> Deliver the payload without inheriting ADS
Especially useful for multi-stage payloads, loaders, or initial access files.
and yup there are well-known, still-used ways to do this :)
This is gold for lateral movement and internal phishing 🎯
Real Threat Actors Using These Techniques
Groups known to abuse MOTW bypass paths:
- TA505
- APT38
- APT29
@AfroSec
Have you heard about MOTW (Mark of the Web)?
aight let’s cook
MOTW is basically a trust badge Windows slaps on files that come from the internet.
Think of it as Windows saying:
> “yoo hold up bro, you’re a guest here ”
What’s really happening?
* MOTW is implemented using NTFS Alternate Data Streams (ADS)
* When a file is downloaded from the internet, Windows attaches metadata like:
- ZoneId
- Source URL
- Referrer info
- Most common case: ZoneId = 3 (Internet Zone)
there are 5 zones
ZoneId, Meaning
0 Local computer
1 Local intranet
2 Trusted sites
3 Internet (most common for downloads)
4 Restricted sites
Once that tag exists, Windows components start acting paranoid:
- 🛑 Microsoft SmartScreen
- 🛑 Microsoft Office (Protected View)
- 🛑 Other security-aware apps
Result?
Pop-ups like:
> “Are you _sure_ you want to open this file?”
> “This file came from an untrusted source.”
From an attacker’s perspective… yeah, that’s annoying 😏
😈 Attacker mindset: Okay, how do we blend in?
Since MOTW depends on ADS, the game becomes:
> Deliver the payload without inheriting ADS
Especially useful for multi-stage payloads, loaders, or initial access files.
and yup there are well-known, still-used ways to do this :)
1. MOTW Evasion Techniques (Still Wildly Relevant) Container / Disk Image Formats
Examples:
- .iso
- .vhd
- .vhdx
- .img
Why this works:
- When mounted via Windows Explorer, files inside the virtual disk do NOT inherit MOTW
- Payload comes out looking “local” 👌
> Still abused heavily in real-world campaigns btw.
2. Physical Transfer / Internal Copy
- USB devices
- Copying from another internal machine
No browser → no ADS → no MOTW
Old-school, but effective.
3. Internal Email Attachments
- Payload archived (ZIP/RAR)
- Password-protected archive
- Sent from a compromised internal mailbox
> Even in modern Microsoft 365 environments (as of 2026):
> Internal emails do NOT apply MOTW by default
> Unless orgs explicitly enforce custom policies
This is gold for lateral movement and internal phishing 🎯
Real Threat Actors Using These Techniques
Groups known to abuse MOTW bypass paths:
- TA505
- APT38
- APT29
@AfroSec
✍3🔥2⚡1
Forwarded from Tech Nerd (Tech Nerd)
“Comparison is the thief of joy” is advice for people already in motion … not for those who haven’t started
@selfmadecoder
@selfmadecoder
🔥12❤2⚡1
whaaaat an actual fuck is this man 😢🤯🤯 like those ai chatbot and agent companies should really test their agents especially their RAG pipeline
i was just chatting wiz one chatbot and suddenly i got an idea to test it and when i does boom this happened, it reveals its code base with snippets lol :)
sorry for the image quality btw
@AfroSec
i was just chatting wiz one chatbot and suddenly i got an idea to test it and when i does boom this happened, it reveals its code base with snippets lol :)
sorry for the image quality btw
@AfroSec
🤯6👏2👀1
Forwarded from Sirack's Universe
Anthropic's Claude Code Security Wipes Billions Off Cybersecurity Stocks in a Single Afternoon | Awesome Agents
https://awesomeagents.ai/news/claude-code-security-cybersecurity-stocks-crash/
https://awesomeagents.ai/news/claude-code-security-cybersecurity-stocks-crash/
Awesome Agents
Anthropic's Claude Code Security Wipes Billions Off Cybersecurity Stocks in a Single Afternoon
Anthropic announced Claude Code Security, an AI tool that found 500+ vulnerabilities missed for decades in open-source code. Within hours, JFrog lost 25%, CrowdStrike dropped 8%, and the cybersecurity ETF hit its lowest since November 2023.
👀3😭1