New Open-Source Tool Spotlight

tfmcp simplifies Terraform management by letting AI assistants like Claude Desktop handle config, plans, and state via the Model Context Protocol (MCP). Built with Rust, it offers robust security, Docker support, and detailed analysis. #Terraform #DevOps

Project link on #GitHub https://github.com/nwiizo/tfmcp

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

Bunch of updates for the CTF/OSINT-related directory I was maintaining for myself. I haven't touched it in a while, outside of an odd entry here and there. But today I merged in a subset of social media links from r00m101, and added a dead link checking script so I can better keep an eye on the health of what's here. (Which also resulted in several getting removed.)

I tried to vet some of the new ones, but there may be some undesirable/broken entries lurking. I'll try to weed them out later.

https://github.com/Fortyseven/ctfpanel

Changelog:
- feat: removes completely outdated search syntax tab
- feat: adds a simple dead links checker
- chore: removes trailing comma
- fix: removes guif.re/linuxeop
- fix: removes FleetMon
- fix: removes broken "voters" links
- fix: removes Find My Facebook ID
- fix: updates twitter garbage
- fix: removes Botometer
- fix: removes SpyOnWeb
- fix: updates WordPress Vuln Database
- chore: cleanup hanging commas
- fix: zoomeye.org -> zoomeye.ai... sigh.
- feat: major social media OSINT update of selected entries from r00m101.com
- fix: browser sync issue
- chore: removes removed entry
- feat: adds osint.lolarchiver.com
- feat: removes Censys redundancy

New Open-Source Tool Spotlight

Groundhog by @ghuntley explains AI coding agents like Cursor from first principles. Built in Rust, it teaches the inner workings of coding assistants—perfect for learning or building your own. #AI #RustLang

Project link on #GitHub https://github.com/ghuntley/groundhog

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

Pre-planning for 2026.

We would like to offer a #CTF at #BSidesLuxembourg2026.

Who would like to volunteer to help build it?

/Your BSidesLux team

New Open-Source Tool Spotlight

Cortex by TheHive Project is a powerful open-source engine for observable analysis and active response. Supporting integration with MISP & TheHive, it offers 39+ analyzers to streamline DFIR tasks. Built using Scala, AngularJS, and Python for scalability. #CyberSecurity #DFIR

Project link on #GitHub https://github.com/TheHive-Project/Cortex

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

Cybersecurity Students — This One’s for You!

We're giving away a limited number of FREE entry passes to our CTF competition happening this Saturday, June 7, 16:30 – 20:30 UTC!

A great opportunity to test your skills, learn, and compete with others in the infosec community.

Professors/Teachers: Have interested students? DM us or get in touch!
Students: Drop a comment below for a chance to win free entry!

Register Here - https://dfirlabs.thedfirreport.com/ctf

New Open-Source Tool Spotlight

Sops encrypts secrets in YAML, JSON, ENV, or INI formats, ensuring encrypted leaf values while preserving file structure. Supported integrations include AWS KMS, GCP KMS, Azure Key Vault, age, and PGP. Edit files seamlessly, with automated encryption/decryption during save. #encryption #devops

Project link on #GitHub https://github.com/getsops/sops

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

We released new Pwndbg: https://github.com/pwndbg/pwndbg/releases/tag/2025.05.30 !

Among others it brings:
- New & improved kernel debugging commands (buddydump, msr, slab) and more x64 regs in context
- New command for dealing with armcm exceptions: dump-register-frame
- Disasm now shows an ✘ marker for emulated branches we know won't be taken
- Improved disasm for ARM, MIPS and LoongArch64 architectures
- Initial support for the IBM s390x architecture
- IDA sync integration fixes

And also cool portable one-liner installers:
$ curl -qsL 'https://install.pwndbg.re' | sh -s -- -t pwndbg-gdb
$ curl -qsL 'https://install.pwndbg.re' | sh -s -- -t pwndbg-lldb

Want to support us? Sponsor us at https://github.com/sponsors/pwndbg !

Day 1 of posting to social media until I get an offensive security research job

First, I’m going to start with what I know – Windows. I need to recreate what I had access to at Microsoft, so that starts by setting up a dev environment and finding a copy of Windows System Internals, perhaps the greatest resource for learning Windows out there. My expertise is in Windows and virtualization, so I’m going to make sure I master those areas.

Next, I don’t think I want to grind coding exercises, but I do need to shake the rust off my coding skills. I think I’m going to start with some HackTheBox challenges and find some CTFs to participate in.

Finally, my long overdue goal: learn Rust. I’m not sure if this will help immediately, as I could choose to improve my knowledge of Python. But Rust was getting more and more popular in the areas of Windows I was tasked with protecting, so I need to learn what all the fuss is about with regards to memory safety.

If anyone is on a similar journey, let’s hold each other accountable in the comments! I will be sure to document any write-ups at blog.maxrenke.com (work in progress).

New Open-Source Tool Spotlight

Google's MCP Security repo integrates various security solutions like Chronicle, GTI, SOAR, & SCC via Model Context Protocol servers. Flexible deployment options make it easy to adapt to diverse environments. Documentation is thorough—local Sphinx builds supported. #CyberSecurity #DevOps

Project link on #GitHub https://github.com/google/mcp-security

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

Still finding my footing in this space.

Been working through high-difficulty geolocation challenges solo — learning a lot, failing a lot, tracking until something clicks.

Not sure who else works like this — patient, slow, detail-first.

If you're out there, I’d value knowing. Even just to follow along.

MetaCTF has joined with BSides Saskatoon again to be our official CTF Partner!

With their generous sponsorship, we're able to hold a CTF for all your hacking needs at the conference.

They have an amazing, user friendly, CTF platform that breaks down complex cybersecurity concepts into engaging challenges that simulate real world scenarios.

We're so gracious that they agreed to sponsor BSides Saskatoon again in 2025 as our official CTF Partner!

New Open-Source Tool Spotlight

"Living off the Land" tactics are a core part of modern offensive and defensive cybersecurity. The GitHub repo 'Awesome LOLBins and Beyond' aggregates tools/resources like LOLBins, GTFOBins, and macOS LOOBins. Essential for red teams and threat hunters. #CyberSecurity #RedTeam

Project link on #GitHub https://github.com/sheimo/awesome-lolbins-and-beyond

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

https://medium.com/@txrattler/from-handle-to-human-solo-osint-profiling-with-free-tools-68f5672f94ca

Weekly OSINT Download – May 27
Signals tracked. Tools tested. Gaps closed.

Applied Recon:

Practiced identity profiling from minimal data: usernames, metadata, old accounts.

Refined solo background check flow — efficient, client-ready, no fluff.

Geolocation drills: worked image verification and failed trails to sharpen instinct and exit discipline.

Began longform narrative analysis — tracking how pacing and structure shape viewer retention and emotional targeting.

Signal Shaping:

Studied why 20-min, 3-arc formats dominate high-retention media.

Logged passive audio elements as ambient framing tools.

Tuned voice delivery for clarity and precision — applied to case narration and info drops.

In Progress:

CTF prep: US Cyber Games open soon.

Building quiet authority — showing work through process, not hype.

Laying down content as proof-of-skill, not just noise.

New Open-Source Tool Spotlight

Living Off the Land (LOL) techniques exploit legitimate tools for malicious purposes. This GitHub repo curates an impressive list of methods and resources attackers use across endpoints, cloud services, and more. Great for defenders seeking to enhance detection strategies. #Cybersecurity #Infosec

Project link on #GitHub https://github.com/danzek/awesome-lol-commonly-abused

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

Alright I added a line in my profile:

I have a decade of experience in Minetest CTF.

Maybe someone will employ me given my very high level of expertise.

New Open-Source Tool Spotlight

CVEMap by ProjectDiscovery simplifies vulnerability intelligence with a CLI tool that maps CVEs to EPSS, KEV, CPE, GitHub PoCs, and more. Customizable filters, JSON output, and integration-ready. Requires Go 1.21. #cybersecurity #opensource

Project link on #GitHub https://github.com/projectdiscovery/cvemap

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

Real-time deepfake tech evolves: Deep-Live-Cam lets you swap faces and transform videos with just one image. GPU support (NVIDIA/AMD) ensures smooth performance for realistic results. Ethical use rules apply to prevent misuse. #DeepFake #AI

Project link on #GitHub https://github.com/hacksider/Deep-Live-Cam

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

pwncat is more than a basic reverse shell handler—it's a post-exploitation platform. With features like PTY spawning, privilege escalation automation, and persistence management, it simplifies red team operations across Linux and now Windows (alpha). Python 3.9+ required. #CyberSecurity #RedTeamTools

Project link on #GitHub https://github.com/calebstewart/pwncat

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

Loading PowerShell scripts from C# while bypassing AMSI, ETW, and logging? Meet Stracciatella. Think SharpPick but designed for evasion—with Constrained Language Mode & defenses disabled on startup using .NET runspaces. Intricate yet efficient. #CSharp #RedTeam

Project link on #GitHub https://github.com/mgeeky/Stracciatella

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking