When threats come for your business, every second counts. Rubrik’s Cyber Resilience Summit will show you how to put your time to good use, so your data—and your organization—are safe.

Join us virtually on March 5th to learn how to:
- Gain visibility into where your sensitive data lives
- Accelerate incident response and achieve end-to-end resilience
- Manage risk and recover from attacks faster

Welcome to Attack & Defend!

Sometimes, you need a specific focus on the issues that are facing red and blue teamers to get ahead. We know that, which is why we're rolling out a new series of overviews, reviews, and views concerning this corner of the market - which is growing more and more valuable each year!

Of course, here we stand a wholemonth into 2025 and the challenges are still coming thick and fast. So, here's a few practical tips, news items, and other interesting tid-bits for keeping you sane in the insane world of cybersecurity.

Cheers!
Austin Miller
Editor-in-Chief

Cybersecurity isn’t just about defense—it’s also about understanding how they work. That’s where reverse engineering comes in. When analyzing malware, security professionals use it to break things down and figure out how they operate.

CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks - On September 25, 2024, theTrend ZDIThreat Hunting team identified a zero-day vulnerability exploited in-the-wild and associated with the deployment of the loader malware known asSmokeLoader. This vulnerability is believed to be used by Russian cybercrime groups to target both governmental and non-governmental organizations in Ukraine, with cyberespionage being the most likely purpose of these attacks as part of the ongoing Russo-Ukrainian conflict. The exploitation involves the use of compr -omised email accounts and a zero-day vulnerability existing in the archiver tool 7-Zip (CVE-2025-0411), which was manipulated through homoglyph attacks.

CVE-2025-0108 PAN-OS: Authentication Bypass in the Management Web Interface - An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS.

From South America to Southeast Asia: The Fragile Web of REF7707 - Elastic Security Labs has been monitoring a campaign targeting the foreign ministry of a South American nation that has links to other compromises in Southeast Asia. We track this campaign as REF7707. The intrusion set utilized by REF7707 includes novel malware families we refer to as FINALDRAFT, GUIDLOADER, and PATHLOADER. We have provided a detailed analysis of their functions and capabilities in the malware analysis report of REF7707 -You've Got Malware: FINALDRAFT Hides in Your Drafts.

Gcore DDoS Radar Reveals 56% YoY Increase in DDoS Attacks - Gcore’s twice-annual Radar report analyzes DDoS attack data observed across our global network, spanning six continents and over 180 PoPs, to uncover key insights from the past six months (sign up for access).

Vechus/ODC-challenges - A collection of offensive and defensive training resources, perfect for keeping you and your team sharp!

shr3ddersec/Shr3dKit - This tool kit that is very much influenced by infosecn1nja's kit. Use this script to grab majority of the repos.

lengjibo/FourEye - An AV Evasion tool for Red Team Ops.

Mathuiss/cyber_wolf - A tool for building offensive skills with firewalls.

jorge-333/Virtual-Machine-Home-Lab - …built for the purpose of studying, Installing, and configuring Switches, Routers, Firewalls, SIEMs, IPS's, and Offensive Security Tools.

Vechus/ODC-challenges - A collection of offensive and defensive training resources, perfect for keeping you and your team sharp!

awais922609/Defensive-Learning - This repo covers firewall configurations, SIEM deployment, and various other important defensive topics, giving you the tools to build up your defensive skills.

0xInfection/Awesome-WAF - A collection of the best resources for improving your firewall skills; potentially the best collection online!

Ekultek/WhatWaf - …and once you’ve mastered that, here’s a way to get around WAFs

racecloud/NetBlocker - A specific implementation of a firewall script that reads logs from various servers, validates against public databases with offensive hosts and adjusts a MikroTik firewall.

EM360 - Infiltration Insights: Red Team Operations: Red teaming is a proactive cybersecurity approach where ethical hackers simulate real-world attacks to test an organisation’s defences. Unlike traditional testing, red teaming mimics sophisticated threats to expose vulnerabilities in networks, systems, and even human factors. This process helps organisations identify weaknesses, strengthen their security posture, and improve their incident response plans to stay ahead of evolving cyber threats.

Addressing the public sector’s penetration testing problems: The public sector is struggling to break free of an outdated model of penetration testing (pentesting) that requires federal civilian agencies and state, local and higher education institutions alike to contend with approaches that don’t scale and can introduce their own security challenges. But these antiquated methods of security testing can’t be addressed until organizations understand what causes these problems: bandwidth, efficiency and security.

An Introduction To Purple Teaming: "Purple teaming can play a vital role in helping them to achieve this. Purple teaming involves red and blue teams collaborating on an ongoing basis to maximize their impact. Read on to discover how purple teaming enables businesses to enhance and accelerate their approach to identifying and mitigating security vulnerabilities."

How purple teaming enhances inter-team collaboration and effectiveness in cybersecurity: "It’s no longer about team red vs. team blue. It’s time to think about team purple. This security force blends offensive and defensive minds, blurring lines and boosting defenses. No more adversarial silos, just collaborative cycles and shared intel."

Penetration Testing Market Demand Will Reach a Value of USD 6.44 Billion by the Year 2030, At a CAGR of 16.5:"The Penetration Testing Market plays a crucial role in assessing and strengthening the security of IT infrastructure. Penetration tests help uncover vulnerabilities in operating systems, applications, and networks by simulating potential cyber-attacks without compromising the system’s security."