API attacks that can lead to fraud through account takeovers and theft of credit card information.

Welcome to Attack & Defend!

Sometimes, you need a specific focus on the issues that are facing red and blue teamers to get ahead. We know that, which is why we're rolling out a new series of overviews, reviews, and views concerning this corner of the market - which is growing more and more valuable each year!

Almost a quarter into the year, this threats are continuing to come thick and fast - in fact, ourhunch is that the retrospective we have at the end of this calendar year may even look like a reluctant admission that the adversary has always got something else up its sleeve. In that sense, we invite you to check out the ongoing Top Ten MITRE ATT&CK threats of 2024 breakdown that has launched through our sister newsletter, the _secpro. But anyway, here's some of the biggest problems facing people inyour position today!

Cheers!
Austin Miller
Editor-in-Chief

Business Wire - Red Hat Boosts Enterprise AI Across the Hybrid Cloud with Red Hat AI: "Red Hat, Inc., the world's leading provider of open source solutions, today announced the latest updates to Red Hat AI, its portfolio of products and services designed to help accelerate the development and deployment of AI solutions across the hybrid cloud. Red Hat AI provides an enterprise AI platform for model training and inference that delivers increased efficiency, a simplified experience and the flexibility to deploy anywhere across a hybrid cloud environment."

RAND - Artificial General Intelligence's Five Hard National Security Problems: Find the Report PDF here to find out about this cutting-edge research.

SANS - Identifying Advanced Persistent Threat Activity Through Threat-Informed Detection Engineering: Enhancing Alert Visibility in Enterprises: "Advanced Persistent Threats (APTs) are among the most challenging to detect in enterprise environments, often mimicking authorized privileged access prior to their actions on objectives."

SANS - Strolling Through the STIG: "The CKL file has become the unofficial common language amongst the Department of Defense activities to share and report on STIG compliance information. Although easy to work with on an individual basis (One System / One Assessment), this format fails at scale."

TrendMicro - ZDI-CAN-25373: Windows Shortcut Exploit Abused as Zero-Day in Widespread APT Campaigns: "Trend Zero Day Initiative™ (ZDI) identified nearly 1,000 malicious .lnk files abusing ZDI-CAN-25373 (aka ZDI-25-148), a vulnerability that allows attackers to execute hidden malicious commands on a victim’s machine by leveraging crafted shortcut files."

Building an electric vehicle simulator to research EVSEs: "Researching and reverse engineering Level 2 Electric Vehicle Supply Equipment (EVSE or loosely “charger”) efforts might require the equipment to be placed beyond the idle state. The idle state is straightforward and usually involves nothing more than powering up the charger. Indeed, this is a very useful state for research where the user interface is in operation, communications both wired and wireless are working and the mobile device app can interact. However, there are times when there is a need to force the charger into other states so that it behaves as though the electric vehicle is attached, the EV is asking for charge, or the EV is charging and the EVSE is providing charging current."

Vechus/ODC-challenges - A collection of offensive and defensive training resources, perfect for keeping you and your team sharp!

shr3ddersec/Shr3dKit - This tool kit that is very much influenced by infosecn1nja's kit. Use this script to grab majority of the repos.

lengjibo/FourEye - An AV Evasion tool for Red Team Ops.

Mathuiss/cyber_wolf - A tool for building offensive skills with firewalls.

jorge-333/Virtual-Machine-Home-Lab - …built for the purpose of studying, Installing, and configuring Switches, Routers, Firewalls, SIEMs, IPS's, and Offensive Security Tools.

Vechus/ODC-challenges - A collection of offensive and defensive training resources, perfect for keeping you and your team sharp!

awais922609/Defensive-Learning - This repo covers firewall configurations, SIEM deployment, and various other important defensive topics, giving you the tools to build up your defensive skills.

0xInfection/Awesome-WAF - A collection of the best resources for improving your firewall skills; potentially the best collection online!

Ekultek/WhatWaf - …and once you’ve mastered that, here’s a way to get around WAFs

racecloud/NetBlocker - A specific implementation of a firewall script that reads logs from various servers, validates against public databases with offensive hosts and adjusts a MikroTik firewall.

Exploiting DeepSeek-R1: Breaking Down Chain of Thought Security: "The growing usage of chain of thought (CoT) reasoning marks a new era for large language models. CoT reasoning encourages the model to think through its answer before the final response. A distinctive feature of DeepSeek-R1 is its direct sharing of the CoT reasoning. We conducted a series of prompt attacks against the 671-billion-parameter DeepSeek-R1 and found that this information can be exploited to significantly increase attack success rates."

Addressing the public sector’s penetration testing problems: The public sector is struggling to break free of an outdated model of penetration testing (pentesting) that requires federal civilian agencies and state, local and higher education institutions alike to contend with approaches that don’t scale and can introduce their own security challenges. But these antiquated methods of security testing can’t be addressed until organizations understand what causes these problems: bandwidth, efficiency and security.

How purple teaming enhances inter-team collaboration and effectiveness in cybersecurity: "It’s no longer about team red vs. team blue. It’s time to think about team purple. This security force blends offensive and defensive minds, blurring lines and boosting defenses. No more adversarial silos, just collaborative cycles and shared intel."