Cybersecurity Awareness Month! Cyber Tip: Never enable macros on documents from unknown or untrusted sources. Attackers often send Word/Excel files that trick you into clicking “Enable Content” to launch malware. If you weren’t expecting the file, don’t trust it.

Happy Cybersecurity Awareness Month!! We believe awareness is the first line of defense. This month, we’ll share tips and insights from our experts to help protect what matters most. Tip: Scammers use urgent language to create panic. Don’t rush, pause & verify before acting.

One of our Black Hat instructors analyzes a real phishing email, how it works, the red flags, and how to stay safe. youtu.be/IFy_96Dg__E?... #Phishing #SecurityAwareness #Infosec

PyPI is warning about a new phishing scam hitting package maintainers. Fake “account verification” emails are floating around, pointing to pypi-mirror[.]org, a fake site built to steal your login. www.bleepingcomputer.com/news/securit...

“When ‘working as intended’ means leaking sensitive data” Our analyst Andrew, discovered unauthenticated access to thousands of files and faced roadblocks trying to report it. His blog breaks down what happened and why design flaws matter as much as exploits. bc-security.org/when-intende...

Hot dogs, cold drinks, and… popping shells? This Labor Day, we’re serving up a special Empire Ops 1 Discount. Attackers don’t take holidays, and neither should your defenses. training.bc-security.org/courses/empi... #Cybersecurity #RedTeam

@Micrososft highlights top PRC tactics: cloud account abuse (impossible travel, new principals), LOTL lateral movement with psexec/WMI/remote PowerShell, and persistence via web shells on IIS, SharePoint, VPNs, and firewalls. Defenses: MFA, block legacy protocols, hardened configs.

We are honored to be at #DAFITC this year and catch the keynote from Huntress’ CEO. A powerful discussion on how cybercriminals are abusing tools like ScreenConnect and why defenders must stay vigilant. Great insights for everyone in cyber defense. #CyberSecurity

AMA starts in a few hours! Jake Krasnov (BC Security) is hosting a LIVE AMA on r/SolarDIY at 12 PM ET — only a few hours from now! Bring your cyber questions here: reddit.com/r/SolarDIY

Solar powers your home. Cybersecurity keeps it safe. This Friday (Aug 22) @ 12 PM ET, Jake Krasnov (BC Security) goes LIVE for an AMA on r/SolarDIY! Bring your questions! www.reddit.com/r/SolarDIY/

We want to give a huge thank you to everyone who reached out about the CVEs from our Solar Research! Your feedback, stories, and collaboration mean a great deal to our team, and it has been incredible to see the community come together around this work. Please keep reaching out!

What a great #DefCon!!! We spent almost 2 weeks in Vegas between #BlackHat and #Defcon. We would like to thank everyone who attended our classes, demo labs, workshops, and our mainstage talk. If you didn't have a chance to talk to us, you can always reach out to us on our website or social media!

The first day of #DEFCON is in the books. We had great attendance in both the Empire 6.0 Demo Lab and Obfuscation Reloaded! Check out our main stage talk: Rebadged, Relabeled, and Rooted: Pwnage via the Solar Supply Chain Today at 14:00 (2PM Vegas time) Exhibit Hall West 3 - Track 2

Today is the day! The first day of #DefCon is here! We have workshops and a lab today. Then the mainstage talk tomorrow! Come Check out Obfuscation Reloaded: Modern Techniques for Evading Detection / Empire 6.0!

We are stoked to be out and about @blackhatevents.bsky.social!!! Come say hey if you see us! We are always down to chat and meet new people!

So amazing to see the diversity of students we've had at @blackhatevents.bsky.social this year! We would like to thank everyone who traveled from all parts of the world to attend our classes. Now it's time for #Blackhat2025 briefings!

Day 3 of @blackhatevents.bsky.social We finished class with our first set of students yesterday, and today we start with new students. Don’t forget that we offer training throughout the year. Visit www.training.bc-security.org for a list of our available training options. #blackhat2025

Mark your calendars for our mainstage talk at DEF CON: Rebadged, Relabeled, and Rooted: Pwnage via the Solar Supply Chain Aug 9. Saturday @ 14:00 (2 PM PT) Exhibit Hall West 3 – Track 2 If you see any of us out and about, feel free to say hi!

Day 1 complete and Day 2 underway at @blackhatevents.bsky.social We kicked things off strong! There’s still time to join our Advanced Threat Emulation: Active Directory / Advanced Threat Emulation: Evasion classes tomorrow. www.blackhat.com/us-25/traini... www.blackhat.com/us-25/traini...

Anthony & Jake are finishing up the documentation on the 14 CVEs they will be releasing at DEF CON next week & can't wait to share it with y'all! Don't miss their Rebadged, Relabeled, & Rooted: Pwnage via the Solar Supply Chain talk on Aug 9 at 2 pm PST

Advanced Threat Emulation: Active Directory is the best way to improve your AD skills at Black Hat. Learn about reflection attacks, resource-based constrained delegation, & more. By the end, you will be equipped with the latest TTPs & ready for your next engagement www.blackhat.com/us-25/traini...

Hacker summer camp is quickly approaching, but there is still time to sign up for training at Black Hat! Kick things off right with our Advanced Threat Emulation: Evasion course. Learn the ins & outs of modern EDR evasion and the art behind code obfuscation www.blackhat.com/us-25/traini...

Hacker Summer Camp starts in one week! What's everyone most excited about? We Hubble can't wait to give his DEF CON talk on residential solar hacking. (Even if he is a little nervous for his first mainstage talk)

Active Directory is more important than ever in red teaming. Come learn from Kevin Clark as he shares 5 years of tradecraft experience. This hands-on training covers everything from SMB to LDAP to cross-forest attacks. Don't miss out! www.blackhat.com/us-25/traini...

Hacker Summer Camp is just over a week away! Start it off right with our updated Evasion course at Black Hat. Learn all about modern techniques for evading EDR, including API & kernel hooking, Sys Calls & code obfuscation. Upgrade your skills today! www.blackhat.com/us-25/traini...

Empire Ops I is fully updated for Empire 6.0 & is the best way to get to know this C2. No longer limited to just PowerShell, Empire comes loaded with capabilities in Go, C#, IronPython & Python. Learn how you can use it to succeed on your next op today! training.bc-security.org/courses/empi...

Video: Introduction to Beacon Object Files (BOFs)! Executing native code in-memory and at runtime to improve red team stealth. 😎 We start small to understand Dynamic Function Resolution and create a small Empire module to call Win32 API functions! youtu.be/p3fByg8pa1g

Join us in August for Advanced Threat Emulation: Evasion at @blackhatevents.bsky.social USA! Get hands-on experience in: - Threat Specific Evasion TTPs - Masking Network Traffic - And more! #BHUSA Aug 2-3: www.blackhat.com/us-25/traini... Aug 4-5: www.blackhat.com/us-25/traini...

HackRedCon starts in just one day and we're giving away 5 free tickets! Just like and leave a comment on this post for a chance to win. Don't forget to check out Jake Krasnov's Cyber Threat Hunting Panel on Friday. Can't wait to see you there! #cybersecurity #redteam www.hackredcon.com/

August is coming up, and we're excited to head to @defcon.bsky.social! Take a look at our APT Tactics: Lazarus course for a full dive into -APT techniques inspired by the Lazarus Group -Hands-on ransomware deployment scenarios training.defcon.org/products/apt... #RedTeam #DEFCON #DEFCONTraining

Congrats to hubbl3 and Cx01N on getting their talk accepted at Def Con. They have spent the last 6 months researching vulnerabilities in Solar Power systems and can't wait to share their findings with everyone. Check them out at @defcon.bsky.social #DEFCON #DEFCONTraining

Want to get hands-on with Sliver? Learn C2 operations, pivoting, credential theft, and more in our immersive red team course. Includes Android implants, AV bypass, and multi-operator workflows. 1-week lab access, lifetime updates, and exclusive swag included. www.eventbrite.com/e/sliver-ope...

Void Blizzard shows that using simple techniques like password spraying doesn’t mean the group lacks sophistication. Their real strength lies in tailoring access and operations to each target, scaling complexity only as needed. What do you think advanced actually means? #redteam #cybersecurity

Heading to @blackhatevents.bsky.social and haven't found a course? Advanced Threat Emulation: Active Directory will take students through hands-on exercises attacking a real-world emulated network. Don't miss out! #BHUSA #RedTeam Aug 2-3: www.blackhat.com/us-25/traini... #BHUSA#RedTeamg 4-5:

Thank you to everyone for the fantastic turnout at our Aviation Security Workshop! If you weren't able to make it, no worries. Follow the links to check out the recording and the Beta of our 1553 Simulator! github.com/BC-SECURITY/... www.youtube.com/live/OkNIjD5...

Join us at @blackhatevents.bsky.social and learn about the latest TTPs in our #BHUSA Evasion course. We will cover everything from code obfuscation to API unhooking & even a few new DLR tricks. #cybersecuritry #redteam Aug 2-3: www.blackhat.com/us-25/traini...

Designed for beginners to intermediate operators, this course covers essential techniques and delves into common threat actor methodologies. Elevate your red teaming skills with our comprehensive Sliver C2 course! www.eventbrite.com/e/sliver-ope...

Last chance: today is the final day to get Early Bird pricing for all @blackhatevents.bsky.social courses. Prices go up after tonight. Register today before prices increase: blackhat.informafestivals.com/usa/2025/ #BHUSA #CyberSecurity #RedTeam

Heads up! Prices for all courses at @blackhatevents.bsky.social go up on May 23rd. Lock in your spot now before the end of Early Bird pricing! #BHUSA #CyberSecurityTraining #RedTeam blackhat.informafestivals.com/usa/2025/

Don't miss it! Our Aviation Security Workshop starts tomorrow! Join Jake "Hubble" Krasnov, whose background includes F-22 testing and work on the F-47 at Boeing Phantom Works, to explore the fundamental flaws in Aviation security. Starts at 1:00 ET! www.eventbrite.com/e/aviation-s...

We were thrilled to attend HackSpaceCon this year! Great conversations, cutting-edge research, and a passionate community pushing the boundaries of cybersecurity. Thank you to everyone who made this event possible!

Kicking off HackMiami Conference XII with APT Tactics: Lazarus! Jake "Hubble" Krasnov is diving into real-world APT techniques, ransomware ops, and EDR evasion. Packed labs, practical skills, and a whole lot of fun.

Think your tools are stealthy? Think again. This course teaches how to break detection, unhook APIs, bypass ETW/AMSI, and weaponize obfuscation like top-tier APTs. If you're not evading, you're just noisy. Meet us at @blackhatevents.bsky.social! #RedTeam #MalwareDev #CyberSecurity #BHUSA #Obfuscatio

Don’t miss our Active Directory course at @blackhatevents.bsky.social! Master techniques for infiltrating Windows Domains and put your skills to the test in an immersive hands-on lab environment. #Pentest #RedTeam #ActiveDirectory #BHUSA #Cybersecurity www.blackhat.com/us-25/traini...

Heading to Hackmiami and haven't found a class? APT Tactics: Lazarus gives students hands-on experience disabling EDR systems, exploiting Log4J, and more. Don't miss out! www.eventbrite.com/e/hackmiami-...

Join us on May 20th at 1:00 ET for an Aviation Security Workshop! Learn to leverage the fundamental flaws that exist in Aviation protocols to conduct a series of exploits, including Bus Controller Spoofing in 1553 and unauthenticated command injection to Modbus devices.

"Systematic Malware: A Rule-Based Approach to Creating Payloads" just started! Join Kevin Clark and Skyler Knecht for a dive into creating evasive payloads in the modern EDR landscape. www.youtube.com/watch?v=-xSt...

Master ICS & aviation cybersecurity at @blackhatevents.bsky.social. Dive into real-world attacks on bus protocols and defense strategies. Led by Hubble, learn from his experience conducting F-22 testing, aggressor ops & secure aircraft design at Boeing Phantom Works. www.blackhat.com/us-25/traini...

@blackhatevents.bsky.social is coming up and we can't wait to see you there! Join us for Advanced Threat Emulation: Active Directory and coerce your way to admin. Early Bird pricing ends May 23rd! #ActiveDirectory #Cybersecurity #RedTeam #BHUSA www.blackhat.com/us-25/traini...

Heading to HackMiami? Don’t miss Windows Payload Development: EDR Evasion and Initial Access Tradecraft, a hands-on course on building evasive payloads, bypassing EDR, and crafting initial access vectors using LOLBins, process injection, and more. #RedTeam www.eventbrite.com/e/hackmiami-...