BlackCastle Cyber Security
@blackcastle-cyber.bsky.social
Fuzz every endpoint. Trace every crash !
Vulnerability research, exploit prototypes, and adversarial testing from the southern hemisphere.
Blackcastle — researching tomorrow’s vulns, today.
Vulnerability research, exploit prototypes, and adversarial testing from the southern hemisphere.
Blackcastle — researching tomorrow’s vulns, today.
Deleting the phishing email isn’t enough.
With ICS phishing, the malicious calendar event often survives and keeps firing reminders.
How attackers abuse calendars and how to stop it !
blackcastle.com.au/blog/ics-phi...
#GoogleWorkspace #Microsoft365 #redteam #SocialEngineering #APTTradecraft
With ICS phishing, the malicious calendar event often survives and keeps firing reminders.
How attackers abuse calendars and how to stop it !
blackcastle.com.au/blog/ics-phi...
#GoogleWorkspace #Microsoft365 #redteam #SocialEngineering #APTTradecraft
blackcastle.com
December 20, 2025 at 9:40 AM
Deleting the phishing email isn’t enough.
With ICS phishing, the malicious calendar event often survives and keeps firing reminders.
How attackers abuse calendars and how to stop it !
blackcastle.com.au/blog/ics-phi...
#GoogleWorkspace #Microsoft365 #redteam #SocialEngineering #APTTradecraft
With ICS phishing, the malicious calendar event often survives and keeps firing reminders.
How attackers abuse calendars and how to stop it !
blackcastle.com.au/blog/ics-phi...
#GoogleWorkspace #Microsoft365 #redteam #SocialEngineering #APTTradecraft
APT31 isn’t breaking in. They’re blending in.
Microsoft Dev Tunnels, cloud storage, signed binaries, all abused as stealthy C2.
This is trust exploitation at scale.
🔗 blackcastle.com.au/blog/apt31-t...
#APT #ThreatIntelligence #CloudSecurity #DetectionEngineering #CyberSecurity #Maldev #offsec
Microsoft Dev Tunnels, cloud storage, signed binaries, all abused as stealthy C2.
This is trust exploitation at scale.
🔗 blackcastle.com.au/blog/apt31-t...
#APT #ThreatIntelligence #CloudSecurity #DetectionEngineering #CyberSecurity #Maldev #offsec
APT31 Today: When Trusted Cloud Infrastructure Becomes the Attack Surface
How APT31 turned Microsoft Dev Tunnels, cloud storage, and signed binaries into stealthy command and control.
blackcastle.com.au
December 17, 2025 at 12:44 AM
APT31 isn’t breaking in. They’re blending in.
Microsoft Dev Tunnels, cloud storage, signed binaries, all abused as stealthy C2.
This is trust exploitation at scale.
🔗 blackcastle.com.au/blog/apt31-t...
#APT #ThreatIntelligence #CloudSecurity #DetectionEngineering #CyberSecurity #Maldev #offsec
Microsoft Dev Tunnels, cloud storage, signed binaries, all abused as stealthy C2.
This is trust exploitation at scale.
🔗 blackcastle.com.au/blog/apt31-t...
#APT #ThreatIntelligence #CloudSecurity #DetectionEngineering #CyberSecurity #Maldev #offsec
Reposted by BlackCastle Cyber Security
New BSides Canberra 2025 talk by Paul McCarty is now live:
“Panda Mirror: How the Chinese CCP manipulates NPM to horde malware.”
Watch here: youtu.be/oBzG7XOByII
“Panda Mirror: How the Chinese CCP manipulates NPM to horde malware.”
Watch here: youtu.be/oBzG7XOByII
Panda Mirror: How the Chinese CCP manipulates NPM to horde malware - Paul McCarty, BSidesCbr 2025
YouTube video by BSides Canberra
youtu.be
December 6, 2025 at 3:00 AM
New BSides Canberra 2025 talk by Paul McCarty is now live:
“Panda Mirror: How the Chinese CCP manipulates NPM to horde malware.”
Watch here: youtu.be/oBzG7XOByII
“Panda Mirror: How the Chinese CCP manipulates NPM to horde malware.”
Watch here: youtu.be/oBzG7XOByII
Reposted by BlackCastle Cyber Security
How do trackers see your internet browser? Find out with Cover Your Tracks: coveryourtracks.eff.org
Cover Your Tracks
See how trackers view your browser
coveryourtracks.eff.org
December 8, 2025 at 1:04 AM
How do trackers see your internet browser? Find out with Cover Your Tracks: coveryourtracks.eff.org
A few days in and Shai-Hulud 2.0 is already one of the wildest supply-chain worms we’ve seen. npm propagation + GitHub Actions as C2. Offensive artistry disguised as automation.
Blog here: blackcastle.com.au/blog/shai-hu...
Blog here: blackcastle.com.au/blog/shai-hu...
a man says that 's art in front of a crowd
ALT: a man says that 's art in front of a crowd
media.tenor.com
November 29, 2025 at 5:45 AM
A few days in and Shai-Hulud 2.0 is already one of the wildest supply-chain worms we’ve seen. npm propagation + GitHub Actions as C2. Offensive artistry disguised as automation.
Blog here: blackcastle.com.au/blog/shai-hu...
Blog here: blackcastle.com.au/blog/shai-hu...