Alfie Champion
@ajpc500
Founder at @delivr_to | Author of Practical Purple Teaming | Detection & Emulation at @github | Tweets my own
With a process that began two and a half years ago, I'm very excited to announce that I've written a book with @nostarch! 🎉 "Practical Purple Teaming" tells you all you need to know to get started with collaborative offensive testing. nostarch.com/purple-teaming
🎉Leonidas for Kubernetes is officially on GitHub!🎉 Our cloud attack simulation framework has been updated to support #Kubernetes environments! Remember that tool we demo'ed at DefCon @AdversaryVillag this summer? You can finally take it for a ride: github.com/WithSecureLabs…
We are now developing @elastic threat hunting queries, alongside our detection rules, and openly sharing these as well! 🎉🎉 Can visually explore these with rulexplorer.io! 🔥🔥 #ThreatHunting #DetectionEngineering
Threat hunting just got easier! This new repo of detection rules is crafted by our veteran detection engineers and powered by different Elastic query languages. Get the details of what’s included and see the future of this repo here: go.es.io/4h2JsTX #ElasticSecurityLabs
A short GitHub repository explaining on weaponizing WSL file extensions github.com/dmcxblue/WSL-P… #redteam
A few yrs ago, when we began building delivr.to, a piece of me wondered if we'd see the innovation and creativity in the threat landscape to justify writing this kind of blog. This is the fifth(!) time we've put together our Top 10 and... the answer is 100% yes 😅
It's here. The latest iteration of our Top 10 includes the most important developments in initial access tradecraft; from macOS targeting of ClickFix, to Zip Smuggling, to QRLJacking. 📚 Blog: blog.delivr.to/delivr-tos-top…
Cool to see our Sigma rule for FileFix detection being merged today 🚀🩵 github.com/SigmaHQ/sigma/…
Threat actors have wasted no time operationalising the FileFix technique 📁⚠️ 📚Check out our latest blog on detecting and preventing FileFix: blog.delivr.to/filefixed-dete…
Turns out the same ClickFix mitigation of ‘disabling’ the Win+R shortcut (HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer - NoRun DWORD 1) also prevents exploitation of the address bar FileFix technique💡
TIL that there's a Defender 365 detection for use of the Microsoft logo from a wiki page - "Phish_HTML_WithMsLogoFromWiki_A" 🤣
FileFix - A ClickFix Alternative mrd0x.com/filefix-clickf…
My next book is open for pre-orders!!! I have included the first two chapters in audiobook form for free. You can listen to them now on my website or you can listen and read the sample on Apple Books. Looking forward to getting it into your hands. themittenmac.com/threat-hunting…
Our Phishing Attack Technique Explorer is now live! 😈🔍 Next time you browse our catalogue, you'll see a new view to find payloads combining popular attack techniques; from Pastejacking and Bring Your Own Interpreter, to HTML Smuggling and Auth Coercion delivr.to/app/payloads
Using Mythic and VECTR on your purple teams? 💜 I’ve just open-sourced a new Mythic service container that allows you to auto-populate VECTR test cases based on your Mythic taskings. github.com/MythicAgents/V…
This is a really cool use of LLMs to dynamically generate and execute Python code with the Medusa Mythic agent! 🐍🤖 gosecure.ai/blog/2025/03/2…
Introducing Forge 🔥 – the first “Command Augmentation” container for Mythic! Check out @its_a_feature_'s latest blog post to learn how this new add-on offers a more standardized way of executing BOFs and .NET assemblies. ghst.ly/416iKnu
Who says #Python Malware is out of style? In our new #blog,@GuhnooPlusLinux revisits an old technique he believes is a prime candidate to host #malware payloads—Python for Windows. Read it now! hubs.la/Q033Jvyq0
Twice a year we dive into the latest, notable tradecraft that has caught our attention in the world of phishing and initial access over the past six months. From Pastejacking, to image-less QR codes, to zip concatenation. 📚 Read our new Top 10: blog.delivr.to/delivr-tos-top…
TIL : There's a way to prevent the Win+R phishing thewindowsclub.com/enable-or-disa…
Our talk at #BHEU is done! Hope you all enjoyed it. 😉 A detailed blog is on the way, but in the meantime, check out the pre-alpha website worst.fit for early access and the slides! Huge thanks to @BlackHatEvents and my awesome co-presenter @_splitline_! 🐈
Zip Concatenation 📦⚠️ A recent blog from @AttackTrends (perception-point.io/blog/evasive-c…) shows how actors are concatenating zip files to evade mail filters and deliver malicious content 🛡️ Test deliverability: delivr.to/?search=concat… 🔍 Detect with YARA: github.com/delivr-to/dete… 🧵1/3
What people often overlook in #DetectionEngineering is that there’s no "one-size-fits-all" rule to detect a threat. It depends on your goals. How specific should the rule be? Are you tracking a threat actor, detecting the tool/malware, or focusing on the technique? Should it be…
⚠️ In-the-wild exploitation of CVE-2024-38112 This vuln allows crafted URL files with an MHTML protocol handler to load HTML via the deprecated Internet Explorer to execute HTA files. 🛡️Test your defences with our recreated payload: delivr.to/?id=334b22da-4… 🧵