This article details a red‑team engagement against a 30‑employee company that lacked a public website, describing how the team used phishing emails, custom Cobalt Strike payloads, shellcode encryption, internal network scanning, and a router tunnel to obtain footholds and extract data.
Google has issued an emergency update that patches eight high‑severity Chrome flaws capable of zero‑click remote hijacking, detailing the red‑team exploitation opportunities, the blue‑team rapid response timeline, the broader Chromium impact, and practical steps users should take to stay protected.
This guide walks through the full red‑team workflow—from reconnaissance and initial access through defense evasion, credential theft, lateral movement, and operational security—detailing concrete tools, commands, and techniques for compromising both external and internal networks.
Promptfoo is an open‑source framework that lets AI developers automate prompt evaluation, compare large‑model outputs, and perform red‑team security scans, turning LLM application development from guesswork into a measurable, engineering‑driven process.
Security researchers demonstrated that Doctronic’s AI doctor can be easily hijacked via prompt‑injection attacks, allowing attackers to leak system prompts, alter the AI’s memory, fabricate SOAP notes and even inflate prescription dosages, raising serious concerns for medical AI safety despite claimed safeguards.
This article presents a systematic approach to evaluating large language model (LLM) safety by constructing an automated red‑team testing platform that measures prompt jailbreak, privacy leakage, and tool‑execution risks, defines quantitative metrics, compares commercial and open‑source models, and outlines a continuous evolution pipeline for attack samples.
This article presents a systematic approach to evaluating large language model security by defining threat models, categorizing attack surfaces such as jailbreak and privacy leakage, and describing an automated red‑team platform that generates, mutates, scores, and evolves adversarial prompts to continuously assess model robustness.
This article explains why traditional VPNs are increasingly insecure, outlines the core principles of zero‑trust security, reviews twelve leading zero‑trust solutions with features, real‑world red‑team examples and quick‑setup commands, and provides a step‑by‑step migration guide from VPN to zero‑trust.
The article explains the nationwide "Huwang" cybersecurity red‑blue exercise, its purpose, rules, team roles, scheduling, and the lucrative daily earnings (1.5K‑3K ¥) for participants, while also showing how alumni can get internal referrals through the training institute.
The article introduces Security Chaos Engineering (SCE) as a proactive experimental approach to uncover security control failures, discusses the limitations of traditional red/blue/purple team exercises, outlines SCE's advantages, and presents the open‑source ChaoSlingr framework as a practical implementation example.
This article demonstrates how red‑team methods can be applied to phishing traceability, detailing phishing classifications, email‑header extraction, malicious site analysis, web‑shell decryption, privilege‑escalation techniques, log mining, and attacker attribution to reconstruct the full attack chain.
This article examines how adversaries target Jenkins automation servers, detailing common discovery methods, exploitation techniques such as Java deserialization and mis‑configured authentication, and practical red‑team demonstrations of credential extraction, script‑console abuse, and malicious job creation to illustrate mitigation recommendations.
