The Weekly Red Team Newsletter (Week 9)
Edition 7
Red Teamers,
Welcome to the seventh edition of the Daily Red Team Briefing. This week, we delve into antivirus evasion techniques, significant takedowns of malicious tools, AI model security assessments, and recent exploitations. We also feature our tool and blog of the week.
1️⃣ AV Detection and Anti-Malware Scans Bypassed Using Red Team Tool SpecterInsight
Cybercriminals have developed sophisticated methods to evade antivirus (AV) detection and anti-malware scans. By employing advanced obfuscation techniques and leveraging legitimate tools, attackers can infiltrate systems undetected, posing significant challenges to traditional security measures.
🔗 Source: Hackers Bypass Antivirus Detection and Anti-Malware Scans
2️⃣ Cobalt Strike Takedown Effort Cuts Cracked Versions by 80%
A collaborative effort between Fortra, Microsoft, and Health-ISAC has led to an 80% reduction in unauthorized copies of the Cobalt Strike red teaming tool. By seizing over 200 malicious domains, the operation has significantly disrupted the adversarial use of cracked versions.
🔗 Source: Cobalt Strike Takedown Effort Cuts Cracked Versions by 80%
3️⃣ Red Team Frameworks Are Finding AI Model Security Risks
AI is revolutionizing cybersecurity, but AI models remain vulnerable to adversarial attacks. New frameworks and red teaming methodologies are being used to assess AI security, uncovering bias, vulnerabilities, and potential exploit paths before attackers do.
🔗 Source: Red Teams & Static Scans Find AI Security Risks
4️⃣ Hackers Exploit Paragon Partition Manager Driver in Ransomware Attacks
A zero-day vulnerability (CVE-2025-0289) in Paragon Partition Manager is being actively exploited to execute ransomware attacks. The flaw allows attackers to escalate privileges and execute arbitrary code, enabling them to deploy ransomware payloads undetected.
🔗 Source: Hackers Exploit Paragon Partition Manager Zero-Day
5️⃣ ClickFix Phishing Tactic Deploys PowerShell-Based Havoc C2 via SharePoint
Threat actors are using the ClickFix technique to deploy the Havoc C2 framework via phishing attacks. Malicious HTML attachments trigger PowerShell commands that establish persistence, making it difficult to detect and mitigate.
🔗 Source: Hackers Use ClickFix Trick to Deploy Havoc C2
6️⃣ Can AI Crack One of the World’s Toughest Cryptographic Puzzles?
AI is being used to tackle Kryptos, the famous CIA cryptographic sculpture with a puzzle that has remained unsolved for over 30 years. Could artificial intelligence finally decipher the remaining code fragments?
🔗 Source: Can AI Solve the Kryptos Mystery?
7️⃣ Upcoming Cybersecurity Conferences in March 2025
Here are the must-attend cybersecurity, red team, and pentest conferences happening in March:
🔹 AfricaHackon – March 19-20, 2025 | Nairobi, Kenya
A major African infosec event covering a broad range of cybersecurity topics.🔹 Minorities in Cybersecurity Annual Conference – March 23-27, 2025 | Dallas, Texas
Discusses industry challenges, career growth.
🔹 State of Cyber – March 2025 | St. Louis (Exact Date TBD)
Features presentations from CISA, FBI, DHS, and Secret Service on red teaming & pentesting.
🔹 20th International Conference on Cyber Warfare and Security (ICCWS) – March 28-29, 2025 | Williamsburg, Virginia
A prestigious academic and industry event focused on cyber warfare and cybersecurity research.
8️⃣ Upcoming March 2025 CTF Competitions
The top Capture The Flag (CTF) competitions happening this month:
KalmarCTF 2025 – March 7-9 (Online)
UTCTF 2025 – March 14-16 (Online)
Cyber Apocalypse CTF 2025: Tales from Eldoria – March 21-26 (Online)
WolvCTF 2025 – March 21-23 (Online)
SwampCTF 2025 – March 28-30 (Online)
StealthCup – March 28 (Hybrid, Vienna, Austria)
TAMUctf 2025 – March 28-30 (Online)
HackDay 2025 - Finals – March 28-29 (Paris, France)
SpartanCTF 2025 – March 28-30 (Online)
JerseyCTF V – March 29-30 (Online)
🔴 Time to sharpen your offensive skills!
9️⃣ Tool of the Week: InvokeADCheck
🔥 InvokeADCheck is a PowerShell tool for auditing Active Directory (AD) environments. It automates security checks to detect misconfigurations, weak permissions, and potential attack paths. A must-have for red teamers and blue teamers alike!
🔗 Source: InvokeADCheck on GitHub
🔟 Blog of the Week: Red teaming ChatGPT in medicine to yield real-world insights on model behavior
AI is transforming healthcare, but is it making us more vulnerable? This in-depth study examines how AI-driven medical solutions introduce security risks, exposing patient data and critical healthcare infrastructure.
🔗 Read here: AI in Healthcare – A Double-Edged Sword
