First time seeing text-based stagers in the wild 😮‍💨 These guys are creative as hell fr

their Attack chain was like :
> Obfuscated VBS → PowerShell → Text payload fragments → .NET Reactor loader → MSBuild.exe → Remcos RAT
> All in-memory reconstruction (fileless where possible)
> Self-healing downloaders that retry if payloads fail

The whole "access-as-a-service" economy is wild rn 😂

They did slip up tho large .txt files being processed by powerShell would raise SOC eyebrows but their evasion game was strong good

Text-based payloads avoid signature detection
.NET Reactor obfuscation breaks static analysis
Living-off-the-land with MSBuild.exe
Memory-only execution avoids file scanning

Overall rating: 8.5/10 😂😂
solid OPSEC, creative TTPs, but that PowerShell + .txt combo is a bit loud for sustained stealth 🙃

@AfroSec

when chatgpt got surprised 😂

he thought am just dum this whole time (actually i am on specific stuff tho :) ) lol

@AfroSec

ማለት ነበር 👊

@AfroSec

Rest in Peace Netsanet Werkineh 😢🥀🥀🥀🥀

@AfroSec

melkam timket everyone ❤️❤️❤️

and boys we need to gear up🍋🍋😎😉
In the meantime ladies, here’s a gentle reminder that you could be a target at any moment so be ready for the show lol 😄

@AfroSec

I built my own AI News Pipeline (and why?..."readily made" apps weren't enough for me:(

I have seen many apps that claim to deliver customized news, but most of them are hidden systems where you can't control the logic, or they get the facts wrong..i wanted a system that acted as a high level content curator, so I built a custom ETL pipeline to solve this for myself

Here is what you won't find in most AI news apps:

-Parallel Data Architecture: this prevents AI hallucinations by splitting the data stream. the LLM handles the creative rewrite, while the original URLs are preserved in a separate path.
- Local LLM: by running the intelligence layer locally, i eliminated API costs,privacy concerns and third-party subscriptions.
- Smart Ranking & Filtering: delivering only the top 6 highest value stories

As a result,i no longer wake up to a mess of notifications...i just get a professional and summarized briefing of exactly what I need to know

what is happening on ticktok tho my fyp is full of 2016 throwback

@AfroSec

speaking of throwback ✨

@AfroSec

Are you ready to join today and tomorrow's cybersecurity foot soldiers?

picoCTF-Africa 2026 is back! Bigger, better and upto 80 students to be awarded!

Join our picoCTF-Africa prep info session
📅 24 January
⏰ 11 am Rwanda time ( convert time to your own country )
⛓️‍💥  bit.ly/picoCTF2026

Registration for the CTF opens on 1 February 2026, so get ready.
Competition runs 9 - 19 March 2026

stay alert. protect your accounts. share this with a friend

https://www.instagram.com/p/DTxI73ZDAS2/?igsh=MWlzYWgwbTZ1c3UyMA==

yup just like that 😂😂😂😂

We listen, we don't judge ❌
We see, we don't judge ✅

@AfroSec

https://fearsoff.org/research/cloudflare-acme

so i was Just reading about logic bug in Cloudflare's ACME validation Found by Fearsoff .

when Cloudflare handles SSL cert challenges (/.well-known/acme-challenge/*), it turns off WAF so CAs can validate without interference but the old logic sometimes disabled WAF even for invalid tokens, letting malicious requests slip through to origin. smooth bypass path.

i also saw that Cloudflare posted about it Cloudflare blog

they patched it quick and they said that no evidence of exploitation so far,
( nah i dont believe that tho 🙄)

@AfroSec

aight guys
one step forward always ✨

today i took the CRTA exam and passed uk it was a bit tricky at some point but i handled it 💪

through this cert i learned:
• Red Teaming
• Pentesting
• MITRE ATT&CK
• Web & Network Attacks
• Enterprise Tech
• Windows Security
• Adversary Simulation
• Red Team Methodologies

but look you gotta have a researcher mindset. you gotta explore beyond the course and the syslabs.

tbh i subscribed to this for the sake of infra, yk… for pivot and stuff like that.
anyway let's celebrate small wins here 🎉

thanks that you guys are here all the time.
like i said always one step forward

@AfroSec

😂😂😂 ere ere snt aynet gud ale


@AfroSec

Android spyware campaign targeting users in Pakistan via romance scam tactics, revealing links to a broader spy operation
https://www.welivesecurity.com/en/eset-research/love-actually-fake-dating-app-used-lure-targeted-spyware-campaign-pakistan/

single menor maychlbet alem 😭😭😂😂
anyways guys be safe out there :)

@AfroSec

the moment you find your passion, your goal, your path… life starts to feel lighter
Not because it’s easy but because it finally makes sense

People might look at you and say “Damn man , you’re doing too much”
But you don’t even feel the weight.
You’re already immersed.
You enjoy the struggle, every single part of it.

Others won’t always understand your vision they might call you a dreamer, delusional, unrealistic, but inside? You feel nothing but gratitude,You just keep thanking God for letting you see what they can’t yet 🙏

So keep pushing
Keep grinding
Don’t hold back

and nah, I’m not saying this because I’m some big successful person and u know am not
I’m saying it because I see it in myself, in my own life, that’s all

don’t get bored of me tho :)
love y’all ❤️

@AfroSec

THE LONG AWAITED ANNOUNCEMENT IS HERE 🔥

​The most intensive Cybersecurity training in Ethiopia BBJST Batch 04 is officially open for registration. 🛡💻

​You’ve been asking for it. Now it’s here. This is your chance to stop being a spectator and start becoming a Junior Security Tester.

​Why now?

✅ High-demand skill set
✅ Practical, lab-based learning
✅ Limited seats for maximum focus

​Stop waiting for the "perfect time." The perfect time is now.

​🚀 REGISTER BEFORE SLOTS FILL UP: 👉 bunabyte.com/bbjst

@bunabytecs

yooo we just hit 600 already damn
thank you y'all 🥰💪

@AfroSec