Cybervandals | a Blog on modern DDoS

Sep 16, 2024 ddos summary reports threatintel hacktivism

State of DDoS - Summary

zeroBS continuously collects informations and status reports on the subject of infrastructure and application security vs DDoS-Threats and showcases an condensed overview of trends and developments.

Jun 13, 2024

DDoS-Attacks on EU-Insitutions by russian activist, analyzed and summarized

TL;DR: While attacks are ongoing and are problem for some institutions, most defenders could go with Geofencing, and we did not saw widespread coordinated

May 15, 2024 ddos layer7 protocol http2 no_AI purehuman advanced redteam blueteam

HTTP/2 Continuation Flood (and POC)

Intro In early April 2024, Bartek Nowotarski disclosed a new DDoS attack technique named "HTTP/2 Continuation Flood", which exploits vulnerabilities in various

Feb 15, 2024

KeyTrap - Assessment (DNSSEC-DOS, CVE-2023-50387)

A Protocol-Flaw has been detected in DNSSEC that would allow a malicious actor to execute a Single-Request-DOS against DNS-Servers who have been configured as DNSSEC-Validators

Nov 24, 2023 advanced attack ddos layer7 no_AI purehuman redteam threatintel

Fuzzing Smugglers / A dive into attacking WAFs

Utilizing a blend of header smuggling and header fuzzing, sophisticated HTTP attack techniques can effectively deliver DDoS payloads, either by evading detection by Web Application Firewalls (WAFs) or by targeting the WAF-encoders themselves