Cybervandals - Cybervandals | a Blog on modern DDoS

Feb 15, 2024

KeyTrap - Assessment (DNSSEC-DOS, CVE-2023-50387)

A Protocol-Flaw has been detected in DNSSEC that would allow a malicious actor to execute a Single-Request-DOS against DNS-Servers who have been configured as DNSSEC-Validators

Nov 24, 2023 advanced attack ddos layer7 no_AI purehuman redteam threatintel

Fuzzing Smugglers / A dive into attacking WAFs

Utilizing a blend of header smuggling and header fuzzing, sophisticated HTTP attack techniques can effectively deliver DDoS payloads, either by evading detection by Web Application Firewalls (WAFs) or by targeting the WAF-encoders themselves

Oct 25, 2023 analysis blueteam booter ddos defence mitigation purehuman no_AI threatintel

New Tactics from Booterservices

New TTP allows booterservice to mitigate GeoFencing

Oct 23, 2023 analysis advanced blueteam defence ddos layer7 no_AI purehuman redteam threatintel tools protocol http2

HTTP/2 attacks measured (Floods and RapidReset)

a comparison of HTTP/2 RapidReset vector-potential vs established vectors: IoT/HTTP/2 Multiplexing

Oct 10, 2023 advanced analysis blueteam ddos defence no_AI purehuman redteam threatintel tools

Layer-7 Bots capabilities (IoT vs PseudoBrowser vs Browser)

A comparison of IoT-Bots, Pseudobrowsers and Browserbots used in Layer-7-DDoS-Attacks