Cybervandals | a Blog on modern DDoS

Jan 20, 2025

4 Million Vulnerable Tunneling Servers Found: Risk of Abuse as DDoS-Proxies

Early 2025, Mathy Vanhoef and his Team from KU Leuven University released a research where they described a new found vulnerability in tunneling-protocolss, exposing over

Dec 12, 2024

Bypassing DDoS-Protection with Proxies

OR: Why Your GeoIP-Restrictions Might Soon Become Obsolete TL;DR The use of proxy services for DDoS Attacks is an effective and cost-efficient tool for

Jun 13, 2024

DDoS-Attacks on EU-Insitutions by russian activist, analyzed and summarized

TL;DR: While attacks are ongoing and are problem for some institutions, most defenders could go with Geofencing, and we did not saw widespread coordinated

May 15, 2024 ddos layer7 protocol http2 no_AI purehuman advanced redteam blueteam

HTTP/2 Continuation Flood (and POC)

Intro In early April 2024, Bartek Nowotarski disclosed a new DDoS attack technique named "HTTP/2 Continuation Flood", which exploits vulnerabilities in various

Feb 15, 2024

KeyTrap - Assessment (DNSSEC-DOS, CVE-2023-50387)

A Protocol-Flaw has been detected in DNSSEC that would allow a malicious actor to execute a Single-Request-DOS against DNS-Servers who have been configured as DNSSEC-Validators