Cybervandals | a Blog on modern DDoS

Dec 12, 2024

Bypassing DDoS-Protection with Proxies

OR: Why Your GeoIP-Restrictions Might Soon Become Obsolete TL;DR The use of proxy services for DDoS Attacks is an effective and cost-efficient tool for

Jun 13, 2024

DDoS-Attacks on EU-Insitutions by russian activist, analyzed and summarized

TL;DR: While attacks are ongoing and are problem for some institutions, most defenders could go with Geofencing, and we did not saw widespread coordinated

May 15, 2024 ddos layer7 protocol http2 no_AI purehuman advanced redteam blueteam

HTTP/2 Continuation Flood (and POC)

Intro In early April 2024, Bartek Nowotarski disclosed a new DDoS attack technique named "HTTP/2 Continuation Flood", which exploits vulnerabilities in various

Feb 15, 2024

KeyTrap - Assessment (DNSSEC-DOS, CVE-2023-50387)

A Protocol-Flaw has been detected in DNSSEC that would allow a malicious actor to execute a Single-Request-DOS against DNS-Servers who have been configured as DNSSEC-Validators

Nov 24, 2023 advanced attack ddos layer7 no_AI purehuman redteam threatintel

Fuzzing Smugglers / A dive into attacking WAFs

Utilizing a blend of header smuggling and header fuzzing, sophisticated HTTP attack techniques can effectively deliver DDoS payloads, either by evading detection by Web Application Firewalls (WAFs) or by targeting the WAF-encoders themselves