EtherRAT Techniques Bypass Security Via Ethereum Smart Contracts
EtherRAT hides C2 in Ethereum smart contracts via EtherHiding, steals wallets and credentials
TTPs
16 articles
Tycoon2FA Phishing Service Resumes Activity Post-Takedown
Tycoon2FA phishing platform resumes activity post-takedown, leveraging AITM techniques to bypass MFA
M-Trends 2026: Data, Insights, and Strategies From the Frontlines
Every year, the cyber threat landscape forces defenders to adapt to evolving adversary tactics, techniques, and procedures (TTPs). In 2025, Mandiant observed...
Aeternum Botnet Shifts Command Control to Polygon Blockchain
New botnet Aeternum shifted C2 operations to Polygon blockchain, complicating takedown efforts
Using threat modeling and prompt injection to audit Comet
Before launching their Comet browser, Perplexity hired us to test the security of their AI-powered browsing features. Using adversarial testing guided by our...
Top 10 web hacking techniques of 2025
Welcome to the Top 10 Web Hacking Techniques of 2025, the 19th edition of our annual community-powered effort to identify the most innovative must-read web s...
Vishing for Access: Tracking the Expansion of ShinyHunters-Branded SaaS Data Theft
Introduction Mandiant has identified an expansion in threat activity that uses tactics, techniques, and procedures (TTPs) consistent with prior ShinyHunters-...
Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan
ESET researchers discover an Android spyware campaign targeting users in Pakistan via romance scam tactics, revealing links to a broader spy operation
Top 10 web hacking techniques of 2025: call for nominations
Update: nominations are now closed, and voting is live!
Welcome to the new Project Zero Blog
While on Project Zero, we aim for our research to be leading-edge, our blog design was … not so much. We welcome readers to our shiny new blog!
Seeking symmetry during ATT&CK® season: How to harness today’s diverse analyst and tester landscape to paint a security masterpiece
Interpreting the vast cybersecurity vendor landscape through the lens of industry analysts and testing authorities can immensely enhance your cyber-resilience.
MuddyWater: Snakes by the riverbank
MuddyWater targets critical infrastructure in Israel and Egypt, relying on custom malware, improved tactics, and a predictable playbook
Top 10 web hacking techniques of 2024
Welcome to the Top 10 Web Hacking Techniques of 2024, the 18th edition of our annual community-powered effort to identify the most innovative must-read web s...
Top 10 web hacking techniques of 2024: nominations open
Nominations are now open for the top 10 new web hacking techniques of 2024!
Top 10 web hacking techniques of 2023
Welcome to the Top 10 Web Hacking Techniques of 2023, the 17th edition of our annual community-powered effort to identify the most innovative must-read web s...
Top 10 web hacking techniques of 2023 - nominations open
Update: The results are in!