Phantom Security Group is a current active duty and woman owned offensive cybersecurity firm dedicated to providing comprehensive solutions to our customers. Our team brings years of offensive security experience to the table, are credentialed by multiple institutions, and have work experience at top companies and government organizations in security.
Phantom Security Group的外部链接
EvadeX is an advanced tool for red teams and penetration testers, designed to automate the creation of custom evasive loaders that bypass Endpoint Detection and Response (EDR) and antivirus (AV) solutions. Through its intuitive online portal, users can configure and generate loaders tailored to their specific operational needs, leveraging cutting-edge techniques like innovative execution behaviors and self-signing mechanisms. By automating the complex and time-intensive process of crafting evasive payloads, EvadeX saves offensive security teams hundreds to thousands of hours, enabling them to focus on strategy and execution rather than repetitive development tasks.
US,MA,Andover,01810
Easily one of our team's favorite conferences. Super excited to see some old friends and meet some new ones here.
Hack Space Con is being sponsored by Phantom Security Group. Meet their team and learn about all the products, services, and impact they are making in the community. Visit the website to learn about all the sponsors and how to get your company involved in the mission! https://zurl.co/fvDUc
Simplifying initial access for Red Teams | Founder @ PhantomSec | Red Team Operator | Speaker @ DEF CON 32 | Navy Spouse
Did you know that these scammer operations are run like a business? Complete with issue tracking systems, dashboards of data, and more (Everyone loves assigning tickets!) If anyone has any contacts at X, Apple, Google, and Microsoft within their teams that handle scams, spam, and bot accounts please let me know. I have all these accounts that are being sold to scammers and spammers: # Apple IDs 595,588 # Hotmail 795,069 # Gmail 37,355 # Facebook 2,240 # Twitter 27,435 # Telegram 19,740 # Vimeo 158 # Tumblr 7,981 # PHub 10,697 In total, well over 1.4 million accounts. Not all active, as some have been banned, but this group is constantly pumping out more and more. Also, would love to chat with anyone trying to work against these types of groups, whether its detections or anti-fraud.
Simplifying initial access for Red Teams | Founder @ PhantomSec | Red Team Operator | Speaker @ DEF CON 32 | Navy Spouse
Another great article from Brian Krebs! An honor to have my work referenced in this one.
If you want to learn how Chinese phishing or "smishing" groups are turning phished card data into mobile wallets, check out today's story. The innovation coming out of these groups is remarkable, and includes mobile apps that let thieves relay "ghost tap" NFC transactions to a payment terminal from halfway around the world. What I find most remarkable is how millions of businesses have spent years and billions of dollars upgrading payment terminals to use more secure chip-based cards. And now these phishers come along and just bypass all of that, creating Apple and Google mobile wallets with the phished card data and a one-time code. Here's the lede: Carding — the underground business of stealing, selling and swiping stolen payment card data — has long been the dominion of Russia-based hackers. Happily, the broad deployment of more secure chip-based payment cards in the United States has weakened the carding market. But a flurry of innovation from cybercrime groups in China is breathing new life into the carding industry, by turning phished card data into mobile wallets that can be used online and at main street stores. https://lnkd.in/eZkp6qVR
Simplifying initial access for Red Teams | Founder @ PhantomSec | Red Team Operator | Speaker @ DEF CON 32 | Navy Spouse
Ever wonder how all these scammers have so many Apple IDs and email accounts? Or wonder how all these bots online are orchestrated? Well, I have an answer now after finding an open directory, reverse engineering a .NET web application, and some password cracking, and finally authenticating to their management server. This Vietnamese group organizes the managing of phones for OTP and the account credentials for over 1.4 MILLION Apple ID, Gmail, and Hotmail accounts. Not even taking into account the thousands of twitter and other social media platform accounts they have in their database. More to come on this. Will squeeze some into my Hack Space Con talk in May.
Our founders, Justin Perez & Grant Smith, just finished up a great talk with Phillip Wylie! In the episode you can learn more about how they got into infosec, breaking into the field from a recent grad perspective, and how Phantom Security Group got started. Be on the lookout for when it gets posted and check out Phillip's other great episodes here: https://lnkd.in/etQq6YaZ
We are excited to share that our upcoming update to EvadeX will include some big changes! 1. Stack Spoofing - Though we have, and continue to have, much success with just indirect syscalls it is time to change things up to combat current and new callstack detections 2. LNK Sideloading - Create an LNK payload that will sideload a DLL to the location of your choice and execute that app, all while masquerading itself as a benign file. Interested in learning more about EvadeX? Book a demo on our site: https://PhantomSec.tools/
Simplifying initial access for Red Teams | Founder @ PhantomSec | Red Team Operator | Speaker @ DEF CON 32 | Navy Spouse
Super excited to share that I will be speaking at U.S. Army Cyber Command AvengerCON this year, along with Justin Perez & August Vansickle who will be giving some great talks as well. My talk title is "Silent Offensive: Deploying modern and evasive offensive security knowledge" If your interested in learning about what advanced adversaries and red teams are employing and how you can up your offensive security game definitely stop by. https://avengercon.com/
Our two founders, Justin Perez & Grant Smith, will be giving talks at U.S. Army Cyber Command's AvengerCON conference at the Georgia Cyber Innovation & Training Center later this month! Grant's talk is: Silent Offensive: Deploying modern and evasive offensive security knowledge And Justin's talk is: Offensive Zig: Polymorphic Malware at Compile Time Register to join the event at https://avengercon.com/
Our president, Grant Smith, will be presenting on finding flaws in phishing kits at Hack Space Con this year!
??Hack Space Con Talk Alert!! Join Grant Smith for his presentation, "Hack Back: Finding Flaws in Phishing Kits," and explore actionable techniques to dissect and counteract smishing kits. Don’t miss this exciting session at Hack Space Con 2025! This, along with many other fascinating topics! space, hacking, cybersecurity, and more will be part of our journey at HSC2025, pushing the boundaries of cybersecurity and space innovation. Remember, you can still submit your talk and secure your spot in the spotlight! Visit https://zurl.co/x74Sy for more info