blueteamsec

628 readers
31 users here now

For [Blue|Purple] Teams in Cyber Defence - covering discovery, detection, response, threat intelligence, malware, offensive tradecraft and tooling, deception, reverse engineering etc.

founded 2 years ago
MODERATORS
digicat
listing: all - local
601
6
device-activity-tracker: A phone number can reveal whether a device is active, in standby or offline (and more). This PoC demonstrates how delivery receipts etc. (WhatsApp / Signal) (github.com)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
602
3
100 Days of YARA is back - starts on Jan 1st (github.com)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
603
8
mongobleed: A remote live memory viewer PoC based on the MongoBleed vulnerability primitive! (github.com)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
604
3
mongobleed-detector: Detection Script for MongoBleed Exploitation (github.com)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
605
5
Forensic Insights into an EDR Freeze Attack (detect.fyi)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
606
2
Hunting CVE-2025-59287 in Memory Dumps (medium.com)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
607
3
Detecting Lateral Movement & Evasion Inside Your Network (corelight.com)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
608
3
Phishing Campaign Leverages Trusted Google Cloud Automation Capabilities to Evade Detection (blog.checkpoint.com)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
609
2
DFIR Report: TamperedChef Malware via Malvertising and Trojanized Utility (medium.com)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
610
5
When MFA Wasn’t Enough: Review of a Real AiTM Incident (medium.com)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
611
2
Uncovering Threats Through WAF Logs: A Threat Hunter’s Lens (medium.com)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
612
2
악성코드로 비트코인 17억 가로챈 외국인 해커 한국 송환 | 중앙일보 - National Police Agency announced on 28th that it had arrested Lithuanian national A (29), suspected of stealing virtual assets from Koreans & extradited him (www.joongang.co.kr)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
613
5
To sign or not to sign: Practical vulnerabilities in GPG & friends (media.ccc.de)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
614
3
DNGerousLINK: A Deep Dive into WhatsApp 0-Click Exploits on iOS and Samsung Devices (media.ccc.de)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
615
2
39C3: Power Cycles - media.ccc.de (media.ccc.de)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
616
3
Extracting Syscalls from a Suspended Process (cymulate.com)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
617
3
Lateral Movement via Checkmk (pentest.party)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
618
1
The Role of Artificial Intelligence in SOC Operations: Adoption, Perception, and Workforce Impact (ceur-ws.org)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
619
2
Vectored Exception Handling Squared (VEH²) in Rust | Patchless AMSI Bypass Research (fluxsec.red)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
620
0
gpg.fail (gpg.fail)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
621
1
CVE-2025-54322 - XSpeeder (SXZOS) pre-auth RCE - Unauthenticated Root RCE affecting ~70,000+ Hosts - Xspeeder is a Chinese networking vendor known for edge devices like routers, SD-WAN appliances etc. (pwn.ai)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
622
1
Cross-Site ETag Length Leak - can be used as an XS-Leak oracle (blog.arkark.dev)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
623
2
UAC-0184 | "The Dark Side of the Fallen Files" Pitching Operation - They attack Ukrainian military personnel by deploying malicious LNK files or PowerShell scripts, leading to Remcos infections. (mp.weixin.qq.com)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
624
4
Registry Writes Without Registry Callbacks (deceptiq.com)
submitted 1 month ago by digicat to c/blueteamsec
1 comments fedilink
625
1
monitors a given folder and dumps the contents to a dump directory - useful to obtain changed/dropped/extracted files during dynamic malware analysi (github.com)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
view more: ‹ prev next ›