blueteamsec

673 readers
15 users here now

For [Blue|Purple] Teams in Cyber Defence - covering discovery, detection, response, threat intelligence, malware, offensive tradecraft and tooling, deception, reverse engineering etc.

founded 2 years ago
MODERATORS
digicat
listing: all - local
601
3
The game is over: when “free” comes at too high a price. What we know about RenEngine (securelist.com)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
602
1
OysterLoader Unmasked: The Multi-Stage Evasion Loader (blog.sekoia.io)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
603
5
AgreeToSteal: The First Malicious Outlook Add-In Leads to 4,000 Stolen Credentials (www.koi.ai)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
604
7
“AiFrame”- Fake AI Assistant Extensions Targeting 260,000 Chrome Users via injected iframes (layerxsecurity.com)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
605
8
Spying Chrome Extensions: 287 Extensions spying on 37M users (qcontinuum.substack.com)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
606
1
A Peek Into Muddled Libra’s Operational Playbook (unit42.paloaltonetworks.com)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
607
3
BRICKSTORM Backdoor: IOCs, and detection signatures for an additional sample of BRICKSTORM. This sample is a different variant than the other samples. See Appendix D: Feb. 11, 2026, Updates and Table (www.cisa.gov)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
608
3
Is there anything like 0patch but free/open source? (programming.dev)
submitted 1 month ago by moonpiedumplings@programming.dev to c/blueteamsec
1 comments fedilink
 
 

0patch provides "micropatches", that replace running windows code in place, fixing security issues rapidly without requiring an update/reboot.

I really want something like them for an upcoming cybersecurity competition, specifcally patches for the zerologin and eternalblue vulnerabilities.

Unfortunately, 0patch does want a credit card for the free trial, which makes it unfeasible for us to use.

Any alternatives?

609
4
Adbleed: partially de-anonymizing VPN users with adblock filter lists (melvin.ovh)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
610
2
Operation Winter SHIELD | Federal Bureau of Investigation (www.fbi.gov)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
611
2
Storm-2603 Exploits CVE-2026-23760 to Stage Warlock Ransomware (reliaquest.com)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
612
25
Fake 7-Zip downloads are turning home PCs into proxy nodes (www.malwarebytes.com)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
613
3
Beware of Fake 7zip Installer: upStage Proxy (blog.lukeacha.com)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
614
3
Microsoft Outlook Spoofing Vulnerability: Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network. (msrc.microsoft.com)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
615
7
Windows Notepad App Remote Code Execution Vulnerability: An attacker could trick a user into clicking a malicious link inside a Markdown file opened in Notepad (msrc.microsoft.com)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
616
5
Starlink to drop webshells into Ivanti - This same actor ran 119 exploits through 119 different residential IPs to attempt to land this webshell into Ivanti EPMM (infosec.pub)
submitted 1 month ago by digicat to c/blueteamsec
1 comments fedilink
 
 

https://x.com/simokohonen/status/2021287865070567475

617
2
APT Attacks in Singapore Telecom: UNC3886 ORB Tracking Explained (www.team-cymru.com)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
618
1
The Tianfu Cup Returns Under MPS Leadership as AI Takes Center Stage (www.nattothoughts.com)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
619
1
Run XDRInternals as GitHub Action (cloudbrothers.info)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
620
1
dotNetPELoader: A C# PE loader for x64 and x86 PE files. (github.com)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
621
1
ColdWer: Cobalt Strike BOF to freeze EDR/AV processes and dump LSASS using WerFaultSecure.exe PPL bypass (github.com)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
622
1
eden: A PoC UDRL for Cobalt Strike built with Crystal Palace that combines Raphael Mudge's page streaming technique with a modular call gate (Draugr) (github.com)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
623
2
FortiGate Symlink Persistence Method (pgj11.com)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
624
5
Old-School IRC, New Victims: Inside the Newly Discovered SSHStalker Linux Botnet (flare.io)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
625
3
New threat actor, UAT-9921, leverages VoidLink framework in campaigns (blog.talosintelligence.com)
submitted 1 month ago by digicat to c/blueteamsec
0 comments fedilink
view more: ‹ prev next ›