blueteamsec

674 readers
38 users here now

For [Blue|Purple] Teams in Cyber Defence - covering discovery, detection, response, threat intelligence, malware, offensive tradecraft and tooling, deception, reverse engineering etc.

founded 2 years ago
MODERATORS
digicat
listing: all - local
1001
2
OpenSSL Performance Still Under Scrutiny (www.feistyduck.com)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
1002
3
NSO 2025 transparency report (www.nsogroup.com)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
1003
1
Gbyte leaks gigabytes of data - #F*ckStalkerware pt. 8 (maia.crimew.gay)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
1004
3
Researcher’s Notebook: Unpacking ‘pkr_mtsi’ (www.reversinglabs.com)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
1005
3
Regipy MCP: Natural Language Registry Forensics with Claude (medium.com)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
1006
2
getSPNless: Python tool to automatically perform SPN-less RBCD attacks. (github.com)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
1007
3
EDRStartupHinder: EDR Startup Process Blocker (www.zerosalarium.com)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
1008
5
Analysing Carding Infrastructure (www.team-cymru.com)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
1009
3
100 Days of KQL 2026: Various rules from days 9 and 10 (self.blueteamsec)
submitted 2 months ago* (last edited 2 months ago) by digicat to c/blueteamsec
0 comments fedilink
 
 

Query to identify internet facing devices and then find those running the MongoDB service with a version impacted by the MongoBleed vulnerability https://github.com/m4nbat/100_days_of_kql_2026/blob/main/day10_mongobleed_vuln.md

Creation of .proj file in suspicious location eventually used to to bypass AV detection with msbuild.exe use. https://github.com/m4nbat/100_days_of_kql_2026/blob/main/day9_suspicious_filecreation_msbuild_ttp.md

1010
3
100 Days of YARA 2026: Various rules from days 8, 9 and 10 (self.blueteamsec)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
 
 

Detects Industroyer malware based on the count of specific PE Rich header Prod IDs https://github.com/RustyNoob-619/100-Days-of-YARA-2026/blob/main/Rules/Day8.yara

Detects Paper Werewolf (GOFFEE) EchoGather backdoor https://github.com/t3ft3lb/2026-100DaysofYARA/blob/main/day_8.yara

Detects Blue noroff MACOS initial access script https://github.com/Squiblydoo/100DaysofYARA/blob/main/Squiblydoo/Day9.yara

Detects NukeSped used by various DPRK APTs based on PE Rich header properties https://github.com/RustyNoob-619/100-Days-of-YARA-2026/blob/main/Rules/Day9.yara

Detects PE+ZIP polyglot files (T1036.008) https://github.com/t3ft3lb/2026-100DaysofYARA/blob/main/day_9.yara

Detects Watch Wolf (Hive0117) DarkWatchman JS loader https://github.com/t3ft3lb/2026-100DaysofYARA/blob/main/day_10.yara

1011
1
Loki-RS: 🐍 High-performance, multi-threaded YARA & IOC scanner (github.com)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
1012
3
smtp-tunnel-proxy: A high-speed covert tunnel that disguises TCP traffic as SMTP email communication to bypass Deep Packet Inspection (DPI) firewalls. (github.com)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
1013
3
NoDPI: NoDPI is a utility for bypassing the DPI (Deep Packet Inspection) (github.com)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
1014
3
Do Smart People Ever Say They’re Smart? (SmarterTools SmarterMail Pre-Auth RCE CVE-2025-52691) (labs.watchtowr.com)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
1015
3
[Research] VMProtect Devirtualization: Part 2 (EN) (hackyboiz.github.io)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
1016
5
GCVE Announces the Launch of db.gcve.eu: A New Open Public Vulnerability Advisory Database (gcve.eu)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
1017
5
CVE-2026-0830 - Command Injection in Kiro GitLab Merge Request Helper (aws.amazon.com)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
1018
3
Fugitive wanted in connection with Desjardins data breach arrested in Spain (www.cbc.ca)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
1019
5
The State of Ransomware in the U.S.: Report and Statistics 2025 (www.emsisoft.com)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
1020
7
France releases Russian man wanted in US for cyberhacking, lawyer says (www.reuters.com)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
1021
2
CTO at NCSC Summary: week ending January 11th (ctoatncsc.substack.com)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
1022
3
dumpguard_bof: Beacon Object File (BOF) port of DumpGuard for extracting NTLMv1 hashes from sessions on modern Windows systems. (github.com)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
1023
1
The Pattern in the Noise: What 1,602 Exposed Modbus Systems Reveal About Industrial Security's Systemic Failures (chawkr.com)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
1024
2
The Ghost in the Machine: Unmasking CrazyHunter's Stealth Tactics (www.trellix.com)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
1025
1
Deep Malware and Phishing Analysis -Breaking Down an Access-Code-Gated Malware Delivery Chain (www.joesecurity.org)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
view more: ‹ prev next ›