blueteamsec

674 readers
39 users here now

For [Blue|Purple] Teams in Cyber Defence - covering discovery, detection, response, threat intelligence, malware, offensive tradecraft and tooling, deception, reverse engineering etc.

founded 2 years ago
MODERATORS
digicat
listing: all - local
1051
3
100 Days of YARA: Detects Squid Werewolf (APT37) malicious LNK file (github.com)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
1052
3
100 Days of YARA 2026: This YARA rule detects PE files using the codesigning certificate for Xiamen Jialan Guang Information Technology Service Co., Ltd. (github.com)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
1053
4
100 Days of YARA 2026: Detects Windows PE files that have rich signatures on non-standard offset. These offsets are associated with known malware (github.com)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
1054
5
Malicious NPM Packages Deliver NodeCordRAT | ThreatLabz (www.zscaler.com)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
1055
4
SysmonConfigPusher2: Sysmon Config Pusher - Modernized (github.com)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
1056
3
100 Days of KQL (github.com)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
1057
3
How NoName057(16) Uses DDoSia to Attack NATO Targets (www.picussecurity.com)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
1058
2
The Intriguing Lotus: A Deep Dive into Sagerunex (securite360.net)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
1059
3
PatchGuard Peekaboo: Hiding Processes on Systems with PatchGuard in 2026 (www.outflank.nl)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
1060
3
GRU-Linked BlueDelta Evolves Credential Harvesting (www.recordedfuture.com)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
1061
3
Defeating AuraStealer: Practical Deobfuscation Workflows for Modern Infostealers (www.gendigital.com)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
1062
2
malpedia-flossed: FLARE floss applied to all unpacked+dumped samples in Malpedia, pre-processed for further use. (github.com)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
1063
1
NSB — 國家安全局 National Security Bureau - Analysis on China’s Cyber Threats to Taiwan’s Critical Infrastructure in 2025 (www.nsb.gov.tw)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
1064
2
100 Days of YARA 2026: Detects document template injection via the 1Table stream (T1221) (github.com)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
1065
1
100 Days of YARA 2026: Detects Batavia VBE downloader (github.com)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
1066
2
100 Days of YARA 2026: Detects Windows PE files where there is a mismatch between the number of PE imports and the ProdIDImport0 tool id count which also indicates the number of PE imports (github.com)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
1067
2
100 Days of YARA 2026: Detects unique strings in Velociraptor MSI files (github.com)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
1068
1
A closer look at a BGP anomaly in Venezuela (blog.cloudflare.com)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
1069
4
Phishing actors exploit complex routing and misconfigurations to spoof domains (www.microsoft.com)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
1070
4
The Mac Malware of 2025 👾 (objective-see.org)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
1071
1
Office Assistant Supply Chain Attack? Delivery of Mltab Plugin Affects Massive Number of Terminals (ti.qianxin.com)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
1072
3
CNCERT: Risk Warning Regarding the "Black Cat" Gang's Use of Search Engines to Spread Counterfeit Notepad++ Download Remote Control Backdoors (mp.weixin.qq.com)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
1073
2
Analyzing PHALT#BLYX: How Fake BSODs and Trusted Build Tools Are Used to Construct a Malware Infection (www.securonix.com)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
1074
1
100 Days of YARA 2026: Detects Windows PE files with potentially duplicated Rich headers. This is based on the fact that there can only exist unique pairs of ProdIDs and Build numbers. (github.com)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
1075
2
100 Days of YARA 2026: This YARA rule detects hardcoded strings which are part of Apple code-signing. (github.com)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
view more: ‹ prev next ›