blueteamsec

632 readers
22 users here now

For [Blue|Purple] Teams in Cyber Defence - covering discovery, detection, response, threat intelligence, malware, offensive tradecraft and tooling, deception, reverse engineering etc.

founded 2 years ago
MODERATORS
digicat
listing: all - local
1626
3
NCSC Summary: week ending September 21st (ctoatncsc.substack.com)
submitted 5 months ago by digicat to c/blueteamsec
0 comments fedilink
1627
3
Threat Actor Profile: APT27 (www.dexpose.io)
submitted 5 months ago by digicat to c/blueteamsec
0 comments fedilink
1628
1
EarlyExceptionHandling: Implementing an early exception handler for hooking and threadless process injection without relying on VEH or SEH (github.com)
submitted 5 months ago by digicat to c/blueteamsec
0 comments fedilink
1629
2
Microsoft Vulnerable Driver Block Lists in CSV and JSON for SIEM lookups - Microsoft removed the list and started distributing them as JSON - this gets you back to where we were (github.com)
submitted 5 months ago by digicat to c/blueteamsec
0 comments fedilink
1630
1
raw-gadget: USB Raw Gadget — a low-level interface for the Linux USB Gadget subsystem (github.com)
submitted 5 months ago by digicat to c/blueteamsec
0 comments fedilink
1631
1
release-tampering-pocs: Proof of Concepts for malicious maintainers: How to Tamper with Releases built with GitHub Actions Worfklows, presented at fwd:cloudsec Europe 2025 (github.com)
submitted 5 months ago by digicat to c/blueteamsec
0 comments fedilink
1632
1
[0day] From Spotlight to Apple Intelligence (objective-see.org)
submitted 5 months ago by digicat to c/blueteamsec
0 comments fedilink
1633
1
Detecting enumeration in AWS (falconforce.nl)
submitted 5 months ago by digicat to c/blueteamsec
0 comments fedilink
1634
0
Potential Actor Token Abuse in Entra ID KQL (github.com)
submitted 5 months ago by digicat to c/blueteamsec
0 comments fedilink
1635
1
ShadowLeak: A Zero-Click, Service-Side Attack Exfiltrating Sensitive Data Using ChatGPT’s Deep Research Agent (www.radware.com)
submitted 5 months ago by digicat to c/blueteamsec
0 comments fedilink
1636
2
Using ASPM to Implement Application Runtime Security Observation in Large Securities Firms (mp.weixin.qq.com)
submitted 5 months ago by digicat to c/blueteamsec
0 comments fedilink
1637
1
MPAF: Encrypted Traffic Classification With Multi-Phase Attribute Fingerprint (ieeexplore.ieee.org)
submitted 5 months ago by digicat to c/blueteamsec
0 comments fedilink
1638
1
FileFix in the wild! New FileFix campaign goes beyond POC and leverages steganography (www.acronis.com)
submitted 5 months ago by digicat to c/blueteamsec
0 comments fedilink
1639
2
More Fun With WMI (specterops.io)
submitted 5 months ago by digicat to c/blueteamsec
0 comments fedilink
1640
3
Keeping privacy when running queries: how to obfuscate your KQL results (www.michalos.net)
submitted 5 months ago by digicat to c/blueteamsec
0 comments fedilink
1641
1
疑似APT-C-00(海莲花)投递Havoc木马 - Suspected APT-C-00 (OceanLotus) delivering the Havoc Trojan (mp.weixin.qq.com)
submitted 5 months ago by digicat to c/blueteamsec
0 comments fedilink
1642
3
Gamaredon X Turla collab (www.welivesecurity.com)
submitted 5 months ago by digicat to c/blueteamsec
0 comments fedilink
1643
1
Modus Operandi of Subtle Snail (catalyst.prodaft.com)
submitted 5 months ago by digicat to c/blueteamsec
0 comments fedilink
1644
1
Malicious Listener for Ivanti Endpoint Mobile Management Systems (www.cisa.gov)
submitted 5 months ago by digicat to c/blueteamsec
0 comments fedilink
1645
2
DIGITAL FRONTLINES : INDIA UNDER MULTI-NATION HACKTIVIST ATTACK - CYFIRMA (www.cyfirma.com)
submitted 5 months ago by digicat to c/blueteamsec
0 comments fedilink
1646
1
obex: Obex – Blocking unwanted DLLs in user mode (github.com)
submitted 5 months ago by digicat to c/blueteamsec
0 comments fedilink
1647
1
United Kingdom National Charged in Connection with Multiple Cyber Attacks, Including on Critical Infrastructure (www.justice.gov)
submitted 5 months ago by digicat to c/blueteamsec
0 comments fedilink
1648
1
Teenagers charged over Transport for London cyber attack (www.bbc.co.uk)
submitted 5 months ago by digicat to c/blueteamsec
0 comments fedilink
1649
4
External attack surface management (EASM) buyer's guide (www.ncsc.gov.uk)
submitted 5 months ago by digicat to c/blueteamsec
0 comments fedilink
1650
1
MySonicWall Cloud Backup File Incident (www.sonicwall.com)
submitted 5 months ago by digicat to c/blueteamsec
0 comments fedilink
view more: ‹ prev next ›