blueteamsec

669 readers
1 users here now

For [Blue|Purple] Teams in Cyber Defence - covering discovery, detection, response, threat intelligence, malware, offensive tradecraft and tooling, deception, reverse engineering etc.

founded 2 years ago
MODERATORS
digicat
listing: all - local
176
2
Boggy Serpens Threat Assessment - We have been tracking ongoing cyberespionage campaigns by the threat group Boggy Serpens, also known as MuddyWater. Attributed to the Iranian Ministry of Intelligence (unit42.paloaltonetworks.com)
submitted 2 weeks ago by digicat to c/blueteamsec
0 comments fedilink
177
3
Katana: a Mirai variant that compiles its own rootkit on Android TV set-top boxes (github.com)
submitted 2 weeks ago by digicat to c/blueteamsec
0 comments fedilink
178
2
Cyber-attacks against the EU and its member states: Council sanctions three entities and two individuals (www.consilium.europa.eu)
submitted 2 weeks ago by digicat to c/blueteamsec
0 comments fedilink
179
6
FancyBear Exposed: Major OPSEC Blunder Inside Russian Espionage Ops (ctrlaltintel.com)
submitted 2 weeks ago by digicat to c/blueteamsec
0 comments fedilink
180
2
Elastic Agent Skills (github.com)
submitted 2 weeks ago by digicat to c/blueteamsec
0 comments fedilink
181
1
WSL, COM Hooking, & RTTI (jonny-johnson.medium.com)
submitted 2 weeks ago by digicat to c/blueteamsec
0 comments fedilink
182
4
Analysis of the Spear-Phishing and KakaoTalk-Linked Threat Campaign by the Konni Group (www.genians.co.kr)
submitted 2 weeks ago* (last edited 2 weeks ago) by digicat to c/blueteamsec
0 comments fedilink
183
3
Seeking Victim Information in Steam Malware Investigation (forms.fbi.gov)
submitted 2 weeks ago* (last edited 2 weeks ago) by digicat to c/blueteamsec
0 comments fedilink
184
2
Ghost in the PPL - LSASS Memory Dump (core-jmp.org)
submitted 2 weeks ago by digicat to c/blueteamsec
0 comments fedilink
185
2
Stealthy WMI lateral movement - StealthyWMIExec.py (ghaleb0x317374.github.io)
submitted 2 weeks ago by digicat to c/blueteamsec
0 comments fedilink
186
3
VMkatz: Extract Windows credentials directly from VM memory snapshots and virtual disks (github.com)
submitted 2 weeks ago by digicat to c/blueteamsec
0 comments fedilink
187
2
RE//verse 2026 conference videos (www.youtube.com)
submitted 2 weeks ago by digicat to c/blueteamsec
0 comments fedilink
188
2
First instance of PylangGhost RAT observed on npm | kmsec.uk (kmsec.uk)
submitted 2 weeks ago by digicat to c/blueteamsec
0 comments fedilink
189
2
Decrypting and Abusing Predefined BIOCs in Palo Alto Cortex XDR - InfoGuard Labs (labs.infoguard.ch)
submitted 2 weeks ago by digicat to c/blueteamsec
0 comments fedilink
190
1
Study of Binaries Created with Rust through Reverse Engineering - JPCERT/CC Eyes (blogs.jpcert.or.jp)
submitted 2 weeks ago by digicat to c/blueteamsec
0 comments fedilink
191
2
Building a Detection Foundation: Part 3 - PowerShell and Script Logging (trustedsec.com)
submitted 2 weeks ago by digicat to c/blueteamsec
0 comments fedilink
192
1
Fileless Multi-Stage Remcos RAT: From Phishing to Memory-Resident Execution (www.trellix.com)
submitted 2 weeks ago by digicat to c/blueteamsec
0 comments fedilink
193
1
Fileless Multi-Stage Remcos RAT: From Phishing to Memory-Resident Execution (www.trellix.com)
submitted 2 weeks ago by digicat to c/blueteamsec
0 comments fedilink
194
9
Windows and macOS Malware Spreads via Fake “Claude Code” Google Ads (www.bitdefender.com)
submitted 2 weeks ago by digicat to c/blueteamsec
0 comments fedilink
195
2
Glassworm Returns: Invisible Unicode Malware Found in 150+ GitHub Repositories (www.aikido.dev)
submitted 2 weeks ago by digicat to c/blueteamsec
1 comments fedilink
196
3
Since late December 2025, Unit 42 has responded to numerous incidents across various industries involving voice-based phishing (vishing) that led to data theft and extortion (github.com)
submitted 2 weeks ago by digicat to c/blueteamsec
0 comments fedilink
197
4
Data Exfiltration and Threat Actor Infrastructure Exposed - We have, however, observed data exfiltration via the native Windows utility finger.exe, as well as via backup utilities (www.huntress.com)
submitted 2 weeks ago by digicat to c/blueteamsec
0 comments fedilink
198
1
BitChat cache poisoning and replay in Bluetooth mesh (barghest.asia)
submitted 2 weeks ago by digicat to c/blueteamsec
0 comments fedilink
199
1
Endgame Harvesting: Inside ACRStealer’s Modern Infrastructure (blog.gdatasoftware.com)
submitted 2 weeks ago by digicat to c/blueteamsec
0 comments fedilink
200
4
CastleRAT attack first to abuse Deno JavaScript runtime to evade enterprise security (www.threatdown.com)
submitted 2 weeks ago by digicat to c/blueteamsec
0 comments fedilink
view more: ‹ prev next ›