blueteamsec

633 readers

16 users here now

For [Blue|Purple] Teams in Cyber Defence - covering discovery, detection, response, threat intelligence, malware, offensive tradecraft and tooling, deception, reverse engineering etc.

founded 2 years ago

MODERATORS

2151

3

delete-self-poc: A way to delete a locked file, or current running executable, on disk on Windows (github.com)

submitted 6 months ago by digicat to c/blueteamsec

0 comments fedilink

2152

2

ScarCruft’s New Language: Whispering in PubNub, Crafting Backdoor in Rust, Striking with Ransomware (medium.com)

submitted 6 months ago by digicat to c/blueteamsec

0 comments fedilink

2153

1

Subtle Snail (UNC1549, TA455), an Iran-nexus espionage group linked to the Eclipsed Wasp (Charming Kitten) network, has been active since at least November 2022 - IoCs (github.com)

submitted 6 months ago by digicat to c/blueteamsec

0 comments fedilink

2154

1

WSL-Payloads: A small How-To on creating your own weaponized WSL file (github.com)

submitted 6 months ago by digicat to c/blueteamsec

0 comments fedilink

2155

1

Detection Engineering: Practicing Detection-as-Code - Validation - Part 3 (blog.nviso.eu)

submitted 6 months ago by digicat to c/blueteamsec

0 comments fedilink

2156

1

Linux-persistence: A no-reboot, in-memory Linux persistence PoC leveraging namespace joining, user-namespace elevation, and self‑deletion. (github.com)

submitted 6 months ago by digicat to c/blueteamsec

0 comments fedilink

2157

3

The Threat Hunter's Cookbook (www.splunk.com)

submitted 6 months ago by digicat to c/blueteamsec

0 comments fedilink

2158

3

SCENE 1: SoupDealer - Technical Analysis of a Stealth Java Loader Used in Phishing Campaigns Targeting Türkiye (www.malwation.com)

submitted 6 months ago by digicat to c/blueteamsec

0 comments fedilink

2159

2

クルド人グループによる日本の組織を狙ったサイバー攻撃 - Cyber attacks by Kurdish groups targeting Japanese organizations (jp.security.ntt)

submitted 6 months ago by digicat to c/blueteamsec

0 comments fedilink

2160

3

Microsoft Releases Guidance on High-Severity Vulnerability (CVE-2025-53786) in Hybrid Exchange Deployments (www.cisa.gov)

submitted 6 months ago by digicat to c/blueteamsec

0 comments fedilink

2161

2

BamboozlEDR: A comprehensive ETW (Event Tracing for Windows) event generation tool designed for testing and research purposes. (github.com)

submitted 6 months ago by digicat to c/blueteamsec

0 comments fedilink

2162

3

Hidden Black Hands: How $1.46 Billion Disappeared in Silence - "This incident demonstrates the exceptionally targeted nature of Lazarus's attacks" (mp.weixin.qq.com)

submitted 6 months ago by digicat to c/blueteamsec

0 comments fedilink

2163

1

turnt: A tool designed for smuggling interactive command and control traffic through legitimate TURN servers hosted by reputable providers such as Zoom. (github.com)

submitted 6 months ago by digicat to c/blueteamsec

0 comments fedilink

2164

3

Trust Me, I’m a Legitimate Process: Verisimilitude and the Art of Hiding (nasbench.medium.com)

submitted 6 months ago by digicat to c/blueteamsec

0 comments fedilink

2165

1

Threat actors: “Please do not use Okta FastPass” (www.okta.com)

submitted 6 months ago by digicat to c/blueteamsec

0 comments fedilink

2166

2

From The Depths of the Shadows IRGC and Hacker Collectives Of The 12-Day War (securityscorecard.com)

submitted 6 months ago by digicat to c/blueteamsec

0 comments fedilink

2167

3

Cyber Assessment Framework v4.0 released in response to growing threat - UK (www.ncsc.gov.uk)

submitted 6 months ago by digicat to c/blueteamsec

0 comments fedilink

2168

1

ThrottleStop driver abused to terminate AV processes (securelist.com)

submitted 6 months ago by digicat to c/blueteamsec

0 comments fedilink

2169

1

UEFI Bootkit Hunting: Deep Search for Unique Code Behaviors - Chinese (mp.weixin.qq.com)

submitted 6 months ago by digicat to c/blueteamsec

0 comments fedilink

2170

1

Stored XSS in OpenVPN Dashboard widget (docs.netgate.com)

submitted 6 months ago by digicat to c/blueteamsec

0 comments fedilink

2171

1

yaraast: A powerful Python library and CLI tool for parsing, analyzing, and manipulating YARA rules through Abstract Syntax Tree (AST) representation (github.com)

submitted 6 months ago by digicat to c/blueteamsec

0 comments fedilink

2172

1

GRITREP: Observed Malicious Driver Use Associated with Akira SonicWall Campaign (www.guidepointsecurity.com)

submitted 6 months ago by digicat to c/blueteamsec

0 comments fedilink

2173

3

Uncovering memory corruption in NVIDIA Triton (as a new hire) (blog.trailofbits.com)

submitted 6 months ago by digicat to c/blueteamsec

0 comments fedilink

2174

1

Project AK47: Uncovering a Link to the SharePoint Vulnerability Attacks (unit42.paloaltonetworks.com)

submitted 6 months ago by digicat to c/blueteamsec

0 comments fedilink

2175

3

Research: The Evolution of Chinese Smishing Syndicates and Digital Wallet Fraud (www.secalliance.com)

submitted 6 months ago by digicat to c/blueteamsec

0 comments fedilink