blueteamsec

633 readers
17 users here now

For [Blue|Purple] Teams in Cyber Defence - covering discovery, detection, response, threat intelligence, malware, offensive tradecraft and tooling, deception, reverse engineering etc.

founded 2 years ago
MODERATORS
digicat
listing: all - local
2351
2
WorkloadIdentityInfoXdr: Function to get summarized overview of application and workload identities from IdentityInfo and OAuthAppInfo table with API Permissions, Azure RBAC- and Entra ID roles etc. (github.com)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
2352
4
Taming the Windows Module Loading for Stealthy Injection (youtu.be)
submitted 6 months ago by digicat to c/blueteamsec
1 comments fedilink
2353
1
LOTS-Project-Rework: This folder acts as a "rework" of the original LOTS (Living Off Trusted Sites) Project - The LOTS-Project website never had a CSV and/or JSON (github.com)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
2354
1
ysonet: Deserialization payload generator for a variety of .NET formatters - YSoNet is a fork and replacement of YSoSerial .Net - incs ysonet.exe -p sharepoint --cve=CVE-2025-49704 -var 2 -c "C:\temp (github.com)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
2355
1
The Evolution of Threat Hunting: From IOC Whack-a-Mole to Hypothesis-Driven Sleuthing (medium.com)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
2356
1
TAG Bulletin: Q2 2025 (blog.google)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
2357
1
Fake Zoom Call Lures for Zoom Workplace Credentials (cofense.com)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
2358
1
Malware in Panda Image Hides Persistent Linux Threat - "This technique isn’t steganography but rather polyglot file abuse or malicious file embedding. " - ignore the AI (www.aquasec.com)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
2359
1
DFIR-IRIS: developed by Airbus CERT (France), is an open source solution designed to efficiently manage the entire incident response chain. (github.com)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
2360
1
Ghosting the Sensor: Disrupting Defender for Identity Without Detection (cyberdom.blog)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
2361
1
Detecting ADCS Privilege Escalation (www.blackhillsinfosec.com)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
2362
1
Shutting the Door on Vishing-Driven Data Theft in Salesforce - "UNC6040’s phone-phishers lure employees into approving a fake dataloader[.]io app, hijacking Salesforce APIs to siphon customer data." (appomni.com)
submitted 6 months ago by digicat to c/blueteamsec
2 comments fedilink
2363
1
Tracing Bugs Across Kernels: SMB Vulnerabilities in macOS and FreeBSD (github.com)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
2364
1
SharePoint ToolShell | Zero-Day Exploited in-the-Wild Targets Enterprise Servers - "first observed ToolShell exploitation on July 17th, ahead of official Microsoft advisories." (www.sentinelone.com)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
2365
1
Allianz Life says majority of customers' data stolen in hack (archive.ph)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
2366
1
NCSC and CERT NZ integration now complete (www.ncsc.govt.nz)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
2367
1
Webshell Detection Script for Citrix Netscaler appliances - TLPCLEAR_check_script_cve-2025-6543-v1.7.sh (github.com)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
2368
1
Modular PIC C2 Agents - "This makes it possible (at least in theory) to write a C2 agent that is made up of multiple individual PICOs, rather than a singular monolithic DLL or PIC code base" (rastamouse.me)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
2369
1
Killer-Exercice: An Exercice for Red Team to Reverse & Exploit, that's a valid BYOVD Killer, not HVCI Blocklisted, and not in LOLBIN (github.com)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
2370
1
RAIWhateverTrigger: Local SYSTEM auth trigger for relaying - based on the original RAITrigger technique that abuses the RAiForceElevationPromptForCOM RPC function in appinfo.dll to trigger SYSTEM auth (github.com)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
2371
1
Escaping the Confines of Port 445 - "TL;DR NTLM relay attacks on SMB restrict lateral movement to port 445/TCP capabilities. To extend beyond, leverage the Service Control Manager (SCM) remotely" (specterops.io)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
2372
1
SRAM Has No Chill: Exploiting Power Domain Separation to Steal On-Chip Secrets (cacm.acm.org)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
2373
4
No[one|thing] will be left behind — Manual guide to patch your the exiled SharePoint/Exchange server (testbnull.medium.com)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
2374
2
Root Cause Analysis of the CitrixBleed 2 (CVE-2025–5777) Vulnerability (medium.com)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
2375
4
theProtector: Linux Bash Script for the Paranoid Admin on a Budget - real-time monitoring and active threat response (github.com)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
view more: ‹ prev next ›