blueteamsec

544 readers
7 users here now

For [Blue|Purple] Teams in Cyber Defence - covering discovery, detection, response, threat intelligence, malware, offensive tradecraft and tooling, deception, reverse engineering etc.

founded 2 years ago
MODERATORS
digicat
listing: all - local
1051
0
How to automatically disable users in AWS Managed Microsoft AD based on GuardDuty findings (aws.amazon.com)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
1052
2
Investigating Suspicious Memory Activity: Tracing a SIEM Alert to a Cobalt Strike C2 (daniyyell.com)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
1053
1
Memory Forensics Attack Simulation Dataset - " a curated memory forensics dataset designed to support research, detection engineering, and hands-on training in the fields of malware analysis, incident (daniyyell.com)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
1054
1
암호화폐 거래소로 위장한 페이스북 광고에 의한 악성코드 유포 - Malware spread through Facebook ads disguised as cryptocurrency exchanges. (asec.ahnlab.com)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
1055
1
malefic: IoM implant, C2 Framework and Infrastructure - use seen in the wild (github.com)
submitted 3 months ago by digicat to c/blueteamsec
1 comments fedilink
1056
2
White Paper for Cyberspace Mapping Techniques - from China (www.webray.com.cn)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
1057
-1
白盒+LLM:京东操作类越权自动化检测实践 - using LLMs to find web vulns by gen'ing AST, generating graphs, function call graph (S)CG, a control flow graph (CFG), a data flow graph (DFG), a combined code property graph (mp.weixin.qq.com)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
1058
2
The Discriminative Power of Cross-layer RTTs in Fingerprinting Proxy Traffic - NDSS Symposium (www.ndss-symposium.org)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
1059
1
CypherBench: Towards Precise Retrieval over Full-scale Modern Knowledge Graphs in the LLM Era - needed to augment those LLMs (arxiv.org)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
1060
0
大模型漏洞分析准确度提升的实践分享 - Practical Sharing on Improving the Accuracy of Vulnerability Analysis for Large Models - to triage public CVE to determine RCE - use translate as in Chinese (mp.weixin.qq.com)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
1061
0
Run shellcode using LdrCallEnclave - Windows (gist.github.com)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
1062
0
FileJacking – Initial Access with File System API - "I observed no MotW bypass during the research. All functions that allowed writing to a file during the first modification immediately added MotW." (print3m.github.io)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
1063
1
NachoVPN: Now With More VPN (And SYSTEM Shells) - Part 2 - Palo Alto GlobalProtect (blog.amberwolf.com)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
1064
2
Famous Chollima APT Adversary Simulation (medium.com)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
1065
1
Tracking Updates to Raspberry Robin (www.zscaler.com)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
1066
2
RoKRAT Shellcode and Steganographic Threats: Analysis and EDR Response Strategies (www.genians.co.kr)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
1067
3
ChoiceJacking: Compromising Mobile Devices through Malicious Chargers like a Decade ago (www.usenix.org)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
1068
1
APT36: A PHISHING CAMPAIGN TARGETING INDIAN GOVERNMENT ENTITIES - loud noises .. (www.cyfirma.com)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
1069
2
Cinese arrestato per spionaggio, no ai domiciliari - Chinese man arrested for espionage, no house arrest 33-year-old computer scientist Zewei Xu was arrested on a U.S. warrant. (www.rainews.it)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
1070
2
CobaltStrikeBeaconCppSource: Out-of-the-box CobaltStrike Beacon source code use C++ (github.com)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
1071
1
SLOW#TEMPEST Cobalt Strike Loader (dmpdump.github.io)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
1072
1
July 2025 Uptick in Akira Ransomware Activity Targeting SonicWall SSL VPN (arcticwolf.com)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
1073
2
External Excel workbook links to blocked file types will be disabled by default - Starting October 2025, external workbook links to blocked file types will be disabled by default. (mc.merill.net)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
1074
3
User-mode Accessors - a set of DDIs designed to safely access and manipulate user-mode memory from kernel-mode code. These DDIs address common security vulnerabilities and programming errors (learn.microsoft.com)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
1075
3
The Operational Blueprint of Kimsuky APT for Cyber Espionage (www.aryaka.com)
submitted 3 months ago by digicat to c/blueteamsec
0 comments fedilink
view more: ‹ prev next ›