blueteamsec

632 readers

28 users here now

For [Blue|Purple] Teams in Cyber Defence - covering discovery, detection, response, threat intelligence, malware, offensive tradecraft and tooling, deception, reverse engineering etc.

founded 2 years ago

MODERATORS

1276

1

37th Annual FIRST Conference 登壇レポート | セキュリティナレッジ | NTTセキュリティ・ジャパン株式会社 - We also demonstrated that attackers are masquerading as legitimate organizations to obtain fraudulent certificates (jp.security.ntt)

submitted 3 months ago by digicat to c/blueteamsec

0 comments fedilink

1277

2

VB2025 登壇レポート | セキュリティナレッジ | NTTセキュリティ・ジャパン株式会社 - ECHidna is a RAT observed in targeted attacks, characterized by its use of ECH (Encrypted Client Hello) for C2 communications. (jp.security.ntt)

submitted 3 months ago by digicat to c/blueteamsec

0 comments fedilink

1278

1

Unpacking NetSupport RAT Loaders Delivered via ClickFix (www.esentire.com)

submitted 3 months ago by digicat to c/blueteamsec

0 comments fedilink

1279

2

File Explorer automatically disables the preview feature for files downloaded from the internet - Microsoft Support (support.microsoft.com)

submitted 3 months ago by digicat to c/blueteamsec

0 comments fedilink

1280

1

printerbugnew: The DCERPC only printerbug.py version (github.com)

submitted 3 months ago by digicat to c/blueteamsec

0 comments fedilink

1281

2

offlineSCCMdecrypt: Step-by-step documentation on how to decrypt SCCM database secrets offline (github.com)

submitted 3 months ago by digicat to c/blueteamsec

0 comments fedilink

1282

1

rpc2efs: Unauthenticated start EFS service on remote Windows host (make PetitPotam great again) (github.com)

submitted 3 months ago by digicat to c/blueteamsec

0 comments fedilink

1283

1

PostEx-Arsenal: Arsenal of modules to beacon postex formats like BOF/Shellcode including: dotnet in memory execution, dumps (wifi, clipboard, screenshot, slack, office), PE in memory execution etc (github.com)

submitted 3 months ago by digicat to c/blueteamsec

0 comments fedilink

1284

2

From Dream Job to Malware: DreamLoaders in Lazarus’ Recent Campaign (lab52.io)

submitted 3 months ago by digicat to c/blueteamsec

0 comments fedilink

1285

6

NetRunner: A .NET assembly tracer using Harmony for runtime method interception. (github.com)

submitted 3 months ago by digicat to c/blueteamsec

0 comments fedilink

1286

10

Exploitation of Windows Server Update Services Remote Code Execution Vulnerability (CVE-2025-59287) (www.huntress.com)

submitted 3 months ago by digicat to c/blueteamsec

1 comments fedilink

1287

2

Proceedings of the 2025 ACM Internet Measurement Conference (dl.acm.org)

submitted 3 months ago by digicat to c/blueteamsec

0 comments fedilink

1288

5

What We Learned Inside a North Korean Internet Server: How Well Do You Know Your Partners? (www.38north.org)

submitted 3 months ago by digicat to c/blueteamsec

0 comments fedilink

1289

2

Advancing Security in Software-Defined Vehicles: A Comprehensive Survey and Taxonomy (papers.ssrn.com)

submitted 3 months ago by digicat to c/blueteamsec

0 comments fedilink

1290

7

Fil-C: Fil-C is a fanatically compatible memory-safe implementation of C and C++. Lots of software compiles and runs with Fil-C with zero or minimal changes. All memory safety errors are caught as Fil (fil-c.org)

submitted 3 months ago by digicat to c/blueteamsec

1 comments fedilink

1291

2

Unmasking MuddyWater’s New Malware Toolkit Driving International Espionage (www.group-ib.com)

submitted 3 months ago by digicat to c/blueteamsec

0 comments fedilink

1292

3

CTO at NCSC Summary: week ending October 26th (ctoatncsc.substack.com)

submitted 3 months ago by digicat to c/blueteamsec

0 comments fedilink

1293

2

Analysis of APT-C-08 (Manlinghua)'s recent phishing attacks using application files (mp.weixin.qq.com)

submitted 3 months ago by digicat to c/blueteamsec

0 comments fedilink

1294

3

Decoy Databases: Analyzing Attacks on Public Facing Databases (gsmaragd.github.io)

submitted 3 months ago by digicat to c/blueteamsec

0 comments fedilink

1295

7

Could the XZ backdoor have been detected with better Git and Debian packaging practices? (optimizedbyotto.com)

submitted 3 months ago by digicat to c/blueteamsec

0 comments fedilink

1296

4

CSA Releases An Addendum To Support System Owners In Securing Agentic AI System (www.csa.gov.sg)

submitted 3 months ago by digicat to c/blueteamsec

0 comments fedilink

1297

9

Unseeable prompt injections in screenshots: more vulnerabilities in Comet and other AI browsers (brave.com)

submitted 3 months ago by digicat to c/blueteamsec

0 comments fedilink

1298

3

LockBit Returns — and It Already Has Victims (blog.checkpoint.com)

submitted 3 months ago by digicat to c/blueteamsec

0 comments fedilink

1299

3

Stealth BGP Hijacks with uRPF Filtering (www.usenix.org)

submitted 3 months ago by digicat to c/blueteamsec

0 comments fedilink

1300

2

Tunneling WireGuard over HTTPS using Wstunnel (kroon.email)

submitted 3 months ago by digicat to c/blueteamsec

0 comments fedilink