blueteamsec

633 readers
19 users here now

For [Blue|Purple] Teams in Cyber Defence - covering discovery, detection, response, threat intelligence, malware, offensive tradecraft and tooling, deception, reverse engineering etc.

founded 2 years ago
MODERATORS
digicat
listing: all - local
2326
2
Mistwalker: Create Entra Global Admin accounts from On-Prem (github.com)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
2327
2
PENGUIN (Personalized EmulatioN Generated Using Instrumented Analysis) takes a target centric approach to rehosting using a precise and tailored specification of the rehosting process (github.com)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
2328
12
Critical Vulnerability in AI Vibe Coding platform Base44 Allowing Unauthorized Access to Private Applications (www.wiz.io)
submitted 6 months ago by digicat to c/blueteamsec
3 comments fedilink
2329
2
Revisiting UNC3886 Tactics to Defend Against Present Risk - an APT group that has historically targeted including telco, gov tech and defense, with a recent attack against Singapore (www.trendmicro.com)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
2330
4
PyPI Users Email Phishing Attack - The Python Package Index Blog (blog.pypi.org)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
2331
5
Governor Walz Activates Minnesota National Guard Following Saint Paul Cyberattack (mn.gov)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
2332
2
Consumer Beware! Exploring Data Brokers' CCPA Compliance (arxiv.org)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
2333
2
Important Security Update - "statement to inform you of an isolated security incident involving a malware-infected version of our Configuration Tool for the OP1w 4k v2 mouse." (www.endgamegear.com)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
2334
3
United States files a civil complaint in the Northern District of Texas seeking the forfeiture of over $1.7 million worth of cryptocurrency seized by Dallas FBI (www.justice.gov)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
2335
4
MSSQLHound: PowerShell collector for adding MSSQL attack paths to BloodHound with OpenGraph (github.com)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
2336
6
Is AWS Recycling your Access Keys? (www.hunters.security)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
2337
4
Rooting the TP-Link Tapo C200 Rev.5 (quentinkaiser.be)
submitted 6 months ago by digicat to c/blueteamsec
1 comments fedilink
2338
1
AntiDebug: Windows anti-debugging sandbox (github.com)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
2339
1
Cyber Deception: State of the art, Trends and Open challenges (arxiv.org)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
2340
6
theProtector: Linux Bash Script for the Paranoid Admin on a Budget - real-time monitoring and active threat response (github.com)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
2341
1
An important update (and apology) on our PoisonSeed blog (expel.com)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
2342
0
NachoVPN: Now With More VPN (And SYSTEM Shells) - Part 1 (blog.amberwolf.com)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
2343
3
obfus.h: Macro-header for compile-time C obfuscation (tcc, win x86/x64) (github.com)
submitted 6 months ago by digicat to c/blueteamsec
1 comments fedilink
2344
1
Under the Hood of AFD.sys Part 1: Investigating Undocumented Interfaces - "NtCreateFile to craft a raw TCP socket via AFD.sys on Windows 11, completely skipping Winsock" (leftarcode.com)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
2345
2
Understanding Current CastleLoader Campaigns - "An emerging loader malware using phishing & fake GitHub repos to deploy RATs & stealers. Now targeting enterprise users via fake Zscaler Client & more." (catalyst.prodaft.com)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
2346
33
Welcome to the new home of what was /r/Blueteamsec and how it works.. (self.blueteamsec)
submitted 6 months ago* (last edited 6 months ago) by digicat to c/blueteamsec
8 comments fedilink
 
 

Firstly, welcome - you have found us.

Secondly, the origin story - https://www.reddit.com/r/blueteamsec/comments/1mc3pza/reddit_managed_to_ban_the_mod_of_rblueteamsec_due/ of which the tl;dr is we were in /r/Blueteamsec since 2018 and then in July 2025 the mod account got banned.

Thirdly, settle in as this is going to be the permanent home. The only features missing from Lemmy really are:

  • the titles are a little shorter than we are used to
  • the ability to style some of the community
  • categories

but in short nothing material. The Jerboa mobile client is excellent.

Fourthly, how does this work? Broadly speaking

  • there are optimised sources across X, various sites, groups and lists etc.
  • they are reviewed generally once or twice a day (start / end)
  • content is ideally < 1 week old at time of posting
  • content is then reviewed / curated / titles edited and posted

the rough rule of thumb being:

  • link to the source where possible i.e. not a news article but the technical source
  • cyber security relevant and insightful to cyber defence across technology, adversarial tradecraft/techniques/tools, threat intelligence, policy or events

Finally, all community contributions welcome!

2347
3
Stack Overflows, Heap Overflows, and Existential Dread (SonicWall SMA100 CVE-2025-40596, CVE-2025-40597 and CVE-2025-40598) (labs.watchtowr.com)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
2348
6
Hackers Destroy Aeroflot’s IT Infrastructure, Causing Over 42 Flight Cancellations - "destroyed around 7,000 physical and virtual servers, exfiltrated over 22 terabytes of data" (militarnyi.com)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
2349
3
RuleSetRAT: A curated collection of YARA rules and structured JSON reports designed to identify and analyze various malware builder variants, for educational and research purposes only. (github.com)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
2350
2
EXEfromCER: PoC that downloads an executable from a public SSL certificate (github.com)
submitted 6 months ago by digicat to c/blueteamsec
0 comments fedilink
view more: ‹ prev next ›