blueteamsec

456 readers
21 users here now

For [Blue|Purple] Teams in Cyber Defence - covering discovery, detection, response, threat intelligence, malware, offensive tradecraft and tooling, deception, reverse engineering etc.

founded 2 years ago
MODERATORS
digicat
listing: all - local
301
2
Mistwalker: Create Entra Global Admin accounts from On-Prem (github.com)
submitted 2 weeks ago by digicat to c/blueteamsec
0 comments fedilink
302
2
PENGUIN (Personalized EmulatioN Generated Using Instrumented Analysis) takes a target centric approach to rehosting using a precise and tailored specification of the rehosting process (github.com)
submitted 2 weeks ago by digicat to c/blueteamsec
0 comments fedilink
303
12
Critical Vulnerability in AI Vibe Coding platform Base44 Allowing Unauthorized Access to Private Applications (www.wiz.io)
submitted 2 weeks ago by digicat to c/blueteamsec
3 comments fedilink
304
2
Revisiting UNC3886 Tactics to Defend Against Present Risk - an APT group that has historically targeted including telco, gov tech and defense, with a recent attack against Singapore (www.trendmicro.com)
submitted 2 weeks ago by digicat to c/blueteamsec
0 comments fedilink
305
4
PyPI Users Email Phishing Attack - The Python Package Index Blog (blog.pypi.org)
submitted 2 weeks ago by digicat to c/blueteamsec
0 comments fedilink
306
5
Governor Walz Activates Minnesota National Guard Following Saint Paul Cyberattack (mn.gov)
submitted 2 weeks ago by digicat to c/blueteamsec
0 comments fedilink
307
2
Consumer Beware! Exploring Data Brokers' CCPA Compliance (arxiv.org)
submitted 2 weeks ago by digicat to c/blueteamsec
0 comments fedilink
308
2
Important Security Update - "statement to inform you of an isolated security incident involving a malware-infected version of our Configuration Tool for the OP1w 4k v2 mouse." (www.endgamegear.com)
submitted 2 weeks ago by digicat to c/blueteamsec
0 comments fedilink
309
3
United States files a civil complaint in the Northern District of Texas seeking the forfeiture of over $1.7 million worth of cryptocurrency seized by Dallas FBI (www.justice.gov)
submitted 2 weeks ago by digicat to c/blueteamsec
0 comments fedilink
310
4
MSSQLHound: PowerShell collector for adding MSSQL attack paths to BloodHound with OpenGraph (github.com)
submitted 2 weeks ago by digicat to c/blueteamsec
0 comments fedilink
311
6
Is AWS Recycling your Access Keys? (www.hunters.security)
submitted 2 weeks ago by digicat to c/blueteamsec
0 comments fedilink
312
4
Rooting the TP-Link Tapo C200 Rev.5 (quentinkaiser.be)
submitted 2 weeks ago by digicat to c/blueteamsec
1 comments fedilink
313
1
AntiDebug: Windows anti-debugging sandbox (github.com)
submitted 2 weeks ago by digicat to c/blueteamsec
0 comments fedilink
314
1
Cyber Deception: State of the art, Trends and Open challenges (arxiv.org)
submitted 2 weeks ago by digicat to c/blueteamsec
0 comments fedilink
315
6
theProtector: Linux Bash Script for the Paranoid Admin on a Budget - real-time monitoring and active threat response (github.com)
submitted 2 weeks ago by digicat to c/blueteamsec
0 comments fedilink
316
1
An important update (and apology) on our PoisonSeed blog (expel.com)
submitted 2 weeks ago by digicat to c/blueteamsec
0 comments fedilink
317
0
NachoVPN: Now With More VPN (And SYSTEM Shells) - Part 1 (blog.amberwolf.com)
submitted 2 weeks ago by digicat to c/blueteamsec
0 comments fedilink
318
3
obfus.h: Macro-header for compile-time C obfuscation (tcc, win x86/x64) (github.com)
submitted 2 weeks ago by digicat to c/blueteamsec
1 comments fedilink
319
1
Under the Hood of AFD.sys Part 1: Investigating Undocumented Interfaces - "NtCreateFile to craft a raw TCP socket via AFD.sys on Windows 11, completely skipping Winsock" (leftarcode.com)
submitted 2 weeks ago by digicat to c/blueteamsec
0 comments fedilink
320
2
Understanding Current CastleLoader Campaigns - "An emerging loader malware using phishing & fake GitHub repos to deploy RATs & stealers. Now targeting enterprise users via fake Zscaler Client & more." (catalyst.prodaft.com)
submitted 2 weeks ago by digicat to c/blueteamsec
0 comments fedilink
321
33
Welcome to the new home of what was /r/Blueteamsec and how it works.. (self.blueteamsec)
submitted 2 weeks ago* (last edited 2 weeks ago) by digicat to c/blueteamsec
9 comments fedilink
 
 

Firstly, welcome - you have found us.

Secondly, the origin story - https://www.reddit.com/r/blueteamsec/comments/1mc3pza/reddit_managed_to_ban_the_mod_of_rblueteamsec_due/ of which the tl;dr is we were in /r/Blueteamsec since 2018 and then in July 2025 the mod account got banned.

Thirdly, settle in as this is going to be the permanent home. The only features missing from Lemmy really are:

  • the titles are a little shorter than we are used to
  • the ability to style some of the community
  • categories

but in short nothing material. The Jerboa mobile client is excellent.

Fourthly, how does this work? Broadly speaking

  • there are optimised sources across X, various sites, groups and lists etc.
  • they are reviewed generally once or twice a day (start / end)
  • content is ideally < 1 week old at time of posting
  • content is then reviewed / curated / titles edited and posted

the rough rule of thumb being:

  • link to the source where possible i.e. not a news article but the technical source
  • cyber security relevant and insightful to cyber defence across technology, adversarial tradecraft/techniques/tools, threat intelligence, policy or events

Finally, all community contributions welcome!

322
3
Stack Overflows, Heap Overflows, and Existential Dread (SonicWall SMA100 CVE-2025-40596, CVE-2025-40597 and CVE-2025-40598) (labs.watchtowr.com)
submitted 2 weeks ago by digicat to c/blueteamsec
0 comments fedilink
323
6
Hackers Destroy Aeroflot’s IT Infrastructure, Causing Over 42 Flight Cancellations - "destroyed around 7,000 physical and virtual servers, exfiltrated over 22 terabytes of data" (militarnyi.com)
submitted 2 weeks ago by digicat to c/blueteamsec
0 comments fedilink
324
3
RuleSetRAT: A curated collection of YARA rules and structured JSON reports designed to identify and analyze various malware builder variants, for educational and research purposes only. (github.com)
submitted 2 weeks ago by digicat to c/blueteamsec
0 comments fedilink
325
2
EXEfromCER: PoC that downloads an executable from a public SSL certificate (github.com)
submitted 2 weeks ago by digicat to c/blueteamsec
0 comments fedilink
view more: ‹ prev next ›