digicat

joined 2 years ago
MODERATOR OF
blueteamsec
sorted by: new top controversial old
2
Operation PCPcat: Hunting a Next.js Credential Stealer That's Already Compromised 59K Servers (beelzebub.ai)
submitted 5 hours ago by digicat to c/blueteamsec
0 comments fedilink
1
Ukrainian National Pleads Guilty to Conspiracy to Use Nefilim Ransomware to Attack Companies in the United States and Other Countries (www.justice.gov)
submitted 17 hours ago by digicat to c/blueteamsec
0 comments fedilink
2
BOF_ExecuteAssembly: Beacon Object File for Cobalt Strike that executes .NET assemblies in beacon with evasion techniques. (github.com)
submitted 17 hours ago by digicat to c/blueteamsec
0 comments fedilink
1
EDR-GhostLocker: AppLocker-Based EDR Neutralization (github.com)
submitted 18 hours ago by digicat to c/blueteamsec
0 comments fedilink
1
oss-sec: [CVE-2025-14282] dropbear: privilege escalation via unix domain socket forwardings (seclists.org)
submitted 18 hours ago by digicat to c/blueteamsec
0 comments fedilink
1
BRIDG-ICS: AI-Grounded Knowledge Graphs for Intelligent Threat Analytics in Industry~5.0 Cyber-Physical Systems (arxiv.org)
submitted 18 hours ago by digicat to c/blueteamsec
0 comments fedilink
1
An Adaptive Multi-Layered Honeynet Architecture for Threat Behavior Analysis via Deep Learning (arxiv.org)
submitted 18 hours ago by digicat to c/blueteamsec
0 comments fedilink
1
A Practical Honeypot-Based Threat Intelligence Framework for Cyber Defence in the Cloud (arxiv.org)
submitted 18 hours ago by digicat to c/blueteamsec
0 comments fedilink
2
the-art-of-pivoting: The Art of Pivoting - Techniques for Intelligence Analysts to Discover New Relationships in a Complex World (github.com)
submitted 18 hours ago by digicat to c/blueteamsec
0 comments fedilink
2
State-sponsored threat actor is still targeting organisations with WhatsApp (self.blueteamsec)
submitted 18 hours ago by digicat to c/blueteamsec
0 comments fedilink
 

Likely state-sponsored threat actor is still targeting organisations with WhatsApp 🀳 + mail πŸ“© phishing in Europe πŸ‡ͺπŸ‡Ί in December. Goal is to get access to the Microsoft account of high value targets. Threat actor is particularly interested in people or organisations that run activities in Ukraine πŸ‡ΊπŸ‡¦. Up to now we identified likely or confirmed targets in NGOs and think-tanks mainly.

In December, threat actor notably leveraged an online profile using the "Janis Cerny" name, who pretends to be a diplomat working with the European Union. Associated mail sender is "janiscerny[@]seznam[.]cz", and WhatsApp profile/number is "[+42]0 735 596 5[65]".

Threat actor will engage with targets using both messaging apps (typically WhatsApp) and emails, offering to setup an important meeting. Mails will usually contain an invitation to an online meeting (typically, MS Teams), but the meeting link is replaced to trick the user into signing-in (using a MS device code flow which requires a manually entered and threat-actor-generated code). This will allow the threat actor to hijack the account. Similar campaigns and techniques have been previously documented by Volexity (who tracks the actor as "UTA0352") and Elastic.

source: https://www.linkedin.com/posts/drprr_likely-state-sponsored-threat-actor-is-still-activity-7407823036407709696-PG70/

5
Automated remediation in AIR - Microsoft Defender for Office 365 (learn.microsoft.com)
submitted 1 day ago by digicat to c/blueteamsec
0 comments fedilink
3
New InnovateUK-funded project to merge CHERI support into FreeBSD – CHERI Alliance (cheri-alliance.org)
submitted 1 day ago by digicat to c/blueteamsec
0 comments fedilink
Vulnhalla: Picking the true vulnerabilities from the CodeQL haystack in c/blueteamsec
wirebrowser: Wirebrowser is a debugging, interception, and memory-inspection toolkit powered by the Chrome DevTools Protocol (CDP). It unifies network manipulation, API testing, automation scripting, in c/blueteamsec
Start using Windows Autopatch in c/blueteamsec
Exclusive: Full Student Database of MOIS-Affiliated Ravin Academy Leaked in c/blueteamsec
Malicious Teams Installers Drop Oyster Malware - abusing SEO poisoning and malvertising to lure users into downloading a fake Microsoft Teams installer. in c/blueteamsec
Domain Fronting is Dead. Long Live Domain Fronting! in c/blueteamsec
[–] digicat 2 points 3 months ago

The observant observer

Behind the Curtain: Detecting Remote Employment Fraud Inside Your Organization in c/blueteamsec
[–] digicat 2 points 3 months ago

Thx for the share

SynoScope is a python-based, lightweight, batteries-included analyzer that turns can provide valuable information regarding your DiskStation Manager (DSM) status within the undocumented Synology recov in c/blueteamsec
MC1137611 - Deception feature in Microsoft Defender for Endpoint will be retired from public preview | Microsoft 365 Message Center Archive in c/blueteamsec
HKLM\SYSTEM\Setup\sMarTdEpLoY -Β  The (Static) Keys to Abusing PDQ SmartDeploy in c/blueteamsec
Breaking Into Your Network? Zer0 Effort. - DEF CON 33 Overview - research campaign investigating the security of Zero Trust Network Access solutions in c/blueteamsec
ITW CRITICAL SECURITY BULLETIN: Trend Micro Apex Oneβ„’ (On-Premise) Management Console Command Injection RCE Vulnerabilities in c/blueteamsec
view more: next β€Ί