blueteamsec

441 readers
27 users here now

For [Blue|Purple] Teams in Cyber Defence - covering discovery, detection, response, threat intelligence, malware, offensive tradecraft and tooling, deception, reverse engineering etc.

founded 2 years ago
MODERATORS
digicat
listing: all - local
226
6
Is AWS Recycling your Access Keys? (www.hunters.security)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
227
4
Rooting the TP-Link Tapo C200 Rev.5 (quentinkaiser.be)
submitted 1 week ago by digicat to c/blueteamsec
1 comments fedilink
228
1
AntiDebug: Windows anti-debugging sandbox (github.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
229
1
Cyber Deception: State of the art, Trends and Open challenges (arxiv.org)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
230
6
theProtector: Linux Bash Script for the Paranoid Admin on a Budget - real-time monitoring and active threat response (github.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
231
1
An important update (and apology) on our PoisonSeed blog (expel.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
232
0
NachoVPN: Now With More VPN (And SYSTEM Shells) - Part 1 (blog.amberwolf.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
233
3
obfus.h: Macro-header for compile-time C obfuscation (tcc, win x86/x64) (github.com)
submitted 1 week ago by digicat to c/blueteamsec
1 comments fedilink
234
1
Under the Hood of AFD.sys Part 1: Investigating Undocumented Interfaces - "NtCreateFile to craft a raw TCP socket via AFD.sys on Windows 11, completely skipping Winsock" (leftarcode.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
235
2
Understanding Current CastleLoader Campaigns - "An emerging loader malware using phishing & fake GitHub repos to deploy RATs & stealers. Now targeting enterprise users via fake Zscaler Client & more." (catalyst.prodaft.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
236
33
Welcome to the new home of what was /r/Blueteamsec and how it works.. (self.blueteamsec)
submitted 1 week ago* (last edited 1 week ago) by digicat to c/blueteamsec
9 comments fedilink
 
 

Firstly, welcome - you have found us.

Secondly, the origin story - https://www.reddit.com/r/blueteamsec/comments/1mc3pza/reddit_managed_to_ban_the_mod_of_rblueteamsec_due/ of which the tl;dr is we were in /r/Blueteamsec since 2018 and then in July 2025 the mod account got banned.

Thirdly, settle in as this is going to be the permanent home. The only features missing from Lemmy really are:

  • the titles are a little shorter than we are used to
  • the ability to style some of the community
  • categories

but in short nothing material. The Jerboa mobile client is excellent.

Fourthly, how does this work? Broadly speaking

  • there are optimised sources across X, various sites, groups and lists etc.
  • they are reviewed generally once or twice a day (start / end)
  • content is ideally < 1 week old at time of posting
  • content is then reviewed / curated / titles edited and posted

the rough rule of thumb being:

  • link to the source where possible i.e. not a news article but the technical source
  • cyber security relevant and insightful to cyber defence across technology, adversarial tradecraft/techniques/tools, threat intelligence, policy or events

Finally, all community contributions welcome!

237
3
Stack Overflows, Heap Overflows, and Existential Dread (SonicWall SMA100 CVE-2025-40596, CVE-2025-40597 and CVE-2025-40598) (labs.watchtowr.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
238
6
Hackers Destroy Aeroflot’s IT Infrastructure, Causing Over 42 Flight Cancellations - "destroyed around 7,000 physical and virtual servers, exfiltrated over 22 terabytes of data" (militarnyi.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
239
3
RuleSetRAT: A curated collection of YARA rules and structured JSON reports designed to identify and analyze various malware builder variants, for educational and research purposes only. (github.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
240
2
EXEfromCER: PoC that downloads an executable from a public SSL certificate (github.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
241
2
WorkloadIdentityInfoXdr: Function to get summarized overview of application and workload identities from IdentityInfo and OAuthAppInfo table with API Permissions, Azure RBAC- and Entra ID roles etc. (github.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
242
4
Taming the Windows Module Loading for Stealthy Injection (youtu.be)
submitted 1 week ago by digicat to c/blueteamsec
1 comments fedilink
243
1
LOTS-Project-Rework: This folder acts as a "rework" of the original LOTS (Living Off Trusted Sites) Project - The LOTS-Project website never had a CSV and/or JSON (github.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
244
1
ysonet: Deserialization payload generator for a variety of .NET formatters - YSoNet is a fork and replacement of YSoSerial .Net - incs ysonet.exe -p sharepoint --cve=CVE-2025-49704 -var 2 -c "C:\temp (github.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
245
1
The Evolution of Threat Hunting: From IOC Whack-a-Mole to Hypothesis-Driven Sleuthing (medium.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
246
1
TAG Bulletin: Q2 2025 (blog.google)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
247
1
Fake Zoom Call Lures for Zoom Workplace Credentials (cofense.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
248
1
Malware in Panda Image Hides Persistent Linux Threat - "This technique isn’t steganography but rather polyglot file abuse or malicious file embedding. " - ignore the AI (www.aquasec.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
249
1
DFIR-IRIS: developed by Airbus CERT (France), is an open source solution designed to efficiently manage the entire incident response chain. (github.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
250
1
Ghosting the Sensor: Disrupting Defender for Identity Without Detection (cyberdom.blog)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
view more: ‹ prev next ›