blueteamsec

439 readers
42 users here now

For [Blue|Purple] Teams in Cyber Defence - covering discovery, detection, response, threat intelligence, malware, offensive tradecraft and tooling, deception, reverse engineering etc.

founded 2 years ago
MODERATORS
digicat
listing: all - local
226
1
Cyber Deception: State of the art, Trends and Open challenges (arxiv.org)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
227
6
theProtector: Linux Bash Script for the Paranoid Admin on a Budget - real-time monitoring and active threat response (github.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
228
1
An important update (and apology) on our PoisonSeed blog (expel.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
229
0
NachoVPN: Now With More VPN (And SYSTEM Shells) - Part 1 (blog.amberwolf.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
230
3
obfus.h: Macro-header for compile-time C obfuscation (tcc, win x86/x64) (github.com)
submitted 1 week ago by digicat to c/blueteamsec
1 comments fedilink
231
1
Under the Hood of AFD.sys Part 1: Investigating Undocumented Interfaces - "NtCreateFile to craft a raw TCP socket via AFD.sys on Windows 11, completely skipping Winsock" (leftarcode.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
232
2
Understanding Current CastleLoader Campaigns - "An emerging loader malware using phishing & fake GitHub repos to deploy RATs & stealers. Now targeting enterprise users via fake Zscaler Client & more." (catalyst.prodaft.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
233
33
Welcome to the new home of what was /r/Blueteamsec and how it works.. (self.blueteamsec)
submitted 1 week ago* (last edited 1 week ago) by digicat to c/blueteamsec
9 comments fedilink
 
 

Firstly, welcome - you have found us.

Secondly, the origin story - https://www.reddit.com/r/blueteamsec/comments/1mc3pza/reddit_managed_to_ban_the_mod_of_rblueteamsec_due/ of which the tl;dr is we were in /r/Blueteamsec since 2018 and then in July 2025 the mod account got banned.

Thirdly, settle in as this is going to be the permanent home. The only features missing from Lemmy really are:

  • the titles are a little shorter than we are used to
  • the ability to style some of the community
  • categories

but in short nothing material. The Jerboa mobile client is excellent.

Fourthly, how does this work? Broadly speaking

  • there are optimised sources across X, various sites, groups and lists etc.
  • they are reviewed generally once or twice a day (start / end)
  • content is ideally < 1 week old at time of posting
  • content is then reviewed / curated / titles edited and posted

the rough rule of thumb being:

  • link to the source where possible i.e. not a news article but the technical source
  • cyber security relevant and insightful to cyber defence across technology, adversarial tradecraft/techniques/tools, threat intelligence, policy or events

Finally, all community contributions welcome!

234
3
Stack Overflows, Heap Overflows, and Existential Dread (SonicWall SMA100 CVE-2025-40596, CVE-2025-40597 and CVE-2025-40598) (labs.watchtowr.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
235
6
Hackers Destroy Aeroflot’s IT Infrastructure, Causing Over 42 Flight Cancellations - "destroyed around 7,000 physical and virtual servers, exfiltrated over 22 terabytes of data" (militarnyi.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
236
3
RuleSetRAT: A curated collection of YARA rules and structured JSON reports designed to identify and analyze various malware builder variants, for educational and research purposes only. (github.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
237
2
EXEfromCER: PoC that downloads an executable from a public SSL certificate (github.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
238
2
WorkloadIdentityInfoXdr: Function to get summarized overview of application and workload identities from IdentityInfo and OAuthAppInfo table with API Permissions, Azure RBAC- and Entra ID roles etc. (github.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
239
4
Taming the Windows Module Loading for Stealthy Injection (youtu.be)
submitted 1 week ago by digicat to c/blueteamsec
1 comments fedilink
240
1
LOTS-Project-Rework: This folder acts as a "rework" of the original LOTS (Living Off Trusted Sites) Project - The LOTS-Project website never had a CSV and/or JSON (github.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
241
1
ysonet: Deserialization payload generator for a variety of .NET formatters - YSoNet is a fork and replacement of YSoSerial .Net - incs ysonet.exe -p sharepoint --cve=CVE-2025-49704 -var 2 -c "C:\temp (github.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
242
1
The Evolution of Threat Hunting: From IOC Whack-a-Mole to Hypothesis-Driven Sleuthing (medium.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
243
1
TAG Bulletin: Q2 2025 (blog.google)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
244
1
Fake Zoom Call Lures for Zoom Workplace Credentials (cofense.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
245
1
Malware in Panda Image Hides Persistent Linux Threat - "This technique isn’t steganography but rather polyglot file abuse or malicious file embedding. " - ignore the AI (www.aquasec.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
246
1
DFIR-IRIS: developed by Airbus CERT (France), is an open source solution designed to efficiently manage the entire incident response chain. (github.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
247
1
Ghosting the Sensor: Disrupting Defender for Identity Without Detection (cyberdom.blog)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
248
1
Detecting ADCS Privilege Escalation (www.blackhillsinfosec.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
249
1
Shutting the Door on Vishing-Driven Data Theft in Salesforce - "UNC6040’s phone-phishers lure employees into approving a fake dataloader[.]io app, hijacking Salesforce APIs to siphon customer data." (appomni.com)
submitted 1 week ago by digicat to c/blueteamsec
2 comments fedilink
250
1
Tracing Bugs Across Kernels: SMB Vulnerabilities in macOS and FreeBSD (github.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
view more: ‹ prev next ›