blueteamsec

434 readers
18 users here now

For [Blue|Purple] Teams in Cyber Defence - covering discovery, detection, response, threat intelligence, malware, offensive tradecraft and tooling, deception, reverse engineering etc.

founded 2 years ago
MODERATORS
digicat
listing: all - local
201
1
The Evolution of Threat Hunting: From IOC Whack-a-Mole to Hypothesis-Driven Sleuthing (medium.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
202
1
TAG Bulletin: Q2 2025 (blog.google)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
203
1
Fake Zoom Call Lures for Zoom Workplace Credentials (cofense.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
204
1
Malware in Panda Image Hides Persistent Linux Threat - "This technique isn’t steganography but rather polyglot file abuse or malicious file embedding. " - ignore the AI (www.aquasec.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
205
1
DFIR-IRIS: developed by Airbus CERT (France), is an open source solution designed to efficiently manage the entire incident response chain. (github.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
206
1
Ghosting the Sensor: Disrupting Defender for Identity Without Detection (cyberdom.blog)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
207
1
Detecting ADCS Privilege Escalation (www.blackhillsinfosec.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
208
1
Shutting the Door on Vishing-Driven Data Theft in Salesforce - "UNC6040’s phone-phishers lure employees into approving a fake dataloader[.]io app, hijacking Salesforce APIs to siphon customer data." (appomni.com)
submitted 1 week ago by digicat to c/blueteamsec
2 comments fedilink
209
1
Tracing Bugs Across Kernels: SMB Vulnerabilities in macOS and FreeBSD (github.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
210
1
SharePoint ToolShell | Zero-Day Exploited in-the-Wild Targets Enterprise Servers - "first observed ToolShell exploitation on July 17th, ahead of official Microsoft advisories." (www.sentinelone.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
211
1
Allianz Life says majority of customers' data stolen in hack (archive.ph)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
212
1
NCSC and CERT NZ integration now complete (www.ncsc.govt.nz)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
213
1
Webshell Detection Script for Citrix Netscaler appliances - TLPCLEAR_check_script_cve-2025-6543-v1.7.sh (github.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
214
1
Modular PIC C2 Agents - "This makes it possible (at least in theory) to write a C2 agent that is made up of multiple individual PICOs, rather than a singular monolithic DLL or PIC code base" (rastamouse.me)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
215
1
Killer-Exercice: An Exercice for Red Team to Reverse & Exploit, that's a valid BYOVD Killer, not HVCI Blocklisted, and not in LOLBIN (github.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
216
1
RAIWhateverTrigger: Local SYSTEM auth trigger for relaying - based on the original RAITrigger technique that abuses the RAiForceElevationPromptForCOM RPC function in appinfo.dll to trigger SYSTEM auth (github.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
217
1
Escaping the Confines of Port 445 - "TL;DR NTLM relay attacks on SMB restrict lateral movement to port 445/TCP capabilities. To extend beyond, leverage the Service Control Manager (SCM) remotely" (specterops.io)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
218
1
SRAM Has No Chill: Exploiting Power Domain Separation to Steal On-Chip Secrets (cacm.acm.org)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
219
4
No[one|thing] will be left behind — Manual guide to patch your the exiled SharePoint/Exchange server (testbnull.medium.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
220
2
Root Cause Analysis of the CitrixBleed 2 (CVE-2025–5777) Vulnerability (medium.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
221
4
theProtector: Linux Bash Script for the Paranoid Admin on a Budget - real-time monitoring and active threat response (github.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
222
6
ToolShell: a story of five vulnerabilities in Microsoft SharePoint (securelist.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
223
1
Microsoft Probing If Chinese Hackers Learned SharePoint Flaws Through Alert - Microsoft Corp. is investigating whether a leak from its early alert system for cybersecurity companies allowed Chinese ha (archive.ph)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
224
1
Intelligent Prediction: How Large Language Models Revolutionize Subdomain Discovery Technology (mp-weixin-qq-com.translate.goog)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
225
2
Detecting the Most Popular MITRE Persistence Method – Registry Run Keys / Startup Folder (www.nextron-systems.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
view more: ‹ prev next ›