blueteamsec

434 readers
8 users here now

For [Blue|Purple] Teams in Cyber Defence - covering discovery, detection, response, threat intelligence, malware, offensive tradecraft and tooling, deception, reverse engineering etc.

founded 2 years ago
MODERATORS
digicat
listing: all - local
226
1
RAIWhateverTrigger: Local SYSTEM auth trigger for relaying - based on the original RAITrigger technique that abuses the RAiForceElevationPromptForCOM RPC function in appinfo.dll to trigger SYSTEM auth (github.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
227
1
Escaping the Confines of Port 445 - "TL;DR NTLM relay attacks on SMB restrict lateral movement to port 445/TCP capabilities. To extend beyond, leverage the Service Control Manager (SCM) remotely" (specterops.io)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
228
1
SRAM Has No Chill: Exploiting Power Domain Separation to Steal On-Chip Secrets (cacm.acm.org)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
229
4
No[one|thing] will be left behind — Manual guide to patch your the exiled SharePoint/Exchange server (testbnull.medium.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
230
2
Root Cause Analysis of the CitrixBleed 2 (CVE-2025–5777) Vulnerability (medium.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
231
4
theProtector: Linux Bash Script for the Paranoid Admin on a Budget - real-time monitoring and active threat response (github.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
232
6
ToolShell: a story of five vulnerabilities in Microsoft SharePoint (securelist.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
233
1
Microsoft Probing If Chinese Hackers Learned SharePoint Flaws Through Alert - Microsoft Corp. is investigating whether a leak from its early alert system for cybersecurity companies allowed Chinese ha (archive.ph)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
234
1
Intelligent Prediction: How Large Language Models Revolutionize Subdomain Discovery Technology (mp-weixin-qq-com.translate.goog)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
235
2
Detecting the Most Popular MITRE Persistence Method – Registry Run Keys / Startup Folder (www.nextron-systems.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
236
10
Microsoft Used China-Based Support for Multiple U.S. Agencies, Potentially Exposing Sensitive Data (www.propublica.org)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
237
1
Reforging Sliver: How Simple Code Edits Can Outmaneuver EDR (fortbridge.co.uk)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
238
2
Process Injection using Return-Oriented Programming (ieeexplore.ieee.org)
submitted 1 week ago by digicat to c/blueteamsec
1 comments fedilink
239
62
Polish Train Maker Is Suing the Hackers Who Exposed Its Anti-Repair Tricks (www.ifixit.com)
submitted 1 week ago by digicat to c/blueteamsec
2 comments fedilink
240
1
Cybersecurity Advisory: Scattered Spider (www.cisa.gov)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
241
1
Muddled Libra Threat Assessment: Further-Reaching, Faster, More Impactful (unit42.paloaltonetworks.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
242
3
Pixels of Deception: How VMDetector Loader Hides in Plain Sight (www.sonicwall.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
243
2
Gunra Ransomware Group Unveils Efficient Linux Variant (www.trendmicro.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
244
2
CTO at NCSC Summary: week ending July 27th (ctoatncsc.substack.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
245
2
SSDT Hooking via Alt Syscalls for ETW Evasion (fluxsec.red)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
246
4
Chinese hackers have seized control. How did we let this happen? (www.telegraph.co.uk)
submitted 1 week ago by digicat to c/blueteamsec
5 comments fedilink
247
3
Certiception-ADCS-trap: An ADCS honeypot to catch attackers in your internal network. (github.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
248
2
The AltSyscalls module is designed merely as the intercept mechanism for using Alternate Syscalls on Windows 11 (github.com)
submitted 1 week ago* (last edited 1 week ago) by digicat to c/blueteamsec
0 comments fedilink
249
3
A curated collection of Living off the Land (LotL) attack demonstrations where trusted binaries go rogue, because if it didn’t launch calc.exe, did it even happen (github.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
250
1
Following NoName057(16) DDoSia Project’s Targets (blog.sekoia.io)
submitted 2 years ago by campuscodi to c/blueteamsec
0 comments fedilink
view more: ‹ prev next ›