blueteamsec

434 readers
8 users here now

For [Blue|Purple] Teams in Cyber Defence - covering discovery, detection, response, threat intelligence, malware, offensive tradecraft and tooling, deception, reverse engineering etc.

founded 2 years ago
MODERATORS
digicat
listing: all - local
126
0
Introducing Unit 42’s Attribution Framework (unit42.paloaltonetworks.com)
submitted 6 days ago by digicat to c/blueteamsec
0 comments fedilink
127
1
What Comes After Detection Rules? Smarter Detection Strategies in ATT&CK (medium.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
128
3
Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats (www.microsoft.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
129
1
Using LLMs as a reverse engineering sidekick (blog.talosintelligence.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
130
1
Email-Delivered RMM: Abusing PDFs for Silent Initial Access (labs.withsecure.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
131
1
How North Korea-Backed Lazarus Group Is Weaponizing Open Source to Target Developers (www.sonatype.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
132
4
M365 Email OSINT After the Lockdown: What Still Works in 2025 (dstreefkerk.github.io)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
133
2
The Covert Operator's Playbook: Infiltration of Global Telecom Networks (unit42.paloaltonetworks.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
134
1
Node-SAML SAML Signature Verification Vulnerability - "Node-SAML loads the assertion from the (unsigned) original response document...is different than the parts that are verified when checking sig" (github.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
135
2
Eviction Strategies Tool: A Tool for Building Containment and Eviction Playbooks (www.cisa.gov)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
136
2
Extending AD CS attack surface to the cloud with Intune certificates - "means going from regular user and their endpoint to Domain Admin in AD, all from the cloud. This blog explores the scenarios" (dirkjanm.io)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
137
3
A fresh look for the Microsoft authentication background - Microsoft changing the background on authentication screens - may cause phishing reporting.. (techcommunity.microsoft.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
138
1
LOLRMM is a curated list of Remote Monitoring and Management (RMM) - now with SIEM detections - see comment for important PR for KQL (lolrmm.io)
submitted 1 week ago* (last edited 1 week ago) by digicat to c/blueteamsec
1 comments fedilink
139
1
깃헙브 데이터 저장소를 악용한 김수키(Kimsuky) 전자세금계산서 사칭 악성코드 공격-전자세금계산서.pdf.lnk(2025.7.23) - Kimsuky Electronic Tax Invoice Fraud Attack Exploiting GitHub Data Repository - Electronic Tax Invoice.pdf.lnk (wezard4u.tistory.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
140
1
유튜브 동영상 다운로드 사이트에서 유포 중인 Proxyware 악성코드 - Proxyware malware circulating on YouTube video download sites (asec.ahnlab.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
141
4
What the Israel-Iran conflict revealed about wartime cyber operations (www.atlanticcouncil.org)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
142
2
Closing the Execution Gap: Hardware-Backed Telemetry for Detecting Out-Of-Context Execution (info.preludesecurity.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
143
2
Clorox versus Cognizant Complaint - Cognizant’sconduct on August 11, 2023, demonstrated spectacularly that it was failing to do so. Cognizantrepeatedly gave a cybercriminal access to Clorox’s network (www.documentcloud.org)
submitted 1 week ago by digicat to c/blueteamsec
1 comments fedilink
144
1
Two (or Too Many) Cheers for UN Cyber Diplomacy? (carnegieendowment.org)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
145
2
Entra Connect Attacker Tradecraft: Part 3 (specterops.io)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
146
1
Security Challenges in AI Agent Deployment: Insights from a Large Scale Public Competition (arxiv.org)
submitted 1 week ago by digicat to c/blueteamsec
1 comments fedilink
147
1
Targeted attacks leverage accounts on popular online platforms as C2 servers - Cobalt Strike Beacon delivered via GitHub and social media (securelist.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
148
1
China’s Covert Capabilities | Silk Spun From Hafnium (www.sentinelone.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
149
3
APT28’s New Arsenal: LAMEHUG, the First AI-Powered Malware - previously reported by the Ukrainian CERT (www.logpoint.com)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
150
3
Mimo gang weaponizes religious symbols to deliver 4L4MD4r ransomware using Microsoft SharePoint RCE vulnerability - reporting from China (mp-weixin-qq-com.translate.goog)
submitted 1 week ago by digicat to c/blueteamsec
0 comments fedilink
view more: ‹ prev next ›