blueteamsec

550 readers
12 users here now

For [Blue|Purple] Teams in Cyber Defence - covering discovery, detection, response, threat intelligence, malware, offensive tradecraft and tooling, deception, reverse engineering etc.

founded 2 years ago
MODERATORS
digicat@infosec.pub
listing: all - local
51
1
MuddyWater组织近期钓鱼攻击活动分析 - Analysis of MuddyWater's Recent Phishing Attacks (mp.weixin.qq.com)
submitted 4 days ago by digicat@infosec.pub to c/blueteamsec@infosec.pub
0 comments fedilink
52
1
The Guardians of Name Street: Studying the Defensive Registration Practices of the Fortune 500 (fabianmonrose.github.io)
submitted 4 days ago by digicat@infosec.pub to c/blueteamsec@infosec.pub
0 comments fedilink
53
1
Understanding Orphan Flows: This work presents the first large-scale analysis of orphan flows to understand 1) the practical hurdles to measuring orphan flows, and 2) the potential utility for SOCs (angelosk.github.io)
submitted 4 days ago by digicat@infosec.pub to c/blueteamsec@infosec.pub
0 comments fedilink
54
1
From Concealment to Exposure: Understanding the Lifecycle and Infrastructure of APT Domains (tillsongalloway.com)
submitted 4 days ago by digicat@infosec.pub to c/blueteamsec@infosec.pub
0 comments fedilink
55
1
Towards understanding the lifecycle of malicious network infrastructure (repository.gatech.edu)
submitted 4 days ago by digicat@infosec.pub to c/blueteamsec@infosec.pub
0 comments fedilink
56
1
ForgeDAN: An Evolutionary Framework for Jailbreaking Aligned Large Language Models (arxiv.org)
submitted 4 days ago by digicat@infosec.pub to c/blueteamsec@infosec.pub
0 comments fedilink
57
1
Deciphering Multi-Layer Hidden Loads and Analyzing Drive-Level Blinding Countermeasures | Tracking the Tactics and Techniques of the Silver Fox (mp.weixin.qq.com)
submitted 4 days ago by digicat@infosec.pub to c/blueteamsec@infosec.pub
0 comments fedilink
58
1
BOF_RunPe: BOF to run PE in Cobalt Strike Beacon without console creation (github.com)
submitted 4 days ago by digicat@infosec.pub to c/blueteamsec@infosec.pub
0 comments fedilink
59
2
TelemetryCollectionManager: Manage and maintain Defender XDR custom collection configuration (github.com)
submitted 5 days ago by digicat@infosec.pub to c/blueteamsec@infosec.pub
0 comments fedilink
60
2
UNC2891:ATM Threats Never Die - How a device small enough to fit in your pocket – a Raspberry Pi – became the key to infiltrating entire ATM networks (www.group-ib.com)
submitted 5 days ago by digicat@infosec.pub to c/blueteamsec@infosec.pub
0 comments fedilink
61
2
Fortinet published an advisory for CVE-2025-58034. it is an authenticated command injection vulnerability affecting FortiWeb. Fortinet and CISA have indicated that it has been exploited in-the-wild (attackerkb.com)
submitted 5 days ago by digicat@infosec.pub to c/blueteamsec@infosec.pub
0 comments fedilink
62
2
Analysis of attack activities suspected to be deployed by the APT-C-26 (Lazarus) group using remote IT spoofing to deploy surveillance programs (mp.weixin.qq.com)
submitted 5 days ago by digicat@infosec.pub to c/blueteamsec@infosec.pub
0 comments fedilink
63
2
Client certificate or certificate plus domain authentication - Endpoint Management guidance to address ESC1. They now explicitly instruct admins to revoke the "Enroll" permission from Domain Users. (docs.citrix.com)
submitted 5 days ago* (last edited 5 days ago) by digicat@infosec.pub to c/blueteamsec@infosec.pub
0 comments fedilink
64
2
Driver Reversing 101 - Part II: Unpacking a VMProtected Boot Driver (eversinc33.com)
submitted 5 days ago by digicat@infosec.pub to c/blueteamsec@infosec.pub
0 comments fedilink
65
4
JA4D and JA4D6: DHCP Fingerprinting (foxio.io)
submitted 6 days ago by digicat@infosec.pub to c/blueteamsec@infosec.pub
0 comments fedilink
66
3
ENISA Sectorial Threat Landscape - Public Administration (www.enisa.europa.eu)
submitted 6 days ago by digicat@infosec.pub to c/blueteamsec@infosec.pub
0 comments fedilink
67
-5
Start using Windows Autopatch (learn.microsoft.com)
submitted 5 days ago by digicat@infosec.pub to c/blueteamsec@infosec.pub
1 comments fedilink
68
1
Reframing Insights | Chollima Group (chollima-group.io)
submitted 1 week ago by digicat@infosec.pub to c/blueteamsec@infosec.pub
0 comments fedilink
69
1
WSUS 원격 코드 실행 취약점(CVE-2025-59287)을 악용한 ShadowPad 공격 사례 분석 - APT Malware Analysis of a ShadowPad attack exploiting the WSUS remote code execution vulnerability (CVE-2025-59287) (asec.ahnlab.com)
submitted 1 week ago by digicat@infosec.pub to c/blueteamsec@infosec.pub
0 comments fedilink
70
1
Microsoft Defender for Endpoint Internal 0x06 — Custom Collection (medium.com)
submitted 1 week ago by digicat@infosec.pub to c/blueteamsec@infosec.pub
0 comments fedilink
71
1
APT24's Pivot to Multi-Vector Attacks (cloud.google.com)
submitted 1 week ago by digicat@infosec.pub to c/blueteamsec@infosec.pub
0 comments fedilink
72
1
Custom data collection in Microsoft Defender for Endpoint - Microsoft Defender for Endpoint (learn.microsoft.com)
submitted 1 week ago by digicat@infosec.pub to c/blueteamsec@infosec.pub
0 comments fedilink
73
1
Autumn Dragon: China-nexus APT Group Targets South East Asia (cyberarmor.tech)
submitted 1 week ago by digicat@infosec.pub to c/blueteamsec@infosec.pub
0 comments fedilink
74
1
Interactive End-to-End Decompilation via Large Language Models (www.mdpi.com)
submitted 1 week ago by digicat@infosec.pub to c/blueteamsec@infosec.pub
0 comments fedilink
75
1
The Tsundere botnet uses the Ethereum blockchain to infect its targets (securelist.com)
submitted 1 week ago by digicat@infosec.pub to c/blueteamsec@infosec.pub
0 comments fedilink
view more: ‹ prev next ›