r/blueteamsec bot
@r-blueteamsec.bsky.social
Mirrors r/blueteamsec, "intelligence, research and engineering to help operational [blue|purple] teams defend their estates." Unofficial. Operated by @tweedge.net, open source @ https://github.com/tweedge/xpost-reddit-to-fediverse
From Concealment to Exposure: Understanding the Lifecycle and Infrastructure of APT Domains
From Concealment to Exposure: Understanding the Lifecycle and Infrastructure of APT Domains
tillsongalloway.com
November 23, 2025 at 9:09 PM
From Concealment to Exposure: Understanding the Lifecycle and Infrastructure of APT Domains
CTO at NCSC Summary: week ending November 23rd
CTO at NCSC Summary: week ending November 23rd
ctoatncsc.substack.com
November 23, 2025 at 9:09 PM
CTO at NCSC Summary: week ending November 23rd
BOF_RunPe: BOF to run PE in Cobalt Strike Beacon without console creation
BOF_RunPe: BOF to run PE in Cobalt Strike Beacon without console creation
github.com
November 23, 2025 at 8:54 PM
BOF_RunPe: BOF to run PE in Cobalt Strike Beacon without console creation
magnet: Purple-team telemetry & simulation toolkit.
magnet: Purple-team telemetry & simulation toolkit.
github.com
November 23, 2025 at 8:54 PM
magnet: Purple-team telemetry & simulation toolkit.
The Guardians of Name Street: Studying the Defensive Registration Practices of the Fortune 500
The Guardians of Name Street: Studying the Defensive Registration Practices of the Fortune 500
fabianmonrose.github.io
November 23, 2025 at 6:39 PM
The Guardians of Name Street: Studying the Defensive Registration Practices of the Fortune 500
MuddyWater组织近期钓鱼攻击活动分析 - Analysis of MuddyWater's Recent Phishing Attacks
MuddyWater组织近期钓鱼攻击活动分析 - Analysis of MuddyWater's Recent Phishing Attacks
mp.weixin.qq.com
November 23, 2025 at 6:39 PM
MuddyWater组织近期钓鱼攻击活动分析 - Analysis of MuddyWater's Recent Phishing Attacks
CustomC2ChannelTemplate: template for developing custom C2 channels for Cobalt Strike using IAT hooks applied by a reflective loader.
CustomC2ChannelTemplate: template for developing custom C2 channels for Cobalt Strike using IAT hooks applied by a reflective loader.
github.com
November 23, 2025 at 6:39 PM
CustomC2ChannelTemplate: template for developing custom C2 channels for Cobalt Strike using IAT hooks applied by a reflective loader.
GoDefender: Anti Virtulization, Anti Debugging, AntiVM, Anti Virtual Machine, Anti Debug, Anti Sandboxie, Anti Sandbox, VM Detect package. Windows ONLY.
GoDefender: Anti Virtulization, Anti Debugging, AntiVM, Anti Virtual Machine, Anti Debug, Anti Sandboxie, Anti Sandbox, VM Detect package. Windows ONLY.
github.com
November 23, 2025 at 6:24 PM
GoDefender: Anti Virtulization, Anti Debugging, AntiVM, Anti Virtual Machine, Anti Debug, Anti Sandboxie, Anti Sandbox, VM Detect package. Windows ONLY.
多层隐匿载荷解密与驱动级致盲对抗手法分析丨游蛇(银狐)技战术追踪 - Deciphering Multi-Layer Hidden Loads and Analyzing Drive-Level Blinding Countermeasures | Tracking the Tactics and Techniques of the Silver Fox
多层隐匿载荷解密与驱动级致盲对抗手法分析丨游蛇(银狐)技战术追踪 - Deciphering Multi-Layer Hidden Loads and Analyzing Drive-Level Blinding Countermeasures | Tracking the Tactics and Techniques of the Silver Fox
mp.weixin.qq.com
November 23, 2025 at 6:24 PM
多层隐匿载荷解密与驱动级致盲对抗手法分析丨游蛇(银狐)技战术追踪 - Deciphering Multi-Layer Hidden Loads and Analyzing Drive-Level Blinding Countermeasures | Tracking the Tactics and Techniques of the Silver Fox
[2511.13548] ForgeDAN: An Evolutionary Framework for Jailbreaking Aligned Large Language Models
[2511.13548] ForgeDAN: An Evolutionary Framework for Jailbreaking Aligned Large Language Models
arxiv.org
November 23, 2025 at 6:24 PM
[2511.13548] ForgeDAN: An Evolutionary Framework for Jailbreaking Aligned Large Language Models
NSO seeks to overturn WhatsApp case, saying it is ‘catastrophic’ for the spyware maker
NSO seeks to overturn WhatsApp case, saying it is ‘catastrophic’ for the spyware maker
therecord.media
November 23, 2025 at 8:39 AM
NSO seeks to overturn WhatsApp case, saying it is ‘catastrophic’ for the spyware maker
Hunting Guide: Hunting For Suspicious Scheduled Tasks
Hunting Guide: Hunting For Suspicious Scheduled Tasks
www.talkincyber.com
November 23, 2025 at 5:24 AM
Hunting Guide: Hunting For Suspicious Scheduled Tasks
My First 24 Hours Running a DNS Honeypot
My First 24 Hours Running a DNS Honeypot
github.com
November 22, 2025 at 11:39 PM
My First 24 Hours Running a DNS Honeypot
Creating a YARA Repository
Creating a YARA Repository
brkalbyrk.github.io
November 22, 2025 at 10:39 PM
Creating a YARA Repository
Unfortunately, one of the three trustees has irretrievably lost their private key, an honest but unfortunate human mistake, and therefore cannot compute their decryption share
Unfortunately, one of the three trustees has irretrievably lost their private key, an honest but unfortunate human mistake, and therefore cannot compute their decryption share
www.iacr.org
November 22, 2025 at 6:54 PM
Unfortunately, one of the three trustees has irretrievably lost their private key, an honest but unfortunate human mistake, and therefore cannot compute their decryption share
Brazilian Campaign: Spreading the Malware via WhatsApp
Brazilian Campaign: Spreading the Malware via WhatsApp
labs.k7computing.com
November 22, 2025 at 6:39 PM
Brazilian Campaign: Spreading the Malware via WhatsApp
Start using Windows Autopatch
Start using Windows Autopatch
learn.microsoft.com
November 22, 2025 at 4:39 PM
Start using Windows Autopatch
UNC2891:ATM Threats Never Die - How a device small enough to fit in your pocket – a Raspberry Pi – became the key to infiltrating entire ATM networks
UNC2891:ATM Threats Never Die - How a device small enough to fit in your pocket – a Raspberry Pi – became the key to infiltrating entire ATM networks
www.group-ib.com
November 22, 2025 at 12:54 PM
UNC2891:ATM Threats Never Die - How a device small enough to fit in your pocket – a Raspberry Pi – became the key to infiltrating entire ATM networks
Fortinet published an advisory for CVE-2025-58034. it is an authenticated command injection vulnerability affecting FortiWeb. Fortinet and CISA have indicated that it has been exploited in-the-wild
Fortinet published an advisory for CVE-2025-58034. it is an authenticated command injection vulnerability affecting FortiWeb. Fortinet and CISA have indicated that it has been exploited in-the-wild
attackerkb.com
November 22, 2025 at 12:39 PM
Fortinet published an advisory for CVE-2025-58034. it is an authenticated command injection vulnerability affecting FortiWeb. Fortinet and CISA have indicated that it has been exploited in-the-wild
Native Sysmon functionality coming to Windows
Native Sysmon functionality coming to Windows
techcommunity.microsoft.com
November 22, 2025 at 11:54 AM
Native Sysmon functionality coming to Windows
Threat Intelligence Report: APT35 Internal Leak of Hacking Campaigns Against Lebanon, Kuwait, Turkey, Saudi Arabia, Korea, and Domestic Iranian Targets
Threat Intelligence Report: APT35 Internal Leak of Hacking Campaigns Against Lebanon, Kuwait, Turkey, Saudi Arabia, Korea, and Domestic Iranian Targets
dti.domaintools.com
November 22, 2025 at 10:24 AM
Threat Intelligence Report: APT35 Internal Leak of Hacking Campaigns Against Lebanon, Kuwait, Turkey, Saudi Arabia, Korea, and Domestic Iranian Targets
Made a tool to detect process injection
Made a tool to detect process injection
github.com
November 22, 2025 at 5:24 AM
Made a tool to detect process injection
Operation WrtHug, The Global Espionage Campaign Hiding in Your Home Router
Operation WrtHug, The Global Espionage Campaign Hiding in Your Home Router
securityscorecard.com
November 21, 2025 at 9:24 PM
Operation WrtHug, The Global Espionage Campaign Hiding in Your Home Router
Microsoft Defender for Endpoint Internal 0x06 — Custom Collection
Microsoft Defender for Endpoint Internal 0x06 — Custom Collection
medium.com
November 21, 2025 at 3:39 PM
Microsoft Defender for Endpoint Internal 0x06 — Custom Collection
JA4D and JA4D6: DHCP Fingerprinting
JA4D and JA4D6: DHCP Fingerprinting
foxio.io
November 21, 2025 at 1:09 PM
JA4D and JA4D6: DHCP Fingerprinting