Community icon

blueteamsec

!blueteamsec@infosec.pub

Hot
New Old Active
Hot
New Old Active
Posts Comments
List Tile Wide tile

CTO at NCSC Summary: week ending December 14th

by
0
1

Browser Hijacking: Three Technique Studies

by
0
2

Type 1 Backdoor: Mofu Loaderによって実行されるDRBControlのマルウェア – Type 1 Backdoor: DRBControl malware executed by Mofu Loader

by
0
1

Abandoned Python Bootstrap Scripts Open the Door to Domain Takeovers Across Multiple PyPI Packages

by
0
1

cocos: Cocos AI - Confidential Computing System for AI

by
0
2

Shining a Light on the Global Bulletproof Hosting Ecosystem

by
0
2

Malware Just Got Its Free Passes Back!

by
0
3

XATHook: Lightweight Patchless Hooking Library for Windows

by
1
4

sigdream: sigreturn-oriented programming (SROP) based sleep obfuscation poc for Linux

by
1
4

AdaptixC2-gopher: Uses brute force to locate the configuration within an AdaptixC2's gopher agent.

by
0
1

When adversaries bring their own virtual machine for persistence

by
1
2

Smallest SSHD backdoor - Survives apt update, Does not create any new file and Does not use authorized_keys or PAM.

by
0
9

Evolution of Composite Cyber Threats: 2025 Analysis and 2026 Key Response Strategies

by
0
4

AZexec: The Azure Execution Tool - a PowerShell-based Azure/Entra ID enumeration tool designed to provide netexec-style output for cloud environments.

by
0
2

Cybersecurity Performance Goals 2.0 for Critical Infrastructure | CISA

by
0
3

Vulnhalla: Picking the true vulnerabilities from the CodeQL haystack

by
1
2

Detecting Unauthenticated AWS OSINT and S3 Enumeration

by
1
2

How to detect Mythic activity with NDR-class solutions

by
0
2

Decompiling run-only AppleScripts

by
0
2

How data science can boost your detection engineering maintenance and keep you from herding sheep

by
0
2

Peters & Cornyn Reintroduce Legislation to Protect Commercial Satellites from Cybersecurity Threats

by
0
2

Patch Wednesday: Root Cause Analysis with LLMs

by
0
2

Detecting malicious pull requests at scale with LLMs

by
1
3

MC1193689 - Microsoft baseline security mode for Office, SharePoint, Exchange, Teams, and Entra | Microsoft 365 Message Center Archive

by
0
2

Latrodectus BackConnect

by
0
3

BpfJailer: eBPF Mandatory Access Control

by
0
2
1

thirdeye: The Third Eye 👁⃤ - unmask protected windows from user mode

by
0
6

MicroSpark: Testing Voltage Glitches on Intel Microcode

by
0
3

wirebrowser: Wirebrowser is a debugging, interception, and memory-inspection toolkit powered by the Chrome DevTools Protocol (CDP). It unifies network manipulation, API testing, automation scripting,

by
1
3
1

Gogs Zero-Day RCE (CVE-2025-8110) Actively Exploited

by
0
3

PyStoreRAT: A New AI-Driven Supply Chain Malware Campaign Targeting IT & OSINT Professionals

by
0
2

Blog: Task Injection – Exploiting agency of autonomous AI agents

by
0
1

Fake Leonardo DiCaprio Movie Torrent Drops Agent Tesla Through Layered PowerShell Chain

by
0
6

phantom-keylogger: Phantom Keylogger is an advanced, stealth-enabled keystroke and visual intelligence gathering system.

by
1
3

unKover: Anti-Rootkit/Anti-Cheat Driver to uncover unbacked or hidden kernel code.

by
0
1

OffsetInspect: PowerShell utility to map AV detection offsets in PowerShell scripts to their corresponding line numbers for static analysis and red-team tooling.

by
0
1

Holy Shuck! Weaponizing NTLM Hashes as a Wordlist

by
0
2

SCOMmand and Conquer - Attacking System Center Operations Manager (Part 1)

by
0
1

APT15 Cyber Espionage: Campaigns and TTPs Analysis

by
0
1

APT-C-26(Lazarus)组织利用WinRAR漏洞部署Blank Grabber木马的技术分析 - Technical Analysis of APT-C-26 (Lazarus) Group's Deployment of the Blank Grabber Trojan Using a WinRAR Vulnerability

by
0
1

Multiple Threat Actors Exploit React2Shell (CVE-2025-55182)

by
0
1

Meta SECOND - THIRD QUARTER Adversarial Threat Report

by
0
1

Cracking ValleyRAT: From Builder Secrets to Kernel Rootkits

by
0
3

Russian Cyber Army. Who is it? – Molfar Intelligence Institute

by
0
9

Guidance for Managing UEFI Secure Boot

by
0
3

Uncovering Hidden Forensic Evidence in Windows: The Mystery of AutoLogger-Diagtrack-Listener.etl

by
0
3

The Fragile Lock: Novel Bypasses For SAML Authentication

by
1
9

AI-Poisoning & AMOS Stealer: How Trust Became the Biggest Mac Threat | Huntress

by
0
4

Provisioning and managing certificates in the Web PKI

by
0
1

68% Of Phishing Websites Are Protected by CloudFlare

by
0
10

We should all be using dependency cooldowns

by
0
4
2

Password manager provider fined £1.2m by ICO for data breach affecting up to 1.6 million people in the UK

by
0
2

Investigating an adversary-in-the-middle phishing campaign targeting Microsoft 365 and Okta users

by
0
1

Hamas-Affiliated Ashen Lepus Targets Middle Eastern Diplomatic Entities With New AshTag Malware Suite

by
0
1
1

SHADOW-VOID-042 Targets Multiple Industries with Void Rabisu-like Tactics

by
0
1

UK clamps down on China-based companies for reckless and irresponsible activity in cyberspace

by
0
1

PowerShell 5.1: Preventing script execution from web content - Microsoft Support

by
0
1

Charming Kitten Leak Continues: Payroll Data and a Stolen IAEA Document

by
0
2

SessionHop: Windows Session Hijacking via COM

by
0
4

Updating our guidance on security certificates, TLS and IPsec

by
0
5

Malicious Apprentice | How Two Hackers Went From Cisco Academy to Cisco CVEs

by
0
3

AWS re:Invent 2025 - Make Attackers Cry: Outsmart Them With Deception (SEC326)

by
Video Thumbnail
0
2

Captch-ya if you can

by
0
2

ConsentFix: Browser-native ClickFix hijacks OAuth grants

by
0
3

Cyber deception trials: what we’ve learned so far

by
0
1

Senior Manager for Government Contractor Charged in Cybersecurity Fraud Scheme

by
1
7

PeerBlight Linux Backdoor Exploits React2Shell CVE-2025-55182

by
0
3

Justice Department Announces Actions to Combat Two Russian State-Sponsored Cyber Criminal Hacking Groups

by
0
3

OGhidra: OGhidra bridges Large Language Models (LLMs) via Ollama with the Ghidra reverse engineering platform, enabling AI-driven binary analysis through natural language.

by
0
2

AI-Automated Threat Hunting Brings GhostPenguin Out of the Shadows

by
1
2

CVE-2025-55182 Exploitation Hits the Smart Home - React

by
0
1

KustoHawk: KustoHawk is a lightweight incident triage and response tool designed for effective incident response in Microsoft Defender XDR and Microsoft Sentinel environments.

by
0
1

Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure

by
0
3

AI powered SAST : The New Frontier?

by
0
1

GrayBravo’s CastleLoader Activity Clusters Target Multiple Industries

by
0
2

New BYOVD loader behind DeadLock ransomware attack

by
0
3

BinYars: Binary Ninja YARA-X Plugin

by
0
2

Chinese Malware Delivery Domains Part IV

by
0
2

The FACT Attribution Framework v1.0

by
0
2

【附IOC】Next.js RCE漏洞在野利用事件分析 - [Includes IOC] Analysis of Wild Exploitation Incidents of Next.js RCE Vulnerability

by
0
2

Prompt injection is not SQL injection (it may be worse)

by
0
6
1

CVE-2025-55182: Explanation and full RCE PoC for CVE-2025-55182

by
0
7

Streamlining Security Investigations with Agents

by
0
2

React / Next.js - global vulnerable stats

by
0
2

CLR-Unhook: Modern security products (CrowdStrike, Bitdefender, SentinelOne, etc.) hook the nLoadImage function inside clr.dll to intercept and scan in-memory .NET assembly loads. This tool unhooks

by
0
4

Operation Tornado:针对国产信创平台的网络间谍活动 - Operation Tornado: Cyber ​​Espionage Targeting Domestic IT Innovation Platforms

by
0
2

Investigating Indonesia’s Gambling Ecosystem: Indicators of National-Level Cyber Operations

by
0
3

New eBPF Filters for Symbiote and BPFdoor Malware

by
0
2

A Hidden Pattern Within Months of Credential-Based Attacks Against Palo Alto GlobalProtect

by
0
5

Small numbers of Notepad++ users reporting security woes

by
0
9

SVG Filters - Clickjacking 2.0

by
0
3
1

Chinese-linked hackers use back door for potential 'sabotage,' US and Canada say

by
0
1

Stillepost - Or: How to Proxy your C2s HTTP-Traffic through Chromium

by
0
2

340. Adversaries Modify the Registry to Disable Two Core Windows Security Mechanisms

by
0
4

Early Warning Detection for Credential Theft

by
0
3

EvilMist: EvilMist is a collection of scripts and utilities designed to support cloud penetration testing & red teaming. The toolkit helps identify misconfigurations, assess privilege-escalation paths

by
0
7

Sysmon Config Creation for The LOLRMM Framework

by
0
3

AI Malware: Hype vs. Reality

by
0
5

Public Disclosure: Backdooring Managed Identities via Azure API Management

by
0
2

North Korean hackers are pushing fake "Microsoft Teams Update" to macOS

by
0
8

Exclusive Look Inside a Compromised North Korean APT Machine Linked to The Biggest Heist in History

by
0
6