Profile avatar
r-blueteamsec.bsky.social
Mirrors r/blueteamsec, "intelligence, research and engineering to help operational [blue|purple] teams defend their estates." Unofficial. Operated by @tweedge.net, open source @ https://github.com/tweedge/xpost-reddit-to-fediverse
718 posts 114 followers 4 following
Prolific Poster
Posts 50 Comments 0

Silent Killers: Unmasking a Large-Scale Legacy Driver Exploitation Campaign

submitted 3 hours ago • 0 comments

Technical Deep Dive: Understanding the Anatomy of a Cyber Intrusion

submitted 3 hours ago • 0 comments

Non-Human Identity in Cybersecurity and Ensuring Reliability in AI Systems

submitted 11 hours ago • 0 comments

FindGPPPasswords: FindGPPPasswords, A cross-platform tool to find and decrypt Group Policy Preferences passwords from the SYSVOL share using low-privileged domain accounts.

submitted 15 hours ago • 0 comments

Chinese APT Target Royal Thai Police in Malware Campaign

submitted 16 hours ago • 0 comments

Healthcare Malware Hunt, Part 1: Philips DICOM Viewers - "a campaign by the China-based APT Silver Fox, which exploited Philips DICOM viewers to deploy a backdoor, keylogger, and a crypto miner on victim computers"

submitted 16 hours ago • 0 comments

Auto-Color: An Emerging and Evasive Linux Backdoor

submitted 16 hours ago • 0 comments

Italian priest close to pope told he was target of surveillance tool used by a government

submitted 16 hours ago • 0 comments

Operation SalmonSlalom

submitted 1 day ago • 0 comments

OCCULT: Evaluating Large Language Models for Offensive Cyber Operation Capabilities

submitted 1 day ago • 0 comments

Confluence Exploit Leads to LockBit Ransomware

submitted 1 day ago • 0 comments

nanodump: The swiss army knife of LSASS dumping

submitted 1 day ago • 0 comments

Introduction to eBPF for Windows

submitted 1 day ago • 0 comments

Lumma Stealer Malware Thrives as Silent Push Uncovers Unique Patterns in the Infostealer's Domain Clusters

submitted 2 days ago • 0 comments

BlackBasta Chats

submitted 2 days ago • 0 comments

LARVA-208 is a financially motivated threat actor employing sophisticated phishing campaigns to harvest credentials and deploy ransomware.

submitted 2 days ago • 0 comments

CERT-UA: Targeted activity UAC-0212 against developers and suppliers of automation and process control solutions with the aim of carrying out cyberattacks on critical infrastructure facilities of Ukraine (CERT-UA#13702)

submitted 2 days ago • 0 comments

The Bybit Incident: When Research Meets Reality

submitted 2 days ago • 0 comments

Malicious Signal, Line, and Gmail Installers Target Chinese-Speaking Users with Backdoors

submitted 3 days ago • 0 comments

How do we know if an intelligence analytic product is good?

submitted 3 days ago • 0 comments

Malicious browser extensions impacting at least 3.2 million users - "at least 16 malicious Chrome extensions used to inject code into browsers to facilitate advertising and search engine optimization fraud"

submitted 3 days ago • 0 comments

macOS Extended Attributes: Case Study

submitted 3 days ago • 0 comments

Tracking Microphone and Camera Usage in Windows (Program Execution: CompatibilityAccessManager)

submitted 3 days ago • 0 comments

Unpacking Pyarmor v8+ scripts - Pyarmor is a product for protecting Python scripts from reverse engineering.

submitted 3 days ago • 0 comments

Looking into Initial Access Payloads by APT Groups

submitted 4 days ago • 0 comments

linkook: 🔍 An OSINT tool for discovering linked social accounts and associated emails across multiple platforms using a single username.

submitted 4 days ago • 0 comments

APT-C-28(ScarCruft)组织利用无文件方式投递RokRat的攻击活动分析 - Analysis of the APT-C-28 (ScarCruft) organization's attack activities using fileless delivery of RokRat

submitted 4 days ago • 0 comments

Fingerprint Heists: How browser fingerprintscan be stolen and used by fraudsters - "we identified a malicious campaign that had been ongoing since at least May 2024. In this campaign, a threat actor, now tracked as ScreamedJungle, injected a Bablosoft JS script into compromised Magento websites"

submitted 4 days ago • 0 comments

Dropping a 0 day: Parallels Desktop Repack Root Privilege Escalation

submitted 4 days ago • 0 comments

CTO at NCSC Summary: week ending February 23rd

submitted 4 days ago • 0 comments

Updated Shadowpad Malware Leads to Ransomware Deployment

submitted 4 days ago • 0 comments

SSRF on Sliver C2 teamserver via spoofed implant callback (CVE-2025-27090)

submitted 4 days ago • 0 comments

GitleaksVerifier – Verify and Filter Secrets Found by Gitleaks

submitted 4 days ago • 0 comments

网络安全威胁2024年度报告 - Cybersecurity Threats 2024 Annual Report - Qi'anxin Threat Intelligence Center

submitted 4 days ago • 0 comments

LSA Secrets: revisiting secretsdump - focus only on the remote registry part, without using the recently added vssadmin approach"

submitted 4 days ago • 0 comments

Smoltalk: RCE in open source agents - "Hugging Face announced the release of smolagents, a lightweight framework for building AI agents. Interestingly, smolagents enables agents to reason and act by generating and executing Python code in a local interpreter."

submitted 4 days ago • 0 comments

100DaysOfKQL/Day 52 - RDP Logon Outside Work Hours or During The Weekend

submitted 4 days ago • 0 comments

New Microsoft-managed policies to raise your identity security posture - "two new Microsoft-managed Conditional Access polices designed to limit device code flow and legacy authentication flows" - mitigate the device code phishing

submitted 4 days ago • 0 comments

Exploring NTDS.dit – Part 1: Cracking the Surface with DIT Explorer

submitted 4 days ago • 0 comments

SoaPy: Stealthy enumeration of Active Directory environments through ADWS

submitted 4 days ago • 0 comments

DelphiHelper: DelphiHelper is a Python IDA Pro plugin aiming to help the analysis of x86/x86_64 binaries written in Delphi programming language.

submitted 4 days ago • 0 comments

Don’t Touch That Object! Finding SACL Tripwires During Red Team Ops

submitted 5 days ago • 0 comments

Locked Out, Dropboxed In: When BEC threats innovate

submitted 5 days ago • 0 comments

Invisible obfuscation technique used in PAC attack

submitted 5 days ago • 0 comments

Meet NailaoLocker: a ransomware distributed in Europe by ShadowPad and PlugX backdoors

submitted 5 days ago • 0 comments

Cloud Industry - State of the IT Threat - This threat statement is accompanied by security recommendations for customers of cloud service providers, as well as for cloud service providers themselves - tres bon!

submitted 5 days ago • 0 comments

Reinventing PowerShell in C/C++

submitted 5 days ago • 0 comments

CTO at NCSC Summary: week ending February 16th

submitted 5 days ago • 0 comments

How to Backdoor Large Language Models

submitted 5 days ago • 0 comments

DeceptiveDevelopment targets freelance developers

submitted 5 days ago • 0 comments