blueteamsec !blueteamsec@infosec.pub

For [Blue|Purple] Teams in Cyber Defence - covering discovery, detection, r

---

Read more

Members

444

Posts

358

Active Today

13

Created

2 yr. ago

Moderators

---

When Privileged Access Falls into the Wrong Hands: Chinese Companies in Microsoft’s MAPP Program

Microsegmentation in Zero Trust Part One: Introduction and Planning

Microsoft OAuth App Impersonation Campaign Leads to MFA Phishing

More than 90 state, local governments targeted using Microsoft SharePoint vulnerability, group says

Introducing Unit 42’s Attribution Framework

RingReaper: Linux post-exploitation agent that uses io_uring to stealthily bypass EDR detection by avoiding traditional syscalls.

Before ToolShell: Exploring Storm-2603’s Previous Ransomware Operations

Attackers abusing Proofpoint & Intermedia link wrapping to deliver phishing payloads

CISA and USCG Issue Joint Advisory to Strengthen Cyber Hygiene in Critical Infrastructure

What Comes After Detection Rules? Smarter Detection Strategies in ATT&CK

Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats

Using LLMs as a reverse engineering sidekick

Email-Delivered RMM: Abusing PDFs for Silent Initial Access

How North Korea-Backed Lazarus Group Is Weaponizing Open Source to Target Developers

M365 Email OSINT After the Lockdown: What Still Works in 2025

The Covert Operator's Playbook: Infiltration of Global Telecom Networks

Node-SAML SAML Signature Verification Vulnerability - "Node-SAML loads the assertion from the (unsigned) original response document...is different than the parts that are verified when checking sig"

Eviction Strategies Tool: A Tool for Building Containment and Eviction Playbooks

Extending AD CS attack surface to the cloud with Intune certificates - "means going from regular user and their endpoint to Domain Admin in AD, all from the cloud. This blog explores the scenarios"

A fresh look for the Microsoft authentication background - Microsoft changing the background on authentication screens - may cause phishing reporting..