Mastodon

linuxLiving Off the Land: Turning Trusted Tools into Silent Weapons Living Off the Land(LOTL): Turning Trusted Tools into Silent Weapons The Sharpest attacks are the ones you never see coming because t... <a rel="nofollow noopener" class="mention hashtag" href="https://mastodon.social/tags/threat-detection" target="_blank">#threat-detection</a> <a rel="nofollow noopener" class="mention hashtag" href="https://mastodon.social/tags/red-teaming" target="_blank">#red-teaming</a> <a rel="nofollow noopener" class="mention hashtag" href="https://mastodon.social/tags/ethical-hacking" target="_blank">#ethical-hacking</a> <a rel="nofollow noopener" class="mention hashtag" href="https://mastodon.social/tags/cybersecurity" target="_blank">#cybersecurity</a> <a rel="nofollow noopener" class="mention hashtag" href="https://mastodon.social/tags/malware" target="_blank">#malware</a> <a href="https://infosecwriteups.com/living-off-the-land-turning-trusted-tools-into-silent-weapons-7a3da45ea004?source=rss----7b722bfd1b8d---4" rel="nofollow noopener" target="_blank">Origin</a> | <a href="https://awakari.com/sub-details.html?id=linux" rel="nofollow noopener" target="_blank">Interest</a> | <a href="https://awakari.com/pub-msg.html?id=UVSpirIi0ZFDyZQqCLVgxs30zFw&interestId=linux" rel="nofollow noopener" target="_blank">Match</a>

Tedi HeriyantoThe double-edged sword of MCP: Understanding the threat landscape for AI workflows: <a href="https://redcanary.com/blog/threat-detection/mcp-ai-workflows/" rel="nofollow noopener" translate="no" target="_blank">https://redcanary.com/blog/threat-detection/mcp-ai-workflows/</a><a href="https://infosec.exchange/tags/threatdetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#threatdetection</a> <a href="https://infosec.exchange/tags/ai" class="mention hashtag" rel="nofollow noopener" target="_blank">#ai</a> <a href="https://infosec.exchange/tags/mcp" class="mention hashtag" rel="nofollow noopener" target="_blank">#mcp</a>

Just Another Blue TeamerGood day everyone! Somehow I missed this article when it first dropped but at least I found it! The DFIR Report published another great article that involved the <a href="https://ioc.exchange/tags/Bumblebee" class="mention hashtag" rel="nofollow noopener" target="_blank">#Bumblebee</a> malware as the initial access vector that was installed after a user fell victim to an SEO poisoning campaign. The report states that "the threat actor moved laterally to a domain controller, dumped credentials, installed persistent remote access tools, and exfiltrated data using an SFTP client." The adversary also created two new domain accounts and used one to connect to a domain controller via RDP and dumped the NTDS.dit file using wbadmin.exe.There are more technical details along with some great queries to use to aid your threat hunting and detection engineering efforts! As always, thank you to the authors for a great report! Happy Hunting!From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira <a href="https://thedfirreport.com/2025/08/05/from-bing-search-to-ransomware-bumblebee-and-adaptixc2-deliver-akira/" rel="nofollow noopener" translate="no" target="_blank">https://thedfirreport.com/2025/08/05/from-bing-search-to-ransomware-bumblebee-and-adaptixc2-deliver-akira/</a>Intel 471 Cyborg Security, Now Part of Intel 471 <a href="https://ioc.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatIntel</a> <a href="https://ioc.exchange/tags/ThreatHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatHunting</a> <a href="https://ioc.exchange/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatDetection</a> <a href="https://ioc.exchange/tags/IntelDrivenThreatHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#IntelDrivenThreatHunting</a> <a href="https://ioc.exchange/tags/HappyHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#HappyHunting</a> <a href="https://ioc.exchange/tags/readoftheday" class="mention hashtag" rel="nofollow noopener" target="_blank">#readoftheday</a>

Pyrzout :vm:Why 90% of cyber leaders are feeling the heat <a href="https://www.helpnetsecurity.com/2025/08/06/managing-cyber-risk-practices/" rel="nofollow noopener" translate="no" target="_blank">https://www.helpnetsecurity.com/2025/08/06/managing-cyber-risk-practices/</a> <a href="https://social.skynetcloud.site/tags/threatdetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#threatdetection</a> <a href="https://social.skynetcloud.site/tags/riskmanagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#riskmanagement</a> <a href="https://social.skynetcloud.site/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://social.skynetcloud.site/tags/monitoring" class="mention hashtag" rel="nofollow noopener" target="_blank">#monitoring</a> <a href="https://social.skynetcloud.site/tags/cyberrisk" class="mention hashtag" rel="nofollow noopener" target="_blank">#cyberrisk</a> <a href="https://social.skynetcloud.site/tags/BitSight" class="mention hashtag" rel="nofollow noopener" target="_blank">#BitSight</a> <a href="https://social.skynetcloud.site/tags/burnout" class="mention hashtag" rel="nofollow noopener" target="_blank">#burnout</a> <a href="https://social.skynetcloud.site/tags/report" class="mention hashtag" rel="nofollow noopener" target="_blank">#report</a> <a href="https://social.skynetcloud.site/tags/News" class="mention hashtag" rel="nofollow noopener" target="_blank">#News</a>

IT NewsMicrosoft’s new AI reverse-engineers malware autonomously, marking a shift in cybersecurity - Microsoft says its new system could eventually detect new types of malware direct... - <a href="https://www.geekwire.com/2025/microsofts-new-ai-reverse-engineers-malware-autonomously-marking-a-shift-in-cybersecurity/" rel="nofollow noopener" translate="no" target="_blank">https://www.geekwire.com/2025/microsofts-new-ai-reverse-engineers-malware-autonomously-marking-a-shift-in-cybersecurity/</a> <a href="https://schleuss.online/tags/securefutureinitiative" class="mention hashtag" rel="nofollow noopener" target="_blank">#securefutureinitiative</a> <a href="https://schleuss.online/tags/largelanguagemodels" class="mention hashtag" rel="nofollow noopener" target="_blank">#largelanguagemodels</a> <a href="https://schleuss.online/tags/reverseengineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#reverseengineering</a> <a href="https://schleuss.online/tags/aimalwareanalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#aimalwareanalysis</a> <a href="https://schleuss.online/tags/microsoftdefender" class="mention hashtag" rel="nofollow noopener" target="_blank">#microsoftdefender</a> <a href="https://schleuss.online/tags/malwaredetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#malwaredetection</a> <a href="https://schleuss.online/tags/threatdetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#threatdetection</a> <a href="https://schleuss.online/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://schleuss.online/tags/autonomousai" class="mention hashtag" rel="nofollow noopener" target="_blank">#autonomousai</a> <a href="https://schleuss.online/tags/zerodayquest" class="mention hashtag" rel="nofollow noopener" target="_blank">#zerodayquest</a> <a href="https://schleuss.online/tags/microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#microsoft</a>

Tedi HeriyantoA defender’s guide to initial access techniques: <a href="https://redcanary.com/blog/threat-detection/initial-access-techniques/" rel="nofollow noopener" translate="no" target="_blank">https://redcanary.com/blog/threat-detection/initial-access-techniques/</a><a href="https://infosec.exchange/tags/initialaccess" class="mention hashtag" rel="nofollow noopener" target="_blank">#initialaccess</a> <a href="https://infosec.exchange/tags/threatdetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#threatdetection</a>

Seasia InfotechAI to the Rescue: Smarter, Faster, and Stronger Data Breach DefenseAs cyber threats grow more complex, artificial intelligence is stepping up to revolutionize data security. Discover how AI is transforming the way organizations detect, prevent, and respond to data breaches—setting new benchmarks in real-time threat intelligence, anomaly detection, and adaptive defense.Read more: <a href="https://www.newspostonline.com/future/ai/how-ai-is-setting-new-standards-for-data-breach-prevention-and-detection/" rel="nofollow noopener" translate="no" target="_blank">https://www.newspostonline.com/future/ai/how-ai-is-setting-new-standards-for-data-breach-prevention-and-detection/</a><a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://mastodon.social/tags/DataBreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#DataBreach</a> <a href="https://mastodon.social/tags/AIinCyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#AIinCyberSecurity</a> <a href="https://mastodon.social/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatDetection</a>

sydney🌵 Calm before the Hacker Summer Camp storm.July’s Dispatch Debrief is light on posts, heavy on hot takes — from agentic AI to making pentest findings sting.Catch up before Vegas 👉 <a href="https://dispatch.thorcollective.com/p/dispatch-debrief-july-2025" rel="nofollow noopener" translate="no" target="_blank">https://dispatch.thorcollective.com/p/dispatch-debrief-july-2025</a> <a href="https://infosec.exchange/tags/threathunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#threathunting</a> <a href="https://infosec.exchange/tags/thrunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#thrunting</a> <a href="https://infosec.exchange/tags/THORcollective" class="mention hashtag" rel="nofollow noopener" target="_blank">#THORcollective</a> <a href="https://infosec.exchange/tags/hackersummercamp" class="mention hashtag" rel="nofollow noopener" target="_blank">#hackersummercamp</a> <a href="https://infosec.exchange/tags/defcon" class="mention hashtag" rel="nofollow noopener" target="_blank">#defcon</a> <a href="https://infosec.exchange/tags/blackhat" class="mention hashtag" rel="nofollow noopener" target="_blank">#blackhat</a> <a href="https://infosec.exchange/tags/threatdetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#threatdetection</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a>

NetzpalaverFührungsetagen zu KI in der Cyberabwehr - Heute Unsicherheit, morgen Schlüsselrolle<a href="https://social.tchncs.de/tags/Cyberabwehr" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cyberabwehr</a> <a href="https://social.tchncs.de/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://social.tchncs.de/tags/Cybersicherheit" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersicherheit</a> <a href="https://social.tchncs.de/tags/Deepfake" class="mention hashtag" rel="nofollow noopener" target="_blank">#Deepfake</a> <a href="https://social.tchncs.de/tags/EMailSicherheit" class="mention hashtag" rel="nofollow noopener" target="_blank">#EMailSicherheit</a> <a href="https://social.tchncs.de/tags/k%C3%BCnstlicheIntelligenz" class="mention hashtag" rel="nofollow noopener" target="_blank">#künstlicheIntelligenz</a> <a href="https://social.tchncs.de/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#Phishing</a> @Sophos <a href="https://social.tchncs.de/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatDetection</a> @Sophos_Info<a href="https://netzpalaver.de/2025/07/31/fuehrungsetagen-zu-ki-in-der-cyberabwehr-heute-unsicherheit-morgen-schluesselrolle/" rel="nofollow noopener" translate="no" target="_blank">https://netzpalaver.de/2025/07/31/fuehrungsetagen-zu-ki-in-der-cyberabwehr-heute-unsicherheit-morgen-schluesselrolle/</a>

Dhaal.ioCyber threats are evolving fast — from AI-driven phishing to deepfake scams and cloud misconfigurations. Even low-skilled attackers now have access to Ransomware-as-a-Service.📉 Don’t let your guard down. Stay informed, stay protected.📬 Subscribe for weekly insights into cybersecurity trends, threats, and solutions. <a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://mastodon.social/tags/Deepfake" class="mention hashtag" rel="nofollow noopener" target="_blank">#Deepfake</a> <a href="https://mastodon.social/tags/CyberThreats" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberThreats</a> <a href="https://mastodon.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a><a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://mastodon.social/tags/threatdetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#threatdetection</a> <a href="https://mastodon.social/tags/Dhaalai" class="mention hashtag" rel="nofollow noopener" target="_blank">#Dhaalai</a>

sydneyThreat hunting is broken. We can’t out-query adversaries who automate everything. Enter the agentic threat hunter. An AI that thinks, hypothesizes, investigates, and scales.In the latest Dispatch, we explore how you can take small, practical steps toward this shift: 📌 <a href="https://dispatch.thorcollective.com/p/the-agentic-threat-hunter" rel="nofollow noopener" translate="no" target="_blank">https://dispatch.thorcollective.com/p/the-agentic-threat-hunter</a>The future of hunting? Agents that don’t just help, they hunt.<a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/threatdetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#threatdetection</a> <a href="https://infosec.exchange/tags/thrunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#thrunting</a> <a href="https://infosec.exchange/tags/threathunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#threathunting</a> <a href="https://infosec.exchange/tags/agenticAI" class="mention hashtag" rel="nofollow noopener" target="_blank">#agenticAI</a> <a href="https://infosec.exchange/tags/THORcollective" class="mention hashtag" rel="nofollow noopener" target="_blank">#THORcollective</a>

2rZiKKbOU3nTafniR2qMMSE0gwZThe New Cyber Sentinel: How AI Is Transforming Threat Detection By Md Shafiqul Baten Sumon Continue reading on Medium » <a rel="nofollow noopener" class="mention hashtag" href="https://mastodon.social/tags/cybersecurity" target="_blank">#cybersecurity</a> <a rel="nofollow noopener" class="mention hashtag" href="https://mastodon.social/tags/artificial-intelligence" target="_blank">#artificial-intelligence</a> <a rel="nofollow noopener" class="mention hashtag" href="https://mastodon.social/tags/machine-learning" target="_blank">#machine-learning</a> <a rel="nofollow noopener" class="mention hashtag" href="https://mastodon.social/tags/threat-detection" target="_blank">#threat-detection</a> <a rel="nofollow noopener" class="mention hashtag" href="https://mastodon.social/tags/infosec" target="_blank">#infosec</a> <a href="https://medium.com/@shafiqulsumon007/the-new-cyber-sentinel-how-ai-is-transforming-threat-detection-2b8a3b861332?source=rss------machine_learning-5" rel="nofollow noopener" target="_blank">Origin</a> | <a href="https://awakari.com/sub-details.html?id=2rZiKKbOU3nTafniR2qMMSE0gwZ" rel="nofollow noopener" target="_blank">Interest</a> | <a href="https://awakari.com/pub-msg.html?id=CdDR0FQLutKQucKJxzIkopjJfvs&interestId=2rZiKKbOU3nTafniR2qMMSE0gwZ" rel="nofollow noopener" target="_blank">Match</a>

Josh Lemon"I SPy" Entra ID Global Admin Escalation TechniqueDatadog's Security Labs identified an abuse of Office 365 Exchange Online service principal (SP) allowing escalation to Global Admin. MSRC considers it "expected misconfiguration" so don't expect a fix.🚨 Alert on new credentials added to SPs. 🔥 Monitor changes to federated domains (federationConfiguration). 🕵🏼‍♂️ Hunt unusual Graph API calls to /domains, /credentials, and /federationConfiguration.🔗 <a href="https://securitylabs.datadoghq.com/articles/i-spy-escalating-to-entra-id-global-admin/" rel="nofollow noopener" translate="no" target="_blank">https://securitylabs.datadoghq.com/articles/i-spy-escalating-to-entra-id-global-admin/</a><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener" target="_blank">#DFIR</a> <a href="https://infosec.exchange/tags/ThreatHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatHunting</a> <a href="https://infosec.exchange/tags/EntraID" class="mention hashtag" rel="nofollow noopener" target="_blank">#EntraID</a> <a href="https://infosec.exchange/tags/CloudForensics" class="mention hashtag" rel="nofollow noopener" target="_blank">#CloudForensics</a> <a href="https://infosec.exchange/tags/M365" class="mention hashtag" rel="nofollow noopener" target="_blank">#M365</a> <a href="https://infosec.exchange/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatDetection</a>

Just Another Blue TeamerHappy Friday everyone! Researchers from the FortiCNAPP team, part of FortiGuard Labs identified a new variant of the <a href="https://ioc.exchange/tags/Lcryx" class="mention hashtag" rel="nofollow noopener" target="_blank">#Lcryx</a> ransomware called <a href="https://ioc.exchange/tags/Lcrypt0rx" class="mention hashtag" rel="nofollow noopener" target="_blank">#Lcrypt0rx</a>. The report states that it "is a relatively new VBScript-based ransomware strain first observed in November 2024" and "exhibits several unusual characteristics that suggest it may have been generated using AI." According to the researchers, it currently only targets Windows machines. Indicators that led the researchers to believe it is AI generated include: - Function Duplication - Incorrect Persistence Mechanisms - Nonexistent Target Paths - Invalid Ransom Note URL - Ineffective AV DisablingThese are just a few indicators and the article provides more details about each indicator, but I am not going to spoil the fun! Go and check it out for yourself! Enjoy and Happy Hunting!Old Miner, New Tricks: H2miner Resurfaces with Lcrypt0rx Ransomware <a href="https://www.fortinet.com/blog/threat-research/old-miner-new-tricks" rel="nofollow noopener" translate="no" target="_blank">https://www.fortinet.com/blog/threat-research/old-miner-new-tricks</a>Intel 471 Cyborg Security, Now Part of Intel 471 <a href="https://ioc.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatIntel</a> <a href="https://ioc.exchange/tags/ThreatHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatHunting</a> <a href="https://ioc.exchange/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatDetection</a> <a href="https://ioc.exchange/tags/HappyHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#HappyHunting</a> <a href="https://ioc.exchange/tags/readoftheday" class="mention hashtag" rel="nofollow noopener" target="_blank">#readoftheday</a> <a href="https://ioc.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#ransomware</a> <a href="https://ioc.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#AI</a> <a href="https://ioc.exchange/tags/artificialintelligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#artificialintelligence</a>

Tedi HeriyantoDetection Engineering: Practicing Detection-as-Code- Part 1: <a href="https://blog.nviso.eu/2025/07/08/detection-engineering-practicing-detection-as-code-introduction-part-1/" rel="nofollow noopener" translate="no" target="_blank">https://blog.nviso.eu/2025/07/08/detection-engineering-practicing-detection-as-code-introduction-part-1/</a>- Part 2: <a href="https://blog.nviso.eu/2025/07/17/detection-engineering-practicing-detection-as-code-repository-part-2/" rel="nofollow noopener" translate="no" target="_blank">https://blog.nviso.eu/2025/07/17/detection-engineering-practicing-detection-as-code-repository-part-2/</a><a href="https://infosec.exchange/tags/detectionengineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#detectionengineering</a> <a href="https://infosec.exchange/tags/threatdetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#threatdetection</a> <a href="https://infosec.exchange/tags/DetectionAsCode" class="mention hashtag" rel="nofollow noopener" target="_blank">#DetectionAsCode</a>

Just Another Blue TeamerGood day everyone!Cisco Talos researchers report on a malware-as-a-service (MaaS) operation that was targeting Ukrainian entities and involved the <a href="https://ioc.exchange/tags/Amadey" class="mention hashtag" rel="nofollow noopener" target="_blank">#Amadey</a> trojan, known for "collecting system information and downloading secondary payloads" and the <a href="https://ioc.exchange/tags/Emmenhtal" class="mention hashtag" rel="nofollow noopener" target="_blank">#Emmenhtal</a> downloader. Behaviors that are observed in this attack include a BUNCH of powershell activity with obfuscation and dropping a legitimate copy of PuTTY.exe. Looking at the technical details, they also us some URLs that may look legitimate to their targets in Ukraine as they add the value "ukraine2" in the URL. Finally, the attack involved multiple variants of the Emmenhtal downloader that were masquerading as MP4 files. As usual, I glossed over many of the technical details so you can go enjoy the article without me spoiling it! Thanks to the researchers and authors and Happy Hunting!MaaS operation using Emmenhtal and Amadey linked to threats against Ukrainian entities <a href="https://lnkd.in/gUisprru" rel="nofollow noopener" translate="no" target="_blank">https://lnkd.in/gUisprru</a>Intel 471 Cyborg Security, Now Part of Intel 471#ThreatIntel <a href="https://ioc.exchange/tags/ThreatHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatHunting</a> <a href="https://ioc.exchange/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatDetection</a> <a href="https://ioc.exchange/tags/HappyHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#HappyHunting</a> <a href="https://ioc.exchange/tags/readoftheday" class="mention hashtag" rel="nofollow noopener" target="_blank">#readoftheday</a>

Pyrzout :vm:Tired of gaps in your security? These open-source tools can help <a href="https://www.helpnetsecurity.com/2025/07/17/open-source-threat-detection-solutions/" rel="nofollow noopener" translate="no" target="_blank">https://www.helpnetsecurity.com/2025/07/17/open-source-threat-detection-solutions/</a> <a href="https://social.skynetcloud.site/tags/threatdetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#threatdetection</a> <a href="https://social.skynetcloud.site/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://social.skynetcloud.site/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#opensource</a> <a href="https://social.skynetcloud.site/tags/News" class="mention hashtag" rel="nofollow noopener" target="_blank">#News</a> <a href="https://social.skynetcloud.site/tags/SIEM" class="mention hashtag" rel="nofollow noopener" target="_blank">#SIEM</a>

Just Another Blue TeamerHappy Wednesday everyone!News broke that <a href="https://ioc.exchange/tags/SaltTyphoon" class="mention hashtag" rel="nofollow noopener" target="_blank">#SaltTyphoon</a> gained access to the U.S. National Guard's network "and, among other things, collected its network configuration and its data traffic with its counterparts’ networks in every other US state and at least four US territories, according to a DOD report. This data also included these networks’ administrator credentials and network diagrams—which could be used to facilitate follow-on Salt Typhoon hacks of these units." I am posting this as situational awareness and I never try to strike fear in the community, so I want to remind everyone of the great resources that exist out there when you want to threat hunt or you are trying to detect activity related to different <a href="https://ioc.exchange/tags/APT" class="mention hashtag" rel="nofollow noopener" target="_blank">#APT</a> groups or malware! Check out the article posted below and check the comments for resources I would recommend using to supplement your threat hunting or blue team efforts! Enjoy and Happy Hunting! DHS Salt Typhoon <a href="https://www.documentcloud.org/documents/25998809-20250611-dhs-salt-typhoon/" rel="nofollow noopener" translate="no" target="_blank">https://www.documentcloud.org/documents/25998809-20250611-dhs-salt-typhoon/</a>Intel 471 Cyborg Security, Now Part of Intel 471 <a href="https://ioc.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatIntel</a> <a href="https://ioc.exchange/tags/ThreatHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatHunting</a> <a href="https://ioc.exchange/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatDetection</a> <a href="https://ioc.exchange/tags/HappyHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#HappyHunting</a> <a href="https://ioc.exchange/tags/readoftheday" class="mention hashtag" rel="nofollow noopener" target="_blank">#readoftheday</a>

Pen Test PartnersA critical vulnerability in old Telerik software gave an attacker remote code execution on an SFTP-only Windows server. That meant they didn’t need credentials, antivirus didn’t trigger, and default log sizes meant almost nothing useful was captured.From there? PowerShell exclusions, admin account created, RDP tunnelled in via Ngrok, ransomware deployed. They even opened Pornhub either to cover traffic or celebrate the moment. Who knows?This attack wasn’t subtle. But it worked because basic controls were missing. We’ve broken down the incident. Plus, recommendations you can act on now to prevent the same thing.📌<a href="https://www.pentestpartners.com/security-blog/sil3ncer-deployed-rce-porn-diversion-and-ransomware-on-an-sftp-only-server/" rel="nofollow noopener" translate="no" target="_blank">https://www.pentestpartners.com/security-blog/sil3ncer-deployed-rce-porn-diversion-and-ransomware-on-an-sftp-only-server/</a><a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/IncidentResponse" class="mention hashtag" rel="nofollow noopener" target="_blank">#IncidentResponse</a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Ransomware</a> <a href="https://infosec.exchange/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatDetection</a> <a href="https://infosec.exchange/tags/DigitalForensics" class="mention hashtag" rel="nofollow noopener" target="_blank">#DigitalForensics</a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a>

Pyrzout :vm:Rethinking API Security: Confronting the Rise of Business Logic Attacks (BLAs) – Source: securityboulevard.com <a href="https://ciso2ciso.com/rethinking-api-security-confronting-the-rise-of-business-logic-attacks-blas-source-securityboulevard-com/" rel="nofollow noopener" translate="no" target="_blank">https://ciso2ciso.com/rethinking-api-security-confronting-the-rise-of-business-logic-attacks-blas-source-securityboulevard-com/</a> <a href="https://social.skynetcloud.site/tags/SecurityBoulevard" class="mention hashtag" rel="nofollow noopener" target="_blank">#SecurityBoulevard</a>(Original) <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener" target="_blank">#rssfeedpostgeneratorecho</a> <a href="https://social.skynetcloud.site/tags/BusinessLogicAttack" class="mention hashtag" rel="nofollow noopener" target="_blank">#BusinessLogicAttack</a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurityNews</a> <a href="https://social.skynetcloud.site/tags/SecurityBoulevard" class="mention hashtag" rel="nofollow noopener" target="_blank">#SecurityBoulevard</a> <a href="https://social.skynetcloud.site/tags/threatdetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#threatdetection</a> <a href="https://social.skynetcloud.site/tags/SocialFacebook" class="mention hashtag" rel="nofollow noopener" target="_blank">#SocialFacebook</a> <a href="https://social.skynetcloud.site/tags/SocialLinkedIn" class="mention hashtag" rel="nofollow noopener" target="_blank">#SocialLinkedIn</a> <a href="https://social.skynetcloud.site/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://social.skynetcloud.site/tags/APIsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#APIsecurity</a> <a href="https://social.skynetcloud.site/tags/SocialX" class="mention hashtag" rel="nofollow noopener" target="_blank">#SocialX</a> <a href="https://social.skynetcloud.site/tags/traffic" class="mention hashtag" rel="nofollow noopener" target="_blank">#traffic</a> <a href="https://social.skynetcloud.site/tags/BLAs" class="mention hashtag" rel="nofollow noopener" target="_blank">#BLAs</a>

Recent searches

Search options

Administered by:

Server stats:

#threatdetection