Pen Test Partners<p>A critical vulnerability in old Telerik software gave an attacker remote code execution on an SFTP-only Windows server. That meant they didn’t need credentials, antivirus didn’t trigger, and default log sizes meant almost nothing useful was captured.</p><p>From there? PowerShell exclusions, admin account created, RDP tunnelled in via Ngrok, ransomware deployed. </p><p>They even opened Pornhub either to cover traffic or celebrate the moment. Who knows?</p><p>This attack wasn’t subtle. But it worked because basic controls were missing. </p><p>We’ve broken down the incident. Plus, recommendations you can act on now to prevent the same thing.</p><p>📌<a href="https://www.pentestpartners.com/security-blog/sil3ncer-deployed-rce-porn-diversion-and-ransomware-on-an-sftp-only-server/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">pentestpartners.com/security-b</span><span class="invisible">log/sil3ncer-deployed-rce-porn-diversion-and-ransomware-on-an-sftp-only-server/</span></a></p><p><a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/IncidentResponse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IncidentResponse</span></a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ransomware</span></a> <a href="https://infosec.exchange/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatDetection</span></a> <a href="https://infosec.exchange/tags/DigitalForensics" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DigitalForensics</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a></p>
techhub.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A hub primarily for passionate technologists, but everyone is welcome
Administered by:
Server stats:
4.7Kactive users
techhub.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.1
#threatdetection
5 posts · 5 participants · 0 posts today
Pyrzout :vm:<p>Rethinking API Security: Confronting the Rise of Business Logic Attacks (BLAs) – Source: securityboulevard.com <a href="https://ciso2ciso.com/rethinking-api-security-confronting-the-rise-of-business-logic-attacks-blas-source-securityboulevard-com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ciso2ciso.com/rethinking-api-s</span><span class="invisible">ecurity-confronting-the-rise-of-business-logic-attacks-blas-source-securityboulevard-com/</span></a> <a href="https://social.skynetcloud.site/tags/SecurityBoulevard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityBoulevard</span></a>(Original) <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rssfeedpostgeneratorecho</span></a> <a href="https://social.skynetcloud.site/tags/BusinessLogicAttack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BusinessLogicAttack</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/SecurityBoulevard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityBoulevard</span></a> <a href="https://social.skynetcloud.site/tags/threatdetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatdetection</span></a> <a href="https://social.skynetcloud.site/tags/SocialFacebook" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SocialFacebook</span></a> <a href="https://social.skynetcloud.site/tags/SocialLinkedIn" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SocialLinkedIn</span></a> <a href="https://social.skynetcloud.site/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://social.skynetcloud.site/tags/APIsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>APIsecurity</span></a> <a href="https://social.skynetcloud.site/tags/SocialX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SocialX</span></a> <a href="https://social.skynetcloud.site/tags/traffic" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>traffic</span></a> <a href="https://social.skynetcloud.site/tags/BLAs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BLAs</span></a></p>
Just Another Blue Teamer<p>Good day everyone!</p><p>Morphisec released an insightful report covering Iranian Cyber Warfare that is targeting the West and other enemies of Iran. The APT involved is <a href="https://ioc.exchange/tags/Pay2Key" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pay2Key</span></a>, "an Iranian-backed ransomware-as-as-service (RaaS) operation" that is linked to the Fox Kitten APT group and "closely tied to the well-known <a href="https://ioc.exchange/tags/Mimic" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mimic</span></a> ransomware."</p><p>Normally I call out behaviors and TTPs related but for this report I want to call out the completeness of the report. Not only does it provide more than enough technical details to make actionable in any environment but it also provides a TON of threat intel to support their claims giving the readers and audience an idea if they would be a target or not. It is a great report and I encourage you all to read it! Enjoy and Happy Hunting!</p><p>Pay2Key’s Resurgence: Iranian Cyber Warfare Targets the West<br><a href="https://www.morphisec.com/blog/pay2key-resurgence-iranian-cyber-warfare/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">morphisec.com/blog/pay2key-res</span><span class="invisible">urgence-iranian-cyber-warfare/</span></a></p><p>Intel 471 Cyborg Security, Now Part of Intel 471 <a href="https://ioc.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a> <a href="https://ioc.exchange/tags/ThreatHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatHunting</span></a> <a href="https://ioc.exchange/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatDetection</span></a> <a href="https://ioc.exchange/tags/HappyHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HappyHunting</span></a> <a href="https://ioc.exchange/tags/readoftheday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>readoftheday</span></a></p>
Graylog<p>Knowing the most common indicators of compromise (IoCs) can improve your key threat detection and response (TDIR) metrics. 👍 And, if you are keeping an eye out for common IOCs, then you're able to take a more proactive approach to <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a>. So, let's dig in and learn all about IOCs! 🙌 </p><p>IoCs fall into the following categories:<br>🔹 Network-based<br>🔹 Host-based<br>🔹 Email-based<br>🔹 Behavioral<br>🔹 Third-party</p><p>In this blog we outline 17 common indicators of compromise, including:<br>🚦 Network traffic anomalies<br>💻 Unusual sign-in attempts<br>🗺️ Geographical anomalies<br>⚠️ Privilege account irregularities<br>🔄 Changes to systems configurations<br>🖥️ Unexpected software installations or updates<br>📂 Numerous requests for the same file<br>🫴 Unusual Domain Name Systems (DNS) requests<br>📖 Swells in database read volume<br>❗ HTML response sizes<br>🚥 Mismatched port-application traffic<br>🤔 Suspicious registry or system file changes<br>📧 Influx of spam emails<br>⬅️ Moved or aggregated data<br>🤖 Non-human website traffic<br>📱 Changes to mobile devices<br>🚫 System outages or reduced performance</p><p>Read on and learn about the details for each of these 17 common IoCs—so that you can be ready to search your environment for clues that will help you confirm security incidents and/or data breaches.</p><p><a href="https://graylog.org/post/17-common-indicators-of-compromise/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">graylog.org/post/17-common-ind</span><span class="invisible">icators-of-compromise/</span></a> <a href="https://infosec.exchange/tags/threatdetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatdetection</span></a> <a href="https://infosec.exchange/tags/incidentresponse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>incidentresponse</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/GraylogLabs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GraylogLabs</span></a></p>
Just Another Blue Teamer<p>Happy Wednesday everyone!</p><p>Elastic Security Labs researchers found a bunch of infostealers being spread by adversaries. In the past we have seen other tools like Brute Ratel and CobaltStrike but this time they decided to use a cracked version of <a href="https://ioc.exchange/tags/SHELLTER" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SHELLTER</span></a>, another offensive security tool (OST). There are TONS of technical details about the tools they used during the investigation into the tool and what artifacts they found. Interestingly they are also releasing a "dynamic unpacker for binaries protected by SHELLTER. This tool leverages a combination of dynamic and static analysis techniques to automatically extract multiple payload stages from a SHELLTER-protected binary." Thought that was a pretty cool add!</p><p>Take a read and get all the important details! Enjoy and Happy Hunting!</p><p>Taking SHELLTER: a commercial evasion framework abused in- the- wild <br><a href="https://www.elastic.co/security-labs/taking-shellter" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">elastic.co/security-labs/takin</span><span class="invisible">g-shellter</span></a></p><p>Intel 471 Cyborg Security, Now Part of Intel 471 <a href="https://ioc.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a> <a href="https://ioc.exchange/tags/ThreatHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatHunting</span></a> <a href="https://ioc.exchange/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatDetection</span></a> <a href="https://ioc.exchange/tags/HappyHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HappyHunting</span></a> <a href="https://ioc.exchange/tags/readoftheday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>readoftheday</span></a></p>
Pyrzout :vm:<p>Industrial security is on shaky ground and leaders need to pay attention <a href="https://www.helpnetsecurity.com/2025/07/03/ot-iot-threat-detection-confidence/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">helpnetsecurity.com/2025/07/03</span><span class="invisible">/ot-iot-threat-detection-confidence/</span></a> <a href="https://social.skynetcloud.site/tags/threatdetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatdetection</span></a> <a href="https://social.skynetcloud.site/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://social.skynetcloud.site/tags/Forescout" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Forescout</span></a> <a href="https://social.skynetcloud.site/tags/report" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>report</span></a> <a href="https://social.skynetcloud.site/tags/News" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>News</span></a> <a href="https://social.skynetcloud.site/tags/IoT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IoT</span></a></p>
The DefendOps Diaries<p>Ever seen an email bombing attack thwarted in real time? Microsoft Defender for Office 365 now uses AI to spot and block floods of malicious emails before they wreak havoc. Curious how it works?</p><p><a href="https://thedefendopsdiaries.com/ai-powered-defense-microsoft-defender-for-office-365-and-email-bombing/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thedefendopsdiaries.com/ai-pow</span><span class="invisible">ered-defense-microsoft-defender-for-office-365-and-email-bombing/</span></a></p><p><a href="https://infosec.exchange/tags/microsoftdefender" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>microsoftdefender</span></a><br><a href="https://infosec.exchange/tags/emailbombing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>emailbombing</span></a><br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a><br><a href="https://infosec.exchange/tags/ai" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ai</span></a><br><a href="https://infosec.exchange/tags/threatdetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatdetection</span></a></p>
Just Another Blue Teamer<p>Happy Monday everyone and what a way to start it!</p><p>I encourage you to read the latest report from The DFIR Report where they document an attack that started with a "password spray attack against an exposed RDP server" and ended in the <a href="https://ioc.exchange/tags/RansomHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RansomHub</span></a> ransomware strain being deployed in the victim's environment and spread over SMB. </p><p>I am going to forgo the brief summary because I truly believe these reports need to be read by you! But a bunch of LOLBINs were leveraged, including PowerShell and Windows Command Shell, of course RDP connections, MimiKatz, the Advanced IP Scanner, and many more! One behavior I will point out is that Persistence was gained by the actors deploying the legitimate RMM tools AteraAgent and Splashtop and then created services to run them! </p><p>This is another great example of an extremely thorough report and I hope you enjoy it as much as I do! Enjoy and Happy Hunting!</p><p>Hide Your RDP: Password Spray Leads to RansomHub Deployment<br><a href="https://thedfirreport.com/2025/06/30/hide-your-rdp-password-spray-leads-to-ransomhub-deployment/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thedfirreport.com/2025/06/30/h</span><span class="invisible">ide-your-rdp-password-spray-leads-to-ransomhub-deployment/</span></a></p><p>Intel 471 Cyborg Security, Now Part of Intel 471 <a href="https://ioc.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a> <a href="https://ioc.exchange/tags/ThreatHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatHunting</span></a> <a href="https://ioc.exchange/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatDetection</span></a> <a href="https://ioc.exchange/tags/HappyHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HappyHunting</span></a> <a href="https://ioc.exchange/tags/readoftheday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>readoftheday</span></a></p>
Just Another Blue Teamer<p>Happy Wednesday everyone!</p><p>I came across this article from Check Point Software's research team where they discuss a malware "prototype" they found that contained prompt injection to trick any LLM that it may be interacting with while it is being analyzed, aptly named Skynet. It attempted to sue the "Ignore all previous instructions" command adding another layer of sandbox evasion but was unsuccessful in this instance. The malware also contained an embedded TOR client which, when executed, can be later used and controlled by accessing the specified ports. After execution the malware component wipes the entire %TEMP%/skynet directory that was created. This was overall a very interesting read and could unfortunately be the first of many malware to attempt this technique. I hope you found this as interesting as I did and Happy Hunting!</p><p>In the Wild: Malware Prototype with Embedded Prompt Injection<br><a href="https://research.checkpoint.com/2025/ai-evasion-prompt-injection/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">research.checkpoint.com/2025/a</span><span class="invisible">i-evasion-prompt-injection/</span></a></p><p>Intel 471 Cyborg Security, Now Part of Intel 471 <a href="https://ioc.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a> <a href="https://ioc.exchange/tags/ThreatHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatHunting</span></a> <a href="https://ioc.exchange/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatDetection</span></a> <a href="https://ioc.exchange/tags/HappyHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HappyHunting</span></a> <a href="https://ioc.exchange/tags/readoftheday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>readoftheday</span></a> <a href="https://ioc.exchange/tags/llm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>llm</span></a></p>
Pyrzout :vm:<p>Kali Linux 2025.1c Fixes Key Issue, Adds New Tools and Interface Updates – Source:hackread.com <a href="https://ciso2ciso.com/kali-linux-2025-1c-fixes-key-issue-adds-new-tools-and-interface-updates-sourcehackread-com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ciso2ciso.com/kali-linux-2025-</span><span class="invisible">1c-fixes-key-issue-adds-new-tools-and-interface-updates-sourcehackread-com/</span></a> <a href="https://social.skynetcloud.site/tags/1CyberSecurityNewsPost" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>1CyberSecurityNewsPost</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatDetection</span></a> <a href="https://social.skynetcloud.site/tags/EthicalHacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EthicalHacking</span></a> <a href="https://social.skynetcloud.site/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://social.skynetcloud.site/tags/KaliLinux2025" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KaliLinux2025</span></a> <a href="https://social.skynetcloud.site/tags/ThreatHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatHunting</span></a> <a href="https://social.skynetcloud.site/tags/KaliLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KaliLinux</span></a> <a href="https://social.skynetcloud.site/tags/Hackread" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hackread</span></a> <a href="https://social.skynetcloud.site/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a></p>
Pyrzout :vm:<p>Kali Linux 2025.1c Fixes Key Issue, Adds New Tools and Interface Updates <a href="https://hackread.com/kali-linux-2025-1c-fix-issue-adds-tools-interface-update/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hackread.com/kali-linux-2025-1</span><span class="invisible">c-fix-issue-adds-tools-interface-update/</span></a> <a href="https://social.skynetcloud.site/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatDetection</span></a> <a href="https://social.skynetcloud.site/tags/EthicalHacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EthicalHacking</span></a> <a href="https://social.skynetcloud.site/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://social.skynetcloud.site/tags/KaliLinux2025" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KaliLinux2025</span></a> <a href="https://social.skynetcloud.site/tags/ThreatHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatHunting</span></a> <a href="https://social.skynetcloud.site/tags/KaliLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KaliLinux</span></a> <a href="https://social.skynetcloud.site/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://social.skynetcloud.site/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a></p>
Just Another Blue Teamer<p>Good day everyone!</p><p>A little while ago I stumbled across an article from Trend Micro that discussed the <a href="https://ioc.exchange/tags/Anubis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Anubis</span></a> ransomware and its abilities to act both as a ransomware and a wiper. Now it appears that the group has gained sensitive documents related to Disneyland Paris's plans for new rides and renovations (Anubis X post is in the article). Not trying to fear-monger or anything but it goes to show how these groups will adapt their TTPs and behaviors to get to any organization. </p><p>Anubis Ransomware Lists Disneyland Paris as New Victim<br><a href="https://hackread.com/anubis-ransomware-lists-disneyland-paris-new-victim/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hackread.com/anubis-ransomware</span><span class="invisible">-lists-disneyland-paris-new-victim/</span></a></p><p>Intel 471 Cyborg Security, Now Part of Intel 471 <a href="https://ioc.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a> <a href="https://ioc.exchange/tags/ThreatHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatHunting</span></a> <a href="https://ioc.exchange/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatDetection</span></a> <a href="https://ioc.exchange/tags/HappyHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HappyHunting</span></a> <a href="https://ioc.exchange/tags/readoftheday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>readoftheday</span></a></p>
Just Another Blue Teamer<p>Happy Wednesday all!</p><p>Sometimes its good to take it back to the basics! Cisco Talos shares their insights and trends on adversaries using legitimate tools with nefarious intent! They discuss Living-off-the-land binaries (LOLBINs) and Remote Monitoring and Management (RMM) tools and the impact they can have! Enjoy and Happy hunting!</p><p>When legitimate tools go rogue<br><a href="https://blog.talosintelligence.com/when-legitimate-tools-go-rogue/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.talosintelligence.com/whe</span><span class="invisible">n-legitimate-tools-go-rogue/</span></a></p><p>Intel 471 Cyborg Security, Now Part of Intel 471 <a href="https://ioc.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a> <a href="https://ioc.exchange/tags/ThreatHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatHunting</span></a> <a href="https://ioc.exchange/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatDetection</span></a> <a href="https://ioc.exchange/tags/HappyHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HappyHunting</span></a> <a href="https://ioc.exchange/tags/readoftheday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>readoftheday</span></a></p>
Just Another Blue Teamer<p>Good day everyone!</p><p>Trend Micro provides us insight on a "A new ransomware-as-a-service (RaaS) group has emerged and has been making a name for itself in 2025" named <a href="https://ioc.exchange/tags/Anubis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Anubis</span></a>. It has been designed to have "more destructive capabilities" that can wipe directories that "severely impact chances of file recovery". Researchers also provide MITRE ATT&CK mapping to help teams make this information actionable, so big thanks to them! Check out the details I missed, enjoy the article, and Happy Hunting!</p><p>Anubis: A Closer Look at an Emerging Ransomware with Built-in Wiper<br><a href="https://www.trendmicro.com/en_us/research/25/f/anubis-a-closer-look-at-an-emerging-ransomware.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">trendmicro.com/en_us/research/</span><span class="invisible">25/f/anubis-a-closer-look-at-an-emerging-ransomware.html</span></a></p><p>Intel 471 Cyborg Security, Now Part of Intel 471 <a href="https://ioc.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a> <a href="https://ioc.exchange/tags/ThreatHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatHunting</span></a> <a href="https://ioc.exchange/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatDetection</span></a> <a href="https://ioc.exchange/tags/HappyHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HappyHunting</span></a> <a href="https://ioc.exchange/tags/readoftheday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>readoftheday</span></a></p>
Just Another Blue Teamer<p>Happy Monday Everyone!</p><p>It's that time again! Just pushing this out to the threat hunting community and beyond! If you had a question about threat hunting in the past or currently have one that is burning a hole in your brain, feel free to ask us at Intel 471! We are currently working through the back-log of all the other questions that we have, but feel free to throw yours in the ring and get it featured in a future video! Have a wonderful day and Happy Hunting!</p><p>Lee-Git Threat Hunting<br><a href="https://docs.google.com/forms/d/1fYIKFwNGuwYzl3-ktMa7gRz4Uxl2vOUHbAj2CuiuQ4M/edit" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">docs.google.com/forms/d/1fYIKF</span><span class="invisible">wNGuwYzl3-ktMa7gRz4Uxl2vOUHbAj2CuiuQ4M/edit</span></a></p><p>Cyborg Security, Now Part of Intel 471 <a href="https://ioc.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a> <a href="https://ioc.exchange/tags/ThreatHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatHunting</span></a> <a href="https://ioc.exchange/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatDetection</span></a> <a href="https://ioc.exchange/tags/HappyHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HappyHunting</span></a></p>
redoracle<p>Discover the latest insights on evaluating cybersecurity solutions in real-world scenarios. Stay ahead of evolving threats! <a href="https://mastodon.social/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatDetection</span></a> <a href="https://mastodon.social/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://mastodon.social/tags/AVComparatives" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AVComparatives</span></a> <a href="https://redoracle.com/News/Evaluating-Cybersecurity-Solutions-AV-Comparatives-2025-Insights.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">redoracle.com/News/Evaluating-</span><span class="invisible">Cybersecurity-Solutions-AV-Comparatives-2025-Insights.html</span></a></p>
Graylog<p>Up next on the busy <a href="https://infosec.exchange/tags/Graylog" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Graylog</span></a> conference circuit we have... <a href="https://infosec.exchange/tags/AWSreInforce" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AWSreInforce</span></a> starting this Monday! (Party ON 🥳) And on Tuesday at the show, the amazing Rich Murphy will talk about taming your alert avalanche, at 1:30 PM. 🚨 🏔️ 🫢 </p><p>Learn how to tune out false positives, consolidate redundant alarms, and apply risk-based filtering so that high-fidelity alerts rise to the top. 💯 </p><p>We'll also have Sam Parikh, Quinn Kroll, and Justine Simpson on-site to connect with you. See us there in booth #423.</p><p>Learn more: <a href="https://registration.awsevents.com/flow/awsevents/reinforce2025/sessioncatalog/page/sessionCatalog" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">registration.awsevents.com/flo</span><span class="invisible">w/awsevents/reinforce2025/sessioncatalog/page/sessionCatalog</span></a> <a href="https://infosec.exchange/tags/TDIR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TDIR</span></a> <a href="https://infosec.exchange/tags/threatdetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatdetection</span></a> <a href="https://infosec.exchange/tags/incidentresponse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>incidentresponse</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a></p>
Just Another Blue Teamer<p>Happy Wednesday everyone!</p><p>A "fully undetected <a href="https://ioc.exchange/tags/infostealer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infostealer</span></a> malware sample written in Rust" was identified by Trellix researchers while conducting a proactive hunt! The distribution should not come as any surprise, fraudulent gaming websites! This is not an old tactic and something that I have read about from many vendors (Remember, downloading cracked or "free" games from sites normally means you just aren't paying with money!). In this case, the "game" files were distributed as password-protected rar files which contained the stealer executable with some legitimate game-related files. This is another tactic that is commonly used to "assure" the user that they downloaded something legitimate. </p><p>The researchers also discussed the capabilities of the malware and here are just a few:<br>- It displayed a fake window to the user to fool them into it being a legitimate application.<br>- It terminates a list of processes, some that relate to browsers.<br>- Steals passwords, cookies, autofills, and saved credit card information from applications like Discord and Chrome.<br>- Drops a copy of itself in the \AppData\Roaming directory and saves a .lnkk file in the startup directory for persistence. The attackers link the executable and the .lnkk through registry keys so it can execute the .exe file properly. </p><p>Thanks goes to the researchers (who if you want tagged in here let me know!) for the great report and details! I hope you enjoy the read as much as I did and go check out the details I left out, its worth it! Happy Hunting!</p><p>Demystifying Myth Stealer: A Rust Based InfoStealer<br><a href="https://www.trellix.com/en-in/blogs/research/demystifying-myth-stealer-a-rust-based-infostealer/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">trellix.com/en-in/blogs/resear</span><span class="invisible">ch/demystifying-myth-stealer-a-rust-based-infostealer/</span></a></p><p>Intel 471 Cyborg Security, Now Part of Intel 471 <a href="https://ioc.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a> <a href="https://ioc.exchange/tags/ThreatHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatHunting</span></a> <a href="https://ioc.exchange/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatDetection</span></a> <a href="https://ioc.exchange/tags/HappyHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HappyHunting</span></a> <a href="https://ioc.exchange/tags/readoftheday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>readoftheday</span></a></p>
Overture Rede Private Limited<p>🚨 Urgent Hiring – Threat Detection & Response Trainer! 🚨<br>Remote | Experience : 10+ years | Duration: Project-Based </p><p>📩 Email: amritk1@overturerede.com 📞 Call/WhatsApp: 9289118667</p><p><a href="https://mastodon.social/tags/UrgentHiring" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UrgentHiring</span></a> <a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mastodon.social/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatDetection</span></a> <a href="https://mastodon.social/tags/IncidentResponse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IncidentResponse</span></a> <a href="https://mastodon.social/tags/SIEM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SIEM</span></a> <a href="https://mastodon.social/tags/Splunk" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Splunk</span></a> <a href="https://mastodon.social/tags/QRadar" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>QRadar</span></a> <a href="https://mastodon.social/tags/Sentinel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sentinel</span></a></p>
Just Another Blue Teamer<p>Good day everyone!</p><p>This is a really interesting read from SentinelOne Labs . Back in October 2024 they dealt with a reconnaissance operation that was related to the activity cluster tracked as <a href="https://ioc.exchange/tags/PurpleHaze" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PurpleHaze</span></a> and then in 2025 "they helped disrupt an intrusion linked to a wider <a href="https://ioc.exchange/tags/ShadowPad" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ShadowPad</span></a> operation". The activity was attributed to China-nexus threat actors. </p><p>The article gives an in-depth view of what it looks like when an organization that is responsible for "IT services and logistics" gets compromised, which we could call a supply-chain attack. The article also provides a TON of technical details about tools and infrastructure that was used, indicators of compromise to scan for in your environment, and behaviors and commands that were observed throughout. This one may take a while to read but its worth it! Thanks to the researchers Dr Aleksandar Milenkoski and Tom Hegel for this report! I hope you all enjoy it as much as I did. Happy Hunting!</p><p>Follow the Smoke | China-nexus Threat Actors Hammer At the Doors of Top Tier Targets<br><a href="https://www.sentinelone.com/labs/follow-the-smoke-china-nexus-threat-actors-hammer-at-the-doors-of-top-tier-targets/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">sentinelone.com/labs/follow-th</span><span class="invisible">e-smoke-china-nexus-threat-actors-hammer-at-the-doors-of-top-tier-targets/</span></a></p><p>Intel 471 Cyborg Security, Now Part of Intel 471 <a href="https://ioc.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a> <a href="https://ioc.exchange/tags/ThreatHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatHunting</span></a> <a href="https://ioc.exchange/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatDetection</span></a> <a href="https://ioc.exchange/tags/HappyHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HappyHunting</span></a> <a href="https://ioc.exchange/tags/readoftheday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>readoftheday</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload