VMSA-2025-0007: VMware Tools update addresses an insecure file handling vulnerability (CVE-2025-22247) - "A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM"
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
IntuneRBAC: A comprehensive PowerShell-based tool for managing and auditing Role-Based Access Control (RBAC) in Microsoft Intune. This tool provides detailed insights into your Intune RBAC configuration, including role assignments, scope tags, and permissions.
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
PowerDodder: a post-exploitation persistence utility designed to stealthily embed execution commands into existing script files on the host. By leveraging files that are frequently accessed but rarely modified, it targets high-likelihood execution vectors with minimal detection risk.
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
View and manage cases across multiple tenants in the Microsoft Defender multitenant portal - Microsoft's unified security operations platform
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
Analysis of APT37 Attack Case Disguised as a Think Tank for National Security Strategy in South Korea (Operation. ToyBox Story)
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
Swan Vector APT: Targeting Taiwan & Japan with DLL Implants
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
Unpacking PyInstaller Malware on macOS
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
Marbled Dust leverages zero-day in Output Messenger for regional espionage - "Marbled Dust targets entities in Europe and the Middle East, particularly government institutions and organizations that likely represent counter interests to the Turkish government, as well as targets in the teleco sector
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
Chrome App-Bound Encryption (ABE) - Technical Deep Dive & Research Notes
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
One-Click RCE in ASUS’s Preinstalled Driver Software
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
DIVD-2025-00005 - Exposed Automated Tank Gauge Systems - "We’ve observed real-world incidents of attackers changing tank information, performing reconnaissance, and even launching DoS attacks against these systems. "
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
AzureADGraphActivityLogs: a new undocumented diagnostic setting that fills a visibility gap
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
HSM Security - Exploitation of USB over SPI bug - video in comments
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
Single device vs multi device credentials - There are two different types of passkeys: single device, and multi device. While both passkey types offer phishing resistant forms of authentication, there are some inherent differences that should be understood.
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
ADeleginator: A companion tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
CTO at NCSC Summary: week ending May 11th
This subreddit is for technical professionals to discuss cybersecurity news, research, threats, etc.
CTO at NCSC Summary: week ending May 11th
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
KoviD: Red-Team Linux kernel rootkit
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
azurevelo: Velociraptor Server hosted in Azure App Service
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
Okta Security Detection Catalog - repository contains a collection of detection rules for security monitoring and detailed descriptions of log fields used for threat analysis within Okta environments.
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
Why is no one talking about maintenance in detection engineering?
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
Intune Remediation of the Boot Manager issues in Windows i.e. BlackLotus KB5025885 - takes about two weeks for a machine to reboot enough to mitigate
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
Sliver C2 with BallisKit MacroPack and ShellcodePack
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
defendnot: An even funnier way to disable windows defender. (through WSC api)
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
LitterBox: sandbox approach for malware developers and red teamers to test payloads against detection mechanisms before deployment
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
