One year, I had a chat with the fine people @suricata during the @cert_eu conference, and they were wondering why we didn't create an open source website for all the different rules (YARA, Suricata, and many others) — a place to allow comments, reviews, bundling, and integration with @misp.

We’ve just released the first beta version of the rulezet.org service! 🎉

The platform is open and publicly available and the entire back-end is fully open source.

It’s still in beta, so feedback is very welcome!

🔗 https://rulezet.org/

#cti #yara #threatintelligence #osint #dfir #cybersecurity #suricata

@misp
@circl

#UYBHYS [Samedi 8/11 11h15] TALK de Cédric Bonhomme (@cedric) et Alexandre Dulaunoy (@adulau) du @circl :

Advancing Vulnerability Tracking and Disclosure Through an open and distributed platform

https://www.unlockyourbrain.bzh/conferences

#UYBHYS25

Flowintel release version 2.0.0 with a new UI

Flowintel is an open-source platform designed to help analysts and incident responders manage, investigate, and collaborate on cases efficiently.

🔗 https://github.com/flowintel/flowintel/releases/tag/2.0.0

#opensource #dfir #threathunting #misp

@misp

We are happy to announce the integration of @kunai_project Linux Sandbox on MalwareBazaar 🥳

Sample ELF X86 report ⤵️
https://bazaar.abuse.ch/sample/0d2211b7e92fcc6a9f7c94d4adf8e47f6f97e31dacd3b2ffb6cce3c485fcef26/

🎉 Just dropped a new Kunai release! 🎉

We've been working hard on some exciting new features and performance boosts that we can't wait for you to try out! Here's what's new:

New Features:
🔍 Track io_uring operations with new io_uring_sqe events!
📝 Get more context with parent command line information for execve and execve_script events.
🔎 Get information about matching filtering rules in final events.
🧪 Test your filters with ease using the new test command.

Improvements:
⚡ Experience performance boosts thanks to changes in the event matching engine and code refactoring.

Ready to dive in? Check out the full release notes here: https://github.com/kunai-project/kunai/releases/tag/v0.6.0

Don't hesitate to give Kunai a try and share your feedback! Let's make Kunai even better together!

#Linux #ThreatHunting #ThreatDetection #DFIR #DetectionEngineering #OpenSource

The hackathon FIRSTCON25 takes place physically at 37th ANNUAL FIRST CONFERENCE on Sunday 22nd June in Copenhagen.

GCVE.eu topic has been added to the hackathon.

🔗 About the hackathon https://discourse.ossbase.org/c/hackathon-firstcon25/12
🔗 GCVE.eu topic https://discourse.ossbase.org/t/gcve-eu-processes-standards-bcp-and-tooling/95
🔗 Registration https://pretix.eu/circl/hackathonfirst25/

@firstdotorg @gcve @ddu @jtk @gallypette

#gcve #vulnerability #opensource #hackathon #cve #firstcon25

🚀 New Blog Post: Kunai vs io_uring (https://why.kunai.rocks/blog/kunai-vs-io_uring) 🚀

💡 Ever wondered how io_uring revolutionizes I/O operations in the Linux kernel? Inspired by Armo's blog post (https://www.armosec.io/blog/io_uring-rootkit-bypasses-linux-security/) about a PoC rootkit using io_uring, we explored this feature's security implications and how tools like Kunai can monitor these operations.

🔍 Key Takeaways:
🔹 io_uring boosts I/O performance by reducing system call overhead and enabling asynchronous operations
🔹 Security tools struggle to monitor io_uring due to its unique handling of operations
🔹 Kunai now provides visibility into io_uring operations, though blocking malicious activities remains challenging
🔹 Recent kernel versions have introduced auditing and security controls for io_uring, but these are still limited

📖 Read more: https://why.kunai.rocks/blog/kunai-vs-io_uring

#Linux #io_uring #Security #OpenSource #ThreatDetection #SOC #DFIR

If you didn't buy your #BSidesLuxembourg2025 ticket yet, why not?

We're hoping you'll like the 6 PARALLEL TRACKS, 3 with hands-on hacking workshops and similar, 3 with talks, including the security management/CLUSIL track for Security Managers, architects, CISOs and so on!

The schedule is here --> https://pretalx.com/bsidesluxembourg-2025/schedule/

@circl and by the way, we just launched 🔗 https://gcve.eu/

GCVE: Global CVE Allocation System

The Global CVE (GCVE) allocation system is a new, decentralized approach to vulnerability identification and numbering, designed to improve flexibility, scalability, and autonomy for participating entities.

While remaining compatible with the traditional CVE system, GCVE introduces GCVE Numbering Authorities (GNAs). GNAs are independent entities that can allocate identifiers without relying on a centralised block distribution system or rigid policy enforcement.

Mastodon account for GCVE - @gcve

Massive contribution to @suricata by
Todd Mortimer from the Canadian Centre for Cyber Security (https://www.cyber.gc.ca/en). The HTTP support is now handled by a Rust crate: https://github.com/OISF/suricata/commit/9c324b796e6b4b8ec222dd1ce8649a9d616f3581
This is so good to see contributions from governmental organization to common good.

Over 22 real contributions and project outcomes came out of our two-day hackathon in Luxembourg, truly impressive work! The collaboration and energy were next-level.

Glad to share that we'll also be hosting a smaller hackathon at @firstdotorg’s annual conference in Copenhagen on Sunday 22nd June . See you there! 💥 #Hackathon #FIRSTcon25

#hackathon #opensource #csirt #cybersecurity

🔗 hackathon.lu 2025 - Outcome and results details https://hackathon.lu/2025/04/11/hackathon.lu-2025-outcome/

🔗 hackathon at FIRSTCON25 https://discourse.ossbase.org/c/hackathon-firstcon25/

A dedicated fediverse account has been created to follow the hackathon topics

@hackathonfirstcon25

@ddu and @gallypette will also coordinate the hackathon with me.

For the hackathon in Luxembourg, we’ve set up @hackathon-lu, a bridge to the Discourse forum for the event.

🔗 https://discourse.ossbase.org/c/hackathon-lu/

If you want to follow what’s happening during the hackathon for the next two days, you can subscribe to @hackathon-lu

#hackathon #cybersecurity #opensource #luxembourg

🔗 https://hackathon.lu/

🚨 Alert: The use of #Spyware and an attack on #Encryption have been tabled in the French Parliament. These measures pose a serious threat to everyone’s online privacy and security.

In an urgent letter to members of the French National Assembly, 22 digital rights organisations from all around Europe, including EDRi, call to reject the proposed articles.
https://edri.org/wp-content/uploads/2025/03/EDRi-open-letter-to-French-National-Assembly-re-Narcotrafic-bill.pdf

EDRi-member @LaQuadrature is mobilising against the „narcotrafic“ legislation:
https://www.laquadrature.net/en/warondrugslaw/
#PPLNarcotrafic

TR-93 - Financial transaction fraud after system compromise.

This document outlines a malspam attack targeting businesses through fraudulent emails that exploit Remote Monitoring & Management (RMM) tools. The attackers deceive recipients into clicking a malicious link disguised as an invoice, which installs an RMM tool on their system. Since these tools are legitimate applications, they evade antivirus detection.

#cybersecurity #fraud #dfir

🔗 https://circl.lu/pub/tr-93/

Super happy to see the open source sysdiagnose joining the hackathon.lu held in Luxembourg on April 8th and 9th, 2025.

sysdiagnose is an open-source framework developed to facilitate the analysis of the Apple sysdiagnose files and especially the one generated on mobile devices (iOS / iPadOS). In the light of targeted attacks against journalists, activist, representatives from the civil society and politicians, it empowered incident response team to review device behaviour and ensure their integrity. This tool is initially the result of a joint effort between EC DIGIT CSOC (European Commission DG DIGIT) and CERT-EU (https://cert.europa.eu/).

https://hackathon.lu/projects/#sysdiagnose-analysis-framework

Don't hesitate to register and add your project!

#opensource #dfir #forensic #hackathon #luxembourg

Thanks to @ddu and the team to join us.

We imported the data from Black Basta Ransomware group leak into AIL and there are many interesting aspects.

• The federation network of Matrix servers (see the screenshot) used to communicated among the affiliates/group(s).

• Activities in the chat room, especially the daily activity view in AIL. Guessing the location and timezone of groups or affiliates is an endless source of information.

• They rely on many open-source and SaaS tools, including Google Docs or Zoom.

• Many interesting correlations with cryptocurrencies, IP addresses, CVE numbers, and chat username relationships (who talks to whom and when).

If you are using AIL project and want to import the leak dataset, @terrtia did an importer https://github.com/ail-project/ail-feeder-matrix

#BlackBasta #blackbastleaks #threatintel #osint #threatintelligence #opensource #dataset

@ail_project

Maybe some interesting input for @fr0gger for his existing analysis.

I see that this dataset can be used to enhance some of our open-source tools.

https://github.com/ail-project/ail-framework

🚀 New Kunai Patch Release! 🔥

This update brings important fixes:
✅ Fix probe tripping the eBPF verifier affecting Linux v5 (only on AArch64)
✅ Improved compatibility with kernels ≥ 6.11

🔗 check it out: https://github.com/kunai-project/kunai/releases/tag/v0.5.4

#opensource #linux #threathunting #dfir

The famous library called Lacus behind @ail_project to perform web capture in headless mode, has been released as version 1.13.0

The new version has a mode to perform web capture with a headed browser.

Thanks to @rafi0t for the continuous work on the library.

#cybersecurity #threatintel #opensource #threatintelligence

🔗 Release notes https://github.com/ail-project/lacus/releases/tag/v1.13.0
🔗 Project page https://github.com/ail-project/lacus

I’m sure the same assholes that effectively murdered Aaron Swartz for attempting to make academic research accessible to all will now be shutting down Meta over this. Yep, no doubt at all.

https://arstechnica.com/tech-policy/2025/02/meta-torrented-over-81-7tb-of-pirated-books-to-train-ai-authors-say/

#Meta #Facebook #BigTech #AI

With the release of Vulnerability Lookup 2.5, the online service at CIRCL has been updated to include a new feature: vulnerability notifications for monitored vendors and products.

🔗 Online service https://vulnerability.circl.lu/

🔗 2.5 release notes https://www.vulnerability-lookup.org/2025/02/07/vulnerability-lookup-2-5-0/

#vulnerability #cve #cybersecurity #opensource #opendata