If you're doing #ActionableCTI or #detectionengineering -> submit to the @BSidesLuxembourg CFP, we are brewing something really interesting for you!
#DetectionEngineering
Help us build an awesome event this upcoming May!
Submit to our CFP, help us get our villages, workshop day and talk tracks over 2 days to be awesome!
Maybe a cloudsec village or cloud track?
We're seriously trying to build a #detectionengineering village or track.
How about AI security?
An offensive village?
We already got some promising submissions - 2 villages proposed and under evaluation (Car hacking, CTI).
Despite the promising title of this blog post by John Vester 'Why the MITRE ATT&CK Framework Actually Works', its a load of crock.
You can't and shouldn't use MITRE #ATT&CK to prove any sort of detection coverage or 'strong points'. At best, you can prove total absence in certain subtechniques.
If you want to do any sort of data driven #detectioncoverage you need #OpenTide -> there's no way around it.
https://levelup.gitconnected.com/why-the-mitre-att-ck-framework-actually-works-29ac26d2d20c
ATT&CK is still ♥️ 😍 tho.
November’s @THOR_Collective Dispatch Debrief is live with SCADA weirdness, Taylor’s Version SOC vibes, and purple team chaos.
Come thrunt with us.
https://dispatch.thorcollective.com/p/dispatch-debrief-november-2025
#threathunting #cybersecurity #thrunting #soc #blueteam #detectionengineering #incidentresponse #cyberdefense #aiinsecurity #agenticai #scada #otsecurity #purpleteam #grc #peakframework #THORcollective #dispatchdebrief
🎤 The Autonomous SOC (Taylor’s Version)
Guest post with Kassandra Murphy
AI hype is loud. Most teams are just automating chaos.
Fix the basics first. Then scale the magic.
Read it on THOR Collective Dispatch.
Autonomy doesn’t replace us. It remasters us.
https://dispatch.thorcollective.com/p/the-autonomous-soc-taylors-version
#autonomousSOC #taylorsversion #cybersecurity #threathunting #SOClife #detectionengineering #automation #THORcollective #infosec #securityoperations
🚀 MITRE ATT&CK v18 = a major leap in detection depth.
The new version adds Detection Strategies and Analytics - helping defenders align detection logic to platform-specific threats.
Also new: CI/CD, Kubernetes, ransomware prep behaviors, mobile “linked devices” exploits, and ICS asset updates.
MITRE even launched the ATT&CK Advisory Council to strengthen community collaboration.
💬 What part of ATT&CK v18 do you think will have the biggest impact on detection engineering?
Follow @technadu for more #ThreatIntel insights.
#CyberSecurity #MITREATTACK #DetectionEngineering #CTI #ThreatIntel #BlueTeam #Infosec #CyberDefense #MITRE #ICS #CloudSecurity #MobileSecurity
Malicious Encoded PowerShell: Detecting, Decoding & Modeling: https://detect.fyi/malicious-encoded-powershell-detecting-decoding-modeling-321fd322c6ec
Super happy to have worked with our team on delivering such a well thought out and designed product feature.
The time and effort over the years I've been here that we've put into our security operations platform has made this possible.
I'm proud we didn't just yeet AI into the product because everyone else was doing it. It has been in R&D for over 3 years and will make MTTR significantly better across our customer base <3
#ArtificialIntelligence #productannouncement #dfir #blueteam #detectionengineering #msp #smb #infosec
Amine Besson's 'SOC must die talk' from #BSidesLuxembourg2025 is an absolute blast and a must-watch if you want to know where your SOC should move in today's environment and which role autonomy and AI will/should have in it going forwards
So if you do #blueteam #SOC #DetectionEngineering, watch this.
Amine Besson's 'SOC must die talk' from #BSidesLuxembourg2025 is an absolute blast and a must-watch if you want to know where your SOC should move in today's environment and which role autonomy and AI will/should have in it going forwards
So if you do #blueteam #SOC #DetectionEngineering, watch this.
CC @anton_chuvakin did you see it yet?
Detection Gaps: The Hidden Enemy in SOC Threat Hunting & Detection Engineering: https://detect.fyi/detection-gaps-the-hidden-enemy-in-soc-threat-hunting-detection-engineering-764472ea975e
Intelligence-Driven Detection Engineering: From Threat Intel to Detection-as-Code (with the Pyramid of Pain & DML): https://detect.fyi/intelligence-driven-detection-engineering-from-threat-intel-to-detection-as-code-with-the-pyramid-b5f2f159be25
Building effective threat hunting and detection rules in Elastic Security: https://www.elastic.co/blog/elastic-security-building-effective-threat-hunting-detection-rules
#DetectionEngineering #OpenTIDE
So #Cloudot will help you empirically map attack telemetry, create it and allow you to try to test your detections also
Now Itay Gabbay releases Cloudot, a tool to help you with #DetectionEngineering in cloud.
The tool looks like a serious chunk out of the #OpenTIDE backlog! #Cloudot
Used some #AI to jury rig a basic API documentation site for The Yaralyzer, my unexpectedly popular tool for visualizing and forcibly decoding #YARA matches in binary data.
* GitHub: https://github.com/michelcrypt4d4mus/yaralyzer
* PyPi: https://pypi.org/project/yaralyzer/
* API documentation: https://michelcrypt4d4mus.github.io/yaralyzer/api/
* Can also be installed (indirectly) via homebrew if you install The #Pdfalyzer (different tool)
#ascii #asciiArt #blueteam #cybersecurity #detectionengineering #DFIR #forensics #FOSS #hacking #infosec #KaliLinux #malware #malwareDetection #malwareAnalysis #openSource #pdfalyzer #redteam #reverseEngineering #reversing #threathunting #yaralyze #yaralyzer #YARA #YARArule #YARArules
Hello everyone! It's been a bit quiet over the last 24 hours, so it'll be a short post today, but we've still got some interesting insights into new phishing techniques and a significant warning regarding critical infrastructure. Let's dive in:
iCloud Calendar Phishing Bypass 🎣
- Threat actors are abusing iCloud Calendar invites to send callback phishing emails that appear to originate from Apple's legitimate email servers.
- By embedding phishing text in the invite's Notes field and sending it to a controlled Microsoft 365 mailing list, the emails bypass spam filters and pass SPF, DMARC, and DKIM checks.
- This technique lends significant legitimacy to the phishing attempt, aiming to trick recipients into calling a fake support number, which can lead to remote access scams, malware, or data theft.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/icloud-calendar-abused-to-send-phishing-emails-from-apples-servers/
Czechia's Critical Infrastructure: Beware Chinese Tech 🇨🇿
- The Czech National Cyber and Information Security Agency (NUKIB) has issued a "High" risk warning to critical infrastructure organisations regarding the use of Chinese technology and data transfer to China.
- NUKIB cites confirmed malicious activities by Chinese cyber actors, including an APT31 campaign against the Czech Ministry of Foreign Affairs, and highlights the Chinese government's access to data stored by private cloud providers within the country.
- While not a legal ban, organisations subject to the Czech Cybersecurity Act must now incorporate this threat into their risk analysis and implement appropriate mitigation measures, with NUKIB also recommending caution for consumer devices.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/czech-cyber-agency-warns-against-chinese-tech-in-critical-infrastructure/
#CyberSecurity #ThreatIntelligence #Phishing #SocialEngineering #Apple #iCloud #CriticalInfrastructure #SupplyChainSecurity #Geopolitics #InfoSec #CyberAttack #DetectionEngineering
Hey everyone! It's been a bit light on news over the last 24 hours, but we've still got some interesting updates on new malware campaigns, novel phishing techniques, and a fresh look at a threat actor targeting the energy sector. Let's dive in:
New Threat Research: Supply Chain Attacks, Targeted Phishing, and Stealthy Malware 🛡️
- A new software supply chain attack is targeting Ethereum developers via four malicious npm packages impersonating Flashbots. These packages are designed to steal cryptocurrency wallet credentials, including private keys and mnemonic seeds, exfiltrating them to a Telegram bot and even manipulating transactions.
- A new threat group, "Noisy Bear," has been linked to "Operation BarrelFire," a targeted phishing campaign against Kazakhstan's energy sector. The group uses phishing emails with LNK files to deploy a PowerShell loader (DOWNSHELL) and a DLL-based implant, with infrastructure hosted on the sanctioned Russian bulletproof hosting provider, Aeza Group.
- VirusTotal has uncovered a stealthy phishing campaign leveraging SVG files to create highly convincing fake portals, impersonating Colombia's judicial system. These SVG files use JavaScript to prompt users to download password-protected ZIP archives containing a legitimate executable and a malicious DLL for sideloading, a technique that initially evaded traditional antivirus detection.
📰 The Hacker News | https://thehackernews.com/2025/09/malicious-npm-packages-impersonate.html
📰 The Hacker News | https://thehackernews.com/2025/09/noisy-bear-targets-kazakhstan-energy.html
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/virustotal-finds-hidden-malware-phishing-campaign-in-svg-files/
#CyberSecurity #ThreatIntelligence #Malware #Phishing #SupplyChainAttack #Cryptocurrency #Ethereum #EnergySector #APT #InfoSec #DetectionEngineering #IncidentResponse
When you revisit a hunt that was too low fidelity and turn it into a high fidelity query with a detection 😎
#ThreatHunting #DetectionEngineering
Did you think detecting dll #sideloading was already annoying? Well then let me acquaint you with the newest post from @hexacorn
https://www.hexacorn.com/blog/2025/08/19/dll-forwardsideloading/
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst