🔒 FTRSec 🐼
LightNews LightNews
banner
ftrsec.bsky.social
🔒 FTRSec 🐼
@ftrsec.bsky.social
71 followers 32 following 62 posts
┌──(ftrsec㉿kali)-[/opt/bluesky]
└─# cat bsky_desc.txt
#Cybersecurity Sr. SOC analyst & builder
#Redteam lecturer at university
#Splunk expert
I love pandas
Posts Replies Media Videos
Pinned
ftrsec.bsky.social
🔒 FTRSec 🐼 @ftrsec.bsky.social · Dec 3
We often talk about #AI for redteam, but barely about redteam for AI.
In this thread are some valuable ressources to help you for future AI #redteam.
It also can help #blueteam to improve their #detection and knowledge about these attacks.

#cybersecurity #infosec #technology

atlas.mitre.org
MITRE ATLAS™
atlas.mitre.org
ftrsec.bsky.social
www.zscaler.com/blogs/securi...
Termncolor and Colorinal Explained | ThreatLabz
ThreatLabz examines how termncolor and colorinal, malicious Python packages, expose supply chain risks via DLL sideloading, persistence, and covert C2 communication.
www.zscaler.com
August 19, 2025 at 1:58 AM
ftrsec.bsky.social
www.youtube.com/watch?v=T7x1...
A North Korean Cyber Operation
YouTube video by SANS Digital Forensics and Incident Response
www.youtube.com
August 16, 2025 at 5:27 AM
ftrsec.bsky.social
www.security.com/threat-intel...
Unmasking LockBit: A Deep Dive into DLL Sideloading and Masquerading Tactics
Stealthy TTPs help ransomware attackers remain under the radar.
www.security.com
August 2, 2025 at 8:36 AM
ftrsec.bsky.social
Splunk 10 Released :)

help.splunk.com/en/splunk-en...

help.splunk.com/en/splunk-en...
Splunk Docs
undefined
help.splunk.com
July 30, 2025 at 2:41 PM
ftrsec.bsky.social
www.microsoft.com/en-us/securi...
Disrupting active exploitation of on-premises SharePoint vulnerabilities | Microsoft Security Blog
Microsoft has observed two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon, exploiting vulnerabilities targeting internet-facing SharePoint servers. In addition, we have observed a...
www.microsoft.com
July 24, 2025 at 12:40 PM
ftrsec.bsky.social
An interesting detailed article about an advanced attack and the TTP used

securelist.com/apt41-in-afr...

#Detection #malware #IoC #Cybersecurity
SOC files: an APT41 attack on government IT services in Africa
Kaspersky experts analyze an incident that saw APT41 launch a targeted attack on government IT services in Africa.
securelist.com
July 22, 2025 at 3:28 AM
ftrsec.bsky.social
thedfirreport.com/2025/07/14/k...
KongTuke FileFix Leads to New Interlock RAT Variant
Researchers from The DFIR Report, in partnership with Proofpoint, have identified a new and resilient variant of the Interlock ransomware group’s remote access trojan (RAT). This new malware,…
thedfirreport.com
July 19, 2025 at 3:23 AM
ftrsec.bsky.social
cybersecuritynews.com/hackers-are-...
Hackers are Using ClickFix Techniques to Deliver NetSupport RAT, Latrodectus and Lumma Stealer Malware
Emerging in late 2024 and surging throughout the first half of 2025, ClickFix has become a pervasive social-engineering vector in which threat actors trick users into executing malicious commands unde...
cybersecuritynews.com
July 19, 2025 at 3:18 AM
ftrsec.bsky.social
www.reversinglabs.com/blog/rl-iden...
Malicious ML models discovered on Hugging Face platform
Developers working on machine learning take note: RL threat researchers have identified nullifAI, a novel attack technique used on Hugging Face.
www.reversinglabs.com
February 8, 2025 at 11:52 AM
ftrsec.bsky.social
techcommunity.microsoft.com/blog/microso...
Block malicious command lines with Microsoft Defender for Endpoint | Microsoft Community Hub
The modern threat landscape is rapidly evolving, with new attack strategies being employed at greater frequency and volume than we have seen in the past. One...
techcommunity.microsoft.com
February 5, 2025 at 6:18 AM
ftrsec.bsky.social
isc.sans.edu/diary/From+P...
From PowerShell to a Python Obfuscation Race! - SANS Internet Storm Center
From PowerShell to a Python Obfuscation Race!, Author: Xavier Mertens
isc.sans.edu
January 29, 2025 at 4:15 PM
ftrsec.bsky.social
www.akamai.com/blog/securit...
www.akamai.com
January 29, 2025 at 8:14 AM
ftrsec.bsky.social
Investigation on Xbash malware

www.trustwave.com/en-us/resour...
The Database Slayer: Deep Dive and Simulation of the Xbash Malware
In the world of malware, common ransomware schemes aim to take the data within databases and hold them hostage, promising data recovery upon ransom payment.
www.trustwave.com
January 15, 2025 at 3:45 PM
ftrsec.bsky.social
Webshell through IIS

www.trendmicro.com/en_us/resear...
Investigating A Web Shell Intrusion With Trend Micro™ Managed XDR
This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data.
www.trendmicro.com
January 15, 2025 at 3:44 PM
ftrsec.bsky.social
www.trendmicro.com/en_hk/resear...
Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit
Our blog entry discusses a fake PoC exploit for LDAPNightmare (CVE-2024-49113) that is being used to distribute information-stealing malware.
www.trendmicro.com
January 10, 2025 at 2:51 AM
ftrsec.bsky.social
Happy new year ! Wish you all the best for the 2025 year !

I'm back to activity after a quick break, starting by sharing an interesting article about EAGERBEE backdoor.

securelist.com/eagerbee-bac...

#Cybersecurity #IoC #malware #infosec
The EAGERBEE backdoor may be related to the CoughingDown actor
Kaspersky researchers analyze EAGERBEE backdoor modules, revealing a possible connection to the CoughingDown APT actor.
securelist.com
January 7, 2025 at 7:01 AM
Reposted by 🔒 FTRSec 🐼
steviecoaster.dev
#pwsh tip of the day!

$PSBoundParameters doesn't account for params whom have a default value. Thankfully, you can still get this information! Enter $PSCmdlet! You can pull the bound parameters off of the Invocation Property of that object.

I put together a quick example at:

Happy Scripting!
Get all parameters to function, including default values
Get all parameters to function, including default values - Get-AllBoundParameters.ps1
gist.github.com
January 6, 2025 at 8:33 PM
Reposted by 🔒 FTRSec 🐼
dinosn.bsky.social
apkleaks: Scanning APK file for URIs, endpoints & secrets meterpreter.org/apkleaks-sca...
apkleaks: Scanning APK file for URIs, endpoints & secrets
APKLeaks using jadx dissambler to decompile APK file. If it doesn't exist in your environment, it'll ask you to download or nah.
meterpreter.org
January 7, 2025 at 4:57 AM
Reposted by 🔒 FTRSec 🐼
olafhartong.nl
Adding to my ETW research toolkit, a tiny program to consume information from a provider with as little overhead as possible.

PockETWatcher, a tool to get the essential information from a ETW provider to the CLI or a JSON file

github.com/olafhartong/...
GitHub - olafhartong/PockETWatcher: a tiny program to consume an ETW trace for research
a tiny program to consume an ETW trace for research - olafhartong/PockETWatcher
github.com
January 4, 2025 at 9:15 PM
Reposted by 🔒 FTRSec 🐼
thehackernews.com.web.brid.gy
Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution
A high-severity security flaw has been disclosed in ProjectDiscovery's Nuclei, a widely-used open-source vulnerability scanner that, if successfully exploited, could allow attackers to bypass signature checks and potentially execute malicious code. Tracked as CVE-2024-43405, it carries a CVSS score of 7.4 out of a maximum of 10.0. It impacts all versions of Nuclei later than 3.0.0. "The
thehackernews.com
January 4, 2025 at 4:34 PM
ftrsec.bsky.social
www.secureblink.com/cyber-securi...
Cryptojacking Attack Exploits Docker Swarm and Kubernetes to Build Botnet
A new cryptojacking attack exploits Docker Swarm and Kubernetes via exposed APIs, forming a botnet. Learn how it works and how to protect your systems
www.secureblink.com
December 28, 2024 at 1:05 PM
ftrsec.bsky.social
www.securitynewspaper.com/2024/12/26/t...
Top 2 Malicious Python Packages You Must Avoid! Zebo-0.1.0 & Cometlogger-0.1
Top 2 Malicious Python Packages You Must Avoid! Zebo-0.1.0 & Cometlogger-0.1 - Malware - Information Security Newspaper | Hacking News
www.securitynewspaper.com
December 26, 2024 at 10:55 PM
ftrsec.bsky.social
medium.com/@henrique4wi...
Analyzing North Korean Malware
Before I start, it is important to say that I have not done this alone. So a special thanks to all members of ByteSized, you can find more…
medium.com
December 26, 2024 at 6:51 PM
ftrsec.bsky.social
Merry Christmas to everyone! 🥳

Big respect to those in cyber holding the fort today ! Thank you !
December 25, 2024 at 2:53 PM
Reposted by 🔒 FTRSec 🐼
neroqc.bsky.social
Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware
gbhackers.com/skuld-malwar...

#Infosec #Security #Cybersecurity #CeptBiro #Skuld #Malware #WindowsUtilitiesPackages #Malware
Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware
Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld infostealer through malicious packages
gbhackers.com
December 23, 2024 at 1:17 PM