#threat-detection — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #threat-detection, aggregated by home.social.
-
Encrypted traffic.
Trusted platforms.
Zero alerts.
Mayank Kumar (DeepTempo) explains how attackers bypassed traditional tools — and how behavioral AI caught it. -
Python C2 Server for Red Teaming: A Comprehensive Hands-On Guide
In this guide, I walk through building a Python-based C2 server, covering its architecture, encrypted communication, and real-world operational workflow.
https://denizhalil.com/2025/12/15/python-c2-server-red-teaming-guide/#CyberSecurity #RedTeam #C2 #commandandcontrol #Python #offensivesecurity #Pentesting #infosec #threatdetection #blueteam #securityengineering #ethicalhacking
-
🎖️ El Curso Forense de Redes está permanente disponible en el aula virtual para acceso inmediato. 📲 WhatsApp: https://wa.me/51949304030 🌐 https://www.reydes.com/e/Curso_Forense_de_Redes #threatdetection #investigation #cybercrime #digitalforensics #dfir #malware #incidentresponse -
What is DCSync Attack and Mimikatz Usage in Active Directory
One of the most critical attacks in Active Directory environments, DCSync, allows attackers to impersonate a Domain Controller and extract password hashes through replication abuse.
#CyberSecurity #ActiveDirectory #DCSync #RedTeam #BlueTeam #InfoSec #Pentesting #SOC #ThreatDetection #WindowsSecurity #EthicalHacking #ITSecurity #NetworkSecurity #SecurityOperations #DenizHalil
https://denizhalil.com/2026/03/27/dcsync-attack-active-directory-guide/
-
GitHub Copilot CLI downloads and executes malware
https://www.promptarmor.com/resources/github-copilot-cli-downloads-and-executes-malware
#HackerNews #GitHubCopilot #CLI #Malware #CyberSecurity #SoftwareDevelopment #ThreatDetection
-
🎥 Missed our webinar with
@suricata_ids? The replay is live!CrowdSec CTO Thibault Koechlin breaks down the CrowdSec + Suricata integration, from parsing logs to blocking malicious IPs, with a live demo to show it in action.
👉 Watch now: https://youtube.com/watch?v=af_KAJ9kswQ
-
Microsoft is moving to disable NTLM by default, with some exceptions.
If implemented, this will have a significant impact on threat actors abusing credentials within a network.
The move to IAKerb and local KDC for local and cached authentication will be....interesting.
Falling back to NTLM for authentication using IP addresses instead of FQDNs, I suspect, will keep NTLM in most environments, but overall this is a hopeful step in the right direction.
-
Defenders are structurally outpaced. Threat actors operate without vendor dependencies or infrastructure constraints.
The Agentic SecOps Workspace transforms a natural language request into production-ready detection coverage in minutes.
The AI interprets the threat requirement, generates detection logic, validates syntax, deploys to production, and tests against both positive and negative indicators.
This isn't a use case built into a chatbot. It's an AI operator with access to the same APIs and tools as your security engineers. You focus on outcomes, the AI figures out how to achieve them.
Get started: http://limacharlie.io/
-
Threat actors continue to operationalize current-events lures as part of malware delivery chains.
Recent research shows a backdoor deployed via attachments themed around breaking geopolitical news, using legitimate binaries and DLL sideloading techniques for persistence.
No attribution assumptions - just a reminder that contextual relevance remains one of the most effective social engineering tools.
What controls have you found most effective against news-driven phishing?
Engage with us in the comments and follow @technadu for practical threat intelligence coverage.
Source: https://www.darktrace.com/blog/maduro-arrest-used-as-a-lure-to-deliver-backdoor
#InfoSec #ThreatResearch #MalwareTTPs #PhishingDefense #CyberOperations #ThreatDetection #TechNadu
-
ThreatSentry AI: A threat hunting dashboard that utilizes ML and determines risk assessment by vulnerability identification of data
Check ✅️ it out:
-
Are you using your #SIEM to detect #security threats in the most efficient and effective ways possible❓🤔 When you implement and fine-tune SIEM detections, you strengthen your security posture and become better able to strategically aligning with your business objectives.
Fine-tuning your SIEM detections specifically allows you to:
💡 Improve threat detection with smarter correlation
⬆️ Accelerate incident response
👀 Gain comprehensive visibility into your environment
☑️ Enable compliance and audit readiness
😌 Reduce alert fatigueRead on, to learn about 6 specific steps you can take that will help you build fine-tuned detections and high-fidelity alerts.👇
https://graylog.org/post/6-steps-for-using-a-siem-to-detect-threats/ #ThreatDetection #IncidentResponse #TDIR #CyberSecurity
-
“AI shines wherever there’s high event volume and the need to aggregate weak signals into a meaningful picture.”
- Norman Gottschalk, Global CIO & CISO, Visionet Systems
This interview explores:
• AI-driven phishing and insider risk
• Governance gaps from shadow AI usage
• Why AI cannot judge intent without humans -
Is your financial institution as safe as it could be from #ransomware and other cyber threats? 🤔 Groups like FIN7, Lazarus Group, and Carbanak often specifically target banks with sophisticated attacks, like SWIFT compromises and more. 🏦 💰
But have no fear, Graylog + Model Context Protocol (MCP) are here to help! 🦸💪 Today, Seth Goldhammer is walking you through a real world example where a bank in the north east, with a simple #Anthropic prompt, learned that it needed to understand the threat landscape and map it to their current log sources — to enable threat detection content in their current #Graylog deployment.
See how they mastered the challenge and enabled real-time, context-aware recommendations based on their actual environment, in our latest Graylog Labs article.👇
https://graylog.org/post/how-to-use-mcp-to-optimize-your-graylog-security-detections/
-
Got some time at the end of the year? We’ve just published the SANS Institute Detection and Response Survey results.
This year I’ve pulled together a comparison from last year's data and tried to break down some of the results by organisation size.
Free Download (requires login only)
🔗 https://go.sans.org/detection-response-whitepaper#DnR #ThreatDetection #IncidentResponse #CSIRT #SOC #CERT #Cybersecurity
-
Manufacturing is becoming a test bed for ransomware shifts https://www.helpnetsecurity.com/2025/12/15/sophos-manufacturing-ransomware-risks-report/ #manufacturingsector #threatdetection #cybersecurity #encryption #ransomware #report #Sophos #News
-
Paranoia rules -- how automation can enable better detection and response [Q&A] #QandA #ThreatDetection
-
We've got new cloud-native integrations with AWS Security Hub and Amazon #EventBridge! 🎉 Now you can get real-time event ingestion and support for the Open #Cybersecurity Schema Framework (OCSF)—which streamlines AWS log analysis and accelerates threat detection. And, with this new Amazon EventBridge integration events now flow into #Graylog the moment they occur, enabling real-time threat detection and faster response to incidents. 🙌
Learn more about OCSF support for seamless #AWS Security Hub integration, how these new capabilities are designed specifically for cloud-first teams using Graylog, and more. 👇
https://www.businesswire.com/news/home/20251202476132/en/Graylog-Boosts-Security-Visibility-with-Real-Time-Event-Ingestion-and-OCSF-Support-with-AWS-Security-Hub?_gl=1*1mn0cnh*_gcl_au*NzcyNDU4NjQzLjE3NjAwMzE1NjI.*_ga*MjUxODEwNDk4LjE3NjAwMzE1NjI.*_ga_ZQWF70T3FK*czE3NjQ3MDIwNTkkbzUxJGcxJHQxNzY0NzAyODkwJGo1NCRsMCRoMA #CyberSecurity #SIEM #ThreatDetection
-
How a noisy ransomware intrusion exposed a long-term espionage foothold https://www.helpnetsecurity.com/2025/12/02/threat-research-ransomware-espionage-attack/ #PositiveTechnologies #threatdetection #cyberespionage #cybercriminals #ransomware #Don'tmiss #Hotstuff #News #APT
-
Server Security Checklist — Essential Hardening Guide
Securing your servers isn’t optional — it’s your first line of defense against data breaches, ransomware, insider threats, and lateral movement. Use this checklist as a baseline for Linux, Windows, cloud, hybrid, or on-prem servers.
⸻
🔧 1. System & OS Hardening
• Keep OS & packages updated (apply security patches frequently).
• Remove / disable unused services & software.
• Enforce secure boot + BIOS/UEFI passwords.
• Disable auto-login and guest accounts.
• Use minimal OS images only (reduce attack surface).⸻
🔐 2. Access Control
• Enforce strong passwords & MFA everywhere.
• Use RBAC & least privilege access.
• Disable root/Administrator login over SSH/RDP.
• Rotate credentials & keys regularly.
• Implement just-in-time access for privileged users.⸻
🌐 3. Network Security
• Restrict inbound/outbound traffic via firewalls.
• Segment critical servers from general LANs/VLANs.
• Disable unused ports & protocols.
• Enable DoS/DDoS protection.
• Apply zero-trust network principles.⸻
🔑 4. Secure Remote Access
• Use SSH key-based authentication (disable password login).
• Enforce VPN for admin access.
• Log & monitor all remote access sessions.
• Disable legacy protocols (Telnet, FTP, SMBv1).
• Require bastion/jump host for critical access.⸻
📊 5. Logging & Monitoring
• Enable centralized logging (syslog / SIEM).
• Track failed login attempts & anomalies.
• Configure alerts for privilege escalation or config changes.
• Monitor log tampering.
• Retain logs securely for audits & forensics.⸻
🔒 6. Data Protection
• Encrypt data at rest (LUKS, BitLocker, etc.).
• Encrypt data in transit (TLS 1.2+).
• Strict database access policies.
• Regular, offline, immutable backups.
• Test restore procedures (don’t assume backups work).⸻
🔁 7. Application & Patch Management
• Keep middleware, frameworks, and apps patched.
• Delete default credentials & sample files.
• Enable code signing for software packages.
• Use secure coding practices (OWASP Top 10).
• Implement dependency scanning (Snyk, Trivy, etc.).⸻
🛡️ 8. Malware & Intrusion Defense
• Deploy EDR/AV on endpoints.
• Enable IDS/IPS at network edge.
• Automatic vulnerability scans (schedule weekly/monthly).
• Monitor persistence techniques (cron, startup scripts).
• Block known malicious IP ranges & TLDs.⸻
🏢 9. Physical & Cloud Security
• Restrict physical access to server racks/rooms.
• Enable provider security tools (AWS Security Groups, Azure NSG, IAM).
• Harden cloud images (CIS benchmarks).
• Review cloud logging & audit trails regularly.
• Disable unused cloud API keys / roles.⸻
📜 10. Policy & Compliance
• Use CIS / NIST / ISO-27001 benchmarks.
• Track & document every access change.
• Force annual access reviews & key rotation.
• Perform regular security training for admins.
• Maintain disaster recovery & incident plans.⸻
➕ Additional 5 Critical Controls (Advanced Hardening)
🧠 11. Privileged Access Management (PAM)
• Use jump hosts & session recording.
• Just-In-Time access for admins.
• Store keys in secure vaults (HashiCorp Vault, CyberArk).🚨 12. Real-Time Threat Detection
• Use behavioral analytics → UEBA/XDR.
• AI-based anomaly detection recommended.
• Block suspicious IPs automatically.🧪 13. Red Team & Pentesting
• Run regular internal pentests.
• Validate configuration weaknesses.
• Simulate phishing + lateral movement scenarios.🧱 14. Container / VM Isolation
• Use AppArmor, SELinux, Seccomp profiles.
• Limit Docker socket access & root containers.
• Scan images before deployment.📦 15. Automated Configuration Management
• Use IaC (Terraform, Ansible, Puppet) for repeatable and secure builds.
• Detect drift using compliance scanning.
• Version control all infrastructure.⸻
🧠 Core Reminder
A server is only as secure as the team who maintains it.
Hardening isn’t one task — it’s an ongoing#ServerSecurity #SystemHardening #InfoSec #CyberSecurity #BlueTeam
#DevSecOps #SysAdmin #ThreatDetection #AccessControl #NetworkSecurity
#LinuxSecurity #SecureArchitecture #RiskMitigation #SecurityChecklist
#CloudSecurity #InfrastructureSecurity #ZeroTrust #SecurityMonitoring