Archive for the ‘Red team’ Category
Posted by jpluimers on 2026/05/04
Ook vandaag even een herinnering aan de NLUUG voorjaarsconferentie 2026 van (komende) donderdag 7 2026 mei in het Van der Valk Hotel Utrecht¹.
Deze keer omdat een goede vriend van me daar spreekt. Arjen Lentz heeft het over A Wizard’s Guide to Foreseeing the Unseen.
Dat klinkt misschien vaag, het concrete resultaat is dat je met analyse van CVE’s veel te weten komt over hun echte root cause. Die blijkt verrassend voorspelbaar, is fixbaar, en kennis daarover is niet alleen nuttig voor adversaries. Het kan jou namelijk helpen bij de development en selectie van wat je zelf gebruikt.
Het volledige programma staat hieronder², eerst de aankondiging van [Wayback/Archive] L⭕️rd Quux RCX CCX: “Over een week is het zover! De enige NLUUG conferentie van 2026. …” – Mastodon
Read the rest of this entry »
Posted in Blue team, Development, DVCS - Distributed Version Control, git, Infosec (Information Security), Power User, Red team, Security, Software Development, Source Code Management, Systems Architecture | 1 Comment »
Posted by jpluimers on 2025/11/19
[Wayback/Archive] Thread by @cyb3rops on Thread Reader App – Thread Reader App
If your agent gets flooded – detect the flooding.
If code gets obfuscated – detect the obfuscation.
If ETW gets silenced – detect the silence.
If the EDR gets killed – detect the killing.
If logs get cleared – detect the clearing.
The act of hiding is often more suspicious than what’s being hidden.
It’s like a surveillance camera going black or freezing.
That is the signal.
I’ve been doing this successfully for years.
I detect obfuscated crap all the time.
People ask, “What is it?”
I say, “No fucking clue. Could be:
– a Themida-packed sample with a Microsoft copyright,
– a UPX-packed ELF with a 1-char filename,
– a PowerShell script that looks like static noise, or
– a fake svchost.exe with no Microsoft copyright.”
I don’t need to know what it is.
It’s obviously shady.
That’s enough to detect it – and deal with it.
There’s a Chinese saying that fits perfectly: 欲蓋彌彰
The more you try to hide it, the more obvious it becomes.
--jeroen
Posted in Blue team, Development, DevOps, LifeHacker, Power User, Red team, Security, Software Development | Leave a Comment »
Posted by jpluimers on 2025/09/30
Posted in *nix, *nix-tools, Blue team, Bluetooth, Development, Encryption, ESP32, Hardware, Hardware Development, Hardware Interfacing, Home Audio/Video, HTTPS/TLS security, Infosec (Information Security), Network-and-equipment, Power User, Red team, Software Development, WiFi, Wireshark | Tagged: USBArmyKnife | Leave a Comment »
Posted by jpluimers on 2025/09/09
I thought I had been living under a stone for decades when I bumped into vx-underground (@vxunderground) / Twitter
The largest collection of malware source code, samples, and papers on the internet.
Password: infected
That appeared to be untrue as vx-underground, ran by a team of volunteers, started in 2019 ([Archive] web.archive.org/web//vx-underground.org) right when a few crisis in my life came together at the same time.
So here are the links for my archive as they are great content for both Red Teams and Blue Teams on many things cyber security related:
Read the rest of this entry »
Posted in Blue team, Pen Testing, Power User, Red team, Security | Leave a Comment »
Posted by jpluimers on 2025/08/13
[Wayback/Archive] GS305E | Easy Smart Managed Essentials Switch | NETGEAR Support which can do many-to-one port mirroring.
This is a newer and cheaper hardware revision than the:
- GS105Ev2 (which is managed and can do port-mirroring, and is confusingly sold as GS105E-200) which in Germany already is end-of-life
- GS105Ev1 (which is unmanaged and cannot do port-mirroring and is confusingly sold as GS105E-100) which is end-of-life but still sold
Via [Wayback/Archive] Everyone Should Have One of These – EASY Packet Capture! – YouTube who explains very well why you need a switch that can do port-mirroring, then recommends the GS105E but forgets to mention:
- there are different revisions of the GS105E with the above drawbacks
- there is GS305E
Related:
Read the rest of this entry »
Posted in Blue team, Communications Development, Development, Ethernet, Hardware, Internet protocol suite, Network-and-equipment, Power User, Red team, Security, Software Development, TCP, UDP | Leave a Comment »
The Wiert Corner - irregular stream of stuff 