#MITRE ATT&CK is one of the most widely used frameworks in #cybersecurity, and its real power goes beyond technique mapping. In our next #CTI Session, Amy and Lex from The @MITREattack Corporation walk through how to turn #TTPmapping into behavior-first detections that run in production. feedly.com/cti-sessions/turn…

Come on, NY Post 😡 INVESTIGATE Over $1 trillion per year of taxpayer money goes to the Pentagon/Department of Defense (DoD), with a large share (often 50% ) going to defense contractors. Add roughly $100 billion more to “secret access programs” (black budget/classified intelligence). Defense contractors are the ones hiding UFO/UAP and NHI from the public: Lockheed Martin, Raytheon, Boeing, General Dynamics, Northrop Grumman, Radiance Technology, BAE Systems, and MITRE. No one wants to see digital renderings or digital recreation crap. @CIA @DoW_AARO @MITREattack

Come on, Miller 😡 Release 3 is junk. Over $1 trillion per year goes to the Pentagon/Department of Defense (DoD), with a large share (often 50% ) going to defense contractors. Then you can add roughly $100 billion more to “secret access programs” (black budget/classified intelligence). No one wants to see your digital renderings or a digital recreation crap. 👇 @CIA @DoW_AARO @MITREattack

Real malware execution telemetry doesn't exist as a training corpus. It's locked under incident-response NDA and vendor confidentiality. Yet MITRE ATT&CK procurement checklists, NIST SP 800-83r1, NIS2 Article 21, and DORA Article 26 now expect malware behaviour corpora for AV/EDR validation and SOC readiness. The open options don't close the gap. VirusShare, SOREL-20M, EMBER, MalwareBazaar — none carry trajectory-level execution telemetry, threat-actor tier labels, or campaign-attribution clusters. CYB003 is the synthetic alternative: 5,600 samples, 336K execution rows, zero PII, entirely synthetic — no real endpoints, infrastructure, or organisations. Built to drop straight into a training pipeline. If "we need malware behaviour data but can't get it" is on your roadmap, let's talk. → DM me or pradeep@xpertsystems.ai for a dataset preview. xpertsystems.ai/ #Cybersecurity #ThreatIntel #SyntheticData #MITREATTACK #EDR

Zapraszamy na webinar „Intelligent Mapping of CTI to MITRE ATT&CK: Automating TTP Classification with AI”, organizowany przez @LukasiewiczAI i @EclecticIQ w ramach projektu #CTIAI. 📅 23.06.2026 | 🕙 10:00 CEST 👉tiny.pl/fnn3yqdx3 #AI #Cybersecurity #CTI #MITREATTACK

T1486: Data Encrypted for Impact — The Ransomware Endgame Every major ransomware family uses this technique. LockBit, BlackCat/ALPHV, Royal, Akira — they all execute the same playbook: encrypt everything, drop a ransom note, and wait for payment. But encryption doesn't happen in isolation. Attackers prep the environment first. You'll see shadow copy deletion (T1490) via vssadmin.exe or wmic.exe, defense impairment (T1562) disabling EDR or Windows Defender, and privilege escalation to access more files. By the time encryption starts, they've already won — unless you caught them earlier. Detection opportunities exist at the encryption phase: • Rapid file rename patterns (mass .locked, .enc extensions) • High-entropy file writes across multiple directories • Ransom note creation (README.txt, HOW_TO_DECRYPT.html) • Canary files in sensitive directories triggering alerts on modification Log sources: Sysmon Event ID 11 (FileCreate), Windows Security 4663 (file access auditing), EDR file operation telemetry. Look for processes writing to hundreds of files in seconds. The hard truth: detection at this stage means you're already compromised. The real win is offline backups with integrity verification and immutable snapshots. Test your restore process before you need it. #MITREATTACK #ThreatIntel

Full investigation on Medium: medium.com/@ejoke.john4socan… #Ransomware #ThreatIntel #CyberSecurity #MITREATTACK #Ransomware #ThreatIntel #CyberSecurity #MITREATTACK #DarkSide #BlueTeam #SOC #YARA #MalwareAnalysis #ColonialPipeline #InfoSec #CyberDefense

This is why I believe security awareness training and identity verification protocols are not soft skills. They are your first line of defense. Favour Adebisi VAPT • AppSec • Security Engineer #Cybersecurity #MGMBreach #MITREATTaCK #SocialEngineering #InfoSec #TechAfrica

In September 2023, MGM Resorts lost $100 million in a single cyberattack. No sophisticated malware. No zero-day exploit. Just a phone call ⌛👇 #Cybersecurity #MGMBreach #MITREATTaCK #SocialEngineering #InfoSec #TechAfrica

🔎 Análisis forense de memoria de un compromiso asociado a StrelaStealer mediante PowerShell, WebDAV y Rundll32 La memoria RAM sigue siendo una de las fuentes de evidencia más valiosas en DFIR. Su análisis permite identificar procesos activos, líneas de comando, relaciones entre procesos y artefactos que, en muchos casos, no dejan rastro persistente en disco. En este caso se investiga una estación de trabajo de un entorno financiero que generó múltiples alertas de comportamiento anómalo. Mediante un volcado de memoria analizado con Volatility 3, fue posible reconstruir una cadena de compromiso basada en técnicas Living Off The Land (LotL) y atribuir la actividad a StrelaStealer. La investigación permitió identificar la ejecución de PowerShell en modo oculto, seguida del uso de Net.exe para acceder a un recurso WebDAV remoto. Posteriormente, el atacante utilizó Rundll32.exe para ejecutar una DLL alojada directamente en infraestructura controlada por el adversario. La secuencia observada refleja el abuso de LOLBins, una técnica que aprovecha binarios legítimos del sistema operativo para ejecutar código malicioso y dificultar la detección por parte de soluciones de seguridad tradicionales. La correlación de procesos, argumentos de ejecución y contexto de usuario permitió determinar que la actividad se desarrollaba bajo una cuenta con privilegios administrativos, aumentando significativamente el impacto potencial del incidente. Finalmente, el análisis del payload y de la infraestructura utilizada permitió relacionar la actividad con StrelaStealer, malware especializado en el robo de credenciales de clientes de correo electrónico. Cadena de ataque reconstruida: • Ejecución oculta de PowerShell • Conexión a un recurso WebDAV remoto • Acceso al payload mediante Net.exe • Ejecución de DLL remota con Rundll32 • Despliegue de StrelaStealer • Operación bajo privilegios administrativos Técnicas MITRE ATT&CK identificadas: • T1059.001 – PowerShell • T1105 – Ingress Tool Transfer • T1218.011 – Rundll32 • T1106 – Native API Este caso demuestra cómo el análisis de memoria permite reconstruir una intrusión compleja a partir de evidencias volátiles y cómo la combinación de DFIR, Threat Intelligence y MITRE ATT&CK resulta clave para comprender y atribuir una amenaza. • Artículo completo en el primer comentario #DFIR #MemoryForensics #DigitalForensics #IncidentResponse #ThreatHunting #ThreatIntelligence #MalwareAnalysis #StrelaStealer #Volatility #MITREATTACK #WindowsForensics #SOC #BlueTeam #CyberSecurity #CSIRT #Infosec #ThreatDetection #ForensicAnalysis #WindowsSecurity #DFIRCommunity

Windows DLL Execution Techniques 🔥 Telegram: t.me/hackinarticles ✴ Twitter: x.com/hackinarticles DLLs are widely used in Windows for modular functionality, but attackers can abuse them to execute malicious code, evade detection, and escalate privileges. ⚡ Execution Techniques 📦 DLL Sideloading (execute via trusted applications) 🔍 DLL Search Order Hijacking 🧬 Reflective DLL Injection (fileless execution) 💉 Remote DLL Injection into processes 🧠 Manual Mapping (custom loader bypass) 📂 Phantom DLL Hijacking 💡 Attackers exploit how Windows loads DLLs to run malicious payloads under legitimate processes, often bypassing security controls. 📖 Article: hackingarticles.in/windows-d… #CyberSecurity #RedTeam #Pentesting #Windows #Malware #DefenseEvasion #MITREATTACK #InfoSec

Anthropic Cybersecurity Skills 🤖💀 754 production-grade cybersecurity skills for AI agents. 📌 Covers 26 security domains: • Threat Intelligence • OSINT • DFIR • Threat Hunting • Malware Analysis • Red Teaming • Pentesting • Cloud Security • SOC Operations • Mobile Security • And more... ⚡ Mapped to 5 major frameworks: • MITRE ATT&CK • NIST CSF 2.0 • MITRE ATLAS • MITRE D3FEND • NIST AI RMF Compatible with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI, and 20 AI platforms. 🔗 github.com/mukul975/Anthropi… A massive open-source knowledge base designed to give AI agents the workflows and decision-making process of experienced security analysts. #CyberSecurity #AIAgents #ThreatIntelligence #OSINT #DFIR #ThreatHunting #MITREATTACK #InfoSec

Anthropic studied 832 banned hacker accounts over a year. The finding nobody is leading with: Least skilled attackers now use ~16 techniques, most skilled use ~20.. that gap used to be a canyon. AI does the hard part now. The expertise barrier that kept most hacking amateur is just gone. @AnthropicAI @MITREattack virtualuncle.com/anthropic-a…

I follow and believe in like-minded individuals like yourself. But I’m done with people who push their books and documentaries unless they offer something substantial that hasn’t been seen or mentioned before. I get it, some UAP investigators, journalists, and whistleblowers need to make money to fund their work or because of a lack of employment due to targeted attacks on their reputation. “Hey… I got a secret that I can’t tell but I’m going to allude to it in my book.” Right? I’m not saying Stratton is not truthful, but you can’t keep selling the same thing over and over without criticism. We who believe need to put pressure on those who threaten whistleblowers and think they are above answering to us, the people @DoW_AARO @CIA @MITREattack and the career bureaucrats.

Loki C2 by @0xBoku and @d_tranman script-jacks vulnerable Electron apps to backdoor and hollow them without invalidating their code signing signature. VS Code. Cursor. Discord. GitHub Desktop. Docker Desktop. The list keeps growing. MITRE ATT&CK T1218.015 | Azure Blob C2 | BOF/shellcode/assembly exec github.com/boku7/Loki #RedTeam #RedTeamTips #OffSec #OffensiveSecurity #Evasion #WDAC #AppControl #PenTest #PenTesting #Malware #ThreatIntel #MITREATTACK #CyberSecurity #InfoSec #Hacking

Building the Cyber Intelligence Layer for Nous’ Angels. This is where the Angels stop summarising evidence and start doing real analyst work. Extract IOCs. Map TTPs. Enrich domains, IPs, hashes, wallets, emails and URLs. Connect infrastructure. Track provenance. Push it all into the case graph. VERA finds the signals. MIRA connects the dots. NOX puts them in time. SABLE bullies weak attribution. LUX turns it into a report humans can defend. Looking at @MITREattack for TTP mapping and @MISPProject for structured threat intel sharing. The goal isn’t “AI does cyber” with a trench coat on. It’s a forensic intelligence spine: observables, relationships, enrichment, audit logs, evidence links, and human signoff. No mystery claims. No trust-me-bro forensics. Five agents. One case. No loose ends.

Three realities security leaders won't say out loud: 🔹 We have #threatintelligence, but we don't have the skills to turn it into prioritized decisions. 🔹 We have threat intelligence, but our team is too small to analyze everything we're collecting. 🔹 We don't have threat intelligence yet, and we're making security decisions without knowing who's actually targeting us. All three lead to the same problem: decisions made without the right context. Group-IB's Threat Landscape Service was built for all three. We analyze the adversaries relevant to your organization, identify malware and tools utilized by #threatactors, map their TTPs to MITRE ATT&CK®, and deliver a prioritized and actionable threat landscape, suitable for DORA, TIBER-EU, SAMA CTI, and NIS2. Your resources shouldn't limit your visibility. Learn more: group-ib.com/services/threat… #CyberSecurity #MITREATTACK #Infosec

One of the top adversary technique in 2025: Account Manipulation (T1098), 32% of MDR incidents. New to the list: Dynamic Resolution (T1568), tied to advanced human-driven C2 activity. Read the report: kas.pr/6jvb #CyberSecurity #ThreatIntelligence #MITREATTACK