🎮 The Return of Malware & Monsters: Collaborative IR Gaming (2h Workshop) on May 6th!

𝗚𝗢𝗧𝗧𝗔 𝗖𝗢𝗡𝗧𝗔𝗜𝗡 '𝗘𝗠 𝗔𝗟𝗟: 𝗖𝗢𝗟𝗟𝗔𝗕𝗢𝗥𝗔𝗧𝗜𝗩𝗘 𝗜𝗡𝗖𝗜𝗗𝗘𝗡𝗧 𝗥𝗘𝗦𝗣𝗢𝗡𝗦𝗘 𝗧𝗥𝗔𝗜𝗡𝗜𝗡𝗚 𝗧𝗛𝗥𝗢𝗨𝗚𝗛 𝗚𝗔𝗠𝗜𝗡𝗚 with Klaus Agnoletti (@klausagnoletti) & 𝗚𝗟𝗘𝗡 𝗦𝗢𝗥𝗘𝗡𝗦𝗘𝗡 - 6 May, 9AM - 11AM

Back by popular demand after last year's hit! Ditch dull tabletops for Malware & Monsters – tabletop RPG meets creature-collecting where teams hunt/contain digital threats in story-driven scenarios with MITRE ATT&CK-mapped malware "malmons." Experience real IR chaos: coordination under pressure, incomplete intel, stakeholder drama. Take roles like Hunter, Analyst, Forensicator, Communicator to see how teams actually collaborate. Learn mechanics, build custom scenarios from real malware history, run live sims with "type effectiveness" for defenses and evolution for escalating attacks. Walk away with free, ready-to-use materials for fun, effective IR training.

Led by Klaus Agnoletti https://pretalx.com/orga/event/bsidesluxembourg-2026/speakers/SQVVHK/ (infosec pro since 2004, BSides København co-founder, storytelling cyber advisor, neurodiversity advocate) & Glen Sorensen https://pretalx.com/orga/event/bsidesluxembourg-2026/speakers/J3PRCC/ (Recovering CISO, DeleteMe Solutions Engineer, OSINT/AI expert, HackBack Gaming Incident Master).

📅 Conference dates and time: 6–8 May 2026 | 9AM - 6PM
📍 Venue: 14, Porte de France, Esch-sur-Alzette, Luxembourg
🎟️ Tickets: https://2026.bsides.lu/tickets/
📅 Schedule: https://pretalx.com/bsidesluxembourg-2026/schedule/

Game your way to better IR skills – popular return engagement! 🎲

#BSidesLuxembourg2026 #IncidentResponse #CyberSecurityTraining #BlueTeam #GameBasedLearning #MITREATTACK #BSides #DnD #DFIR

If the Kardashians launched their own framework it would be Kommand and Kontrol (K2).

The Momager (Kris.exe or Kris.sh): The primary C2 listener.
The Glow Up: Privesc
Keeping Up: Lateral movement

#C2Framework #RedTeaming #PostExploitation #MalwareDevelopment #Infosec #CyberSecurity #EDRBypass #ActiveDirectory #PenTesting #ThreatHunting #MITREATTACK #APTHunting #Shellcode #ZeroDay #Persistence #Exfiltration #BlueTeam #PurpleTeaming #kardashians

Why the MITRE ATT&CK Framework Actually Works: https://levelup.gitconnected.com/why-the-mitre-att-ck-framework-actually-works-29ac26d2d20c

#mitreattack

Learn How Malware Survives Reboots and Cleanup Using Cron Persistence Technique in Linux Systems.

Full Details Here: https://ostechnix.com/cron-persistence-linux-malware/

#CronPersistence #Malware #Cronjob #Cron #LinuxSecurity #MitreAttack #Linux

A red-team wiper emulating Sandworm (GRU Unit 74455) has been published - a 90-line Go binary demonstrating LotL execution across 121 MITRE ATT&CK techniques including T1490, T1561.001, and T1070.001.

Full report:
https://www.technadu.com/sandworm-gru-unit-74455-red-team-wiper-released-as-training-sample/614498/

Follow @technadu for more threat intel updates.

#Sandworm #GRU74455 #MITREATTACK #RedTeam #BlueTeam #Infosec #WiperMalware

Red and blue teams breaking down their silos and working in real time—imagine a cybersecurity defense that evolves with every simulated threat. Curious how continuous purple teaming is rewriting the playbook?

https://thedefendopsdiaries.com/continuous-purple-teaming-a-collaborative-approach-to-modern-cyber-defense/

#purpleteaming
#cyberdefense
#breachandattacksimulation
#mitreattack
#redteam
#blueteam
#securityautomation
#continuousvalidation
#cybersecuritystrategy

🚀 MITRE ATT&CK v18 = a major leap in detection depth.

The new version adds Detection Strategies and Analytics - helping defenders align detection logic to platform-specific threats.

Also new: CI/CD, Kubernetes, ransomware prep behaviors, mobile “linked devices” exploits, and ICS asset updates.

MITRE even launched the ATT&CK Advisory Council to strengthen community collaboration.

💬 What part of ATT&CK v18 do you think will have the biggest impact on detection engineering?
Follow @technadu for more #ThreatIntel insights.

#CyberSecurity #MITREATTACK #DetectionEngineering #CTI #ThreatIntel #BlueTeam #Infosec #CyberDefense #MITRE #ICS #CloudSecurity #MobileSecurity

New phishing technique - CoPhish - weaponizes Microsoft Copilot Studio to steal Entra ID OAuth tokens.
Attackers build malicious AI agents hosted on legitimate Microsoft domains, exfiltrating tokens via “Login” flows that appear genuine.
Uses OAuth T1528 techniques + token forwarding through Microsoft IPs for stealth.
🛡️ Detection ideas:
- Monitor consent grants in Entra ID logs.
- Restrict unverified app registrations.
- Disable user app creation.
- Flag Copilot bots using trial tenants or untrusted domains.

How are you tuning detections for AI-driven OAuth phishing?
💬 Share your strategies & follow @technadu for more technical threat intel.

#OAuth #Phishing #Microsoft #Copilot #CloudSecurity #ThreatHunting #AIsecurity #EntraID #MITREATtack #InfoSec #TechNadu

KillChainGraph → new ML framework mapping attacker behavior w/ Cyber Kill Chain + MITRE ATT&CK.
🔹 Ensemble ML: BERT, Transformers, GNN, LightGBM
🔹 Outputs graphs of attack paths
🔹 Helps analysts anticipate adversary moves
💬 Should SOCs embrace predictive ML, or does analyst intuition still matter most?
Follow @technadu for more cyber insights.

#CyberSecurity #MITREATTACK #CyberKillChain #MachineLearning #SOC #ThreatIntel

Hackers are using everyday system functions to keep malware lurking long after a reboot. Learn how these stealth tactics work and how smart defenses can finally break their grip.

https://thedefendopsdiaries.com/understanding-and-defending-against-malware-persistence-techniques/

#malware
#cybersecurity
#persistence
#wazuh
#mitreattack