5/5 Lateral Movement Assessment

Using valid administrator credentials, the attacker leveraged remote execution utilities to access additional internal hosts.

Observed Attack Chain:

PHPStudy Exploitation
→ Discovery
→ Payload Deployment
→ C2 Establishment
→ Persistence
→ Credential Access
→ Network Discovery
→ Lateral Movement

This intrusion demonstrates how a single vulnerable web application can rapidly evolve into broader internal compromise.

#ThreatIntel #CTI #MITREATTACK

1/5 Threat Activity Analysis

Source: Attack simulation telemetry analysis.

Initial access was achieved through exploitation of a vulnerable PHPStudy deployment. The attacker executed reconnaissance commands to identify the current user context, network configuration, ARP cache, and external connectivity.

Assessment: The activity indicates validation of code execution capabilities prior to payload deployment.

ATT&CK: T1190, T1082, T1016

#ThreatIntel #CyberSecurity #MITREATTACK

⚡ Fresh Talk Alert for BSides Luxembourg 2026!

𝗬𝗢𝗨𝗥 𝗖𝗧𝗜 𝗥𝗘𝗣𝗢𝗥𝗧𝗦 𝗔𝗥𝗘 𝗨𝗦𝗘𝗟𝗘𝗦𝗦 𝗪𝗜𝗧𝗛𝗢𝗨𝗧 𝗦𝗧𝗥𝗨𝗖𝗧𝗨𝗥𝗘: 𝗙𝗥𝗢𝗠 𝗨𝗡𝗦𝗧𝗥𝗨𝗖𝗧𝗨𝗥𝗘𝗗 𝗧𝗛𝗥𝗘𝗔𝗧 𝗜𝗡𝗧𝗘𝗟 𝗧𝗢 𝗦𝗧𝗜𝗫 𝗞𝗡𝗢𝗪𝗟𝗘𝗗𝗚𝗘 𝗚𝗥𝗔𝗣𝗛𝗦 𝗪𝗜𝗧𝗛 𝗟𝗟𝗠𝗦 𝗔𝗡𝗗 𝗠𝗖𝗣 𝗦𝗘𝗥𝗩𝗘𝗥 – Antonio Formato

Turn unstructured threat intelligence into actionable, machine-readable defense logic in this deep dive from the Actionable CTI & Detection Engineering Village. Every week, critical threat reports are published in PDFs and blog posts — rich in insight but unusable for SIEMs, SOARs, or AI agents. This talk shows how to bridge that gap using a hybrid architecture that combines deterministic extraction and LLM-based semantic inference to generate STIX 2.1 knowledge graphs.

You’ll explore how threat reports can be transformed into structured intelligence objects, mapped to MITRE ATT&CK, and visualized as interactive knowledge graphs. The session also introduces TI Mindmap HUB, an independent research platform that converts real-world reports into multi-layered CTI views including ATT&CK heatmaps, Diamond Model structures, and CVE prioritization.

A key focus is the Model Context Protocol (MCP), which exposes structured CTI as tool calls for AI agents—making intelligence directly usable in automated workflows, SOC tooling, and AI copilots. The talk concludes with emerging research into LLM-inferred threat intelligence knowledge graphs and cross-report correlation at scale.

Antonio Formato is a Senior Cybersecurity Solution Engineer at Microsoft and an independent researcher focused on Generative AI for Cyber Threat Intelligence. He is the creator of TI Mindmap HUB and co-author of academic research on automated STIX 2.1 generation currently under peer review.

📅 Conference Dates: 6–8 May 2026 | 09:00–18:00
📍 14, Porte de France, Esch-sur-Alzette, Luxembourg
🎟️ Tickets: https://2026.bsides.lu/tickets/
📅 Schedule: https://hackertracker.app/schedule?conf=BSIDESLUX2026

#BSidesLuxembourg2026 #CTI #ThreatIntelligence #STIX #MITREATTACK #AISecurity #DetectionEngineering

🎮 The Return of Malware & Monsters: Collaborative IR Gaming (2h Workshop) on May 6th!

𝗚𝗢𝗧𝗧𝗔 𝗖𝗢𝗡𝗧𝗔𝗜𝗡 '𝗘𝗠 𝗔𝗟𝗟: 𝗖𝗢𝗟𝗟𝗔𝗕𝗢𝗥𝗔𝗧𝗜𝗩𝗘 𝗜𝗡𝗖𝗜𝗗𝗘𝗡𝗧 𝗥𝗘𝗦𝗣𝗢𝗡𝗦𝗘 𝗧𝗥𝗔𝗜𝗡𝗜𝗡𝗚 𝗧𝗛𝗥𝗢𝗨𝗚𝗛 𝗚𝗔𝗠𝗜𝗡𝗚 with Klaus Agnoletti (@klausagnoletti) & 𝗚𝗟𝗘𝗡 𝗦𝗢𝗥𝗘𝗡𝗦𝗘𝗡 - 6 May, 9AM - 11AM

Back by popular demand after last year's hit! Ditch dull tabletops for Malware & Monsters – tabletop RPG meets creature-collecting where teams hunt/contain digital threats in story-driven scenarios with MITRE ATT&CK-mapped malware "malmons." Experience real IR chaos: coordination under pressure, incomplete intel, stakeholder drama. Take roles like Hunter, Analyst, Forensicator, Communicator to see how teams actually collaborate. Learn mechanics, build custom scenarios from real malware history, run live sims with "type effectiveness" for defenses and evolution for escalating attacks. Walk away with free, ready-to-use materials for fun, effective IR training.

Led by Klaus Agnoletti https://pretalx.com/orga/event/bsidesluxembourg-2026/speakers/SQVVHK/ (infosec pro since 2004, BSides København co-founder, storytelling cyber advisor, neurodiversity advocate) & Glen Sorensen https://pretalx.com/orga/event/bsidesluxembourg-2026/speakers/J3PRCC/ (Recovering CISO, DeleteMe Solutions Engineer, OSINT/AI expert, HackBack Gaming Incident Master).

📅 Conference dates and time: 6–8 May 2026 | 9AM - 6PM
📍 Venue: 14, Porte de France, Esch-sur-Alzette, Luxembourg
🎟️ Tickets: https://2026.bsides.lu/tickets/
📅 Schedule: https://pretalx.com/bsidesluxembourg-2026/schedule/

Game your way to better IR skills – popular return engagement! 🎲

#BSidesLuxembourg2026 #IncidentResponse #CyberSecurityTraining #BlueTeam #GameBasedLearning #MITREATTACK #BSides #DnD #DFIR

If the Kardashians launched their own framework it would be Kommand and Kontrol (K2).

The Momager (Kris.exe or Kris.sh): The primary C2 listener.
The Glow Up: Privesc
Keeping Up: Lateral movement

#C2Framework #RedTeaming #PostExploitation #MalwareDevelopment #Infosec #CyberSecurity #EDRBypass #ActiveDirectory #PenTesting #ThreatHunting #MITREATTACK #APTHunting #Shellcode #ZeroDay #Persistence #Exfiltration #BlueTeam #PurpleTeaming #kardashians

Why the MITRE ATT&CK Framework Actually Works: https://levelup.gitconnected.com/why-the-mitre-att-ck-framework-actually-works-29ac26d2d20c

#mitreattack

Learn How Malware Survives Reboots and Cleanup Using Cron Persistence Technique in Linux Systems.

Full Details Here: https://ostechnix.com/cron-persistence-linux-malware/

#CronPersistence #Malware #Cronjob #Cron #LinuxSecurity #MitreAttack #Linux

A red-team wiper emulating Sandworm (GRU Unit 74455) has been published - a 90-line Go binary demonstrating LotL execution across 121 MITRE ATT&CK techniques including T1490, T1561.001, and T1070.001.

Full report:
https://www.technadu.com/sandworm-gru-unit-74455-red-team-wiper-released-as-training-sample/614498/

Follow @technadu for more threat intel updates.

#Sandworm #GRU74455 #MITREATTACK #RedTeam #BlueTeam #Infosec #WiperMalware

Red and blue teams breaking down their silos and working in real time—imagine a cybersecurity defense that evolves with every simulated threat. Curious how continuous purple teaming is rewriting the playbook?

https://thedefendopsdiaries.com/continuous-purple-teaming-a-collaborative-approach-to-modern-cyber-defense/

#purpleteaming
#cyberdefense
#breachandattacksimulation
#mitreattack
#redteam
#blueteam
#securityautomation
#continuousvalidation
#cybersecuritystrategy