netbiosX1h ago

๐Ÿšจ Crossโ€‘Session Activation is a detection gap hiding in plain sight.
๐Ÿ’ก The technique abstract below highlights the minimum viable signals for defenders.
๐Ÿ’ญ Interesting to know if this technique is part of your threat emulation library.

#detectionengineering #purpleteam #blueteam

netbiosX1d ago

๐Ÿ“‰ ๐‚๐ฒ๐›๐ž๐ซ ๐ฌ๐ข๐ ๐ง๐š๐ฅ ๐ข๐ฌ ๐๐ซ๐จ๐ฉ๐ฉ๐ข๐ง๐ .
๐Ÿ“ˆ ๐€๐ˆ ๐ง๐จ๐ข๐ฌ๐ž ๐ข๐ฌ ๐ซ๐ข๐ฌ๐ข๐ง๐ .

To help, I created a list of active cybersecurity blogs written by people who still publish real research.

If you follow any of these already (or have gems I should add), let me know.

๐Ÿ“Œhttps://github.com/netbiosX/CyberSec-Blogs #redteam #purpleteam #threathunting

GitHub - netbiosX/CyberSec-Blogs: Lists of independent cybersecurity blogs covering threat intelligence, purple team, red team, threat hunting, and detection engineering. Most are personal blogs maintained by practitioners who publish original research, tradecraft, and tooling.

Lists of independent cybersecurity blogs covering threat intelligence, purple team, red team, threat hunting, and detection engineering. Most are personal blogs maintained by practitioners who publ...

GitHub
netbiosX3d ago
Cross-Session Activation https://ipurple.team/2026/05/04/cross-session-activation/ #purpleteam #lateralmovement
Cross-Session Activation

Traditional lateral movement techniques are no longer applicable in the modern era due to developments in the detection capability by most of the EDR vendors. Techniques that abuse legitimate Windoโ€ฆ

Purple Team
Tim (Wadhwa-)Brown Apr 25

Accidentally leveraged a supply chain attack this week when it turned out that the GitHub org I'd cloned for a cyber exercise was "unofficial" and none of the exercise participants knew who actually owned it although they did recognise the committers. Chaos ensued.

#purpleteam

Pacific NW ComputersApr 23

I have made some recent updates to my Ultimate Cybersecurity Guide GitHub Repo! New documentation, new how-to guides and new subsections to the AI portion of the repo, as well as a few other things here and there. Give it a look if you are at all interested!

#GitHub #Cybersecurity #Guide #HowTo #PurpleTeam https://github.com/Pnwcomputers/ULTIMATE-CYBERSECURITY-MASTER-GUIDE

GitHub - Pnwcomputers/ULTIMATE-CYBERSECURITY-MASTER-GUIDE: This repository provides a centralized resource for operational cyber defense and offense, compiling Theory, Tools, Operating Procedures, and Step-by-Step Guides across various critical security domains. Content is sourced from industry-leading books and technical presentations, focusing on practical application rather than JUST theory.

This repository provides a centralized resource for operational cyber defense and offense, compiling Theory, Tools, Operating Procedures, and Step-by-Step Guides across various critical security do...

GitHub
Adversary VillageApr 19
CALL FOR PAPERS OPEN for Adversary Village at DEF CON 34!
We are looking for Talks, Workshops, Tool Demos, and Hands-on Activities focused strictly on adversary simulation, threat emulation, offensive tradecraft, threat-informed defense, offensive cyber security, state-sponsored threat actors, purple teaming, and real-world attacker techniques. Vendor-neutral, technical, and practical content only.
Submit your research here: https://adversaryvillage.org/call-for-papers/
CFP Closes on: 31st May 2026
#DEFCON34 #AdversaryVillage
#OffensiveCyberSecurity #AdversarySimulation #PurpleTeam #ThreatActors #Breaches #DEFCON
BSidesLuxembourgApr 11

Another talk announcement for BSides Luxembourg!

๐Ÿ”ฅ๐Ÿค– ๐—ข๐—› ๐—ฆ๐—›๐—œ๐—ง ๐—œ ๐—”๐—–๐—–๐—œ๐——๐—˜๐—ก๐—ง๐—”๐—Ÿ๐—Ÿ๐—ฌ ๐—•๐—ฅ๐—˜๐—”๐—–๐—›๐—˜๐—— ๐—”๐—ก ๐—ข๐—ฅ๐—š๐—”๐—ก๐—œ๐—ญ๐—”๐—ง๐—œ๐—ข๐—ก (๐—ข๐—ฅ ๐— ๐—”๐—ก๐—ฌ) ๐—จ๐—ฆ๐—œ๐—ก๐—š ๐—”๐—œ โ€“ Panagiotis Fiskilis ๐Ÿ’ฅ

What starts as a harmless search can spiral into a multi-organization data breachโ€”especially when AI gets involved.

This talk dives into real-world research showing how AI can be weaponized for OSINT, enabling large-scale data discovery, spear phishing campaigns, and even manipulation of AI systems themselves. From injecting malicious context into models to scaling attacks via APIs and agent workflows, this session explores how adversaries can turn AI into a powerful offensive toolโ€”and how defenders can detect and respond.

Expect a true purple team perspective, blending attacker techniques with defensive insights, including OPSEC considerations and strategies to identify malicious AI-driven activities before they escalate.

Panagiotis Fiskilis is a Senior Red Team Operator at NVISO, specializing in API hacking, Active Directory exploitation, and malware development. With multiple industry certifications (OSCP, OSWE, CRTO, eWPT and more), he brings hands-on offensive expertise combined with a strong research-driven mindset.

๐Ÿ“… Conference Dates: 6โ€“8 May 2026 | 09:00โ€“18:00
๐Ÿ“ 14, Porte de France, Esch-sur-Alzette, Luxembourg
๐ŸŽŸ๏ธ Tickets: https://2026.bsides.lu/tickets/
๐Ÿ“… Schedule Link: https://pretalx.com/bsidesluxembourg-2026/schedule/
๐Ÿ‘‰ Browse sessions, track talks in real time, and plan your schedule on Hacker Tracker: https://hackertracker.app/schedule?conf=BSIDESLUX2026

#BSidesLuxembourg2026 #AISecurity #RedTeam #OSINT #CyberSecurity #AI #ThreatIntelligence #PurpleTeam

netbiosXApr 8
๐Ÿ“ Missed the writeโ€‘up on abusing SpeechRuntime for lateral movement?
This diagram summarizes the chain.โคต๏ธ
๐Ÿ–Š๏ธ https://ipurple.team/2026/04/07/microsoft-speech/ #purpleteam
netbiosXApr 7

๐Ÿ“ข New Article: Lateral Movement via Microsoft Speech
๐ŸŽ™๏ธ Microsoft Speech Platform is built-in in Windows environments to enable Speech recognition, Voice input, Text-to-Speech & Speech features in Windows, Edge & Office
๐Ÿฆ„ Deepโ€‘dive playbook on how Microsoft Speech can be abused for lateral movement and how defenders can perform detection.
๐Ÿ“– 1x Playbook
๐Ÿ’ก Detection Opportunities
๐Ÿน 1x MDE Query

๐ƒ๐ž๐ญ๐ž๐œ๐ญ๐ข๐จ๐ง - ๐„๐ฏ๐ž๐ง๐ญ ๐ˆ๐ƒ'๐ฌ
โœ…๏ธ 4657 & 4663 - {655D9BF9-3876-43D0-B6E8-C83C1224154C}
โœ…๏ธ 4688 - SpeechRuntime.exe
โœ…๏ธ 7040 & 7036 - RemoteRegistry Service

โœ’๏ธ https://ipurple.team/2026/04/07/microsoft-speech/ #purpleteam #blueteam #detectionengineering

Microsoft Speech

SpeechRuntime is a legitimate Windows component that supports Microsoftโ€™s speech-related capabilities, including voice input and speech recognition features used across modern Windows experieโ€ฆ

Purple Team
BSidesLuxembourgApr 3

Another talk announcement!

๐ŸŸฃ๐Ÿค– ๐—š๐—ข๐—ข๐——๐—•๐—ฌ๐—˜ ๐—ฃ๐—จ๐—ฅ๐—ฃ๐—Ÿ๐—˜ ๐—ง๐—˜๐—”๐— , ๐—›๐—˜๐—Ÿ๐—Ÿ๐—ข ๐—ฃ๐—จ๐—ฅ๐—ฃ๐—Ÿ๐—˜ ๐—•๐—ข๐—ง๐—ฆ - ๐—ฃ๐—”๐—ง๐—ฅ๐—œ๐—–๐—ž ๐— ๐—ž๐—›๐—”๐—˜๐—Ÿ & ๐—ฅ๐—”๐—Ÿ๐—ฃ๐—› ๐—˜๐—Ÿ ๐—ž๐—›๐—ข๐—จ๐—ฅ๐—ฌ ๐Ÿ›ก๏ธโš”๏ธ

What if purple teaming could run itself? ๐Ÿš€ This talk reveals an AI driven framework that simulates real world attacks, uncovers detection gaps, and continuously strengthens your defenses with zero manual effort. It's more than automation. It is a smart, self evolving security cycle where offense and defense work together in real time to stay ahead of threats.

Patrick Mkhael https://pretalx.com/bsidesluxembourg-2026/speaker/WHMGFD/ is an Offensive Security R&D lead with a strong blue team foundation, now focused on red teaming, cloud pentesting, and building tools for adversary emulation and automated security testing.

Ralph El Khoury https://pretalx.com/bsidesluxembourg-2026/speaker/X9QCJN/ is a red teamer and CVE hunter with a passion for breaking AD and web apps. Teaches kids to question everything, starting with default credentials.

๐Ÿ“… Conference dates: 6โ€“8 May 2026 | 09:00โ€“18:00
๐Ÿ“ 14, Porte de France, Esch-sur-Alzette, Luxembourg
๐ŸŽŸ๏ธ Tickets: https://2026.bsides.lu/tickets/
๐Ÿ“… Schedule Link: https://pretalx.com/bsidesluxembourg-2026/schedule/

#BSidesLuxembourg2026 #CyberSecurity #PurpleTeam #RedTeam #BlueTeam #AI