[T1011.001 ] Exfiltration Over Other Network Medium: Exfiltration Over Bluetooth – Adversaries may use Bluetooth to move stolen data off devices when traditional network channels are blocked or monitored. This technique leverages proximity and often weaker defenses on wireless interfaces to bypass enterprise controls. #Exfiltration #Bluetooth
Tag: MACOS
[T1011 ] Exfiltration Over Other Network Medium – Adversaries may move stolen data across alternate network channels (Wi‑Fi, cellular, Bluetooth, modem, RF) separate from the primary command-and-control path to avoid enterprise defenses and monitoring. Detecting these paths requires broad visibility into endpoints, wireless interfaces, and unusual process-network activity. #Exfiltration #NetworkSecurity
[T1010 ] Application Window Discovery – Adversaries enumerate open application windows to learn what programs and documents are active on a system, which can reveal high-value data, user behavior, or security tools to target or evade. #ApplicationWindowDiscovery #Discovery
[T1008 ] Fallback Channels – Adversaries use fallback channels to preserve command and control when primary paths fail or are blocked, switching to alternate protocols, ports, or covert methods to maintain access and exfiltration. Detecting these shifts requires focused monitoring of unusual flows, protocol misuse, and novel process networking. #FallbackChannels #CommandAndControl
[T1007 ] System Service Discovery – Adversaries enumerate installed and running services to map system capabilities and identify high-value targets or persistence opportunities. Detecting these queries quickly helps defenders link reconnaissance to follow-on actions like lateral movement or privilege escalation. #SystemServiceDiscovery #T1007
[T1005 ] Data from Local System – Adversaries search local files, configurations, virtual machine images, and local databases to find sensitive data for later exfiltration; monitoring command activity and system APIs helps detect this behavior. #DataFromLocalSystem #T1005
[T1001.003 ] Data Obfuscation: Protocol or Service Impersonation – Adversaries disguise C2 and malicious traffic by impersonating legitimate protocols or web services, making harmful activity blend with normal network flows and evade detection. #DataObfuscation #ProtocolImpersonation
The US cybersecurity agency CISA has issued a warning about a recently exploited vulnerability in Git, which could lead to remote code execution. Organisations are urged to patch this flaw promptly to prevent potential attacks. #CISA #CVE202548384…
[T1001.002 ] Data Obfuscation: Steganography – Adversaries hide command-and-control or exfiltrated data inside benign-looking files (images, documents, audio) to evade detection and blend with normal traffic. Monitoring unusual file transfers and inspecting content can reveal hidden channels. #Steganography #DataObfuscation
[T1001.001 ] Data Obfuscation: Junk Data – Adversaries insert meaningless or random bytes into command-and-control communications to hide malicious signals and evade simple detection rules. This increases difficulty for signature- and pattern-based inspection and forces defenders to use deeper protocol validation and behavioral analysis. #DataObfuscation #JunkData
[T1003 ] OS Credential Dumping – Adversaries extract passwords and credential material (hashes or cleartext) from operating system memory, caches, and files to gain account access and move laterally within networks. Effective detection and controls reduce unauthorized access and privilege escalation risk. #OSCredentialDumping #CredentialDumping
[T1001 ] Data Obfuscation – Adversaries hide command-and-control traffic by altering, padding, or disguising communications so they blend with normal network activity and evade detection. Detecting this requires inspecting protocol behavior, unusual data flows, and endpoint processes to spot anomalies early. #DataObfuscation #C2Detection
Docker has issued security fixes for a critical vulnerability (CVE-2025-9074) in Docker Desktop for Windows and macOS, which could allow attackers to escape containers and access host files. This flaw, rated 9.3/10 CVSS, stems from an unauthenticated access to the Docker Engine API, posing a significant risk of full host compromise….
A critical security vulnerability in Docker Desktop for Windows and macOS allows attackers to compromise the host system via malicious containers, even with Enhanced Container Isolation enabled. The flaw, identified as CVE-2025-9074, enables unauthorized access to the Docker Engine API and potential escalation of privileges on Windows and macOS systems. #DockerDesktop #CVE-2025-9074
Malware persistence techniques allow attackers to maintain long-term access to compromised systems by utilizing various methods such as scheduled tasks, startup scripts, and account manipulation. Protecting systems requires a layered defense approach, and tools like Wazuh help detect and respond to these threats effectively. #MITREATTACK #PersistenceTechniques