Airbus CERT
@airbuscert.bsky.social
🐝 New blog post at skyblue.team/posts/unsafe...
At Airbus CERT, we worked on the sudo CVE-2025-32463 to create detection and hunting rules.
Based on the underlying vulnerability, we developed an eBPF based tool to monitor unsafe chroot behavior regarding NSS reloading.
github.com/airbus-cert/...
At Airbus CERT, we worked on the sudo CVE-2025-32463 to create detection and hunting rules.
Based on the underlying vulnerability, we developed an eBPF based tool to monitor unsafe chroot behavior regarding NSS reloading.
github.com/airbus-cert/...
Analyzing the unsafe chroot behavior of sudo CVE-2025-32463 | Sky Blueteam
A story of a bee, a sandwich and a crab
skyblue.team
November 4, 2025 at 3:28 PM
🐝 New blog post at skyblue.team/posts/unsafe...
At Airbus CERT, we worked on the sudo CVE-2025-32463 to create detection and hunting rules.
Based on the underlying vulnerability, we developed an eBPF based tool to monitor unsafe chroot behavior regarding NSS reloading.
github.com/airbus-cert/...
At Airbus CERT, we worked on the sudo CVE-2025-32463 to create detection and hunting rules.
Based on the underlying vulnerability, we developed an eBPF based tool to monitor unsafe chroot behavior regarding NSS reloading.
github.com/airbus-cert/...
Reposted by Airbus CERT
New release of minusone (v0.4.0) with a lot of new deobfuscation pattern : github.com/airbus-cert/...
🚨Online version : minusone.skyblue.team 🚨
#powershell #deobfuscation
🚨Online version : minusone.skyblue.team 🚨
#powershell #deobfuscation
GitHub - airbus-cert/minusone: Powershell Linter
Powershell Linter. Contribute to airbus-cert/minusone development by creating an account on GitHub.
github.com
July 30, 2025 at 7:12 AM
New release of minusone (v0.4.0) with a lot of new deobfuscation pattern : github.com/airbus-cert/...
🚨Online version : minusone.skyblue.team 🚨
#powershell #deobfuscation
🚨Online version : minusone.skyblue.team 🚨
#powershell #deobfuscation
Ever dreamt of parsing the $I3O INDX files from a 80GB drive in under 10 seconds? ⏱️
Dream no more ✨ Courtesy of @eeriedusk.bsky.social and #RustLang 🦀🦀🦀
#DFIR #Forensics
Dream no more ✨ Courtesy of @eeriedusk.bsky.social and #RustLang 🦀🦀🦀
#DFIR #Forensics
June 25, 2025 at 12:09 PM
Ever dreamt of parsing the $I3O INDX files from a 80GB drive in under 10 seconds? ⏱️
Dream no more ✨ Courtesy of @eeriedusk.bsky.social and #RustLang 🦀🦀🦀
#DFIR #Forensics
Dream no more ✨ Courtesy of @eeriedusk.bsky.social and #RustLang 🦀🦀🦀
#DFIR #Forensics