@jdomedion.bsky.social
Reposted
Wondering how effective our DFIR Labs are for practical skills? 🤔
Check out real user testimonials on gaining critical, hands-on experience & see why they recommend our platform:
👇
thedfirreport.com/services/dfi...
Check out real user testimonials on gaining critical, hands-on experience & see why they recommend our platform:
👇
thedfirreport.com/services/dfi...
May 1, 2025 at 12:10 PM
Wondering how effective our DFIR Labs are for practical skills? 🤔
Check out real user testimonials on gaining critical, hands-on experience & see why they recommend our platform:
👇
thedfirreport.com/services/dfi...
Check out real user testimonials on gaining critical, hands-on experience & see why they recommend our platform:
👇
thedfirreport.com/services/dfi...
Reposted
🌟New report out today!🌟
Navigating Through The Fog
Analysis and reporting completed by Angelo Violetti, and reviewed by Zach Stanford.
Audio: Available on Spotify, Apple, YouTube and more!
thedfirreport.com/2025/04/28/n...
Navigating Through The Fog
Analysis and reporting completed by Angelo Violetti, and reviewed by Zach Stanford.
Audio: Available on Spotify, Apple, YouTube and more!
thedfirreport.com/2025/04/28/n...
Navigating Through The Fog
Key Takeaways An open directory associated with a ransomware affiliate, likely linked to the Fog ransomware group, was discovered in December 2024. It contained tools and scripts for reconnaissance…
thedfirreport.com
April 28, 2025 at 12:36 PM
🌟New report out today!🌟
Navigating Through The Fog
Analysis and reporting completed by Angelo Violetti, and reviewed by Zach Stanford.
Audio: Available on Spotify, Apple, YouTube and more!
thedfirreport.com/2025/04/28/n...
Navigating Through The Fog
Analysis and reporting completed by Angelo Violetti, and reviewed by Zach Stanford.
Audio: Available on Spotify, Apple, YouTube and more!
thedfirreport.com/2025/04/28/n...
Reposted
I used to chase the latest frameworks
Then I realized: Mastering fundamentals beats chasing trends.
#softwareengineer
Then I realized: Mastering fundamentals beats chasing trends.
#softwareengineer
April 3, 2025 at 5:02 PM
I used to chase the latest frameworks
Then I realized: Mastering fundamentals beats chasing trends.
#softwareengineer
Then I realized: Mastering fundamentals beats chasing trends.
#softwareengineer
Reposted
🌟New report out Monday, March 31st by @pigerlin, UC1 and @Miixxedup!
📬 Want to be the first to know? Subscribe for updates: thedfirreport.com/subscribe/
📬 Want to be the first to know? Subscribe for updates: thedfirreport.com/subscribe/
Subscribe
If you would like to receive an email when we publish a new report, please type your email address below and press subscribe. If you do not receive the confirmation email within a few minutes, plea…
thedfirreport.com
March 28, 2025 at 1:42 PM
🌟New report out Monday, March 31st by @pigerlin, UC1 and @Miixxedup!
📬 Want to be the first to know? Subscribe for updates: thedfirreport.com/subscribe/
📬 Want to be the first to know? Subscribe for updates: thedfirreport.com/subscribe/
Reposted
Investigation Scenario 🔎
A server on your network suddenly sent DNS requests to several (100+) known malicious domains. but did not connect to them.
What do you look for to investigate the source and disposition of this event?
#InvestigationPath #DFIR #SOC
A server on your network suddenly sent DNS requests to several (100+) known malicious domains. but did not connect to them.
What do you look for to investigate the source and disposition of this event?
#InvestigationPath #DFIR #SOC
March 18, 2025 at 1:57 PM
Investigation Scenario 🔎
A server on your network suddenly sent DNS requests to several (100+) known malicious domains. but did not connect to them.
What do you look for to investigate the source and disposition of this event?
#InvestigationPath #DFIR #SOC
A server on your network suddenly sent DNS requests to several (100+) known malicious domains. but did not connect to them.
What do you look for to investigate the source and disposition of this event?
#InvestigationPath #DFIR #SOC
Reposted
🥺👉👈
I know a cybersecurity asset you could acquire and even work from home on
www.theverge.com/google/24198...
I know a cybersecurity asset you could acquire and even work from home on
www.theverge.com/google/24198...
Google acquires cybersecurity firm Wiz for $32 billion
It’ll be Google’s most expensive deal to date if it goes ahead.
www.theverge.com
March 18, 2025 at 1:26 PM
🥺👉👈
I know a cybersecurity asset you could acquire and even work from home on
www.theverge.com/google/24198...
I know a cybersecurity asset you could acquire and even work from home on
www.theverge.com/google/24198...
Reposted
🚀DFIR Labs CTF🚀
Our next CTF will be June 7 1630 UTC - 2030 UTC.
➡️Only $9.99 to join!
➡️Choose Elastic or Splunk as your SIEM
➡️Get access to a NEW, un-released case
➡️Top 5 are invited to join The DFIR Report team!
Register: store.thedfirreport.com/products/dfi...
Our next CTF will be June 7 1630 UTC - 2030 UTC.
➡️Only $9.99 to join!
➡️Choose Elastic or Splunk as your SIEM
➡️Get access to a NEW, un-released case
➡️Top 5 are invited to join The DFIR Report team!
Register: store.thedfirreport.com/products/dfi...
DFIR Labs CTF
More information about this CTF can be found here. After purchase you will get an invite to our DFIR Labs CTF Discord Server. Please join before the start of the CTF for announcements and support. If ...
store.thedfirreport.com
March 17, 2025 at 10:44 PM
🚀DFIR Labs CTF🚀
Our next CTF will be June 7 1630 UTC - 2030 UTC.
➡️Only $9.99 to join!
➡️Choose Elastic or Splunk as your SIEM
➡️Get access to a NEW, un-released case
➡️Top 5 are invited to join The DFIR Report team!
Register: store.thedfirreport.com/products/dfi...
Our next CTF will be June 7 1630 UTC - 2030 UTC.
➡️Only $9.99 to join!
➡️Choose Elastic or Splunk as your SIEM
➡️Get access to a NEW, un-released case
➡️Top 5 are invited to join The DFIR Report team!
Register: store.thedfirreport.com/products/dfi...
Reposted
PYSA/Mespinoza Ransomware
➡️TTR 7.5 hours
➡️Koadic and Empire for C2
➡️7+ Credential Access techniques
➡️ADRecon, APS, quser, arp, and nltest for Discovery
➡️RDP and PsExec for Lateral Movement
➡️Files exfiltrated
➡️PYSA ransomware for Impact
Report link ⬇️
➡️TTR 7.5 hours
➡️Koadic and Empire for C2
➡️7+ Credential Access techniques
➡️ADRecon, APS, quser, arp, and nltest for Discovery
➡️RDP and PsExec for Lateral Movement
➡️Files exfiltrated
➡️PYSA ransomware for Impact
Report link ⬇️
March 13, 2025 at 2:18 PM
PYSA/Mespinoza Ransomware
➡️TTR 7.5 hours
➡️Koadic and Empire for C2
➡️7+ Credential Access techniques
➡️ADRecon, APS, quser, arp, and nltest for Discovery
➡️RDP and PsExec for Lateral Movement
➡️Files exfiltrated
➡️PYSA ransomware for Impact
Report link ⬇️
➡️TTR 7.5 hours
➡️Koadic and Empire for C2
➡️7+ Credential Access techniques
➡️ADRecon, APS, quser, arp, and nltest for Discovery
➡️RDP and PsExec for Lateral Movement
➡️Files exfiltrated
➡️PYSA ransomware for Impact
Report link ⬇️
Reposted
Hello #Rochester! 👋 #Graylog will be at #BSidesROC on 3/22 with our Capture The Flag. 🚩
If you're at BSidesROC make sure to catch this fun event lead by the infamous Adam "Abe" Abernethy. Hunt for hidden clues, threats, & terrible puns — & win prizes, of course! 🏆
bsidesroc.com/ctf/ #cybersecurity
If you're at BSidesROC make sure to catch this fun event lead by the infamous Adam "Abe" Abernethy. Hunt for hidden clues, threats, & terrible puns — & win prizes, of course! 🏆
bsidesroc.com/ctf/ #cybersecurity
March 8, 2025 at 12:00 AM
Hello #Rochester! 👋 #Graylog will be at #BSidesROC on 3/22 with our Capture The Flag. 🚩
If you're at BSidesROC make sure to catch this fun event lead by the infamous Adam "Abe" Abernethy. Hunt for hidden clues, threats, & terrible puns — & win prizes, of course! 🏆
bsidesroc.com/ctf/ #cybersecurity
If you're at BSidesROC make sure to catch this fun event lead by the infamous Adam "Abe" Abernethy. Hunt for hidden clues, threats, & terrible puns — & win prizes, of course! 🏆
bsidesroc.com/ctf/ #cybersecurity
Reposted
Why Cases Go Wrong in DFIR (and how to keep your investigation on track) - Webinar with Expert Brett Shavers @brettshavers.bsky.social
#DFIR #Investigations #Webinar
www.youtube.com/watch?v=LfyD...
#DFIR #Investigations #Webinar
www.youtube.com/watch?v=LfyD...
Why Cases Go Wrong in DFIR - Webinar with Expert Brett Shavers
YouTube video by Ali Hadi
www.youtube.com
November 25, 2024 at 11:11 PM
Why Cases Go Wrong in DFIR (and how to keep your investigation on track) - Webinar with Expert Brett Shavers @brettshavers.bsky.social
#DFIR #Investigations #Webinar
www.youtube.com/watch?v=LfyD...
#DFIR #Investigations #Webinar
www.youtube.com/watch?v=LfyD...
Reposted
Investigation Scenario 🔎
You received the depicted Suricata alert related to Impacket usage.
What do you look for to investigate whether an incident occurred and its extent?
#InvestigationPath #DFIR #SOC
You received the depicted Suricata alert related to Impacket usage.
What do you look for to investigate whether an incident occurred and its extent?
#InvestigationPath #DFIR #SOC
![alert tcp any any -> any [139,445] (msg:"ET CURRENT_EVENTS [Fireeye] M.HackTool.SMB.Impacket-Obfuscation.[Service Names] M9"; content:"|ff 53 4d 42|"; offset:4; depth:4; content:"|57 00 69 00 6e 00 64 00 6f 00 77 00 73 00 20 00 20 00 55 00 70 00 64 00 61 00 74 00 65|"; distance:0; fast_pattern; reference:url,github.com/fireeye/red_team_tool_countermeasures; classtype:trojan-activity; sid:2031308; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2020_12_08, deployment Perimeter, signature_severity Major, updated_at 2020_12_08;)](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:vofpn6dsqirtoehz64g4pac4/bafkreicwqg3qzrryi3qrqzkusjqy5weapxs7c2wc3imusdwx2xdr5ggt5m@jpeg)
November 26, 2024 at 3:00 PM
Investigation Scenario 🔎
You received the depicted Suricata alert related to Impacket usage.
What do you look for to investigate whether an incident occurred and its extent?
#InvestigationPath #DFIR #SOC
You received the depicted Suricata alert related to Impacket usage.
What do you look for to investigate whether an incident occurred and its extent?
#InvestigationPath #DFIR #SOC