The DFIR Report

Unwrapping Ursnifs Gifts ➡️Initial Access: Ursnif ISO/LNK/DLL  ➡️Discovery: Get-ADComputer, nltest, net view, etc. ➡️Credentials: LSASS access ➡️Lateral: Impacket ➡️Persistence: Registry Run Key ➡️C2: Ursnif, Cobalt Strike ➡️Report from 2023 https://lnkd.in/gNt8qu3g

ShareFinder: How Threat Actors Discover File Shares Detection Opportunities: Network PowerShell Logs LDAP Logs Object Access Logs https://lnkd.in/gTRKQ-s6

🚀DFIR Labs CTF🚀 Our next CTF will be September 7, 1600 – 2000 UTC. ➡️Only $9.99 to join! ➡️Choose Elastic or Splunk as your SIEM ➡️Join our DFIR Labs CTF Discord Server ➡️Top 3 players win swag! Register: https://lnkd.in/gmfW77TK More info: https://lnkd.in/gX5b7PMT

📉DFIR Labs Weekend Discount📉 Use this discount code to receive 10% off all DFIR Labs cases! Discount expires July 15th 04:00 UTC Discount code: WeekendDiscount07132024 DFIR Labs - https://lnkd.in/gi3sFNTK

Collect, Exfiltrate, Sleep, Repeat ➡️Initial Access: Job App VBA Maldoc ➡️Discovery: PS Cmdlets, net, tzutil, etc. ➡️Persistence: Scheduled Tasks ➡️Collection: AutoHotkey Keylogger, Compress-Archive, makecab.exe ➡️C2: Custom PowerShell Framework ➡️Report from 2023 https://lnkd.in/g-bxpmFp

📣DFIR Labs Poll📣 What SIEM or analysis platform should we consider integrating next? DFIR Labs Info: https://lnkd.in/gT5ZFbqQ

🎉New DFIR Labs Case We’re releasing a new hard difficulty case based on a private threat brief: Confluence Exploit leads to LockBit Ransomware. ✅Create a timeline ✅Explore the telemetry from a real intrusion using Splunk or Elastic ✅Enhance your investigative skills https://lnkd.in/gCv9jDm6 DFIR Labs Info: https://lnkd.in/gT5ZFbqQ

The NSB Cyber team loves participating in Capture The Flag (CTF) events, a series of individual challenges where participants get to learn, grow, and refine their skills! On Sunday (at 2AM Australia time!), two of our devoted NSB Response & Recovery team members caffeinated themselves and gave the DFIR Report July CTF a good ol’ crack, working independently as per the rules. The net result, one of our team players cracked the top 3! Well done to The DFIR Report for organising such a realistic and fun event. We just hope there will be events more friendly for the APAC timezone in the future! #nostepsbackward #cybersimplified #defendwithconfidence

I'm thrilled to announce that I was the winner🔥 of a DFIR CTF focused on ransomware cases, organized by The DFIR Report. This challenging event demanded a comprehensive deep dive into data investigation. I'm eagerly looking forward to future competitions and highly recommend that anyone interested in this field.

🎉 DFIR Labs CTF Event: Success! We’re thrilled to announce the winners of our latest CTF: 🏆 1st Place: Crypto CooCoo (Volodymyr Bohdan) 🥈 2nd Place: friffnz (https://x.com/Friffnz) 🥉 3rd Place: lookingforamaninDFIR A big thank you to all participants and supporters for making this event a success!