Unwrapping Ursnifs Gifts ➡️Initial Access: Ursnif ISO/LNK/DLL ➡️Discovery: Get-ADComputer, nltest, net view, etc. ➡️Credentials: LSASS access ➡️Lateral: Impacket ➡️Persistence: Registry Run Key ➡️C2: Ursnif, Cobalt Strike ➡️Report from 2023 https://lnkd.in/gNt8qu3g
The DFIR Report
Security and Investigations
Real Intrusions by Real Attackers, the Truth Behind the Intrusion.
About us
The Digital Forensics and Incident Response (DFIR) Report. Real Intrusions by Real Attackers, The Truth Behind the Intrusion. In addition to our publicly available reports, we provide a range of specialized services to meet your needs, such as private reports, Command and Control tracking, personalized mentoring, and access to an exclusive detection ruleset. Explore our comprehensive offerings on our Services page at https://thedfirreport.com/services/.
- Website
-
https://thedfirreport.com
External link for The DFIR Report
- Industry
- Security and Investigations
- Company size
- 10,001+ employees
- Type
- Privately Held
Employees at The DFIR Report
Updates
-
ShareFinder: How Threat Actors Discover File Shares Detection Opportunities: Network PowerShell Logs LDAP Logs Object Access Logs https://lnkd.in/gTRKQ-s6
ShareFinder: How Threat Actors Discover File Shares
https://thedfirreport.com
-
🚀DFIR Labs CTF🚀 Our next CTF will be September 7, 1600 – 2000 UTC. ➡️Only $9.99 to join! ➡️Choose Elastic or Splunk as your SIEM ➡️Join our DFIR Labs CTF Discord Server ➡️Top 3 players win swag! Register: https://lnkd.in/gmfW77TK More info: https://lnkd.in/gX5b7PMT
-
-
📉DFIR Labs Weekend Discount📉 Use this discount code to receive 10% off all DFIR Labs cases! Discount expires July 15th 04:00 UTC Discount code: WeekendDiscount07132024 DFIR Labs - https://lnkd.in/gi3sFNTK
The DFIR Report Store
the-dfir-report-store.myshopify.com
-
Collect, Exfiltrate, Sleep, Repeat ➡️Initial Access: Job App VBA Maldoc ➡️Discovery: PS Cmdlets, net, tzutil, etc. ➡️Persistence: Scheduled Tasks ➡️Collection: AutoHotkey Keylogger, Compress-Archive, makecab.exe ➡️C2: Custom PowerShell Framework ➡️Report from 2023 https://lnkd.in/g-bxpmFp
Collect, Exfiltrate, Sleep, Repeat
https://thedfirreport.com
-
📣DFIR Labs Poll📣 What SIEM or analysis platform should we consider integrating next? DFIR Labs Info: https://lnkd.in/gT5ZFbqQ
This content isn’t available here
Access this content and more in the LinkedIn app
-
🎉New DFIR Labs Case We’re releasing a new hard difficulty case based on a private threat brief: Confluence Exploit leads to LockBit Ransomware. ✅Create a timeline ✅Explore the telemetry from a real intrusion using Splunk or Elastic ✅Enhance your investigative skills https://lnkd.in/gCv9jDm6 DFIR Labs Info: https://lnkd.in/gT5ZFbqQ
Confluence Exploit leads to LockBit Ransomware - Private Case #27244
the-dfir-report-store.myshopify.com
-
The DFIR Report reposted this
The NSB Cyber team loves participating in Capture The Flag (CTF) events, a series of individual challenges where participants get to learn, grow, and refine their skills! On Sunday (at 2AM Australia time!), two of our devoted NSB Response & Recovery team members caffeinated themselves and gave the DFIR Report July CTF a good ol’ crack, working independently as per the rules. The net result, one of our team players cracked the top 3! Well done to The DFIR Report for organising such a realistic and fun event. We just hope there will be events more friendly for the APAC timezone in the future! #nostepsbackward #cybersimplified #defendwithconfidence
-
-
The DFIR Report reposted this
I'm thrilled to announce that I was the winner🔥 of a DFIR CTF focused on ransomware cases, organized by The DFIR Report. This challenging event demanded a comprehensive deep dive into data investigation. I'm eagerly looking forward to future competitions and highly recommend that anyone interested in this field.
🚀DFIR Labs CTF🚀 Our next CTF will be July 6, 16:00 – 20:00 UTC. ➡️Only $9.99 to join! ➡️Choose Elastic or Splunk as your SIEM ➡️Join our DFIR Labs CTF Discord Server Register: https://lnkd.in/g5wM-Dny More info: https://lnkd.in/gX5b7PMT
DFIR Labs CTF: July 6, 2024, 16:00 - 20:00 UTC
the-dfir-report-store.myshopify.com
-
🎉 DFIR Labs CTF Event: Success! We’re thrilled to announce the winners of our latest CTF: 🏆 1st Place: Crypto CooCoo (Volodymyr Bohdan) 🥈 2nd Place: friffnz (https://x.com/Friffnz) 🥉 3rd Place: lookingforamaninDFIR A big thank you to all participants and supporters for making this event a success!
🚀DFIR Labs CTF🚀 Our next CTF will be July 6, 16:00 – 20:00 UTC. ➡️Only $9.99 to join! ➡️Choose Elastic or Splunk as your SIEM ➡️Join our DFIR Labs CTF Discord Server Register: https://lnkd.in/g5wM-Dny More info: https://lnkd.in/gX5b7PMT
DFIR Labs CTF: July 6, 2024, 16:00 - 20:00 UTC
the-dfir-report-store.myshopify.com