a cat and a dog are looking at each other with the words the dust another one written above them ALT: a cat and a dog are looking at each other with the words the dust another one written above them

thedfirreport.com/2025/05/19/a...
It was fun working on this Report with @pcsc0ut.bsky.social && 0xtornado. I hope my #threathunting friends will find it helpful. We came up with a new detection for Impacket tools in this investigation

Another Confluence Bites the Dust: Falling to ELPACO-team Ransomware Key Takeaways The threat actor first gained entry by exploiting a known vulnerability (CVE-2023-22527) on an internet-facing Confluence server, allowing for remote code execution. Using this access…

🌟New report out today!🌟

Another Confluence Bites the Dust: Falling to ELPACO-team Ransomware

Analysis and reporting completed by @pcsc0ut.bsky.social, @irishdeath.bsky.social & @0xtornado

🔊Audio: Available on Spotify, Apple, YouTube and more!

thedfirreport.com/2025/05/19/a...

DA logged on to DC at midnight and downloaded Advanced IP Scanner………nope, that just Chuck - he forgot where the printer is and is catching up on tickets

PYSA/Mespinoza Ransomware

➡️TTR 7.5 hours
➡️Koadic and Empire for C2
➡️7+ Credential Access techniques
➡️ADRecon, APS, quser, arp, and nltest for Discovery
➡️RDP and PsExec for Lateral Movement
➡️Files exfiltrated
➡️PYSA ransomware for Impact

Report link ⬇️

Confluence Exploit Leads to LockBit Ransomware Key Takeaways The intrusion began with the exploitation of CVE-2023-22527 on an exposed Windows Confluence server, ultimately leading to the deployment of LockBit ransomware across the environment.…

🌟New report out today!🌟

Confluence Exploit Leads to LockBit Ransomware

Analysis & reporting completed by Angelo Violetti, @malforsec, & @teddy_ROxPin

Audio: Available on Spotify, Apple, YouTube and more!

thedfirreport.com/2025/02/24/c...

And also, lets be honest here Mark. The goal of AI and these LLMs is to replace these specific jobs (and more) and workers, and create more wealth disparity than already exists. This technology is NOT being created to benefit anyone other than companies and rich people. It could….but lets be real

I think the hate is well deserved. The world has been subject to an epistemic crisis since the proliferation of social media. The same people who have curated that crisis we are living out now are driving AI LLM - those who create the tech will control fact through nuanced lies and omissions

Will the Real Msiexec Please Stand Up? Exploit Leads to Data Exfiltration In this multi-day intrusion, we observed a threat actor gain initial access to an organization by exploiting a vulnerability in ManageEngine SupportCenter Plus. The threat actor, discovered files o…

Will the Real Msiexec Please Stand Up? Exploit Leads to Data Exfiltration

➡️Initial Access: CVE-2021-44077 exploited
➡️Execution: Web shell
➡️Credential Access: WDigest + MiniDump
➡️Lat Movement: RDP using Plink
➡️Exfiltration: Sensitive data exfilled

thedfirreport.com/2022/06/06/w...

Cobalt Strike and a Pair of SOCKS Lead to LockBit Ransomware Key Takeaways This intrusion began with the download and execution of a Cobalt Strike beacon that impersonated a Windows Media Configuration Utility. The threat actor used Rclone to exfiltrate data…

🌟New report out today!🌟

Cobalt Strike and a Pair of SOCKS Lead to LockBit Ransomware

Analysis & reporting completed by @r3nzsec, @MyDFIR & @MittenSec.

Audio: Available on Spotify, Apple, YouTube and more!

thedfirreport.com/2025/01/27/c...

The Refreshments - Banditos (Official Video) YouTube video by Y2JFan

95 - not 98, but.......
youtu.be/BwGkyO3RQMo?...