The job posts here are a good example of how companies are starting to recognize the value of students learning from OST2 and seek self-starter employees who are using our classes to skill up! www.linkedin.com/posts/piment...
Week 25 - 2025 #DFIR
thisweekin4n6.com/2025/06/22/w...
When the vulnerability in third-party code isn't in the third-party code:
labs.watchtowr.com/expression-p...
Congratulations to all of the Volatility contributors - this was no small feat! We are proud to be a sustaining sponsor of this important open-source project that remains the world’s most widely used memory forensics platform. #dfir
#ESETresearch, in collaboration with #Microsoft, BitSight, Lumen, Cloudflare, CleanDNS, and GMO Registry, has helped disrupt #LummaStealer – a notorious malware-as-a-service infostealer. @jakubtomanek.bsky.social www.welivesecurity.com/en/eset-rese... 1/5
Dropping new research - this time on recent #XDSpy operations. Out of hundreds of LNK files leveraging ZDI-CAN-25373, we isolated a tiny cluster using an additional LNK parsing trick, leading us to uncover a multi-stage infection chain actively targeting government entities
How you qualify an incident determines how well you’ll contain it.
I broke down my real-world process for getting accurate, useful answers fast, even when the info is chaotic or wrong.
If you’re in DFIR, this one’s for you !
y0sh1mitsu.github.io/posts/qualif...
Check out our new report on a TA4557 intrusion.
Make sure your team that handles resumes recognises these fake lures!
Investments in EU cybersecurity startups is lagging way behind both the US and Israel... by a lot-lot!
PDF: www.tikehaucapital.com/~/media/File...
Zyxel has no plans to release patches for two zero-days under attack and is advising customers to replace vulnerable routers. The company says these devices have been “EOL for years” - but the devices are not on Zyxel’s EOL page, and some are still available to buy techcrunch.com/2025/02/05/r...
The best way to start with malware reverse engineering is to start reverse engineering malware.
There’s a ton of free samples everywhere (shout out to @vxundergroundre.bsky.social).
If you want to start with Android take a look at the link below
maldroid.github.io/android-malw...
🚀 New OpenRelik release
Role-based access control, folder sharing, database improvements, optimisations for file listings, chunked file uploads, bug fixes and refactoring efforts to improve stability.
📝 https://openrelik.org/changelog/
🔗 https://discord.gg/hg652gktwX
#DFIR
#ESETresearch reveals the first Linux UEFI bootkit, Bootkitty. It disables kernel signature verification and preloads two ELFs unknown during our analysis. Also discovered, a possibly related unsigned LKM – both were uploaded to VT early this month. www.welivesecurity.com/en/eset-rese... 🧵
Good morning, or evening.
After a months, we're finally releasing the Dispossessor ransomware leaks. They're now available to download.
Please exercise extreme caution. This archive contains ransomware payloads.
vx-underground.org/Archive/Disp...
Excited that we @volexity.com are able to share a writeup of one of our most interesting incidents! This case involves:
* A 0-day exploit
* Physical trips to the customer site to determine root cause
* Compromise via Wi-Fi.
www.volexity.com/blog/2024/11...
#nearestneighbor #threatintel
🚨 New Research Drop:
🇰🇵 DPRK IT Workers | A Network of Active Front Companies and Their Links to China
Summary:
⚪ Newly Disrupted Front Companies by USG
⚪ Impersonating US based software and tech orgs
⚪ Links to still-active front orgs, CN association
Report:
www.sentinelone.com/labs/dprk-it...
Cyberattackers may have compromised lots of organizations by exploiting two zero-day vulnerabilities found in widely used Palo Alto Networks systems. unit42.paloaltonetworks.com/cve-2024-001...
Podcast: risky.biz/RBNEWS364/
Newsletter: news.risky.biz/risky-biz-ne...
-US charges five Scattered Spider members
-Apple fixes macOS zero-days
-T-Mobile finally stops a breach
-US takes down PopeyeTools carding portal
-Thailand throws out NSO lawsuit
-Microsoft develops something dumb, part 9,136
Uncover one of Volexity's toughest cases!
Join Steven Adair at #CYBERWARCON as he details how his team traced a major incident to a Russian APT, tackling zero-day exploits and stealthy tactics.
Don’t miss it—grab your ticket! 🎟️
www.cyberwarcon.com/registration
📑 Detection Lists 📑
github.com/mthcht/awesome…
#ThreatHunting #DFIR #SOC
@volexity.bsky.social has published a blog post detailing variants of LIGHTSPY & DEEPDATA malware discovered in the summer of 2024, including exploitation of a vulnerability in FortiClient to extract credentials from memory. Read more here: www.volexity.com/blog/2024/11...
Hello! 👋 Joining all the cool kids over here. Follow @13Cubed.bsky.social for 13Cubed content.
#Linux lacks a resource like the Windows Master File Table ($MFT). I've developed this #Velociraptor artifact to collect metadata from files and folders recursively in selected paths to create a bodyfile. This may bring an MFT-like feel to filesystem analysis. #dfir
github.com/chrisdfir/Ve...
Supply chain malware from an infected game mod 🤯😱 Long-form reverse engineering and a WILD ride: Binary Ninja, x64dbg, 010 Editor, PEB walking, reworking API function hashing in Python, DLL search-order hijacking, hooked functions & more. MASSIVE video: jh.live/bvyklJ5Wie0
