Bypassing MFA: A Forensic Look At Evilginx2 Phishing Kit More awesome work by the Stroz Friedberg, a LevelBlue company team aon.com/cyber-solution…

📣 Attn: Chicago-area college students! 🎓 I’m giving away 1 VIP ticket to THOTCON!, May 19-20! 🎉 Don't miss this opp to attend one of the best hacking confs in the world. DM for entry into giveaway, must be able to prove current enrollment. #thotcon #cybersecurity #hacker

Stroz Friedberg, a LevelBlue company has released a new tool, SIDR, to parse Windows Search Index databases on Windows 10 and 11. Lot of important info in these DBs that's relevant for DFIR cases. github.com/strozfriedberg… #Windows #DFIR #opensource #StrozFriedberg #incidentresponse

Want to learn more about the #Windows #Registry and our open-source registry parser? Check out Kim Stone and Shane McCulley's talk on "Windows Registry Forensics: There's Always Something New" at the 2023 #SANS #DFIRSummit on Aug 3 sans.org/cyber-security… #DFIR #StrozFriedberg

Want to gain insights into unique #M365 attack techniques seen in the wild? Be sure to catch John Ailes and Julia Paluch live at the @SansInstitute #DFIRSummit at 6 PM ET. #StrozFriedberg #DFIR Be sure to register and attend here: sans.org/u/1pkc

“Keep the F in DFIR: The Importance of Digital Forensics in Incident Response” with Partha Alwar and Carly Battaile at Blue Team Con 2023.

I made some python (an IDA Python and standalone) scripts for analysis of Crytox/.wait ransomware. It deals with resolving the API hashes used by the malware. github.com/w3tmo/CrytoxTo… #DFIR #Malware #Crytox

Race condition during crash dump -> Signing key in crash dump -> Dump makes its way from isolated network to internet-connected debugging environment -> TA compromises engineer with access to debugging environment

Threat actors always find creative ways to evade detection by security teams. Join Partha Alwar and Mahmoud El Halabi as they take the stage to present their talk, “The Arms Race of Evasion: Evolving Evasion Techniques in Incident Response” at the SANS APAC DFIR Summit tonight

Stroz Friedberg produced a Client Advisory in August 2023 on the financially motivated criminal group #ScatteredSpider (aka Roasted #0Ktapus, #UNC3944). Read our report about their #socialengineering tactics, #reconnaissance, and our recommendations to prevent similar

More than half of the breaches investigated by Stroz Friedberg DFIR in 2022 included phishing as an initial access technique. Learn more about evolving #phishing techniques in our latest blog where we talk about brand impersonation, consent phishing, and the usage of phishing kits.

#ScatteredSpider thread:

🚨 Dive into our newest blog post: Detecting "Effluence" - an unauthenticated Confluence Web Shell 🕵️ Stroz Friedberg discovers a persistent backdoor installed by threat actors after exploiting Confluence vulnerabilities. This backdoor is accessible remotely without Confluence

🚨 Gain insights into attack patterns observed across several incidents involving #Makop #ransomware Read more: aon.com/cyber-solution… #DFIR #IncidentResponse #Aon #StrozFriedberg

🔮 Introducing Catalyst Quests: Your chance to step into the storied role of a science patron. Engage with cutting-edge research, grow the community, earn XP, and climb the DeSci leaderboard. Step into your legacy 🧙‍♂️⬇️

Let's dive into the science! 🤿 There are just 3 days left to support Project Transfidelity! Still not sure how it fits into brain health and longevity? benjels put on his science teacher hat and walked us through the whole project. 🧑‍🏫

Thankful to have been able to contribute a tiny bit to his awesome blog post by my teammate Zach Reichert Stroz Friedberg DFIR aon.com/en/insights/cy…

Hiring for a Full Stack Solana Dev at Molecule . Come build science at NASDAQ speeds with us. moleculeto.notion.site/Full-Stack-Sol…

🚀 Exciting Early Careers Opportunity in #DFIR! 🚀 Love solving puzzles? Want to be on the front lines of investigating cyber investigations? Kickstart your career with our Stroz Friedberg Digital Forensics and Incident Response practice! Our Cyber Associate Program is a

🧵 Thread 1/ So you want to track Scattered Spider but Censys and Shodan are just too slow? Here's the cheat sheet! 🕵️‍♂️ Scattered Spider registers their domains using the nameserver ns3.my-ndns[.]com. We can passively monitor this DNS for new domains. 🕸️ Don't have DomainTools