Come see a talk from one of the key drivers of this research. #UNC4841 is noteworthy not only for their crafty exploitation of Barracuda ESGs, but for their ability to quickly adapt to remediation efforts.

Don’t tell me, show me.

The priority and order of too much threat intel seems to be narrative first, data/evidence second. The story I want to be told is not your hypothesis, it’s how you got there. We would all benefit from getting a lot more comfortable showing our work.

coinminer groups using firewall exploits a week after the pros have their turn

Rising mud bathes all hogs

twitter Infosec charlatans providing incident response updates for a case they aren’t working

When Bryce went to Bryce, Bryce bought Van a Bryce shirt. So when Van went to Bryce, Van bought Bryce a Bryce shirt. Now Bryce must go to Van and buy Van a Van shirt. #vancity #MYcity

happy holidays

my nfl team has a bye week so I am gonna curl up and watch my favorite Disney Pixar film today

update, semi yearly quarterly cyber crime power tiers

Friday drop - a lil POC for trying to find similarity across Macho files!

tl;dr two scripts to get:
🔧 dylib hash (dependencies)
🏗️ export hash
🛂 import hash
👷‍♂️ certificate name

hoping we can use this to a our quick pivots across Mac malware !

github.com/g-les/macho_si…

Another great LABScon

Nice work Brendan and Ray

when the ransomware UNC invites a new guy who has negative reputation to the group

Incredible reporting detailing the vulnerability ecosystem within China, and how that very ecosystem enables their cyber actors.

qakbot admins asking how many bots remain online

Mandiant Just dropped our deep-dive analysis on the #UNC4841 🇨🇳 global espionage campaign exploiting a 0-day in Barracuda ESG appliances since OCT 2022. We include more information about how #UNC4841 responded to remediation activities
mandiant.com/resources/blog…

Today we launched a 🔎 scanning tool for orgs to search their Citrix netscalers for evidence of CVE-2023-3519 post-exploration. You can run this direct on the ADC or against a forensic image. With public POCs out there expect more exploitation!

mandiant.com/resources/blog…
#DFIR