Xmas is a time for gift-giving🎁 Join our #ChristmasGiveaway 🎄3 books of Practical Malware Analysis signed by the author Michael Sikorski 🎄1 month of Searcher 🎄1 month of Hunter Rules are simple: follow us and share this post. On 25th December, we’ll announce 5 winners. Good luck!

Cobalt Strike, a Defender's Guide - Part 2 ➡️In this report we talk about domain fronting, SOCKS proxy, C2 traffic, Sigma rules, JARM, JA3/S, RITA & more. Big shout-out to Kostas for helping put this together! thedfirreport.com/2022/01/24/cob…

I’m going to randomly pick 3 people who retweet this to receive a copy of the book. I’ll tweet out the winners tomorrow. I’ll also be giving away two more copies later this week complements of Ray [REDACTED]! …and maybe a couple more next week just for university students

"If you're involved in security operations at any level, you'll get value from Investigation Theory. Even if you've done SOC work for years, you'll learn and be able to improve your craft." - AND Student Learn More Here: networkdefense.co/courses/invest…

Giveaway time! We are going to send a t-shirt and few goodies to one person who follows PentesterLab and likes this tweet !! And we are going to give a 1-year voucher to someone who RT this tweet!

It's been a while since our last discount, so time for another! Until June 20th you can grab the Zero2Automated course for 15% off, using code "BAZAR", giving you lifetime access to all 25+ hours of course content, the course discord community, and more! courses.zero2auto.com/?coupon=BAZAR

A quick demo of how to identify "real" exported functions from a #obfuscated #IcedID dll file. I'll also briefly touch on some #Ghidra tips, and how to extract #shellcode using a debugger. A moderate sized thread😃 [1/13]

Great tool! » Introducing Decompiler Explorer binary.ninja/2022/07/13/int…

BumbleBee: Round Two ➡️Initial Access: Bumblebee ISO>LNK>DLL ➡️Persistence: AnyDesk, Added Local Admin ➡️Discovery: LOLbins, AdFind ➡️Credentials: LSASS Dump ➡️Lateral: SMB, Remote Services, RDP ➡️C2: Bumblebee, Meterpreter, CobaltStrike thedfirreport.com/2022/09/26/bum…

Follina Exploit Leads to Domain Compromise ➡️Initial Access: Word Doc exploiting Follina ➡️Persistence: Scheduled Tasks ➡️Discovery: ADFind, Netscan, etc. ➡️Lat Movement: SMB, Service Creation, RDP ➡️C2: #CobaltStrike, Qbot, NetSupport, Atera/Splashtop thedfirreport.com/2022/10/31/fol…

BumbleBee Zeros in on Meterpreter ➡️Initial Access: Contact Forms/Stolen Images/ISO ➡️PrivEsc: WSReset & Slui UAC Bypass, Zerologon CVE2020-1472 ➡️Cred Access: Procdump LSASS, reg dump SAM/SEC/SYS hives ➡️C2: BumbleBee, Meterpreter, CobaltStrike thedfirreport.com/2022/11/14/bum… 1/X

Emotet Strikes Again – LNK File Leads to Domain Wide Ransomware ➡️TTR: 154 hours ➡️Discovery: nltest, net group, ShareFinder, etc. ➡️Exfil: Rclone Transfer to Mega ➡️C2: CobaltStrike, AnyDesk, Tactical RMM Agent ➡️Impact: Quantum Ransomware thedfirreport.com/2022/11/28/emo… 1/X

⭐️GIVEAWAY!⭐️ I'm giving away 10 digital copies of Digital Forensics and Incident Response, 3rd Edition by GERARD JOHANSEN Packt Publishing Winners will be announced Friday, @ 12pm EST 🥳 Enter by liking, sharing, and commenting 😊

ShareFinder: How Threat Actors Discover File Shares Detection Opportunities: ➡️ Network ➡️ PowerShell Logs ➡️ LDAP Logs ➡️ Object Access Logs thedfirreport.com/2023/01/23/sha…

Malicious ISO File Leads to Domain Wide Ransomware ➡️Initial Access: IcedID ISO ➡️Credentials: DCsync ➡️PrivEsc: ZeroLogon ➡️Lateral: RDP, SMB/Remote Service, WMI ➡️C2: IcedID, Cobalt Strike, Anydesk ➡️Exfil: Rclone to Mega ➡️Impact: Quantum Ransomware thedfirreport.com/2023/04/03/mal…

HTML Smuggling Leads to Domain Wide Ransomware ➡️Initial Access: Thread-Hijacked Email > HTML Attachment ➡️Credentials: LSASS Access, SessionGopher ➡️Lateral Movement: RDP, PsExec ➡️C2: IcedID, Cobalt Strike ➡️Impact: Nokoyawa Ransomware thedfirreport.com/2023/08/28/htm… 1/X

NetSupport Intrusion Results in Domain Compromise ➡️Initial Access: Zip in Email ➡️Execution: Batch scripts, NetSupport ➡️Credential Access: NTDS.dit dump, LSASS Dump ➡️Lateral Movement: RDP, SMB, wmiexec/atexec ➡️C2: NetSupport RAT, SSH Tunnel thedfirreport.com/2023/10/30/net…

🎁 GIVEAWAY TIME! 🎁 - I'm giving away 2 seats for my brand new "Hands-On Kusto Query Language (KQL) for Security Analysts" course! Please follow Blu Raven , Comment, and Repost to participate. 👉 academy.bluraven.io/hands-on-kusto… Two random winners will be announced on 5 December

Lets Open(Dir) Some Presents: An Analysis of a Persistent Actor’s Activity ➡️Initial Access: sqlmap, ghauri, metasploit, exploits ➡️Persistence: weevely, SharPersist ➡️C2: Sliver, Meterpreter ➡️PrivEsc: Schtasks, LinPEAS, Metasploit and more! thedfirreport.com/2023/12/18/let…

🎄Holiday Giveaway 1/2!🎄 🎁Like, RT and comment for a chance to win free swag! 💬 Provide feedback on our reports or services & DOUBLE your chances! 🌟Must be following to win! 🕘10 winners will be chosen on 12/22 @ 15:00UTC 🎉Stay tuned for the next giveaway!