🌟 Dissect Task Board Now Live! 🌟 Dive into Dissect projects, select tasks, suggest features, and code with a global community. Let's innovate together! 🔗 Look under issues in each Dissect project, or use this filter (log in needed) github.com/issues?q=is%3A…

Check out our latest blog where we pluck the feathers off Android Malware Vultur's latest variants, revealing its most recent developments in masquerading malicious activity and how it maximises remote control over infected devices. blog.fox-it.com/2024/03/28/and…

🚀 Our open-source Dissect project now supports reading Fortinet firmware files! 🛡️ Easily mount, browse or dump FortiGate firmware files hassle-free with Dissect. No extra steps needed! #Dissect #Fortinet #FortiGate #Firmware github.com/fox-it/dissect…

This blog is part of a series written by various Dutch cyber security firms that have collaborated on the Cactus ransomware group, which exploits Qlik Sense servers for initial access. blog.fox-it.com/2024/04/25/sif…

Say hello to Dissect summer release V.3.15! · Major rewrite of dissect core engine – cstruct v.4.0 is now released! · Target tools usability improvements · MPLog parser added to Windows defender plugin · Identification of Windows 11 improved Release 3.15 · fox-it/dissect · GitHub

Check out our latest blog from our Red Team about EDR evasion through malware virtualisation: blog.fox-it.com/2024/09/25/red…

Hey cyber sleuths! Dissect open source just turned two, and we're not done celebrating. Surprise! Our Dissect add-on for Splunk is now also open sourced, making your Dissect records ingestion a breeze. Prepare to enhance your Splunk powers! 🥳 lnkd.in/g38ii8Et

Our SOC detected suspicious activity from 158.247.199[.]37 directed at FortiManager ports as early as May 2024. #threatintel #fortianalyzer #fortijump fortiguard.com/psirt/FG-IR-24…

Pivoting on the SimpleHTTP server on port 443 (but not TLS) and ASN 20473 we found servers that are likely related to the #FortiJump #FortiManager CVE-2024-47575 exploitation campaign that are not yet publicly mentioned. IOCs: * 107.191.63[.]169 * 139.180.138[.]190 *

Some of these servers show similarities with known attacker infra, like hosting *.js files. We observed compromised FortiManager devices use cURL to retrieve such files, e.g. dom.js. Another server had a file named exp-7.2.6.py, which is also a valid FortiManager

Dissect release v3.17 - what's new? 🔹Support for BitLocker and LUKS encrypted disks 🔹Support for BSD Vinum volumes 🔹A new MSSQL log parser 🔹Retrieve installed Ubuntu Snap & Windows applications 🔹Now possible to create aliases in target-shell github.com/fox-it/dissect…

🔒Great news for #DFIR folks! Dissect now supports both BitLocker & LUKS encrypted disks, making forensic analysis smoother and more comprehensive. Another step forward for digital forensics capabilities! Read more in this blog: blog.fox-it.com/2024/12/11/dec… #InfoSec #DigitalForensics

🧀 𝗡𝗲𝘄 𝗯𝗹𝗼𝗴: "𝗧𝗵𝗿𝗲𝗲 𝗟𝗮𝘇𝗮𝗿𝘂𝘀 𝗥𝗔𝗧𝘀 𝗖𝗼𝗺𝗶𝗻𝗴 𝗳𝗼𝗿 𝗬𝗼𝘂𝗿 𝗖𝗵𝗲𝗲𝘀𝗲" Read about PondRAT, ThemeForestRAT and RemotePE - three RATs we encountered during incident response involving the Lazarus group. Check the indicators and don't let them steal

𝗡𝗲𝘄 𝗗𝗶𝘀𝘀𝗲𝗰𝘁 𝗿𝗲𝗹𝗲𝗮𝘀𝗲 𝘃.𝟯.𝟮𝟬.𝟭 𝗶𝘀 𝗼𝘂𝘁! Important: deprecation notice for Python 3.9, next Dissect version will support Python 3.10 and up - VMFS implementation rewritten from scratch - Mounting btrfs subvolumes with target-mount enabled - Performance

Sharing is caring! We've uploaded malware samples from our latest Lazarus research to VirusTotal (d86c51db1a0f3c6b71b1b62a766d6daa). This includes macOS, Linux and Windows samples used by this actor, such as custom screenshotters and keyloggers. See our blogpost for the hashes: