After the launch of Cloud Labs last month, we're excited to share with you the new 𝐏𝐫𝐞𝐦𝐢𝐮𝐦 lab for this month. We are committed to brining you a (at least one) new lab every month! Sign-up now: cloudlabs.invictus-ir.com

🔙 We’re back with a new blog, this time diving into a recent incident response case study. Check it out 👇 invictus-ir.com/news/anatomy-o… #stayInvictus #CloudIncidentResponse #BEC

Get in there! Black Hat is offering a £300 discount, enter the code 𝐇𝐀𝐂𝐊𝐓𝐇𝐄𝐏𝐑𝐈𝐂𝐄 at registration! Register: blackhat.com/eu-25/training… #stayInvictus #CloudIncidentResponse #DFIR

Back with a bang 🧨 A new post in our Cloud Threat Actor series, today is Part V on 𝐒𝐢𝐥𝐤 𝐓𝐲𝐩𝐡𝐨𝐨𝐧 a.ka. HAFNIUM 🐼 So far we've covered: - TraderTraitor - Sea Turtle - Laundry Bear - JavaGhost Blog: invictus-ir.com/news/profiling… #StayInvictus

Get your checkbooks ready....

Someone tried to hack us, read what happened next... invictus-ir.com/news/the-story… #stayInvictus #CloudIncidentResponse #DFIR #BEC

Cloud Labs update for November, we've been cooking in the lab! In our new scenario you can play with EKS, ECR, pipelines and more fun stuff in the cloud. Sign up now and profit of the #BlackFriday deal! cloudlabs.invictus-ir.com #stayInvictus #CloudLabs #CloudIncidentResponse

InfoSec vs. Microsoft

First article on X, let's see if it works!

🧪New year, new lab, same quality! Another lab inspired on real life incident response cases. If you've worked on incidents in Entra ID you probably know the importance of 𝘌𝘯𝘵𝘦𝘳𝘱𝘳𝘪𝘴𝘦 𝘈𝘱𝘱𝘭𝘪𝘤𝘢𝘵𝘪𝘰𝘯𝘴 and 𝘈𝘱𝘱 𝘙𝘦𝘨𝘪𝘴𝘵𝘳𝘢𝘵𝘪𝘰𝘯𝘴. This lab is a deep

Happy is an understatement! This year we will be teaching both our AWS and Microsoft Cloud IR course at Black Hat in Las Vegas. Grateful for this opportunity!

Our latest research on OAuth apps is now live. In this blog we take a look at some case studies where Entra ID apps were abused. We have also included actionable advice on how to prevent these issues in your environment: invictus-ir.com/news/entra-oau… #stayInvictus

Have you ever wondered, what modern cloud compromises look like? This is your chance to investigate one, our newest lab is ready for you! Sign-up now to investigate our latest lab👇 cloudlabs.invictus-ir.com #stayInvictus #CloudLabs #CloudIncidentResponse

Our latest research is live on a recent #AiTM case we worked on together with BIO-ISAC This blog dives into the underlying infrastructure of modern phishing campaigns and includes Indicators of Compromise of this recent campaign. invictus-ir.com/news/the-invis… #stayInvictus

Very excited about this new release. It's been a goal for a long time to have live cloud labs that include Google Cloud and Google Workspace. Which AFAIK no one is doing, give it a go and tell me what you think!

Blog coming soon

We just published an emergency blog on the #Axios compromise. A must read for incident responders and everyone who's been overwhelmed with supply chain package compromises. invictus-ir.com/news/the-poiso… #stayInvictus #CloudIncidentResponse #NPM

📷 The SaaS Hardening Checklist: - Kill "Shadow Consent" – Disable user consent and implement an Admin Consent Workflow. No unvetted app should touch your data. - Audit Permissions – Understand Delegated vs. Application-level access to ensure the principle of least privilege.

Incident Response in the Neocloud ⛅️ Check out the next part on Lambda Cloud invictus-ir.com/news/incident-… #stayInvictus #CloudIncidentResponse #NeoCloud #LambdaCloud

Defeating the Atlas Lion Threat 🦁 Most threat actors want your data. Atlas Lion (Storm-0539) wants your balance sheet specifically, your gift card portals. We have been tracking the evolution of this Moroccan-based group. They aren't just sending simple phishing links; they