If you've had this problem (see pic), NTFS Journal REWIND solves it! . New blog post + code. No more unknown paths. cybercx.com.au/blog/ntfs-usnj… #NTFS #DFIR

Thank you to all that entered the The DFIR Report lab giveaway! Our winners are: 🎁Alberto Paco - Case #23825 🎁Dino Santic - Case #19438 🎁threathka - Case #23825 Winners - please DM me and I'll send through your lab!

NEW LAB RELEASE: Husky Corp 🥳 Midnight Blizzard have compromised Husky Corp in this end-to-end cloud lab. Test your skills on: 👀Pass the PRT (Token Based Attacks) 👀Entra ID Backdoors 👀Skeleton Key Attack 👀 Managed Identity Abuse 👀Cloud Administrator Privilege Escalation

NEW LAB RELEASE: TechTonik Inc 🥳 End-to-end emulation of a CISA write-up about Russian Intelligence attacking Jetbrains to target tech companies (APT29) 👇Solve the incident here 👇 xintra.org Test your detection skills on: 👀 TeamCity Exploitation (N-Day) 👀

New report recently delivered to our all intel customers: ➡50+ gov sites compromised ➡Backdoors on IIS servers ➡SEO manipulation to boost a gambling site ➡Chinese Attribution and Tooling ➡Custom Infra and Tooling Interested in learning more ➡️ thedfirreport.com/contact/

NEW LAB 🥳: WinDbg Crash Dump Analysis by DebugPrivilege Using WinDbg to analyze dumps of CVE-2024-29824 and CVE-2023-29357 exploited in the wild. 👇Solve the incident here 👇 xintra.org Test your memory forensic skills on: 👀Reflective DLL Injection

NEW LAB RELEASE: Airbuzz✈️🔍 Lazarus Group (North Korea) targeting aerospace defence companies as a part of their 3 year long Operation Dream Job campaign. 👇Solve the incident here👇 xintra.org Test your blue team skills on: 👀Memory Analysis 👀 PCAP

Inside the Open Directory of the “You Dun” Threat Group Analysis & reporting completed by @pcsc0ut & Zach. Audio: Available on Spotify, Apple, YouTube and more! Report: thedfirreport.com/2024/10/28/ins…

Check out our new report on a TA4557 intrusion. Make sure your team that handles hiring/resumes recognises these lures!

NEW LAB: Mustang Panda 🐼🔍 Chinese cyber espionage APT targeting a government body across the U.S, Europe, and APAC Test your blue team skills on 👀 .NET malware 👀 DLL Sideloading 👀 Webshells 👀 Procdumps Lab Contributors Adversarial Emulation: MDSec ali 🕷️

New XINTRA course‼️ Advanced IIS Post Exploitation, Detection & Evasion Modern APT groups are actively weaponizing ToolShell and fileless IIS tradecraft to compromise Exchange, SharePoint, ASP workloads. If your detection and response capabilities lag exposure, this course

NEW LAB: APT40 Ivanti Exploitation APT40 (Chinese Hainan State Security Department) targets the Department of Trade and Finance of Meow Islands by exploiting a vulnerable Ivanti appliance. The investigation involves: 🔸Ivanti Connect Secure exploitation 🔸Appliance filesystem