#dfirday — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #dfirday, aggregated by home.social.
-
Happy Monday, or should I say, Happy #DFIRDay!
That's right, The DFIR Report has dropped another one of their awesome reports, this time covering an attack that involved the #BlackSuit ransomware. There was a dash of #CobaltStrike, #SystemBC, some encoded Powershell commands for defense evasion (and to keep you guessing on what the command really is!), LSASS access for credentials, and ultimately led to the ransomware being deployed. This report provides a great example of all the things the adversary needs to do to be successful in an attack and all the information they need from your environment to do it!
Stay tuned for your Threat Hunting Tip of the Day but while you wait, enjoy the article! Happy Hunting!
And I promise you I am not going to take the easy way out and hit you with the AutoRun registry key hunt package again!
BlackSuit Ransomware
https://thedfirreport.com/2024/08/26/blacksuit-ransomware/Cyborg Security Intel 471 #CyberSecurity #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday