thedfirreport.com/2025/05/19/a... It was fun working on this Report with @pcsc0ut.bsky.social && 0xtornado. I hope my #threathunting friends will find it helpful. We came up with a new detection for Impacket tools in this investigation

🌟New report out today!🌟 Another Confluence Bites the Dust: Falling to ELPACO-team Ransomware Analysis and reporting completed by @pcsc0ut.bsky.social, @irishdeath.bsky.social & @0xtornado 🔊Audio: Available on Spotify, Apple, YouTube and more! thedfirreport.com/2025/05/19/a...

PYSA/Mespinoza Ransomware ➡️TTR 7.5 hours ➡️Koadic and Empire for C2 ➡️7+ Credential Access techniques ➡️ADRecon, APS, quser, arp, and nltest for Discovery ➡️RDP and PsExec for Lateral Movement ➡️Files exfiltrated ➡️PYSA ransomware for Impact Report link ⬇️

🌟New report out today!🌟 Confluence Exploit Leads to LockBit Ransomware Analysis & reporting completed by Angelo Violetti, @malforsec, & @teddy_ROxPin Audio: Available on Spotify, Apple, YouTube and more! thedfirreport.com/2025/02/24/c...

Will the Real Msiexec Please Stand Up? Exploit Leads to Data Exfiltration ➡️Initial Access: CVE-2021-44077 exploited ➡️Execution: Web shell ➡️Credential Access: WDigest + MiniDump ➡️Lat Movement: RDP using Plink ➡️Exfiltration: Sensitive data exfilled thedfirreport.com/2022/06/06/w...

🌟New report out today!🌟 Cobalt Strike and a Pair of SOCKS Lead to LockBit Ransomware Analysis & reporting completed by @r3nzsec, @MyDFIR & @MittenSec. Audio: Available on Spotify, Apple, YouTube and more! thedfirreport.com/2025/01/27/c...