Mastouille

0 message0 participant0 message aujourd’hui

Beercow :python: :verified:Updated OneDrive Evolution. You can now compare two versions of OneDrive and see what has changed. <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DFIR</a><a href="https://malwaremaloney.blogspot.com/p/onedrive-evolution.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://malwaremaloney.blogspot.com/p/onedrive-evolution.html</a>

JRTOn a recent engagement a USB <a href="https://infosec.exchange/tags/keylogger" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#keylogger</a> was found. My colleague Cass and I analyzed the key logger to find leads towards the threat actor. We have written down what we learned on our side quest:<a href="https://research.hisolutions.com/2025/07/a-tale-of-practical-keylogger-forensics/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://research.hisolutions.com/2025/07/a-tale-of-practical-keylogger-forensics/</a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DFIR</a> <a href="https://infosec.exchange/tags/Forensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Forensics</a>

volatilityThe 13th annual <a href="https://infosec.exchange/@volatility" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@volatility</a> <a href="https://infosec.exchange/tags/PluginContest" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PluginContest</a> is now OPEN! This is a meaningful way to contribute to open source forensics & gain community-wide visibility for your work. And, as always, winners get cash prizes!Submission Deadline: 31 December 2025You can find full details in our latest blog post: <a href="https://volatilityfoundation.org/the-13th-annual-volatility-plugin-contest-is-open/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://volatilityfoundation.org/the-13th-annual-volatility-plugin-contest-is-open/</a><a href="https://infosec.exchange/tags/dfir" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dfir</a> <a href="https://infosec.exchange/tags/memoryforensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#memoryforensics</a>

Alexis Brignoni :python: :donor:You got me...<a href="https://infosec.exchange/tags/DigitalForensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DigitalForensics</a> <a href="https://infosec.exchange/tags/MobileForensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MobileForensics</a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DFIR</a>

volatilityREMINDER: The Call for Speakers for <a href="https://infosec.exchange/tags/FTSCon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FTSCon</a> is open! The deadline is July 23.See the full details in our blog post: <a href="https://volatilityfoundation.org/announcing-ftscon-2025-in-person-malware-and-memory-forensics-training/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://volatilityfoundation.org/announcing-ftscon-2025-in-person-malware-and-memory-forensics-training/</a><a href="https://infosec.exchange/tags/dfir" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dfir</a>

LMG SecurityHundreds of Brother printer models are affected by a critical, unpatchable vulnerability (CVE-2024-51978) that allows attackers to generate the default admin password using the device’s serial number—information that’s easily discoverable via other flaws.748 total models across Brother, Fujifilm, Ricoh, Toshiba, and Konica Minolta are impacted, with millions of devices at risk globally.Attackers can: • Gain unauthenticated admin access • Pivot to full remote code execution • Exfiltrate credentials for LDAP, FTP, and more • Move laterally through your networkBrother says the vulnerability cannot be fixed in firmware and requires a change in manufacturing. For now, mitigation = change the default admin password immediately.Our pentest team regularly highlights printer security as a critical path to system compromise—and today’s news is another example that underscores this risk. This is your reminder: Printers are not “set-and-forget” devices. Treat them like any other endpoint—monitor, patch, and lock them down.Need help testing your network for exploitable print devices? Contact us and our pentest team can help!Read the Dark Reading article for more details on the Brother Printers vulnerability: <a href="https://www.darkreading.com/endpoint-security/millions-brother-printers-critical-unpatchable-bug" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.darkreading.com/endpoint-security/millions-brother-printers-critical-unpatchable-bug</a><a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/PenetrationTesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PenetrationTesting</a> <a href="https://infosec.exchange/tags/Pentest" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Pentest</a> <a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Pentesting</a> <a href="https://infosec.exchange/tags/PrinterSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PrinterSecurity</a> <a href="https://infosec.exchange/tags/BrotherPrinters" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BrotherPrinters</a> <a href="https://infosec.exchange/tags/CVE202451978" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CVE202451978</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/IT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IT</a> <a href="https://infosec.exchange/tags/SMB" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SMB</a> <a href="https://infosec.exchange/tags/CISO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CISO</a> <a href="https://infosec.exchange/tags/Cyberaware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cyberaware</a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DFIR</a> <a href="https://infosec.exchange/tags/ITSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ITSecurity</a> <a href="https://infosec.exchange/tags/ZeroTrust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ZeroTrust</a> <a href="https://infosec.exchange/tags/PatchNow" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PatchNow</a> <a href="https://infosec.exchange/tags/Pentest" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Pentest</a>

Alexis Brignoni :python: :donor:Yup. Go figure. 😂 <a href="https://infosec.exchange/tags/DigitalForensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DigitalForensics</a> <a href="https://infosec.exchange/tags/MobileForensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MobileForensics</a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DFIR</a>

Mike ShewardMy previous intro post was a few years old, so behold, new intro post:Mike. Live in the Seattle area having grown up in the UK as a full blown British. Have a wife (incredible), child (boy), and three dogs (golden retriver/cream retriver/fuck knows).I work in information security, something I have done for about 20 years. By day I run corporate security, enterprise IT and various other bits and pieces for an EV charging startup. I am big into EV's and currently drive one that is not a Tesla. I want an electric motorbike, so if anyone has a spare one please send it.I also have a company of my own, Secure Being (<a href="https://securebeing.com" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://securebeing.com</a>), which does pen testing and digital forensic work - it's my way of staying super hands on while still doing the management bits on the career path.I have written books about information security things. Five of them. Two are non-fiction textbooks, and three are fiction based on real world <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> things. Check out <a href="https://infosecdiaries.com" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosecdiaries.com</a> and your local bookstore to find them, just search for my name. I have been trying to write more stuff, but always seem to find myself distracted by other things, such as work. linktr.ee/secureowl has some mini stories I've written.I love radio and everything RF. I have lots of antennas and various scanners and radios on my desk. I love intercepting and decoding things, like digital radio protocols.I am a big aviation nerd. I always wanted to be a commercial pilot. I gained my private pilots license in the UK at 17, all self funded by my employment at the local Safeway/Morrisons store. I did the sim test and commercial assessments, but for some reason, at 18, I was unable to find the £100k needed to complete the commercial training, so I did computers. But do not worry, because those computers and love of aviation and radio/RF combined, and I run a project called ACARS Drama. <a href="https://acarsdrama.com" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://acarsdrama.com</a> has all the details.I play guitar and am a big guitar/audio nerd as well. I record music under the moniker Operation: Anxiety, <a href="https://operationanxiety.com" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://operationanxiety.com</a> - the music is on all the normal places. Finally, I am a massive fan of motorsport. I believe I have watched every F1 race for the last 30 years, maybe 25. I also follow F2, FE, Indycar and MotoGP closely. I average around 18 hours of Le Mans 24 hour racing watching per year.So there you have it. If you are looking for a thought leader on the topics mentioned above, you've come to the wrong place - because this is where I shitpost, and shitposting is cheap therapy.<a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/dfir" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dfir</a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pentesting</a> <a href="https://infosec.exchange/tags/acars" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#acars</a> <a href="https://infosec.exchange/tags/vdlm2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#vdlm2</a> <a href="https://infosec.exchange/tags/sdr" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#sdr</a> <a href="https://infosec.exchange/tags/rf" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rf</a> <a href="https://infosec.exchange/tags/f1" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#f1</a> <a href="https://infosec.exchange/tags/seattle" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#seattle</a> <a href="https://infosec.exchange/tags/introduction" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#introduction</a>

Chris Sanders 🔎 🧠The path to a meaningful future for your SOC won't be led by people who don't understand how investigations work building products that are based around poorly prompting AI to tell you how to perform them. <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DFIR</a> <a href="https://infosec.exchange/tags/SOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SOC</a>

Mike ShewardMini Digital Forensic Diaries story: got sent to a university in London to investigate a case where a student, who bragged of hacker prowess openly, was suspected of introducing malware to a machine and stealing a lecturers password. “We don’t know how, but we know they logged into the account, and sent emails - and this is the only machine the lecturer uses,” came the brief.Imaged the machine suspected of being targeted.While giving the lecturer their laptop back post imaging I observed, via projector, the lecturer entering in their password to the username field on the login screen.“Whoops, I’m always doing that - at least this time it wasn’t in front of the students,” they said.Sure enough, there was no evidence of anything untoward on the laptop, but I had a good theory as to what may have occurred. Check out more, less mini, stories like this at <a href="https://infosecdiaries.com" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosecdiaries.com</a>.<a href="https://infosec.exchange/tags/dfir" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dfir</a> <a href="https://infosec.exchange/tags/forensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#forensics</a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#blueteam</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a>

Andrea LazzarottoA very nice blog post by Derek Eiri about the inner workings of <a href="https://mastodon.social/tags/Fuji" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Fuji</a> for <a href="https://mastodon.social/tags/macOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#macOS</a> forensic acquisition. Tool validation is very important in <a href="https://mastodon.social/tags/DigitalForensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DigitalForensics</a>.<a href="https://mastodon.social/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DFIR</a> <a href="https://mastodon.social/tags/AppleForensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AppleForensics</a> <a href="https://mastodon.social/tags/MacForensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MacForensics</a><a href="https://mreerie.com/2025/05/12/exploring-macos-native-commands-andrea-lazzarotto-fuji/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://mreerie.com/2025/05/12/exploring-macos-native-commands-andrea-lazzarotto-fuji/</a>

Pass the SALT ConferenceAfter <a href="https://infosec.exchange/tags/HW" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HW</a>, let's dive into our <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DFIR</a>/TI session🥰:- <a href="https://infosec.exchange/@tomchop" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@tomchop</a> will introduce you <a href="https://infosec.exchange/tags/OpenRelik" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenRelik</a> a new collaborative IR invest portal 🚀- <a href="https://infosec.exchange/@udgover" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@udgover</a> & Matt Muir will introduce us to their e2e malwares process workflow using FLOSS ✊ - and we'll be able to learn & practice <a href="https://infosec.exchange/tags/MISP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MISP</a> as analysts with <a href="https://infosec.exchange/@C00kie_two" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@C00kie_two</a> & <a href="https://infosec.exchange/@wr" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@wr</a> during their dedicated workshop 🛠️🎟️GO & book your (free) seat: <a href="https://pretix.eu/passthesalt/2025/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://pretix.eu/passthesalt/2025/</a> 📔program: <a href="https://cfp.pass-the-salt.org/pts2025/schedule/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://cfp.pass-the-salt.org/pts2025/schedule/</a> 📅July 1 to 3, 2025 📍Lille, FRRelays appreciated 🙏

Alexis Brignoni :python: :donor:🆕 New blog post on Apple Unified Logs (iOS) and how to query them effectively. 🪵 Learn how to generate a .logarchive using a macOS device, third-party tools, or straight from files in a full file system extraction. 🪵 Use a macOS device to convert the .logarchive into a JSON file for use outside of a macOS environment. 🪵 Process the JSON file with iLEAPP in order to query the data using SQLite.If you are not looking at unified logs you are missing incredibly valuable evidence in your cases. Thanks to the following researchers for their invaluable contributions: 🙏 Lionel Notari 🙏 Tim Korver 🙏 Johann POLEWCZYK 🙏 Heather CharpentierRead the blog post here:<a href="https://abrignoni.blogspot.com/2025/05/extraction-processing-querying-apple.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://abrignoni.blogspot.com/2025/05/extraction-processing-querying-apple.html</a><a href="https://infosec.exchange/tags/DigitalForensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DigitalForensics</a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DFIR</a> <a href="https://infosec.exchange/tags/MobileForensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MobileForensics</a> <a href="https://infosec.exchange/tags/UnifiedLogs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#UnifiedLogs</a> <a href="https://infosec.exchange/tags/AppleForensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AppleForensics</a> <a href="https://infosec.exchange/tags/iOSForensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#iOSForensics</a> <a href="https://infosec.exchange/tags/iLEAPP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#iLEAPP</a> <a href="https://infosec.exchange/tags/DigitalForensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DigitalForensics</a>

Volexity :verified:Congratulations to all of the Volatility contributors - this was no small feat! We are proud to be a sustaining sponsor of this important open-source project that remains the world’s most widely used memory forensics platform. <a href="https://infosec.exchange/tags/dfir" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dfir</a> <a href="https://infosec.exchange/@volatility/114518094757806134" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@volatility/114518094757806134</a>

LMG SecurityAI-powered features are the new attack surface! Check out our new blog in which LMG Security’s Senior Penetration Tester Emily Gosney <a href="https://infosec.exchange/@baybedoll" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@baybedoll</a> shares real-world strategies for testing AI-driven web apps against the latest prompt injection threats.From content smuggling to prompt splitting, attackers are using natural language to manipulate AI systems. Learn the top techniques—and why your web app pen test must include prompt injection testing to defend against today’s AI-driven threats.Read now: <a href="https://www.lmgsecurity.com/are-your-ai-backed-web-apps-secure-why-prompt-injection-testing-belongs-in-every-web-app-pen-test/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.lmgsecurity.com/are-your-ai-backed-web-apps-secure-why-prompt-injection-testing-belongs-in-every-web-app-pen-test/</a><a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/PromptInjection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PromptInjection</a> <a href="https://infosec.exchange/tags/AIsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AIsecurity</a> <a href="https://infosec.exchange/tags/WebAppSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WebAppSecurity</a> <a href="https://infosec.exchange/tags/PenetrationTesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PenetrationTesting</a> <a href="https://infosec.exchange/tags/LLMvulnerabilities" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LLMvulnerabilities</a> <a href="https://infosec.exchange/tags/Pentest" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Pentest</a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DFIR</a> <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AI</a> <a href="https://infosec.exchange/tags/CISO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CISO</a> <a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Pentesting</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/ITsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ITsecurity</a>

r1cksecMap visualization and firewall for AWS activity, inspired by Little Snitch for macOS🕵️‍♂️<a href="https://github.com/ccbrown/cloud-snitch" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/ccbrown/cloud-snitch</a><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/aws" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#aws</a> <a href="https://infosec.exchange/tags/cloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloud</a> <a href="https://infosec.exchange/tags/dfir" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dfir</a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a>

cyb_detectiveDigital Forensics StartMe Page by Dillon Bowe- SANS posters & cheatsheets - Blog feed - YouTube feed - Memory tools - Network tools - Malware tools - getting started guidesand more. <a href="https://start.me/p/1kRlPp/forensics" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://start.me/p/1kRlPp/forensics</a><a href="https://infosec.exchange/tags/dfir" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dfir</a>

Natasha 👸Sidder og kigger på en image af en T68i fra digital corpera. Jeg har lavet lidt python til at trække billeder ud men det fungere ikke helt. Nogle der ligger inde med filsystem formatet for sådan en telefon?Eng: I am looking at an image of the storage in a T68i from digital corpera. I have written some simple python to extract pictures. But do anyone know about the storage layout of such phone?<a href="https://helvede.net/tags/dfir" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dfir</a> <a href="https://helvede.net/tags/4n6" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#4n6</a> <a href="https://helvede.net/tags/mobile" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#mobile</a>

Volexity :verified:New on the <a href="https://infosec.exchange/@volexity" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@volexity</a> Blog: Multiple Russian threat actors are leveraging Signal, WhatsApp, and a compromised Ukrainian government email address to impersonate EU officials. This latest round of phishing attacks abuses first-party Microsoft Entra apps and OAuth to compromise targets.<a href="https://www.volexity.com/blog/2025/04/22/phishing-for-codes-russian-threat-actors-target-microsoft-365-oauth-workflows" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.volexity.com/blog/2025/04/22/phishing-for-codes-russian-threat-actors-target-microsoft-365-oauth-workflows</a><a href="https://infosec.exchange/tags/dfir" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dfir</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a>

Chris Sanders 🔎 🧠Investigation Scenario 🔎You have detected unauthorized modification to /etc/libaudit.conf on a Linux server. What do you look for to investigate whether an incident occurred and its impact? What could an attacker have done here?<a href="https://infosec.exchange/tags/InvestigationPath" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InvestigationPath</a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DFIR</a> <a href="https://infosec.exchange/tags/SOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SOC</a>

Recherches récentes

Options de recherche

Administré par :

Statistiques du serveur :

#DFIR