With an extensive background spanning 15 years in security leadership, Sean O’Connor stands as a distinguished expert. As both an accomplished author and dedicated educator, he imparts his knowledge with passion. Sean’s influential speaking engagements resonate widely, and his perspectives often find a place in media narratives, further solidifying his reputation in the field.
.@TrendMicro kudos to the team that put this together.
180+ page report - Exploring forensic evidence and detection methods for remote monitoring and management (RMM) tooling. Also including common sync tools used in incidents.
https://jsac.jpcert.or.jp/archive/2023/pdf/JSAC2023_1_1_yamashige-nakatani-tanaka_en.pdf
#DFIR #RMM
🚨New Analysis🚨: #LockBit 3.0 Exploit CVE 2023–4966 #CitrixBleed
@MichalKoczwara and I deep dive into the recent #CISA LockBit advisory, looking at IOCs provided by @Boeing to uncover additional #infrastructure.
Hope you find it an interesting read!
Link & Findings👇
Microsoft has uncovered a supply chain attack by North Korean threat actor Diamond Sleet (ZINC) involving the modification of an installer file from software maker CyberLink. The payload calls back to attacker infrastructure for instructions. Learn more:
The #Trigona ransomware group is back online and extorting victims after the Ukrainian Cyber Alliance infiltrated and took down the infrastructure.
New victim portal URL: http://znuzuy4hkjacew5y2q7mo63hufhzzjtsr2bkjetxqjibk4ctfl7jghyd.onion
