🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

🛡️ Calling all DFIR Teams! 🛡️ We're hosting our first Enterprise focused CTF this summer! Think your DFIR team is the best? Time to prove it! 🆕Choose between Azure Log Analytics, Splunk and Elastic! If you're Interested, please fill out this form: forms.office.com/r/XhBg4p8i4q

📢Giveaway! 🎁 I'm sponsoring 5 people to join the The DFIR Report's DFIR Labs CTF for FREE on March 8th! To enter: Like this post, comment, and follow (so I can DM if you win). Winners will be chosen this Sunday! #DFIR

New Blog! BlackBasta Leaks: Lessons from the Ascension Health attack 🏥🔒 — This is a step-by-step extraction and translation of the leaked conversation between the BlackBasta members during the Ascension Health attack 🔗blog.bushidotoken.net/2025/02/blackb… Key Findings 🧵

🚨 I will soon be releasing a free next-gen OST on GitHub called CrispRAT🧀 🐀 CRISPRAT is a C2 framework & is completely undetected by Chris Pratt AND others 🎯For educational purposes MOSTLY🏥 🔥Capable of cd & ls 🤯 📀 LASERDISC payload builder💪🏼 🔊 C2 over carrier pigeon🐦

My opening statement to the House Select Committee on the CCP drive.google.com/file/d/1fwlEns…

Today we're launching a new system where the public can help us develop the next ATT&CK release through Macrotechnique Refinement. To start refining FUZZYSNUGGLYDUCK, click here: attack.mitre.org/macro-techniqu…. Fabulous prizes await success.

We are excited to announce our 2025 SLEUTHCON keynote speaker: Paul Melson, VP of Cybersecurity at Capital One and author/operator of ScumBots With over two decades of experience defending networks and disrupting adversaries, Paul brings unmatched insight into the economics of

THE SLEUTHCON 2025 LINEUP IS NOW LIVE! 🐍💰 🪑 In-person seats are limited—register now 💻 Virtual access will be available, but the real action is in the room 🫵 View the full lineup and talk details sleuthcon.com/2025lineup

Due to popular demand, the CFP for Malware Village @DEFCON 33 has been extended to May 31, 2025! 📣 The CFP form: bit.ly/MV2025CFP We’re looking forward to your submissions!!! ✨ #MalwareVillage #DC33

📢Giveaway! 🎁 I'm sponsoring 5 people to join the The DFIR Report's DFIR Labs CTF for FREE on June 7th! To enter: Like this post, comment, and follow (so I can DM if you win). Winners will be chosen this Sunday (June 1st)! #DFIR

FREE Virtual SANS Ransomware Summit happening Friday, May 30th! Link: sans.org/cyber-security… #DFIR #IncidentResponse #Cybersecurity

BSides Pyongyang when??? The North Korean Computer Emergency Response Team

Looking forward to giving my first TEAM CYMRU research webinar tomorrow! I shall be discussing a hot topic for many: DPRK IT Workers👨🏻‍💻 Tune into this tomorrow if you’re interested in how you can use NetFlow data to detect the 🇰🇵 activities 🔍 Reg here: team-cymru.zoom.us/webinar/regist…

Join me tomorrow for a live Recorded Future briefing on the conflict between Israel and Iran. We’ll address specific geopolitical risks, cybercriminal and hacktivist groups, state-sponsored cyber threats, influence operations, and more. Registration: …cordedfuture.registration.goldcast.io/webinar/4b7227…

I successfully tested a LSASS dumping technique on a Windows 10 lab machine, which we encountered on a recent Incident Response engagement (no EDR, default Defender installed). The "MiniDumpWriteDump" technique, as described here [1], was successful in writing the LSASS process

Swimming deep inside Windows Security Center service to re-engineer API access allowing to disable Windows Defender. COM interface reconstruction and integrity checks bypassed to inform WD that its not the-boss-in-the-house anymore... A post by es3n1n. Nicely done! Repo:

Would you be interested in a stream this Friday on patch diffing a 2025 Microsoft patch?

Interested in learning how to build a lab VM for malware analysis and reversing? You can download a 40+ page chapter on this topic, taken from my book Evasive Malware. Get the PDF from my blog, here: 🤓 evasivemalware.com/EvasiveMalware… CC No Starch Press

Injecting to a remote process with reduced process access (PROCESS_CREATE_THREAD and PROCESS_QUERY_LIMITED_INFORMATION only). No ROP gadgets needed. Just clever use of Native API calls. Post by Thanos (trickster0). Good job, sir! trickster0.github.io/posts/Primitiv… #redteam #maldev

If you've taken my Investigation Theory course, then you're familiar with my Human-Centered Investigation Playbooks. I'm excited to share that I'm releasing that standard publicly today. You can read about it here: chrissanders.org/2025/06/human-…