What do you get when you combine BlackBasta leaks and Scattered Spider? An awesome new blog, where we discuss how these two groups operate in the cloud and their TTPs. invictus-ir.com/news/cloud-hea… #stayInvictus #CloudIncidentResponse #CTI #DFIR

🔄Time to update your favorite cloud IR tool, the Microsoft Extractor Suite! 𝐔𝐩𝐝𝐚𝐭𝐞-𝐌𝐨𝐝𝐮𝐥𝐞 -𝐍𝐚𝐦𝐞 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭-𝐄𝐱𝐭𝐫𝐚𝐜𝐭𝐨𝐫-𝐒𝐮𝐢𝐭𝐞 Release notes for version 3.0.4 🆕 - Added -UserIds parameter to Get-Users for filtering by specific user IDs. -

🚧 Dive into the final part of our blog series on preparing for cloud incidents.. invictus-ir.com/news/cloud-inc… If you want to learn practical tips and things you can do right now to make Cloud Incident Response life easier this one is for you..

🚨 New blog from Datadog, Inc. on fresh AWS TTPs! Me and Team Invictus Incident Response pivoted & enriched their infra data to uncover the actor #JavaGhost is likely abusing callback proxy networks and leveraging Mass SMTP Tester. 🔗 securitylabs.datadoghq.com/articles/tales… #CloudSecurity #ThreatIntel #CTI

We've started a new series on Cloud focused threat actors, today Part I on #JavaGhost Check it out, if you want to learn how they operate, who they target and how you can defend against them. invictus-ir.com/news/profiling… #stayInvictus #CloudIncidentResponse #JavaGhost

We've just published our latest threat actor profile on #LaundryBear Check it out if you want to learn how they work, who they target and their TTPs invictus-ir.com/news/profiling… #stayInvictus #CloudIncidentResponse

🚨 Volume 3 | Profiling TradeTraitor (DPRK) 🚨 Our latest and greatest blog in our series on Cloud Threat Actors. This one is on the the infamous DPRK-nexus crew behind billion-dollar cryptocurrency heists. Check it out: invictus-ir.com/news/profiling… #stayInvictus