The research is still ongoing :-) I have been studying mr.d0x blogposts, and recently stumbled upon his new article about ClickFix and FileFix. For those of you that do not know what ClickFix is about, it is a sneaky social engineering trick. Attackers set up fake sites like fake updates or CAPTCHA pages that copy a malicious command to your clipboard. You are then told to hit Win+R, paste, and run it. Just like that, you install the malware yourself. ...
SANS FOR509 in Copenhagen – What a week Thanks Antti for the image Last week I attended SANS FOR509 – Enterprise Cloud Forensics and Incident Response in Copenhagen. The course is focused on cloud investigations across Microsoft 365, Azure, AWS, Google Workspace and Kubernetes. It was taught by Korstiaan Stam, who brought tons of experience. Before the course I had worked quite a bit with Azure and had handled a few BEC cases in M365. I had no real experience with AWS, GCP or Kubernetes. That changed quickly. The course does a great job at tying things together and focusing on what matters during an investigation. ...