The DFIR Report(@TheDFIRReport) 's Twitter Profileg
The DFIR Report

@TheDFIRReport

Real Intrusions by Real Attackers, the Truth Behind the Intrusion.

Services: https://t.co/XW613EKt2w

ID:1245886895458078722

linkhttps://thedfirreport.com/ calendar_today03-04-2020 01:33:43

1,2K Tweets

48,9K Followers

0 Following

The DFIR Report(@TheDFIRReport) 's Twitter Profile Photo

🚨Active Exploitation🚨

➡️CVE-2023-22527 - Confluence template injection
➡️Executed whoami
➡️Source IP: 45.61.137[.]90
➡️UA: Opera/9.89.(Windows 95; sv-FI) Presto/2.9.181 Version/12.00

➡️PCAP, full POST URI and more available in our AllIntel service thedfirreport.com/services/threa…

🚨Active Exploitation🚨 ➡️CVE-2023-22527 - Confluence template injection ➡️Executed whoami ➡️Source IP: 45.61.137[.]90 ➡️UA: Opera/9.89.(Windows 95; sv-FI) Presto/2.9.181 Version/12.00 ➡️PCAP, full POST URI and more available in our AllIntel service thedfirreport.com/services/threa…
account_circle
The DFIR Report(@TheDFIRReport) 's Twitter Profile Photo

Interesting server:

➡️d0fe709e41[.]windows-defender[.]services
➡️Fronted with Cloudflare
➡️Beacon staged/C2 on multiple IPs
➡️Browser UA -> loads the below page
➡️License:987654321

Full list available through our AllIntel service @ thedfirreport.com/services/threa…

Interesting #CobaltStrike server: ➡️d0fe709e41[.]windows-defender[.]services ➡️Fronted with Cloudflare ➡️Beacon staged/C2 on multiple IPs ➡️Browser UA -> loads the below page ➡️License:987654321 Full list available through our AllIntel service @ thedfirreport.com/services/threa…
account_circle
James W.(@cyberbiz4) 's Twitter Profile Photo

This week I had a great mentoring session with Alessandro Alessandro Di Carlo from The DFIR Report. After learning about my career goal, challenges and skills, he sent me many practical suggestions about career path, resume and training etc. to become a SOC analyst.

account_circle
The DFIR Report(@TheDFIRReport) 's Twitter Profile Photo

Lets Open(Dir) Some Presents: An Analysis of a Persistent Actor’s Activity

➡️Initial Access: sqlmap, ghauri, metasploit, exploits
➡️Persistence: weevely, SharPersist
➡️C2: Sliver, Meterpreter
➡️PrivEsc: Schtasks, LinPEAS, Metasploit

and more!

thedfirreport.com/2023/12/18/let…

account_circle
Tidal Cyber(@TidalCyber) 's Twitter Profile Photo

🙌We’re thrilled to add public detection analytics from The DFIR Report to our free Community Edition! Users can now surface these rules right alongside content from other popular sources like the sigma repository here: app.tidalcyber.com/analytics

🙌We’re thrilled to add public detection analytics from @TheDFIRReport to our free Community Edition! Users can now surface these rules right alongside #detectionengineering content from other popular sources like the @sigma_hq repository here: app.tidalcyber.com/analytics
account_circle
The DFIR Report(@TheDFIRReport) 's Twitter Profile Photo

🔔 Alert: 'ET MALWARE Win32/Suspected Reverse Shell Connection' detected! 🐍

You find more alerts from the same host (📸 attached).

🤔 What's your next move?
🔍 What clues do you hunt for?
🛡️ How do you respond?

Share your answers below!

🔔 Alert: 'ET MALWARE Win32/Suspected Reverse Shell Connection' detected! 🐍 You find more alerts from the same host (📸 attached). 🤔 What's your next move? 🔍 What clues do you hunt for? 🛡️ How do you respond? Share your answers below!
account_circle
The DFIR Report(@TheDFIRReport) 's Twitter Profile Photo

🎉 As we start 2024, we reflect on a year of insightful DFIR reports.

This thread showcases the public reports that exposed various threat actor TTPs in 2023.

A big shoutout to our dedicated analysts that contributed to these reports:🧵👇

account_circle