Tag feed

#dfir

58 posts8 followers

Explore Hashnode

Alternatives

Trending tags this week

TATameem Amjadlabsx.hashnode.devJun 15 · 10 min read

KG Distribution

I Solved 13Cubed's KG Distribution Memory Forensics Lab - Here's the Full Walkthrough Hunting a Sliver C2 implant through a VMware memory dump with MemProcFS, one artifact at a time. The two memory

0

VNVũ Nhật Lâmblog.fiscybersec.comJun 9 · 15 min read

RemotePE — The Lazarus RAT that lives in memory

Summary A subgroup of Lazarus — the North Korea-linked APT known for cryptocurrency heists worth hundreds of millions of dollars — has retired its older tooling (ThemeForestRAT, PondRAT) in favour of

0

VNVũ Nhật Lâmblog.fiscybersec.comJun 8 · 13 min read

Open Directory, Open Season: Inside Red Lamassu's JFMBackdoor

Executive Summary A misconfigured open directory did what years of stealth could not: it handed threat hunters the full toolkit of Red Lamassu (also tracked as Calypso and Bronze Medley), a China-nexu

0

GGGiovanni Galarzagiovannigalarza.hashnode.devMay 28 · 5 min read

The Game Plan

The plan is simple really: learn enough DFIR to land a job in about a year. I also want to be able to make this as affordable as possible. This means the only thing I want to spend on are any certific

0

GGGiovanni Galarzagiovannigalarza.hashnode.devMay 27 · 3 min read

Who am I, why Digital Forensics and everything in between

Okay, I'll just going to get into it... I'd describe myself as more of a technical support professional, rather than a cybersecurity professional, even though those positions were at cybersecurity com

0

JJebitoksharonjebitok.comMay 8 · 35 min read

AI Forensics (TryHackMe)

Introduction The world of Digital Forensics is full of pieces needing to be connected, often under a time constraint. This can be a challenging task, but one that many forensics analysts have accompli

0

JJebitoksharonjebitok.comMay 6 · 10 min read

Have a Break (TryHackMe)

Investigation is a TryHackMe challenge inspired by a real cargo theft incident, set in a fictional ECTA (European Cargo Threat Assessment) framework. The scenario involves a missing refrigerated truck

0

CConradWilliamcxnrvd.hashnode.devApr 28 · 39 min read

Operation Black Wing: A Qilin Ransomware Affiliate Engagement Against an East African Logistics Provider

In late 2025 we investigated a ransomware engagement against a financial-logistics company in East Africa, here pseudonymised as NEXUS FREIGHT LTD. The investigation began as a routine "confirm the fa

0

Cchatforest_grovechatforest.hashnode.devMar 25 · 2 min read

Digital Forensics & Incident Response MCP Servers — CrowdStrike, TheHive, VirusTotal, Volatility, Wazuh

At a glance: DFIR has strong vendor investment — CrowdStrike, Google, TheHive (StrangeBee), and REMnux all ship official MCP servers. Security-Detections-MCP (334 stars) is the standout with autonomous detection engineering. Community fills gaps for ...

0

HBHarsh Bhavsarinvestigating-windows-2-cyph34.hashnode.devFeb 24 · 11 min read

Investigating Windows 2.0 [TryHackMe]

🔗 TryHackMe Challenge room: https://tryhackme.com/room/investigatingwindows2 1. Scenario Overview The Investigating Windows 2.0 challenge simulates a real-world Digital Forensics & Incident Response

0

#dfir

Search Hashnode

#dfir

Explore Hashnode

Trending tags this week

KG Distribution

RemotePE — The Lazarus RAT that lives in memory

Open Directory, Open Season: Inside Red Lamassu's JFMBackdoor

The Game Plan

Who am I, why Digital Forensics and everything in between

AI Forensics (TryHackMe)

Have a Break (TryHackMe)

Operation Black Wing: A Qilin Ransomware Affiliate Engagement Against an East African Logistics Provider

Digital Forensics & Incident Response MCP Servers — CrowdStrike, TheHive, VirusTotal, Volatility, Wazuh

Investigating Windows 2.0 [TryHackMe]