Skip to content
  • Reports
  • Analysts
  • Services
    • Threat Intelligence
    • Detection Rules
    • DFIR Labs
      • Digital Forensics Challenge
      • Leaderboard
      • Digital Forensics Challenge Winners
      • Testimonials
    • Case Artifacts
    • Mentoring & Coaching Program
      • Book A Session
      • Meet The Team
  • Access DFIR Labs
  • Subscribe
  • Contact Us
  • Threat Intelligence
  • Detection Rules
  • DFIR Labs
    • Digital Forensics Challenge
    • Leaderboard
    • Digital Forensics Challenge Winners
    • Testimonials
  • Mentoring & Coaching Program
    • Book A Session
    • Meet The Team
  • Case Artifacts

The DFIR Report

Real Intrusions by Real Attackers, The Truth Behind the Intrusion

  • Reports
  • Analysts
  • Services
    • Threat Intelligence
    • Detection Rules
    • DFIR Labs
      • Digital Forensics Challenge
      • Leaderboard
      • Digital Forensics Challenge Winners
      • Testimonials
    • Case Artifacts
    • Mentoring & Coaching Program
      • Book A Session
      • Meet The Team
  • Access DFIR Labs
  • Subscribe
  • Contact Us
Saturday, July 05, 2025
  • Threat Intelligence
  • Detection Rules
  • DFIR Labs
    • Digital Forensics Challenge
    • Leaderboard
    • Digital Forensics Challenge Winners
    • Testimonials
  • Mentoring & Coaching Program
    • Book A Session
    • Meet The Team
  • Case Artifacts

Search Results for: lazagne

Inside the Open Directory of the “You Dun” Threat Group
cobaltstrike opendir

Inside the Open Directory of the “You Dun” Threat Group

editor October 28, 2024

Key Takeaways The DFIR Report Services Reports such as this one are part of our All Intel service and are categorized as Threat Actor Insights. Private Threat Briefs: Over 20 … Read More

Threat Actor Insights
2022 Year in Review
Year in Review

2022 Year in Review

editor March 6, 2023

As we move into the new year, it’s important to reflect on some of the key changes and developments we observed and reported on in 2022. This year’s year-in-review report … Read More

SEO Poisoning – A Gootloader Story
cobaltstrike gootloader lazagne psexec

SEO Poisoning – A Gootloader Story

editor May 9, 2022

In early February 2022, we witnessed an intrusion employing Gootloader (aka GootKit) as the initial access vector. The intrusion lasted two days and comprised discovery, persistence, lateral movement, collection, defense … Read More

Cobalt Strike, a Defender’s Guide
cobaltstrike Tools

Cobalt Strike, a Defender’s Guide

editor August 29, 2021

Intro In our research, we expose adversarial Tactics, Techniques and Procedures (TTPs) as well as the tools they use to execute their mission objectives. In most of our cases, we … Read More

Trickbot Brief: Creds and Beacons
trickbot

Trickbot Brief: Creds and Beacons

editor May 2, 2021

Intro “TrickBot malware—first identified in 2016—is a Trojan developed and operated by a sophisticated group of cybercrime actors. The cybercrime group initially designed TrickBot as a banking trojan to steal … Read More

GoGoogle Ransomware
ransomware rdp

GoGoogle Ransomware

editor April 4, 2020

An attacker logged into the honeypot from 93.174.95[.]73, disabled security tools, dropped their toolkit and started recon. Recon was quickly followed by an onslaught of password dumping tools such as … Read More

Comment on GoGoogle Ransomware

Register For Our Next CTF

Reports

Threat Intelligence

Detection Rules

DFIR Labs

Mentoring and Coaching

Proudly powered by WordPress | Copyright 2023 | The DFIR Report | All Rights Reserved