Reports

EXPLORE

Society & Culture

Health & Fitness

© 2024 PodJoint

00:00 / 00:00

Sign in

or

Don't have an account?

Sign up

Forgot password

https://is1-ssl.mzstatic.com/image/thumb/Podcasts126/v4/db/2b/a7/db2ba7c9-2ee3-bc30-b7ac-f7b5dbb496dc/mza_17568979839521828661.jpg/600x600bb.jpg

Reports

The DFIR Report

24 episodes

3 days ago

The Digital Forensics and Incident Response (DFIR) Report. Real Intrusions by Real Attackers, The Truth Behind the Intrusion. A new report comes out every month! Read the rest of the reports at https://thedfirreport.com/. In addition to our publicly available reports, we provide a range of specialized services to meet your needs, such as private reports, Command and Control tracking, personalized mentoring, and access to an exclusive detection ruleset. Explore our comprehensive offerings on our Services page at https://thedfirreport.com/services/.

Show more...

All content for Reports is the property of The DFIR Report and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

The Digital Forensics and Incident Response (DFIR) Report. Real Intrusions by Real Attackers, The Truth Behind the Intrusion. A new report comes out every month! Read the rest of the reports at https://thedfirreport.com/. In addition to our publicly available reports, we provide a range of specialized services to meet your needs, such as private reports, Command and Control tracking, personalized mentoring, and access to an exclusive detection ruleset. Explore our comprehensive offerings on our Services page at https://thedfirreport.com/services/.

Show more...

Episodes (20/24)

Reports

From a Single Click: How Lunar Spider Enabled a Near Two-Month Intrusion

Report: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/2025/09/29/from-a-single-click-how-lunar-spider-enabled-a-near-two-month-intrusion

Contact Us: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/contact/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Services: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/services/⁠⁠⁠⁠⁠⁠⁠

1 month ago

6 minutes 27 seconds

Reports

Blurring the Lines: Intrusion Shows Connection With Three Major Ransomware Gangs

Report: ⁠⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/2025/09/08/blurring-the-lines-intrusion-shows-connection-with-three-major-ransomware-gangs/

Contact Us: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/contact/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Services: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/services/⁠⁠⁠⁠⁠⁠⁠

2 months ago

6 minutes 21 seconds

Reports

Hide Your RDP: Password Spray Leads to RansomHub Deployment

Report: ⁠⁠⁠⁠https://thedfirreport.com/2025/06/30/hide-your-rdp-password-spray-leads-to-ransomhub-deployment

Contact Us: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/contact/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Services: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/services/⁠⁠⁠⁠⁠⁠⁠

4 months ago

5 minutes 42 seconds

Reports

DFIR Discussions: Another Confluence Bites the Dust: Falling to ELPACO-team Ransomware

We dive into our latest public report with Randy Pargman, Jake Ouellette, Kostas T., and Mangatas Tondang.

Report: https://thedfirreport.com/2025/05/19/another-confluence-bites-the-dust-falling-to-elpaco-team-ransomware/

Contact Us: ⁠⁠⁠⁠⁠https://thedfirreport.com/contact/⁠⁠⁠⁠⁠

Services: ⁠⁠⁠⁠⁠https://thedfirreport.com/services/⁠⁠⁠⁠⁠

Music by FASSounds from Pixabay

4 months ago

38 minutes 8 seconds

Reports

Another Confluence Bites the Dust: Falling to ELPACO-team Ransomware

Report: ⁠https://thedfirreport.com/2025/05/19/another-confluence-bites-the-dust-falling-to-elpaco-team-ransomware/

Contact Us: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/contact/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Services: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/services/⁠⁠⁠⁠⁠⁠

5 months ago

6 minutes 4 seconds

Reports

Navigating Through The Fog

Report: ⁠https://thedfirreport.com/2025/04/28/navigating-through-the-fog/

Contact Us: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/contact/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Services: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/services/⁠⁠⁠⁠⁠⁠

6 months ago

3 minutes 43 seconds

Reports

Fake Zoom Ends in BlackSuit Ransomware

Report: https://thedfirreport.com/2025/03/31/fake-zoom-ends-in-blacksuit-ransomware/

Contact Us: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/contact/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Services: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/services/⁠⁠⁠⁠⁠

7 months ago

6 minutes 10 seconds

Reports

Confluence Exploit Leads to LockBit Ransomware

Report: https://thedfirreport.com/2025/02/24/confluence-exploit-leads-to-lockbit-ransomware

Contact Us: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/contact/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Services: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/services/⁠⁠⁠⁠⁠

8 months ago

5 minutes 40 seconds

Reports

Cobalt Strike and a Pair of SOCKS Lead to LockBit Ransomware

Report: ⁠⁠https://thedfirreport.com/2025/01/27/cobalt-strike-and-a-pair-of-socks-lead-to-lockbit-ransomware/

Contact Us: ⁠⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/contact/⁠⁠⁠⁠⁠⁠⁠⁠⁠

Services: ⁠⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/services/⁠⁠⁠⁠⁠

9 months ago

8 minutes 2 seconds

Reports

DFIR Discussions: The Curious Case of an Egg-Cellent Resume

We discuss our latest report "The Curious Case of an Egg-Cellent Resume"

Host: ⁠⁠⁠⁠@Kostastsale⁠⁠⁠⁠

Analysts: ⁠⁠⁠⁠⁠⁠@_pete_0, Zach Stanford (aka @svch0st)

Report: ⁠⁠⁠⁠https://thedfirreport.com/2024/12/02/the-curious-case-of-an-egg-cellent-resume/

Contact Us: ⁠⁠⁠⁠https://thedfirreport.com/contact/⁠⁠⁠⁠

Services: ⁠⁠⁠⁠https://thedfirreport.com/services/⁠⁠⁠⁠

Music by FASSounds from Pixabay

9 months ago

39 minutes 51 seconds

Reports

The Curious Case of an Egg-Cellent Resume

Report: ⁠https://thedfirreport.com/2024/12/02/the-curious-case-of-an-egg-cellent-resume/

Contact Us: ⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/contact/⁠⁠⁠⁠⁠⁠⁠⁠

Services: ⁠⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/services/⁠⁠⁠⁠

11 months ago

7 minutes 10 seconds

Reports

Inside the Open Directory of the “You Dun” Threat Group

Report: https://thedfirreport.com/2024/10/28/inside-the-open-directory-of-the-you-dun-threat-group

Contact Us: ⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/contact/⁠⁠⁠⁠⁠⁠⁠

Services: ⁠⁠⁠⁠⁠⁠⁠https://thedfirreport.com/services/⁠⁠⁠⁠

1 year ago

4 minutes 17 seconds

Reports

Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware

Report: https://thedfirreport.com/2024/09/30/nitrogen-campaign-drops-sliver-and-ends-with-blackcat-ransomware

Contact Us: ⁠⁠⁠⁠⁠⁠https://thedfirreport.com/contact/⁠⁠⁠⁠⁠⁠

Services: ⁠⁠⁠⁠⁠⁠https://thedfirreport.com/services/⁠⁠⁠⁠

1 year ago

6 minutes 45 seconds

Reports

BlackSuit Ransomware

Report: ⁠https://thedfirreport.com/2024/08/26/blacksuit-ransomware/

Contact Us: ⁠⁠⁠⁠⁠https://thedfirreport.com/contact/⁠⁠⁠⁠⁠

Services: ⁠⁠⁠⁠⁠https://thedfirreport.com/services/⁠⁠⁠⁠

1 year ago

5 minutes 15 seconds

Reports

Threat Actors' Toolkit: Leveraging Sliver, PoshC2 & Batch Scripts

Report: https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts

Contact Us: https://thedfirreport.com/contact/⁠⁠⁠⁠⁠

Services: ⁠https://thedfirreport.com/services/⁠⁠⁠⁠

1 year ago

5 minutes 45 seconds

Reports

IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment

Report: https://thedfirreport.com/2024/06/10/icedid-brings-screenconnect-and-csharp-streamer-to-alphv-ransomware-deployment/⁠

Contact Us: ⁠⁠⁠⁠https://thedfirreport.com/contact/⁠⁠⁠⁠

Services: ⁠⁠⁠⁠https://thedfirreport.com/services/⁠⁠⁠

1 year ago

7 minutes 24 seconds

Reports

DFIR Discussions: From IcedID to Dagon Locker Ransomware in 29 Days

We discuss our latest report "From IcedID to Dagon Locker Ransomware in 29 Days"

Host: ⁠⁠⁠@Kostastsale⁠⁠⁠

Analysts: ⁠⁠⁠@r3nzsec & @angelo_violetti

Special Guest: ⁠⁠@nas_bench

Report: ⁠⁠⁠https://thedfirreport.com/2024/04/29/from-icedid-to-dagon-locker-ransomware-in-29-days/

Contact Us: ⁠⁠⁠https://thedfirreport.com/contact/⁠⁠⁠

Services: ⁠⁠⁠https://thedfirreport.com/services/⁠⁠⁠

Music by FASSounds from Pixabay

1 year ago

56 minutes 46 seconds

Reports

From IcedID to Dagon Locker Ransomware in 29 Days

Report: https://thedfirreport.com/2024/04/29/from-icedid-to-dagon-locker-ransomware-in-29-days

Contact Us: ⁠⁠⁠https://thedfirreport.com/contact/⁠⁠⁠

Services: ⁠⁠⁠https://thedfirreport.com/services/⁠⁠

1 year ago

7 minutes 52 seconds

Reports

DFIR Discussions: From OneNote to RansomNote: An Ice Cold Intrusion - Part 2

We discuss our latest report From OneNote to RansomNote: An Ice Cold Intrusion

Host: ⁠⁠@Kostastsale⁠⁠

Analysts: ⁠⁠@iiamaleks⁠, ⁠@IrishD34TH⁠, & ⁠@Miixxedup⁠

Special Guest: ⁠@techspence⁠

Feedback: https://forms.office.com/r/LR9NsEWYye

Report: ⁠⁠https://thedfirreport.com/2024/04/01/from-onenote-to-ransomnote-an-ice-cold-intrusion/⁠

Contact Us: ⁠⁠https://thedfirreport.com/contact/⁠⁠

Services: ⁠⁠https://thedfirreport.com/services/⁠⁠

Music by FASSounds from Pixabay

1 year ago

21 minutes 37 seconds

Reports

DFIR Discussions: From OneNote to RansomNote: An Ice Cold Intrusion - Part 1

We discuss our latest report From OneNote to RansomNote: An Ice Cold Intrusion

Host: ⁠@Kostastsale⁠

Analysts: ⁠@iiamaleks, @IrishD34TH, & @Miixxedup

Special Guest: @techspence

Report: ⁠https://thedfirreport.com/2024/04/01/from-onenote-to-ransomnote-an-ice-cold-intrusion/

Contact Us: ⁠https://thedfirreport.com/contact/⁠

Services: ⁠https://thedfirreport.com/services/⁠

Music by FASSounds from Pixabay

1 year ago

25 minutes 51 seconds

Reports

The Digital Forensics and Incident Response (DFIR) Report. Real Intrusions by Real Attackers, The Truth Behind the Intrusion. A new report comes out every month! Read the rest of the reports at https://thedfirreport.com/. In addition to our publicly available reports, we provide a range of specialized services to meet your needs, such as private reports, Command and Control tracking, personalized mentoring, and access to an exclusive detection ruleset. Explore our comprehensive offerings on our Services page at https://thedfirreport.com/services/.