-
SANS Asia Pacific DFIR Summit presentation
I’ll be presenting at the SANS Institute Asia Pacific DFIR (Digital Forensics and Incident Response) Summit in September on Firewall Incident Response! Make sure to sign-up below for the virtual sessions on 6 September if you’re interested to see APAC practitioners discuss the current cyber threats and new detection and response research completed in the…
-
Operation Endgame – LE continues their campaign
National Crime Agency has dismantled the servers of prominent malware ‘droppers’ which have enabled cyber criminals to conduct ransomware attacks around the world. A total of four arrests were made across Armenia and Ukraine. Worldwide, over 100 servers were taken down or disrupted, and about 2,000 domain names are now under the control of law…
-
LockBitSupp identified and sanctioned.
I don’t know if this is real, but if it is, it’s a huge win! The identity of the alleged leader of the infamous #Lockbit Ransomware-as-a-Service (RaaS) group has been revealed by the National Crime Agency (NCA) overnight. The individual has since been sanctioned by Australian, UK and US governments. More details here: https://nationalcrimeagency.gov.uk/news/lockbit-leader-unmasked-and-sanctioned
-
CISA’s take on Microsoft’s Storm-0558 incident
“Microsoft’s ubiquitous and critical products, which underpin essential services that support national security, the foundations of our economy, and public health and safety, require the company to demonstrate the highest standards of security, accountability, and transparency. “ A critical statement made by the Cybersecurity and Infrastructure Security Agency’s Cyber Safety Review board, regarding their review of the…
-
GIAC Experienced Forensics Analyst (GX-FA) Cert
I’m happy to share that I’ve obtained a new certification: GIAC Experienced Forensics Analyst (GX-FA) from GIAC Certifications! https://www.credly.com/badges/dc7cba1d-3468-4dc6-aaf5-db064e2beb4a
-
Scammer discussion with Jim Browning
Late last year I had the opportunity to sit down with Jim Browning, the world-renowned scam hunter – spending his time fighting scammers globally. Last week Gridware shared a video exposing the world of scamming which featured Jim. You can watch the video in full here: https://www.youtube.com/watch?v=P_J7gZrdbKA Take a listen to the podcast below; Jim…
-
Exposing Scammer Tactics with Jim Browning & The Australian Scam Culture
🛑 Beware of Scammers 🛑 In our online world, the presence and effectiveness of scams is on the rise. I am excited to share a piece I worked on with Shaan Ahmed from late last year, where Gridware collaborated with Jim Browning. Our video dives into the most popular scams impacting Australians, spotting red flags,…
-
Australian Signals Directorate – Identifying and Mitigating Living Off the Land Techniques
https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/identifying-and-mitigating-living-off-the-land-techniques A joint advisory sourced from MANY different agencies covers off common living off the land techniques and common gaps in cyber defense capabilities. As put in this joint advisory: Living off the Land involves the abuse of native tools and processes on systems, especially living off the land binaries, often referred to as LOLBins,…
-
Australian government takes action
The Minister for Foreign Affairs has published today stating that the alleged individual responsible for the cyber incident that impacted Australian private health care company, Medibank, has been sanctioned. More information here: https://www.foreignminister.gov.au/minister/penny-wong/media-release/cyber-sanctions-response-medibank-private-cyber-attack
-
LE making moves today
Chaos today. FBI successfully takes down and seized the ALPHV website, to which ALPHV unseized the website and made claims of unleashing affiliates to US entities (including CIS – hospitals, nuclear power etc.). Current status of the seizure is unknown. Part of this collective LE effort is that the FBI has developed a decryption tool…
NPD4n6: Nicks DFIR blog 