5hid

NEW BLOG: The Great VM Escape 💕 We caught threat actors deploying a VMware ESXi exploit toolkit in the wild - potentially was a zero-day developed over a year before VMware's disclosure 👀 If anyone has thoughts on it let me know, but I needed almost a full case of beer to wrap my head around this one 🍺 Full technical breakdown 👇 https://t.co/wXT9c7ytVh

The Art of Pivoting - Techniques for Intelligence Analysts to Discover New Relationships in a Complex World This book explores how intelligence and cyber-security analysts can uncover hidden links between threat actor infrastructure and ongoing investigations by pivoting on both classic and unconventional indicators — many of which are often overlooked. The material is grounded in empirical, field-tested strategies used in cyber-security, digital forensics, cyber threat intelligence, and intelligence analysis more broadly. Our goal is to provide analysts with a practical toolkit of analytical methods, supported by real-world examples, to enhance investigative workflows without locking them into a single mindset, strict model, or overly rigid technical strategy. Instead, the book encourages creative exploration, data-driven reasoning, and the use of diverse data points — from traditional IOCs to subtle metadata traces — as part of a flexible and repeatable analytical process. #threathunting https://t.co/IiXTV6p2yY

In a truly brilliant move, employees from DigitalMint and Sygnia, responsible for handling ransomware negotiations, were indicted for performing ransomware attacks under ALPHV ransomware group. - Kevin Tyler Martin, ransomware negotiator from DigitalMint - Ryan Clifford Goldberg, Digital Forensics and Incident Response manager from Sygnia - Unnamed co-conspirator-1 The motive, per court documents, were the individuals were motivated to "get out of debt". All 3 men began performing ransomware attacks in May, 2023 and continued performing ransomware attacks until on or around April, 2025. The attacks stopped when the United States Federal Bureau of Investigation approached Ryan Clifford Goldberg regarding the ransomware attacks. Unsurprisingly, Mr. Goldberg initially denied having any knowledge of the ransomware attacks. However, he cracked during the interview and placed the blame on the currently unnamed co-conspirator. He stated he was recruited by him. After the interview concluded, Mr. Goldberg and his wife purchased 1-way tickets to France (???). Unsurprisingly (again), he has been detained in France because he is not a citizen of France and France doesn't give a fuck about a non-citizen. Mr. Kevin Tyler Martin, currently residing in Texas, spoke in 2024 at a technology conference where he spoke about his experiences defending ransomware attacks and handling negotiations. Both Mr. Goldberg and Mr. Martin have been charged with: - Violation of the Hobbs Act (18 U.S.C. § 1951) x2 - Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030 (x1) Under max penalty of law, Mr. Goldberg and Mr. Martin could face as long as 50 years in prison.

‼️ Meet Ryan Clifford Goldberg, a Digital Forensics and Incident Response manager at Sygnia, he is one of three insiders accused of cybercrimes. He allegedly conducted cyberattacks using ALPHV BlackCat ransomware. Goldberg and two other insiders ran ransomware operations since 2023 while employed at cybersecurity firms. After an FBI visit, Goldberg confessed. He now faces up to 50 years in prison.