![f0xtrot_sierra's tweet photo. We had an interesting lateral movement case the other day @HuntressLabs here’s what we found:
We found that the remote IP address used by the threat actor to RDP was 185[.]190[.]24[.]101
We also had failed log in attempts from 194[.]26[.]29[.]25 https://t.co/EzAHa3Iq9E](https://pbs.twimg.com/media/FyMIxv3XwAAsvsh.png)
![f0xtrot_sierra's tweet photo. We had an interesting lateral movement case the other day @HuntressLabs here’s what we found:
We found that the remote IP address used by the threat actor to RDP was 185[.]190[.]24[.]101
We also had failed log in attempts from 194[.]26[.]29[.]25 https://t.co/EzAHa3Iq9E](https://pbs.twimg.com/media/FyMIrPlX0AEH2VN.jpg)
![f0xtrot_sierra's tweet photo. We had an interesting lateral movement case the other day @HuntressLabs here’s what we found:
We found that the remote IP address used by the threat actor to RDP was 185[.]190[.]24[.]101
We also had failed log in attempts from 194[.]26[.]29[.]25 https://t.co/EzAHa3Iq9E](https://pbs.twimg.com/media/FyMIrPNXwAE6Fi8.jpg)
Olivia
Online
Cat
@catdfc
Incident Response consultant
Joined August 2021
206 Following
16 Followers
7 Posts
Interested in RDP DFIR? – Then this @WEareTROOPERS #TROOPERS23 talk is for you:
Forensic analysis on real incidents inside Microsoft Remote Desktop Services
https://t.co/QMBXpi1d6k
@bunsofwrath12 Hi Andrew, the issue we encountered is that the tool does not properly process SRUDB.dat databases from Windows Server 2022 due to the tables being unknown.
As part of the research my colleagues and I presented at #DFIREurope23 🇨🇿 (https://t.co/4HQdF8iWvr), I updated Chainsaw. It is now capable of analysing SRUM databases and providing new forensic insights 💡(see https://t.co/WGiKSmxepo)
#chainsaw #dfir #SRUM #WithSecure #SANS
Unleash the Power of Shimcache with Chainsaw!
WithSecure researchers release new subcommand for its Chainsaw forensic tool to aid the analysis and timestamp enrichment of Shimcache entries.
More info available here>> https://t.co/0g2XPsy0Jr
#CyberAttack #incidentresponse
We had an interesting lateral movement case the other day @HuntressLabs here’s what we found:
We found that the remote IP address used by the threat actor to RDP was 185[.]190[.]24[.]101
We also had failed log in attempts from 194[.]26[.]29[.]25
![f0xtrot_sierra's tweet photo. We had an interesting lateral movement case the other day @HuntressLabs here’s what we found:
We found that the remote IP address used by the threat actor to RDP was 185[.]190[.]24[.]101
We also had failed log in attempts from 194[.]26[.]29[.]25 https://t.co/EzAHa3Iq9E](https://pbs.twimg.com/media/FyMI1ULX0AACFLS.jpg)
NEW RESEARCH: WithSecure Labs publishes a report documenting the movement of SILKLOADER from Chinese cyber criminals to Russian #ransomware gangs, including CONTI and it’s various affiliates/offspring.
Read the report here--> https://t.co/6RgzjqAUs9
#SILKLOADER #Cyberattack
NEWS: WithSecure™ has discovered a new Infostealer Malware, dubbed “DUCKTAIL” which can hijack Facebook Business accounts
https://t.co/lUnm6R5l3h
#CyberAttack #cybersecurity #malware #Facebook
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.4M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.6M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers