SANS held their first Ransomware Summit this week. If you missed it, I grabbed all the links I could and the sessions will be shared by SANS on Youtube soon. I especially liked Kunal Shandil’s talk, “Multifaceted Extortion: Analysis of Data Exfiltration TTPs Used by Ransomware Threat Actors” and Jeffry Lang’s break down “Kaseya Ransomware Reaction – Lessons Learned”.
- Tools & Artifacts – Windows – new entries added – Logfile, Tasks, Powershell Logs, VSS Carver, and Boot Configuration Data
- Tools & Artifacts – Android – new entry added – Gboard Session Data
- Tools & Artifacts – iOS – new entries added – iMessage Updates and Auto-lock and Require Passcode Data
- Annual Industry Reports – new entries added – Apple, Check Point, Blackberry, and BakerHostetler
- Jobs – new entries added – Zillow, Target, Crowdstrike, Optiv, Tetra Defense, Red Canary, GE, and PwC
AboutDFIR stickers are still a thing! If you’re interested in one, please let us know! Here’s what they look like:
Happy (early) Father’s Day and (early) Juneteenth,
Cassie (DFIRDetective)