Fabian Mendoza
…is a current contributor to the DFIR Definitive Compendium Project as of January 2023 and is currently a Senior Consultant on the DFIR team at Palo Alto Networks Unit 42. He was previously a DFIR Manager on KPMG’s Cyber Threat Management team, an Incident Response Consultant within CrowdStrike’s Professional Services division, and a Senior DFIR Investigator within Kroll’s Cyber Risk practice. Fabian’s expertise is primarily within ransomware, advanced persistent threats (APTs), and active network intrusions but has also responded to various business email compromises (BECs), insider threat cases, and intellectual property (IP) theft cases. Fabian authored an article titled, The Key to Identify PsExec back in January 2023 on AboutDFIR.com where he introduced a new method for identifying PsExec and the source system that it originated from. Fabian also authored an article titled, GX-FA Exam: My Experience in September 2023 on AboutDFIR.com where he provided feedback and tips on how to prepare for the GIAC Experienced Forensic Analyst (GX-FA) Exam. Fabian also co-authored numerous Anti-Forensics articles during his time at Kroll and also authored a blog at Palo Alto Networks titled, This DFIR Team Is The Place To Be, which highlighted key reasons why the top talent in the field of incident response would consider working for the DFIR team at Palo Alto Networks Unit 42. Fabian’s most impactful experience occurred in the second half of 2022 when he responded to an active network intrusion involving Scattered Spider, also known as UNC3944, Muddled Libra, and Scatter Swine, a highly persistent and financially motivated eCrime threat group, which at the time, rose to prominence through their SIM Swapping campaign targeting Telecommunications and Business Process Outsourcing (BPO) organizations.
Fabian earned a Bachelor of Science degree in Information Technology from the New Jersey Institute of Technology in Newark, New Jersey. He also holds multiple GIAC certifications and other various vendor certifications, and is a member of the GIAC Advisory Board. Fabian can be found on LinkedIn and Twitter!