Fox-IT
@foxit
IT-Security company creating special security, intelligence and forensics solutions. Fox-IT is part of NCC Group.
This blog is part of a series written by various Dutch cyber security firms that have collaborated on the Cactus ransomware group, which exploits Qlik Sense servers for initial access. blog.fox-it.com/2024/04/25/sif…
🔒Great news for #DFIR folks! Dissect now supports both BitLocker & LUKS encrypted disks, making forensic analysis smoother and more comprehensive. Another step forward for digital forensics capabilities! Read more in this blog: blog.fox-it.com/2024/12/11/dec… #InfoSec #DigitalForensics
Dissect release v3.17 - what's new? 🔹Support for BitLocker and LUKS encrypted disks 🔹Support for BSD Vinum volumes 🔹A new MSSQL log parser 🔹Retrieve installed Ubuntu Snap & Windows applications 🔹Now possible to create aliases in target-shell github.com/fox-it/dissect…
Some of these servers show similarities with known attacker infra, like hosting *.js files. We observed compromised FortiManager devices use cURL to retrieve such files, e.g. dom.js. Another server had a file named exp-7.2.6.py, which is also a valid FortiManager…
Pivoting on the SimpleHTTP server on port 443 (but not TLS) and ASN 20473 we found servers that are likely related to the #FortiJump #FortiManager CVE-2024-47575 exploitation campaign that are not yet publicly mentioned. IOCs: * 107.191.63[.]169 * 139.180.138[.]190 *…
![foxit's tweet image. Pivoting on the SimpleHTTP server on port 443 (but not TLS) and ASN 20473 we found servers that are likely related to the #FortiJump #FortiManager CVE-2024-47575 exploitation campaign that are not yet publicly mentioned. IOCs:
* 107.191.63[.]169
* 139.180.138[.]190
*…](https://pbs.twimg.com/media/Gav1kLIWUAEqaUt.jpg)
Our SOC detected suspicious activity from 158.247.199[.]37 directed at FortiManager ports as early as May 2024. #threatintel #fortianalyzer #fortijump fortiguard.com/psirt/FG-IR-24…
![foxit's tweet image. Our SOC detected suspicious activity from 158.247.199[.]37 directed at FortiManager ports as early as May 2024. #threatintel #fortianalyzer #fortijump
fortiguard.com/psirt/FG-IR-24…](https://pbs.twimg.com/media/GaqxrMHWEAAUoWr.jpg)
Hey cyber sleuths! Dissect open source just turned two, and we're not done celebrating. Surprise! Our Dissect add-on for Splunk is now also open sourced, making your Dissect records ingestion a breeze. Prepare to enhance your Splunk powers! 🥳 lnkd.in/g38ii8Et
Check out our latest blog from our Red Team about EDR evasion through malware virtualisation: blog.fox-it.com/2024/09/25/red…
Say hello to Dissect summer release V.3.15! · Major rewrite of dissect core engine – cstruct v.4.0 is now released! · Target tools usability improvements · MPLog parser added to Windows defender plugin · Identification of Windows 11 improved Release 3.15 · fox-it/dissect · GitHub
🚀 Our open-source Dissect project now supports reading Fortinet firmware files! 🛡️ Easily mount, browse or dump FortiGate firmware files hassle-free with Dissect. No extra steps needed! #Dissect #Fortinet #FortiGate #Firmware github.com/fox-it/dissect…
Check out our latest blog where we pluck the feathers off Android Malware Vultur's latest variants, revealing its most recent developments in masquerading malicious activity and how it maximises remote control over infected devices. blog.fox-it.com/2024/03/28/and…
🌟 Dissect Task Board Now Live! 🌟 Dive into Dissect projects, select tasks, suggest features, and code with a global community. Let's innovate together! 🔗 Look under issues in each Dissect project, or use this filter (log in needed) github.com/issues?q=is%3A…