Hiren Sadhwani

🎤 Thrilled to have spoken at the SANS #RansomwareSummit 2025! Big thanks to @rj_chap & @maridegrazia for hosting, @MindsEyeCCF for the awesome graphic recording, and all the attendees for being a fantastic audience! Grateful to the @sansforensics team for the opportunity.

#HuntingTipOfTheDay: you know how to spot/decode Base64 or XOR in PowerShell… but what about SecureString? This AES-based encryption is native to PowerShell; attackers have been seen to use this for PowerShell obfuscation. 🔍 Hunt for known SecureString decoding commands

My talk at SANS #RansomwareSummit 2025 is officially uploaded now on YT youtu.be/JgiLBSWwrSs?fe…

OSINT tool that can allow you to have a good opsec whatsmyname.app Dangling accounts can lead to you being exposed. What is your favorite tools that are similiar to this one?

A teammate of mine worked on an interesting incident where the attackers connected to the backup server via RDP, launched the Chrome browser, and searched on Google for "VirtualBox". The VirtualBox installer was then downloaded to the home directory of the compromised user:…

#PakistanStabsIran The famous unprecedented lunch between POTUS & Munir on 18 June 2025 21 June 2025 #PakistanNominatesTrump for Nobel Peace Prize Here is the move towards Peace 22 June 2025 So, finally #America has joined #IranIsraelConflict Let's wait and watch what is…

If I were to start a new job at a company, and if I have one (security-related) wish .. If I could pick anything, I’d ask for a clear naming convention for all computers and servers. Additionally, I’d want DHCP and security logs to be stored centrally in a SIEM system. That way,…

"Real Time Detection & Response" - Something happens on the system a log gets generated. (fraction of milliseconds are lost) - An local engine matches on it and generate something to send (a couple more milliseconds / seconds are lost) - Time to send that thing to the other…

"But in Q1, we also saw a new social engineering lure where the attackers started using fake website cookie banners to spread malware. A cookie banner, which is required for GDPR compliance, is a pop-up message displayed on a website to inform users about the use of cookies and…

Yes, LLMs don’t think. Apple’s paper shows they fail at logic. But they guess so well, they already outperform mediocre white-collar work – junior coding, copywriting, design, even legal boilerplate. The risk isn’t in jobs that require real thinking. It’s in the ones where…

Windows SMB Client Elevation of Privilege Vulnerability CVSS Score: 8.8 Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Do I have to say more? msrc.microsoft.com/update-guide/v…

Cybersecurity Alert: Registered on June 7th, wwdc25[.]com hosts a #scam site impersonating the official WWDC25 event. It promotes a fake #cryptocurrency giveaway to steal funds. Do not send any cryptocurrency to the wallet addresses listed! Details at bit.ly/4mN0RCK

📢 Next up | Hiren Sadhwani is showing how to spot #Malware like Lumma Stealer & Bumblebee before #Ransomware operators get their hands on your network. ➡️ Join FREE online: sans.org/u/1yCa #RansomwareSummit #ThreatHunting #DFIR

👉 Hiren Sadhwani shares traditional TTPs like #Phishing & RDP exploits still work, but attackers are getting creative with: ‣ ClickFix / fake CAPTCHAs ▸ Email bombing + MS Teams spoofing ▸ Quishing (QR code phishing) ▸ SEO poisoning #RansomwareSummit #ThreatIntel #DFIR

I updated the slide on common entry vectors. Revised some wording, added realistic examples (Exchange, Ivanti, …) and simplified countermeasures. Still not trying to cover everything – just the obvious stuff. Box size still roughly reflects prevalence. Feedback welcome.

📣 Starting soon! | Join @rj_chap & @maridegrazia for SANS #RansomwareSummit! Today's agenda is packed with in-depth talks focused on #ransomware prevention, detection, response, & recovery. ➡️ There's still time to register & join us for FREE: sans.org/u/1yCa #DFIR

Join us for a free webcast at the SANS #RansomwareSummit happening Friday, May 30 at 10:30 AM ET. ⏯️ Recording included with registration! Register Free: sans.org/u/1AZb #Cybersecurity #BlueTeamTools #DigitalResilience #CyberOps

Operation #CyberShakti Phase 1: A massive cyber attack was launched against the terrorist state Pakistan by the regular every day civilians of India. This costed Pakistan millions of dollars in damages in the last 24hrs alone. Our mission is simple: to decimate every last…

Pakistan's military spokesperson Lt Gen Ahmed Sharif while talking to CNN (as reported by Pak reporters) claims that two Indian jets have been shot down. But Pak airspace being monitored by OSINT handles show no such activity. Disinformation to Intl media by Pak

We release open source detection rules and tools so that people without a budget can still defend themselves. It’s the spirit behind a lot of community work: help others stand a chance, even without a SOC, a commercial EDR, or a red team to simulate threats. So it always feels a…