Mastodawn

See how Aid4Mail helps digital forensics and eDiscovery teams fill the email evidence gaps that general-purpose platforms often miss, from cloud attachment collection to advanced recovery and AI-powered classification. https://www.forensicfocus.com/news/introducing-aid4mail-closing-email-evidence-gaps-for-investigators/ #Fookes #Aid4Mail #DigitalForensics #DFIR

Introducing Aid4Mail: Closing Email Evidence Gaps for Investigators - Forensic Focus

Forensic Focus

BSidesLuxembourg 3h ago

🎯 New #BSidesLuxembourg2026 Session Reveal!

A Phishing Trip with Fancy Bear – Analyze APT28 Malware Together! (2h Workshop) with 𝗠𝗔𝗥𝗜𝗨𝗦 𝗚𝗘𝗡𝗛𝗘𝗜𝗠𝗘𝗥

Join this beginner-friendly 2h workshop to walk through a real Fancy Bear (APT28) attack chain: targeted phishing email, a then-0day Microsoft Office exploit, multi-stage payloads, file formats, analysis methods, and the infrastructure behind it. No domain knowledge needed – we break it down step-by-step with small exercises and a validation system.

Warning: Handle real-world malware (your risk; bring charged laptop with VM like FLARE-VM/Remnux). Basics only needed: text/hex editor, browser, ZIP tool. No photos – slides provided after.

Led by Marius Genheimer: DFIR Specialist & Threat Researcher at SECUINFRA Falcon Team, malware analysis expert, and defensive security trainer. Also presented at BSides Frankfurt. https://www.linkedin.com/in/marius-genheimer/

📅 6–8 May 2026 | 09:00–17:00
📍 14, Porte de France, Esch-sur-Alzette, Luxembourg
🎟️ Tickets: https://2026.bsides.lu/tickets/
🗓️ Schedule link: https://pretalx.com/bsidesluxembourg-2026/schedule/

Dissect APT malware hands-on – OK for beginners, VM recommended! 🐻

#BSidesLuxembourg2026 #MalwareAnalysis #Conference #Workshop #Phishing #DFIR #APT #BlueTeam

Alonso Caballero / ReYDeS 3h ago

👽 El Curso de Informática Forense está disponible de manera permanente en el aula virtual con acceso inmediato. 📱 WhatsApp: https://wa.me/51949304030 🌎 https://www.reydes.com/archivos/cursos/Curso_Informatica_Forense.pdf #dfir #digitalforensics #cybersecurity #InfoSec #forensics #computerforensics #forensictools

BSidesLuxembourg 7h ago

Folks, we're proud to announce that SECUINFRA GmbH have chosen to sponsor #BSidesLuxembourg2026 and help with CTF prizes!

BTW, check out a workshop, delivered by the SECUINFRA GmbH #DFIR specialist Marius Genheimer! It will happen on May 6 as part of the #BsidesLuxembourg2026

brettshavers 13h ago

https://www.dfir.training/blog/a-practical-map-of-the-dfir-internet-marketplaces-faqs-and-fire-exits #DFIR

A Practical Map of the DFIR Internet: Marketplaces, FAQs, and Fire Exits

The right DFIR resource at the right moment is worth more than ten bookmarked sites you never learned how to use.No one DFIR website does everything well. And it shouldn’t. Trying to be everything usually means becoming mediocre at all of it. The smarter move is to know what each resource is best at and use it for that purpose. That is how I look a...

DFIR Training

Alexis Brignoni

15h ago

Latest Digital Forensics Now Podcast episode straight from the MSAB Digital Summit 2026 is available to watch on YouTube or listened to from any of your favorite podcasting directories.

Check it out:
YouTube
https://youtu.be/0otgZswj0M4

#DigitalForensics #MobileForensics #DFIR #AI

Digital Forensics Now Podcast S3 - 3

YouTube

RDP Snitch 16h ago

2026-03-17 RDP #Honeypot IOCs - 177 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
80.94.95.221 - 33
45.156.128.91 - 18
162.210.245.77 - 12

Top ASNs:
AS204428 - 39
AS396982 - 36
AS14061 - 18

Top Accounts:
Administr - 42
Test - 33
root - 18

Top ISPs:
SS-Net - 39
Google LLC - 36
DigitalOcean, LLC - 18

Top Clients:
Unknown - 177

Top Software:
Unknown - 177

Top Keyboards:
Unknown - 177

Top IP Classification:
Unknown - 87
hosting - 72
proxy - 12

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

RDP Snitch 16h ago

2026-03-17 RDP #Honeypot IOCs - 118 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
80.94.95.221 - 22
45.156.128.91 - 12
162.210.245.77 - 8

Top ASNs:
AS204428 - 26
AS396982 - 24
AS14061 - 12

Top Accounts:
Administr - 28
Test - 22
root - 12

Top ISPs:
SS-Net - 26
Google LLC - 24
DigitalOcean, LLC - 12

Top Clients:
Unknown - 118

Top Software:
Unknown - 118

Top Keyboards:
Unknown - 118

Top IP Classification:
Unknown - 58
hosting - 48
proxy - 8

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

RDP Snitch 16h ago

2026-03-17 RDP #Honeypot IOCs - 59 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
80.94.95.221 - 11
45.156.128.91 - 6
162.210.245.77 - 4

Top ASNs:
AS204428 - 13
AS396982 - 12
AS14061 - 6

Top Accounts:
Administr - 14
Test - 11
root - 6

Top ISPs:
SS-Net - 13
Google LLC - 12
DigitalOcean, LLC - 6

Top Clients:
Unknown - 59

Top Software:
Unknown - 59

Top Keyboards:
Unknown - 59

Top IP Classification:
Unknown - 29
hosting - 24
proxy - 4

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

Chris Sanders 🔎 🧠1d ago

Investigation Scenario 🔎

Browser history for an HR user shows repeated visits to chat.openai[.]com, followed by creation of C:\Users\chris\AppData\Local\Temp\cleanup[.]ps1. The file is not available, and the hash shows no matches in OSINT resources.

What do you look for to investigate whether an incident occurred?

#InvestigationPath #DFIR #SOC