The DFIR ReportSep 29, 2025

DFIR Challenge Weekend Recap!

The challenge is complete! A massive thank you to everyone who participated in our latest DFIR Challenge.

Big shoutout to the top finishers who untangled the whole thing:

πŸ₯‡ Jason Phang Vern Onn
πŸ₯ˆ Marko Yavorskyi
πŸ₯‰ Bohdan Hrondzal

The full lab from the challenge is now live, with all quiz-style questions included.
➑️ Try it via one-time access -> https://dfirlabs.thedfirreport.com/store
or subscription - > https://dfirlabs.thedfirreport.com/subscription-plans

intuentis0x0Sep 30, 2025
Show threadThe DFIR Report
And we just dropped the full report too:
πŸ“„ https://thedfirreport.com/2025/09/29/from-a-single-click-how-lunar-spider-enabled-a-near-two-month-intrusion/
From a Single Click: How Lunar Spider Enabled a Near Two-Month Intrusion

Key Takeaways The intrusion began with a Lunar Spider linked JavaScript file disguised as a tax form that downloaded and executed Brute Ratel via a MSI installer. Multiple types of malware were dep…

The DFIR Report
Sep 29, 2025 at 11:37pmWeb