Chris Sanders 🔎 🧠Investigation Scenario 🔎
A host on your network executed a process whose parent process is mftrace.exe.
What do you look for to investigate whether an incident occurred?
Saltmyhash
@saltmyhash@infosec.exchange
- 35 Followers
- 300 Following
- 382 Posts
cR0w 
Since ClickFix doesn't seem to be going away any time soon, here's another write-up on it. This one is from Cloudsek and while the TTPs described are not novel, it's another source to save to your notes.
BillI'm really not much of a threat analyst, but this breakdown of the Fog ransomware attack is fascinating. And I learned about three new-to-me tools!
https://www.securityweek.com/fog-ransomware-attack-employs-unusual-tools/
B'ad Samurai 🐐Attending a Protest
For quick reference, we've created a handy guide designed to be printed, folded, and carried in your pocket (PDF download). Now, more than ever, citizens must be able to hold those in power accountable and inspire others through the act of protest. Protecting your electronic devices and digital assets before, during,...
evacideAre you a journalist who needs advice for how to prepare your electronic devices for travel across the US border?
EFF and Freedom of the Press have you covered: https://freedom.press/digisec/blog/border-security/
BrianKrebsNew, by me: A Dark Adtech Empire Fed by Fake CAPTCHAs
Late last year, security researchers made a startling discovery: Kremlin-backed disinformation campaigns were bypassing moderation on social media platforms by leveraging the same malicious advertising technology that powers a sprawling ecosystem of online hucksters and website hackers. A new report on the fallout from that investigation finds this dark ad tech industry is far more resilient and incestuous than previously known.
https://krebsonsecurity.com/2025/06/inside-a-dark-adtech-empire-fed-by-fake-captchas/
