The DFIR Report
@thedfirreport.bsky.social
"Checking the registry and network traffic, we could identify ranges they scanned. They most likely ran several scans in Advanced IP scanner. We found evidence of scans for private IP ranges as well as multiple public IP ranges belonging to Microsoft and other entities..."
October 20, 2025 at 12:14 AM
"Checking the registry and network traffic, we could identify ranges they scanned. They most likely ran several scans in Advanced IP scanner. We found evidence of scans for private IP ranges as well as multiple public IP ranges belonging to Microsoft and other entities..."
We identified a malvertising campaign targeting users searching for legitimate software, leading to the download of a trojanized WinSCP installer that deployed Broomstick/OysterLoader.
All files involved in the initial access phase were signed with valid certificates.
All files involved in the initial access phase were signed with valid certificates.
October 16, 2025 at 1:29 PM
We identified a malvertising campaign targeting users searching for legitimate software, leading to the download of a trojanized WinSCP installer that deployed Broomstick/OysterLoader.
All files involved in the initial access phase were signed with valid certificates.
All files involved in the initial access phase were signed with valid certificates.
DFIR Challenge Weekend Recap!
The challenge is complete! A massive thank you to everyone who participated in our latest DFIR Challenge!
Big shoutout to the top finishers who untangled the whole thing:
🥇 Jason Phang Vern Onn
🥈 Marko Yavorskyi
🥉 Bohdan Hrondzal
The challenge is complete! A massive thank you to everyone who participated in our latest DFIR Challenge!
Big shoutout to the top finishers who untangled the whole thing:
🥇 Jason Phang Vern Onn
🥈 Marko Yavorskyi
🥉 Bohdan Hrondzal
September 29, 2025 at 11:37 PM
DFIR Challenge Weekend Recap!
The challenge is complete! A massive thank you to everyone who participated in our latest DFIR Challenge!
Big shoutout to the top finishers who untangled the whole thing:
🥇 Jason Phang Vern Onn
🥈 Marko Yavorskyi
🥉 Bohdan Hrondzal
The challenge is complete! A massive thank you to everyone who participated in our latest DFIR Challenge!
Big shoutout to the top finishers who untangled the whole thing:
🥇 Jason Phang Vern Onn
🥈 Marko Yavorskyi
🥉 Bohdan Hrondzal
🌟New report out today!🌟
From a Single Click: How Lunar Spider Enabled a Near Two-Month Intrusion
Analysis/reporting completed by @RussianPanda, Christos Fotopoulos, Salem Salem, reviewed by @svch0st.
Audio: Available on Spotify, Apple, YouTube and more!
Report:⬇️
From a Single Click: How Lunar Spider Enabled a Near Two-Month Intrusion
Analysis/reporting completed by @RussianPanda, Christos Fotopoulos, Salem Salem, reviewed by @svch0st.
Audio: Available on Spotify, Apple, YouTube and more!
Report:⬇️
September 29, 2025 at 2:49 PM
🌟New report out today!🌟
From a Single Click: How Lunar Spider Enabled a Near Two-Month Intrusion
Analysis/reporting completed by @RussianPanda, Christos Fotopoulos, Salem Salem, reviewed by @svch0st.
Audio: Available on Spotify, Apple, YouTube and more!
Report:⬇️
From a Single Click: How Lunar Spider Enabled a Near Two-Month Intrusion
Analysis/reporting completed by @RussianPanda, Christos Fotopoulos, Salem Salem, reviewed by @svch0st.
Audio: Available on Spotify, Apple, YouTube and more!
Report:⬇️
"Once the victim uncompressed the zip, they clicked the Windows Shortcut file John-_Shimkus.lnk which executed the infection flow.
Of note, the image 2.jpg that was alongside the payload in the .zip was not used by the malware. We assess that it was likely used to “pad” the..."
Of note, the image 2.jpg that was alongside the payload in the .zip was not used by the malware. We assess that it was likely used to “pad” the..."
September 23, 2025 at 11:19 PM
"Once the victim uncompressed the zip, they clicked the Windows Shortcut file John-_Shimkus.lnk which executed the infection flow.
Of note, the image 2.jpg that was alongside the payload in the .zip was not used by the malware. We assess that it was likely used to “pad” the..."
Of note, the image 2.jpg that was alongside the payload in the .zip was not used by the malware. We assess that it was likely used to “pad” the..."
"Two of the binaries observed in this attack were masquerading as products from well-known and reputable security vendors.
The first binary, GT_NET.exe is associated with Grixba, a custom data-gathering tool used by the Play ransomware group. Its metadata was crafted to..."
The first binary, GT_NET.exe is associated with Grixba, a custom data-gathering tool used by the Play ransomware group. Its metadata was crafted to..."
September 22, 2025 at 10:10 PM
"Two of the binaries observed in this attack were masquerading as products from well-known and reputable security vendors.
The first binary, GT_NET.exe is associated with Grixba, a custom data-gathering tool used by the Play ransomware group. Its metadata was crafted to..."
The first binary, GT_NET.exe is associated with Grixba, a custom data-gathering tool used by the Play ransomware group. Its metadata was crafted to..."
"The Zoom installer was created using Inno Setup, a free installer for Windows programs, and served as the delivery mechanism for a multi-stage malware deployment and execution chain.
The trojanized installer was a downloader, more publicly known as “d3f@ckloader”, and is..."
The trojanized installer was a downloader, more publicly known as “d3f@ckloader”, and is..."
September 21, 2025 at 1:05 PM
"The Zoom installer was created using Inno Setup, a free installer for Windows programs, and served as the delivery mechanism for a multi-stage malware deployment and execution chain.
The trojanized installer was a downloader, more publicly known as “d3f@ckloader”, and is..."
The trojanized installer was a downloader, more publicly known as “d3f@ckloader”, and is..."
"On the eleventh day, the threat actor began a ransomware deployment. This final stage included the preparatory steps to deploy across the network. The process started with the execution of a batch script named SETUP.bat, which created a staging file share..."
September 20, 2025 at 8:54 PM
"On the eleventh day, the threat actor began a ransomware deployment. This final stage included the preparatory steps to deploy across the network. The process started with the execution of a batch script named SETUP.bat, which created a staging file share..."
"On the second day of the intrusion, Confluence was exploited multiple times over a roughly twenty-minute period from the IP address 109.160.16[.]68. No link was found from this IP to the other activity detailed so far in the report leading us to assess this was likely a ..."
September 19, 2025 at 11:58 PM
"On the second day of the intrusion, Confluence was exploited multiple times over a roughly twenty-minute period from the IP address 109.160.16[.]68. No link was found from this IP to the other activity detailed so far in the report leading us to assess this was likely a ..."
🌟New report out today!🌟
Blurring the Lines: Intrusion Shows Connection With Three Major Ransomware Gangs
Analysis and reporting completed by @r3nzsec, @EncapsulateJ, @rkonicekr, & Adam Rowe
Audio: Available on Spotify, Apple, YouTube and more!
Report:⬇️
Blurring the Lines: Intrusion Shows Connection With Three Major Ransomware Gangs
Analysis and reporting completed by @r3nzsec, @EncapsulateJ, @rkonicekr, & Adam Rowe
Audio: Available on Spotify, Apple, YouTube and more!
Report:⬇️
September 8, 2025 at 2:47 PM
🌟New report out today!🌟
Blurring the Lines: Intrusion Shows Connection With Three Major Ransomware Gangs
Analysis and reporting completed by @r3nzsec, @EncapsulateJ, @rkonicekr, & Adam Rowe
Audio: Available on Spotify, Apple, YouTube and more!
Report:⬇️
Blurring the Lines: Intrusion Shows Connection With Three Major Ransomware Gangs
Analysis and reporting completed by @r3nzsec, @EncapsulateJ, @rkonicekr, & Adam Rowe
Audio: Available on Spotify, Apple, YouTube and more!
Report:⬇️
🚨 New Lab Just Released: Specter’s Domain Heist – Private Case #35218
This lab is based on a detailed intrusion from our private case repositories 👇
📥 Workstation Compromise ➡️ Persistent Access ➡️ Discovery➡️ Privilege Escalation ➡️ Lateral Movement ➡️ Data Exfil
Link 👇
This lab is based on a detailed intrusion from our private case repositories 👇
📥 Workstation Compromise ➡️ Persistent Access ➡️ Discovery➡️ Privilege Escalation ➡️ Lateral Movement ➡️ Data Exfil
Link 👇
September 3, 2025 at 8:10 PM
🚨 New Lab Just Released: Specter’s Domain Heist – Private Case #35218
This lab is based on a detailed intrusion from our private case repositories 👇
📥 Workstation Compromise ➡️ Persistent Access ➡️ Discovery➡️ Privilege Escalation ➡️ Lateral Movement ➡️ Data Exfil
Link 👇
This lab is based on a detailed intrusion from our private case repositories 👇
📥 Workstation Compromise ➡️ Persistent Access ➡️ Discovery➡️ Privilege Escalation ➡️ Lateral Movement ➡️ Data Exfil
Link 👇
🚨 Search for software, end up getting ransomware!
SEO-driven #Bumblebee malware campaigns observed throughout July led to domain compromise, data theft & #Akira ransomware. Tools included #AdaptixC2 & #Netscan.
thedfirreport.com/2025/08/05/f...
SEO-driven #Bumblebee malware campaigns observed throughout July led to domain compromise, data theft & #Akira ransomware. Tools included #AdaptixC2 & #Netscan.
thedfirreport.com/2025/08/05/f...
From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira
Overview Bumblebee malware has been an initial access tool used by threat actors since late 2021. In 2023 the malware was first reported as using SEO poisoning as a delivery mechanism. Recently in …
thedfirreport.com
August 5, 2025 at 12:39 PM
🚨 Search for software, end up getting ransomware!
SEO-driven #Bumblebee malware campaigns observed throughout July led to domain compromise, data theft & #Akira ransomware. Tools included #AdaptixC2 & #Netscan.
thedfirreport.com/2025/08/05/f...
SEO-driven #Bumblebee malware campaigns observed throughout July led to domain compromise, data theft & #Akira ransomware. Tools included #AdaptixC2 & #Netscan.
thedfirreport.com/2025/08/05/f...
🚨 New: DFIR Labs Pro Tier is here!
🎯 Smarter investigations with:
• 🧠 AI Timeline Builder (w/ IOCs + notes)
• ⏱️ More lab time + extension credits
• 📊 Analytics dashboard w/ tailored insights
🔗 Dive in: dfirlabs.thedfirreport.com/subscription...
🎯 Smarter investigations with:
• 🧠 AI Timeline Builder (w/ IOCs + notes)
• ⏱️ More lab time + extension credits
• 📊 Analytics dashboard w/ tailored insights
🔗 Dive in: dfirlabs.thedfirreport.com/subscription...
DFIR Labs - Subscription Plans
dfirlabs.thedfirreport.com
July 23, 2025 at 1:13 PM
🚨 New: DFIR Labs Pro Tier is here!
🎯 Smarter investigations with:
• 🧠 AI Timeline Builder (w/ IOCs + notes)
• ⏱️ More lab time + extension credits
• 📊 Analytics dashboard w/ tailored insights
🔗 Dive in: dfirlabs.thedfirreport.com/subscription...
🎯 Smarter investigations with:
• 🧠 AI Timeline Builder (w/ IOCs + notes)
• ⏱️ More lab time + extension credits
• 📊 Analytics dashboard w/ tailored insights
🔗 Dive in: dfirlabs.thedfirreport.com/subscription...
🚨 New Interlock RAT variant spotted!
Researchers from The DFIR Report, in partnership with Proofpoint, have identified a new and resilient variant of the Interlock ransomware group’s remote access trojan (RAT).
🔎 thedfirreport.com/2025/07/14/k...
#DFIR #KongTuke #InterlockRAT #FileFix
Researchers from The DFIR Report, in partnership with Proofpoint, have identified a new and resilient variant of the Interlock ransomware group’s remote access trojan (RAT).
🔎 thedfirreport.com/2025/07/14/k...
#DFIR #KongTuke #InterlockRAT #FileFix
KongTuke FileFix Leads to New Interlock RAT Variant
Researchers from The DFIR Report, in partnership with Proofpoint, have identified a new and resilient variant of the Interlock ransomware group’s remote access trojan (RAT). This new malware,…
thedfirreport.com
July 14, 2025 at 11:36 AM
🚨 New Interlock RAT variant spotted!
Researchers from The DFIR Report, in partnership with Proofpoint, have identified a new and resilient variant of the Interlock ransomware group’s remote access trojan (RAT).
🔎 thedfirreport.com/2025/07/14/k...
#DFIR #KongTuke #InterlockRAT #FileFix
Researchers from The DFIR Report, in partnership with Proofpoint, have identified a new and resilient variant of the Interlock ransomware group’s remote access trojan (RAT).
🔎 thedfirreport.com/2025/07/14/k...
#DFIR #KongTuke #InterlockRAT #FileFix
Reposted by The DFIR Report
📢DFIR Labs Enterprise Forensics Challenge📢
🔹 When: Aug 30, 2025 (14:00-18:00 UTC)
🔹 SIEM: Azure Log Analytics, Elastic, or Splunk
🔹 Teams: 2-3 analysts
🔹 Prizes: Top team wins! 🏆
Limited spots available.
Register Now: dfirlabs.thedfirreport.com/dfirchalleng...
🔹 When: Aug 30, 2025 (14:00-18:00 UTC)
🔹 SIEM: Azure Log Analytics, Elastic, or Splunk
🔹 Teams: 2-3 analysts
🔹 Prizes: Top team wins! 🏆
Limited spots available.
Register Now: dfirlabs.thedfirreport.com/dfirchalleng...
DFIR Labs - Digital Forensics Challenge - Enterprise Edition
dfirlabs.thedfirreport.com
June 25, 2025 at 12:27 PM
📢DFIR Labs Enterprise Forensics Challenge📢
🔹 When: Aug 30, 2025 (14:00-18:00 UTC)
🔹 SIEM: Azure Log Analytics, Elastic, or Splunk
🔹 Teams: 2-3 analysts
🔹 Prizes: Top team wins! 🏆
Limited spots available.
Register Now: dfirlabs.thedfirreport.com/dfirchalleng...
🔹 When: Aug 30, 2025 (14:00-18:00 UTC)
🔹 SIEM: Azure Log Analytics, Elastic, or Splunk
🔹 Teams: 2-3 analysts
🔹 Prizes: Top team wins! 🏆
Limited spots available.
Register Now: dfirlabs.thedfirreport.com/dfirchalleng...
🌟New report out today!🌟
Hide Your RDP: Password Spray Leads to RansomHub Deployment
Analysis and reporting completed by @tas_kmanager, @iiamaleks and UC2
🔊Audio: Available on Spotify, Apple, YouTube and more!
thedfirreport.com/2025/06/30/h...
Hide Your RDP: Password Spray Leads to RansomHub Deployment
Analysis and reporting completed by @tas_kmanager, @iiamaleks and UC2
🔊Audio: Available on Spotify, Apple, YouTube and more!
thedfirreport.com/2025/06/30/h...
Hide Your RDP: Password Spray Leads to RansomHub Deployment
Key Takeaways Initial access was via a password spray attack against an exposed RDP server, targeting numerous accounts over a four-hour period. Mimikatz and Nirsoft were used to harvest credential…
thedfirreport.com
June 30, 2025 at 11:17 AM
🌟New report out today!🌟
Hide Your RDP: Password Spray Leads to RansomHub Deployment
Analysis and reporting completed by @tas_kmanager, @iiamaleks and UC2
🔊Audio: Available on Spotify, Apple, YouTube and more!
thedfirreport.com/2025/06/30/h...
Hide Your RDP: Password Spray Leads to RansomHub Deployment
Analysis and reporting completed by @tas_kmanager, @iiamaleks and UC2
🔊Audio: Available on Spotify, Apple, YouTube and more!
thedfirreport.com/2025/06/30/h...
A New DFIR Lab is out: The Hive Ransomware Fail 🐝
A domain is under siege, can you trace the threat actor's steps? Sharpen your triage and lateral movement skills in this hands-on investigation.
➡️Difficulty: Easy
1/2
A domain is under siege, can you trace the threat actor's steps? Sharpen your triage and lateral movement skills in this hands-on investigation.
➡️Difficulty: Easy
1/2
June 27, 2025 at 2:37 PM
A New DFIR Lab is out: The Hive Ransomware Fail 🐝
A domain is under siege, can you trace the threat actor's steps? Sharpen your triage and lateral movement skills in this hands-on investigation.
➡️Difficulty: Easy
1/2
A domain is under siege, can you trace the threat actor's steps? Sharpen your triage and lateral movement skills in this hands-on investigation.
➡️Difficulty: Easy
1/2
🔎 We're Hiring: Senior Security Analyst
We're looking for a full-time Senior Security Analyst with a passion for dissecting intrusions and translating technical findings into actionable insights.
Check out the full job description and apply here 👉 forms.office.com/r/87y8wAp3gA
We're looking for a full-time Senior Security Analyst with a passion for dissecting intrusions and translating technical findings into actionable insights.
Check out the full job description and apply here 👉 forms.office.com/r/87y8wAp3gA
Microsoft Forms
forms.office.com
June 26, 2025 at 12:28 PM
🔎 We're Hiring: Senior Security Analyst
We're looking for a full-time Senior Security Analyst with a passion for dissecting intrusions and translating technical findings into actionable insights.
Check out the full job description and apply here 👉 forms.office.com/r/87y8wAp3gA
We're looking for a full-time Senior Security Analyst with a passion for dissecting intrusions and translating technical findings into actionable insights.
Check out the full job description and apply here 👉 forms.office.com/r/87y8wAp3gA
📢DFIR Labs Enterprise Forensics Challenge📢
🔹 When: Aug 30, 2025 (14:00-18:00 UTC)
🔹 SIEM: Azure Log Analytics, Elastic, or Splunk
🔹 Teams: 2-3 analysts
🔹 Prizes: Top team wins! 🏆
Limited spots available.
Register Now: dfirlabs.thedfirreport.com/dfirchalleng...
🔹 When: Aug 30, 2025 (14:00-18:00 UTC)
🔹 SIEM: Azure Log Analytics, Elastic, or Splunk
🔹 Teams: 2-3 analysts
🔹 Prizes: Top team wins! 🏆
Limited spots available.
Register Now: dfirlabs.thedfirreport.com/dfirchalleng...
DFIR Labs - Digital Forensics Challenge - Enterprise Edition
dfirlabs.thedfirreport.com
June 25, 2025 at 12:27 PM
📢DFIR Labs Enterprise Forensics Challenge📢
🔹 When: Aug 30, 2025 (14:00-18:00 UTC)
🔹 SIEM: Azure Log Analytics, Elastic, or Splunk
🔹 Teams: 2-3 analysts
🔹 Prizes: Top team wins! 🏆
Limited spots available.
Register Now: dfirlabs.thedfirreport.com/dfirchalleng...
🔹 When: Aug 30, 2025 (14:00-18:00 UTC)
🔹 SIEM: Azure Log Analytics, Elastic, or Splunk
🔹 Teams: 2-3 analysts
🔹 Prizes: Top team wins! 🏆
Limited spots available.
Register Now: dfirlabs.thedfirreport.com/dfirchalleng...
🎉 Huge News from DFIR Labs: Subscriptions are Here! 🎉
We're thrilled to announce that subscriptions are officially LIVE and we’re proud of what this means for the DFIR community 💙
1/5
We're thrilled to announce that subscriptions are officially LIVE and we’re proud of what this means for the DFIR community 💙
1/5
June 23, 2025 at 2:22 PM
🎉 Huge News from DFIR Labs: Subscriptions are Here! 🎉
We're thrilled to announce that subscriptions are officially LIVE and we’re proud of what this means for the DFIR community 💙
1/5
We're thrilled to announce that subscriptions are officially LIVE and we’re proud of what this means for the DFIR community 💙
1/5
🎉New DFIR Discussions Episode🎉
🔊Available on Spotify, Apple, & YouTube!
🎙️ We dive into our latest public report with Randy Pargman, Jake Ouellette, Kostas T., and Mangatas Tondang. Check it out and let us know what you think!
open.spotify.com/episode/1SKP...
🔊Available on Spotify, Apple, & YouTube!
🎙️ We dive into our latest public report with Randy Pargman, Jake Ouellette, Kostas T., and Mangatas Tondang. Check it out and let us know what you think!
open.spotify.com/episode/1SKP...
DFIR Discussions: Another Confluence Bites the Dust: Falling to ELPACO-team Ransomware
Reports · Episode
open.spotify.com
June 16, 2025 at 12:48 PM
🎉New DFIR Discussions Episode🎉
🔊Available on Spotify, Apple, & YouTube!
🎙️ We dive into our latest public report with Randy Pargman, Jake Ouellette, Kostas T., and Mangatas Tondang. Check it out and let us know what you think!
open.spotify.com/episode/1SKP...
🔊Available on Spotify, Apple, & YouTube!
🎙️ We dive into our latest public report with Randy Pargman, Jake Ouellette, Kostas T., and Mangatas Tondang. Check it out and let us know what you think!
open.spotify.com/episode/1SKP...
⚔️Registration for the DFIR Labs Enterprise CTF is now LIVE! ⚔️
Assemble your elite SOC/IR team (up to 3 members) for a 4-hour competition to prove you're the best in the industry.
Win prizes, bragging rights, and glory! 🏆
Register now! 👉https://form.jotform.com/251605321344245
Assemble your elite SOC/IR team (up to 3 members) for a 4-hour competition to prove you're the best in the industry.
Win prizes, bragging rights, and glory! 🏆
Register now! 👉https://form.jotform.com/251605321344245
June 10, 2025 at 6:37 PM
⚔️Registration for the DFIR Labs Enterprise CTF is now LIVE! ⚔️
Assemble your elite SOC/IR team (up to 3 members) for a 4-hour competition to prove you're the best in the industry.
Win prizes, bragging rights, and glory! 🏆
Register now! 👉https://form.jotform.com/251605321344245
Assemble your elite SOC/IR team (up to 3 members) for a 4-hour competition to prove you're the best in the industry.
Win prizes, bragging rights, and glory! 🏆
Register now! 👉https://form.jotform.com/251605321344245
🎙️ New Podcast Episode Dropping Soon!
We dive into our latest public report with Randy Pargman, Jake Ouellette, Kostas T., and Mangatas Tondang.
Stay tuned for deep insights, behind-the-scenes analysis, and expert commentary from the front lines of DFIR. 🔍
We dive into our latest public report with Randy Pargman, Jake Ouellette, Kostas T., and Mangatas Tondang.
Stay tuned for deep insights, behind-the-scenes analysis, and expert commentary from the front lines of DFIR. 🔍
June 10, 2025 at 12:06 PM
🎙️ New Podcast Episode Dropping Soon!
We dive into our latest public report with Randy Pargman, Jake Ouellette, Kostas T., and Mangatas Tondang.
Stay tuned for deep insights, behind-the-scenes analysis, and expert commentary from the front lines of DFIR. 🔍
We dive into our latest public report with Randy Pargman, Jake Ouellette, Kostas T., and Mangatas Tondang.
Stay tuned for deep insights, behind-the-scenes analysis, and expert commentary from the front lines of DFIR. 🔍
🚨 That CTF finale was wild. Only 300 points between 1st and 3rd — it stayed neck-and-neck till the very last minute.
Big congrats to our winners!
🥇 @Friffnz — 5100 pts
🥈 snail — 4840 pts
🥉 forynsics — 4800 pts
Big congrats to our winners!
🥇 @Friffnz — 5100 pts
🥈 snail — 4840 pts
🥉 forynsics — 4800 pts
June 8, 2025 at 12:34 PM
🚨 That CTF finale was wild. Only 300 points between 1st and 3rd — it stayed neck-and-neck till the very last minute.
Big congrats to our winners!
🥇 @Friffnz — 5100 pts
🥈 snail — 4840 pts
🥉 forynsics — 4800 pts
Big congrats to our winners!
🥇 @Friffnz — 5100 pts
🥈 snail — 4840 pts
🥉 forynsics — 4800 pts
🚨 CTF is starting soon!🚨
Don't Miss the DFIR Labs CTF - Registration Still Open!
➡️When: Today, June 7th | 16:30–20:30 UTC
➡️➡️Register: dfirlabs.thedfirreport.com/ctf
Don't Miss the DFIR Labs CTF - Registration Still Open!
➡️When: Today, June 7th | 16:30–20:30 UTC
➡️➡️Register: dfirlabs.thedfirreport.com/ctf
🎯 THIS SATURDAY: DFIR Labs CTF 🎯
⏰ June 7 | 1630–2030 UTC
🔗 Register Now → dfirlabs.thedfirreport.com/ctf
🚀 DFIR Labs CTF is back!
💥 Only $9.99 to join
💥 Choose Elastic or Splunk
💥 Access a brand-new, unreleased case
💥 Top 5 get invited to join The DFIR Report team!
⏰ June 7 | 1630–2030 UTC
🔗 Register Now → dfirlabs.thedfirreport.com/ctf
🚀 DFIR Labs CTF is back!
💥 Only $9.99 to join
💥 Choose Elastic or Splunk
💥 Access a brand-new, unreleased case
💥 Top 5 get invited to join The DFIR Report team!
June 7, 2025 at 12:29 PM
🚨 CTF is starting soon!🚨
Don't Miss the DFIR Labs CTF - Registration Still Open!
➡️When: Today, June 7th | 16:30–20:30 UTC
➡️➡️Register: dfirlabs.thedfirreport.com/ctf
Don't Miss the DFIR Labs CTF - Registration Still Open!
➡️When: Today, June 7th | 16:30–20:30 UTC
➡️➡️Register: dfirlabs.thedfirreport.com/ctf