Insights · Category

DFIR

4 posts in DFIR, featured first then newest.

All Threat intelligence Adversary emulation DFIR Threat hunting ICS / OT Training Product Community Industry analysis

DFIR 14 Sep 2024

One letter off: how a look-alike domain and a stolen signature ran a 30-day invoice fraud

A new analyst, a trusted client, and an email that arrived at 5:45 on a Monday morning. The story of a business email compromise that turned on a single swapped character — and the forensic trail that survived a year of silence and a lawyer's denial.

By Cyberange DFIR Team

DFIR 14 May 2024

Anatomy of a ransomware breach: from one exposed RDP port to domain-wide encryption in 72 hours

A sanitized DFIR debrief of a ransomware intrusion at a large Indian manufacturer. We reconstruct the timeline from a misconfigured firewall rule and a brute-forced RDP login through Mimikatz, AV removal, PsExec lateral movement, and full-estate encryption — and the anti-forensics that nearly erased the trail.

By Cyberange DFIR Team

DFIR 14 Apr 2022

Just a marketing website: how a neglected WordPress site became a path to Domain Admin

It came in as a spam complaint. It ended at a forgotten brochure website wired into the company's domain controller, with the Domain Admin password sitting in a script on someone's desktop. A story about the assets nobody thinks are worth attacking.

By Cyberange DFIR Team

DFIR 26 May 2026

The CERT-In six-hour window: what your DFIR runbook needs to say

CERT-In Direction 70B (April 2022) requires reporting of certain cyber incidents within six hours of detection. A practical breakdown of what the clock actually measures, what your runbook needs to include, and where most organisations get the timeline wrong.

By Cyberange DFIR Consulting