//
sign in
Post
by @danabra.mov
PostEmbed
by @danabra.mov
Record
by @jimpick.com
Record
by @atsui.org
+ new component
Post
1mo
Day 9: Ransomware deployment. The threat actor RDP’d from the beachhead to backup & file servers and dropped the Lynx payload “w.exe” using a compromised Domain Admin account. Full breakdown 👇 thedfirreport.com/2025/12/17/c... #DFIR #Ransomware #ThreatHunting #BlueTeam #CyberSecurity
The DFIR Report