Cases
-
The Gentlemen
The Gentlemen: A New Affiliate's Playbook
Three day intrusion: SSL VPN credential spray, AD CS ESC1 to Domain Admin, Veeam credential theft, rclone exfiltration over SFTP, and The Gentlemen ransomware pushed through Group Policy. Tamper Protection blocked the encryptor on every host that still had it enabled, so only the unprotected hosts were encrypted.
2026-06-22
-
World Leaks
World Leaks: RDP Access Leads to Custom Exfiltration and Personalized Extortion
Two phase intrusion: RDP brute force, privacy.sexy defense kill, Cobalt Strike, SoftPerfect Network Scanner, custom Rust exfiltration tool across 6,900+ Cloudflare IPs, personalized ransom notes addressed by name to every employee. Full negotiation chats included.
2026-04-13