IT-Security company creating special security, intelligence and forensics solutions. Fox-IT is part of NCC Group.
Joined October 2008
- Tweets 1,930
- Following 298
- Followers 13,646
- Likes 644
549 Photos and videos
Dissect update
Say hello to Dissect version 3.21
- Minimum Python version is now 3.10
- New dissect.apfs project – initial support for macOS, available through the API
- Improved usability for interacting with nested targets
- Support for CramFS and Apple Sparse Image Format (ASIF)
And much more! check out the full release notes lnkd.in/ePmdCugY
3
8
461
Sharing is caring! We've uploaded malware samples from our latest Lazarus research to VirusTotal (d86c51db1a0f3c6b71b1b62a766d6daa). This includes macOS, Linux and Windows samples used by this actor, such as custom screenshotters and keyloggers. See our blogpost for the hashes: blog.fox-it.com/2025/09/01/t…
1
12
931
𝗡𝗲𝘄 𝗗𝗶𝘀𝘀𝗲𝗰𝘁 𝗿𝗲𝗹𝗲𝗮𝘀𝗲 𝘃.𝟯.𝟮𝟬.𝟭 𝗶𝘀 𝗼𝘂𝘁!
Important: deprecation notice for Python 3.9, next Dissect version will support Python 3.10 and up
- VMFS implementation rewritten from scratch
- Mounting btrfs subvolumes with target-mount enabled
- Performance improvements in dissect.util converting to Rust
- Reduced memory consumption by extfs
And much more! For full details see the release notes
github.com/fox-it/dissect/re…
1
7
671
🧀 𝗡𝗲𝘄 𝗯𝗹𝗼𝗴: "𝗧𝗵𝗿𝗲𝗲 𝗟𝗮𝘇𝗮𝗿𝘂𝘀 𝗥𝗔𝗧𝘀 𝗖𝗼𝗺𝗶𝗻𝗴 𝗳𝗼𝗿 𝗬𝗼𝘂𝗿 𝗖𝗵𝗲𝗲𝘀𝗲"
Read about PondRAT, ThemeForestRAT and RemotePE - three RATs we encountered during incident response involving the Lazarus group.
Check the indicators and don't let them steal your cheese!
#ThreatIntel #Lazarus #DFIR
blog.fox-it.com/2025/09/01/t…
8
17
3,780
🔒Great news for #DFIR folks! Dissect now supports both BitLocker & LUKS encrypted disks, making forensic analysis smoother and more comprehensive. Another step forward for digital forensics capabilities! Read more in this blog: blog.fox-it.com/2024/12/11/d… #InfoSec #DigitalForensics
3
12
1,079
Dissect release v3.17 - what's new?
🔹Support for BitLocker and LUKS encrypted disks
🔹Support for BSD Vinum volumes
🔹A new MSSQL log parser
🔹Retrieve installed Ubuntu Snap & Windows applications
🔹Now possible to create aliases in target-shell
github.com/fox-it/dissect/re…
5
8
1,203
Some of these servers show similarities with known attacker infra, like hosting *.js files. We observed compromised FortiManager devices use cURL to retrieve such files, e.g. dom.js. Another server had a file named exp-7.2.6.py, which is also a valid FortiManager version.
These are not hard links to FortiJump, but we wanted share this before going into the weekend.
#happyhunting #sharingiscaring
4
11
39
9,093
Pivoting on the SimpleHTTP server on port 443 (but not TLS) and ASN 20473 we found servers that are likely related to the #FortiJump #FortiManager CVE-2024-47575 exploitation campaign that are not yet publicly mentioned. IOCs:
* 107.191.63[.]169
* 139.180.138[.]190
* 149.28.157[.]135
* 167.179.90[.]211
* 216.238.98[.]214
* 65.20.78[.]114
These servers were observed over a period between May and October 2024. #threatintel #sharingiscaring
23
68
16,255
Our SOC detected suspicious activity from 158.247.199[.]37 directed at FortiManager ports as early as May 2024. #threatintel #fortianalyzer #fortijump
fortiguard.com/psirt/FG-IR-2…
5
27
110
26,754
Hey cyber sleuths! Dissect open source just turned two, and we're not done celebrating. Surprise! Our Dissect add-on for Splunk is now also open sourced, making your Dissect records ingestion a breeze. Prepare to enhance your Splunk powers! 🥳 lnkd.in/g38ii8Et
2
7
1,222
Check out our latest blog from our Red Team about EDR evasion through malware virtualisation: blog.fox-it.com/2024/09/25/r…
1
43
119
17,020
Say hello to Dissect summer release V.3.15!
· Major rewrite of dissect core engine – cstruct v.4.0 is now released!
· Target tools usability improvements
· MPLog parser added to Windows defender plugin
· Identification of Windows 11 improved
Release 3.15 · fox-it/dissect · GitHub
4
17
1,616
· Acquire: paths de-duplication, consistent casing of drive letters for Windows, multiple targets
github.com/fox-it/dissect/re…
863
This blog is part of a series written by various Dutch cyber security firms that have collaborated on the Cactus ransomware group, which exploits Qlik Sense servers for initial access.
blog.fox-it.com/2024/04/25/s…
14
1,472
🚀 Our open-source Dissect project now supports reading Fortinet firmware files! 🛡️ Easily mount, browse or dump FortiGate firmware files hassle-free with Dissect. No extra steps needed! #Dissect #Fortinet #FortiGate #Firmware
github.com/fox-it/dissect.ta…
1
7
32
2,291
Check out our latest blog where we pluck the feathers off Android Malware Vultur's latest variants, revealing its most recent developments in masquerading malicious activity and how it maximises remote control over infected devices. blog.fox-it.com/2024/03/28/a…
6
7
1,136
🌟 Dissect Task Board Now Live! 🌟
Dive into Dissect projects, select tasks, suggest features, and code with a global community. Let's innovate together!
🔗 Look under issues in each Dissect project, or use this filter (log in needed) github.com/issues?q=is:ope…
1
2
9
815
- Support for Windows installations on drive letters other than C:\
- Support for Linux systems mounts by label
Check out all features and plugins improvements in the release notes! github.com/fox-it/dissect/re…
2
3
600