This Week In 4n6

Inside the Salesloft-Drift Breach: What It Means for SaaS & Identity Security In this session, Permiso’s CTO will cover:– How attackers moved from GitHub → AWS → Salesforce using stolen OAuth tokens.– Why this “all-machine” attack is a wake-up call for SaaS supply chains and NHIs.– Practical steps to detect and contain similar threats in […]

Inside the Salesloft-Drift Breach: What It Means for SaaS & Identity Security In this session, Permiso’s CTO will cover:– How attackers moved from GitHub → AWS → Salesforce using stolen OAuth tokens.– Why this “all-machine” attack is a wake-up call for SaaS supply chains and NHIs.– Practical steps to detect and contain similar threats in […]

Inside the Salesloft-Drift Breach: What It Means for SaaS & Identity Security In this session, Permiso’s CTO will cover:– How attackers moved from GitHub → AWS → Salesforce using stolen OAuth tokens.– Why this “all-machine” attack is a wake-up call for SaaS supply chains and NHIs.– Practical steps to detect and contain similar threats in […]

Inside the Salesloft-Drift Breach: What It Means for SaaS & Identity Security In this session, Permiso’s CTO will cover:– How attackers moved from GitHub → AWS → Salesforce using stolen OAuth tokens.– Why this “all-machine” attack is a wake-up call for SaaS supply chains and NHIs.– Practical steps to detect and contain similar threats in […]

Inside the Salesloft-Drift Breach: What It Means for SaaS & Identity Security In this session, Permiso’s CTO will cover:– How attackers moved from GitHub → AWS → Salesforce using stolen OAuth tokens.– Why this “all-machine” attack is a wake-up call for SaaS supply chains and NHIs.– Practical steps to detect and contain similar threats in […]

Inside the Salesloft-Drift Breach: What It Means for SaaS & Identity Security In this session, Permiso’s CTO will cover:– How attackers moved from GitHub → AWS → Salesforce using stolen OAuth tokens.– Why this “all-machine” attack is a wake-up call for SaaS supply chains and NHIs.– Practical steps to detect and contain similar threats in […]

Learn Scattered Spider’s Updated TTPs & How to Defend Against Them In this webinar, Permiso’s CTO and Head of P0 Labs Threat Research will discuss:– How Scattered Spider’s methods have evolved over the last couple of years.– Where they are focusing their attacks now, and how they are doing it.– How the Permiso platform discovers […]

Learn Scattered Spider’s Updated TTPs & How to Defend Against Them In this webinar, Permiso’s CTO and Head of P0 Labs Threat Research will discuss:– How Scattered Spider’s methods have evolved over the last couple of years.– Where they are focusing their attacks now, and how they are doing it.– How the Permiso platform discovers […]

Learn Scattered Spider’s Updated TTPs & How to Defend Against Them In this webinar, Permiso’s CTO and Head of P0 Labs Threat Research will discuss:– How Scattered Spider’s methods have evolved over the last couple of years.– Where they are focusing their attacks now, and how they are doing it.– How the Permiso platform discovers […]

Download Permiso’s CISO Guide to Detecting & Preventing Identity Attacks. The guide breaks down:– The top identity-based attack vectors across SaaS, PaaS, IaaS, and IdPs– Real-world breach examples from Okta, Snowflake, Cloudflare, and others– How adversaries exploit non-human identities and abuse MFA gaps– What CISOs must do to align identity with their broader security strategyAnd More Sponsored […]

Download Permiso’s CISO Guide to Detecting & Preventing Identity Attacks. The guide breaks down:– The top identity-based attack vectors across SaaS, PaaS, IaaS, and IdPs– Real-world breach examples from Okta, Snowflake, Cloudflare, and others– How adversaries exploit non-human identities and abuse MFA gaps– What CISOs must do to align identity with their broader security strategyAnd More Sponsored […]

Christopher Eng at Ogmini Fun CVE on Trains – Foamers Beware Expectations vs Reality – Digital Forensic Science Master’s Degree Part 9 Hackers N’ Hops CTF Hackers N’ Hops CTF – Part 2 CFP Submission – Finalizing Submission MB x MS Aviv Yaniv at Courisity is a Drug Walk Through Guide for Kusto Detective Agency […]

Akash PatelJump List Changes in Windows 10 & 11: What You Need to Know Christopher Eng at Ogmini Thinking about that Windows Notepad Windows Notepad – Application Hive Markdown Setting Zeltser Challenge – Sixth Month Accomplishments Windows Notepad – Forced Save on Detecting Manipulation? Windows Notepad – Forced Save Regression Testing Windows Notepad – Markdown […]

Akash PatelForensic Differences Between Windows 10 and Windows 11 Arman Gungor at MetaspikeHow to Prove That An Email Was Received Chris SandersA Standard for Human-Centered Investigation Playbooks Christopher Eng at Ogmini Registry Hive – Data Types Part 4 Windows Notepad – Modifying TabState or WindowState Files Windows Notepad – Windows State Editor Pre-Release BelkaCTF 7 […]

Akash PatelDigging into Google Analytics & HubSpot Cookies for Forensics Christopher Eng at Ogmini Random Thoughts – Implications of MSIX App Containerization 010 Editor – RegistryHive Binary Template Registry Hive – Revisiting Documentation Registry Hive – Data Types Registry Hive – Data Types Part 2 Registry Hive – Data Types Part 3 My Methodology for […]

Akash Patel Where Do We Begin? A Network Forensic Investigator’s Steps The Silent Journey: A Cautionary Tale in Cyber Risk John Hyla at Blue Crew ForensicsiOS Stream Names Christopher Eng at Ogmini Zeltser Challenge – Fifth Month Accomplishments 2025 New York State Cybersecurity Conference RDCMan – Cracking DPAPI w/mimikatz Windows Notepad Parser – Documentation Update […]

Akash PatelForensic Analysis of SQLite Databases Alexis Brignoni at ‘Initialization Vectors’Extraction, Processing, & Querying Apple Unified Logs from an iOS Device Alexander Fehrmann at AmpedProcessing Impression Evidence in Amped FIVE Brian MaloneyOneDrive Evolution and Schema Updates Christopher Eng at Ogmini DPAPI – Audit DPAPI Activity Remote Desktop Manager – Artifacts Remote Desktop Manager – Artifacts […]

Akash Patel Proxies in DFIR– Deep Dive into Squid Log & Cache Forensics with Calamaris and Extraction… BPF Ninja: Making Sense of Tcpdump, Wireshark, and the PCAP World Brian MaloneyOneDriveExplorer now supports Microsoft.FileUsageSync.db Christopher Eng at Ogmini Reading up on Volatility Pearson – Cyberattack Volatility3 – Windows 11 24H2 Memory Dump issues? WinFE Training – […]

Akash Patel Linux File System Analysis and Linux File Recovery: EXT2/3/4 Techniques Using Debugfs, Ext4magic &… Understanding Linux: Kernel Logs, Syslogs, Authentication Logs, and User Management Alexander Fehrmann at AmpedForensic Shoeprint Documentation and Analysis with Amped FIVE Atola TechnologyTips for Finding Evidence on Linux File Systems & Storage Devices Christopher Eng at Ogmini Revisiting ShimCache/AmCache […]

Akash Patel Understanding Rootkits: The Ultimate Cybersecurity Nightmare and Direct Kernel Object Manipulation Understanding Userland Hooks and Rootkits in Real-World Investigations Extracting Memory Objects with MemProcFS/Volatility3/Bstrings: A Practical Guide Disk Imaging (Part 1) : Memory Acquisition & Encryption Checking Digital Forensics (Part 2): The Importance of Rapid Triage Collection — Kape vs FTK Imager Amped Forensic Fingerprint Analysis: […]