Report an incident

Get 24/7 incident response assistance from our global team

Talk to sales

Just fill out the form, and our representative will contact you soon.

Join the Cybercrime Fighters Club

Please review the following rules before submitting your application:

1. Our main objective is to foster a community of like-minded individuals dedicated to combatting cybercrime and who have never engaged in Blackhat activities.

2. All applications must include research or a research draft. You can find content criteria in the blog. Please provide a link to your research or research draft using the form below.

Vito Alfano

Vito Alfano

Head of DFIR Practice, EU

Blog posts by Vito Alfano

Digital Forensics & Incident Response
May 8, 2025
Understanding Credential Harvesting via PAM: A Real-World Threat
Learn how attackers exploit Pluggable Authentication Modules (PAM) for credential harvesting—and discover defenses to harden Linux authentication.
29,364
Ransomware
April 30, 2025
Ransomware debris: an analysis of the RansomHub operation
This blog on RansomHub provides an overview into how this Ransomware-as-a-Service (RaaS) group operates, including its extortion tactics, affiliate recruitment strategies, and the features of its affiliate panel.
8,812
RansomHub Never Sleeps Episode 1
Ransomware
February 12, 2025
RansomHub Never Sleeps Episode 1: The evolution of modern ransomware
Discover how ransomware has evolved into a sophisticated cyber threat, with groups like RansomHub leading the charge. Learn more about their adaptability, TTPs, and the rise of Ransomware-as-a-service in this first-of-three-part trilogy.
5,153
Storm clouds on the horizon: Resurgence of TeamTNT?
Cyber Investigations
September 18, 2024
Storm clouds on the horizon: Resurgence of TeamTNT?
Investigations into recent campaigns may suggest the reemergence of TeamTNT in 2023 to present day, since evaporating in 2022.
7,634
Blog Banner PAM blog
Digital Forensics & Incident Response
September 6, 2024
The Duality of the Pluggable Authentication Module (PAM)
The Group-IB DFIR Team has identified a new technique not yet included in the MITRE ATT&CK framework, which could lead to use the module pam_exec to obtain a privileged shell on a host and grant a full persistence to a threat actor.
1,285

Webinars by Vito Alfano

Rispondi come una Rockstar!
On-Demand
June 6, 2023 · 55 min
Rispondi come una Rockstar!
Scopri come il gruppo di Digital Forensics e Incident Response di Group-IB combatte i criminali i...