File timestamps preserved inside a 9.1GB archive found on a Chinese threat actor's staging server let us reconstruct a complete intrusion: WordPress web shell to DirtyPipe container escape, socat tunnelling, fscan credential spray across 164 government machines, and 754MB of internal GitLab source code — all in eight weeks.
grep -rl "gitlab" ./posts
#gitlab
1 match