
Lee Kirkpatrick
Lee is an experienced Incident Lead with the Sophos Incident Response Team, specializing in digital forensics and incident response for a diverse global clientele. With over a decade of expertise, Lee has tackled cyber threats ranging from ransomware to nation-state attacks and has shared insights at prestigious events including BlackHat and RSA Charge.
Content by Lee Kirkpatrick

Security Operations
Threat Research
Credentials
Featured
incident response
Privacy
qilin
Ransomware
Qilin ransomware caught stealing credentials stored in Google Chrome
August 22, 2024

Security Operations
Threat Research
AnyDesk
Featured
incident response
mad liberator
malware
Social engineering
Don’t get Mad, get wise
August 13, 2024

Security Operations
Threat Research
data extraction
DFIR
Encryption
Featured
incident response
MDR
Ransomware
Sophos X-Ops
virtual machine
Extracting data from encrypted virtual disks: six seven methods
May 13, 2024

Security Operations
Threat Research
Active Adversary
Active Adversary Report
Featured
incident response
Incident response tools
MDR
RDP
Sophos X-Ops
Remote Desktop Protocol: The Series
March 20, 2024

Security Operations
incident response
Incident response tools
MDR
RDP
Sophos X-Ops
Remote Desktop Protocol: Exposed RDP (is dangerous)
March 20, 2024

Security Operations
incident response
Incident response tools
MDR
RDP
Sophos X-Ops
Remote Desktop Protocol: Queries for Investigation
March 20, 2024

Security Operations
incident response
Incident response tools
MDR
RDP
Sophos X-Ops
Remote Desktop Protocol: How to Use Time Zone Bias
March 20, 2024

Security Operations
incident response
Incident response tools
MDR
RDP
Sophos X-Ops
Remote Desktop Protocol: Executing the 4624_4625 Login Query
March 20, 2024

Security Operations
incident response
Incident response tools
MDR
query
RDP
Sophos X-Ops
Remote Desktop Protocol: Executing the External RDP Query
March 20, 2024