Chris Sanders tweeted out an interesting pair of questions recently, and the simple fact is that for me to fully answer the question, the tweet thread would be just too extensive. The questions were:What are the most common reasons you go looking in … [Continue Reading]
Tips for DFIR Analysts, pt VI
Context & Finding PersistenceI was looking into an unusual mechanism for launching applications recently, and that research brought back a recurring issue I've seen time and again in the industry, specifically pivoting from one data point to another … [Continue Reading]
MiTM Cobalt Strike Network Traffic
I made a small PoC. cs-mitm. py is a mitmproxy script that intercepts Cobalt Strike traffic, decrypts it and injects its own commands. In this video, a malicious beacon is terminated by sending it an exit command. I selected a malicious beacon that … [Continue Reading]
- « Previous Page
- 1
- …
- 4
- 5
- 6
- 7
- 8
- …
- 603
- Next Page »