Threat hunting with Osquery, Part Two

Part Two – Command and Control

After gaining initial access to a device, the attackers try to establish command and control (C&C, C2) over the device with the aim to use it in following stages of the attack. For this purpose, attackers often launch malicious processes, hunting for which is the topic of this part of our blog series. We will show Osquery queries helpful in identifying processes with suspicious network activity, which can serve the attackers for easy backdoor access to the device….

Threat hunting with Osquery, Part Two

Raven – Advanced Cyber Threat Map (Simplified, Customizable, Responsive)

Free Micropatches for “RemotePotato0”, a “WON’T FIX” Local Privilege Escalation Affecting all Windows Systems

ParallelNimcalls: Nim version of MDSec’s Parallel Syscall PoC

AlphaGolang – IDApython Scripts For Analyzing Golang Binaries

Editor Picks

Hunting for samAccountName Spoofing (CVE-2021–42278) & Domain Controller Impersonation

Introducing VirusTotal Collections

Kitten.gif: Meet the Sabbath Ransomware Affiliate Program, Again

Must read

Free Micropatches for “RemotePotato0”, a “WON’T FIX” Local Privilege Escalation Affecting all Windows Systems

ParallelNimcalls: Nim version of MDSec’s Parallel Syscall PoC

AlphaGolang – IDApython Scripts For Analyzing Golang Binaries

Popular categories