DLL Hijacking via Cobalt Strike & Attack Analysis.
Hijack Execution Flow
Adversaries may execute their own malicious payloads by hijacking the way operating systems run…
Malleable C2 — jQuery profiles.
Cobalt Strike — SpawnTo and Rundll32.
PCAP & VT Analysis — Rundll32 connecting over TCP to Cobalt Strike C2.
Cobalt Strike Malleable C2 User-Agents.
Malleable C2 profiles have been widely adopted and used by Cobalt Strike, a popular framework used by Red Teamers, APT’s…
Legit healthcare company.
Investigating Windows Server 2016 Part One
Investigating compromised windows server.
Windows component tools used during the investigation
Net user: The Net utility is a component of the Windows…
Threat Intel Tips and Shodan queries
ReliableSite, Leaseweb, ITL-Bulgaria, and HostKey Infrastructure are good examples but you can also look for and monitor other ISP’s/orgs.
org:”ReliableSite.Net LLC” port:”443" HTTP/1.1 404 Not Found Content-Length: 0