Log4Shell: Reconnaissance and post exploitation network detection Note: This blogpost will be live-updated with new information. NCC Group’s RIFT is intending to... 2021-12-12 19:16:0 | 阅读: 15 | 收藏 | blog.fox-it.com log4j fox threshold 3600 srt

Encryption Does Not Equal Invisibility – Detecting Anomalous TLS Certificates with the Half-Space-Trees Algorithm Author: Margit Hazenbroektl;drAn approach to detecting suspicious TLS certificates using... 2021-12-7 15:18:56 | 阅读: 15 | 收藏 | blog.fox-it.com malicious anomaly trees mass network

Tracking a P2P network related to TA505 This post is by Nikolaos Pantazopoulos and Michael SandeeFor the past few months NCC Gro... 2021-12-2 09:34:6 | 阅读: 18 | 收藏 | blog.fox-it.com network grace payload ta505 php

TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access NCC Group’s global Cyber Incident Response Team have observed an increase in Clop ransomware vic... 2021-11-8 16:30:13 | 阅读: 16 | 收藏 | blog.fox-it.com serv clsid powershell ssh microsoft

Reverse engineering and decrypting CyberArk vault credential files Author: Jelle VergeerThis blog will be a technical deep-dive into Cybe... 2021-10-12 07:42:6 | 阅读: 13 | 收藏 | blog.fox-it.com cyberark software encryption restriction

SnapMC skips ransomware, steals data Over the past few months NCC Group has observed an increasing number of da... 2021-10-11 19:15:0 | 阅读: 10 | 收藏 | blog.fox-it.com windows snapmc extortion victim software

RM3 – Curiosities of the wildest banking malware fumik0_ & the RIFT TeamTL:DROur Research and Intelligence Fusion Team have been tracking... 2021-05-04 23:47:41 | 阅读: 127 | 收藏 | blog.fox-it.com rm3 856b0d0 isfb loader bots

Abusing cloud services to fly under the radar tl;drNCC Group and Fox-IT have been tracking a threat group with a wide set of interests, fr... 2021-1-12 13:53:55 | 阅读: 11 | 收藏 | blog.fox-it.com network cobalt windows victim c2

TA505: A Brief History Of Their Time Threat Intel Analyst: Antonis Terefos (@Tera0017)Data Scientist: Anne Postma (@A_Postma)1. I... 2020-11-16 23:14:29 | 阅读: 109 | 收藏 | blog.fox-it.com ta505 sdbbot getandgo packer ransomware

StreamDivert: Relaying (specific) network connections Author: Jelle VergeerThe first part of this blog will be the story of... 2020-09-10 17:14:45 | 阅读: 76 | 收藏 | blog.fox-it.com network userland software client

Machine learning from idea to reality: a PowerShell case study Detecting both ‘offensive’ and obfuscated PowerShell scripts in Splunk using Windows Event Log 4... 2020-09-02 16:55:35 | 阅读: 82 | 收藏 | blog.fox-it.com powershell windows github powerup malicious

A Second Look at CVE-2019-19781 (Citrix NetScaler / ADC) Authors: Rich Warren of NCC Group FSAS & Yun Zheng Hu of Fox-IT, in close collaboration with Fox... 2020-07-01 12:50:53 | 阅读: 99 | 收藏 | blog.fox-it.com perl attacker backdoors csd citrix

WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group Authors: Nikolaos Pantazopoulos, Stefano Antenucci (@Antelox) Michael Sandee and in close collab... 2020-06-23 21:25:57 | 阅读: 98 | 收藏 | blog.fox-it.com ransomware windows encryption victim

In-depth analysis of the new Team9 malware family Author: Nikolaos PantazopoulosCo-author: Stefano Antenucci (@Antelox)And in close collaboration... 2020-06-02 23:00:23 | 阅读: 76 | 收藏 | blog.fox-it.com loader team9 bazar windows download

LDAPFragger: Command and Control over LDAP attributes Written by Rindert KramerIntroductionA while back during a penetration test of an internal netw... 2020-03-19 19:15:18 | 阅读: 82 | 收藏 | blog.fox-it.com network crc cobalt alice segments

Hunting for beacons Author: Ruud van LuijkAttacks need to have a form of communication with their victim machines, a... 2020-01-15 20:29:06 | 阅读: 82 | 收藏 | blog.fox-it.com jitter beacon beaconing cobalt beacons

Detecting random filenames using (un)supervised machine learning Combining both n-grams and random forest models to detect malicious activity. Author: Haroen Bas... 2019-10-16 20:00:29 | 阅读: 86 | 收藏 | blog.fox-it.com filenames machine forest bigrams security

Office 365: prone to security breaches? Author: Willem Zeeman“Office 365 again?”. At the Forensics and Incident Response department of F... 2019-09-11 20:30:00 | 阅读: 92 | 收藏 | blog.fox-it.com security microsoft phishing

Using Anomaly Detection to find malicious domains Applying unsupervised machine learning to find ‘randomly generated domains.Authors: Ruud van Lui... 2019-06-11 22:00:32 | 阅读: 77 | 收藏 | blog.fox-it.com dga grams machine c2 probability

mitm6 – compromising IPv4 networks via IPv6 – Fox-IT International blog While IPv6 adoption is increasing on the internet, company networks that use IPv6 internally are... 2018-03-25 23:05:44 | 阅读: 159 | 收藏 | blog.fox-it.com wpad network windows mitm6 attacker