You might be interested in …

[SANS ISC] Malicious PowerShell Using Client Certificate Authentication, (Mon, Oct 18th)

All posts, Sans-ISC

Attackers have many ways to protect their C2 servers from unwanted connections. They can check some specific headers, the user-agent, the IP address location (GeoIP), etc. I spotted an interesting PowerShell sample that implements a client certificate authentication mechanism to access its C2 server. It’s VT score is 9/56[1] (SHA256:6d3f45db0a991572a7ac8077e2fd8eec29aad99e7efa6cea5e54186ac1abc488). The certification is Base64 encoded and […]

Read More

[ThreatPost] It’s Time to Prepare for a Rise in Insider Threats

All posts, ThreatPost

Anurag Kahol, CTO at Bitglass, discusses options for detecting malicious or dangerous activity from within an organization. Source: Read More (Threatpost)

Read More

Daily NCSC-FI news followup 2021-01-02

The Week in Ransomware – January 1st 2021 – New Year Edition This holiday edition cover the latest ransomware news from the past two weeks, including known ransomware attacks and law enforcement takedowns. Over the past two weeks, we have seen ransomware attacks on scent and flavor designed Symrise, FreePBX developer Sangoma, trucking giant […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.