Anton
@antonlovesdnb
Blue Team stuff | Trying to be a decent human being | @munkschool Grad | Hunt & Response @HuntressLabs
ID: 4239009755
https://course.constructingdefense.com/constructing-defense 21-11-2015 02:40:30
5,5K Tweet
4,4K Takipçi
3,3K Takip Edilen
These queries by Mehmet Ergene are straight 🔥 github.com/Cyb3r-Monk/Thr… Can be adapted as long as your telemetry has decent process info, super powerful for hunting and looking at huge amounts of process-related telemetry.
My guest blog as an intern at the SANS.edu Internet Storm Center has gone live :) Hunting for malicious phishing domains using DNSTwist & the ISC's Newly Registered Domains API. isc.sans.edu/diary/31188
Today’s the day! Very proud of the immense work Huntress analysts Jai Minton and Craig put into this lengthy walk through of an intrusion with strong overlap of OceanLotus TTPs. Thank you to Greg Linares (Laughing Mantis) for supporting this investigation as well!
Today we shine light on a long-standing intrusion which aligns with #OceanLotus / #APT32 🌺 intelligence gathering. 👇 Multiple backdoors, custom malware, steganography, and stealthy persistence. Thanks to Craig and Greg Linares (Laughing Mantis) CC: Huntress huntress.com/blog/advanced-…