Showing Posts About
Threat Hunting
-
Riccardo Ancarani - 9 Apr 2021
Detecting Exposed Cobalt Strike DNS Redirectors
A technique was developed to detect exposed Cobalt Strike DNS redirectors by identifying DNS servers that consistently return the same IP address for all domain queries. The method involves scanning DNS servers and analyzing their response patterns to identify potential Cobalt Strike infrastructure. An internet-wide survey was conducted to validate the detection approach, revealing multiple potential Cobalt Strike DNS servers.
- 16 Oct 2015
Journey Into Hunting The Attackers
A presentation at BSides Manchester 2015 explored stealthy credential retrieval techniques used by attackers targeting Windows systems. The talk focused on methods for extracting credentials that can bypass Anti-Virus detection. Techniques discussed included using built-in Windows commands and attacker tools designed to remain undetected during system intrusions.