- Team Cymru - S2 Threat Research Team: Top C2 Frameworks
- My previous C2 detection talk: Leave Only Footprints: When Prevention Fails
- EVTX files from Leave Only Footprints: When Prevention Fails
- Sysmon: https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon
- Impacket: https://github.com/fortra/impacket
- wmiexec,py: https://github.com/fortra/impacket/blob/master/examples/wmiexec.py
- Imphash: https://www.mandiant.com/resources/blog/tracking-malware-import-hashing
Monday, April 01, 2024
Detecting Command and Control frameworks via Sysmon and Windows Event Logging
My talk: https://github.com/eric-conrad/c2-talk/
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment