Connecting the Dots in a Malicious Campaign with Graph Analysis

Many times, members of incident response teams get hints from different sources on malicious activity occurring in their environment. The so-called indicators of compromise (IOCs) include the IP address or the domain name of a compromised web site, a user-agent string used by a known threat actor or a URL format commonly used in a…

Read More
Nov 23 - MG_Shellish

Detecting and Investigating Webshells – Another Reason for Deepening Your Security Visibility

What would you call a piece of code or a script that runs on a server and enables remote server administration?  If you answered – “Webshell” – you would be correct.  While often used for legitimate administrative purposes, it is also a favored technology used by attackers for illegitimate purposes.  Attackers often infiltrate externally accessible…

Read More