Hunting for Suspicious DNS Communications

Introduction Adversaries are continuously developing techniques to reduce the detection rate of their malicious activities on an enterprise network; for example, they utilize stenography for data exfiltration, malicious software delivery, and covert C2 communications. This article provides an overview on detecting and hunting suspicious DNS connections in an enterprise network. Requirements In order to be… Continue reading →

Hunting ngrok Activity

Introduction Ngrok is a genuine software and mainly used by developers to expose local web servers or any other TCP service to the internet. However, ngrok is now widely abused by threat actors and abused in multiple ways including persistence & data exfiltration purposes. ngrok exposes local services to the internet by wrapping TCP connections… Continue reading →

C99.sh

. . . Security Focus . . .

Post Category → Threat Hunting

Hunting for Suspicious DNS Communications

Hunting ngrok Activity