- Malware Tunneling Data and Commands Over DNS to Bypass Firewalls
Adversaries can tunnel command and control traffic through DNS queries to bypass firewalls, even when environments restrict outbound DNS to trusted servers. Tools like dnscat2 demonstrate how easily...
- Tools Generating Domain Name Variations Used in Phishing Attacks
Phishing attackers register domain names similar to targeted organizations using techniques like bitsquatting, homoglyphs, letter repetition, transposition, and typos. Tools like dnstwist and...
- Incident Response Report Template for Threat Intelligence and Incident Response
Large-scale intrusions require organizing intelligence about adversary actions and response efforts. A threat intelligence report template leveraging the Intrusion Kill Chain, Courses of Action...
- Malware Analysis Version 6 Release of the REMnux Linux Distro for Malware Analysis
REMnux v6 updates existing malware analysis tools and introduces new ones including pedump, VolDiff, Rekall, oletools, and Docker support. Built on Ubuntu 14.04 64-bit with Debian packages, users can...
- Social Engineering Website Backup Company's Misleading "Invoices" Suggest a Scam
WebsiteBackup Company sent unsolicited letters resembling invoices to businesses, confusing recipients into thinking they owed payment for services they never ordered. The letters lacked the legally...
- Malware Conversation With a Tech Support Scammer
Tech support scammers use scareware web pages to convince visitors their PCs are infected, then employ consultative sales tactics when victims call for help. Representatives use legitimate remote...