FedSearch - Federated network search engine

Br3akp0int · @Br3akp0int

33 followers · 12 posts · Server infosec.exchange

Windows Registry is one of the powerful features of Windows OS that being tweak and abused by Threat actors. In this Splunk Threat Research blog we described common MITRE ATT&CK TTP’s that leverages win registry ( 8/14) including its detections, #atomicredteam testing and analysis. 😊#splunk #malware #STRT#BlueTeam #detectionengineering

https://www.splunk.com/en_us/blog/security/from-registry-with-love-malware-registry-abuses.html

#Atomicredteam #splunk #malware #strt #detectionengineering

Last updated 3 years ago

Original post

Br3akp0int · @Br3akp0int

3 followers · 1 posts · Server infosec.exchange

Open media

Sharing #STRT blog related to #AgentTesla malware analysis and detections. In this article we include some tip how you can use fakesmtp server to see the exfiltrated data in attacker side. 😀

https://splunk.com/en_us/blog/security/inside-the-mind-of-a-rat-agent-tesla-detection-and-analysis.html

1. modify #agenttesla smtp setup, disable smtp SSL

2. then setup your fake or dummy smtp server. In this analysis I use this great tool #smtpdev.

https://github.com/rnwood/smtp4dev

after the setup, you have the attacker's view as it sends the screenshot, keylogs and browser databases/info (in .zip) to your fake smtp.

for #Splunk analytics here is the link of the #agenttesla analytic story https://research.splunk.com/stories/agenttesla/

#malware #int3 #reverseengineering #BlueTeam #cybersecurity #incidentresponse

#strt #agenttesla #smtpdev #splunk #malware #int3 #reverseengineering #blueteam #cybersecurity #incidentresponse

Last updated 3 years ago

Original post

Br3akp0int · @Br3akp0int

33 followers · 12 posts · Server infosec.exchange

Open media

Sharing #STRT blog related to #AgentTesla malware analysis and detections. In this article we include some tip how you can use fakesmtp server to see the exfiltrated data in attacker side. 😀

https://splunk.com/en_us/blog/security/inside-the-mind-of-a-rat-agent-tesla-detection-and-analysis.html

1. modify #agenttesla smtp setup, disable smtp SSL

2. then setup your fake or dummy smtp server. In this analysis I use this great tool #smtpdev.

https://github.com/rnwood/smtp4dev

after the setup, you have the attacker's view as it sends the screenshot, keylogs and browser databases/info (in .zip) to your fake smtp.

for #Splunk analytics here is the link of the #agenttesla analytic story https://research.splunk.com/stories/agenttesla/

#malware #int3 #reverseengineering #BlueTeam #cybersecurity #incidentresponse

#strt #agenttesla #smtpdev #splunk #malware #int3 #reverseengineering #blueteam #cybersecurity #incidentresponse