APT: bot exfiltration

In the world of advanced persistent threats or APTs, techniques used by malware artifacts play an important role in communication and exfiltering information via C2s (Command & Control). In this sense, there are as many as there are protocols and services and an attacker can draw from his/her imagination. As just small examples of “tricks” for disguising illegitimate traffic as apparently normal information are:... Leer Más

Memories of an Incident Handler: “email Man in the Middle”

Some time ago I had the chance to manage a fraud security incident using a technique based on the classic Man in the Middle, but the rare thing is that the attack was not carried in the network or transport layers but in the application layer, more specifically by email. The case was as follows …... Leer Más