Detecting the Impossible: Serverless C2 in the Cloud

Gary Golomb | July 10, 2019 | Application Security, Command And Control, Malware, Microsoft Office, threat detection

There are certain sophisticated threat behaviors that are generally considered “impossible” to detect on the network, which are both tedious and challenging for security teams to protect against. These include the use ...

Security Boulevard

Command and Control Over ICMP: Chronicles of Red Team C2

Marc Handelman | December 10, 2018 | C2, Command And Control, Information Security, Red Team

Tremendous Red Team related blog post over at Black Hills Infosec, and superbly crafted by Darin Roberts, and detailing How To C2 over ICMP... Enjoy! ...

Infosecurity.US

The MITRE ATT&CK Framework: Command and Control

Travis Smith | October 1, 2018 | ATT&CK, Command And Control, MITRE, MITRE Framework

Most malware these days has some level of Command and Control. This can be to exfiltrate data, tell the malware what instructions to execute next, or download encryption keys in the case ...

The State of Security

Critical Vulnerability Patched in Apache Struts

Lucian Constantin | August 24, 2018 | Apache Struts, Command And Control, critical vulnerability, cyberespionage, Malware, Remote Code Execution, Turla, web framework

The Apache Struts web development framework has received new security updates to address a critical vulnerability that could allow attackers to compromise web applications and servers. Apache Struts is widely used for ...

Security Boulevard

Command And Control

Detecting the Impossible: Serverless C2 in the Cloud

Command and Control Over ICMP: Chronicles of Red Team C2

The MITRE ATT&CK Framework: Command and Control

Critical Vulnerability Patched in Apache Struts

Automate Password Policy & NIST Password Guidelines

7 Cybersecurity Predictions for 2020

HITRUST & PASSWORDS: 7 Important Password Policies for HITRUST

Cybersecurity Trends to Watch in 2020