Tag: domain compromise

3 Attack Reports | 0 Vulnerabilities

Attack reports

The Gentlemen & SystemBC: A Sneak Peek Behind the Proxy

The Gentlemen ransomware-as-a-service program has rapidly expanded since mid-2025, claiming over 320 victims with 240 attacks occurring in early 2026. The service provides multi-platform lockers for Windows, Linux, NAS, BSD, and ESXi, enabling comprehensive coverage of corporate environments. Durin…
cobalt strike
anydesk
ransomware-as-a-service
mimikatz
systembc
lateral-movement
psexec
cobalt-strike
the gentlemen
2026-04-20
domain-compromise
esxi-encryption
group-policy-deployment
Published: April 20, 2026
Downloadable IOCs: 27

Investigating a SharePoint Compromise: IR Tales from the Field

An incident response investigation uncovered an attacker who exploited a SharePoint vulnerability (CVE-2024-38094) to gain initial access. The attacker remained undetected for two weeks, moving laterally across the network and compromising the entire domain. Key tactics included installing Horoung …
credential harvesting
lateral movement
mimikatz
impacket
CVE-2024-38094
2024-11-05
domain compromise
sharepoint
fast reverse proxy (frp)
Published: November 5, 2024
Downloadable IOCs: 8

Automatically Detecting DNS Hijacking in Passive DNS

This article describes a machine learning-based pipeline for detecting DNS hijacking using passive DNS data. The system processes an average of 167 million new DNS records daily, extracting 74 features from over 169 terabytes of data. Between March and September 2024, it identified 6,729 hijacking …
cybersecurity
machine learning
2024-11-05
dns hijacking
passive dns
network security
threat detection
domain compromise
Published: November 5, 2024
Downloadable IOCs: 37
Click here to see more Attack Reports