Tag: domain compromise

An incident response investigation uncovered an attacker who exploited a SharePoint vulnerability (CVE-2024-38094) to gain initial access. The attacker remained undetected for two weeks, moving laterally across the network and compromising the entire domain. Key tactics included installing Horoung …

This article describes a machine learning-based pipeline for detecting DNS hijacking using passive DNS data. The system processes an average of 167 million new DNS records daily, extracting 74 features from over 169 terabytes of data. Between March and September 2024, it identified 6,729 hijacking …