Tag: domain compromise
2 attack reports | 0 vulnerabilities
Attack reports
Investigating a SharePoint Compromise: IR Tales from the Field
An incident response investigation uncovered an attacker who exploited a SharePoint vulnerability (CVE-2024-38094) to gain initial access. The attacker remained undetected for two weeks, moving laterally across the network and compromising the entire domain. Key tactics included installing Horoung …
Downloadable IOCs 8
Automatically Detecting DNS Hijacking in Passive DNS
This article describes a machine learning-based pipeline for detecting DNS hijacking using passive DNS data. The system processes an average of 167 million new DNS records daily, extracting 74 features from over 169 terabytes of data. Between March and September 2024, it identified 6,729 hijacking …
Downloadable IOCs 37