Today > vulnerabilities   -   You can now download lists of IOCs here!

Tag: domain compromise

2 attack reports | 0 vulnerabilities

Attack reports

Investigating a SharePoint Compromise: IR Tales from the Field

An incident response investigation uncovered an attacker who exploited a SharePoint vulnerability (CVE-2024-38094) to gain initial access. The attacker remained undetected for two weeks, moving laterally across the network and compromising the entire domain. Key tactics included installing Horoung …

credential harvesting
lateral movement
mimikatz
impacket
CVE-2024-38094
2024-11-05
domain compromise
sharepoint
fast reverse proxy (frp)
Published: November 5, 2024

Downloadable IOCs 8

Automatically Detecting DNS Hijacking in Passive DNS

This article describes a machine learning-based pipeline for detecting DNS hijacking using passive DNS data. The system processes an average of 167 million new DNS records daily, extracting 74 features from over 169 terabytes of data. Between March and September 2024, it identified 6,729 hijacking …

cybersecurity
machine learning
2024-11-05
dns hijacking
passive dns
network security
threat detection
domain compromise
Published: November 5, 2024

Downloadable IOCs 37

» Click here to see all Attack Reports «