Tag: byod
All the articles with the tag "byod".
-
Sinkhole, Bursts, and a 142-Minute Retry Timer: Reading C2 Behavior in the Logs
A phishing click led to fixed-size C2 check-ins arriving in two distinct bursts with a 142-minute gap between them. The pattern told the story before we had a verdict.
-
Anatomy of a Crypto Drainer: Phishing, a 22MB Payload, and 180 Identical Beacons
A user clicked through a phishing warning and ended up with what the evidence points to as a crypto drainer. Here's what the traffic looked like and how we assessed it.
-
PcClient.bal RAT Outbreak: Six Hosts, After-Hours Beaconing, and a Gap in Egress Policy
A single IDS alert turned into a six-host RAT cluster, all beaconing after hours on non-standard ports. The firewall didn't catch it. The IDS did.
-
Two C2 Cases, One Day: Reading the Difference Between Infected and Blocked
Two C2 investigations on the same day with very different outcomes — one confirmed infection with active beaconing, one clean block. The key was knowing what the firewall logs were actually telling me.