Tag: c2
All the articles with the tag "c2".
-
Poisoned at the Source
Someone shared an interesting article. A colleague forwarded it. Three managed devices got wiped before the week was out.
-
The Midnight Beachhead: A Real-World RCE Incident on a University Network
Shortly after midnight, an attacker exploited a known vulnerability in a web-facing server at one of our international campus locations. This is what happened next.
-
Sinkhole, Bursts, and a 142-Minute Retry Timer: Reading C2 Behavior in the Logs
A phishing click led to fixed-size C2 check-ins arriving in two distinct bursts with a 142-minute gap between them. The pattern told the story before we had a verdict.
-
PcClient.bal RAT Outbreak: Six Hosts, After-Hours Beaconing, and a Gap in Egress Policy
A single IDS alert turned into a six-host RAT cluster, all beaconing after hours on non-standard ports. The firewall didn't catch it. The IDS did.