Tag: incident-response
All the articles with the tag "incident-response".
-
Poisoned at the Source
Someone shared an interesting article. A colleague forwarded it. Three managed devices got wiped before the week was out.
-
The Midnight Beachhead: A Real-World RCE Incident on a University Network
Shortly after midnight, an attacker exploited a known vulnerability in a web-facing server at one of our international campus locations. This is what happened next.
-
Sinkhole, Bursts, and a 142-Minute Retry Timer: Reading C2 Behavior in the Logs
A phishing click led to fixed-size C2 check-ins arriving in two distinct bursts with a 142-minute gap between them. The pattern told the story before we had a verdict.
-
Anatomy of a Crypto Drainer: Phishing, a 22MB Payload, and 180 Identical Beacons
A user clicked through a phishing warning and ended up with what the evidence points to as a crypto drainer. Here's what the traffic looked like and how we assessed it.