Using the RSA NetWitness Platform to Detect C&C: goDoH
January 12, 2020
DNS over HTTPS (DoH) was introduced to increase privacy and help prevent against the manipulation...
Detecting DNS tunneling in RSA NetWitness: DNS2TCP
January 10, 2020
When performing network forensics, all protocols should be analysed, however, some tend to be more...
Detecting Gh0st RAT in the RSA NetWitness Platform
January 9, 2020
In order to defend their network effectively, analysts need to understand the threat landscape, and...
Using RSA NetWitness to Detect Credential Harvesting: lsassy
January 6, 2020
A couple of days ago on Github, Hackndo released a tool (https://github.com/Hackndo/lsassy) that is...
Using RSA NetWitness to Detect C&C: Covenant
December 20, 2019
Introduction Having recently moved into the IR team – where I now have to actually do stuff as...
Using RSA NetWitness to Detect C&C: ReverseTCP Shell
December 18, 2019
In this blog post, I am going to cover a C&C framework called ReverseTCP Shell,. This was recently...
RSA NetWitness VLC Load Balancing + Failover
December 16, 2019
(view in My Videos) This video covers in-depth the customization / implementation of VLC load...
APT Emulation Using CALDERA
December 9, 2019
Over the past year, I have posted multiple blogs whereby I perform APT (Advanced Persistent Threat)...
Using RSA NetWitness to Detect C&C: WEASEL
December 6, 2019
I was doing some hunting through our lab traffic today and came across some strange looking...
Amazon Detective and RSA NetWitness Platform Integration
December 4, 2019
UPDATE 31 Mar 2020: Amazon Detective has been made officially GA by AWS as of today! See the notes...