Profiling Attackers Series

Written by Admin | Apr 1, 2020 4:00:00 AM

I have recently been posting a number of blogs regarding the usage of the RSA NeWitness Platform to detect attackers within your environment. As the list of the blogs grow, it is becoming increasingly difficult to navigate through them easily. In order to combat this, this blog post will contain references to all other blog posts in the Profiling Attackers Series, and will be updated when new posts are made.

Command and Control
Using RSA NetWitness to Detect Command and Control: PoshC2
Detecting Command and Control in RSA NetWitness: PowerShell Empire
Detecting Command and Control in RSA NetWitness: Koadic
Detecting Command and Control in RSA NetWitness: Metasploit
Detecting Command and Control in RSA NetWitness: Cobalt Strike
Using RSA NetWitness to Detect Command and Control: PoshC2 v5.0 
Using RSA NetWitness to Detect C&C: WEASEL 
Using RSA NetWitness to Detect C&C: ReverseTCP Shell 
Using RSA NetWitness to Detect C&C: Covenant (Guest Blogger: Chris Thomas)
Using the RSA NetWitness Platform to Detect C&C: goDoH
Detecting DNS tunneling in RSA NetWitness: DNS2TCP (Guest Blogger: Marco **bleep**gian‌)
Throwback C2 Thursday
Using RSA NetWitness to Detect HTTP Asynchronous Reverse Shell (HARS)
Using RSA NetWitness to Detect Chaos C2 
Lateral Movement
Detecting Lateral Movement in RSA NetWitness: WMI
Detecting Lateral Movement in RSA NetWitness: Winexe
Detecting Lateral Movement in RSA NetWitness: Smbexec
Using the RSA NetWitness Platform to Detect Lateral Movement: SCShell (DCE/RPC)
Persistence
Web Shells and RSA NetWitness
Web Shells and NetWitness Part 2
Web Shells and RSA NetWitness Part 3
Using RSA NetWitness to Detect Credential Harvesting: lsassy
RATs
Using RSA NetWitness to Detect QuasarRAT 
Using RSA NetWitness to Detect Void-RAT

Special thanks to Rui Ataide for his support and guidance for these posts.
View full post