Tuesday, October 27, 2020

Are You Seeing What I Am Netsyncing? Analyzing Netsync Activity with Security Onion 2

This blog post was written by Wes Lambert (@therealwlambert), with the assistance of Andrew Schwartz (@4ndr3w6S). Additional thanks go to Doug Burks (@dougburks) and Phil Plantamura (@philplantamura) for their invaluable feedback and review.

Continuing on the excellent work done by Andrew and the TrustedSec team (The Tale Of The Lost, But Not Forgotten, Undocumented Netsync: Part 2) this post is a network-based analysis of the Netsync attack via Mimikatz. Keep in mind, this analysis does not include that of host-based technologies, or the data captured/generated by them, although said data could provide even greater context and investigational capability when utilized with Security Onion.

To read the full article, please see:



No comments:

Search This Blog

Featured Post

Quick Malware Analysis: WORD MACRO --> SSLOAD --> COBALT STRIKE pcap from 2024-04-18

Thanks to Brad Duncan for sharing this pcap from 2024-04-18 on his malware traffic analysis site! Due to issues with Google flagging a warni...

Popular Posts

Blog Archive