Tuesday, October 27, 2020

Are You Seeing What I Am Netsyncing? Analyzing Netsync Activity with Security Onion 2

This blog post was written by Wes Lambert (@therealwlambert), with the assistance of Andrew Schwartz (@4ndr3w6S). Additional thanks go to Doug Burks (@dougburks) and Phil Plantamura (@philplantamura) for their invaluable feedback and review.

Continuing on the excellent work done by Andrew and the TrustedSec team (The Tale Of The Lost, But Not Forgotten, Undocumented Netsync: Part 2) this post is a network-based analysis of the Netsync attack via Mimikatz. Keep in mind, this analysis does not include that of host-based technologies, or the data captured/generated by them, although said data could provide even greater context and investigational capability when utilized with Security Onion.

To read the full article, please see:



No comments:

Search This Blog

Featured Post

Security Onion 2.4.50 now available including some new features and lots of bug fixes!

Security Onion 2.4.50 is now available! It includes some new features for our fellow defenders and lots of bug fixes! https://docs.securityo...

Popular Posts

Blog Archive