Tuesday, October 27, 2020

Are You Seeing What I Am Netsyncing? Analyzing Netsync Activity with Security Onion 2

This blog post was written by Wes Lambert (@therealwlambert), with the assistance of Andrew Schwartz (@4ndr3w6S). Additional thanks go to Doug Burks (@dougburks) and Phil Plantamura (@philplantamura) for their invaluable feedback and review.

Continuing on the excellent work done by Andrew and the TrustedSec team (The Tale Of The Lost, But Not Forgotten, Undocumented Netsync: Part 2) this post is a network-based analysis of the Netsync attack via Mimikatz. Keep in mind, this analysis does not include that of host-based technologies, or the data captured/generated by them, although said data could provide even greater context and investigational capability when utilized with Security Onion.

To read the full article, please see:



No comments:

Search This Blog

Featured Post

Security Onion 2.4.140 now available including Suricata 7.0.9, Zeek 7.0.6, and much more!

Security Onion 2.4.140 is now available including Suricata 7.0.9, Zeek 7.0.6, and much more! Component Updates The main focus of this releas...

Popular Posts

Blog Archive