Tuesday, October 27, 2020

Are You Seeing What I Am Netsyncing? Analyzing Netsync Activity with Security Onion 2

This blog post was written by Wes Lambert (@therealwlambert), with the assistance of Andrew Schwartz (@4ndr3w6S). Additional thanks go to Doug Burks (@dougburks) and Phil Plantamura (@philplantamura) for their invaluable feedback and review.

Continuing on the excellent work done by Andrew and the TrustedSec team (The Tale Of The Lost, But Not Forgotten, Undocumented Netsync: Part 2) this post is a network-based analysis of the Netsync attack via Mimikatz. Keep in mind, this analysis does not include that of host-based technologies, or the data captured/generated by them, although said data could provide even greater context and investigational capability when utilized with Security Onion.

To read the full article, please see:



No comments:

Post a Comment

Note: Only a member of this blog may post a comment.