In order to defend their network effectively, analysts need to
understand the threat landscape, and more specifically how individual
threats present themselves in their tools. With that in mind, I started
researching common Remote Access Trojans/Tool...
On a recent engagement, I took a different approach to finding possible
malicious files entering the customer's network. Rather than focusing on
the e-mail, I looked for any RAR, macro-enabled office documents, and
portable executable files (PE) ente...
A question was posed to our team by one of the engineers; had we seen
the new Chrome and Microsoft zero-day exploits using RSA NetWitness
Endpoint? I honestly didn't even know about these exploits and so I had
to do some research. I found the initial...
During a recent customer engagement, I found the "customtcp shell" meta
with some very interesting sessions. All of the traffic was using what
appeared to be custom encryption and the destination IP was based in
Korea. Of course, I knew this couldn't...
Hey Jonathan, so this traffic is benign as it's a mobile messaging app
that uses a custom protocol to communicate. If you see the "customtcp
shell" meta outside of the traffic mentioned here in this blog that
would be a different topic. Is that what ...