Network – D E C E I V E R . I O

Dynamically Changing Network Configuration

Implement a system that dynamically alters network configurations, such as IP addresses, DNS server settings, or routing tables, in response to detected attacker activity. This can be used to confuse attackers, disrupt their reconnaissance efforts, or redirect them to decoy systems.

Deceptive Network Shares

Goal: Detect attempts to access sensitive or restricted network shares.

Approach: Creating and monitoring fake network shares.

Create fake network shares with enticing names or permissions that appear to contain valuable data. Monitor any access attempts to these shares to identify attackers and gather information about their activities.

Nsocks Botnet Activity

The Nsocks botnet leverages vulnerabilities in specific Internet-facing applications, such as VMWare Horizon servers with a known critical vulnerability (CVE-2021-21972). Once compromised, the attacker uses a custom protocol over TCP for command and control (C2) communication. This protocol involves various commands to manage the botnet, including downloading and executing files, launching DDoS attacks, and stealing credentials.

Tag: Network

Dynamically Changing Network Configuration

Deceptive Network Shares

Nsocks Botnet Activity

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense