Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
ioc.exchange is one of the many independent Mastodon servers you can use to participate in the fediverse.
INDICATORS OF COMPROMISE (IOC) InfoSec Community within the Fediverse. Newbies, experts, gurus - Everyone is Welcome! Instance is supposed to be fast and secure.

Administered by:

Server stats:

1.3K
active users

ioc.exchange: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

Just Another Blue Teamer

and it is that time again!

The The DFIR Report has released their latest report that mentions NetSupport Manager, a remote access tool that I have not heard of before. Initial access was a zip file contained a .js file which was designed to execute an encoded PowerShell command that deployed the NetSupport tool AND established persistence through the modification of the run registry key. I would go on but you are going to have to read this report for yourself! It is so full of details that I can't begin to cover them myself! Enjoy and Happy Hunting!

NetSupport Intrusion Results in Domain Compromise
thedfirreport.com/2023/10/30/n

The DFIR Report · NetSupport Intrusion Results in Domain Compromise - The DFIR ReportNetSupport Manager is one of the oldest third-party remote access tools still currently on the market with over 33 years of history. This is the first time we will report … Read More
#CyberSecurity#ITSecurity#InfoSec
Oct 30, 2023, 03:20 PM·Public·Web
3boosts·4favorites
Public
Just Another Blue Teamer

Notable MITRE ATT&CK TTPs (from the DFIR Team):
TA0002 - Execution
T1059.001 - Command and Scripting Interpreter: PowerShell
T1047 - Windows Management Instrumentation

TA0006 - Credential Access
T1003.001 - OS Credential Dumping: LSASS Memory

TA0005 - Defense Evasion
T1562.001 - Impair Defenses: Disable or Modify Tools

TA0003 - Persistence
T1547.001 - Boot or Logon Autostart Execution: Registry Run Keys/ Startup Folder
T1053.005 - Scheduled Task/Job: Scheduled Task

List of tools:
NetSupport
schtasks
Procdump
PingCastle
SoftPerfect Netscan
Impacket

Cyborg Security Community Hunt Package to get you started!
(Request your free account)
Powershell Encoded Command Execution
hunter.cyborgsecurity.io/resea

hunter.cyborgsecurity.ioIntel 471 | HUNTER
ExploreLive feeds
About