C2 Archives - Jean-Christoph von Oertzen

Webinar takeaway – Shellcode Execution with Python

jean-christoph — Thu, 12 Jan 2023 19:27:44 +0000

teaser for this Webcast, which made me attend Imagine you are pen testing a company and gain access to a Windows application server. You discover the server has application allow listing deployed, and strong EDR/XDR defensive solutions. To your excitement, you find there is a Python interpreter installed. It would be really great if you […]

The post Webinar takeaway – Shellcode Execution with Python appeared first on Jean-Christoph von Oertzen.

Webinar takeaway – The Ins and Outs of RITA

jean-christoph — Tue, 15 Mar 2022 19:21:55 +0000

My key takeaways RITA is made to detect beacons and long connections open source tool Signature based detection of malicious code is outdated Average detect time is over 6 month > 50% of compromised systems are detected by outsiders RITA is behaviour based Needs a bunch of pakets to work on min 1h, default 24h […]

The post Webinar takeaway – The Ins and Outs of RITA appeared first on Jean-Christoph von Oertzen.

Webinar takeaway – Malware of the Day

jean-christoph — Wed, 02 Mar 2022 20:27:33 +0000

My key takeaways "Malware of the Day" is about simulating one malware or exploit that was found "in the wild" why? to share with the public so that we can test our security detection abilities in place sharing (safe) PCAPs with identified C2 methods and network traffic patterns smoke detectors are not build to prevent […]

The post Webinar takeaway – Malware of the Day appeared first on Jean-Christoph von Oertzen.

Webinar takeaway: Network Protocol Abuse – How Attackers Profit by Playing by the Rules

jean-christoph — Wed, 28 Jul 2021 18:07:49 +0000

My key takeaways Analogie: north = ingress traffic south = outgress traffic east-west = lateral movement HTTP is born in 1996 HTTP status code 418: "I’m a teapot" The HTTP 418 I’m a teapot client error response code indicates that the server refuses to brew coffee because it is, permanently, a teapot. A combined coffee/tea […]

The post Webinar takeaway: Network Protocol Abuse – How Attackers Profit by Playing by the Rules appeared first on Jean-Christoph von Oertzen.

Webinar takeaway: How to Cover C&C in the MITRE ATT&CK Matrix

jean-christoph — Tue, 17 Nov 2020 16:43:46 +0000

My key takeaways Modern threats are almost impossible to detect by signatures or heuristics command and control channels (C2) now are often using common encryption like https so content analysis is not an option either Well known and legit websites are abused as C2 channels like Google Mail or O365 Even CDNs are used as […]

The post Webinar takeaway: How to Cover C&C in the MITRE ATT&CK Matrix appeared first on Jean-Christoph von Oertzen.