Some time ago I had to investigate a case in which a lot of failed login events were being received in the Domain Controller of a public organization (apparently a brute force attack). The events did not show which machine was being logged on. In some cases it showed the name of the connection source machine and in others it did not.
Continue readingDate Archives → February 2023
Deobfuscating a Powershell payload of Cobalt Strike
On January 27th 2023 the chilean goverment CSIRT disclosed IOCs of a failed intrusion to an entity related with the economic sector in Chile. What was published corresponded to a hash (md5) and two IPv4 addresses. In this post we reviewed this data and try to get more information about the threat.
Continue readingHello world!
Welcome to andx86.com. First post coming soon!