"were still getting robbed. i ’ m sure all financial services institutions suffer from some measure of loss due to fraudulent transactions. but ffsi bank ( “ fictitious financial services institution bank, ” because that ’ s just how creative i am ) was seeing a significant increa…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.004Digital Certificates
74%
"in the “ index of ” image above. a smoking gun and a gold mine in one fell swoop! what about other potentially malicious sites? let ’ s pull on the “ certificate ” thread and see what we can find! next, i visited https : / / search. censys. io to leverage their certificate servic…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.003Code Signing Certificates
56%
"in the “ index of ” image above. a smoking gun and a gold mine in one fell swoop! what about other potentially malicious sites? let ’ s pull on the “ certificate ” thread and see what we can find! next, i visited https : / / search. censys. io to leverage their certificate servic…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.003Code Signing Certificates
40%
"/ legit. but i noticed a pattern of three or four certificates with “ common name ” ( cn ) and a slight misspelling of the word “ bank ” ( as above ). re - running the search and filtering on “ let ’ s encrypt ” as a certificate services provider, it became clear that there were …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.004Digital Certificates
32%
"/ legit. but i noticed a pattern of three or four certificates with “ common name ” ( cn ) and a slight misspelling of the word “ bank ” ( as above ). re - running the search and filtering on “ let ’ s encrypt ” as a certificate services provider, it became clear that there were …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1657Financial Theft
30%
"osint for incident response ( part 2 ) osint for incident response ( part 2 ) be sure to read part 1! metadata and a new - fashioned bank robbery let ’ s face it, some cases are just more interesting than others and, when you do incident response for a living, you ’ ve got to fin…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Be sure to read PART 1! Metadata and a New-Fashioned Bank Robbery Let’s face it, some cases are just more interesting than others and, when you do incident response for […]
