"on the first touchpoint with the client, i knew their primary tld ( top - level domain ) and jumped right into my “ 5 - minute osint ” routine. first ( drum roll please! ), my email enumeration secret weapon : “ name server lookup ” ( ba - dum - bum - ching! ). yep, good ‘ ol “ n…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1486Data Encrypted for Impact
72%
"frequently the internet. osint can quickly and easily give us visibility into what the internet knows about the client organization. if the internet knows, the threat actors know, and as incident responders, we need to know! as a dfir consultant, an engagement begins with client …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1021.001Remote Desktop Protocol
59%
"or ‘ ip : 10. 1. 0. 128 / 25 ’ leakix. net example : https : / / leakix. net “ service ” – ip : ” 10. 1. 0. 128 / 25 ” remember, this is not deep - dive analysis. it should take longer to read this post than to perform the actual queries! i ’ m just doing a quick “ attack surface…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1563.002RDP Hijacking
37%
"or ‘ ip : 10. 1. 0. 128 / 25 ’ leakix. net example : https : / / leakix. net “ service ” – ip : ” 10. 1. 0. 128 / 25 ” remember, this is not deep - dive analysis. it should take longer to read this post than to perform the actual queries! i ’ m just doing a quick “ attack surface…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1571Non-Standard Port
31%
"or two, i took a stab at the range of addresses in use by the client, e. g. “ 10. 1. 0. 128 / 25 ” or “ 10. 1. 0. 129 - 140 ” ( that ’ s a private address range, i ’ m just using it as an example here ) and headed to shodan. io. if you don ’ t have a shodan. io account, then you …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Being a digital forensics and incident response consultant is largely about unanswered questions. When we engage with a client, they know something bad happened or is happening, but they are […]
