Process of collect and analysis of the artefacts We will test them with default configuration. In this article, we're going to focus on five free and easily accessible tools that can be found in many windows platforms : WinSCP, FreeFileSync, GoodSync, Megatools and Rclone. We will explore the most usefull artifacts in order to automate the search for potentially exfiltrated files. The aim of this article is to identify files that may have been exfiltrated by threat actors using certain synchronization and data transfer tools that may be present on a system. As a result, attackers no longer need to use their own tools for certain tasks, and can simply reuse those already present on the machine.Īs mentioned earlier, the use of administration tools was covered extensively 2. It's becoming increasingly common on our engagements to find different administration tools installed on the same machine. These development include the regular use of legitimate administration tools 1 in their campaigns. Threat actors have moved from a model where they encrypt data to one where they also exfiltrate it to increase ransom payment success. The threat landscape is in constant evolution.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |