![]() ![]() ![]() Here we propose to leverage memory forensics to retrieve and analyze artefacts thanks to a custom Volatility plugin that I made available as a free open-source tool for improving digital investigations.Ī striking example came out the last year upon leaked manuals of Conti’s ransomware-as-a-service operators dedicated to its affiliates with pentesting skills 3. Defending against malicious actions with such remote software can be even more intricate for organizations having approved its legitimate usage. The latter has been often encountered in the wild in the past years as a preferred tool leveraged by known threat actors.Īs such, Anydesk should be closely monitored as threat actors could easily alter or delete data after a successful attack sometimes it is not possible to restore those altered logs. When performing incident response, the adversary often uses legitimate remote access software as an interactive command and control channel.ĪnyDesk 1 is one of those software being extensively used as a sublayer of persistence by threat actors or access other servers in the environment via RDP 2.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |