Possibly checks for the presence of an Antivirus engineĪdversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol.Īdversaries may communicate using application layer protocols associated with web traffic to avoid detection/network filtering by blending in with existing traffic.įound malicious artifacts related to the input domain "" (IP: 199.91.155.132). Reads the registry for installed applicationsĪdversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |