Oct. 30, 2023, 1:03 p.m. | /u/TheDFIRReport

For [Blue|Purple] Teams in Cyber Defence www.reddit.com

This intrusion began with an email delivered with a zip file containing a malicious Javascript file. Following email delivery, a user extracted and executed the Javascript file. The JavaScript code pulled down an obfuscated PowerShell script that was run in memory. The PowerShell script was responsible for deploying NetSupport onto the system along with ensuring the script was not running in a sandbox and establishing persistence using registry run keys.


https://thedfirreport.com/2023/10/30/netsupport-intrusion-results-in-domain-compromise/

blueteamsec code compromise delivery domain down email file intrusion javascript malicious memory netsupport obfuscated powershell powershell script pulled responsible results run script system zip

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

Cyber Security Strategy Consultant

@ Capco | New York City

Cyber Security Senior Consultant

@ Capco | Chicago, IL

Sr. Product Manager

@ MixMode | Remote, US

Security Compliance Strategist

@ Grab | Petaling Jaya, Malaysia

Cloud Security Architect, Lead

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)