all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Get malware c2s from Cryptneturlcache

Add to bookmarks
March 5, 2024, 12:18 p.m. | /u/konrads

For [Blue|Purple] Teams in Cyber Defence www.reddit.com

CryptnetUrlCache is a directory which contains cached certificate validation data - OCSP and CRLs for WinInet and WinHTTP library calls (most Windows native programs do it)
We can use the certificate serial number in OCSP requests and responses to retrieve the actual certificates from Certificate Transparency log database such as crt.sh. Subject Name and Subject Alternative Name will tell us what are the possible hostname values
This is useful when you want to examine where programs may have connected to …

blueteamsec can certificate certificates certificate transparency crt data database directory library log malware name ocsp requests transparency validation windows

Visit resource

More from www.reddit.com / For [Blue|Purple] Teams in Cyber Defence

Hackers use developing countries as testing ground for new ransomware attacks 4 hours ago | www.reddit.com
attacks blueteamsec countries developing countries +4
Examining the Deception infrastructure in place behind code.microsoft.com 20 hours ago | www.reddit.com
blueteamsec code com deception +2
The cyber threat to research laboratories - Canadian Centre for Cyber Security 1 day, 6 hours ago | www.reddit.com
blueteamsec canadian canadian centre for cyber security cyber +6
hunt_arcanedoor_ips.csv: Full IP list to check against your ASA/Flow logs for the ArcaneDoor Cisco ASA … 1 day, 18 hours ago | www.reddit.com
arcanedoor asa blueteamsec check +8
CVE-2024-21111 - Local Privilege Escalation in Oracle VirtualBox 1 day, 19 hours ago | www.reddit.com
blueteamsec cve cve-2024 escalation +7
How I hacked into Google’s internal corporate assets [tl;dr: dependency confusion] 1 day, 23 hours ago | www.reddit.com
assets blueteamsec corporate dependency +4
here's my blog on Phishing Email Investigation: A Step-by-Step Analysis 2 days, 3 hours ago | www.reddit.com
analysis blog blueteamsec email +2
(The) Postman Carries Lots of Secrets - "We estimate over 4,000 live credentials are currently … 2 days, 7 hours ago | www.reddit.com
blueteamsec cloud credentials live +4
Botconf 2024 videos 2 days, 7 hours ago | www.reddit.com
blueteamsec botconf videos

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Security Officer Hospital Laguna Beach

@ Allied Universal | Laguna Beach, CA, United States
View on infosec-jobs.com

Sr. Cloud DevSecOps Engineer

@ Oracle | NOIDA, UTTAR PRADESH, India
View on infosec-jobs.com

Cloud Operations Security Engineer

@ Elekta | Crawley - Cornerstone
View on infosec-jobs.com

Cybersecurity – Senior Information System Security Manager (ISSM)

@ Boeing | USA - Seal Beach, CA
View on infosec-jobs.com

Engineering -- Tech Risk -- Security Architecture -- VP -- Dallas

@ Goldman Sachs | Dallas, Texas, United States
View on infosec-jobs.com
View more jobs