NetSupport Intrusion Results in Domain Compromise | allinfosecnews.com

Oct. 30, 2023, 1:03 p.m. | /u/TheDFIRReport

For [Blue|Purple] Teams in Cyber Defence www.reddit.com

This intrusion began with an email delivered with a zip file containing a malicious Javascript file. Following email delivery, a user extracted and executed the Javascript file. The JavaScript code pulled down an obfuscated PowerShell script that was run in memory. The PowerShell script was responsible for deploying NetSupport onto the system along with ensuring the script was not running in a sandbox and establishing persistence using registry run keys.

https://thedfirreport.com/2023/10/30/netsupport-intrusion-results-in-domain-compromise/

blueteamsec code compromise delivery domain down email file intrusion javascript malicious memory netsupport obfuscated powershell powershell script pulled responsible results run script system zip

More from www.reddit.com / For [Blue|Purple] Teams in Cyber Defence

How to Block Residential Proxies using Okta 1 day, 12 hours ago | www.reddit.com

block blueteamsec okta proxies

2024 Cyber Insurance Claims Report 2 days, 2 hours ago | www.reddit.com

blueteamsec claims cyber cyber insurance +2

Just-in-Time admin and production access using Azure PIM 2 days, 17 hours ago | www.reddit.com

access admin azure blueteamsec +3

Hackers use developing countries as testing ground for new ransomware attacks 2 days, 22 hours ago | www.reddit.com

attacks blueteamsec countries developing countries +4

OSHIT: Seven Deadly Sins of Bad Open Source Research - bellingcat 2 days, 22 hours ago | www.reddit.com

bad bellingcat blueteamsec open source +1

Examining the Deception infrastructure in place behind code.microsoft.com 3 days, 13 hours ago | www.reddit.com

blueteamsec code com deception +2

The cyber threat to research laboratories - Canadian Centre for Cyber Security 3 days, 23 hours ago | www.reddit.com

blueteamsec canadian canadian centre for cyber security cyber +6

hunt_arcanedoor_ips.csv: Full IP list to check against your ASA/Flow logs for the ArcaneDoor Cisco ASA … 4 days, 11 hours ago | www.reddit.com

arcanedoor asa blueteamsec check +8

CVE-2024-21111 - Local Privilege Escalation in Oracle VirtualBox 4 days, 13 hours ago | www.reddit.com

blueteamsec cve cve-2024 escalation +7

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Cloud Security Engineer

@ Gainwell Technologies | Any city, OR, US, 99999

View on infosec-jobs.com

Federal Workday Security Lead

@ Accenture Federal Services | Arlington, VA

View on infosec-jobs.com

Workplace Consultant

@ Solvinity | Den Bosch, Noord-Brabant, Nederland

View on infosec-jobs.com

SrMgr-Global Information Security - Security Risk Management

@ Marriott International | Bethesda, MD, United States

View on infosec-jobs.com

Sr. Security Engineer - Data Loss Prevention

@ Verisk | Jersey City, NJ, United States

View on infosec-jobs.com