tag:blogger.com,1999:blog-6244942915864113008.post3905365375728376940..comments2021-05-24T11:10:43.473-07:00Comments on DFIR and Threat Hunting: C2 HuntingUnknownnoreply@blogger.comBlogger6125tag:blogger.com,1999:blog-6244942915864113008.post-82495560375266513652019-08-23T23:42:25.595-07:002019-08-23T23:42:25.595-07:00Hi,
I have bluecoat proxy logs, how can I find mal...Hi,<br />I have bluecoat proxy logs, how can I find malicious traffic/backdoor cnc communication also which tool can I use for the analysis. Suggestions plz<br />Actually need to hunt for threat. <br />Thanks in advance <br />Vasu_hungerofknowledgehttps://www.blogger.com/profile/02089093360769169642noreply@blogger.comtag:blogger.com,1999:blog-6244942915864113008.post-31563556929130579572018-05-27T10:58:55.903-07:002018-05-27T10:58:55.903-07:00Thanks James - Good writeupThanks James - Good writeupAnonymoushttps://www.blogger.com/profile/11476047131976652555noreply@blogger.comtag:blogger.com,1999:blog-6244942915864113008.post-61513993664401814842018-05-15T21:37:27.580-07:002018-05-15T21:37:27.580-07:00So good shareSo good shareJameshttp://onlinemanuals.txdot.gov/help/urlstatusgo.html?url=https://thegunzone.com/best-concealed-carry-handguns/noreply@blogger.comtag:blogger.com,1999:blog-6244942915864113008.post-74956541467299113952018-05-08T07:13:24.586-07:002018-05-08T07:13:24.586-07:00Is the last image, uri_length.png, the correct one...Is the last image, uri_length.png, the correct one? It doesn't do what the text describes and looks like a earlier version of ulength.pngAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-6244942915864113008.post-86537244180085985982018-04-24T06:18:16.686-07:002018-04-24T06:18:16.686-07:00Another great insightful post. Thanks, JackcrAnother great insightful post. Thanks, JackcrAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-6244942915864113008.post-11627862077280365102018-03-29T11:50:19.439-07:002018-03-29T11:50:19.439-07:00"This can obviously happen in many different ..."This can obviously happen in many different ways."<br /><br />From a host-based perspective, this trips up many hunters and responders alike. Yes, there are different ways, but start by finding and following the evidence. H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.com