Discover and read the best of Twitter Threads about #xp_cmdshell

Most recents (2)

#Campaign in tweets - @Guardicore Labs in a new tradition; we find the attacks, you get to know them and learn the attackers' tricks and techniques. This time, let's get familiarized with "Lemon_Duck", a #cryptomining campaign involving a sophisticated #propagation tool. 🍋🦆
Before we start: all scripts, binaries and IOCs are available on our github repository. In addition, malicious IPs, attack servers and domains appear on @Guadicore Cyber Threat Intelligence portal. You're welcome to take a look :)
threatintelligence.guardicore.com/?utm_medium=or…
github.com/guardicore/lab…
Lemon_Duck starts by breaching machines over the #MSSQL service or the #SMB protocol. We'll focus on the MS-SQL flow. Once inside the machine, the attacker enables #xp_cmdshell to run shell commands. It will take only a single command line to trigger the rest of the attack.
Read 12 tweets
Today at #S4x19, @electricfork and I debated different sides of "if OT tools and talent are needed to detect attacks on ICS." Some thoughts on ICS attacks and #TRITON in a tweep thread.
For the debate, I'm not convinced either way because there are few *public* intrusion data sets for either side of the argument. I think peeps are over it now, maybe no point to sharing this, but to get the convo started let's dump/share some rando #TRITON #TRISIS TTPs.
.@FireEye blogged/presented about #TRITON and some of the incident response activities in depth by @voteblake and friends in late 2017, fireeye.com/blog/threat-re… and
Read 25 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!