Browsed by
Tag: threat hunting

Mysterious outbound UDP traffic on port 8888… Help!

Mysterious outbound UDP traffic on port 8888… Help!

What is this traffic on port 8888? Or a device is infected and trying to communicate over port 8888 to IP addresses all over the world?!?! I’ve seen forum posts with similar titles a handful of times now and the final result is often someone discovering the Private Internet Access (PIA) client on a device or computer. I get a chuckle every time I see it because I was once in their shoes so I figured I would make a…

Read More Read More

Shadow Brokers Dump And Best Practices

Shadow Brokers Dump And Best Practices

Well that’s a weird title, right? Now that the dust has settled to some degree, let’s look at a not-so-obvious takeaway from the latest security news that simultaneously set everyone’s hair on fire? The latest Shadow Brokers dump is bad on so many different levels. Let’s not concentrate on the potential levels of government and private industry collusion our guts told us existed, but we weren’t sure of. Even now, Microsoft is claiming the vulnerabilities were fixed as part of a…

Read More Read More

Uncovering Indicators of Compromise

Uncovering Indicators of Compromise

Last updated: 16 October 2016 This is the new version of a paper and script I originally wrote as part of my SANS gold paper for the GCCC certification. The paper re-write was primarily in preparation for my presentation of the topic at the 2016 Nagios World Conference… Unfortunately, the conference was canceled. <sigh> Nonetheless, the paper now covers version 6 of the Critical Security Controls instead of 5.1. The original paper in PDF format can still be retrieved from the SANS…

Read More Read More