A couple of days ago I was investigating an attack that a reader submitted to me that was related to the recent nine ball attacks as reported by WebSense. (Part 1 | Part 2)
The attackers use the same techniques to exploit victims but this time have moved to new domains and updated their payloads. There [...]
|
|||||
|
In a previous post I discussed using the technique of watching for the transfer of executable files around the network as a method of intrusion detection. This is a great way of discovering machines that were attacked where IDS failed to detect the exploit(s) due to obfuscation. |
|||||
|
Copyright © 2010 Andrew Martin - All Rights Reserved |
|||||