The Latest in IT Security

Fileless attacks against enterprise networks

13
Feb
2017
Fileless attacks against enterprise networks

fileless_3n-1024x650

This threat was originally discovered by a bank’s security team, after detecting Meterpreter code inside the physical memory of a domain controller (DC). Kaspersky Lab’s product detection names for such kinds of threat are MEM:Trojan.Win32.Cometer and MEM:Trojan.Win32.Metasploit.

Kaspersky Lab participated in the forensic analysis after this attack was detected, discovering the use of PowerShell scripts within the Windows registry. Additionally it was discovered that the NETSH utility as used for tunnelling traffic from the victim’s host to the attacker´s C2.

Read More

Leave a reply


Categories

SUNDAY, APRIL 30, 2017

Featured

Archives

Latest Comments

Social Networks