Random Topics

APT(Advanced Persistent Threats)

A: Targeted, Coordinated, Purposeful P: Month after Month, Year after Year T: Person(s) with Intent, Opportunity, and Capability

IOCs(Indicators of compromise)

These are forensic artifacts of an intrusion that can be identified on a host or network. Type of IOCs

• Atomic

• Computed

• Behavioral

Some key of IOCs to monitor:

• Unusual outbound Network Traffic

• Anomalies in Privileged user account activity

• Geographical Irregularities

• Other Log-in red flags

• Swells in Database read volume

• HTML response size

• Large numbers of requests for the same file

• Mismatched Port-application traffic

• Suspicious registry or system file changes

• DNS request anomalies