Random Topics

APT(Advanced Persistent Threats)

A: Targeted, Coordinated, Purposeful P: Month after Month, Year after Year T: Person(s) with Intent, Opportunity, and Capability

IOCs(Indicators of compromise)

These are forensic artifacts of an intrusion that can be identified on a host or network. Type of IOCs

  • Atomic

  • Computed

  • Behavioral

Some key of IOCs to monitor:

  • Unusual outbound Network Traffic

  • Anomalies in Privileged user account activity

  • Geographical Irregularities

  • Other Log-in red flags

  • Swells in Database read volume

  • HTML response size

  • Large numbers of requests for the same file

  • Mismatched Port-application traffic

  • Suspicious registry or system file changes

  • DNS request anomalies

PreviousEDRNextIncident Response

Last updated