Stories from the SOC is a blog series that describes recent real-world security incident investigations conducted and reported by the AT&T SOC analyst team for AT&T Managed Threat Detection and Response customers.
Executive summary
Our Managed Threat Detection and Response team responded to an Alarm indicating that suspicious reconnaissance activity was occurring internally from one of our customer's scanners. This activity was shortly followed by escalating activity involving brute force activity, remote code execution attempts, and exfiltration channel probing attempts all exploiting vulnerable DNS services on the domain controllers. The analyst was able to alert the customer to the activity before any successful exfiltration activity had taken place and the customer was able to confirm that it was a planned red team exercise.
Investigation
Initial alarm review
The initial alarm came from an Event in Microsoft® Advanced Threat Analytics that detected possible…
 |
Posted by: Sumner Meckel |
The post Stories from the SOC – DNS recon + exfiltration appeared first on Cybersecurity Insiders.
March 13, 2021 at 10:00PM
0 comments:
Post a Comment