I have recently been posting a number of blogs regarding the usage of the RSA NeWitness Platform to detect attackers within your environment. As the list of the blogs grow, it is becoming increasingly difficult to navigate through them easily. In order to combat this, this blog post will contain references to all other blog posts in the Profiling Attackers Series, and will be updated when new posts are made.
|Command and Control|
|Using RSA NetWitness to Detect Command and Control: PoshC2|
|Detecting Command and Control in RSA NetWitness: PowerShell Empire|
|Detecting Command and Control in RSA NetWitness: Koadic|
|Detecting Lateral Movement in RSA NetWitness: WMI|
|Detecting Lateral Movement in RSA NetWitness: Winexe|
|Detecting Lateral Movement in RSA NetWitness: Smbexec|
|Web Shells and RSA NetWitness|
|Web Shells and NetWitness Part 2|
|Web Shells and RSA NetWitness Part 3|
Special thanks to Rui Ataide for his support and guidance for these posts.