In response to the Wekby APT article written by PaloAlto, located here [https://blog.paloaltonetworks.com/2016/05/unit42-new-wekby-attacks-use-dns-requests-as-command-and-control-mechanism/] , I wanted to write a short post on detecting potential C2 communication over DNS

This Splunk search will identify a potential network outbreak by displaying hosts who make a network connection to a given number of unique destination hosts. For example, a compromised host may be spreading

Updated: 3/23/22 What are the increased risks resulting from remote workers? Why is it increased for these workers? How does the threat landscape change once outside your network? These are some