Did you got hacked?

Posted on by deadsec

When your system got compromise it will give you some signs, and this sign are called indication of compromise. This indicate if the system as been compromise either by direct action, malware or other action, there are some tool sets that aid the investigators, that tool set should help monitor:

  • Unusual traffic network traffic

  • Anomalies in privileged user account activity

  • Geographical irregularities in network traffic

  • Account login red flag

  • Increases in database red volume

  • HTML response size

  • Large number of request for the same file

  • Mismatched port-application traffic, including encrypted file traffic on plain ports

  • Suspicious registry or system file changes

  • Unusual DNS request

  • Unexpected patching of system

  • Mobile device profile changes

  • Bundles of data in the wrong place

  • Web traffic with nonhuman behavior

  • Signs of DDOS activity, even if temporary

Ioc have develop his own method of detecting this indicators of compromise, some have their own protocols and tools, some of this ioc tool sets are, openIOC and STIX.

sansioc1.png     openiocscan-ioc-scanner-for-memory-forensics-5-638

One thought on “Did you got hacked?

  1. Pingback: MAN IN THE MIDDLE ATTACK | deadsec |cyber security|hacknig

Comments are closed.

Published by deadsec