IoC Scanners – After Crypto

IoC (indicators of compromise) are essentially breadcrumbs that are left behind from an attempted or successful attack on a system.

SPARK Core – Free IOC and YARA Scanning – Nextron Systems (nextron-systems.com)

Watch out for False Positives

Example is “r.exe” which matches a commonly used pattern with intrusions of a single character file name with an exe extension.However R.exe is also a legitimate application with MSSQL when the “R Analysis” role is installed.

GD Star Rating
loading...
GD Star Rating
loading...

Trackback from your site.