Continuing my previous post, about ASN Enrichment (https://threathuntingtails.com/zeek-asn-enrichment/), today I will talk about Geolocation Enrichment...| #Threat Hunting Tails
Knock Knock is a Sherlock from HackTheBox that provides a PCAP for a ransomware incident. I’ll find where the attacker uses a password spray to compromise a publicly facing FTP server. In there, the attacker finds a configuration file for a port-knocking setup, and uses that to get access to an internal FTP server. On that server, they find lots of documents, including a reference to secrets on the company GitHub page. In that repo, the attacker found SSH creds, and used an SSH session to d...| 0xdf hacks stuff
