B
Bob Riddle
I'm working on a potentially compromised Win10 machine on whIch suspected malware may be trying to exfilitrate data. ProcMon logs seem to suggest attempts to use one or more of multiple channels (BITS or straight FTP jobs, referencing a Wininet.DLL instance out of Temp, SysApps or user AppData, odd scheduled Tasks, finding Services whose paths do not show in the Services applet, etc.)The machine is - and has long been - isolated from the network. But I need to connect it briefly to determine any attempted target endpoint addresses / URLs while blocking the actual connections at the edge fi
Continue reading...
Continue reading...