Methodology,  Red Team

Use Searching Engines to Hunt For Threat Actors

Background

Motivation

Searching Engine Stuff

Case Analysis

From ToDesk config file, I found this hacker’s phone number, and I found his social media account, should I add him and say hello? : D

(Please stop trying “?chopper=whoami”, the payload is not this one, and you cannot see the output.)

Summary

References

https://bank-security.medium.com/hunting-cobalt-strike-servers-385c5bedda7b
https://michaelkoczwara.medium.com/adversaries-infrastructure-ransomware-groups-apts-and-red-teams-7a6dd761c50e
https://michaelkoczwara.medium.com/hunting-c2-with-shodan-223ca250d06f
https://twitter.com/1ZRR4H/status/1631466978132074498
https://quake.360.net/
https://twitter.com/MichalKoczwara

Leave a Reply