|
|
|
|
|
|
by PeterisP
2161 days ago
|
|
|
"Once you observe the malware and know how it reaches the C&C server" presumes a single malware and a single mechanism for reaching the C&C server, which is unrealistic. We're not speaking about some piece of automated malware spreading on its own, which you could reverse engineer and see what it does and does not, we're talking about skilled people working for weeks to compromise your network. You should expect multiple different types of persistence, backdoors in publicly reachable systems and leaked privileged credentials. |
|
|