- PowerShell payload used DNS over HTTPS to request TXT record of a doppelganger domain which looked like a DKIM signature which after decoding actually contained C2 IPs https://blog.huntresslabs.com/hiding-in-plain-sight-part-2-dfec817c036f 40 comments netsec
Linked pages
Related searches:
Search whole site: site:blog.huntresslabs.com
Search title: Hiding in Plain Sight || Part 2. We recently uncovered a really peculiar… | by John Hammond | Huntress
See how to search.