Pitch Black

February 23, 2024

image

Hey people, This is the part-29 of our series, How was your day? It’s weekend again! This series is finally ending, tomorrow is the last post. Let’s see what we have for today.

  • Administrative Network Activity Analysis It is the process of analyzing the behavior of admin accounts in their respective domains, most compromised accounts show many signs of malicious activity. These activities include adding unknown emails to the company’s organization, ripping data out of servers and modifying the entire infrastructure according to the attacker’s needs. This thing isn’t widely used as a special case, Everything about analysis can be integrated into the intrusion detection systems(IDS) so that we don’t have to keep on running a new service whenever there’s a threat of an attacker. 2. Byte Sequence Emulation Byte sequence is a security practice where the attacker can take the byte code which would be generated after a certain application or program has been executed. The emulation part is just checking for any mistakes or proof-cheking for malware. 3. DNS Traffic Analysis As we all are aware of the working nature of Domain Name System, the traffic is a serious part to monitor because It can show perfect synced logs, we can easily filter odd traffic out and conduct investigation on that specific IP addresses. These traffic often contains a huge set of bot presence, because obviously we don’t want anyone to know our real identity when we do something fishy. 4. File Carving File carving is a data restoration process where the data that has been corrupted or deleted gets restored using the file’s signatures and then trying to access the data. File carving a popular method because it doesn’t do anything with conventional forensic methods. 5. Certificate Analysis As we had discussed about certificates in past few articles, this is a generic analysis type to ensure better security and transparency among users and the host services. Certificate analysis includes checking for the legitimacy of a company’s cred and making sure that the company is well reputed. Certificates are easy to fake, all one needs a fake Gmail and then it’s done. These certificates are placed in other companies span it. That’s it for today, I’ll see you tomorrow!