Attack Tool(s): Sliver, Havok, Mythic
Detection Link(s):
- Network Threat Hunting
- Firewall Log Analysis
- Security Information and Event Management (SIEM) Log Analysis
Helpful Blogs (BHIS):
- “Bypassing Cylance Part 2: Using dnscat2” – https://www.blackhillsinfosec.com/bypassing-cylance-part-2-using-dnscat2 – DNS C2 context.
