Welcome to our

Cyber Security News Aggregator

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

First slide label

Some representative placeholder content for the first slide.

Second slide label

Some representative placeholder content for the second slide.

Third slide label

Some representative placeholder content for the third slide.

APIs Used by Bots to Detect Public IP address, (Mon, Feb 6th)

published on 2023-02-06 16:22:38 UTC by
Content:

Many of the bots I am observing attempt to detect the infected system's public ("WAN") IP address. Most of these systems are assumed to be behind NAT. To detect the external IP address, these bots use various public APIs. It may be helpful to detect these requests. Many use unique host names. This will make detecting the request in DNS logs easy even if TLS is not intercepted.

Article: APIs Used by Bots to Detect Public IP address, (Mon, Feb 6th) - published almost 2 years ago.

https://isc.sans.edu/diary/rss/29516
Published: 2023 02 06 16:22:38
Received: 2023 02 06 17:34:19
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities
Views: 0