Sherlocks
Found 2 related articles
Back to Tags- 2025-01-30
UFO-1 - Sandworm Team (APT44) MITRE ATT&CK TTP Analysis
Research writeup focusing on the Sandworm Team (APT44), a highly aggressive Russian APT group, using the MITRE ATT&CK framework. Analysis covers their TTPs, critical infrastructure attacks (e.g., 2016 Ukraine power grid, 2022 SCADA attacks), key malware (e.g., Industroyer2, NotPetya, Exaramel), persistence methods, and specific tools used for code execution and data destruction.
- 2025-01-26
Noxious - LLMNR Poisoning and NTLMv2 Hash Cracking
Network forensics writeup detailing the analysis of an LLMNR poisoning attack. The process covers identifying the rogue device via LLMNR and DHCP traffic, locating the victim's credential leak (NTLMv2 hash) within SMB Session Setup packets, extracting NTLM Challenge/Response components, and performing hash cracking with Hashcat to recover the plaintext password, providing full context on the credential theft incident.