Infrastructure Diversity – Hunting In Shared Infrastructure

As an attacker, it is all too easy to settle down into a rhythm. That rhythm of operations, the specific techniques and automation involved with conducting offensive work, boiled down to foundational tradecraft decisions that are often reused between campaigns. Why reuse of tradecraft between campaigns? Well, it enables scalable and efficient operations; unfortunately, it also creates a digital fingerprint. We have seen the results of this at a national level with the deep revelations of the operations of advanced threat actors. Recently, I have shifted jobs into a Security Engineer role where I get to work with customers and with “BIG” (notice the caps) data to do network forensics and threat detection. Being on the defender’s side of the breach has definitely helped to refine certain aspects of my tradecraft. Don’t worry… I will still be blogging about red team stuff :).
Continue reading