AJ King
@ajking.io
Threat Research at SnapAttack now part of Splunk now part of Cisco / Detection Engineering / Dad | #DetectionEngineering #ThreatHunting #PurpleTeam | Header art from http://art.vx-underground.org.
Reminder: Don't neglect ESXi logging!
SSH Tunneling is being used for persistence on ESXi servers.
www.sygnia.co/blog/esxi-ra...
I'll just put this here: detect.fyi/vmware-esxi-...
SSH Tunneling is being used for persistence on ESXi servers.
www.sygnia.co/blog/esxi-ra...
I'll just put this here: detect.fyi/vmware-esxi-...
ESXi Ransomware Attacks: Stealthy Persistence through SSH Tunneling
ESXi ransomware attacks target virtualized infrastructures using SSH tunneling to remain undetected. Discover the techniques, forensic insights, and actionable defense strategies to protect your ESXi ...
www.sygnia.co
January 27, 2025 at 5:38 PM
Reminder: Don't neglect ESXi logging!
SSH Tunneling is being used for persistence on ESXi servers.
www.sygnia.co/blog/esxi-ra...
I'll just put this here: detect.fyi/vmware-esxi-...
SSH Tunneling is being used for persistence on ESXi servers.
www.sygnia.co/blog/esxi-ra...
I'll just put this here: detect.fyi/vmware-esxi-...
Reposted by AJ King
🎄 Twas the night before JonMon, and all through the net,
🔍 Defenders were stirring, their systems to vet.
🛠️ The telemetry was hung in EventViewer with care,
✨ In hopes that Jonny Johnson soon would be there.
📅 Friday, January 24th
⏰ 11 AM MST | 1 PM EST
📺
YouTube: youtube.com/watch?v=CqEhtg…
🔍 Defenders were stirring, their systems to vet.
🛠️ The telemetry was hung in EventViewer with care,
✨ In hopes that Jonny Johnson soon would be there.
📅 Friday, January 24th
⏰ 11 AM MST | 1 PM EST
📺
YouTube: youtube.com/watch?v=CqEhtg…
https://youtube.com/watch?v=CqEhtg…
January 24, 2025 at 3:02 AM
🎄 Twas the night before JonMon, and all through the net,
🔍 Defenders were stirring, their systems to vet.
🛠️ The telemetry was hung in EventViewer with care,
✨ In hopes that Jonny Johnson soon would be there.
📅 Friday, January 24th
⏰ 11 AM MST | 1 PM EST
📺
YouTube: youtube.com/watch?v=CqEhtg…
🔍 Defenders were stirring, their systems to vet.
🛠️ The telemetry was hung in EventViewer with care,
✨ In hopes that Jonny Johnson soon would be there.
📅 Friday, January 24th
⏰ 11 AM MST | 1 PM EST
📺
YouTube: youtube.com/watch?v=CqEhtg…
TIL there is a LOLESXi project. lolesxi-project.github.io/LOLESXi/
Great post by @n-burns.bsky.social on ESXi logging! It includes a tool he made to make running adversarial tests against ESXi easier. It also includes some detections!
detect.fyi/vmware-esxi-...
Great post by @n-burns.bsky.social on ESXi logging! It includes a tool he made to make running adversarial tests against ESXi easier. It also includes some detections!
detect.fyi/vmware-esxi-...
VMware ESXi Logging & Detection Opportunities
ESXi environments, with their lack of AV/EDR support, present a unique challenge to Detection Engineers. Not only are these environments…
detect.fyi
January 23, 2025 at 5:50 PM
TIL there is a LOLESXi project. lolesxi-project.github.io/LOLESXi/
Great post by @n-burns.bsky.social on ESXi logging! It includes a tool he made to make running adversarial tests against ESXi easier. It also includes some detections!
detect.fyi/vmware-esxi-...
Great post by @n-burns.bsky.social on ESXi logging! It includes a tool he made to make running adversarial tests against ESXi easier. It also includes some detections!
detect.fyi/vmware-esxi-...