IP 10.xx.xx.xx Configure Domain/Hosts dc.rustykey.htb rustykey.htb And Kerberos Config GNU nano 8.4 /etc/krb5.conf k[libdefaults] default_realm = RUSTYKEY.HTB dns_
In this write-up, we will explore how to effectively hunt for ransomware from a network perspective, focusing on identifying Indicators of Compromise (IoCs) related to LockBit ransomware. The scenario in
:::info Search Kali's Tools on their tool search engine: https://www.kali.org/tools/ ::: :::tip Run port 443 since it's never blocked on firewalls. :::
Target given: [LAB_IP] Nmap on target: sudo nmap -sC -sV -v -p- [LAB_IP] (-sC Common scripts; -sV service Versions; -v verbose (start seeing data to research results sooner)
Target is: (Given) Recon nmap [TARGET_IP] --top-ports 4000 -T5 --open -oN openPorts.txt PORT STATE SERVICE 22/tcp open ssh 80/tcp open http nmap -sC -sV [TARGET_IP]
Given IP [LAB_IP] rustscan [LAB_IP] 21/tcp open ftp syn-ack 22/tcp open ssh syn-ack 80/tcp open http syn-ack sudo nmap -p21,22,80 -sC -sV -oN
