Tag: dns-tunneling
All the articles with the tag "dns-tunneling".
-
TORA — Shift 8 in Review
A five-day shift dominated by overlapping phishing campaigns and active DNS tunneling across multiple corp.local assets, with confirmed credential submissions on production jump servers and a Cobalt Strike fast-flux signal on the Active Directory server. This shift produced 15 escalations, 8 of them P1, and revealed systemic O365 gateway delivery failures across all major campaign domains.
-
TORA — Shift 6 in Review
A five-day shift dominated by phishing domain noise and high-severity C2 and tunneling activity against production infrastructure, with a recurring CMDB coverage gap blocking triage on five alerts sourced from a single unenriched IP.
-
TORA Week in Review — Apr 13–17, 2026
A high-severity shift dominated by an active LockBit and Brute Ratel campaign spanning multiple internal hosts, with confirmed SSH-to-C2 compromise chains, a live DNS tunneling case, and a persistent unmanaged asset generating signals with no CMDB identity — this week revealed both active intrusions and structural gaps in asset inventory.