[SANS ISC] Abusing Web Filters Misconfiguration for Reconnaissance

MalBot · November 22, 2019, 11:45am

I published the following diary on isc.sans.edu: “Abusing Web Filters Misconfiguration for Reconnaissance“:

Yesterday, an interesting incident was detected while working at a customer SOC. They use a “next-generation” firewall that implements a web filter based on categories. This is common in many organizations today: Users’ web traffic is allowed/denied based on an URL categorization database (like “adult content”, “hacking”, “gambling”, …). How was it detected? [Read more]

[The post [SANS ISC] Abusing Web Filters Misconfiguration for Reconnaissance has been first published on /dev/random]

Article Link: https://blog.rootshell.be/2019/11/22/sans-isc-abusing-web-filters-misconfiguration-for-reconnaissance/