Sean Scully

SOC | 7 min read

Stories from the SOC: Mystery of the postponed proxyware install

A PowerShell alert revealed an attack chain using a download cradle and in-memory execution to install proxyware on a compromised system.