Hosts making DNS queries to malicious site. How to dig deeper and find source?

This page summarizes the projects mentioned and recommended in the original post on /r/AskNetsec

Our great sponsors
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
  • SaaSHub - Software Alternatives and Reviews
  • sysmon-config

    Sysmon configuration file template with default high-quality event tracing

    I'd install sysmon if it is not already present on the infected machines, with Swift's config or Olaf's config file.

  • sysmon-modular

    A repository of sysmon configuration modules

    I'd install sysmon if it is not already present on the infected machines, with Swift's config or Olaf's config file.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts