In this article I’ll delve into HTML smuggling detection, following the detection engineering process I’ve described over my last two posts. This process includes research, testing, and development of new detection concepts. Unlike my previous posts however, this time we’ll be observing, profiling, and detecting real QakBot malware in the lab. With this piece I hope to show how current and aspiring detection engineers can go beyond simulated, CTF-style challenges to study and detect real-world attacker techniques, flagging them for our SOC, and allowing our incident response colleagues to neutralize the threat. HTML Smuggling Detection
so.cl
Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer