Detecting Tor communication

TorĀ (The Onion Router) is an internet communication network built on privacy and anonymity. Much of the attention that Tor receives comes from the malicious segment of users that leverage the Tor network to conduct attacks while concealing their location. This negative association and challenge in attribution have led most organizations to block traffic coming from … Read more

Blue Team Tactics: Honey Tokens Pt. I

If you are defending an enterprise network, you should be using some form of honey token or canary, which is just something you place in your environment that no one should access. If any interaction is detected, it is usually an indicator of unauthorized activity. Using pseudo domain accounts as honey tokens usually illuminate the risk bubble … Read more