Tweet URL - https://twitter.com/TheDFIRReport/status/1505875651366113284 | Hacker Trends

The DFIR Report on Twitter: "APT35 Automates Initial Access Using ProxyShell ➡️Initial Access: #ProxyShell ➡️Discovery: net, ipconfig, PowerShell, quser, etc. ➡️PrivEsc: Scheduled Task ➡️Defense Evasion: Real-time Monitoring & WDigest enablement ➡️Credential Access: Comsvcs.dll https://t.co/cpwniE2Juc" / Twitter

https://twitter.com/TheDFIRReport/status/1505875651366113284

https://x.com/home/status/1505896785549705217

https://x.com/home/status/1505898839768711168

https://x.com/home/status/1505960413376258060