Michael Koczwara on Twitter: "Hunting Sliver C2 infra 🎯 Threat Actors when deploying Sliver C2 sometimes change default ports from 31337 to other ones for example 3000, 3306, 8089, and so on so scanning only 31337 is not always enough. Censys filter below is checking Sliver default certificates also in… https://t.co/kDVfGGpTv4" / Twitter
https://twitter.com/i/web/status/1645002394734845956