undefined | Better HN

0 pointsnotathing6y ago0 comments

The biggest fail here was that 32 bit program warning, which probably alerted the employee.

Notice that they didn't actually have an alert for Firefox+Shell, they detected that later by inspecting the audit logs.

0 comments

> We detected the attacker at this stage, based on a number of behaviors (e.g. Firefox shouldn’t spawn a shell).

They explicitly state it was one of the behaviors they detected as suspicious.

j / k navigate · click thread line to collapse

0 pointsnotathing6y ago0 comments

The biggest fail here was that 32 bit program warning, which probably alerted the employee.

Notice that they didn't actually have an alert for Firefox+Shell, they detected that later by inspecting the audit logs.

> We detected the attacker at this stage, based on a number of behaviors (e.g. Firefox shouldn’t spawn a shell).

They explicitly state it was one of the behaviors they detected as suspicious.

j / k navigate · click thread line to collapse