by cws on 8/25/16, 8:47 PM with 2 comments
by cws on 8/25/16, 9:13 PM
This approach will likely be most useful for large enterprises that get attacked, since they're more likely to have a buffered packet capture of network traffic. This is still incredibly powerful given that most ransomware-prevention mechanisms are completely useless once the ransomware is already in your system.
by tsupasat on 8/25/16, 9:28 PM
I was pretty impressed that the blog post author thought of this. Pretty classic Eureka moment! I wonder if there's a way for regular people to do this with something like Packetbeat and tcpdump?