RATs Race: Detecting remote access tools beyond pattern-based indicators

11 min readApr 26

--

This is a post to highlight the importance of rich telemetry and how it serves well for strengthening alert signals when coupling static pattern with behavioral & anomaly based indicators to detect RAT and RMM tools.

TL;DR: for practical detection engineering, skip to "Tracking Patterns".

Midjourney's take on a Cyber RATs Army

RATs?!

Alex Teixeira

Written by Alex Teixeira

I design and build threat detection models and triage/hunting interfaces for Enterprise #SecOps teams #DetectionEngineering http://opstune.com

More from Alex Teixeira

Alex Teixeira

The dotted lines between Threat Hunting and Detection Engineering

There's no way out, the practices of Detection Engineering and Threat Hunting are becoming utterly important within a Cyber Security…

5 min readFeb 25

--

Alex Teixeira

A Research-Driven process applied to Threat Detection Engineering Inputs

This article is an evolution of a previous one I wrote on Jira Workflows for Detection Engineering teams but more focused on the detection…

4 min readMar 5

--

Alex Teixeira

JIRA workflow for Detection Engineering teams

Threat Detection Engineering practice seems to be evolving. Not only because of easier log management methods and platforms, but because…

4 min readNov 22, 2019

--

Alex Teixeira

Threat Detection Bad Trips: Log Everything!

Alright, this is a public service for SIEM engineers. How many times you've heard that answer when someone asks 'What should be logged?'…

3 min readMar 14

--

See all from Alex Teixeira

Recommended from Medium

Richard de Vries
in
Tales from a Security Professional

Do you have an effective cyber hunting team?

In cybersecurity, everything is evolving rapidly. It is an ongoing battle between adversaries and defenders. And the terrible thing is, …

5 min readMar 12

--

Antivirus vs EDR vs XDR © 2022 leeshanok

Richard de Vries
in
Tales from a Security Professional

Is EDR with Sysmon enough? Or do you need XDR as well?

Although the difference is just one letter, the level of protection is a different story…

3 min readJan 29

--

Lists

Staff Picks

323 stories82 saves

Stories to Help You Level-Up at Work

19 stories51 saves

Self-Improvement 101

20 stories100 saves

Productivity 101

20 stories106 saves

David Matousek
in
Product Cybersecurity

3 Tips for Aligning Business Vision to Cybersecurity Strategy

Leaders want measurable data about cybersecurity’s progress toward creating value aligned to the business vision. They do not necessarily…

6 min readMar 13

--

Sarah Lean
in
Towards AWS

Guide to Security Incident Response Services

A security breach within your IT system can cause operation disruption. Data leaks. Reputational damage, and regulatory complications.

6 min readFeb 14

--

JC Gaillard
in
Security Transformation Leadership

The Key Ingredients of a Successful GRC Programme

It has to start with a degree of integration between threats, risks, controls and protective measures.

4 min readMar 25

--

CSI Linux © 2023 CSI Linux

Richard de Vries
in
Tales from a Security Professional

Judgment day: are you ready for it?

If you are a security professional, you know this day is coming. The day the security is breached. And you think you have all the relevant…

4 min readMar 26

--

See more recommendations

Help
Status
Writers
Blog
Careers
Privacy
Terms
About
Text to speech