Welcome to our weekly security detection and report update. Our Incident Detection Engineering (IDE) Team is constantly hard at work. Creating, testing, and writing detections for you! This week, we've made several important updates to improve your security posture and enhance the functionality of our detections. As you might know, monthly, we also release an overview of the entirety of what was changed in the product. However in these updates we'll focus on the net new content that IDE provides on an ongoing basis, musings from our team, and maybe the occasional horoscope if you're lucky.
Yet another example of the awesome Blumira community we have. We get detection requests from many of our customers, and love it when we can turn them into something that benefits everyone!
This update introduces:
Chisel is a free and open source network tunneling tool that can be used to establish tunnels for various protocols over HTTP.
Tunneling tools may be used by administrators for legitimate business uses like enabling remote access. These tools can also be used to bypass network security controls, obscure malicious activities, or exfiltrate sensitive data if used by threat actors who have gained unauthorized access to a system or network.
Below is an example of what Chisel commands typically look like:
chisel client 172.16.2.30:9312 socks .\chisel.exe client --fingerprint btbVntqWX6JOOx+Qe97DSZrVYmwNIvYfBfzoFGrIdmw= 172.16.2.30:9312 R:socks C:\Users\Public\conhost.exe client 192.168.0.10:443 R:192.168.0.10:43657:socks
To learn more about the network tunneling tool Chisel, see the following resources: