mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-12 06:04:56 +03:00
mukul975
2.4 KiB
2.4 KiB
Infrastructure Tracking Workflows
Workflow 1: IP-Centric Pivoting
[Known C2 IP] --> [Shodan/Censys] --> [Service Fingerprints]
| |
v v
[Passive DNS] --> [Associated Domains] --> [WHOIS Analysis] --> [Registrant Pivot]
| |
v v
[SSL Certs] --> [Subject Alt Names] --> [New Domains] --> [Additional IPs]
Workflow 2: Domain-Centric Pivoting
[Known C2 Domain] --> [DNS History] --> [Historical IPs] --> [Co-hosted Domains]
| |
v v
[CT Logs] --> [Subdomains] --> [Infrastructure Map] --> [Shared Hosting Analysis]
|
v
[WHOIS] --> [Registrant/Email] --> [Other Registered Domains]
Workflow 3: C2 Framework Hunting
[C2 Signature] --> [Shodan Search] --> [Candidate Servers] --> [Validation]
|
v
[JARM Fingerprint]
|
v
[Confirm C2 Type]
|
v
[Track Over Time]
Workflow 4: Continuous Monitoring
[Watchlist IPs/Domains] --> [Scheduled Scans] --> [Change Detection] --> [Alerts]
|
+--------+--------+
| | |
v v v
[New Port] [DNS Change] [New Cert]
| | |
v v v
[Investigate] [Update TI] [Share]