ESXi Ransomware Attacks: Stealthy Persistence through SSH Tunneling ESXi ransomware attacks target virtualized infrastructures using SSH tunneling to remain undetected. Discover the techniques, forensic insights, and actionable defense strategies to protect your ESXi ...

Reminder: Don't neglect ESXi logging!
SSH Tunneling is being used for persistence on ESXi servers.
www.sygnia.co/blog/esxi-ra...
I'll just put this here: detect.fyi/vmware-esxi-...

🎄 Twas the night before JonMon, and all through the net,
🔍 Defenders were stirring, their systems to vet.
🛠️ The telemetry was hung in EventViewer with care,
✨ In hopes that Jonny Johnson soon would be there.

📅 Friday, January 24th
⏰ 11 AM MST | 1 PM EST
📺

YouTube: youtube.com/watch?v=CqEhtg…

Readwise Reader read.readwise.io

@techy.detectionengineering.net Detection Engineering Weekly gems never fail to provide value!

VMware ESXi Logging & Detection Opportunities ESXi environments, with their lack of AV/EDR support, present a unique challenge to Detection Engineers. Not only are these environments…

TIL there is a LOLESXi project. lolesxi-project.github.io/LOLESXi/

Great post by @n-burns.bsky.social on ESXi logging! It includes a tool he made to make running adversarial tests against ESXi easier. It also includes some detections!
detect.fyi/vmware-esxi-...