Alexander Giles is an incident response analyst in Sophos Rapid Response. Alexander has been working in IT & cybersecurity since 2008 and writing about cybersecurity, ethical hacking, DFIR and OSINT since 2020.
Ngrok is a legitimate remote-access tool. It is regularly abused by attackers, who use its capabilities and reputation to maneuver while bypassing network protections. This incident guide shows Security Operations Centers (SOCs) and response teams how to detect and respond to the suspicious presence or use of ngrok on the network.
Squirrelwaffle is a malicious dropper or loader used to deliver other malware onto target systems. This guide shows Security Operations Centers (SOCs) and Incident Response Teams how to detect and respond to the presence of Squirrelwaffle on the network