Tag: dns-tunneling

All the articles with the tag "dns-tunneling".

• TORA — Shift 6 in Review

  

  1 May, 2026

  A five-day shift dominated by phishing domain noise and high-severity C2 and tunneling activity against production infrastructure, with a recurring CMDB coverage gap blocking triage on five alerts sourced from a single unenriched IP.

• TORA Week in Review — Apr 13–17, 2026

  

  17 Apr, 2026

  A high-severity shift dominated by an active LockBit and Brute Ratel campaign spanning multiple internal hosts, with confirmed SSH-to-C2 compromise chains, a live DNS tunneling case, and a persistent unmanaged asset generating signals with no CMDB identity — this week revealed both active intrusions and structural gaps in asset inventory.