Tag: VMware Carbon Black

Investigating Suspicious Rsync Shell Activity with Uncoder AI and Carbon Black Query Language
Investigating Suspicious Rsync Shell Activity with Uncoder AI and Carbon Black Query Language

Monitoring remote file transfer utilities like rsync is essential in detecting stealthy lateral movement or data exfiltration across Unix-based environments. But not all rsync usage is equal. In some cases, it can silently launch shell processes under the hood—making threat detection harder for defenders. That’s where Uncoder AI’s Full Summary becomes invaluable. When used alongside […]

Read More
Detecting Covert curl Usage with Uncoder AI’s Decision Tree in Carbon Black
Detecting Covert curl Usage with Uncoder AI’s Decision Tree in Carbon Black

When attackers repurpose legitimate binaries like curl.exe to tunnel through SOCKS proxies and access .onion domains, it poses a major visibility gap for defenders. These behaviors can signal C2 activity, data staging, or use of a backdoor like Kalambur. VMware Carbon Black allows you to detect these patterns with detailed command-line monitoring, but parsing the […]

Read More