[SANS ISC] Abusing Web Filters Misconfiguration for Reconnaissance

I published the following diary on isc.sans.edu: “Abusing Web Filters Misconfiguration for Reconnaissance“:

Yesterday, an interesting incident was detected while working at a customer SOC. They use a “next-generation” firewall that implements a web filter based on categories. This is common in many organizations today: Users’ web traffic is allowed/denied based on an URL categorization database (like “adult content”, “hacking”, “gambling”, …). How was it detected? [Read more]