THREATOPS
THREAT OPSThreat News › Finding SOCKS with Proxywatch

Finding SOCKS with Proxywatch

medspecteropsPublished 2026-07-09

<p class="wp-block-paragraph"><em><strong>TL;DR: </strong>Adversaries use SOCKS proxy tunnels to pivot within environments and to execute code against compromised systems without bringing tools to the system. Defenders often lack reliable guidance to detect proxying behavior, falling back to preset rules based on static indicators or process-port baselines. This blog post highlights <a href="https

Attributed threat actors

MITRE ATT&CK techniques

Indicators of compromise

Original source: https://specterops.io/blog/2026/07/09/finding-socks-with-proxywatch/