Skip to main content
Version: 1.1.x

BANDIT_CONTACT

Summary#

Nzyme detected a bandit contact. A configured bandit was detected, based on it's configured identifiers.

Nzyme ships with pre-configured bandit definitions that will make it detect known attack platforms like, for example a WiFi Pineapple or popular deauther boards. Users of nzyme can also define their own bandit definitions by configuring identifiers that detect a bandit based on attributes like advertised SSIDs, fingerprint or signal strength.

You could use a custom bandit definition to be alerted once a previously detected threat actor returns or to physically locate a bandit using a nzyme tracker device.

Possible False Positives#

  • A mis-configured or too wide bandit definition could trigger an invalid contact.

Notes#

  • None

See Also#