Written by: Joseph Salazar, Technical Marketing Engineer – *Best read in the style of Rod Serling* Picture if you will, an attacker breaking into a computer system for a retail organization he’s been targeting for a few months. He’s managed to trick a user into clicking on a malicious email with custom malware that evaded detection and now has remote access to the network. He installs some back doors to make sure he can get back in, and then decides to steal some credentials. He finds one that looks promising called “sqladmin” in the credential manager. To make sure it is legitimate, he spins up a command prompt, queries Active Directory for the “sqladmin” login, and confirms that it is authentic. He then looks up the IP address of his beachhead system and pings the next system up from it (because only script kiddies scan the entire network). Just his luck, the IP address responds. Little does he know that he’s about to enter into the Twilight Zone.