ISC Stormcast For Friday, March 6th 2020 https://isc.sans.edu/podcastdetail.html?id=6898, (Fri, Mar 6th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Friday, March 6th 2020 https://isc.sans.edu/podcastdetail.html?id=6898, (Fri, Mar 6th)
Category: SANS Internet Storm Center, InfoCON: green
Will You Put Your Password in a Survey?, (Thu, Mar 5th)
Thanks to one of our readers who submitted this interesting piece of phishing. Personally, I was not aware of this technique which is interesting to bypass common anti-spam filter and reputation systems. The idea is to create a fake survey…
ISC Stormcast For Thursday, March 5th 2020 https://isc.sans.edu/podcastdetail.html?id=6896, (Thu, Mar 5th)
ISC Stormcast For Thursday, March 5th 2020 https://isc.sans.edu/podcastdetail.html?id=6896, (Thu, Mar 5th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Thursday, March 5th 2020 https://isc.sans.edu/podcastdetail.html?id=6896, (Thu, Mar 5th)
Let’s Encrypt Revoking 3 Million Certificates, (Wed, Mar 4th)
Let's Encrypt announced that they will be revoking a large number of certificates today. The revocation is due to an error in how “CAA” records were validated for these certificates. Advertise on IT Security News. Read the complete article:…
ISC Stormcast For Wednesday, March 4th 2020 https://isc.sans.edu/podcastdetail.html?id=6894, (Wed, Mar 4th)
ISC Stormcast For Wednesday, March 4th 2020 https://isc.sans.edu/podcastdetail.html?id=6894, (Wed, Mar 4th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Wednesday, March 4th 2020 https://isc.sans.edu/podcastdetail.html?id=6894, (Wed, Mar 4th)
Introduction to EvtxEcmd (Evtx Explorer), (Tue, Mar 3rd)
This is a guest diary by Ahmed Elshaer. Advertise on IT Security News. Read the complete article: Introduction to EvtxEcmd (Evtx Explorer), (Tue, Mar 3rd)
ISC Stormcast For Tuesday, March 3rd 2020 https://isc.sans.edu/podcastdetail.html?id=6892, (Tue, Mar 3rd)
ISC Stormcast For Tuesday, March 3rd 2020 https://isc.sans.edu/podcastdetail.html?id=6892, (Tue, Mar 3rd) Advertise on IT Security News. Read the complete article: ISC Stormcast For Tuesday, March 3rd 2020 https://isc.sans.edu/podcastdetail.html?id=6892, (Tue, Mar 3rd)
Secure vs. cleartext protocols – couple of interesting stats, (Mon, Mar 2nd)
For a very long time, there has been a strong effort aimed toward moving all potentially sensitive network-based communications from unencrypted protocols to the secure and encrypted ones. And with the recently released APWG report noting that 74% of phishing…
ISC Stormcast For Monday, March 2nd 2020 https://isc.sans.edu/podcastdetail.html?id=6890, (Mon, Mar 2nd)
ISC Stormcast For Monday, March 2nd 2020 https://isc.sans.edu/podcastdetail.html?id=6890, (Mon, Mar 2nd) Advertise on IT Security News. Read the complete article: ISC Stormcast For Monday, March 2nd 2020 https://isc.sans.edu/podcastdetail.html?id=6890, (Mon, Mar 2nd)
Hazelcast IMDG Discover Scan, (Sat, Feb 29th)
Today my honeypot has been capturing scans for the Hazelcast REST API. I checked my logs for the past 2 years and these only started today. The last vulnerability published for Hazelcast was CVE-2018-10654 and related to “There is a…
Show me Your Clipboard Data!, (Fri, Feb 28th)
Yesterday I've read an article[1] about the clipboard on iPhones and how it can disclose sensitive information about the device owner. At the end of the article, the author gave a reference to an iPhone app[2] that discloses the metadata…
ISC Stormcast For Friday, February 28th 2020 https://isc.sans.edu/podcastdetail.html?id=6888, (Fri, Feb 28th)
ISC Stormcast For Friday, February 28th 2020 https://isc.sans.edu/podcastdetail.html?id=6888, (Fri, Feb 28th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Friday, February 28th 2020 https://isc.sans.edu/podcastdetail.html?id=6888, (Fri, Feb 28th)
Offensive Tools Are For Blue Teams Too, (Thu, Feb 27th)
Many offensive tools can be very useful for defenders too. Indeed, if they can help to gather more visibility about the environment that must be protected, why not use them? More information you get, more you can be proactive and visibility…
ISC Stormcast For Thursday, February 27th 2020 https://isc.sans.edu/podcastdetail.html?id=6886, (Thu, Feb 27th)
ISC Stormcast For Thursday, February 27th 2020 https://isc.sans.edu/podcastdetail.html?id=6886, (Thu, Feb 27th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Thursday, February 27th 2020 https://isc.sans.edu/podcastdetail.html?id=6886, (Thu, Feb 27th)
ISC Stormcast For Wednesday, February 26th 2020 https://isc.sans.edu/podcastdetail.html?id=6884, (Wed, Feb 26th)
ISC Stormcast For Wednesday, February 26th 2020 https://isc.sans.edu/podcastdetail.html?id=6884, (Wed, Feb 26th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Wednesday, February 26th 2020 https://isc.sans.edu/podcastdetail.html?id=6884, (Wed, Feb 26th)
Quick look at a couple of current online scam campaigns, (Tue, Feb 25th)
Since I was exposed to three different online scam campaigns in the last three weeks, without having to go out and search for them, I thought that today might be a good time to take a look at how some…
ISC Stormcast For Tuesday, February 25th 2020 https://isc.sans.edu/podcastdetail.html?id=6882, (Tue, Feb 25th)
ISC Stormcast For Tuesday, February 25th 2020 https://isc.sans.edu/podcastdetail.html?id=6882, (Tue, Feb 25th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Tuesday, February 25th 2020 https://isc.sans.edu/podcastdetail.html?id=6882, (Tue, Feb 25th)
Maldoc: Excel 4 Macros and VBA, Devil and Angel?, (Mon, Feb 24th)
Philippe Lagadec, the developer of ole-tools, pointed out something interesting about the following maldoc sample (MD5 a0457c2728923cb46e6d9797fe7d81dd): it contains both Excel 4 macros and VBA code. Advertise on IT Security News. Read the complete article: Maldoc: Excel 4 Macros…
ISC Stormcast For Monday, February 24th 2020 https://isc.sans.edu/podcastdetail.html?id=6880, (Mon, Feb 24th)
ISC Stormcast For Monday, February 24th 2020 https://isc.sans.edu/podcastdetail.html?id=6880, (Mon, Feb 24th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Monday, February 24th 2020 https://isc.sans.edu/podcastdetail.html?id=6880, (Mon, Feb 24th)
Maldoc: Excel 4 Macros in OOXML Format, (Sun, Feb 23rd)
I've mentioned Excel 4 macros before, a scripting technology that predates VBA. Advertise on IT Security News. Read the complete article: Maldoc: Excel 4 Macros in OOXML Format, (Sun, Feb 23rd)
Simple but Efficient VBScript Obfuscation, (Sat, Feb 22nd)
Today, it's easy to guess if a piece of code is malicious or not. Many security solutions automatically detonates it into a sandbox by security solutions. This remains quick and (most of the time still) efficient to have a first…
Quick Analysis of an Encrypted Compound Document Format, (Fri, Feb 21st)
We like when our readers share interesting samples! Even if we have our own sources to hunt for malicious content, it's always interesting to get fresh meat from third parties. Robert shared an interesting Microsoft Word document that I quickly…
ISC Stormcast For Friday, February 21st 2020 https://isc.sans.edu/podcastdetail.html?id=6878, (Fri, Feb 21st)
ISC Stormcast For Friday, February 21st 2020 https://isc.sans.edu/podcastdetail.html?id=6878, (Fri, Feb 21st) Advertise on IT Security News. Read the complete article: ISC Stormcast For Friday, February 21st 2020 https://isc.sans.edu/podcastdetail.html?id=6878, (Fri, Feb 21st)
Whodat? Enumerating Who “owns” a Workstation for IR, (Thu, Feb 20th)
Eventually in almost every incident response situation, you have to start contacting the actual people who sit at the keyboard of affected stations.  Often you'll want them to step back from the keyboard or logout, for either remote forensics data…
ISC Stormcast For Thursday, February 20th 2020 https://isc.sans.edu/podcastdetail.html?id=6876, (Thu, Feb 20th)
ISC Stormcast For Thursday, February 20th 2020 https://isc.sans.edu/podcastdetail.html?id=6876, (Thu, Feb 20th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Thursday, February 20th 2020 https://isc.sans.edu/podcastdetail.html?id=6876, (Thu, Feb 20th)
ISC Stormcast For Wednesday, February 19th 2020 https://isc.sans.edu/podcastdetail.html?id=6874, (Wed, Feb 19th)
ISC Stormcast For Wednesday, February 19th 2020 https://isc.sans.edu/podcastdetail.html?id=6874, (Wed, Feb 19th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Wednesday, February 19th 2020 https://isc.sans.edu/podcastdetail.html?id=6874, (Wed, Feb 19th)
Discovering contents of folders in Windows without permissions, (Tue, Feb 18th)
I recently noticed an interesting side effect of the way in which Windows handles local file permissions, which makes it possible for a non-privileged user to brute-force contents of a folder for which they don't have read access (e.g. Read…
ISC Stormcast For Tuesday, February 18th 2020 https://isc.sans.edu/podcastdetail.html?id=6872, (Tue, Feb 18th)
ISC Stormcast For Tuesday, February 18th 2020 https://isc.sans.edu/podcastdetail.html?id=6872, (Tue, Feb 18th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Tuesday, February 18th 2020 https://isc.sans.edu/podcastdetail.html?id=6872, (Tue, Feb 18th)
curl and SSPI, (Mon, Feb 17th)
There's an interesting comment on Xavier's diary entry “Keep an Eye on Command-Line Browsers” (paraphrasing): a proxy with authentication will prevent wget and curl to access the Internet because they don't do integrated authentication. Advertise on IT Security News.…
ISC Stormcast For Monday, February 17th 2020 https://isc.sans.edu/podcastdetail.html?id=6870, (Mon, Feb 17th)
ISC Stormcast For Monday, February 17th 2020 https://isc.sans.edu/podcastdetail.html?id=6870, (Mon, Feb 17th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Monday, February 17th 2020 https://isc.sans.edu/podcastdetail.html?id=6870, (Mon, Feb 17th)
SOAR or not to SOAR?, (Sun, Feb 16th)
Security, Orchestration, Automation and Response (SOAR) allow organizations to collect data about security threats from multiple sources to automate an appropriate response on repetitive tasks. As an analyst you need to juggle and pivot several times a day between multiple…
bsdtar on Windows 10, (Sat, Feb 15th)
Reading Xavier's diary entry “Keep an Eye on Command-Line Browsers”, I wondered when exactly curl was introduced in Windows 10? Advertise on IT Security News. Read the complete article: bsdtar on Windows 10, (Sat, Feb 15th)
Keep an Eye on Command-Line Browsers, (Fri, Feb 14th)
For a few weeks, I'm searching for suspicious files that make use of a command line browser like curl.exe or wget.exe in Windows environment. Wait, you were not aware of this? Just open a cmd.exe and type ‘curl.exe' on your…
ISC Stormcast For Friday, February 14th 2020 https://isc.sans.edu/podcastdetail.html?id=6868, (Fri, Feb 14th)
ISC Stormcast For Friday, February 14th 2020 https://isc.sans.edu/podcastdetail.html?id=6868, (Fri, Feb 14th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Friday, February 14th 2020 https://isc.sans.edu/podcastdetail.html?id=6868, (Fri, Feb 14th)
Auth-mageddon deferred (but not averted), Microsoft LDAP Changes now slated for Q3Q4 2020, (Thu, Feb 13th)
Good news, sort-of – – Microsoft has deferred their March changes to LDAP, citing the Christmas change freeze that most sensible organizations implement as their reason: Advertise on IT Security News. Read the complete article: Auth-mageddon deferred (but not…
ISC Stormcast For Thursday, February 13th 2020 https://isc.sans.edu/podcastdetail.html?id=6866, (Thu, Feb 13th)
ISC Stormcast For Thursday, February 13th 2020 https://isc.sans.edu/podcastdetail.html?id=6866, (Thu, Feb 13th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Thursday, February 13th 2020 https://isc.sans.edu/podcastdetail.html?id=6866, (Thu, Feb 13th)
March Patch Tuesday is Coming – the LDAP Changes will Change Your Life!, (Wed, Feb 12th)
Next month Microsoft will be changing the default behaviour for LDAP – Cleartext, unsigned LDAP queries against AD (over port 389) will be disabled by default - https://support.microsoft.com/en-gb/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirement-for-windows  .  You'll still be able to over-ride that using registry keys or group…
ISC Stormcast For Wednesday, February 12th 2020 https://isc.sans.edu/podcastdetail.html?id=6864, (Wed, Feb 12th)
ISC Stormcast For Wednesday, February 12th 2020 https://isc.sans.edu/podcastdetail.html?id=6864, (Wed, Feb 12th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Wednesday, February 12th 2020 https://isc.sans.edu/podcastdetail.html?id=6864, (Wed, Feb 12th)
Malpsam pushes Ursnif through Italian language Word docs, (Wed, Feb 12th)
Introduction Advertise on IT Security News. Read the complete article: Malpsam pushes Ursnif through Italian language Word docs, (Wed, Feb 12th)
Microsoft Patch Tuesday for February 2020, (Tue, Feb 11th)
Microsoft Patch Tuesday for February 2020, (Tue, Feb 11th) Advertise on IT Security News. Read the complete article: Microsoft Patch Tuesday for February 2020, (Tue, Feb 11th)
ISC Stormcast For Tuesday, February 11th 2020 https://isc.sans.edu/podcastdetail.html?id=6862, (Tue, Feb 11th)
ISC Stormcast For Tuesday, February 11th 2020 https://isc.sans.edu/podcastdetail.html?id=6862, (Tue, Feb 11th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Tuesday, February 11th 2020 https://isc.sans.edu/podcastdetail.html?id=6862, (Tue, Feb 11th)
Current PayPal phishing campaign or “give me all your personal information”, (Mon, Feb 10th)
One of my colleagues sent me a new PayPal phishing e-mail today. Although it was fairly usual, as phishing e-mails go, since the campaign is still active and since it shows the current “let's take all that we can get”…
ISC Stormcast For Monday, February 10th 2020 https://isc.sans.edu/podcastdetail.html?id=6860, (Mon, Feb 10th)
ISC Stormcast For Monday, February 10th 2020 https://isc.sans.edu/podcastdetail.html?id=6860, (Mon, Feb 10th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Monday, February 10th 2020 https://isc.sans.edu/podcastdetail.html?id=6860, (Mon, Feb 10th)
After Action Review, (Sat, Feb 8th)
After Action Review, (Sat, Feb 8th) Advertise on IT Security News. Read the complete article: After Action Review, (Sat, Feb 8th)

Sandbox Detection Tricks & Nice Obfuscation in a Single VBScript , (Fri, Feb 7th)
I found an interesting VBScript sample that is a perfect textbook case for training or learning purposes. It implements a nice obfuscation technique as well as many classic sandbox detection mechanisms. The script is a dropper: it extracts from its…
Sandbox Detection Tricks & Nice Obfuscation in a Single VBScript , (Fri, Feb 7th)
I found an interesting VBScript sample that is a perfect textbook case for training or learning purposes. It implements a nice obfuscation technique as well as many classic sandbox detection mechanisms. The script is a dropper: it extracts from its…
ISC Stormcast For Friday, February 7th 2020 https://isc.sans.edu/podcastdetail.html?id=6858, (Fri, Feb 7th)
ISC Stormcast For Friday, February 7th 2020 https://isc.sans.edu/podcastdetail.html?id=6858, (Fri, Feb 7th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Friday, February 7th 2020 https://isc.sans.edu/podcastdetail.html?id=6858, (Fri, Feb 7th)
ISC Stormcast For Thursday, February 6th 2020 https://isc.sans.edu/podcastdetail.html?id=6856, (Thu, Feb 6th)
ISC Stormcast For Thursday, February 6th 2020 https://isc.sans.edu/podcastdetail.html?id=6856, (Thu, Feb 6th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Thursday, February 6th 2020 https://isc.sans.edu/podcastdetail.html?id=6856, (Thu, Feb 6th)
Fake browser update pages are “still a thing”, (Wed, Feb 5th)
Introduction Advertise on IT Security News. Read the complete article: Fake browser update pages are “still a thing”, (Wed, Feb 5th)
ISC Stormcast For Wednesday, February 5th 2020 https://isc.sans.edu/podcastdetail.html?id=6854, (Wed, Feb 5th)
ISC Stormcast For Wednesday, February 5th 2020 https://isc.sans.edu/podcastdetail.html?id=6854, (Wed, Feb 5th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Wednesday, February 5th 2020 https://isc.sans.edu/podcastdetail.html?id=6854, (Wed, Feb 5th)
ISC Stormcast For Tuesday, February 4th 2020 https://isc.sans.edu/podcastdetail.html?id=6852, (Tue, Feb 4th)
ISC Stormcast For Tuesday, February 4th 2020 https://isc.sans.edu/podcastdetail.html?id=6852, (Tue, Feb 4th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Tuesday, February 4th 2020 https://isc.sans.edu/podcastdetail.html?id=6852, (Tue, Feb 4th)
Analysis of a triple-encrypted AZORult downloader, (Mon, Feb 3rd)
I recently came across an interesting malicious document. Distributed as an attachment of a run-of-the-mill malspam message, the file with a DOC extension didn't look like anything special at first glance. However, although it does use macros as one might…

Video: Stego & Cryptominers, (Sun, Feb 2nd)
A couple of months ago, I read a blog post about malware, cryptominers and WAV file steganography: malware authors are concealing cryptominers in sound files (WAV) using steganography. Each bit of the cryptominer executable is stored as the least-significant bit…
ISC Stormcast For Monday, February 3rd 2020 https://isc.sans.edu/podcastdetail.html?id=6850, (Mon, Feb 3rd)
ISC Stormcast For Monday, February 3rd 2020 https://isc.sans.edu/podcastdetail.html?id=6850, (Mon, Feb 3rd) Advertise on IT Security News. Read the complete article: ISC Stormcast For Monday, February 3rd 2020 https://isc.sans.edu/podcastdetail.html?id=6850, (Mon, Feb 3rd)
Video: Stego & Cryptominers, (Sun, Feb 2nd)
A couple of months ago, I read a blog post about malware, cryptominers and WAV file steganography: malware authors are concealing cryptominers in sound files (WAV) using steganography. Each bit of the cryptominer executable is stored as the least-significant bit…
Wireshark 3.2.1 Released, (Sat, Feb 1st)
Wireshark version 3.2.1 was released. Advertise on IT Security News. Read the complete article: Wireshark 3.2.1 Released, (Sat, Feb 1st)
ISC Stormcast For Friday, January 31st 2020 https://isc.sans.edu/podcastdetail.html?id=6848, (Fri, Jan 31st)
ISC Stormcast For Friday, January 31st 2020 https://isc.sans.edu/podcastdetail.html?id=6848, (Fri, Jan 31st) Advertise on IT Security News. Read the complete article: ISC Stormcast For Friday, January 31st 2020 https://isc.sans.edu/podcastdetail.html?id=6848, (Fri, Jan 31st)
ISC Stormcast For Thursday, January 30th 2020 https://isc.sans.edu/podcastdetail.html?id=6846, (Thu, Jan 30th)
ISC Stormcast For Thursday, January 30th 2020 https://isc.sans.edu/podcastdetail.html?id=6846, (Thu, Jan 30th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Thursday, January 30th 2020 https://isc.sans.edu/podcastdetail.html?id=6846, (Thu, Jan 30th)
ISC Stormcast For Wednesday, January 29th 2020 https://isc.sans.edu/podcastdetail.html?id=6844, (Wed, Jan 29th)
ISC Stormcast For Wednesday, January 29th 2020 https://isc.sans.edu/podcastdetail.html?id=6844, (Wed, Jan 29th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Wednesday, January 29th 2020 https://isc.sans.edu/podcastdetail.html?id=6844, (Wed, Jan 29th)
Emotet epoch 1 infection with Trickbot gtag mor84, (Tue, Jan 28th)
Introduction Advertise on IT Security News. Read the complete article: Emotet epoch 1 infection with Trickbot gtag mor84, (Tue, Jan 28th)
ISC Stormcast For Tuesday, January 28th 2020 https://isc.sans.edu/podcastdetail.html?id=6842, (Tue, Jan 28th)
ISC Stormcast For Tuesday, January 28th 2020 https://isc.sans.edu/podcastdetail.html?id=6842, (Tue, Jan 28th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Tuesday, January 28th 2020 https://isc.sans.edu/podcastdetail.html?id=6842, (Tue, Jan 28th)
Network Security Perspective on Coronavirus Preparedness, (Mon, Jan 27th)
With the new Coronavirus outbreak starting to dominate the news, I want to go over some cybersecurity effects of a disease like this that you should prepare for. Advertise on IT Security News. Read the complete article: Network Security…
ISC Stormcast For Monday, January 27th 2020 https://isc.sans.edu/podcastdetail.html?id=6840, (Mon, Jan 27th)
ISC Stormcast For Monday, January 27th 2020 https://isc.sans.edu/podcastdetail.html?id=6840, (Mon, Jan 27th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Monday, January 27th 2020 https://isc.sans.edu/podcastdetail.html?id=6840, (Mon, Jan 27th)
Is Threat Hunting the new Fad?, (Sat, Jan 25th)
Over the past two years a lot of articles, processes, techniques and tools have been published on how to do Threat Hunting. I have been following the trend with great interest whether it be which process works best, methods and…
Visibility Gap of Your Security Tools, (Sat, Jan 25th)
Visibility Gap of Your Security Tools, (Sat, Jan 25th) Advertise on IT Security News. Read the complete article: Visibility Gap of Your Security Tools, (Sat, Jan 25th)
Why Phishing Remains So Popular?, (Fri, Jan 24th)
… because it works! Advertise on IT Security News. Read the complete article: Why Phishing Remains So Popular?, (Fri, Jan 24th)
ISC Stormcast For Friday, January 24th 2020 https://isc.sans.edu/podcastdetail.html?id=6838, (Fri, Jan 24th)
ISC Stormcast For Friday, January 24th 2020 https://isc.sans.edu/podcastdetail.html?id=6838, (Fri, Jan 24th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Friday, January 24th 2020 https://isc.sans.edu/podcastdetail.html?id=6838, (Fri, Jan 24th)
Complex Obfuscation VS Simple Trick, (Thu, Jan 23rd)
Today, I would like to make a comparison between two techniques applied to malicious code to try to bypass AV detection. Advertise on IT Security News. Read the complete article: Complex Obfuscation VS Simple Trick, (Thu, Jan 23rd)
ISC Stormcast For Thursday, January 23rd 2020 https://isc.sans.edu/podcastdetail.html?id=6836, (Thu, Jan 23rd)
ISC Stormcast For Thursday, January 23rd 2020 https://isc.sans.edu/podcastdetail.html?id=6836, (Thu, Jan 23rd) Advertise on IT Security News. Read the complete article: ISC Stormcast For Thursday, January 23rd 2020 https://isc.sans.edu/podcastdetail.html?id=6836, (Thu, Jan 23rd)
ISC Stormcast For Wednesday, January 22nd 2020 https://isc.sans.edu/podcastdetail.html?id=6834, (Wed, Jan 22nd)
ISC Stormcast For Wednesday, January 22nd 2020 https://isc.sans.edu/podcastdetail.html?id=6834, (Wed, Jan 22nd) Advertise on IT Security News. Read the complete article: ISC Stormcast For Wednesday, January 22nd 2020 https://isc.sans.edu/podcastdetail.html?id=6834, (Wed, Jan 22nd)
German language malspam pushes Ursnif, (Wed, Jan 22nd)
Introduction Advertise on IT Security News. Read the complete article: German language malspam pushes Ursnif, (Wed, Jan 22nd)
DeepBlueCLI: Powershell Threat Hunting, (Tue, Jan 21st)
Happy New Year! Those among you who participated in the SANS Holiday Hack Challenge, also known as Kringlecon 2, this holiday season may have found themselves exposed to new tools or the opportunity to utilize one or two that had…
ISC Stormcast For Tuesday, January 21st 2020 https://isc.sans.edu/podcastdetail.html?id=6832, (Tue, Jan 21st)
ISC Stormcast For Tuesday, January 21st 2020 https://isc.sans.edu/podcastdetail.html?id=6832, (Tue, Jan 21st) Advertise on IT Security News. Read the complete article: ISC Stormcast For Tuesday, January 21st 2020 https://isc.sans.edu/podcastdetail.html?id=6832, (Tue, Jan 21st)
ISC Stormcast For Monday, January 20th 2020 https://isc.sans.edu/podcastdetail.html?id=6830, (Mon, Jan 20th)
ISC Stormcast For Monday, January 20th 2020 https://isc.sans.edu/podcastdetail.html?id=6830, (Mon, Jan 20th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Monday, January 20th 2020 https://isc.sans.edu/podcastdetail.html?id=6830, (Mon, Jan 20th)
Citrix ADC Exploits Update, (Mon, Jan 20th)
In today's diary, I am summarizing the current state of attacks exploiting the Citrix ADC vulnerability (CVE-2019-19781), using data from our SANS ISC honeypots. Our first two posts about this topic are here: [1] [2]. Advertise on IT Security…
ISC Stormcast For Friday, January 17th 2020 https://isc.sans.edu/podcastdetail.html?id=6828, (Fri, Jan 17th)
ISC Stormcast For Friday, January 17th 2020 https://isc.sans.edu/podcastdetail.html?id=6828, (Fri, Jan 17th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Friday, January 17th 2020 https://isc.sans.edu/podcastdetail.html?id=6828, (Fri, Jan 17th)
Summing up CVE-2020-0601, or the Let?s Decrypt vulnerability, (Thu, Jan 16th)
Last 24 hours have been extremely interesting – this month's patch Tuesday by Microsoft brought to us 2 very interesting (and critical) vulnerabilities. The first one, the “BlueKeep†like remote code execution vulnerability in Remote Desktop Gateway (CVE-2020-0609, CVE-2020-0610) has…
Picks of 2019 malware – the large, the small and the one full of null bytes, (Thu, Jan 16th)
Although less than two days have gone by since the latest release of MSFT patches, I find that it would actually be hard to add anything interesting to them that hasn't been discussed before, as the most important vulnerabilities (couple…
ISC Stormcast For Thursday, January 16th 2020 https://isc.sans.edu/podcastdetail.html?id=6826, (Thu, Jan 16th)
ISC Stormcast For Thursday, January 16th 2020 https://isc.sans.edu/podcastdetail.html?id=6826, (Thu, Jan 16th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Thursday, January 16th 2020 https://isc.sans.edu/podcastdetail.html?id=6826, (Thu, Jan 16th)
CVE-2020-0601 Followup, (Wed, Jan 15th)
Among the patches Microsoft released yesterday, the vulnerability in the CryptoAPI got by far the most attention. Here are some answers to questions we have received about this vulnerability. Many of these questions also came from our webcast audience (for…
ISC Stormcast For Wednesday, January 15th 2020 https://isc.sans.edu/podcastdetail.html?id=6824, (Wed, Jan 15th)
ISC Stormcast For Wednesday, January 15th 2020 https://isc.sans.edu/podcastdetail.html?id=6824, (Wed, Jan 15th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Wednesday, January 15th 2020 https://isc.sans.edu/podcastdetail.html?id=6824, (Wed, Jan 15th)
Microsoft Patch Tuesday for January 2020, (Tue, Jan 14th)
[Special Note: we will have a special webcast on this topic at noon ET tomorrow (Wednesday, January 15th. See https://sans.org/cryptoapi-isc ) Advertise on IT Security News. Read the complete article: Microsoft Patch Tuesday for January 2020, (Tue, Jan 14th)
ISC Stormcast For Tuesday, January 14th 2020 https://isc.sans.edu/podcastdetail.html?id=6822, (Tue, Jan 14th)
ISC Stormcast For Tuesday, January 14th 2020 https://isc.sans.edu/podcastdetail.html?id=6822, (Tue, Jan 14th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Tuesday, January 14th 2020 https://isc.sans.edu/podcastdetail.html?id=6822, (Tue, Jan 14th)
Citrix ADC Exploits: Overview of Observed Payloads, (Mon, Jan 13th)
If you missed Johannes' diary entry “Citrix ADC Exploits are Public and Heavily Used. Attempts to Install Backdoor” this Saturday, make sure to read it first. Advertise on IT Security News. Read the complete article: Citrix ADC Exploits: Overview…
ISC Stormcast For Monday, January 13th 2020 https://isc.sans.edu/podcastdetail.html?id=6820, (Mon, Jan 13th)
ISC Stormcast For Monday, January 13th 2020 https://isc.sans.edu/podcastdetail.html?id=6820, (Mon, Jan 13th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Monday, January 13th 2020 https://isc.sans.edu/podcastdetail.html?id=6820, (Mon, Jan 13th)
ELK Dashboard and Logstash parser for tcp-honeypot Logs, (Sun, Jan 12th)
In my last two diaries, I shared a Pihole parser and dashboard to collect and view its logs in Elastic. In this diary, I'm sharing another parser and dashboard to visualize the data collected by Didier's tcp-honeypot. This is a…
Citrix ADC Exploits are Public and Heavily Used. Attempts to Install Backdoor, (Sat, Jan 11th)
Late last night, multiple groups released working exploits for the Citrix ADC path traversal flaw. First, “Project Zero India” released a simple exploit essentially consisting of two curl commands [1]. The first one will write a template file that includes…
More Data Exfiltration, (Fri, Jan 10th)
Yesterday, I posted a quick analysis of a malicious document that exfiltrates data from the compromised computer[1]. Here is another found that also exfiltrate data. The malware is delivered in an ACE archive. This file format remains common in phishing…
ISC Stormcast For Friday, January 10th 2020 https://isc.sans.edu/podcastdetail.html?id=6818, (Fri, Jan 10th)
ISC Stormcast For Friday, January 10th 2020 https://isc.sans.edu/podcastdetail.html?id=6818, (Fri, Jan 10th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Friday, January 10th 2020 https://isc.sans.edu/podcastdetail.html?id=6818, (Fri, Jan 10th)
Quick Analyzis of a(nother) Maldoc, (Thu, Jan 9th)
Yesterday, one of our readers (thank David!) submitted to us a malicious document disguised as a UPS invoice. Like David, do not hesitate to share samples with us, we like malware samples! I briefly checked the document. Nothing new, based…
Windows 7 – End of Life, (Thu, Jan 9th)
A quick reminder note today for everyone. Microsoft Windows 7 operating system is at End of Life on January 14, 2020. [1] Advertise on IT Security News. Read the complete article: Windows 7 – End of Life, (Thu,…
ISC Stormcast For Thursday, January 9th 2020 https://isc.sans.edu/podcastdetail.html?id=6816, (Thu, Jan 9th)
ISC Stormcast For Thursday, January 9th 2020 https://isc.sans.edu/podcastdetail.html?id=6816, (Thu, Jan 9th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Thursday, January 9th 2020 https://isc.sans.edu/podcastdetail.html?id=6816, (Thu, Jan 9th)
ISC Stormcast For Wednesday, January 8th 2020 https://isc.sans.edu/podcastdetail.html?id=6814, (Wed, Jan 8th)
ISC Stormcast For Wednesday, January 8th 2020 https://isc.sans.edu/podcastdetail.html?id=6814, (Wed, Jan 8th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Wednesday, January 8th 2020 https://isc.sans.edu/podcastdetail.html?id=6814, (Wed, Jan 8th)
A Quick Update on Scanning for CVE-2019-19781 (Citrix ADC / Gateway Vulnerability), (Tue, Jan 7th)
For the last week, I have been monitoring our honeypot logs for evidence of exploits taking advantage of CVE-2019-19781. Currently, I have not seen an actual “exploit” being used. But there is some evidence that people are scanning for vulnerable…
ISC Stormcast For Tuesday, January 7th 2020 https://isc.sans.edu/podcastdetail.html?id=6812, (Tue, Jan 7th)
ISC Stormcast For Tuesday, January 7th 2020 https://isc.sans.edu/podcastdetail.html?id=6812, (Tue, Jan 7th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Tuesday, January 7th 2020 https://isc.sans.edu/podcastdetail.html?id=6812, (Tue, Jan 7th)
SNMP service: still opened to the public and still queried by attackers, (Mon, Jan 6th)
Simple Network Management Protocol (SNMP) is a UDP service that runs on port 161/UDP. It is used for network management purposes and should be reachable only from known locations using secure channels. Advertise on IT Security News. Read the…
Increase in Number of Sources January 3rd and 4th: spoofed, (Mon, Jan 6th)
Justin C alerted me in our Slack channel that GreyNoise, a commercial system similar to DShield, noted a large increase in the number of sources scanning. We do have these “Spikes” from time to time and had one for the…
ISC Stormcast For Monday, January 6th 2020 https://isc.sans.edu/podcastdetail.html?id=6810, (Mon, Jan 6th)
ISC Stormcast For Monday, January 6th 2020 https://isc.sans.edu/podcastdetail.html?id=6810, (Mon, Jan 6th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Monday, January 6th 2020 https://isc.sans.edu/podcastdetail.html?id=6810, (Mon, Jan 6th)
etl2pcapng: Convert .etl Capture Files To .pcapng Format, (Sun, Jan 5th)
Over the holidays, I wanted to look into a packet capture file I created on Windows with a “netsh trace” command. Such an .etl file created with a “netsh trace” command can not be opened with Wireshark, you have to…
KringleCon 2019, (Sat, Jan 4th)
The SANS Holiday Hack Challenge is an annual, free CTF. Advertise on IT Security News. Read the complete article: KringleCon 2019, (Sat, Jan 4th)