Category: SANS Internet Storm Center, InfoCON: green

Read the original article: Securing and Optimizing Networks: Using pfSense Traffic Shaper Limiters to Combat Bufferbloat, (Mon, Feb 15th) [This is a guest diary by Yee Ching Tok (personal website here (https://poppopretn.com)). Feedback welcome either via comments or our contact…

Read more →

Read the original article: 
Video: tshark & Malware Analysis, (Sun, Feb 14th) In this video, I show the commands I used in diary entry “Quickie: tshark & Malware Analysis” to analyze shellcode from a pcapng file, and I also show…

Read more →

Read the original article: ISC Stormcast For Monday, February 15th, 2021 https://isc.sans.edu/podcastdetail.html?id=7372, (Mon, Feb 15th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Monday, February 15th, 2021 https://isc.sans.edu/podcastdetail.html?id=7372,…

Read more →

Read the original article: Video: tshark & Malware Analysis, (Sun, Feb 14th) In this video, I show the commands I used in diary entry “Quickie: tshark & Malware Analysis” to analyze shellcode from a pcapng file, and I also show…

Read more →

Read the original article: Using Logstash to Parse IPtables Firewall Logs, (Sat, Feb 13th) One of our reader submitted some DSL Modem Firewall logs (iptables format) and I wrote a simple logstash parser to analyze and illustrate the activity, in…

Read more →

Read the original article: vSphere Replication updates address a command injection vulnerability (CVE-2021-21976) – https://www.vmware.com/security/advisories/VMSA-2021-0001.html, (Sat, Feb 13th) ———–   Become a supporter of IT Security News and help us remove the ads. Read the original article: vSphere Replication updates…

Read more →

Read the original article: AgentTesla Dropped Through Automatic Click in Microsoft Help File, (Fri, Feb 12th) Attackers have plenty of resources to infect our systems. If some files may look suspicious because the extension is less common (like .xsl files[1]),…

Read more →

Read the original article: ISC Stormcast For Friday, February 12th, 2021 https://isc.sans.edu/podcastdetail.html?id=7370, (Fri, Feb 12th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Friday, February 12th, 2021 https://isc.sans.edu/podcastdetail.html?id=7370,…

Read more →

Read the original article: Agent Tesla hidden in a historical anti-malware tool, (Thu, Feb 11th) While going through attachments of e-mails, which were caught in my e-mail quarantine since the beginning of February, I found an ISO file with what…

Read more →

Read the original article: ISC Stormcast For Thursday, February 11th, 2021 https://isc.sans.edu/podcastdetail.html?id=7368, (Thu, Feb 11th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Thursday, February 11th, 2021 https://isc.sans.edu/podcastdetail.html?id=7368,…

Read more →

Read the original article: ISC Stormcast For Wednesday, February 10th, 2021 https://isc.sans.edu/podcastdetail.html?id=7366, (Wed, Feb 10th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Wednesday, February 10th, 2021 https://isc.sans.edu/podcastdetail.html?id=7366,…

Read more →

Read the original article: Phishing message to the ISC handlers email distro, (Wed, Feb 10th) Introduction   Become a supporter of IT Security News and help us remove the ads. Read the original article: Phishing message to the ISC handlers…

Read more →

Read the original article: Microsoft February 2021 Patch Tuesday, (Tue, Feb 9th) This month we got patches for 56 vulnerabilities. Of these, 11 are critical, 1 is being exploited and 6 were previously disclosed.   Become a supporter of IT…

Read more →

Read the original article: 
Quickie: tshark & Malware Analysis, (Mon, Feb 8th) The following screenshot drew my attention when I read Brad's diary entry “Excel spreadsheets push SystemBC malware”:   Become a supporter of IT Security News and help us…

Read more →

Read the original article: ISC Stormcast For Tuesday, February 9th, 2021 https://isc.sans.edu/podcastdetail.html?id=7364, (Tue, Feb 9th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Tuesday, February 9th, 2021 https://isc.sans.edu/podcastdetail.html?id=7364,…

Read more →

Read the original article: Quickie: tshark & Malware Analysis, (Mon, Feb 8th) The following screenshot drew my attention when I read Brad's diary entry “Excel spreadsheets push SystemBC malware”:   Become a supporter of IT Security News and help us…

Read more →

Read the original article: ISC Stormcast For Monday, February 8th, 2021 https://isc.sans.edu/podcastdetail.html?id=7362, (Mon, Feb 8th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Monday, February 8th, 2021 https://isc.sans.edu/podcastdetail.html?id=7362,…

Read more →

Read the original article: YARA v4.0.5, (Sat, Feb 6th) YARA version 4.0.5 was released.   Become a supporter of IT Security News and help us remove the ads. Read the original article: YARA v4.0.5, (Sat, Feb 6th)

Read more →

Read the original article: VBA Macro Trying to Alter the Application Menus, (Fri, Feb 5th) Who remembers the worm Melissa[1]? It started to spread in March 1999! In information security, it looks like speaking about prehistory but I spotted a VBA…

Read more →

Read the original article: 
Abusing Google Chrome extension syncing for data exfiltration and C&C, (Thu, Feb 4th) I had a pleasure (or not) of working on another incident where, among other things, attackers were using a pretty novel way of…

Read more →

Read the original article: ISC Stormcast For Friday, February 5th, 2021 https://isc.sans.edu/podcastdetail.html?id=7360, (Fri, Feb 5th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Friday, February 5th, 2021 https://isc.sans.edu/podcastdetail.html?id=7360,…

Read more →

Read the original article: Abusing Google Chrome extension syncing for data exfiltration and C&C, (Thu, Feb 4th) I had a pleasure (or not) of working on another incident where, among other things, attackers were using a pretty novel way of…

Read more →

Read the original article: ISC Stormcast For Thursday, February 4th, 2021 https://isc.sans.edu/podcastdetail.html?id=7358, (Thu, Feb 4th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Thursday, February 4th, 2021 https://isc.sans.edu/podcastdetail.html?id=7358,…

Read more →

Read the original article: ISC Stormcast For Wednesday, February 3rd, 2021 https://isc.sans.edu/podcastdetail.html?id=7356, (Wed, Feb 3rd) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Wednesday, February 3rd, 2021 https://isc.sans.edu/podcastdetail.html?id=7356,…

Read more →

Read the original article: Excel spreadsheets push SystemBC malware, (Wed, Feb 3rd) Introduction   Become a supporter of IT Security News and help us remove the ads. Read the original article: Excel spreadsheets push SystemBC malware, (Wed, Feb 3rd)

Read more →

Read the original article: New Example of XSL Script Processing aka “Mitre T1220”, (Tue, Feb 2nd) Last week, Brad posted a diary about TA551[1]. A few days later, one of our readers submitted another sample belonging to the same campaign.…

Read more →

Read the original article: ISC Stormcast For Monday, February 1st, 2021 https://isc.sans.edu/podcastdetail.html?id=7352, (Mon, Feb 1st) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Monday, February 1st, 2021 https://isc.sans.edu/podcastdetail.html?id=7352,…

Read more →

Read the original article: Taking a Shot at Reverse Shell Attacks, CNC Phone Home and Data Exfil from Servers, (Mon, Feb 1st) Over the last number of weeks (after the Solarwinds Orion news) there's been a lot of discussion on…

Read more →

Read the original article: ISC Stormcast For Tuesday, February 2nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7354, (Tue, Feb 2nd) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Tuesday, February 2nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7354,…

Read more →

Read the original article: YARA v4.0.4, (Sun, Jan 31st) YARA version 4.0.4 was released (right after version 4.0.3).   Become a supporter of IT Security News and help us remove the ads. Read the original article: YARA v4.0.4, (Sun, Jan…

Read more →

Read the original article: Wireshark 3.4.3 Released, (Sun, Jan 31st) Wireshark version 3.4.3 was released.   Become a supporter of IT Security News and help us remove the ads. Read the original article: Wireshark 3.4.3 Released, (Sun, Jan 31st)

Read more →

Read the original article: PacketSifter as Network Parsing and Telemetry Tool, (Sat, Jan 30th) I saw PacketSifter[1], a new package on Github and figure I would give it a try to test its functionality. It is described as “PacketSifter is…

Read more →

Read the original article: Wireshark 3.2.11 is now available which contains Bug Fixes – https://www.wireshark.org, (Sat, Jan 30th) ———–   Become a supporter of IT Security News and help us remove the ads. Read the original article: Wireshark 3.2.11 is…

Read more →

Read the original article: Sensitive Data Shared with Cloud Services, (Fri, Jan 29th) Yesterday was the data protection day in Europe[1]. I was not on duty so I&#x27m writing this quick diary a bit late. Back in 2020, the Nitro…

Read more →

Read the original article: ISC Stormcast For Friday, January 29th, 2021 https://isc.sans.edu/podcastdetail.html?id=7350, (Fri, Jan 29th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Friday, January 29th, 2021 https://isc.sans.edu/podcastdetail.html?id=7350,…

Read more →

Read the original article: ISC Stormcast For Thursday, January 28th, 2021 https://isc.sans.edu/podcastdetail.html?id=7348, (Thu, Jan 28th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Thursday, January 28th, 2021 https://isc.sans.edu/podcastdetail.html?id=7348,…

Read more →

Read the original article: Emotet vs. Windows Attack Surface Reduction, (Thu, Jan 28th) Emotet malware in the form of malicious Word documents continued to make the rounds over the past weeks, and the samples initially often had pretty poor anti-virus…

Read more →

Read the original article: TriOp – tool for gathering (not just) security-related data from Shodan.io (tool drop), (Wed, Jan 27th) If you&#x27re a regular reader of our Diaries, you may remember that over the last year and a half, a…

Read more →

Read the original article: ISC Stormcast For Wednesday, January 27th, 2021 https://isc.sans.edu/podcastdetail.html?id=7346, (Wed, Jan 27th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Wednesday, January 27th, 2021 https://isc.sans.edu/podcastdetail.html?id=7346,…

Read more →

Read the original article: TA551 (Shathak) Word docs push Qakbot (Qbot), (Tue, Jan 26th) Introduction   Become a supporter of IT Security News and help us remove the ads. Read the original article: TA551 (Shathak) Word docs push Qakbot (Qbot),…

Read more →

Read the original article: ISC Stormcast For Tuesday, January 26th, 2021 https://isc.sans.edu/podcastdetail.html?id=7344, (Tue, Jan 26th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Tuesday, January 26th, 2021 https://isc.sans.edu/podcastdetail.html?id=7344,…

Read more →

Read the original article: Fun with NMAP NSE Scripts and DOH (DNS over HTTPS), (Mon, Jan 25th) DOH (DNS over HTTPS) has been implemented into the various browsers over the last year or so, and there's a fair amount of…

Read more →

Read the original article: 
Video: Doc & RTF Malicious Document, (Sun, Jan 24th) I made a video for my diary entry “Doc & RTF Malicious Document”. And I show a new feature of my tool re-search.py, that helps with filtering…

Read more →

Read the original article: ISC Stormcast For Monday, January 25th, 2021 https://isc.sans.edu/podcastdetail.html?id=7342, (Mon, Jan 25th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Monday, January 25th, 2021 https://isc.sans.edu/podcastdetail.html?id=7342,…

Read more →

Read the original article: Video: Doc & RTF Malicious Document, (Sun, Jan 24th) I made a video for my diary entry “Doc & RTF Malicious Document”. And I show a new feature of my tool re-search.py, that helps with filtering…

Read more →

Read the original article: CyberChef: Analyzing OOXML Files for URLs, (Sat, Jan 23rd) In diary entry “Doc & RTF Malicious Document” I start analyzing a malicious Word document with my tools.   Become a supporter of IT Security News and…

Read more →

Read the original article: Another File Extension to Block in your MTA: .jnlp, (Fri, Jan 22nd) When hunting, one thing that I like to learn is how attackers can be imaginative at deploying new techniques. I spotted some emails that…

Read more →

Read the original article: ISC Stormcast For Friday, January 22nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7340, (Fri, Jan 22nd) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Friday, January 22nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7340,…

Read more →

Read the original article: Powershell Dropping a REvil Ransomware, (Thu, Jan 21st) I spotted a piece of Powershell code that deserved some investigations because it makes use of RunSpaces[1]. The file (SHA256:e1e19d637e6744fedb76a9008952e01ee6dabaecbc6ad2701dfac6aab149cecf) has a very low VT score: only 1/59![2]. …

Read more →

Read the original article: ISC Stormcast For Thursday, January 21st, 2021 https://isc.sans.edu/podcastdetail.html?id=7338, (Thu, Jan 21st) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Thursday, January 21st, 2021 https://isc.sans.edu/podcastdetail.html?id=7338,…

Read more →

Read the original article: ISC Stormcast For Wednesday, January 20th, 2021 https://isc.sans.edu/podcastdetail.html?id=7336, (Wed, Jan 20th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Wednesday, January 20th, 2021 https://isc.sans.edu/podcastdetail.html?id=7336,…

Read more →

Read the original article: 
Security Detection & Response Alert Output Usability Survey https://www.surveymonkey.com/r/TAOvsVAO, (Tue, Jan 19th) This post doesn’t have text content, please click on the link below to view the original article. 
Security Detection & Response Alert Output Usability…

Read more →

Read the original article: Qakbot activity resumes after holiday break, (Wed, Jan 20th) Introduction   Become a supporter of IT Security News and help us remove the ads. Read the original article: Qakbot activity resumes after holiday break, (Wed, Jan…

Read more →

Read the original article: ISC Stormcast For Tuesday, January 19th, 2021 https://isc.sans.edu/podcastdetail.html?id=7334, (Tue, Jan 19th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Tuesday, January 19th, 2021 https://isc.sans.edu/podcastdetail.html?id=7334,…

Read more →

Read the original article: Gordon for fast cyber reputation checks, (Tue, Jan 19th) Gordon quickly provides threat & risk information about observables   Become a supporter of IT Security News and help us remove the ads. Read the original article:…

Read more →

Read the original article: Security Detection & Response Alert Output Usability Survey https://www.surveymonkey.com/r/TAOvsVAO, (Tue, Jan 19th) This post doesn’t have text content, please click on the link below to view the original article. Security Detection & Response Alert Output Usability…

Read more →

Read the original article: 
Doc & RTF Malicious Document, (Mon, Jan 18th) A reader pointed us to a malicious Word document.   Become a supporter of IT Security News and help us remove the ads. Read the original article: 
Doc…

Read more →

Read the original article: The CIS Benchmark for Cisco Nexus (NX-OS) 1.0 went live last week, find it here: https://www.cisecurity.org/cis-benchmarks/, (Mon, Jan 18th) =============== Rob VandenBrink   Become a supporter of IT Security News and help us remove the ads.…

Read more →

Read the original article: Doc & RTF Malicious Document, (Mon, Jan 18th) A reader pointed us to a malicious Word document.   Become a supporter of IT Security News and help us remove the ads. Read the original article: Doc…

Read more →

Read the original article: ISC Stormcast For Monday, January 18th, 2021 https://isc.sans.edu/podcastdetail.html?id=7332, (Mon, Jan 18th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Monday, January 18th, 2021 https://isc.sans.edu/podcastdetail.html?id=7332,…

Read more →

Read the original article: New Release of Sysmon Adding Detection for Process Tampering, (Sun, Jan 17th) Version 13.01 of Sysmon was released, a Windows Sysinternals tool to monitor and log system activity.   Become a supporter of IT Security News…

Read more →

Read the original article: Obfuscated DNS Queries, (Fri, Jan 15th) This week I started seeing some URL with /dns-query?dns in my honeypot[1][2]. The queries obviously did not look like a standard DNS queries, this got me curious and then proceeded…

Read more →

Read the original article: Throwback Friday: An Example of Rig Exploit Kit, (Fri, Jan 15th) Introduction   Become a supporter of IT Security News and help us remove the ads. Read the original article: Throwback Friday: An Example of Rig…

Read more →

Read the original article: ISC Stormcast For Friday, January 15th, 2021 https://isc.sans.edu/podcastdetail.html?id=7330, (Fri, Jan 15th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Friday, January 15th, 2021 https://isc.sans.edu/podcastdetail.html?id=7330,…

Read more →

Read the original article: Dynamically analyzing a heavily obfuscated Excel 4 macro malicious file, (Thu, Jan 14th) Recently I had to analyze an Excel malicious file that was caught in the wild, in a real attack. The file was used…

Read more →

Read the original article: ISC Stormcast For Thursday, January 14th, 2021 https://isc.sans.edu/podcastdetail.html?id=7328, (Thu, Jan 14th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Thursday, January 14th, 2021 https://isc.sans.edu/podcastdetail.html?id=7328,…

Read more →

Read the original article: ISC Stormcast For Wednesday, January 13th, 2021 https://isc.sans.edu/podcastdetail.html?id=7326, (Wed, Jan 13th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Wednesday, January 13th, 2021 https://isc.sans.edu/podcastdetail.html?id=7326,…

Read more →

Read the original article: Hancitor activity resumes after a hoilday break, (Wed, Jan 13th) Introduction   Become a supporter of IT Security News and help us remove the ads. Read the original article: Hancitor activity resumes after a hoilday break,…

Read more →

Read the original article: Microsoft January 2021 Patch Tuesday, (Tue, Jan 12th) This month we got patches for 83 vulnerabilities. Of these, 10 are critical, one was previously disclosed, and one is already being exploited according to Microsoft.   Become…

Read more →

Read the original article: ISC Stormcast For Tuesday, January 12th, 2021 https://isc.sans.edu/podcastdetail.html?id=7324, (Tue, Jan 12th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Tuesday, January 12th, 2021 https://isc.sans.edu/podcastdetail.html?id=7324,…

Read more →

Read the original article: Using the NVD Database and API to Keep Up with Vulnerabilities and Patches – Tool Drop: CVEScan (Part 3 of 3), (Mon, Jan 11th) Now with a firm approach to or putting an inventory and using…

Read more →

Read the original article: New version of Sysinternals released, Process Hollowing detection added in Sysmon, new registry access detection added to Procmon https://docs.microsoft.com/en-us/sysinternals/, (Mon, Jan 11th) This post doesn’t have text content, please click on the link below to view…

Read more →

Read the original article: ISC Stormcast For Monday, January 11th, 2021 https://isc.sans.edu/podcastdetail.html?id=7322, (Mon, Jan 11th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Monday, January 11th, 2021 https://isc.sans.edu/podcastdetail.html?id=7322,…

Read more →

Read the original article: Maldoc Analysis With CyberChef, (Sun, Jan 10th) In diary entry “Maldoc Strings Analysis” I show how to analyze a malicious document, by extracting and dedocing strings with command-line tools.   Become a supporter of IT Security…

Read more →

Read the original article: Maldoc Strings Analysis, (Sat, Jan 9th) As I announced in my diary entry “Strings 2021”, I will write some diary entries following a simpler method of malware analysis, namely looking for strings inside malicious files using…

Read more →

Read the original article: Using the NIST Database and API to Keep Up with Vulnerabilities and Patches – Playing with Code (Part 2 of 3), (Fri, Jan 8th) Building on yesterday's story – now that we have an inventory built…

Read more →

Read the original article: ISC Stormcast For Friday, January 8th, 2021 https://isc.sans.edu/podcastdetail.html?id=7320, (Fri, Jan 8th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Friday, January 8th, 2021 https://isc.sans.edu/podcastdetail.html?id=7320,…

Read more →

Read the original article: Using the NIST Database and API to Keep Up with Vulnerabilities and Patches (Part 1 of 3), (Thu, Jan 7th) It's been a while since NIST changed the API for their NVD (National Vulnerability Database), so…

Read more →

Read the original article: Directly related to today’s main story on CPE/CVEs – Code Exec in Cisco Jabber, all platforms https://nvd.nist.gov/vuln/detail/CVE-2020-26085, (Thu, Jan 7th) =============== Rob VandenBrink   Become a supporter of IT Security News and help us remove the…

Read more →

Read the original article: ISC Stormcast For Thursday, January 7th, 2021 https://isc.sans.edu/podcastdetail.html?id=7318, (Thu, Jan 7th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Thursday, January 7th, 2021 https://isc.sans.edu/podcastdetail.html?id=7318,…

Read more →

Read the original article: Scans for Zyxel Backdoors are Commencing., (Wed, Jan 6th) It was the day (or two days actually) before Christmas when Niels Teusing published a blog post about a back door in various Zyxel products [1]. Niels…

Read more →

Read the original article: ISC Stormcast For Wednesday, January 6th, 2021 https://isc.sans.edu/podcastdetail.html?id=7316, (Wed, Jan 6th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Wednesday, January 6th, 2021 https://isc.sans.edu/podcastdetail.html?id=7316,…

Read more →

Read the original article: Netfox Detective: An Alternative Open-Source Packet Analysis Tool , (Tue, Jan 5th) [This is a guest diary by Yee Ching Tok (personal website here (https://poppopretn.com)). Feedback welcome either via comments or our contact page (https://isc.sans.edu/contact.html)]  …

Read more →

Read the original article: ISC Stormcast For Tuesday, January 5th, 2021 https://isc.sans.edu/podcastdetail.html?id=7314, (Tue, Jan 5th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Tuesday, January 5th, 2021 https://isc.sans.edu/podcastdetail.html?id=7314,…

Read more →

Read the original article: From a small BAT file to Mass Logger infostealer, (Mon, Jan 4th) Since another year went by, I&#x27ve decided to once again check all of the malicious files, which were caught in my e-mail quarantine during…

Read more →

Read the original article: ISC Stormcast For Monday, January 4th 2021 https://isc.sans.edu/podcastdetail.html?id=7312, (Mon, Jan 4th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Monday, January 4th 2021 https://isc.sans.edu/podcastdetail.html?id=7312,…

Read more →

Read the original article: Protecting Home Office and Enterprise in 2021, (Sat, Jan 2nd) Because of COVID, 2020 saw a major shift from working at the “office” to working at home which led to shift the attacks to the user…

Read more →

Read the original article: Strings 2021, (Fri, Jan 1st) This year, for my diary entries with malware analysis, I will check each time if a malware sample can be analyzed with the strings command (or a variant). And if it…

Read more →

Read the original article: End of Year Traffic Analysis Quiz, (Thu, Dec 31st) Introduction   Become a supporter of IT Security News and help us remove the ads. Read the original article: End of Year Traffic Analysis Quiz, (Thu, Dec…

Read more →

Read the original article: TLS 1.3 is now supported by about 1 in every 5 HTTPS servers, (Wed, Dec 30th) TLS 1.3 has been with us for couple of years now[1]. It has brought significant security improvements over previous TLS…

Read more →

Read the original article: ISC Stormcast For Wednesday, December 30th 2020 https://isc.sans.edu/podcastdetail.html?id=7310, (Wed, Dec 30th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Wednesday, December 30th 2020 https://isc.sans.edu/podcastdetail.html?id=7310,…

Read more →

Read the original article: Want to know what’s in a folder you don’t have a permission to access? Try asking your AV solution…, (Tue, Dec 29th) Back in February, I wrote a diary about a small vulnerability in Windows, which…

Read more →

Read the original article: ISC Stormcast For Tuesday, December 29th 2020 https://isc.sans.edu/podcastdetail.html?id=7308, (Tue, Dec 29th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Tuesday, December 29th 2020 https://isc.sans.edu/podcastdetail.html?id=7308,…

Read more →

Read the original article: ISC Stormcast For Monday, December 28th 2020 https://isc.sans.edu/podcastdetail.html?id=7306, (Mon, Dec 28th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Monday, December 28th 2020 https://isc.sans.edu/podcastdetail.html?id=7306,…

Read more →

Read the original article: Quickie: Bit Shifting With translate.py, (Sun, Dec 27th) As promised in diary entry “Corrupt BASE64 Strings: Detection and Decoding”, I explain here how to shift bits with my translate.py tool:   Become a supporter of IT…

Read more →

Read the original article: 
Quickie: String Analysis & Maldocs, (Fri, Dec 25th) Yesterday, Xavier showed how to start analyzing a malicious Word document with my oledump.py tool.   Become a supporter of IT Security News and help us remove the…

Read more →

Read the original article: base64dump.py Supported Encodings, (Sat, Dec 26th) I explained to a friend that my tool base64dump.py, despite its name, does support many other encodings than BASE64. For example, it can detect and decode hexadecimal strings too.  …

Read more →

Read the original article: Quickie: String Analysis & Maldocs, (Fri, Dec 25th) Yesterday, Xavier showed how to start analyzing a malicious Word document with my oledump.py tool.   Become a supporter of IT Security News and help us remove the…

Read more →

Read the original article: Malicious Word Document Delivering an Octopus Backdoor, (Thu, Dec 24th) Here is an interesting malicious Word document that I spotted yesterday. This time, it does not contain a macro but two embedded objects that the victim…

Read more →

Read the original article: Analysis Dridex Dropper, IoC extraction (guest diary), (Wed, Dec 23rd) A couple of weeks ago, I assisted Xavier when he taught FOR610 in (virtual) Frankfurt. Last week, one of our students (Nicklas Keijser) sent us this…

Read more →