Read the original article: Elastalert with Sigma, (Wed, Jul 1st) This post doesn’t have text content, please click on the link below to view the original article. Elastalert with Sigma, (Wed, Jul 1st) Advertise on IT Security News. Read…
Category: SANS Internet Storm Center, InfoCON: green
ISC Snapshot: SpectX IP Hitcount Query, (Tue, Jun 30th)
Read the original article: ISC Snapshot: SpectX IP Hitcount Query, (Tue, Jun 30th) SpectX was the subject of an ISC post on SpectX4DFIR back in late April. Raido from SpectX provides us with a query to count hits from IPs…
ISC Stormcast For Tuesday, June 30th 2020 https://isc.sans.edu/podcastdetail.html?id=7060, (Tue, Jun 30th)
Read the original article: ISC Stormcast For Tuesday, June 30th 2020 https://isc.sans.edu/podcastdetail.html?id=7060, (Tue, Jun 30th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Tuesday, June 30th 2020 https://isc.sans.edu/podcastdetail.html?id=7060,…
Sysmon and Alternate Data Streams, (Mon, Jun 29th)
Read the original article: Sysmon and Alternate Data Streams, (Mon, Jun 29th) Sysmon version 11.10, released a couple of days ago, adds support for capturing content of Alternate Data Streams. Advertise on IT Security News. Read the original article:…

tcp-honeypot.py Logstash Parser & Dashboard Update, (Sun, Jun 28th)
Read the original article: 
tcp-honeypot.py Logstash Parser & Dashboard Update, (Sun, Jun 28th) This is an update for logstash and dashboard published in January for Didier's tcp-honeypot.py honeypot script. The parser has been updated to follow the Elastic Common Schema…
ISC Stormcast For Monday, June 29th 2020 https://isc.sans.edu/podcastdetail.html?id=7058, (Mon, Jun 29th)
Read the original article: ISC Stormcast For Monday, June 29th 2020 https://isc.sans.edu/podcastdetail.html?id=7058, (Mon, Jun 29th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Monday, June 29th 2020 https://isc.sans.edu/podcastdetail.html?id=7058,…
tcp-honeypot.py Logstash Parser & Dashboard Update, (Sun, Jun 28th)
Read the original article: tcp-honeypot.py Logstash Parser & Dashboard Update, (Sun, Jun 28th) This is an update for logstash and dashboard published in January for Didier's tcp-honeypot.py honeypot script. The parser has been updated to follow the Elastic Common Schema…
Video: YARA’s BASE64 Strings, (Sat, Jun 27th)
Read the original article: Video: YARA’s BASE64 Strings, (Sat, Jun 27th) In diary entry YARA's BASE64 Strings, I explain the new BASE64 feature in YARA (we're at version 4.0.2 now). Advertise on IT Security News. Read the original article:…
Share the Mic in Cyber, (Fri, Jun 26th)
Read the original article: Share the Mic in Cyber, (Fri, Jun 26th) This post doesn’t have text content, please click on the link below to view the original article. Share the Mic in Cyber, (Fri, Jun 26th) Advertise on…
ISC Stormcast For Friday, June 26th 2020 https://isc.sans.edu/podcastdetail.html?id=7056, (Fri, Jun 26th)
Read the original article: ISC Stormcast For Friday, June 26th 2020 https://isc.sans.edu/podcastdetail.html?id=7056, (Fri, Jun 26th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Friday, June 26th 2020 https://isc.sans.edu/podcastdetail.html?id=7056,…
Tech Tuesday Recap / Recordings: Part 2 (Installing the Honeypot) release., (Thu, Jun 25th)
Read the original article: Tech Tuesday Recap / Recordings: Part 2 (Installing the Honeypot) release., (Thu, Jun 25th) As mentioned during our “Tech Tuesday” session, the session itself was not recorded. Instead, I will be releasing three “stand alone” videos…
ISC Stormcast For Thursday, June 25th 2020 https://isc.sans.edu/podcastdetail.html?id=7054, (Thu, Jun 25th)
Read the original article: ISC Stormcast For Thursday, June 25th 2020 https://isc.sans.edu/podcastdetail.html?id=7054, (Thu, Jun 25th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Thursday, June 25th 2020 https://isc.sans.edu/podcastdetail.html?id=7054,…
Using Shell Links as zero-touch downloaders and to initiate network connections, (Wed, Jun 24th)
Read the original article: Using Shell Links as zero-touch downloaders and to initiate network connections, (Wed, Jun 24th) Probably anyone who has used any modern version of Windows is aware of their file-based shortcuts, also known as LNKs or Shell…
VMware security advisory VMSA-2020-0015, (Wed, Jun 24th)
Read the original article: VMware security advisory VMSA-2020-0015, (Wed, Jun 24th) VMware issued a new security advisory yesterday – VMSA-2020-0015[1]. It covers patches (in some cases still pending) for 10 different CVEs with a use-after-free vulnerability in ESXi, Workstation and…
ISC Stormcast For Wednesday, June 24th 2020 https://isc.sans.edu/podcastdetail.html?id=7052, (Wed, Jun 24th)
Read the original article: ISC Stormcast For Wednesday, June 24th 2020 https://isc.sans.edu/podcastdetail.html?id=7052, (Wed, Jun 24th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Wednesday, June 24th 2020 https://isc.sans.edu/podcastdetail.html?id=7052,…
Cyberbunker 2.0: Analysis of the Remnants of a Bullet Proof Hosting Provider, (Mon, Jun 22nd)
Read the original article: Cyberbunker 2.0: Analysis of the Remnants of a Bullet Proof Hosting Provider, (Mon, Jun 22nd) This post was written by SANS.edu graduate student Karim Lalji in cooperation with Johannes Ullrich. Advertise on IT Security News.…
ISC Stormcast For Tuesday, June 23rd 2020 https://isc.sans.edu/podcastdetail.html?id=7050, (Tue, Jun 23rd)
Read the original article: ISC Stormcast For Tuesday, June 23rd 2020 https://isc.sans.edu/podcastdetail.html?id=7050, (Tue, Jun 23rd) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Tuesday, June 23rd 2020 https://isc.sans.edu/podcastdetail.html?id=7050,…
Comparing Office Documents with WinMerge, (Mon, Jun 22nd)
Read the original article: Comparing Office Documents with WinMerge, (Mon, Jun 22nd) Sometimes I have to compare the internals of Office documents (OOXML files, e.g. ZIP container with XML files, â¦). Since they are ZIP containers, I have to compare…
ISC Stormcast For Monday, June 22nd 2020 https://isc.sans.edu/podcastdetail.html?id=7048, (Mon, Jun 22nd)
Read the original article: ISC Stormcast For Monday, June 22nd 2020 https://isc.sans.edu/podcastdetail.html?id=7048, (Mon, Jun 22nd) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Monday, June 22nd 2020 https://isc.sans.edu/podcastdetail.html?id=7048,…
ISC Handler Series: SANS@MIC – Maldocs: a bit of blue, a bit of red, (Sun, Jun 21st)
Read the original article: ISC Handler Series: SANS@MIC – Maldocs: a bit of blue, a bit of red, (Sun, Jun 21st) This week, I presented at SANSFIRE: SANS@MIC – Maldocs: a bit of blue, a bit of red. Advertise…
Pi Zero HoneyPot , (Sat, Jun 20th)
Read the original article: Pi Zero HoneyPot , (Sat, Jun 20th) The ISC has had a Pi honeypot(1) for the last couple of years, but I haven't had much time to try it on the Pi zero. Recently, I've had…
Sigma rules! The generic signature format for SIEM systems., (Fri, Jun 19th)
Read the original article: Sigma rules! The generic signature format for SIEM systems., (Fri, Jun 19th) What Snort is to network traffic, and YARA to files, is Sigma to logs. By creating and using Sigma rules you'll have generic rules…
ISC Stormcast For Friday, June 19th 2020 https://isc.sans.edu/podcastdetail.html?id=7046, (Fri, Jun 19th)
Read the original article: ISC Stormcast For Friday, June 19th 2020 https://isc.sans.edu/podcastdetail.html?id=7046, (Fri, Jun 19th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Friday, June 19th 2020 https://isc.sans.edu/podcastdetail.html?id=7046,…
Broken phishing accidentally exploiting Outlook zero-day, (Thu, Jun 18th)
Read the original article: Broken phishing accidentally exploiting Outlook zero-day, (Thu, Jun 18th) When we think of zero-days, what comes to mind are usually RCEs or other high-impact vulnerabilities. Zero-days, however, come in all shapes and sizes and many of…
ISC Stormcast For Thursday, June 18th 2020 https://isc.sans.edu/podcastdetail.html?id=7044, (Thu, Jun 18th)
Read the original article: ISC Stormcast For Thursday, June 18th 2020 https://isc.sans.edu/podcastdetail.html?id=7044, (Thu, Jun 18th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Thursday, June 18th 2020 https://isc.sans.edu/podcastdetail.html?id=7044,…
ISC Stormcast For Wednesday, June 17th 2020 https://isc.sans.edu/podcastdetail.html?id=7042, (Wed, Jun 17th)
Read the original article: ISC Stormcast For Wednesday, June 17th 2020 https://isc.sans.edu/podcastdetail.html?id=7042, (Wed, Jun 17th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Wednesday, June 17th 2020 https://isc.sans.edu/podcastdetail.html?id=7042,…
Odd “Protest” Spam (Scam?) Targeting Atlanta Police Foundation, (Tue, Jun 16th)
Read the original article: Odd “Protest” Spam (Scam?) Targeting Atlanta Police Foundation, (Tue, Jun 16th) After the killing of Rayshard Brooks by Atlanta police this week, a lot of protests and anger was directed at the Atlanta police department and…
Sextortion to The Next Level, (Tue, Jun 16th)
Read the original article: Sextortion to The Next Level, (Tue, Jun 16th) For a long time, our mailboxes are flooded with emails from âhackersâ (note the quotes) who pretend to have infected our computers with malware. The scenario is always…
ISC Stormcast For Tuesday, June 16th 2020 https://isc.sans.edu/podcastdetail.html?id=7040, (Tue, Jun 16th)
Read the original article: ISC Stormcast For Tuesday, June 16th 2020 https://isc.sans.edu/podcastdetail.html?id=7040, (Tue, Jun 16th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Tuesday, June 16th 2020 https://isc.sans.edu/podcastdetail.html?id=7040,…
HTML based Phishing Run, (Mon, Jun 15th)
Read the original article: HTML based Phishing Run, (Mon, Jun 15th) An intresting phishing run started over the weekend. At first glance it looks pretty typical…a clumsy email with an attachment with some vital and useful information. Although I have…
VMWare Security Advisory – VMSA-2020-0013 – https://www.vmware.com/security/advisories/VMSA-2020-0013.html, (Mon, Jun 15th)
Read the original article: VMWare Security Advisory – VMSA-2020-0013 – https://www.vmware.com/security/advisories/VMSA-2020-0013.html, (Mon, Jun 15th) — Rick Wanner MSISE – rwanner at isc dot sans dot edu – http://namedeplume.blogspot.com/ – Twitter:namedeplume (Protected) Advertise on IT Security News. Read the original…
ISC Stormcast For Monday, June 15th 2020 https://isc.sans.edu/podcastdetail.html?id=7038, (Mon, Jun 15th)
Read the original article: ISC Stormcast For Monday, June 15th 2020 https://isc.sans.edu/podcastdetail.html?id=7038, (Mon, Jun 15th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Monday, June 15th 2020 https://isc.sans.edu/podcastdetail.html?id=7038,…
YARA’s BASE64 Strings, (Sun, Jun 14th)
Read the original article: YARA’s BASE64 Strings, (Sun, Jun 14th) Since YARA version 4.0.0, Victor added support for detecting BASE64 encoded strings. Advertise on IT Security News. Read the original article: YARA’s BASE64 Strings, (Sun, Jun 14th)
Mirai Botnet Activity, (Sat, Jun 13th)
Read the original article: Mirai Botnet Activity, (Sat, Jun 13th) This past week, I noticed new activity from the Mirai botnet in my honeypot. The sample log with the IP and file associated with the first log appears to have…
Malicious Excel Delivering Fileless Payload, (Fri, Jun 12th)
Read the original article: Malicious Excel Delivering Fileless Payload, (Fri, Jun 12th) Macros in Office documents are so common today that my honeypots and hunting scripts catch a lot of them daily. I try to keep an eye on them…
ISC Stormcast For Friday, June 12th 2020 https://isc.sans.edu/podcastdetail.html?id=7036, (Fri, Jun 12th)
Read the original article: ISC Stormcast For Friday, June 12th 2020 https://isc.sans.edu/podcastdetail.html?id=7036, (Fri, Jun 12th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Friday, June 12th 2020 https://isc.sans.edu/podcastdetail.html?id=7036,…
Anti-Debugging JavaScript Techniques, (Thu, Jun 11th)
Read the original article: Anti-Debugging JavaScript Techniques, (Thu, Jun 11th) For developers who write malicious programs, it’s important to make their code not easy to be read and executed in a sandbox. Like most languages, there are many ways to…
ISC Stormcast For Thursday, June 11th 2020 https://isc.sans.edu/podcastdetail.html?id=7034, (Thu, Jun 11th)
Read the original article: ISC Stormcast For Thursday, June 11th 2020 https://isc.sans.edu/podcastdetail.html?id=7034, (Thu, Jun 11th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Thursday, June 11th 2020 https://isc.sans.edu/podcastdetail.html?id=7034,…
ISC Stormcast For Wednesday, June 10th 2020 https://isc.sans.edu/podcastdetail.html?id=7032, (Wed, Jun 10th)
Read the original article: ISC Stormcast For Wednesday, June 10th 2020 https://isc.sans.edu/podcastdetail.html?id=7032, (Wed, Jun 10th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Wednesday, June 10th 2020 https://isc.sans.edu/podcastdetail.html?id=7032,…
Job application-themed malspam pushes ZLoader, (Wed, Jun 10th)
Read the original article: Job application-themed malspam pushes ZLoader, (Wed, Jun 10th) Introduction Advertise on IT Security News. Read the original article: Job application-themed malspam pushes ZLoader, (Wed, Jun 10th)
Microsoft June 2020 Patch Tuesday, (Tue, Jun 9th)
Read the original article: Microsoft June 2020 Patch Tuesday, (Tue, Jun 9th) This month we got patches for 130 vulnerabilities. Of these, 12 are critical and none of them was previously disclosed or is being exploited according to Microsoft. …
ISC Stormcast For Tuesday, June 9th 2020 https://isc.sans.edu/podcastdetail.html?id=7030, (Tue, Jun 9th)
Read the original article: ISC Stormcast For Tuesday, June 9th 2020 https://isc.sans.edu/podcastdetail.html?id=7030, (Tue, Jun 9th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Tuesday, June 9th 2020 https://isc.sans.edu/podcastdetail.html?id=7030,…
Translating BASE64 Obfuscated Scripts, (Mon, Jun 8th)
Read the original article: Translating BASE64 Obfuscated Scripts, (Mon, Jun 8th) I often get requests for help with deobfuscating scripts. I have several tools that can help. Advertise on IT Security News. Read the original article: Translating BASE64 Obfuscated…
ISC Stormcast For Monday, June 8th 2020 https://isc.sans.edu/podcastdetail.html?id=7028, (Mon, Jun 8th)
Read the original article: ISC Stormcast For Monday, June 8th 2020 https://isc.sans.edu/podcastdetail.html?id=7028, (Mon, Jun 8th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Monday, June 8th 2020 https://isc.sans.edu/podcastdetail.html?id=7028,…
Cyber Security for Protests, (Fri, Jun 5th)
Read the original article: Cyber Security for Protests, (Fri, Jun 5th) Modern-day protests are as much about social media and voicing your opinions online, as they are about showing up “in person”. When attending a protest, it is important to…
Cyber Security for Protestors, (Fri, Jun 5th)
Read the original article: Cyber Security for Protestors, (Fri, Jun 5th) Modern-day protests are as much about social media and voicing your opinions online, as they are about showing up “in person”. When attending a protest, it is important to…
Not so FastCGI!, (Fri, Jun 5th)
Read the original article: Not so FastCGI!, (Fri, Jun 5th) This past month, we've seen some new and different scans targeting tcp ports between 8000 and 10,000. The first occurrence was on 30 April 2020 and originated from ip address…
ISC Stormcast For Friday, June 5th 2020 https://isc.sans.edu/podcastdetail.html?id=7026, (Fri, Jun 5th)
Read the original article: ISC Stormcast For Friday, June 5th 2020 https://isc.sans.edu/podcastdetail.html?id=7026, (Fri, Jun 5th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Friday, June 5th 2020 https://isc.sans.edu/podcastdetail.html?id=7026,…
Suspending Suspicious Domain Feed / Update to Researcher IP Feed, (Thu, Jun 4th)
Read the original article: Suspending Suspicious Domain Feed / Update to Researcher IP Feed, (Thu, Jun 4th) Yesterday, Peter from DNSFilter send us a message noting that many of the domains in our “Suspicious Domain” feed no longer resolved, and…
Anti-Debugging Technique based on Memory Protection, (Thu, Jun 4th)
Read the original article: Anti-Debugging Technique based on Memory Protection, (Thu, Jun 4th) Many modern malware samples implement defensive techniques. First of all, we have to distinguish sandbox-evasion and anti-debugging techniques. Today, sandboxes are an easy and quick way to…
ISC Stormcast For Thursday, June 4th 2020 https://isc.sans.edu/podcastdetail.html?id=7024, (Thu, Jun 4th)
Read the original article: ISC Stormcast For Thursday, June 4th 2020 https://isc.sans.edu/podcastdetail.html?id=7024, (Thu, Jun 4th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Thursday, June 4th 2020 https://isc.sans.edu/podcastdetail.html?id=7024,…
ISC Stormcast For Wednesday, June 3rd 2020 https://isc.sans.edu/podcastdetail.html?id=7022, (Wed, Jun 3rd)
Read the original article: ISC Stormcast For Wednesday, June 3rd 2020 https://isc.sans.edu/podcastdetail.html?id=7022, (Wed, Jun 3rd) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Wednesday, June 3rd 2020 https://isc.sans.edu/podcastdetail.html?id=7022,…
Polish malspam pushes ZLoader malware, (Thu, Jun 4th)
Read the original article: Polish malspam pushes ZLoader malware, (Thu, Jun 4th) Introduction Advertise on IT Security News. Read the original article: Polish malspam pushes ZLoader malware, (Thu, Jun 4th)
Stackstrings, type 2, (Mon, Jun 1st)
Read the original article: Stackstrings, type 2, (Mon, Jun 1st) Update 1: Added disassembler output. Advertise on IT Security News. Read the original article: Stackstrings, type 2, (Mon, Jun 1st)
ISC Stormcast For Tuesday, June 2nd 2020 https://isc.sans.edu/podcastdetail.html?id=7020, (Tue, Jun 2nd)
Read the original article: ISC Stormcast For Tuesday, June 2nd 2020 https://isc.sans.edu/podcastdetail.html?id=7020, (Tue, Jun 2nd) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Tuesday, June 2nd 2020 https://isc.sans.edu/podcastdetail.html?id=7020,…
XLMMacroDeobfuscator: An Update, (Mon, Jun 1st)
Read the original article: XLMMacroDeobfuscator: An Update, (Mon, Jun 1st) XLMMacroDeobfuscator is an open-source tool to deobfuscate Excel 4 macros. I wrote diary entries about it here and here. Advertise on IT Security News. Read the original article: XLMMacroDeobfuscator:…
ISC Stormcast For Monday, June 1st 2020 https://isc.sans.edu/podcastdetail.html?id=7018, (Mon, Jun 1st)
Read the original article: ISC Stormcast For Monday, June 1st 2020 https://isc.sans.edu/podcastdetail.html?id=7018, (Mon, Jun 1st) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Monday, June 1st 2020 https://isc.sans.edu/podcastdetail.html?id=7018,…
Windows 10 Built-in Packet Sniffer – PktMon, (Sun, May 31st)
Read the original article: Windows 10 Built-in Packet Sniffer – PktMon, (Sun, May 31st) Microsoft released with the October 2018 Update a built-in packet sniffer for Windows 10 located in C:\Windows\system32\PktMon.exe. At ISC we like packets and this is one…
YARA v4.0.1, (Sat, May 30th)
Read the original article: YARA v4.0.1, (Sat, May 30th) A couple of weeks ago, YARA 4.0.0. was released with support for BASE64 strings. Advertise on IT Security News. Read the original article: YARA v4.0.1, (Sat, May 30th)
The Impact of Researchers on Our Data, (Fri, May 29th)
Read the original article: The Impact of Researchers on Our Data, (Fri, May 29th) Researchers have been using various tools to perform internet-wide scans for many years. Some will publish data continuously to either notify users of infected or misconfigured…
ISC Stormcast For Friday, May 29th 2020 https://isc.sans.edu/podcastdetail.html?id=7016, (Fri, May 29th)
Read the original article: ISC Stormcast For Friday, May 29th 2020 https://isc.sans.edu/podcastdetail.html?id=7016, (Fri, May 29th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Friday, May 29th 2020 https://isc.sans.edu/podcastdetail.html?id=7016,…
Flashback on CVE-2019-19781, (Thu, May 28th)
Read the original article: Flashback on CVE-2019-19781, (Thu, May 28th) First of all, did you know that the Flame[1] malware turned 8 years today! Happy Birthday! This famous malware discovered was announced on May 28th, 2012. The malware was used…
ISC Stormcast For Thursday, May 28th 2020 https://isc.sans.edu/podcastdetail.html?id=7014, (Thu, May 28th)
Read the original article: ISC Stormcast For Thursday, May 28th 2020 https://isc.sans.edu/podcastdetail.html?id=7014, (Thu, May 28th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Thursday, May 28th 2020 https://isc.sans.edu/podcastdetail.html?id=7014,…
Frankenstein’s phishing using Google Cloud Storage, (Wed, May 27th)
Read the original article: Frankenstein’s phishing using Google Cloud Storage, (Wed, May 27th) Phishing e-mail messages and/or web pages are often unusual in one way or another from the technical standpoint â some are surprisingly sophisticated, while others are incredibly…
ISC Stormcast For Wednesday, May 27th 2020 https://isc.sans.edu/podcastdetail.html?id=7012, (Wed, May 27th)
Read the original article: ISC Stormcast For Wednesday, May 27th 2020 https://isc.sans.edu/podcastdetail.html?id=7012, (Wed, May 27th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Wednesday, May 27th 2020 https://isc.sans.edu/podcastdetail.html?id=7012,…
Seriously, SHA3 where art thou?, (Tue, May 26th)
Read the original article: Seriously, SHA3 where art thou?, (Tue, May 26th) A couple weeks ago, Rob wrote a couple of nice diaries. In our private handlers slack channel I was joking after the first one about whether he was…
ISC Stormcast For Tuesday, May 26th 2020 https://isc.sans.edu/podcastdetail.html?id=7010, (Tue, May 26th)
Read the original article: ISC Stormcast For Tuesday, May 26th 2020 https://isc.sans.edu/podcastdetail.html?id=7010, (Tue, May 26th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Tuesday, May 26th 2020 https://isc.sans.edu/podcastdetail.html?id=7010,…
Zloader Maldoc Analysis With xlm-deobfuscator, (Sun, May 24th)
Read the original article: Zloader Maldoc Analysis With xlm-deobfuscator, (Sun, May 24th) Reader Roland submitted a malicious Zloader Excel 4 macro spreadsheet (MD5 82c12e7fe6cabf5edc0bdaa760b4b8c8). Advertise on IT Security News. Read the original article: Zloader Maldoc Analysis With xlm-deobfuscator, (Sun,…
Wireshark 3.2.4 Released, (Sun, May 24th)
Read the original article: Wireshark 3.2.4 Released, (Sun, May 24th) Wireshark version 3.2.4 was released. Advertise on IT Security News. Read the original article: Wireshark 3.2.4 Released, (Sun, May 24th)
AgentTesla Delivered via a Malicious PowerPoint Add-In, (Sat, May 23rd)
Read the original article: AgentTesla Delivered via a Malicious PowerPoint Add-In, (Sat, May 23rd) Attackers are always trying to find new ways to deliver malicious code to their victims. Microsoft Word and Excel are documents that can be easily weaponized…
Some Strings to Remember, (Fri, May 22nd)
Read the original article: Some Strings to Remember, (Fri, May 22nd) When you handle unknown files, be it for malware analysis or other reasons, it helps to know some strings / hexadecimal sequences to quickly recognize file types and file…
ISC Stormcast For Friday, May 22nd 2020 https://isc.sans.edu/podcastdetail.html?id=7008, (Fri, May 22nd)
Read the original article: ISC Stormcast For Friday, May 22nd 2020 https://isc.sans.edu/podcastdetail.html?id=7008, (Fri, May 22nd) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Friday, May 22nd 2020 https://isc.sans.edu/podcastdetail.html?id=7008,…
Malware Triage with FLOSS: API Calls Based Behavior, (Thu, May 21st)
Read the original article: Malware Triage with FLOSS: API Calls Based Behavior, (Thu, May 21st) Malware triage is a key component of your hunting process. When you collect suspicious files from multiple sources, you need a tool to automatically process…
ISC Stormcast For Thursday, May 21st 2020 https://isc.sans.edu/podcastdetail.html?id=7006, (Thu, May 21st)
Read the original article: ISC Stormcast For Thursday, May 21st 2020 https://isc.sans.edu/podcastdetail.html?id=7006, (Thu, May 21st) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Thursday, May 21st 2020 https://isc.sans.edu/podcastdetail.html?id=7006,…
ISC Stormcast For Wednesday, May 20th 2020 https://isc.sans.edu/podcastdetail.html?id=7004, (Wed, May 20th)
Read the original article: ISC Stormcast For Wednesday, May 20th 2020 https://isc.sans.edu/podcastdetail.html?id=7004, (Wed, May 20th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Wednesday, May 20th 2020 https://isc.sans.edu/podcastdetail.html?id=7004,…
Microsoft Word document with malicious macro pushes IcedID (Bokbot), (Wed, May 20th)
Read the original article: Microsoft Word document with malicious macro pushes IcedID (Bokbot), (Wed, May 20th) Introduction Advertise on IT Security News. Read the original article: Microsoft Word document with malicious macro pushes IcedID (Bokbot), (Wed, May 20th)
Wireshark Release – 2.6.17, 3.0.11 and 3.2.4 – https://www.wireshark.org/news/20200519.html, (Tue, May 19th)
Read the original article: Wireshark Release – 2.6.17, 3.0.11 and 3.2.4 – https://www.wireshark.org/news/20200519.html, (Tue, May 19th) — Rick Wanner MSISE – rwanner at isc dot sans dot edu – http://namedeplume.blogspot.com/ – Twitter:namedeplume (Protected) Advertise on IT Security News. Read…
VMWare Security Advisory – VMSA-2020-0010 – https://www.vmware.com/security/advisories/VMSA-2020-0010.html, (Tue, May 19th)
Read the original article: VMWare Security Advisory – VMSA-2020-0010 – https://www.vmware.com/security/advisories/VMSA-2020-0010.html, (Tue, May 19th) — Rick Wanner MSISE – rwanner at isc dot sans dot edu – http://namedeplume.blogspot.com/ – Twitter:namedeplume (Protected) Advertise on IT Security News. Read the original…
Cisco Advisories for FTD, ASA, Firepower 1000, (Tue, May 19th)
Read the original article: Cisco Advisories for FTD, ASA, Firepower 1000, (Tue, May 19th) Cisco has released a number of advisories for Firepower and Adaptive Security Appliance (ASA). Advertise on IT Security News. Read the original article: Cisco…
What is up on Port 62234?, (Tue, May 19th)
Read the original article: What is up on Port 62234?, (Tue, May 19th) Here at the ISC we provide access to a number of bits of data which can be used to dig into problems or even as an early…
ISC Stormcast For Tuesday, May 19th 2020 https://isc.sans.edu/podcastdetail.html?id=7002, (Tue, May 19th)
Read the original article: ISC Stormcast For Tuesday, May 19th 2020 https://isc.sans.edu/podcastdetail.html?id=7002, (Tue, May 19th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Tuesday, May 19th 2020 https://isc.sans.edu/podcastdetail.html?id=7002,…
Automating nmap scans, (Mon, May 18th)
Read the original article: Automating nmap scans, (Mon, May 18th) With last week's diary I left you with using a relatively basic nmap command to perform a relatively thorough scan of an IP range. That command was: Advertise on…

Antivirus & Multiple Detections, (Sun, May 17th)
Read the original article: 
Antivirus & Multiple Detections, (Sun, May 17th) “When a file contains more than one signature, for example EICAR and a real virus, what will the antivirus report?”. Advertise on IT Security News. Read the original…
ISC Stormcast For Monday, May 18th 2020 https://isc.sans.edu/podcastdetail.html?id=7000, (Mon, May 18th)
Read the original article: ISC Stormcast For Monday, May 18th 2020 https://isc.sans.edu/podcastdetail.html?id=7000, (Mon, May 18th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Monday, May 18th 2020 https://isc.sans.edu/podcastdetail.html?id=7000,…

Scanning for Outlook Web Access (OWA) & Microsoft Exchange Control Panel (ECP), (Sat, May 16th)
Read the original article: 
Scanning for Outlook Web Access (OWA) & Microsoft Exchange Control Panel (ECP), (Sat, May 16th) This past two weeks my honeypot captured several probe for this URL /owa/auth/logon.aspx?url=https://1/ecp/ looking for the Exchange Control Panel. In the…
Antivirus & Multiple Detections, (Sun, May 17th)
Read the original article: Antivirus & Multiple Detections, (Sun, May 17th) “When a file contains more than one signature, for example EICAR and a real virus, what will the antivirus report?”. Advertise on IT Security News. Read the original…
Scanning for Outlook Web Access (OWA) & Microsoft Exchange Control Panel (ECP), (Sat, May 16th)
Read the original article: Scanning for Outlook Web Access (OWA) & Microsoft Exchange Control Panel (ECP), (Sat, May 16th) This past two weeks my honeypot captured several probe for this URL /owa/auth/logon.aspx?url=https://1/ecp/ looking for the Exchange Control Panel. In the…
SHA3 Hashes (on Windows) – Where Art Thou?, (Fri, May 15th)
Read the original article: SHA3 Hashes (on Windows) – Where Art Thou?, (Fri, May 15th) No sooner had posted on doing file and string hashes in PowerShell, when I (again) got asked by Jim – “What about SHA3?  Shouldn't we…
Hashes in PowerShell, (Fri, May 15th)
Read the original article: Hashes in PowerShell, (Fri, May 15th) As a follow up to yesterday's how-to, I thought hashing might a thing to cover. We use hashes all the time, but it's annoying that md5sum, sha1sum and sha256sum aren't…
ISC Stormcast For Friday, May 15th 2020 https://isc.sans.edu/podcastdetail.html?id=6998, (Fri, May 15th)
Read the original article: ISC Stormcast For Friday, May 15th 2020 https://isc.sans.edu/podcastdetail.html?id=6998, (Fri, May 15th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Friday, May 15th 2020 https://isc.sans.edu/podcastdetail.html?id=6998,…
Patch Tuesday Revisited – CVE-2020-1048 isn’t as “Medium” as MS Would Have You Believe, (Thu, May 14th)
Read the original article: Patch Tuesday Revisited – CVE-2020-1048 isn’t as “Medium” as MS Would Have You Believe, (Thu, May 14th) Looking at our patch Tuesday list, I looked a bit closer at CE-2020-1048 (Print Spooler Privilege Escalation) and Microsoft's…
Base Conversions and Creating GUI Apps in PowerShell, (Thu, May 14th)
Read the original article: Base Conversions and Creating GUI Apps in PowerShell, (Thu, May 14th) I don't know about you, but I find myself doing conversions from decimal to hex and binary several times per day. For me, working out…
ISC Stormcast For Thursday, May 14th 2020 https://isc.sans.edu/podcastdetail.html?id=6996, (Thu, May 14th)
Read the original article: ISC Stormcast For Thursday, May 14th 2020 https://isc.sans.edu/podcastdetail.html?id=6996, (Thu, May 14th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Thursday, May 14th 2020 https://isc.sans.edu/podcastdetail.html?id=6996,…
ISC Stormcast For Wednesday, May 13th 2020 https://isc.sans.edu/podcastdetail.html?id=6994, (Wed, May 13th)
Read the original article: ISC Stormcast For Wednesday, May 13th 2020 https://isc.sans.edu/podcastdetail.html?id=6994, (Wed, May 13th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Wednesday, May 13th 2020 https://isc.sans.edu/podcastdetail.html?id=6994,…
Malspam with links to zip archives pushes Dridex malware, (Wed, May 13th)
Read the original article: Malspam with links to zip archives pushes Dridex malware, (Wed, May 13th) Introduction Advertise on IT Security News. Read the original article: Malspam with links to zip archives pushes Dridex malware, (Wed, May 13th)
Microsoft May 2020 Patch Tuesday, (Tue, May 12th)
Read the original article: Microsoft May 2020 Patch Tuesday, (Tue, May 12th) This month we got an average Patch Tuesday with patches for 111 vulnerabilities total. Sixteen of them are critical and, according to Microsoft, none of them was previously…
ISC Stormcast For Tuesday, May 12th 2020 https://isc.sans.edu/podcastdetail.html?id=6992, (Tue, May 12th)
Read the original article: ISC Stormcast For Tuesday, May 12th 2020 https://isc.sans.edu/podcastdetail.html?id=6992, (Tue, May 12th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Tuesday, May 12th 2020 https://isc.sans.edu/podcastdetail.html?id=6992,…
Excel 4 Macro Analysis: XLMMacroDeobfuscator, (Mon, May 11th)
Read the original article: Excel 4 Macro Analysis: XLMMacroDeobfuscator, (Mon, May 11th) Malicious Excel 4 macro documents become more prevalent. They are so obfuscated now, that analysis requires calculations of many formulas. Advertise on IT Security News. Read the…
ISC Stormcast For Monday, May 11th 2020 https://isc.sans.edu/podcastdetail.html?id=6990, (Mon, May 11th)
Read the original article: ISC Stormcast For Monday, May 11th 2020 https://isc.sans.edu/podcastdetail.html?id=6990, (Mon, May 11th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Monday, May 11th 2020 https://isc.sans.edu/podcastdetail.html?id=6990,…
YARA v4.0.0: BASE64 Strings, (Sun, May 10th)
Read the original article: YARA v4.0.0: BASE64 Strings, (Sun, May 10th) YARA version 4.0.0 was released. Advertise on IT Security News. Read the original article: YARA v4.0.0: BASE64 Strings, (Sun, May 10th)