Sometimes, you’ve to quickly investigate a webserver logs for potential malicious activity. If you're lucky, logs are already indexed in real-time in a log management solution and you can automatically launch some hunting queries. If that's not the case, you…
Tag: SANS Internet Storm Center, InfoCON: green
ISC Stormcast For Friday, March 29th, 2024 https://isc.sans.edu/podcastdetail/8916, (Fri, Mar 29th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, March 29th, 2024…
From JavaScript to AsyncRAT, (Thu, Mar 28th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: From JavaScript to AsyncRAT, (Thu, Mar 28th)
ISC Stormcast For Thursday, March 28th, 2024 https://isc.sans.edu/podcastdetail/8914, (Thu, Mar 28th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, March 28th, 2024…
Scans for Apache OfBiz, (Wed, Mar 27th)
Today, I noticed in our “first seen URL” list, two URLs I didn't immediately recognize: This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Scans for Apache OfBiz, (Wed, Mar 27th)
ISC Stormcast For Wednesday, March 27th, 2024 https://isc.sans.edu/podcastdetail/8912, (Wed, Mar 27th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, March 27th, 2024…
New tool: linux-pkgs.sh, (Sun, Mar 24th)
During a recent Linux forensic engagement, a colleague asked if there was anyway to tell what packages were installed on a victim image. As we talk about in FOR577, depending on which tool you run on a live system and…
ISC Stormcast For Tuesday, March 26th, 2024 https://isc.sans.edu/podcastdetail/8910, (Tue, Mar 26th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, March 26th, 2024…
Apple Updates for MacOS, iOS/iPadOS and visionOS, (Mon, Mar 25th)
Last week, Apple published updates for iOS and iPadOS. At that time, Apple withheld details about the security content of the update. This is typical if future updates for other operating systems will fix the same vulnerability. Apple's operating systems…
Tool updates: le-hex-to-ip.py and sigs.py, (Sun, Mar 24th)
I am TA-ing for Taz for the new SANS FOR577 class again and I figured it was time to release some fixes to my le-hex-to-ip.py script that I wrote up last fall while doing the same. I still plan to…
ISC Stormcast For Monday, March 25th, 2024 https://isc.sans.edu/podcastdetail/8908, (Mon, Mar 25th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, March 25th, 2024…
1768.py’s Experimental Mode, (Sat, Mar 23rd)
The reason I extracted a PE file in my last diary entry, is that I discovered it was the dropper of a Cobalt Strike beacon @DebugPrivilege had pointed me to. My 1768.py tool crashed on the process memory dump. This…
ISC Stormcast For Friday, March 22nd, 2024 https://isc.sans.edu/podcastdetail/8906, (Fri, Mar 22nd)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, March 22nd, 2024…
Whois “geofeed” Data, (Thu, Mar 21st)
Attributing a particular IP address to a specific location is hard and often fails miserably. There are several difficulties that I have talked about before: Out-of-date whois data, data that is outright fake, or was never correct in the first…
ISC Stormcast For Thursday, March 21st, 2024 https://isc.sans.edu/podcastdetail/8904, (Thu, Mar 21st)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, March 21st, 2024…
Scans for Fortinet FortiOS and the CVE-2024-21762 vulnerability, (Wed, Mar 20th)
Late last week, an exploit surfaced on GitHub for CVE-2024-21762 [1]. This vulnerability affects Fortinet's FortiOS. A patch was released on February 8th. Owners of affected devices had over a month to patch [2]. A few days prior to the GitHub…
ISC Stormcast For Wednesday, March 20th, 2024 https://isc.sans.edu/podcastdetail/8902, (Wed, Mar 20th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, March 20th, 2024…
Attacker Hunting Firewalls, (Tue, Mar 19th)
Firewalls and other perimeter devices are a huge target these days. Ivanti, Forigate, Citrix, and others offer plenty of difficult-to-patch vulnerabilities for attackers to exploit. Ransomware actors and others are always on the lookout for new victims. However, being and…
ISC Stormcast For Tuesday, March 19th, 2024 https://isc.sans.edu/podcastdetail/8900, (Tue, Mar 19th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, March 19th, 2024…
ISC Stormcast For Monday, March 18th, 2024 https://isc.sans.edu/podcastdetail/8898, (Mon, Mar 18th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, March 18th, 2024…
Gamified Learning: Using Capture the Flag Challenges to Supplement Cybersecurity Training [Guest Diary], (Sun, Mar 17th)
[This is a Guest Diary by Joshua Woodward, an ISC intern as part of the SANS.edu BACS program] This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Gamified Learning: Using Capture the Flag…
Obfuscated Hexadecimal Payload, (Sat, Mar 16th)
This PE file contains an obfuscated hexadecimal-encoded payload. When I analyze it with base64dump.py searching for all supported encodings, a very long payload is detected: This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original…
ISC Stormcast For Friday, March 15th, 2024 https://isc.sans.edu/podcastdetail/8896, (Fri, Mar 15th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, March 15th, 2024…
5Ghoul Revisited: Three Months Later, (Fri, Mar 15th)
About three months ago, I wrote about the implications and impacts of 5Ghoul in a previous diary [1]. The 5Ghoul family of vulnerabilities could cause User Equipment (UEs) to be continuously exploited (e.g. dropping/freezing connections, which would require manual rebooting…
Increase in the number of phishing messages pointing to IPFS and to R2 buckets, (Thu, Mar 14th)
Credential-stealing phishing is constantly evolving, nevertheless, some aspects of it – by necessity – stay the same. One thing, which is constant, is the need for a credential gathering mechanism, and although threat actors have come up with a number…
ISC Stormcast For Thursday, March 14th, 2024 https://isc.sans.edu/podcastdetail/8894, (Thu, Mar 14th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, March 14th, 2024…
Using ChatGPT to Deobfuscate Malicious Scripts, (Wed, Mar 13th)
Today, most of the malicious scripts in the wild are heavily obfuscated. Obfuscation is key to slow down the security analyst's job and to bypass simple security controls. They are many techniques available. Most of the time, your trained eyes…
ISC Stormcast For Wednesday, March 13th, 2024 https://isc.sans.edu/podcastdetail/8892, (Wed, Mar 13th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, March 13th, 2024…
Microsoft Patch Tuesday – March 2024, (Tue, Mar 12th)
This month's patches are oddly “light”. We have patches for 60 vulnerabilities and 4 Chromium patches affecting Microsoft Edge. But only two of the vulnerabilities are rated as “Critical”: This article has been indexed from SANS Internet Storm Center, InfoCON:…
ISC Stormcast For Tuesday, March 12th, 2024 https://isc.sans.edu/podcastdetail/8890, (Tue, Mar 12th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, March 12th, 2024…
ISC Stormcast For Monday, March 11th, 2024 https://isc.sans.edu/podcastdetail/8888, (Mon, Mar 11th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, March 11th, 2024…
What happens when you accidentally leak your AWS API keys? [Guest Diary], (Sun, Mar 10th)
[This is a Guest Diary by Noah Pack, an ISC intern as part of the SANS.edu BACS program] This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: What happens when you accidentally leak…
ISC Stormcast For Friday, March 8th, 2024 https://isc.sans.edu/podcastdetail/8886, (Fri, Mar 8th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, March 8th, 2024…
MacOS Patches (and Safari, TVOS, VisionOS, WatchOS), (Fri, Mar 8th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: MacOS Patches (and Safari, TVOS, VisionOS, WatchOS), (Fri, Mar 8th)
[Guest Diary] AWS Deployment Risks – Configuration and Credential File Targeting, (Thu, Mar 7th)
[This is a Guest Diary by Josh Lockwood, an ISC intern as part of the SANS.edu Bachelor's Degree in Applied Cybersecurity (BACS) program [1]. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article:…
ISC Stormcast For Thursday, March 7th, 2024 https://isc.sans.edu/podcastdetail/8884, (Thu, Mar 7th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, March 7th, 2024…
Scanning and abusing the QUIC protocol, (Wed, Mar 6th)
The QUIC protocol has slowly (pun intended) crawled into our browsers and many other protocols. Last week, at BSides Zagreb I presented some research I did about applications using (and abusing) this protocol, so it made sense to put this…
ISC Stormcast For Wednesday, March 6th, 2024 https://isc.sans.edu/podcastdetail/8882, (Wed, Mar 6th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, March 6th, 2024…
Apple Releases iOS/iPadOS Updates with Zero Day Fixes., (Tue, Mar 5th)
Apple today released iOS 17.4 as well as iOS 16.7.6 (and the respective iPadOS versions). These updates fix a total of four vulnerabilities. Two of the vulnerabilities are already being exploited. CVE-2024-23225 is a privilege escalation issue and only affects…
Why Your Firewall Will Kill You, (Tue, Mar 5th)
The last few years have been great for attackers exploiting basic web application vulnerabilities. Usually, home and small business products from companies like Linksys, D-Link, and Ubiquity are known to be favorite targets. But over the last couple of years,…
ISC Stormcast For Tuesday, March 5th, 2024 https://isc.sans.edu/podcastdetail/8880, (Tue, Mar 5th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, March 5th, 2024…
ISC Stormcast For Monday, March 4th, 2024 https://isc.sans.edu/podcastdetail/8878, (Mon, Mar 4th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, March 4th, 2024…
Capturing DShield Packets with a LAN Tap [Guest Diary], (Sun, Mar 3rd)
[This is a Guest Diary by Christopher Von Reybyton, an ISC intern as part of the SANS.edu BACS program] This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Capturing DShield Packets with a…
ISC Stormcast For Friday, March 1st, 2024 https://isc.sans.edu/podcastdetail/8876, (Fri, Mar 1st)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, March 1st, 2024…
Scanning for Confluence CVE-2022-26134, (Fri, Mar 1st)
I have added daemonlogger [1] for packet capture and Arkime [2] to visualize the packets captured by my DShield sensor and started noticing this activity that so far only gone to TCP/8090 which is URL and base64 encoded. The DShield…
[Guest Diary] Dissecting DarkGate: Modular Malware Delivery and Persistence as a Service., (Thu, Feb 29th)
[This is a Guest Diary by John Moutos, an ISC intern as part of the SANS.edu Bachelor's Degree in Applied Cybersecurity (BACS) program [1]. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article:…
ISC Stormcast For Thursday, February 29th, 2024 https://isc.sans.edu/podcastdetail/8874, (Thu, Feb 29th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, February 29th, 2024…
Exploit Attempts for Unknown Password Reset Vulnerability, (Wed, Feb 28th)
My Google skills let me down this morning, attempting to figure out which vulnerability is exactly being exploited by these “forgotuserpassword.action” scans. Maybe someone else can help me out here. Based on the scans, I do not believe this is…
ISC Stormcast For Wednesday, February 28th, 2024 https://isc.sans.edu/podcastdetail/8872, (Wed, Feb 28th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, February 28th, 2024…
Take Downs and the Rest of Us: Do they matter?, (Tue, Feb 27th)
Last week, the US Department of Justice published a press release entitled “Justice Department Conducts Court-Authorized Disruption of Botnet Controlled by the Russian Federation's Main Intelligence Directorate of the General Staff (GRU)” [1]. The disruption targeted a botnet built using…
Takes Downs and the Rest of Us: Do they matter?, (Tue, Feb 27th)
Last week, the US Department of Justice published a press release entitled “Justice Department Conducts Court-Authorized Disruption of Botnet Controlled by the Russian Federation's Main Intelligence Directorate of the General Staff (GRU)” [1]. The disruption targeted a botnet built using…
ISC Stormcast For Tuesday, February 27th, 2024 https://isc.sans.edu/podcastdetail/8870, (Tue, Feb 27th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, February 27th, 2024…
Update: MGLNDD_* Scans, (Sat, Feb 24th)
Almost 2 years ago, a reader asked us about TCP connections they observed. The data of these TCP connections starts with “MGLNDD_”: “MGLNDD_* Scans”. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article:…
Utilizing the VirusTotal API to Query Files Uploaded to DShield Honeypot [Guest Diary], (Sun, Feb 25th)
[This is a Guest Diary by Keegan Hamlin, an ISC intern as part of the SANS.edu BACS program] This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Utilizing the VirusTotal API to Query…
ISC Stormcast For Monday, February 26th, 2024 https://isc.sans.edu/podcastdetail/8868, (Mon, Feb 26th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, February 26th, 2024…
Apple Patches for CVE-2021-30807, (Tue, Jul 27th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green Apple has released another update (previous update was only about 5 days ago) to address CVE-2021-30807 that was discovered by an anonymous researcher. This update resolves an issue…
ISC Stormcast For Tuesday, July 27th, 2021 https://isc.sans.edu/podcastdetail.html?id=7602, (Tue, Jul 27th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Tuesday, July 27th, 2021…
Failed Malspam: Recovering The Password, (Mon, Jul 26th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green Jan's diary entry “One way to fail at malspam – give recipients the wrong password for an encrypted attachment” got my attention: it's an opportunity for me to…
ISC Stormcast For Monday, July 26th, 2021 https://isc.sans.edu/podcastdetail.html?id=7600, (Mon, Jul 26th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Monday, July 26th, 2021…
Wireshark 3.4.7 Released, (Sun, Jul 25th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green Wireshark version 3.4.7 was released. Read the original article: Wireshark 3.4.7 Released, (Sun, Jul 25th)
Active Directory Certificate Services (ADCS – PKI) domain admin vulnerability, (Sat, Jul 24th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green Phew, this was a really bad week for Microsoft (and a lot of reading for all of us). And just when we thought that the fiasco with the…
Agent.Tesla Dropped via a .daa Image and Talking to Telegram, (Sat, Jul 24th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green A few days ago, I found an interesting file delivered by email (why change a winning combination?). The file has a nice extension: â.daaâ (Direct Access Archive). We…
Uncovering Shenanigans in an IP Address Block via Hurricane Electric’s BGP Toolkit (II), (Fri, Jul 23rd)
This article has been indexed from SANS Internet Storm Center, InfoCON: green Today’s diary revisits hunting for dodgy domains via Hurricane Electric's BGP Toolkit [1]. This was previously done in an earlier diary [2], and I plan to do this…
ISC Stormcast For Friday, July 23rd, 2021 https://isc.sans.edu/podcastdetail.html?id=7598, (Fri, Jul 23rd)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Friday, July 23rd, 2021…
Lost in the Cloud: Akamai DNS Outage, (Thu, Jul 22nd)
This article has been indexed from SANS Internet Storm Center, InfoCON: green As we already got a number of notes from readers: Currently, Akamai's DNS service appears to experience an outage that affects numerous other large websites. Read the…
ISC Stormcast For Thursday, July 22nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7596, (Thu, Jul 22nd)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Thursday, July 22nd, 2021…
“Summer of SAM”: Microsoft Releases Guidance for CVE-2021-36934, (Wed, Jul 21st)
This article has been indexed from SANS Internet Storm Center, InfoCON: green Microsoft released a knowledge base article regarding CVE-2021-36934 [1]. Bojan yesterday explained the vulnerability in more detail. Recent versions of Microsoft Windows expose several system files due to…
ISC Stormcast For Wednesday, July 21st, 2021 https://isc.sans.edu/podcastdetail.html?id=7594, (Wed, Jul 21st)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Wednesday, July 21st, 2021…
Summer of SAM – incorrect permissions on Windows 10/11 hives, (Tue, Jul 20th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green If you opened Twitter today you were probably flooded with news about the latest security issue with Windows. For those that have ISC as their home page (yay!)…
ISC Stormcast For Tuesday, July 20th, 2021 https://isc.sans.edu/podcastdetail.html?id=7592, (Tue, Jul 20th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Tuesday, July 20th, 2021…
New Windows Print Spooler Vulnerability – CVE-2021-34481, (Mon, Jul 19th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green A new, unpatched, vulnerability has been discovered in the Windows Print Spooler and is being tracked under CVE-2021-34481. Discovered by Jacob Baines at Dragos, this one requires local…
ISC Stormcast For Monday, July 19th, 2021 https://isc.sans.edu/podcastdetail.html?id=7590, (Mon, Jul 19th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Monday, July 19th, 2021…
Video: CyberChef BASE85 Decoding, (Sun, Jul 18th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green In this video, I show how to decode the sample of Xavier's diary entry “Multiple BaseXX Obfuscations” with CyberChef. Read the original article: Video: CyberChef BASE85 Decoding, (Sun,…
BASE85 Decoding With base64dump.py, (Sat, Jul 17th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green Xavier's diary entry “Multiple BaseXX Obfuscations” covers a malicious script that is encoded with different “base” encodings. Xavier starts with my tool base64dump.py, but he can not do…
Multiple BaseXX Obfuscations, (Fri, Jul 16th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green I found an interesting malicious Python script during my daily hunting routine. The script has a VT score of 2/58[1] (SHA256: 6990298edd0d66850578bfd1e1b9d42abfe7a8d1deb828ef0c7017281ee7c5b7). Its purpose is to perform the…
ISC Stormcast For Friday, July 16th, 2021 https://isc.sans.edu/podcastdetail.html?id=7588, (Fri, Jul 16th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Friday, July 16th, 2021…
ISC Stormcast For Thursday, July 15th, 2021 https://isc.sans.edu/podcastdetail.html?id=7586, (Thu, Jul 15th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Thursday, July 15th, 2021…
USPS Phishing Using Telegram to Collect Data, (Tue, Jul 13th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green Phishing… at least they don't understand security any better than most kids. The latest example is a simple USPS phish. The lure is an email claiming that a…
One way to fail at malspam – give recipients the wrong password for an encrypted attachment , (Wed, Jul 14th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green It is not unusual for malspam authors to encrypt the malicious files that they attach to messages they send out. Whether they encrypt the malicious file itself (as…
ISC Stormcast For Wednesday, July 14th, 2021 https://isc.sans.edu/podcastdetail.html?id=7584, (Wed, Jul 14th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Wednesday, July 14th, 2021…
Microsoft July 2021 Patch Tuesday, (Tue, Jul 13th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This month we got patches for 117 vulnerabilities. Of these, 13 are critical, 6 were previously disclosed and 4 are being exploited according to Microsoft. Read the original…
ISC Stormcast For Tuesday, July 13th, 2021 https://isc.sans.edu/podcastdetail.html?id=7582, (Tue, Jul 13th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Tuesday, July 13th, 2021…
ISC Stormcast For Monday, July 12th, 2021 https://isc.sans.edu/podcastdetail.html?id=7580, (Mon, Jul 12th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Monday, July 12th, 2021…
Securing and Optimizing Networks: Using pfSense Traffic Shaper Limiters to Combat Bufferbloat, (Mon, Feb 15th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green [This is a guest diary by Yee Ching Tok (personal website here (https://poppopretn.com)). Feedback welcome either via comments or our contact page (https://isc.sans.edu/contact.html)] Read the original article: Securing…
Scanning for Microsoft Secure Socket Tunneling Protocol, (Sat, Jul 10th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green Over the past month I noticed a resurgence of probe by Digitalocean looking for the Microsoft (MS) Secure Socket Tunneling Protocol (SSTP). This MS proprietary VPN protocol is…
ISC Stormcast For Friday, July 9th, 2021 https://isc.sans.edu/podcastdetail.html?id=7578, (Fri, Jul 9th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Friday, July 9th, 2021…
Hancitor tries XLL as initial malware file, (Fri, Jul 9th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green Introduction Read the original article: Hancitor tries XLL as initial malware file, (Fri, Jul 9th)
Using Sudo with Python For More Security Controls, (Thu, Jul 8th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green I'm a big fan of the Sudo[1] command. This tool, available on every UNIX flavor, allows system administrators to provide access to certain users/groups to certain commands as…
ISC Stormcast For Thursday, July 8th, 2021 https://isc.sans.edu/podcastdetail.html?id=7576, (Thu, Jul 8th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Thursday, July 8th, 2021…
ISC Stormcast For Wednesday, July 7th, 2021 https://isc.sans.edu/podcastdetail.html?id=7574, (Wed, Jul 7th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Wednesday, July 7th, 2021…
Microsoft Releases Patches for CVE-2021-34527, (Wed, Jul 7th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green Microsoft today released patches for CVE-2021-34527, the vulnerability also known as “printnightmare”. Patches are currently available for these versions of Windows: Read the original article: Microsoft Releases Patches…
Python DLL Injection Check, (Tue, Jul 6th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green They are many security tools that inject DLL into processes running on a Windows system. The classic examples are anti-virus products. They like to inject plenty of code…
ISC Stormcast For Tuesday, July 6th, 2021 https://isc.sans.edu/podcastdetail.html?id=7572, (Tue, Jul 6th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Tuesday, July 6th, 2021…
ISC Stormcast For Monday, July 5th, 2021 https://isc.sans.edu/podcastdetail.html?id=7570, (Sun, Jul 4th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Monday, July 5th, 2021…
DIY CD/DVD Destruction – Follow Up, (Sun, Jul 4th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green Thanks a lot to all of you who posted a comment on my diary entry “DIY CD/DVD Destruction”. They inspired me to try out some other methods. Read…
Finding Strings With oledump.py, (Sat, Jul 3rd)
This article has been indexed from SANS Internet Storm Center, InfoCON: green In diary entry “CFBF Files Strings Analysis” I show how to extract strings from CFBF/ole files with my tool oledump.py. Read the original article: Finding Strings With oledump.py,…
Kaseya VSA Users Hit by Ransomware, (Fri, Jul 2nd)
This article has been indexed from SANS Internet Storm Center, InfoCON: green We are aware that some MSSP's customers (Managed Security Services Providers) have been hit by a ransomware. It seems that four(4) MSSP's have been affected until now. The…
ISC Stormcast For Friday, July 2nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7568, (Fri, Jul 2nd)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Friday, July 2nd, 2021…
“inception.py”… Multiple Base64 Encodings, (Fri, Jul 2nd)
This article has been indexed from SANS Internet Storm Center, InfoCON: green “Inception” is a very nice SF movie in which, if you did not watch it, dreams are implemented in people's minds to help to get access to sensitive information…
ISC Stormcast For Thursday, July 1st, 2021 https://isc.sans.edu/podcastdetail.html?id=7566, (Thu, Jul 1st)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Thursday, July 1st, 2021…