This article has been indexed from SANS Internet Storm Center, InfoCON: green Today's diary features a tip-off by one of our ISC diary readers Earl. Earl discovered some dodgy domains within the IP address block of 95.181.152.0/24 via the Hurricane…
Tag: SANS Internet Storm Center, InfoCON: green
ISC Stormcast For Tuesday, May 25th, 2021 https://isc.sans.edu/podcastdetail.html?id=7514, (Tue, May 25th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Tuesday, May 25th, 2021…
Apple May 2021 Security Updates, (Mon, May 24th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green Apple has released several updates for iPhones, iPads, Apple Watches, and Macs earlier today (May 24). More details are available on the Apple Security Updates website. Read…
ISC Stormcast For Monday, May 24th, 2021 https://isc.sans.edu/podcastdetail.html?id=7512, (Mon, May 24th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Monday, May 24th, 2021…
Video: Making Sense Of Encrypted Cobalt Strike Traffic, (Sun, May 23rd)
This article has been indexed from SANS Internet Storm Center, InfoCON: green Brad posted another malware analysis with capture file of Cobalt Strike traffic. Read the original article: Video: Making Sense Of Encrypted Cobalt Strike Traffic, (Sun, May 23rd)
“Serverless” Phishing Campaign, (Sat, May 22nd)
This article has been indexed from SANS Internet Storm Center, InfoCON: green The Internet is full of code snippets and free resources that you can embed in your projects. SmtpJS is one of those small projects that are very interesting for…
Locking Kernel32.dll As Anti-Debugging Technique, (Fri, May 21st)
This article has been indexed from SANS Internet Storm Center, InfoCON: green For bad guys, the implementation of techniques to prevent Security Analysts to perform their job is key! The idea is to make our life more difficult (read: “frustrating”).…
ISC Stormcast For Friday, May 21st, 2021 https://isc.sans.edu/podcastdetail.html?id=7510, (Fri, May 21st)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Friday, May 21st, 2021…
New YouTube Video Series: Everything you ever wanted to know about DNS and more!, (Thu, May 20th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green You may have heard sayings like “If it is broken, it is probably a DNS problem. And if it isn't DNS, it is still a DNS problem”. Or…
And Ransomware Just Got a Bit Meaner (yes… it is possible), (Thu, May 20th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green Ransomware has been evolving, and each evolution appears to be a bit “meaner” than the first. Early ransomware targeted consumers. Encrypting baby pictures, or tax records, motivated users…
ISC Stormcast For Thursday, May 20th, 2021 https://isc.sans.edu/podcastdetail.html?id=7508, (Thu, May 20th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Thursday, May 20th, 2021…
ISC Stormcast For Wednesday, May 19th, 2021 https://isc.sans.edu/podcastdetail.html?id=7506, (Wed, May 19th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Wednesday, May 19th, 2021…
May 2021 Forensic Contest: Answers and Analysis, (Wed, May 19th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green Introduction Read the original article: May 2021 Forensic Contest: Answers and Analysis, (Wed, May 19th)
From RunDLL32 to JavaScript then PowerShell, (Tue, May 18th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green I spotted an interesting script on VT a few days ago and it deserves a quick diary because it uses a nice way to execute JavaScript on the…
ISC Stormcast For Tuesday, May 18th, 2021 https://isc.sans.edu/podcastdetail.html?id=7504, (Tue, May 18th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Tuesday, May 18th, 2021…
SANS.edu Releases First Research Journal https://www.sans.edu/cyber-research, (Mon, May 17th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green — Read the original article: SANS.edu Releases First Research Journal https://www.sans.edu/cyber-research, (Mon, May 17th)
ISC Stormcast For Monday, May 17th, 2021 https://isc.sans.edu/podcastdetail.html?id=7502, (Mon, May 17th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Monday, May 17th, 2021…
Ransomware Defenses, (Mon, May 17th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green Ransomware attacks continue to be in the headlines everywhere, and are also an almost weekly reoccurring subject in the SANS Newsbites. As useful as many of the reports…
“Open” Access to Industrial Systems Interface is Also Far From Zero, (Fri, May 14th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green Jan's last diary about the recent attack against the US pipeline[1] was in perfect timing with the quick research I was preparing for a few weeks. If core…
ISC Stormcast For Friday, May 14th, 2021 https://isc.sans.edu/podcastdetail.html?id=7500, (Fri, May 14th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Friday, May 14th, 2021…
ISC Stormcast For Thursday, May 13th, 2021 https://isc.sans.edu/podcastdetail.html?id=7498, (Thu, May 13th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Thursday, May 13th, 2021…
Number of industrial control systems on the internet is lower then in 2020…but still far from zero, (Wed, May 12th)
This article has been indexed from SANS Internet Storm Center, InfoCON: green With the recent ransomware attack that impacted operation of one of the major US pipelines[1], I thought it might be a good time to revisit the old topic…
ISC Stormcast For Wednesday, May 12th, 2021 https://isc.sans.edu/podcastdetail.html?id=7496, (Wed, May 12th)
This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Wednesday, May 12th, 2021 https://isc.sans.edu/podcastdetail.html?id=7496, (Wed, May 12th)
Microsoft May 2021 Patch Tuesday, (Tue, May 11th)
This month we got patches for 55 vulnerabilities. Of these, 4 are critical, 3 were previously disclosed and none is being exploited according to Microsoft. Read the original article: Microsoft May 2021 Patch Tuesday, (Tue, May 11th)
ISC Stormcast For Tuesday, May 11th, 2021 https://isc.sans.edu/podcastdetail.html?id=7494, (Tue, May 11th)
This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Tuesday, May 11th, 2021 https://isc.sans.edu/podcastdetail.html?id=7494, (Tue, May 11th)
Correctly Validating IP Addresses: Why encoding matters for input validation., (Mon, May 10th)
Recently, a number of libraries suffered from a very similar security flaw: IP addresses expressed in octal were not correctly interpreted. The result was that an attacker was able to bypass input validation rules that restricted IP addresses to specific…
ISC Stormcast For Monday, May 10th, 2021 https://isc.sans.edu/podcastdetail.html?id=7492, (Mon, May 10th)
This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Monday, May 10th, 2021 https://isc.sans.edu/podcastdetail.html?id=7492, (Mon, May 10th)
Who is Probing the Internet for Research Purposes?, (Sat, May 8th)
Shodan[1] is one of the most familiar site for research on what is on the internet. In Oct 2020 I did a diary on Censys [2][3], another site collecting similar information like Shodan. The next two sites are regularly scanning…
ISC Stormcast For Friday, May 7th, 2021 https://isc.sans.edu/podcastdetail.html?id=7490, (Fri, May 7th)
This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Friday, May 7th, 2021 https://isc.sans.edu/podcastdetail.html?id=7490, (Fri, May 7th)
Exposed Azure Storage Containers, (Fri, May 7th)
A couple months ago, we already covered the topic of exposed Azure Blob Storage in two separate ISC diaries, “Exposed Blob Storage in Azure” and “Preventing Exposed Blob Storage in Azure”. The information therein is still relevant and valid, so…
Alternative Ways To Perform Basic Tasks, (Thu, May 6th)
I like to spot techniques used by malware developers to perform basic tasks. We know the lolbins[1] that are pre-installed tools used to perform malicious activities. Many lolbins are used, for example, to download some content from the Internet. Some…
ISC Stormcast For Thursday, May 6th, 2021 https://isc.sans.edu/podcastdetail.html?id=7488, (Thu, May 6th)
This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Thursday, May 6th, 2021 https://isc.sans.edu/podcastdetail.html?id=7488, (Thu, May 6th)
ISC Stormcast For Wednesday, May 5th, 2021 https://isc.sans.edu/podcastdetail.html?id=7486, (Wed, May 5th)
This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Wednesday, May 5th, 2021 https://isc.sans.edu/podcastdetail.html?id=7486, (Wed, May 5th)
May 2021 Forensic Contest, (Wed, May 5th)
Introduction Read the original article: May 2021 Forensic Contest, (Wed, May 5th)
Quick and dirty Python: masscan, (Tue, May 4th)
Those who know me are aware that I am a recovering shell programmer. I have 35+ years of various shell scripts involving complicated code pipelines with grep, cut, sort, uniq, awk, input files, output files, redirects, pipes etc…cobbled together to…
Important Apple Updates, (Tue, May 4th)
On Monday May 3rd, Apple released important updates to macOS Big Sur, iOS and iPadOS, and watchOS to resolve an issue in WebKit which when “Processing maliciously crafted web content may lead to arbitrary code execution.” Apple has indicated that…
ISC Stormcast For Tuesday, May 4th, 2021 https://isc.sans.edu/podcastdetail.html?id=7484, (Tue, May 4th)
Read the original article: ISC Stormcast For Tuesday, May 4th, 2021 https://isc.sans.edu/podcastdetail.html?id=7484, (Tue, May 4th) This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Tuesday,…
ISC Stormcast For Monday, May 3rd, 2021 https://isc.sans.edu/podcastdetail.html?id=7482, (Mon, May 3rd)
Read the original article: ISC Stormcast For Monday, May 3rd, 2021 https://isc.sans.edu/podcastdetail.html?id=7482, (Mon, May 3rd) This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Monday,…
PuTTY And FileZilla Use The Same Fingerprint Registry Keys, (Sun, May 2nd)
Read the original article: PuTTY And FileZilla Use The Same Fingerprint Registry Keys, (Sun, May 2nd) Many SSH clients can remember SSH servers' fingerprints. This can serve as a safety mechanism: you get a warning when the server you want…
YARA Release v4.1.0, (Sat, May 1st)
Read the original article: YARA Release v4.1.0, (Sat, May 1st) YARA version 4.1.0 was released. Read the original article: YARA Release v4.1.0, (Sat, May 1st)
Qiling: A true instrumentable binary emulation framework, (Fri, Apr 30th)
Read the original article: Qiling: A true instrumentable binary emulation framework, (Fri, Apr 30th) A while ago, during the FLARE On 7 challenge last autumn, I had my first experience with the Qiling framework. It helped me to solve the…
ISC Stormcast For Friday, April 30th, 2021 https://isc.sans.edu/podcastdetail.html?id=7480, (Fri, Apr 30th)
Read the original article: ISC Stormcast For Friday, April 30th, 2021 https://isc.sans.edu/podcastdetail.html?id=7480, (Fri, Apr 30th) This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Friday,…
From Python to .Net, (Thu, Apr 29th)
Read the original article: From Python to .Net, (Thu, Apr 29th) The Microsoft operating system provides the .Net framework[1] to developers. It allows to fully interact with the OS and write powerful applications… but also malicious ones. In a previous…
ISC Stormcast For Thursday, April 29th, 2021 https://isc.sans.edu/podcastdetail.html?id=7478, (Thu, Apr 29th)
Read the original article: ISC Stormcast For Thursday, April 29th, 2021 https://isc.sans.edu/podcastdetail.html?id=7478, (Thu, Apr 29th) This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Thursday,…
Deeper Analyzis of my Last Malicious PowerPoint Add-On, (Wed, Apr 28th)
Read the original article: Deeper Analyzis of my Last Malicious PowerPoint Add-On, (Wed, Apr 28th) Last week, I wrote a diary about a malicious PowerPoint add-on[1] and I concluded by saying that I was not able to continue the investigation…
ISC Stormcast For Wednesday, April 28th, 2021 https://isc.sans.edu/podcastdetail.html?id=7476, (Wed, Apr 28th)
Read the original article: ISC Stormcast For Wednesday, April 28th, 2021 https://isc.sans.edu/podcastdetail.html?id=7476, (Wed, Apr 28th) This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Wednesday,…
ISC Stormcast For Tuesday, April 27th, 2021 https://isc.sans.edu/podcastdetail.html?id=7474, (Tue, Apr 27th)
Read the original article: ISC Stormcast For Tuesday, April 27th, 2021 https://isc.sans.edu/podcastdetail.html?id=7474, (Tue, Apr 27th) This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Tuesday,…
Diving into a Singapore Post Phishing E-mail, (Tue, Apr 27th)
Read the original article: Diving into a Singapore Post Phishing E-mail, (Tue, Apr 27th) With the sustained persistence of COVID-19 globally, postal and e-commerce related phishing e-mails remain as one of the most widely favoured methods by adversaries and cybercrime…
CAD: .DGN and .MVBA Files, (Mon, Apr 26th)
Read the original article: CAD: .DGN and .MVBA Files, (Mon, Apr 26th) Regularly I receive questions about MicroStation files, since I wrote a diary entry about AutoCAD drawings containing VBA code. Read the original article: CAD: .DGN and .MVBA Files,…
ISC Stormcast For Monday, April 26th, 2021 https://isc.sans.edu/podcastdetail.html?id=7472, (Mon, Apr 26th)
Read the original article: ISC Stormcast For Monday, April 26th, 2021 https://isc.sans.edu/podcastdetail.html?id=7472, (Mon, Apr 26th) This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Monday,…
Wireshark 3.4.5 Released, (Sun, Apr 25th)
Read the original article: Wireshark 3.4.5 Released, (Sun, Apr 25th) Wireshark version 3.4.5 was released. Read the original article: Wireshark 3.4.5 Released, (Sun, Apr 25th)
Sysinternals: Procmon and Sysmon update, (Sun, Apr 25th)
Read the original article: Sysinternals: Procmon and Sysmon update, (Sun, Apr 25th) New versions of Procmon and Sysmon were released. Read the original article: Sysinternals: Procmon and Sysmon update, (Sun, Apr 25th)
Base64 Hashes Used in Web Scanning, (Sat, Apr 24th)
Read the original article: Base64 Hashes Used in Web Scanning, (Sat, Apr 24th) I have honeypot activity logs going back to May 2018 and I was curious what type of username:password combination was stored in the web traffic logs following…
ISC Stormcast For Friday, April 23rd, 2021 https://isc.sans.edu/podcastdetail.html?id=7470, (Fri, Apr 23rd)
Read the original article: ISC Stormcast For Friday, April 23rd, 2021 https://isc.sans.edu/podcastdetail.html?id=7470, (Fri, Apr 23rd) This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Friday,…
Malicious PowerPoint Add-On: “Small Is Beautiful”, (Fri, Apr 23rd)
Read the original article: Malicious PowerPoint Add-On: “Small Is Beautiful”, (Fri, Apr 23rd) Yesterday I spotted a DHL-branded phishing campaign that used a PowerPoint file to compromise the victim. The malicious attachment is a PowerPoint add-in. This technique is not…
How Safe Are Your Docker Images?, (Thu, Apr 22nd)
Read the original article: How Safe Are Your Docker Images?, (Thu, Apr 22nd) Today, I don't know any organization that is using Docker today. For only test and development only or to full production systems, containers are deployed everywhere! In…
ISC Stormcast For Thursday, April 22nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7468, (Thu, Apr 22nd)
Read the original article: ISC Stormcast For Thursday, April 22nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7468, (Thu, Apr 22nd) This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Thursday,…
A Case for Lockdown and Isolation (and not the Covid kind), (Wed, Apr 21st)
Read the original article: A Case for Lockdown and Isolation (and not the Covid kind), (Wed, Apr 21st) A reader wrote in expressing concerns over a vendor software management platform that had 3rd party module vulnerabilities [1]. Reasonable risk assessment…
ISC Stormcast For Wednesday, April 21st, 2021 https://isc.sans.edu/podcastdetail.html?id=7466, (Wed, Apr 21st)
Read the original article: ISC Stormcast For Wednesday, April 21st, 2021 https://isc.sans.edu/podcastdetail.html?id=7466, (Wed, Apr 21st) This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Wednesday,…
PulseSecure Out of Cycle Advisory: https://kb.pulsesecure.net/articles/Pulse_Secure_Article/SA44784/, (Tue, Apr 20th)
Read the original article: PulseSecure Out of Cycle Advisory: https://kb.pulsesecure.net/articles/Pulse_Secure_Article/SA44784/, (Tue, Apr 20th) This post doesn’t have text content, please click on the link below to view the original article. Read the original article: PulseSecure Out of Cycle Advisory: https://kb.pulsesecure.net/articles/Pulse_Secure_Article/SA44784/,…
PluseSecure Out of Cycle Advisory: https://kb.pulsesecure.net/articles/Pulse_Secure_Article/SA44784/, (Tue, Apr 20th)
Read the original article: PluseSecure Out of Cycle Advisory: https://kb.pulsesecure.net/articles/Pulse_Secure_Article/SA44784/, (Tue, Apr 20th) Richard Porter — ISC Handler on Duty Read the original article: PluseSecure Out of Cycle Advisory: https://kb.pulsesecure.net/articles/Pulse_Secure_Article/SA44784/, (Tue, Apr 20th)
SonicWall releases Security Notice: Email Security Zero-Day Vulnerabilities https://bit.ly/3eh1r9n, (Tue, Apr 20th)
Read the original article: SonicWall releases Security Notice: Email Security Zero-Day Vulnerabilities https://bit.ly/3eh1r9n, (Tue, Apr 20th) This post doesn’t have text content, please click on the link below to view the original article. Read the original article: SonicWall releases Security…
ISC Stormcast For Tuesday, April 20th, 2021 https://isc.sans.edu/podcastdetail.html?id=7464, (Tue, Apr 20th)
Read the original article: ISC Stormcast For Tuesday, April 20th, 2021 https://isc.sans.edu/podcastdetail.html?id=7464, (Tue, Apr 20th) This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Tuesday,…
Hunting phishing websites with favicon hashes, (Mon, Apr 19th)
Read the original article: Hunting phishing websites with favicon hashes, (Mon, Apr 19th) HTTP favicons are often used by bug bounty hunters and red teamers to discover vulnerable services in a target AS or IP range. It makes sense â…
ISC Stormcast For Monday, April 19th, 2021 https://isc.sans.edu/podcastdetail.html?id=7462, (Mon, Apr 19th)
Read the original article: ISC Stormcast For Monday, April 19th, 2021 https://isc.sans.edu/podcastdetail.html?id=7462, (Mon, Apr 19th) This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Monday,…
Decoding Cobalt Strike Traffic, (Sun, Apr 18th)
Read the original article: Decoding Cobalt Strike Traffic, (Sun, Apr 18th) In diary entry “Example of Cleartext Cobalt Strike Traffic (Thanks Brad)” I share a capture file I found with unencrypted Cobalt Strike traffic. The traffic is unencrypted since the…
Querying Spamhaus for IP reputation, (Fri, Apr 16th)
Read the original article: Querying Spamhaus for IP reputation, (Fri, Apr 16th) Way back in 2018 I posted a diary describing how I have been using the Neutrino API to do IP reputation checks. In the subsequent 2+ years that…
HTTPS Support for All Internal Services, (Fri, Apr 16th)
Read the original article: HTTPS Support for All Internal Services, (Fri, Apr 16th) SSL/TLS has been on stage for a while with deprecated protocols[1], free certificates for everybody[2]. The landscape is changing to force more and more people to switch…
ISC Stormcast For Friday, April 16th, 2021 https://isc.sans.edu/podcastdetail.html?id=7460, (Fri, Apr 16th)
Read the original article: ISC Stormcast For Friday, April 16th, 2021 https://isc.sans.edu/podcastdetail.html?id=7460, (Fri, Apr 16th) This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Friday,…
Why and How You Should be Using an Internal Certificate Authority, (Thu, Apr 15th)
Read the original article: Why and How You Should be Using an Internal Certificate Authority, (Thu, Apr 15th) Yesterday, Google released Chrome 90, and with that “HTTPS” is becoming the default protocol if you enter just a hostname into the…
ISC Stormcast For Thursday, April 15th, 2021 https://isc.sans.edu/podcastdetail.html?id=7458, (Thu, Apr 15th)
Read the original article: ISC Stormcast For Thursday, April 15th, 2021 https://isc.sans.edu/podcastdetail.html?id=7458, (Thu, Apr 15th) This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Thursday,…
ISC Stormcast For Wednesday, April 14th, 2021 https://isc.sans.edu/podcastdetail.html?id=7456, (Wed, Apr 14th)
Read the original article: ISC Stormcast For Wednesday, April 14th, 2021 https://isc.sans.edu/podcastdetail.html?id=7456, (Wed, Apr 14th) This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Wednesday,…
April 2021 Forensic Quiz: Answers and Analysis, (Wed, Apr 14th)
Read the original article: April 2021 Forensic Quiz: Answers and Analysis, (Wed, Apr 14th) Introduction Read the original article: April 2021 Forensic Quiz: Answers and Analysis, (Wed, Apr 14th)
Microsoft April 2021 Patch Tuesday, (Tue, Apr 13th)
Read the original article: Microsoft April 2021 Patch Tuesday, (Tue, Apr 13th) This month's score includes 114 Vulnerabilities. There are 19 Criticals this month with 4 previously disclosed and 1 being exploited. Read the original article: Microsoft April 2021 Patch…
ISC Stormcast For Tuesday, April 13th, 2021 https://isc.sans.edu/podcastdetail.html?id=7454, (Tue, Apr 13th)
Read the original article: ISC Stormcast For Tuesday, April 13th, 2021 https://isc.sans.edu/podcastdetail.html?id=7454, (Tue, Apr 13th) This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Tuesday,…
NMAP Announces release of nPcap 1.30, Raw Wifi + Better Performance. https://seclists.org/nmap-announce/2021/1, (Tue, Apr 13th)
Read the original article: NMAP Announces release of nPcap 1.30, Raw Wifi + Better Performance. https://seclists.org/nmap-announce/2021/1, (Tue, Apr 13th) This post doesn’t have text content, please click on the link below to view the original article. Read the original article:…
Example of Cleartext Cobalt Strike Traffic (Thanks Brad), (Mon, Apr 12th)
Read the original article: Example of Cleartext Cobalt Strike Traffic (Thanks Brad), (Mon, Apr 12th) Brad has a large collection of malware traffic (thanks Brad 🙂 ). Read the original article: Example of Cleartext Cobalt Strike Traffic (Thanks Brad), (Mon,…

Building an IDS Sensor with Suricata & Zeek with Logs to ELK, (Sat, Apr 10th)
Read the original article: 
Building an IDS Sensor with Suricata & Zeek with Logs to ELK, (Sat, Apr 10th) This post doesn’t have text content, please click on the link below to view the original article. Read the original article:…
ISC Stormcast For Monday, April 12th, 2021 https://isc.sans.edu/podcastdetail.html?id=7452, (Mon, Apr 12th)
Read the original article: ISC Stormcast For Monday, April 12th, 2021 https://isc.sans.edu/podcastdetail.html?id=7452, (Mon, Apr 12th) This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Monday,…
Building an IDS Sensor with Suricata & Zeek with Logs to ELK, (Sat, Apr 10th)
Read the original article: Building an IDS Sensor with Suricata & Zeek with Logs to ELK, (Sat, Apr 10th) This post doesn’t have text content, please click on the link below to view the original article. Read the original article:…
No Python Interpreter? This Simple RAT Installs Its Own Copy, (Fri, Apr 9th)
Read the original article: No Python Interpreter? This Simple RAT Installs Its Own Copy, (Fri, Apr 9th) For a while, I'm keeping an eye on malicious Python code targeting Windows environments[1][2]. If Python looks more and more popular, attackers are…
ISC Stormcast For Friday, April 9th, 2021 https://isc.sans.edu/podcastdetail.html?id=7450, (Fri, Apr 9th)
Read the original article: ISC Stormcast For Friday, April 9th, 2021 https://isc.sans.edu/podcastdetail.html?id=7450, (Fri, Apr 9th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Friday, April 9th, 2021 https://isc.sans.edu/podcastdetail.html?id=7450,…
Simple Powershell Ransomware Creating a 7Z Archive of your Files, (Thu, Apr 8th)
Read the original article: Simple Powershell Ransomware Creating a 7Z Archive of your Files, (Thu, Apr 8th) If some ransomware families are based on PE files with complex features, it's easy to write quick-and-dirty ransomware in other languages like Powershell.…
ISC Stormcast For Thursday, April 8th, 2021 https://isc.sans.edu/podcastdetail.html?id=7448, (Thu, Apr 8th)
Read the original article: ISC Stormcast For Thursday, April 8th, 2021 https://isc.sans.edu/podcastdetail.html?id=7448, (Thu, Apr 8th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Thursday, April 8th, 2021 https://isc.sans.edu/podcastdetail.html?id=7448,…
WiFi IDS and Private MAC Addresses, (Wed, Apr 7th)
Read the original article: WiFi IDS and Private MAC Addresses, (Wed, Apr 7th) I recently came across “nzyme” [1], a WiFi Intrusion Detection System (IDS). Nzyme does focus on WiFi-specific attacks, so it does not care about payload but inspects…
ISC Stormcast For Wednesday, April 7th, 2021 https://isc.sans.edu/podcastdetail.html?id=7446, (Wed, Apr 7th)
Read the original article: ISC Stormcast For Wednesday, April 7th, 2021 https://isc.sans.edu/podcastdetail.html?id=7446, (Wed, Apr 7th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Wednesday, April 7th, 2021 https://isc.sans.edu/podcastdetail.html?id=7446,…
Malspam with Lokibot vs. Outlook and RFCs, (Tue, Apr 6th)
Read the original article: Malspam with Lokibot vs. Outlook and RFCs, (Tue, Apr 6th) Couple of weeks ago, my phishing/spam trap caught an interesting e-mail carrying what turned out to be a sample of the Lokibot Infostealer. Become a…
ISC Stormcast For Tuesday, April 6th, 2021 https://isc.sans.edu/podcastdetail.html?id=7444, (Tue, Apr 6th)
Read the original article: ISC Stormcast For Tuesday, April 6th, 2021 https://isc.sans.edu/podcastdetail.html?id=7444, (Tue, Apr 6th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Tuesday, April 6th, 2021 https://isc.sans.edu/podcastdetail.html?id=7444,…
ISC Stormcast For Monday, April 5th, 2021 https://isc.sans.edu/podcastdetail.html?id=7442, (Mon, Apr 5th)
Read the original article: ISC Stormcast For Monday, April 5th, 2021 https://isc.sans.edu/podcastdetail.html?id=7442, (Mon, Apr 5th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Monday, April 5th, 2021 https://isc.sans.edu/podcastdetail.html?id=7442,…
YARA and CyberChef: ZIP, (Sun, Apr 4th)
Read the original article: YARA and CyberChef: ZIP, (Sun, Apr 4th) When processing the result of “unzip” in CyberChef, for example with YARA rules, all files contained inside the ZIP file, are concatenated together. Become a supporter of IT…
Video: YARA and CyberChef, (Sat, Apr 3rd)
Read the original article: Video: YARA and CyberChef, (Sat, Apr 3rd) In diary entry “YARA and CyberChef”, I explain how to use YARA rules together with CyberChef. Become a supporter of IT Security News and help us remove the…
C2 Activity: Sandboxes or Real Victims?, (Fri, Apr 2nd)
Read the original article: C2 Activity: Sandboxes or Real Victims?, (Fri, Apr 2nd) In my last diary[1], I mentioned that I was able to access screenshots exfiltrated by the malware sample. During the first analysis, there were approximately 460 JPEG…
ISC Stormcast For Friday, April 2nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7440, (Fri, Apr 2nd)
Read the original article: ISC Stormcast For Friday, April 2nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7440, (Fri, Apr 2nd) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Friday, April 2nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7440,…
ISC Stormcast For Thursday, April 1st, 2021 https://isc.sans.edu/podcastdetail.html?id=7438, (Thu, Apr 1st)
Read the original article: ISC Stormcast For Thursday, April 1st, 2021 https://isc.sans.edu/podcastdetail.html?id=7438, (Thu, Apr 1st) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Thursday, April 1st, 2021 https://isc.sans.edu/podcastdetail.html?id=7438,…
April 2021 Forensic Quiz, (Thu, Apr 1st)
Read the original article: April 2021 Forensic Quiz, (Thu, Apr 1st) Introduction Become a supporter of IT Security News and help us remove the ads. Read the original article: April 2021 Forensic Quiz, (Thu, Apr 1st)
Quick Analysis of a Modular InfoStealer, (Wed, Mar 31st)
Read the original article: Quick Analysis of a Modular InfoStealer, (Wed, Mar 31st) This morning, an interesting phishing email landed in my spam trap. The mail was redacted in Spanish and, as usual, asked the recipient to urgently process the…
ISC Stormcast For Wednesday, March 31st, 2021 https://isc.sans.edu/podcastdetail.html?id=7436, (Wed, Mar 31st)
Read the original article: ISC Stormcast For Wednesday, March 31st, 2021 https://isc.sans.edu/podcastdetail.html?id=7436, (Wed, Mar 31st) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Wednesday, March 31st, 2021 https://isc.sans.edu/podcastdetail.html?id=7436,…
Old TLS versions – gone, but not forgotten… well, not really “gone” either, (Tue, Mar 30th)
Read the original article: Old TLS versions – gone, but not forgotten… well, not really “gone” either, (Tue, Mar 30th) With the recent official deprecation of TLS 1.0 and TLS 1.1 by RFC 8996[1], a step, which has long been…
ISC Stormcast For Tuesday, March 30th, 2021 https://isc.sans.edu/podcastdetail.html?id=7434, (Tue, Mar 30th)
Read the original article: ISC Stormcast For Tuesday, March 30th, 2021 https://isc.sans.edu/podcastdetail.html?id=7434, (Tue, Mar 30th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Tuesday, March 30th, 2021 https://isc.sans.edu/podcastdetail.html?id=7434,…
Jumping into Shellcode, (Mon, Mar 29th)
Read the original article: Jumping into Shellcode, (Mon, Mar 29th) Malware analysis is exciting because you never know what you will find. In previous diaries[1], I already explained why it's important to have a look at groups of interesting Windows API…