Tag: SANS Internet Storm Center, InfoCON: green

I was asked a question about the protection of an .xlsm spreadsheet. I've written before on the protection of .xls spreadsheets, for example in diary entries “Unprotecting Malicious Documents For Inspection” and “16-bit Hash Collisions in .xls Spreadsheets”; and blog…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, July 15th, 2024…

Read more →

Wireshark release 4.2.6 fixes 1 vulnerability (SPRT parser crash) and 10 bugs. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Wireshark 4.2.6 Released, (Sun, Jul 14th)

Read more →

A couple years ago, in diary entry “Unprotecting Malicious Documents For Inspection” I explain how .xls spreadsheets are password protected (but not encrypted). And in follow-up diary entry “Maldocs: Protection Passwords”, I talk about an update to my oledump plugin…

Read more →

Today, I noticed some exploit attempts against an older vulnerability in the “Nette Framework”, CVE-2020-15227 [1]. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Attacks against the “Nette” PHP framework CVE-2020-15227, (Fri,…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, July 12th, 2024…

Read more →

Some of the commands observed can be confusing for a novice looking at ssh honeypot logs. Sure, you have some obvious commands like “uname -a” to fingerprint the kernel. However, other commands are less intuitive and are not commands a…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, July 11th, 2024…

Read more →

Sometimes data needs to be transformed or different tools need to be used so that it can be compared with other data. Some honeypot data is easy to compare since there is no customized information such as randomly generated file…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, July 10th, 2024…

Read more →

Microsoft today released patches for 142 vulnerabilities. Only four of the vulnerabilities are rated as “critical”. There are two vulnerabilities that have already been discussed and two that have already been exploited. This article has been indexed from SANS Internet…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, July 9th, 2024…

Read more →

Microsoft has a very popular tool (part of the SysInternals) called Sysmon[1]. It is a system service and device driver designed to monitor and log system activity, including very useful events like process creations, network connections, DNS requests, file changes,…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, July 8th, 2024…

Read more →

I often think the Internet would work better without DNS. People unable to remember an IP address would be unable to use it. But on the other hand, there is more to DNS than translating a human-readable hostname to a…

Read more →

Qualys published a blog posts with details regarding a critical remote code execution vulnerability [1] This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: SSH “regreSSHion” Remote Code Execution Vulnerability in OpenSSH., (Mon,…

Read more →

We last discussed SSLv2 support on internet-exposed web servers about a year ago, when we discovered that there were still about 450 thousand web servers that supported this protocol left on the internet[1]. We also found that a significant portion…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, June 28th, 2024…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, June 27th, 2024…

Read more →

[This is a Guest Diary by Kelly Fiocchi-Tapani, an ISC intern as part of the SANS.edu BACS program] This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: What Setting Live Traps for Cybercriminals…

Read more →