When I am thinking about the security of manufacturing environments, I am usually focusing on IoT devices integrated into production lines. All the little sensors and actuators are often very difficult to secure. On the other hand, there is also…
Tag: SANS Internet Storm Center, InfoCON: green
ISC Stormcast For Wednesday, September 3rd, 2025 https://isc.sans.edu/podcastdetail/9596, (Wed, Sep 3rd)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, September 3rd, 2025…
A quick look at sextortion at scale: 1,900 messages and 205 Bitcoin addresses spanning four years, (Tue, Sep 2nd)
What can almost 2,000 sextortion messages tell us about how threat actors operate and whether they are successful? Let's find out. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: A quick look…
ISC Stormcast For Tuesday, September 2nd, 2025 https://isc.sans.edu/podcastdetail/9594, (Tue, Sep 2nd)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, September 2nd, 2025…
pdf-parser: All Streams, (Sun, Aug 31st)
A user reported a bug in pdf-parser: when dumping all filtered streams, an error would occur: This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: pdf-parser: All Streams, (Sun, Aug 31st)
Wireshark 4.4.9 Released, (Sun, Aug 31st)
Wireshark release 4.4.9 fixes 5 bugs. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Wireshark 4.4.9 Released, (Sun, Aug 31st)
ISC Stormcast For Friday, August 29th, 2025 https://isc.sans.edu/podcastdetail/9592, (Fri, Aug 29th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, August 29th, 2025…
Increasing Searches for ZIP Files, (Thu, Aug 28th)
I noticed recently that we have more and more requests for ZIP files in our web honeypot logs. Over the last year, we have had a substantial increase in these requests. This article has been indexed from SANS Internet Storm…
ISC Stormcast For Thursday, August 28th, 2025 https://isc.sans.edu/podcastdetail/9590, (Thu, Aug 28th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, August 28th, 2025…
Interesting Technique to Launch a Shellcode, (Wed, Aug 27th)
In most attack scenarios, attackers have to perform a crucial operation: to load a shellcode in memory and execute it. This is often performed in a three-step process: This article has been indexed from SANS Internet Storm Center, InfoCON: green…
ISC Stormcast For Wednesday, August 27th, 2025 https://isc.sans.edu/podcastdetail/9588, (Wed, Aug 27th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, August 27th, 2025…
Getting a Better Handle on International Domain Names and Punycode, (Tue, Aug 26th)
International domain names (IDN) continue to be an interesting topic. For the most part, they are probably less of an issue than some people make them out to be, given that popular browsers like Google Chrome are pretty selective in…
ISC Stormcast For Tuesday, August 26th, 2025 https://isc.sans.edu/podcastdetail/9586, (Tue, Aug 26th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, August 26th, 2025…
ISC Stormcast For Monday, August 25th, 2025 https://isc.sans.edu/podcastdetail/9584, (Mon, Aug 25th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, August 25th, 2025…
Reading Location Position Value in Microsoft Word Documents, (Mon, Aug 25th)
While studying for the GX-FE [1], I started exploring the “Position” value in the registry that helps to tell Microsoft Word where you “left off”. It's a feature many people that use Word have seen on numerous occasions and is…
The end of an era: Properly formated IP addresses in all of our data., (Sun, Aug 24th)
The Internet Storm Center and DShield websites are about 25 years old. Back in the day, I made some questionable decisions that I have never quite cleaned up later. One of these decisions was to use a “15 character 0-padded”…
ISC Stormcast For Friday, August 22nd, 2025 https://isc.sans.edu/podcastdetail/9582, (Fri, Aug 22nd)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, August 22nd, 2025…
Don’t Forget The “-n” Command Line Switch, (Thu, Aug 21st)
A lot of people like the command line, the CLI, the shell (name it as you want) because it provides a lot of powerful tools to perform investigations. The best example is probably parsing logs! Even if we have SIEM…
ISC Stormcast For Thursday, August 21st, 2025 https://isc.sans.edu/podcastdetail/9580, (Thu, Aug 21st)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, August 21st, 2025…
Airtell Router Scans, and Mislabeled usernames, (Wed, Aug 20th)
Looking at new usernames collected by our Cowrie honeypots, you will first of all notice a number of HTTP headers. It is very common for attackers to scan for web servers on ports that are covered by our Telnet honeypots.…