Read the original article: ISC Stormcast For Monday, April 12th, 2021 https://isc.sans.edu/podcastdetail.html?id=7452, (Mon, Apr 12th) This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Monday,…
Tag: SANS Internet Storm Center, InfoCON: green
Building an IDS Sensor with Suricata & Zeek with Logs to ELK, (Sat, Apr 10th)
Read the original article: Building an IDS Sensor with Suricata & Zeek with Logs to ELK, (Sat, Apr 10th) This post doesn’t have text content, please click on the link below to view the original article. Read the original article:…
No Python Interpreter? This Simple RAT Installs Its Own Copy, (Fri, Apr 9th)
Read the original article: No Python Interpreter? This Simple RAT Installs Its Own Copy, (Fri, Apr 9th) For a while, I'm keeping an eye on malicious Python code targeting Windows environments[1][2]. If Python looks more and more popular, attackers are…
ISC Stormcast For Friday, April 9th, 2021 https://isc.sans.edu/podcastdetail.html?id=7450, (Fri, Apr 9th)
Read the original article: ISC Stormcast For Friday, April 9th, 2021 https://isc.sans.edu/podcastdetail.html?id=7450, (Fri, Apr 9th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Friday, April 9th, 2021 https://isc.sans.edu/podcastdetail.html?id=7450,…
Simple Powershell Ransomware Creating a 7Z Archive of your Files, (Thu, Apr 8th)
Read the original article: Simple Powershell Ransomware Creating a 7Z Archive of your Files, (Thu, Apr 8th) If some ransomware families are based on PE files with complex features, it's easy to write quick-and-dirty ransomware in other languages like Powershell.…
ISC Stormcast For Thursday, April 8th, 2021 https://isc.sans.edu/podcastdetail.html?id=7448, (Thu, Apr 8th)
Read the original article: ISC Stormcast For Thursday, April 8th, 2021 https://isc.sans.edu/podcastdetail.html?id=7448, (Thu, Apr 8th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Thursday, April 8th, 2021 https://isc.sans.edu/podcastdetail.html?id=7448,…
WiFi IDS and Private MAC Addresses, (Wed, Apr 7th)
Read the original article: WiFi IDS and Private MAC Addresses, (Wed, Apr 7th) I recently came across “nzyme” [1], a WiFi Intrusion Detection System (IDS). Nzyme does focus on WiFi-specific attacks, so it does not care about payload but inspects…
ISC Stormcast For Wednesday, April 7th, 2021 https://isc.sans.edu/podcastdetail.html?id=7446, (Wed, Apr 7th)
Read the original article: ISC Stormcast For Wednesday, April 7th, 2021 https://isc.sans.edu/podcastdetail.html?id=7446, (Wed, Apr 7th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Wednesday, April 7th, 2021 https://isc.sans.edu/podcastdetail.html?id=7446,…
Malspam with Lokibot vs. Outlook and RFCs, (Tue, Apr 6th)
Read the original article: Malspam with Lokibot vs. Outlook and RFCs, (Tue, Apr 6th) Couple of weeks ago, my phishing/spam trap caught an interesting e-mail carrying what turned out to be a sample of the Lokibot Infostealer. Become a…
ISC Stormcast For Tuesday, April 6th, 2021 https://isc.sans.edu/podcastdetail.html?id=7444, (Tue, Apr 6th)
Read the original article: ISC Stormcast For Tuesday, April 6th, 2021 https://isc.sans.edu/podcastdetail.html?id=7444, (Tue, Apr 6th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Tuesday, April 6th, 2021 https://isc.sans.edu/podcastdetail.html?id=7444,…
ISC Stormcast For Monday, April 5th, 2021 https://isc.sans.edu/podcastdetail.html?id=7442, (Mon, Apr 5th)
Read the original article: ISC Stormcast For Monday, April 5th, 2021 https://isc.sans.edu/podcastdetail.html?id=7442, (Mon, Apr 5th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Monday, April 5th, 2021 https://isc.sans.edu/podcastdetail.html?id=7442,…
YARA and CyberChef: ZIP, (Sun, Apr 4th)
Read the original article: YARA and CyberChef: ZIP, (Sun, Apr 4th) When processing the result of “unzip” in CyberChef, for example with YARA rules, all files contained inside the ZIP file, are concatenated together. Become a supporter of IT…
Video: YARA and CyberChef, (Sat, Apr 3rd)
Read the original article: Video: YARA and CyberChef, (Sat, Apr 3rd) In diary entry “YARA and CyberChef”, I explain how to use YARA rules together with CyberChef. Become a supporter of IT Security News and help us remove the…
C2 Activity: Sandboxes or Real Victims?, (Fri, Apr 2nd)
Read the original article: C2 Activity: Sandboxes or Real Victims?, (Fri, Apr 2nd) In my last diary[1], I mentioned that I was able to access screenshots exfiltrated by the malware sample. During the first analysis, there were approximately 460 JPEG…
ISC Stormcast For Friday, April 2nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7440, (Fri, Apr 2nd)
Read the original article: ISC Stormcast For Friday, April 2nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7440, (Fri, Apr 2nd) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Friday, April 2nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7440,…
ISC Stormcast For Thursday, April 1st, 2021 https://isc.sans.edu/podcastdetail.html?id=7438, (Thu, Apr 1st)
Read the original article: ISC Stormcast For Thursday, April 1st, 2021 https://isc.sans.edu/podcastdetail.html?id=7438, (Thu, Apr 1st) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Thursday, April 1st, 2021 https://isc.sans.edu/podcastdetail.html?id=7438,…
April 2021 Forensic Quiz, (Thu, Apr 1st)
Read the original article: April 2021 Forensic Quiz, (Thu, Apr 1st) Introduction Become a supporter of IT Security News and help us remove the ads. Read the original article: April 2021 Forensic Quiz, (Thu, Apr 1st)
Quick Analysis of a Modular InfoStealer, (Wed, Mar 31st)
Read the original article: Quick Analysis of a Modular InfoStealer, (Wed, Mar 31st) This morning, an interesting phishing email landed in my spam trap. The mail was redacted in Spanish and, as usual, asked the recipient to urgently process the…
ISC Stormcast For Wednesday, March 31st, 2021 https://isc.sans.edu/podcastdetail.html?id=7436, (Wed, Mar 31st)
Read the original article: ISC Stormcast For Wednesday, March 31st, 2021 https://isc.sans.edu/podcastdetail.html?id=7436, (Wed, Mar 31st) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Wednesday, March 31st, 2021 https://isc.sans.edu/podcastdetail.html?id=7436,…
Old TLS versions – gone, but not forgotten… well, not really “gone” either, (Tue, Mar 30th)
Read the original article: Old TLS versions – gone, but not forgotten… well, not really “gone” either, (Tue, Mar 30th) With the recent official deprecation of TLS 1.0 and TLS 1.1 by RFC 8996[1], a step, which has long been…
ISC Stormcast For Tuesday, March 30th, 2021 https://isc.sans.edu/podcastdetail.html?id=7434, (Tue, Mar 30th)
Read the original article: ISC Stormcast For Tuesday, March 30th, 2021 https://isc.sans.edu/podcastdetail.html?id=7434, (Tue, Mar 30th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Tuesday, March 30th, 2021 https://isc.sans.edu/podcastdetail.html?id=7434,…
Jumping into Shellcode, (Mon, Mar 29th)
Read the original article: Jumping into Shellcode, (Mon, Mar 29th) Malware analysis is exciting because you never know what you will find. In previous diaries[1], I already explained why it's important to have a look at groups of interesting Windows API…
ISC Stormcast For Monday, March 29th, 2021 https://isc.sans.edu/podcastdetail.html?id=7432, (Mon, Mar 29th)
Read the original article: ISC Stormcast For Monday, March 29th, 2021 https://isc.sans.edu/podcastdetail.html?id=7432, (Mon, Mar 29th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Monday, March 29th, 2021 https://isc.sans.edu/podcastdetail.html?id=7432,…
TCPView v4.0 Released, (Sun, Mar 28th)
Read the original article: TCPView v4.0 Released, (Sun, Mar 28th) TCPView is a Sysinternals' tool that displays information about the TCP and UDP endpoints on a system. It's like netstat, but with a GUI. Become a supporter of IT…
Malware Analysis with elastic-agent and Microsoft Sandbox, (Fri, Mar 26th)
Read the original article: Malware Analysis with elastic-agent and Microsoft Sandbox, (Fri, Mar 26th) Microsoft describes the “Windows Sandbox supports simple configuration files, which provide a minimal set of customization parameters for Sandbox. […] Windows Sandbox configuration files are formatted…
Apple releases iOS 14.4.2 to address “universal cross site scripting” in Webkit https://support.apple.com/en-us/HT212256, (Fri, Mar 26th)
Read the original article: Apple releases iOS 14.4.2 to address “universal cross site scripting” in Webkit https://support.apple.com/en-us/HT212256, (Fri, Mar 26th) This post doesn’t have text content, please click on the link below to view the original article. Apple releases iOS…
ISC Stormcast For Friday, March 26th, 2021 https://isc.sans.edu/podcastdetail.html?id=7430, (Fri, Mar 26th)
Read the original article: ISC Stormcast For Friday, March 26th, 2021 https://isc.sans.edu/podcastdetail.html?id=7430, (Fri, Mar 26th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Friday, March 26th, 2021 https://isc.sans.edu/podcastdetail.html?id=7430,…
Office macro execution evidence, (Fri, Mar 26th)
Read the original article: Office macro execution evidence, (Fri, Mar 26th) Microsoft Office Macros continue to be the security nightmare that they have been for the past 3 decades. System and security admins everywhere continue to try to protect their…
ISC Stormcast For Thursday, March 25th, 2021 https://isc.sans.edu/podcastdetail.html?id=7428, (Thu, Mar 25th)
Read the original article: ISC Stormcast For Thursday, March 25th, 2021 https://isc.sans.edu/podcastdetail.html?id=7428, (Thu, Mar 25th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Thursday, March 25th, 2021 https://isc.sans.edu/podcastdetail.html?id=7428,…
Submitting pfSense Firewall Logs to DShield, (Thu, Mar 25th)
Read the original article: Submitting pfSense Firewall Logs to DShield, (Thu, Mar 25th) In my previous diaries, I wrote about pfSense firewalls [1], [2]. I hope the diaries have given some insight to current pfSense users, and also inspire individuals…
ISC Stormcast For Wednesday, March 24th, 2021 https://isc.sans.edu/podcastdetail.html?id=7426, (Wed, Mar 24th)
Read the original article: ISC Stormcast For Wednesday, March 24th, 2021 https://isc.sans.edu/podcastdetail.html?id=7426, (Wed, Mar 24th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Wednesday, March 24th, 2021 https://isc.sans.edu/podcastdetail.html?id=7426,…
Analysis from March 2021 Traffic Analysis Quiz, (Wed, Mar 24th)
Read the original article: Analysis from March 2021 Traffic Analysis Quiz, (Wed, Mar 24th) Introduction Become a supporter of IT Security News and help us remove the ads. Read the original article: Analysis from March 2021 Traffic Analysis Quiz,…
The 2021 SANS Security Awareness Report is out. Learn data-driven lessons learned how organizations around the world are effectively managing their human risk https://www.sans.org/security-awareness-training/sareport-2021, (Tue, Mar 23rd)
Read the original article: The 2021 SANS Security Awareness Report is out. Learn data-driven lessons learned how organizations around the world are effectively managing their human risk https://www.sans.org/security-awareness-training/sareport-2021, (Tue, Mar 23rd) — Become a supporter of IT Security News…
ISC Stormcast For Tuesday, March 23rd, 2021 https://isc.sans.edu/podcastdetail.html?id=7424, (Tue, Mar 23rd)
Read the original article: ISC Stormcast For Tuesday, March 23rd, 2021 https://isc.sans.edu/podcastdetail.html?id=7424, (Tue, Mar 23rd) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Tuesday, March 23rd, 2021 https://isc.sans.edu/podcastdetail.html?id=7424,…
Nim Strings, (Mon, Mar 22nd)
Read the original article: Nim Strings, (Mon, Mar 22nd) On Tuesday's Stormcast, Johannes talked about malware written in the Nim Programming language. Become a supporter of IT Security News and help us remove the ads. Read the original article:…
March 2021 Traffic Analysis Quiz, (Tue, Mar 23rd)
Read the original article: March 2021 Traffic Analysis Quiz, (Tue, Mar 23rd) Introduction Become a supporter of IT Security News and help us remove the ads. Read the original article: March 2021 Traffic Analysis Quiz, (Tue, Mar 23rd)

Video: Finding Metasploit & Cobalt Strike URLs, (Sun, Mar 21st)
Read the original article: 
Video: Finding Metasploit & Cobalt Strike URLs, (Sun, Mar 21st) I have a couple of questions on my diary entry “Finding Metasploit & Cobalt Strike URLs”, thus I made a video that shows the method and…
ISC Stormcast For Monday, March 22nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7422, (Mon, Mar 22nd)
Read the original article: ISC Stormcast For Monday, March 22nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7422, (Mon, Mar 22nd) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Monday, March 22nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7422,…
Video: Finding Metasploit & Cobalt Strike URLs, (Sun, Mar 21st)
Read the original article: Video: Finding Metasploit & Cobalt Strike URLs, (Sun, Mar 21st) I have a couple of questions on my diary entry “Finding Metasploit & Cobalt Strike URLs”, thus I made a video that shows the method and…
YARA Pre-release v4.1.0, (Sat, Mar 20th)
Read the original article: YARA Pre-release v4.1.0, (Sat, Mar 20th) There's a new version of YARA on GitHub, a pre-release for version 4.1.0. Become a supporter of IT Security News and help us remove the ads. Read the original…
Pastebin.com Used As a Simple C2 Channel, (Fri, Mar 19th)
Read the original article: Pastebin.com Used As a Simple C2 Channel, (Fri, Mar 19th) With the growing threat of ransomware attacks, they are other malicious activities that have less attention today but they remain active. Think about crypto-miners. Yes, attackers…
ISC Stormcast For Friday, March 19th, 2021 https://isc.sans.edu/podcastdetail.html?id=7420, (Fri, Mar 19th)
Read the original article: ISC Stormcast For Friday, March 19th, 2021 https://isc.sans.edu/podcastdetail.html?id=7420, (Fri, Mar 19th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Friday, March 19th, 2021 https://isc.sans.edu/podcastdetail.html?id=7420,…
Simple Python Keylogger , (Thu, Mar 18th)
Read the original article: Simple Python Keylogger , (Thu, Mar 18th) A keylogger is one of the core features implemented by many malware to exfiltrate interesting data and learn about the victim. Besides the fact that interesting keystrokes can reveal…
ISC Stormcast For Thursday, March 18th, 2021 https://isc.sans.edu/podcastdetail.html?id=7418, (Thu, Mar 18th)
Read the original article: ISC Stormcast For Thursday, March 18th, 2021 https://isc.sans.edu/podcastdetail.html?id=7418, (Thu, Mar 18th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Thursday, March 18th, 2021 https://isc.sans.edu/podcastdetail.html?id=7418,…
Defenders, Know Your Operating System Like Attackers Do!, (Wed, Mar 17th)
Read the original article: Defenders, Know Your Operating System Like Attackers Do!, (Wed, Mar 17th) Not a technical diary today but more a reflection⦠When I'm teaching FOR610[1], I always remind students to âRTFMâ or “Read the F⦠Manual”. I…
ISC Stormcast For Wednesday, March 17th, 2021 https://isc.sans.edu/podcastdetail.html?id=7416, (Wed, Mar 17th)
Read the original article: ISC Stormcast For Wednesday, March 17th, 2021 https://isc.sans.edu/podcastdetail.html?id=7416, (Wed, Mar 17th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Wednesday, March 17th, 2021 https://isc.sans.edu/podcastdetail.html?id=7416,…
50 years of malware? Not really. 50 years of computer worms? That’s a different story…, (Tue, Mar 16th)
Read the original article: 50 years of malware? Not really. 50 years of computer worms? That’s a different story…, (Tue, Mar 16th) If you have any interest in the history of malicious code, chances are you've heard or read somewhere…

Finding Metasploit & Cobalt Strike URLs, (Mon, Mar 15th)
Read the original article: 
Finding Metasploit & Cobalt Strike URLs, (Mon, Mar 15th) Metasploit and Cobalt Strike generate shellcode for http(s) shells. The URLs found in this shellcode have a path that consist of 4 random alphanumeric characters. But they…
ISC Stormcast For Tuesday, March 16th, 2021 https://isc.sans.edu/podcastdetail.html?id=7414, (Tue, Mar 16th)
Read the original article: ISC Stormcast For Tuesday, March 16th, 2021 https://isc.sans.edu/podcastdetail.html?id=7414, (Tue, Mar 16th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Tuesday, March 16th, 2021 https://isc.sans.edu/podcastdetail.html?id=7414,…
Finding Metasploit & Cobalt Strike URLs, (Mon, Mar 15th)
Read the original article: Finding Metasploit & Cobalt Strike URLs, (Mon, Mar 15th) Metasploit and Cobalt Strike generate shellcode for http(s) shells. The URLs found in this shellcode have a path that consist of 4 random alphanumeric characters. But they…
ISC Stormcast For Monday, March 15th, 2021 https://isc.sans.edu/podcastdetail.html?id=7412, (Mon, Mar 15th)
Read the original article: ISC Stormcast For Monday, March 15th, 2021 https://isc.sans.edu/podcastdetail.html?id=7412, (Mon, Mar 15th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Monday, March 15th, 2021 https://isc.sans.edu/podcastdetail.html?id=7412,…
Wireshark 3.4.4 Released, (Sun, Mar 14th)
Read the original article: Wireshark 3.4.4 Released, (Sun, Mar 14th) Wireshark version 3.4.4 was released. Become a supporter of IT Security News and help us remove the ads. Read the original article: Wireshark 3.4.4 Released, (Sun, Mar 14th)
Microsoft DHCP Logs Shipped to ELK, (Fri, Mar 12th)
Read the original article: Microsoft DHCP Logs Shipped to ELK, (Fri, Mar 12th) This parser takes the logs from a Windows 2012R2 server (C:\Windows\System32\dhcp) and parses them into usable metatada which can be monitored via a dashboard. The logs have…
ISC Stormcast For Friday, March 12th, 2021 https://isc.sans.edu/podcastdetail.html?id=7410, (Fri, Mar 12th)
Read the original article: ISC Stormcast For Friday, March 12th, 2021 https://isc.sans.edu/podcastdetail.html?id=7410, (Fri, Mar 12th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Friday, March 12th, 2021 https://isc.sans.edu/podcastdetail.html?id=7410,…
Piktochart – Phishing with Infographics, (Thu, Mar 11th)
Read the original article: Piktochart – Phishing with Infographics, (Thu, Mar 11th) [This is a guest diary submitted by JB Bowers] Become a supporter of IT Security News and help us remove the ads. Read the original article: Piktochart…
ISC Stormcast For Thursday, March 11th, 2021 https://isc.sans.edu/podcastdetail.html?id=7408, (Thu, Mar 11th)
Read the original article: ISC Stormcast For Thursday, March 11th, 2021 https://isc.sans.edu/podcastdetail.html?id=7408, (Thu, Mar 11th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Thursday, March 11th, 2021 https://isc.sans.edu/podcastdetail.html?id=7408,…
If you have an F5, it’s time to patch! Thanks Michele for the link to today’s crop of F5 CVE’s, which include an unauthenticated RCE against the API, and another RCE against “hidden” config pages! https://support.f5.com/csp/article/K02566623, (Wed, Mar 10th)
Read the original article: If you have an F5, it’s time to patch! Thanks Michele for the link to today’s crop of F5 CVE’s, which include an unauthenticated RCE against the API, and another RCE against “hidden” config pages! https://support.f5.com/csp/article/K02566623,…
SharpRDP – PSExec without PSExec, PSRemoting without PowerShell, (Wed, Mar 10th)
Read the original article: SharpRDP – PSExec without PSExec, PSRemoting without PowerShell, (Wed, Mar 10th) With the amount of remediation folks have these days to catch malicious execution of powershell or the use of tools like psexec, red teams have…
ISC Stormcast For Wednesday, March 10th, 2021 https://isc.sans.edu/podcastdetail.html?id=7406, (Wed, Mar 10th)
Read the original article: ISC Stormcast For Wednesday, March 10th, 2021 https://isc.sans.edu/podcastdetail.html?id=7406, (Wed, Mar 10th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Wednesday, March 10th, 2021 https://isc.sans.edu/podcastdetail.html?id=7406,…
Microsoft March 2021 Patch Tuesday, (Tue, Mar 9th)
Read the original article: Microsoft March 2021 Patch Tuesday, (Tue, Mar 9th) This month we got patches for 122 vulnerabilities. Of these, 14 are critical, 5 are being exploited and 2 were previously disclosed. Become a supporter of…
ISC Stormcast For Tuesday, March 9th, 2021 https://isc.sans.edu/podcastdetail.html?id=7404, (Tue, Mar 9th)
Read the original article: ISC Stormcast For Tuesday, March 9th, 2021 https://isc.sans.edu/podcastdetail.html?id=7404, (Tue, Mar 9th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Tuesday, March 9th, 2021 https://isc.sans.edu/podcastdetail.html?id=7404,…
YARA and CyberChef, (Mon, Mar 8th)
Read the original article: YARA and CyberChef, (Mon, Mar 8th) If you prefer a graphical user interface to match YARA rules, you can try CyberChef. Become a supporter of IT Security News and help us remove the ads. Read…
ISC Stormcast For Monday, March 8th, 2021 https://isc.sans.edu/podcastdetail.html?id=7402, (Mon, Mar 8th)
Read the original article: ISC Stormcast For Monday, March 8th, 2021 https://isc.sans.edu/podcastdetail.html?id=7402, (Mon, Mar 8th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Monday, March 8th, 2021 https://isc.sans.edu/podcastdetail.html?id=7402,…
PCAPs and Beacons, (Sun, Mar 7th)
Read the original article: PCAPs and Beacons, (Sun, Mar 7th) I like taking a closer look at captures files posted by Brad. In his latest diary entry, we have a capture file with Cobalt Strike traffic. Become a supporter…
Spotting the Red Team on VirusTotal!, (Sat, Mar 6th)
Read the original article: Spotting the Red Team on VirusTotal!, (Sat, Mar 6th) Many security researchers like to use the VirusTotal platform. The provided services are amazing: You can immediately have a clear overview of the dangerousness level of a file but… VirusTotal…
ISC Stormcast For Friday, March 5th, 2021 https://isc.sans.edu/podcastdetail.html?id=7400, (Fri, Mar 5th)
Read the original article: ISC Stormcast For Friday, March 5th, 2021 https://isc.sans.edu/podcastdetail.html?id=7400, (Fri, Mar 5th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Friday, March 5th, 2021 https://isc.sans.edu/podcastdetail.html?id=7400,…
Spam Farm Spotted in the Wild, (Fri, Mar 5th)
Read the original article: Spam Farm Spotted in the Wild, (Fri, Mar 5th) If there is a place where you can always find juicy information, it's your spam folder! Yes, I like spam and I don't delete my spam before…
From VBS, PowerShell, C Sharp, Process Hollowing to RAT, (Thu, Mar 4th)
Read the original article: From VBS, PowerShell, C Sharp, Process Hollowing to RAT, (Thu, Mar 4th) VBS files are interesting to deliver malicious content to a victim's computer because they look like simple text files. I found an interesting sample…
ISC Stormcast For Thursday, March 4th, 2021 https://isc.sans.edu/podcastdetail.html?id=7398, (Thu, Mar 4th)
Read the original article: ISC Stormcast For Thursday, March 4th, 2021 https://isc.sans.edu/podcastdetail.html?id=7398, (Thu, Mar 4th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Thursday, March 4th, 2021 https://isc.sans.edu/podcastdetail.html?id=7398,…
Microsoft Releases Exchange Emergency Patch to Fix Activity Exploited Vulnerability, (Wed, Mar 3rd)
Read the original article: Microsoft Releases Exchange Emergency Patch to Fix Activity Exploited Vulnerability, (Wed, Mar 3rd) Microsoft today released an emergency patch for Microsoft Exchange Server. The patch fixes seven different vulnerabilities. Four of these vulnerabilities are currently being…
ISC Stormcast For Wednesday, March 3rd, 2021 https://isc.sans.edu/podcastdetail.html?id=7396, (Wed, Mar 3rd)
Read the original article: ISC Stormcast For Wednesday, March 3rd, 2021 https://isc.sans.edu/podcastdetail.html?id=7396, (Wed, Mar 3rd) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Wednesday, March 3rd, 2021 https://isc.sans.edu/podcastdetail.html?id=7396,…
Qakbot infection with Cobalt Strike, (Wed, Mar 3rd)
Read the original article: Qakbot infection with Cobalt Strike, (Wed, Mar 3rd) Introduction Become a supporter of IT Security News and help us remove the ads. Read the original article: Qakbot infection with Cobalt Strike, (Wed, Mar 3rd)

Security Detection & Response Alert Output Usability Survey: https://www.surveymonkey.com/r/TAOvsVAO, (Tue, Mar 2nd)
Read the original article: 
Security Detection & Response Alert Output Usability Survey: https://www.surveymonkey.com/r/TAOvsVAO, (Tue, Mar 2nd) This post doesn’t have text content, please click on the link below to view the original article. 
Security Detection & Response Alert Output Usability…
Patch Now: HAFNIUM targeting Exchange Servers with 0day exploits https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/, (Tue, Mar 2nd)
Read the original article: Patch Now: HAFNIUM targeting Exchange Servers with 0day exploits https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/, (Tue, Mar 2nd) This post doesn’t have text content, please click on the link below to view the original article. Patch Now: HAFNIUM targeting Exchange Servers…
Adversary Simulation with Sim, (Tue, Mar 2nd)
Read the original article: Adversary Simulation with Sim, (Tue, Mar 2nd) One of the best ways to test your detection portfolio is to emulate user actions on monitored systems. Become a supporter of IT Security News and help us…
Security Detection & Response Alert Output Usability Survey: https://www.surveymonkey.com/r/TAOvsVAO, (Tue, Mar 2nd)
Read the original article: Security Detection & Response Alert Output Usability Survey: https://www.surveymonkey.com/r/TAOvsVAO, (Tue, Mar 2nd) This post doesn’t have text content, please click on the link below to view the original article. Security Detection & Response Alert Output Usability…
ISC Stormcast For Tuesday, March 2nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7394, (Tue, Mar 2nd)
Read the original article: ISC Stormcast For Tuesday, March 2nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7394, (Tue, Mar 2nd) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Tuesday, March 2nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7394,…
Fun with DNS over TLS (DoT), (Mon, Mar 1st)
Read the original article: Fun with DNS over TLS (DoT), (Mon, Mar 1st) Going back a few weeks, we discussed how DNS over HTTPS (DoH) works (https://isc.sans.edu/forums/diary/Fun+with+NMAP+NSE+Scripts+and+DOH+DNS+over+HTTPS/27026/)  – very much as an unauthenticated API over HTTPS.  But DNS over TLS…
ISC Stormcast For Monday, March 1st, 2021 https://isc.sans.edu/podcastdetail.html?id=7392, (Mon, Mar 1st)
Read the original article: ISC Stormcast For Monday, March 1st, 2021 https://isc.sans.edu/podcastdetail.html?id=7392, (Mon, Mar 1st) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Monday, March 1st, 2021 https://isc.sans.edu/podcastdetail.html?id=7392,…
Maldocs: Protection Passwords, (Sun, Feb 28th)
Read the original article: Maldocs: Protection Passwords, (Sun, Feb 28th) In diary entry “Unprotecting Malicious Documents For Inspection” I explain how to deal with protected malicious Excel documents by removing the protection passwords. Become a supporter of IT Security…
Pretending to be an Outlook Version Update, (Fri, Feb 26th)
Read the original article: Pretending to be an Outlook Version Update, (Fri, Feb 26th) I received this phishing email yesterday that seemed very strange with this short and urgent message: Become a supporter of IT Security News and help…
ISC Stormcast For Friday, February 26th, 2021 https://isc.sans.edu/podcastdetail.html?id=7390, (Fri, Feb 26th)
Read the original article: ISC Stormcast For Friday, February 26th, 2021 https://isc.sans.edu/podcastdetail.html?id=7390, (Fri, Feb 26th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Friday, February 26th, 2021 https://isc.sans.edu/podcastdetail.html?id=7390,…
So where did those Satori attacks come from?, (Thu, Feb 25th)
Read the original article: So where did those Satori attacks come from?, (Thu, Feb 25th) Last week I posted about a new Satori variant scanning on TCP port 26 that I was picking up in my honeypots. Things have slowed…
ISC Stormcast For Thursday, February 25th, 2021 https://isc.sans.edu/podcastdetail.html?id=7388, (Thu, Feb 25th)
Read the original article: ISC Stormcast For Thursday, February 25th, 2021 https://isc.sans.edu/podcastdetail.html?id=7388, (Thu, Feb 25th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Thursday, February 25th, 2021 https://isc.sans.edu/podcastdetail.html?id=7388,…
Forensicating Azure VMs, (Thu, Feb 25th)
Read the original article: Forensicating Azure VMs, (Thu, Feb 25th) With more and more workloads migrating to “the Cloud”, we see post-breach forensic investigations also increasingly moving from on-premises to remote instances. If we are lucky and the installation is…
ISC Stormcast For Wednesday, February 24th, 2021 https://isc.sans.edu/podcastdetail.html?id=7386, (Wed, Feb 24th)
Read the original article: ISC Stormcast For Wednesday, February 24th, 2021 https://isc.sans.edu/podcastdetail.html?id=7386, (Wed, Feb 24th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Wednesday, February 24th, 2021 https://isc.sans.edu/podcastdetail.html?id=7386,…
Malspam pushes GuLoader for Remcos RAT, (Wed, Feb 24th)
Read the original article: Malspam pushes GuLoader for Remcos RAT, (Wed, Feb 24th) Introduction Become a supporter of IT Security News and help us remove the ads. Read the original article: Malspam pushes GuLoader for Remcos RAT, (Wed, Feb…
Qakbot in a response to Full Disclosure post, (Tue, Feb 23rd)
Read the original article: Qakbot in a response to Full Disclosure post, (Tue, Feb 23rd) Given its history, the Full Disclosure mailing list[1] is probably one of the best-known places on the internet where information about newly discovered vulnerabilities is…
ISC Stormcast For Tuesday, February 23rd, 2021 https://isc.sans.edu/podcastdetail.html?id=7384, (Tue, Feb 23rd)
Read the original article: ISC Stormcast For Tuesday, February 23rd, 2021 https://isc.sans.edu/podcastdetail.html?id=7384, (Tue, Feb 23rd) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Tuesday, February 23rd, 2021 https://isc.sans.edu/podcastdetail.html?id=7384,…
Unprotecting Malicious Documents For Inspection, (Mon, Feb 22nd)
Read the original article: Unprotecting Malicious Documents For Inspection, (Mon, Feb 22nd) I wanted to take a look at Brad's malicious spreadsheet, using Excel inside a VM. Become a supporter of IT Security News and help us remove the…
ISC Stormcast For Monday, February 22nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7382, (Mon, Feb 22nd)
Read the original article: ISC Stormcast For Monday, February 22nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7382, (Mon, Feb 22nd) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Monday, February 22nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7382,…
DDE and oledump, (Sun, Feb 21st)
Read the original article: DDE and oledump, (Sun, Feb 21st) I was asked if the DDE YARA rules I created work with oledump.py on the sample that Xavier wrote about in his diary entry “Dynamic Data Exchange (DDE) is Back…
Quickie: Extracting HTTP URLs With tshark, (Sat, Feb 20th)
Read the original article: Quickie: Extracting HTTP URLs With tshark, (Sat, Feb 20th) After I posted diary entry “Quickie: tshark & Malware Analysis”, someone asked me how to extract HTTP URLs from capture files with tshark. Become a supporter…
Dynamic Data Exchange (DDE) is Back in the Wild?, (Fri, Feb 19th)
Read the original article: Dynamic Data Exchange (DDE) is Back in the Wild?, (Fri, Feb 19th) DDE or “Dynamic Data Exchange” is a Microsoft technology for interprocess communication used in early versions of Windows and OS/2. DDE allows programs to manipulate objects provided by other programs,…
ISC Stormcast For Friday, February 19th, 2021 https://isc.sans.edu/podcastdetail.html?id=7380, (Fri, Feb 19th)
Read the original article: ISC Stormcast For Friday, February 19th, 2021 https://isc.sans.edu/podcastdetail.html?id=7380, (Fri, Feb 19th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Friday, February 19th, 2021 https://isc.sans.edu/podcastdetail.html?id=7380,…
ISC Stormcast For Thursday, February 18th, 2021 https://isc.sans.edu/podcastdetail.html?id=7378, (Thu, Feb 18th)
Read the original article: ISC Stormcast For Thursday, February 18th, 2021 https://isc.sans.edu/podcastdetail.html?id=7378, (Thu, Feb 18th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Thursday, February 18th, 2021 https://isc.sans.edu/podcastdetail.html?id=7378,…
Malspam pushing Trickbot gtag rob13, (Wed, Feb 17th)
Read the original article: Malspam pushing Trickbot gtag rob13, (Wed, Feb 17th) Introduction Become a supporter of IT Security News and help us remove the ads. Read the original article: Malspam pushing Trickbot gtag rob13, (Wed, Feb 17th)
The new “LinkedInSecureMessage” ?, (Wed, Feb 17th)
Read the original article: The new “LinkedInSecureMessage” ?, (Wed, Feb 17th) [This is a guest diary by JB Bowers – @cherokeejb_] Become a supporter of IT Security News and help us remove the ads. Read the original article: The…
ISC Stormcast For Wednesday, February 17th, 2021 https://isc.sans.edu/podcastdetail.html?id=7376, (Wed, Feb 17th)
Read the original article: ISC Stormcast For Wednesday, February 17th, 2021 https://isc.sans.edu/podcastdetail.html?id=7376, (Wed, Feb 17th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Wednesday, February 17th, 2021 https://isc.sans.edu/podcastdetail.html?id=7376,…
More weirdness on TCP port 26, (Tue, Feb 16th)
Read the original article: More weirdness on TCP port 26, (Tue, Feb 16th) A little over a year ago, I wrote a diary asking what was going on with traffic on TCP %%port:26%%. So, last week when I noticed another…