Tag: SANS Internet Storm Center, InfoCON: green

Malicious e-mail attachments come in all shapes and sizes. In general, however, threat actors usually either send out files, which themselves carry a malicious payload – such as different scripts, Office documents or PDFs – or they send out “containers”,…

Read more →

YARA 4.5.0 was released with a small change to the regex syntax (allowing more whitespace) and many bugfixes. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: YARA 4.5.1 Release, (Sun, May 26th)

Read more →

After reading my diary entry “Checking CSV Files”, a reader informed me that CSV toolkit csvkit also contains a command to check CSV files: csvstat.py. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, May 24th, 2024…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, May 23rd, 2024…

Read more →

[This is a Guest Diary by Robert Riley, an ISC intern as part of the SANS.edu BACS program] This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Analysis of ?redtail? File Uploads to…

Read more →

Going back a year or so, I wrote a story on the passive recon, specifically the IPINFO API (https://isc.sans.edu/diary/28596). This API returns various information on an IP address: the registered owning organization and ASN, and a (usually reasonably accurate) approximation…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, May 22nd, 2024…

Read more →

A year ago I wrote up using Shodan's API to collect info on open ports and services without actually scanning for them (Shodan's API for the (Recon) Win!). This past week I was trolling through the NMAP scripts directory, and…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, May 21st, 2024…

Read more →

.msg email files are ole files and can be analyzed with my tool oledump.py. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Analyzing MSG Files, (Mon, May 20th)

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, May 20th, 2024…

Read more →

Wireshark release 4.2.5 fixes 3 vulnerabilities (%%cve:2024-4853%%, %%cve:2024-4854%% and %%cve:2024-4855%%) and 19 bugs. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Wireshark 4.2.5 Released, (Sat, May 18th)

Read more →

In my diary entry “Analyzing PDF Streams” I showed how to use my tools file-magic.py and myjson-filter.py together with my PDF analysis tool pdf-parser.py to analyze PDF streams en masse. This article has been indexed from SANS Internet Storm Center,…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, May 17th, 2024…

Read more →

I was recently asked to “recover” a RADIUS key from a Microsoft NPS server.  No problem I think, just export the config and it's all there in clear text right? This article has been indexed from SANS Internet Storm Center,…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, May 16th, 2024…

Read more →

I had an interesting call from a client recently – they had a number of “net use” and “psexec” commands pop up on a domain controller, all called from PSEXEC (thank goodness for a good EDR deployed across the board!!).…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, May 15th, 2024…

Read more →

This month we got patches for 67 vulnerabilities. Of these, 1 are critical, and 1 is being exploited according to Microsoft. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Microsoft May 2024…

Read more →