Read the original article: ISC Stormcast For Tuesday, February 16th, 2021 https://isc.sans.edu/podcastdetail.html?id=7374, (Tue, Feb 16th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Tuesday, February 16th, 2021 https://isc.sans.edu/podcastdetail.html?id=7374,…
Tag: SANS Internet Storm Center, InfoCON: green
Securing and Optimizing Networks: Using pfSense Traffic Shaper Limiters to Combat Bufferbloat, (Mon, Feb 15th)
Read the original article: Securing and Optimizing Networks: Using pfSense Traffic Shaper Limiters to Combat Bufferbloat, (Mon, Feb 15th) [This is a guest diary by Yee Ching Tok (personal website here (https://poppopretn.com)). Feedback welcome either via comments or our contact…

Video: tshark & Malware Analysis, (Sun, Feb 14th)
Read the original article: 
Video: tshark & Malware Analysis, (Sun, Feb 14th) In this video, I show the commands I used in diary entry “Quickie: tshark & Malware Analysis” to analyze shellcode from a pcapng file, and I also show…
ISC Stormcast For Monday, February 15th, 2021 https://isc.sans.edu/podcastdetail.html?id=7372, (Mon, Feb 15th)
Read the original article: ISC Stormcast For Monday, February 15th, 2021 https://isc.sans.edu/podcastdetail.html?id=7372, (Mon, Feb 15th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Monday, February 15th, 2021 https://isc.sans.edu/podcastdetail.html?id=7372,…
Video: tshark & Malware Analysis, (Sun, Feb 14th)
Read the original article: Video: tshark & Malware Analysis, (Sun, Feb 14th) In this video, I show the commands I used in diary entry “Quickie: tshark & Malware Analysis” to analyze shellcode from a pcapng file, and I also show…
Using Logstash to Parse IPtables Firewall Logs, (Sat, Feb 13th)
Read the original article: Using Logstash to Parse IPtables Firewall Logs, (Sat, Feb 13th) One of our reader submitted some DSL Modem Firewall logs (iptables format) and I wrote a simple logstash parser to analyze and illustrate the activity, in…
vSphere Replication updates address a command injection vulnerability (CVE-2021-21976) – https://www.vmware.com/security/advisories/VMSA-2021-0001.html, (Sat, Feb 13th)
Read the original article: vSphere Replication updates address a command injection vulnerability (CVE-2021-21976) – https://www.vmware.com/security/advisories/VMSA-2021-0001.html, (Sat, Feb 13th) ———– Become a supporter of IT Security News and help us remove the ads. Read the original article: vSphere Replication updates…
AgentTesla Dropped Through Automatic Click in Microsoft Help File, (Fri, Feb 12th)
Read the original article: AgentTesla Dropped Through Automatic Click in Microsoft Help File, (Fri, Feb 12th) Attackers have plenty of resources to infect our systems. If some files may look suspicious because the extension is less common (like .xsl files[1]),…
ISC Stormcast For Friday, February 12th, 2021 https://isc.sans.edu/podcastdetail.html?id=7370, (Fri, Feb 12th)
Read the original article: ISC Stormcast For Friday, February 12th, 2021 https://isc.sans.edu/podcastdetail.html?id=7370, (Fri, Feb 12th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Friday, February 12th, 2021 https://isc.sans.edu/podcastdetail.html?id=7370,…
Agent Tesla hidden in a historical anti-malware tool, (Thu, Feb 11th)
Read the original article: Agent Tesla hidden in a historical anti-malware tool, (Thu, Feb 11th) While going through attachments of e-mails, which were caught in my e-mail quarantine since the beginning of February, I found an ISO file with what…
ISC Stormcast For Thursday, February 11th, 2021 https://isc.sans.edu/podcastdetail.html?id=7368, (Thu, Feb 11th)
Read the original article: ISC Stormcast For Thursday, February 11th, 2021 https://isc.sans.edu/podcastdetail.html?id=7368, (Thu, Feb 11th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Thursday, February 11th, 2021 https://isc.sans.edu/podcastdetail.html?id=7368,…
ISC Stormcast For Wednesday, February 10th, 2021 https://isc.sans.edu/podcastdetail.html?id=7366, (Wed, Feb 10th)
Read the original article: ISC Stormcast For Wednesday, February 10th, 2021 https://isc.sans.edu/podcastdetail.html?id=7366, (Wed, Feb 10th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Wednesday, February 10th, 2021 https://isc.sans.edu/podcastdetail.html?id=7366,…
Phishing message to the ISC handlers email distro, (Wed, Feb 10th)
Read the original article: Phishing message to the ISC handlers email distro, (Wed, Feb 10th) Introduction Become a supporter of IT Security News and help us remove the ads. Read the original article: Phishing message to the ISC handlers…
Microsoft February 2021 Patch Tuesday, (Tue, Feb 9th)
Read the original article: Microsoft February 2021 Patch Tuesday, (Tue, Feb 9th) This month we got patches for 56 vulnerabilities. Of these, 11 are critical, 1 is being exploited and 6 were previously disclosed. Become a supporter of IT…

Quickie: tshark & Malware Analysis, (Mon, Feb 8th)
Read the original article: 
Quickie: tshark & Malware Analysis, (Mon, Feb 8th) The following screenshot drew my attention when I read Brad's diary entry “Excel spreadsheets push SystemBC malware”: Become a supporter of IT Security News and help us…
ISC Stormcast For Tuesday, February 9th, 2021 https://isc.sans.edu/podcastdetail.html?id=7364, (Tue, Feb 9th)
Read the original article: ISC Stormcast For Tuesday, February 9th, 2021 https://isc.sans.edu/podcastdetail.html?id=7364, (Tue, Feb 9th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Tuesday, February 9th, 2021 https://isc.sans.edu/podcastdetail.html?id=7364,…
Quickie: tshark & Malware Analysis, (Mon, Feb 8th)
Read the original article: Quickie: tshark & Malware Analysis, (Mon, Feb 8th) The following screenshot drew my attention when I read Brad's diary entry “Excel spreadsheets push SystemBC malware”: Become a supporter of IT Security News and help us…
ISC Stormcast For Monday, February 8th, 2021 https://isc.sans.edu/podcastdetail.html?id=7362, (Mon, Feb 8th)
Read the original article: ISC Stormcast For Monday, February 8th, 2021 https://isc.sans.edu/podcastdetail.html?id=7362, (Mon, Feb 8th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Monday, February 8th, 2021 https://isc.sans.edu/podcastdetail.html?id=7362,…
YARA v4.0.5, (Sat, Feb 6th)
Read the original article: YARA v4.0.5, (Sat, Feb 6th) YARA version 4.0.5 was released. Become a supporter of IT Security News and help us remove the ads. Read the original article: YARA v4.0.5, (Sat, Feb 6th)
VBA Macro Trying to Alter the Application Menus, (Fri, Feb 5th)
Read the original article: VBA Macro Trying to Alter the Application Menus, (Fri, Feb 5th) Who remembers the worm Melissa[1]? It started to spread in March 1999! In information security, it looks like speaking about prehistory but I spotted a VBA…

Abusing Google Chrome extension syncing for data exfiltration and C&C, (Thu, Feb 4th)
Read the original article: 
Abusing Google Chrome extension syncing for data exfiltration and C&C, (Thu, Feb 4th) I had a pleasure (or not) of working on another incident where, among other things, attackers were using a pretty novel way of…
ISC Stormcast For Friday, February 5th, 2021 https://isc.sans.edu/podcastdetail.html?id=7360, (Fri, Feb 5th)
Read the original article: ISC Stormcast For Friday, February 5th, 2021 https://isc.sans.edu/podcastdetail.html?id=7360, (Fri, Feb 5th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Friday, February 5th, 2021 https://isc.sans.edu/podcastdetail.html?id=7360,…
Abusing Google Chrome extension syncing for data exfiltration and C&C, (Thu, Feb 4th)
Read the original article: Abusing Google Chrome extension syncing for data exfiltration and C&C, (Thu, Feb 4th) I had a pleasure (or not) of working on another incident where, among other things, attackers were using a pretty novel way of…
ISC Stormcast For Thursday, February 4th, 2021 https://isc.sans.edu/podcastdetail.html?id=7358, (Thu, Feb 4th)
Read the original article: ISC Stormcast For Thursday, February 4th, 2021 https://isc.sans.edu/podcastdetail.html?id=7358, (Thu, Feb 4th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Thursday, February 4th, 2021 https://isc.sans.edu/podcastdetail.html?id=7358,…
ISC Stormcast For Wednesday, February 3rd, 2021 https://isc.sans.edu/podcastdetail.html?id=7356, (Wed, Feb 3rd)
Read the original article: ISC Stormcast For Wednesday, February 3rd, 2021 https://isc.sans.edu/podcastdetail.html?id=7356, (Wed, Feb 3rd) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Wednesday, February 3rd, 2021 https://isc.sans.edu/podcastdetail.html?id=7356,…
Excel spreadsheets push SystemBC malware, (Wed, Feb 3rd)
Read the original article: Excel spreadsheets push SystemBC malware, (Wed, Feb 3rd) Introduction Become a supporter of IT Security News and help us remove the ads. Read the original article: Excel spreadsheets push SystemBC malware, (Wed, Feb 3rd)
New Example of XSL Script Processing aka “Mitre T1220”, (Tue, Feb 2nd)
Read the original article: New Example of XSL Script Processing aka “Mitre T1220”, (Tue, Feb 2nd) Last week, Brad posted a diary about TA551[1]. A few days later, one of our readers submitted another sample belonging to the same campaign.…
ISC Stormcast For Monday, February 1st, 2021 https://isc.sans.edu/podcastdetail.html?id=7352, (Mon, Feb 1st)
Read the original article: ISC Stormcast For Monday, February 1st, 2021 https://isc.sans.edu/podcastdetail.html?id=7352, (Mon, Feb 1st) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Monday, February 1st, 2021 https://isc.sans.edu/podcastdetail.html?id=7352,…
Taking a Shot at Reverse Shell Attacks, CNC Phone Home and Data Exfil from Servers, (Mon, Feb 1st)
Read the original article: Taking a Shot at Reverse Shell Attacks, CNC Phone Home and Data Exfil from Servers, (Mon, Feb 1st) Over the last number of weeks (after the Solarwinds Orion news) there's been a lot of discussion on…
ISC Stormcast For Tuesday, February 2nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7354, (Tue, Feb 2nd)
Read the original article: ISC Stormcast For Tuesday, February 2nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7354, (Tue, Feb 2nd) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Tuesday, February 2nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7354,…
YARA v4.0.4, (Sun, Jan 31st)
Read the original article: YARA v4.0.4, (Sun, Jan 31st) YARA version 4.0.4 was released (right after version 4.0.3). Become a supporter of IT Security News and help us remove the ads. Read the original article: YARA v4.0.4, (Sun, Jan…
Wireshark 3.4.3 Released, (Sun, Jan 31st)
Read the original article: Wireshark 3.4.3 Released, (Sun, Jan 31st) Wireshark version 3.4.3 was released. Become a supporter of IT Security News and help us remove the ads. Read the original article: Wireshark 3.4.3 Released, (Sun, Jan 31st)
PacketSifter as Network Parsing and Telemetry Tool, (Sat, Jan 30th)
Read the original article: PacketSifter as Network Parsing and Telemetry Tool, (Sat, Jan 30th) I saw PacketSifter[1], a new package on Github and figure I would give it a try to test its functionality. It is described as “PacketSifter is…
Wireshark 3.2.11 is now available which contains Bug Fixes – https://www.wireshark.org, (Sat, Jan 30th)
Read the original article: Wireshark 3.2.11 is now available which contains Bug Fixes – https://www.wireshark.org, (Sat, Jan 30th) ———– Become a supporter of IT Security News and help us remove the ads. Read the original article: Wireshark 3.2.11 is…
Sensitive Data Shared with Cloud Services, (Fri, Jan 29th)
Read the original article: Sensitive Data Shared with Cloud Services, (Fri, Jan 29th) Yesterday was the data protection day in Europe[1]. I was not on duty so I'm writing this quick diary a bit late. Back in 2020, the Nitro…
ISC Stormcast For Friday, January 29th, 2021 https://isc.sans.edu/podcastdetail.html?id=7350, (Fri, Jan 29th)
Read the original article: ISC Stormcast For Friday, January 29th, 2021 https://isc.sans.edu/podcastdetail.html?id=7350, (Fri, Jan 29th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Friday, January 29th, 2021 https://isc.sans.edu/podcastdetail.html?id=7350,…
ISC Stormcast For Thursday, January 28th, 2021 https://isc.sans.edu/podcastdetail.html?id=7348, (Thu, Jan 28th)
Read the original article: ISC Stormcast For Thursday, January 28th, 2021 https://isc.sans.edu/podcastdetail.html?id=7348, (Thu, Jan 28th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Thursday, January 28th, 2021 https://isc.sans.edu/podcastdetail.html?id=7348,…
Emotet vs. Windows Attack Surface Reduction, (Thu, Jan 28th)
Read the original article: Emotet vs. Windows Attack Surface Reduction, (Thu, Jan 28th) Emotet malware in the form of malicious Word documents continued to make the rounds over the past weeks, and the samples initially often had pretty poor anti-virus…
TriOp – tool for gathering (not just) security-related data from Shodan.io (tool drop), (Wed, Jan 27th)
Read the original article: TriOp – tool for gathering (not just) security-related data from Shodan.io (tool drop), (Wed, Jan 27th) If you're a regular reader of our Diaries, you may remember that over the last year and a half, a…
ISC Stormcast For Wednesday, January 27th, 2021 https://isc.sans.edu/podcastdetail.html?id=7346, (Wed, Jan 27th)
Read the original article: ISC Stormcast For Wednesday, January 27th, 2021 https://isc.sans.edu/podcastdetail.html?id=7346, (Wed, Jan 27th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Wednesday, January 27th, 2021 https://isc.sans.edu/podcastdetail.html?id=7346,…
TA551 (Shathak) Word docs push Qakbot (Qbot), (Tue, Jan 26th)
Read the original article: TA551 (Shathak) Word docs push Qakbot (Qbot), (Tue, Jan 26th) Introduction Become a supporter of IT Security News and help us remove the ads. Read the original article: TA551 (Shathak) Word docs push Qakbot (Qbot),…
ISC Stormcast For Tuesday, January 26th, 2021 https://isc.sans.edu/podcastdetail.html?id=7344, (Tue, Jan 26th)
Read the original article: ISC Stormcast For Tuesday, January 26th, 2021 https://isc.sans.edu/podcastdetail.html?id=7344, (Tue, Jan 26th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Tuesday, January 26th, 2021 https://isc.sans.edu/podcastdetail.html?id=7344,…
Fun with NMAP NSE Scripts and DOH (DNS over HTTPS), (Mon, Jan 25th)
Read the original article: Fun with NMAP NSE Scripts and DOH (DNS over HTTPS), (Mon, Jan 25th) DOH (DNS over HTTPS) has been implemented into the various browsers over the last year or so, and there's a fair amount of…

Video: Doc & RTF Malicious Document, (Sun, Jan 24th)
Read the original article: 
Video: Doc & RTF Malicious Document, (Sun, Jan 24th) I made a video for my diary entry “Doc & RTF Malicious Document”. And I show a new feature of my tool re-search.py, that helps with filtering…
ISC Stormcast For Monday, January 25th, 2021 https://isc.sans.edu/podcastdetail.html?id=7342, (Mon, Jan 25th)
Read the original article: ISC Stormcast For Monday, January 25th, 2021 https://isc.sans.edu/podcastdetail.html?id=7342, (Mon, Jan 25th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Monday, January 25th, 2021 https://isc.sans.edu/podcastdetail.html?id=7342,…
Video: Doc & RTF Malicious Document, (Sun, Jan 24th)
Read the original article: Video: Doc & RTF Malicious Document, (Sun, Jan 24th) I made a video for my diary entry “Doc & RTF Malicious Document”. And I show a new feature of my tool re-search.py, that helps with filtering…
CyberChef: Analyzing OOXML Files for URLs, (Sat, Jan 23rd)
Read the original article: CyberChef: Analyzing OOXML Files for URLs, (Sat, Jan 23rd) In diary entry “Doc & RTF Malicious Document” I start analyzing a malicious Word document with my tools. Become a supporter of IT Security News and…
Another File Extension to Block in your MTA: .jnlp, (Fri, Jan 22nd)
Read the original article: Another File Extension to Block in your MTA: .jnlp, (Fri, Jan 22nd) When hunting, one thing that I like to learn is how attackers can be imaginative at deploying new techniques. I spotted some emails that…
ISC Stormcast For Friday, January 22nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7340, (Fri, Jan 22nd)
Read the original article: ISC Stormcast For Friday, January 22nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7340, (Fri, Jan 22nd) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Friday, January 22nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7340,…
Powershell Dropping a REvil Ransomware, (Thu, Jan 21st)
Read the original article: Powershell Dropping a REvil Ransomware, (Thu, Jan 21st) I spotted a piece of Powershell code that deserved some investigations because it makes use of RunSpaces[1]. The file (SHA256:e1e19d637e6744fedb76a9008952e01ee6dabaecbc6ad2701dfac6aab149cecf) has a very low VT score: only 1/59![2]. …
ISC Stormcast For Thursday, January 21st, 2021 https://isc.sans.edu/podcastdetail.html?id=7338, (Thu, Jan 21st)
Read the original article: ISC Stormcast For Thursday, January 21st, 2021 https://isc.sans.edu/podcastdetail.html?id=7338, (Thu, Jan 21st) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Thursday, January 21st, 2021 https://isc.sans.edu/podcastdetail.html?id=7338,…
ISC Stormcast For Wednesday, January 20th, 2021 https://isc.sans.edu/podcastdetail.html?id=7336, (Wed, Jan 20th)
Read the original article: ISC Stormcast For Wednesday, January 20th, 2021 https://isc.sans.edu/podcastdetail.html?id=7336, (Wed, Jan 20th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Wednesday, January 20th, 2021 https://isc.sans.edu/podcastdetail.html?id=7336,…

Security Detection & Response Alert Output Usability Survey https://www.surveymonkey.com/r/TAOvsVAO, (Tue, Jan 19th)
Read the original article: 
Security Detection & Response Alert Output Usability Survey https://www.surveymonkey.com/r/TAOvsVAO, (Tue, Jan 19th) This post doesn’t have text content, please click on the link below to view the original article. 
Security Detection & Response Alert Output Usability…
Qakbot activity resumes after holiday break, (Wed, Jan 20th)
Read the original article: Qakbot activity resumes after holiday break, (Wed, Jan 20th) Introduction Become a supporter of IT Security News and help us remove the ads. Read the original article: Qakbot activity resumes after holiday break, (Wed, Jan…
ISC Stormcast For Tuesday, January 19th, 2021 https://isc.sans.edu/podcastdetail.html?id=7334, (Tue, Jan 19th)
Read the original article: ISC Stormcast For Tuesday, January 19th, 2021 https://isc.sans.edu/podcastdetail.html?id=7334, (Tue, Jan 19th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Tuesday, January 19th, 2021 https://isc.sans.edu/podcastdetail.html?id=7334,…
Gordon for fast cyber reputation checks, (Tue, Jan 19th)
Read the original article: Gordon for fast cyber reputation checks, (Tue, Jan 19th) Gordon quickly provides threat & risk information about observables Become a supporter of IT Security News and help us remove the ads. Read the original article:…
Security Detection & Response Alert Output Usability Survey https://www.surveymonkey.com/r/TAOvsVAO, (Tue, Jan 19th)
Read the original article: Security Detection & Response Alert Output Usability Survey https://www.surveymonkey.com/r/TAOvsVAO, (Tue, Jan 19th) This post doesn’t have text content, please click on the link below to view the original article. Security Detection & Response Alert Output Usability…

Doc & RTF Malicious Document, (Mon, Jan 18th)
Read the original article: 
Doc & RTF Malicious Document, (Mon, Jan 18th) A reader pointed us to a malicious Word document. Become a supporter of IT Security News and help us remove the ads. Read the original article: 
Doc…
The CIS Benchmark for Cisco Nexus (NX-OS) 1.0 went live last week, find it here: https://www.cisecurity.org/cis-benchmarks/, (Mon, Jan 18th)
Read the original article: The CIS Benchmark for Cisco Nexus (NX-OS) 1.0 went live last week, find it here: https://www.cisecurity.org/cis-benchmarks/, (Mon, Jan 18th) =============== Rob VandenBrink Become a supporter of IT Security News and help us remove the ads.…
Doc & RTF Malicious Document, (Mon, Jan 18th)
Read the original article: Doc & RTF Malicious Document, (Mon, Jan 18th) A reader pointed us to a malicious Word document. Become a supporter of IT Security News and help us remove the ads. Read the original article: Doc…
ISC Stormcast For Monday, January 18th, 2021 https://isc.sans.edu/podcastdetail.html?id=7332, (Mon, Jan 18th)
Read the original article: ISC Stormcast For Monday, January 18th, 2021 https://isc.sans.edu/podcastdetail.html?id=7332, (Mon, Jan 18th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Monday, January 18th, 2021 https://isc.sans.edu/podcastdetail.html?id=7332,…
New Release of Sysmon Adding Detection for Process Tampering, (Sun, Jan 17th)
Read the original article: New Release of Sysmon Adding Detection for Process Tampering, (Sun, Jan 17th) Version 13.01 of Sysmon was released, a Windows Sysinternals tool to monitor and log system activity. Become a supporter of IT Security News…
Obfuscated DNS Queries, (Fri, Jan 15th)
Read the original article: Obfuscated DNS Queries, (Fri, Jan 15th) This week I started seeing some URL with /dns-query?dns in my honeypot[1][2]. The queries obviously did not look like a standard DNS queries, this got me curious and then proceeded…
Throwback Friday: An Example of Rig Exploit Kit, (Fri, Jan 15th)
Read the original article: Throwback Friday: An Example of Rig Exploit Kit, (Fri, Jan 15th) Introduction Become a supporter of IT Security News and help us remove the ads. Read the original article: Throwback Friday: An Example of Rig…
ISC Stormcast For Friday, January 15th, 2021 https://isc.sans.edu/podcastdetail.html?id=7330, (Fri, Jan 15th)
Read the original article: ISC Stormcast For Friday, January 15th, 2021 https://isc.sans.edu/podcastdetail.html?id=7330, (Fri, Jan 15th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Friday, January 15th, 2021 https://isc.sans.edu/podcastdetail.html?id=7330,…
Dynamically analyzing a heavily obfuscated Excel 4 macro malicious file, (Thu, Jan 14th)
Read the original article: Dynamically analyzing a heavily obfuscated Excel 4 macro malicious file, (Thu, Jan 14th) Recently I had to analyze an Excel malicious file that was caught in the wild, in a real attack. The file was used…
ISC Stormcast For Thursday, January 14th, 2021 https://isc.sans.edu/podcastdetail.html?id=7328, (Thu, Jan 14th)
Read the original article: ISC Stormcast For Thursday, January 14th, 2021 https://isc.sans.edu/podcastdetail.html?id=7328, (Thu, Jan 14th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Thursday, January 14th, 2021 https://isc.sans.edu/podcastdetail.html?id=7328,…
ISC Stormcast For Wednesday, January 13th, 2021 https://isc.sans.edu/podcastdetail.html?id=7326, (Wed, Jan 13th)
Read the original article: ISC Stormcast For Wednesday, January 13th, 2021 https://isc.sans.edu/podcastdetail.html?id=7326, (Wed, Jan 13th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Wednesday, January 13th, 2021 https://isc.sans.edu/podcastdetail.html?id=7326,…
Hancitor activity resumes after a hoilday break, (Wed, Jan 13th)
Read the original article: Hancitor activity resumes after a hoilday break, (Wed, Jan 13th) Introduction Become a supporter of IT Security News and help us remove the ads. Read the original article: Hancitor activity resumes after a hoilday break,…
Microsoft January 2021 Patch Tuesday, (Tue, Jan 12th)
Read the original article: Microsoft January 2021 Patch Tuesday, (Tue, Jan 12th) This month we got patches for 83 vulnerabilities. Of these, 10 are critical, one was previously disclosed, and one is already being exploited according to Microsoft. Become…
ISC Stormcast For Tuesday, January 12th, 2021 https://isc.sans.edu/podcastdetail.html?id=7324, (Tue, Jan 12th)
Read the original article: ISC Stormcast For Tuesday, January 12th, 2021 https://isc.sans.edu/podcastdetail.html?id=7324, (Tue, Jan 12th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Tuesday, January 12th, 2021 https://isc.sans.edu/podcastdetail.html?id=7324,…
Using the NVD Database and API to Keep Up with Vulnerabilities and Patches – Tool Drop: CVEScan (Part 3 of 3), (Mon, Jan 11th)
Read the original article: Using the NVD Database and API to Keep Up with Vulnerabilities and Patches – Tool Drop: CVEScan (Part 3 of 3), (Mon, Jan 11th) Now with a firm approach to or putting an inventory and using…
New version of Sysinternals released, Process Hollowing detection added in Sysmon, new registry access detection added to Procmon https://docs.microsoft.com/en-us/sysinternals/, (Mon, Jan 11th)
Read the original article: New version of Sysinternals released, Process Hollowing detection added in Sysmon, new registry access detection added to Procmon https://docs.microsoft.com/en-us/sysinternals/, (Mon, Jan 11th) This post doesn’t have text content, please click on the link below to view…
ISC Stormcast For Monday, January 11th, 2021 https://isc.sans.edu/podcastdetail.html?id=7322, (Mon, Jan 11th)
Read the original article: ISC Stormcast For Monday, January 11th, 2021 https://isc.sans.edu/podcastdetail.html?id=7322, (Mon, Jan 11th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Monday, January 11th, 2021 https://isc.sans.edu/podcastdetail.html?id=7322,…
Maldoc Analysis With CyberChef, (Sun, Jan 10th)
Read the original article: Maldoc Analysis With CyberChef, (Sun, Jan 10th) In diary entry “Maldoc Strings Analysis” I show how to analyze a malicious document, by extracting and dedocing strings with command-line tools. Become a supporter of IT Security…
Maldoc Strings Analysis, (Sat, Jan 9th)
Read the original article: Maldoc Strings Analysis, (Sat, Jan 9th) As I announced in my diary entry “Strings 2021”, I will write some diary entries following a simpler method of malware analysis, namely looking for strings inside malicious files using…
Using the NIST Database and API to Keep Up with Vulnerabilities and Patches – Playing with Code (Part 2 of 3), (Fri, Jan 8th)
Read the original article: Using the NIST Database and API to Keep Up with Vulnerabilities and Patches – Playing with Code (Part 2 of 3), (Fri, Jan 8th) Building on yesterday's story – now that we have an inventory built…
ISC Stormcast For Friday, January 8th, 2021 https://isc.sans.edu/podcastdetail.html?id=7320, (Fri, Jan 8th)
Read the original article: ISC Stormcast For Friday, January 8th, 2021 https://isc.sans.edu/podcastdetail.html?id=7320, (Fri, Jan 8th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Friday, January 8th, 2021 https://isc.sans.edu/podcastdetail.html?id=7320,…
Using the NIST Database and API to Keep Up with Vulnerabilities and Patches (Part 1 of 3), (Thu, Jan 7th)
Read the original article: Using the NIST Database and API to Keep Up with Vulnerabilities and Patches (Part 1 of 3), (Thu, Jan 7th) It's been a while since NIST changed the API for their NVD (National Vulnerability Database), so…
Directly related to today’s main story on CPE/CVEs – Code Exec in Cisco Jabber, all platforms https://nvd.nist.gov/vuln/detail/CVE-2020-26085, (Thu, Jan 7th)
Read the original article: Directly related to today’s main story on CPE/CVEs – Code Exec in Cisco Jabber, all platforms https://nvd.nist.gov/vuln/detail/CVE-2020-26085, (Thu, Jan 7th) =============== Rob VandenBrink Become a supporter of IT Security News and help us remove the…
ISC Stormcast For Thursday, January 7th, 2021 https://isc.sans.edu/podcastdetail.html?id=7318, (Thu, Jan 7th)
Read the original article: ISC Stormcast For Thursday, January 7th, 2021 https://isc.sans.edu/podcastdetail.html?id=7318, (Thu, Jan 7th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Thursday, January 7th, 2021 https://isc.sans.edu/podcastdetail.html?id=7318,…
Scans for Zyxel Backdoors are Commencing., (Wed, Jan 6th)
Read the original article: Scans for Zyxel Backdoors are Commencing., (Wed, Jan 6th) It was the day (or two days actually) before Christmas when Niels Teusing published a blog post about a back door in various Zyxel products [1]. Niels…
ISC Stormcast For Wednesday, January 6th, 2021 https://isc.sans.edu/podcastdetail.html?id=7316, (Wed, Jan 6th)
Read the original article: ISC Stormcast For Wednesday, January 6th, 2021 https://isc.sans.edu/podcastdetail.html?id=7316, (Wed, Jan 6th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Wednesday, January 6th, 2021 https://isc.sans.edu/podcastdetail.html?id=7316,…
Netfox Detective: An Alternative Open-Source Packet Analysis Tool , (Tue, Jan 5th)
Read the original article: Netfox Detective: An Alternative Open-Source Packet Analysis Tool , (Tue, Jan 5th) [This is a guest diary by Yee Ching Tok (personal website here (https://poppopretn.com)). Feedback welcome either via comments or our contact page (https://isc.sans.edu/contact.html)] …
ISC Stormcast For Tuesday, January 5th, 2021 https://isc.sans.edu/podcastdetail.html?id=7314, (Tue, Jan 5th)
Read the original article: ISC Stormcast For Tuesday, January 5th, 2021 https://isc.sans.edu/podcastdetail.html?id=7314, (Tue, Jan 5th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Tuesday, January 5th, 2021 https://isc.sans.edu/podcastdetail.html?id=7314,…
From a small BAT file to Mass Logger infostealer, (Mon, Jan 4th)
Read the original article: From a small BAT file to Mass Logger infostealer, (Mon, Jan 4th) Since another year went by, I've decided to once again check all of the malicious files, which were caught in my e-mail quarantine during…
ISC Stormcast For Monday, January 4th 2021 https://isc.sans.edu/podcastdetail.html?id=7312, (Mon, Jan 4th)
Read the original article: ISC Stormcast For Monday, January 4th 2021 https://isc.sans.edu/podcastdetail.html?id=7312, (Mon, Jan 4th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Monday, January 4th 2021 https://isc.sans.edu/podcastdetail.html?id=7312,…
Protecting Home Office and Enterprise in 2021, (Sat, Jan 2nd)
Read the original article: Protecting Home Office and Enterprise in 2021, (Sat, Jan 2nd) Because of COVID, 2020 saw a major shift from working at the “office” to working at home which led to shift the attacks to the user…
Strings 2021, (Fri, Jan 1st)
Read the original article: Strings 2021, (Fri, Jan 1st) This year, for my diary entries with malware analysis, I will check each time if a malware sample can be analyzed with the strings command (or a variant). And if it…
End of Year Traffic Analysis Quiz, (Thu, Dec 31st)
Read the original article: End of Year Traffic Analysis Quiz, (Thu, Dec 31st) Introduction Become a supporter of IT Security News and help us remove the ads. Read the original article: End of Year Traffic Analysis Quiz, (Thu, Dec…
TLS 1.3 is now supported by about 1 in every 5 HTTPS servers, (Wed, Dec 30th)
Read the original article: TLS 1.3 is now supported by about 1 in every 5 HTTPS servers, (Wed, Dec 30th) TLS 1.3 has been with us for couple of years now[1]. It has brought significant security improvements over previous TLS…
ISC Stormcast For Wednesday, December 30th 2020 https://isc.sans.edu/podcastdetail.html?id=7310, (Wed, Dec 30th)
Read the original article: ISC Stormcast For Wednesday, December 30th 2020 https://isc.sans.edu/podcastdetail.html?id=7310, (Wed, Dec 30th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Wednesday, December 30th 2020 https://isc.sans.edu/podcastdetail.html?id=7310,…
Want to know what’s in a folder you don’t have a permission to access? Try asking your AV solution…, (Tue, Dec 29th)
Read the original article: Want to know what’s in a folder you don’t have a permission to access? Try asking your AV solution…, (Tue, Dec 29th) Back in February, I wrote a diary about a small vulnerability in Windows, which…
ISC Stormcast For Tuesday, December 29th 2020 https://isc.sans.edu/podcastdetail.html?id=7308, (Tue, Dec 29th)
Read the original article: ISC Stormcast For Tuesday, December 29th 2020 https://isc.sans.edu/podcastdetail.html?id=7308, (Tue, Dec 29th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Tuesday, December 29th 2020 https://isc.sans.edu/podcastdetail.html?id=7308,…
ISC Stormcast For Monday, December 28th 2020 https://isc.sans.edu/podcastdetail.html?id=7306, (Mon, Dec 28th)
Read the original article: ISC Stormcast For Monday, December 28th 2020 https://isc.sans.edu/podcastdetail.html?id=7306, (Mon, Dec 28th) This post doesn’t have text content, please click on the link below to view the original article. ISC Stormcast For Monday, December 28th 2020 https://isc.sans.edu/podcastdetail.html?id=7306,…
Quickie: Bit Shifting With translate.py, (Sun, Dec 27th)
Read the original article: Quickie: Bit Shifting With translate.py, (Sun, Dec 27th) As promised in diary entry “Corrupt BASE64 Strings: Detection and Decoding”, I explain here how to shift bits with my translate.py tool: Become a supporter of IT…

Quickie: String Analysis & Maldocs, (Fri, Dec 25th)
Read the original article: 
Quickie: String Analysis & Maldocs, (Fri, Dec 25th) Yesterday, Xavier showed how to start analyzing a malicious Word document with my oledump.py tool. Become a supporter of IT Security News and help us remove the…
base64dump.py Supported Encodings, (Sat, Dec 26th)
Read the original article: base64dump.py Supported Encodings, (Sat, Dec 26th) I explained to a friend that my tool base64dump.py, despite its name, does support many other encodings than BASE64. For example, it can detect and decode hexadecimal strings too. …
Quickie: String Analysis & Maldocs, (Fri, Dec 25th)
Read the original article: Quickie: String Analysis & Maldocs, (Fri, Dec 25th) Yesterday, Xavier showed how to start analyzing a malicious Word document with my oledump.py tool. Become a supporter of IT Security News and help us remove the…
Malicious Word Document Delivering an Octopus Backdoor, (Thu, Dec 24th)
Read the original article: Malicious Word Document Delivering an Octopus Backdoor, (Thu, Dec 24th) Here is an interesting malicious Word document that I spotted yesterday. This time, it does not contain a macro but two embedded objects that the victim…