Tag: SANS Internet Storm Center, InfoCON: green

Since the last update [5], over the past few months I added several enhancements to DShield SIEM and webhoneypot sensor collection that included an update to the interface to help with DShield sensor analysis. I updated the main dashboard to…

Read more →

On the Stormcast, Johannes talked about BASE64 and DNS used by a backdoor. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: BASE64 Over DNS, (Wed, Sep 10th)

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, September 10th, 2025…

Read more →

As part of its September patch Tuesday, Microsoft addressed 177 different vulnerabilities, 86 of which affect Microsoft products. None of the vulnerabilities has been exploited before today. Two of the vulnerabilities were already made public. Microsoft rates 13 of the…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, September 9th, 2025…

Read more →

This weekend, I noticed three related headers being used in requests to some of our honeypots for the first time [1]: This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: HTTP Request Signatures,…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, September 8th, 2025…

Read more →

YARA is an excellent tool that most of you probably already know and use daily. If you don't, search on isc.sans.edu, we have a bunch of diaries about it[1]. YARA is very powerful because you can search for arrays of…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, September 5th, 2025…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, September 4th, 2025…

Read more →

When I am thinking about the security of manufacturing environments, I am usually focusing on IoT devices integrated into production lines. All the little sensors and actuators are often very difficult to secure. On the other hand, there is also…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, September 3rd, 2025…

Read more →

What can almost 2,000 sextortion messages tell us about how threat actors operate and whether they are successful? Let&#x27s find out. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: A quick look…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, September 2nd, 2025…

Read more →

A user reported a bug in pdf-parser: when dumping all filtered streams, an error would occur: This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: pdf-parser: All Streams, (Sun, Aug 31st)

Read more →

Wireshark release 4.4.9 fixes 5 bugs. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Wireshark 4.4.9 Released, (Sun, Aug 31st)

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, August 29th, 2025…

Read more →

I noticed recently that we have more and more requests for ZIP files in our web honeypot logs. Over the last year, we have had a substantial increase in these requests. This article has been indexed from SANS Internet Storm…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, August 28th, 2025…

Read more →

In most attack scenarios, attackers have to perform a crucial operation: to load a shellcode in memory and execute it. This is often performed in a three-step process: This article has been indexed from SANS Internet Storm Center, InfoCON: green…

Read more →