This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, September 24th, 2024…
Tag: SANS Internet Storm Center, InfoCON: green
Phishing links with @ sign and the need for effective security awareness building, (Mon, Sep 23rd)
While going over a batch of phishing e-mails that were delivered to us here at the Internet Storm Center during the first half of September, I noticed one message which was somewhat unusual. Not because it was untypically sophisticated or…
ISC Stormcast For Monday, September 23rd, 2024 https://isc.sans.edu/podcastdetail/9148, (Mon, Sep 23rd)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, September 23rd, 2024…
ISC Stormcast For Friday, September 20th, 2024 https://isc.sans.edu/podcastdetail/9146, (Fri, Sep 20th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, September 20th, 2024…
Fake GitHub Site Targeting Developers, (Thu, Sep 19th)
Our reader “RoseSecurity” forwarded received the following malicious email: This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Fake GitHub Site Targeting Developers, (Thu, Sep 19th)
ISC Stormcast For Thursday, September 19th, 2024 https://isc.sans.edu/podcastdetail/9144, (Thu, Sep 19th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, September 19th, 2024…
Time-to-Live Analysis of DShield Data with Vega-Lite, (Wed, Sep 18th)
Since posting a diary about Vega-Lite [1], I have “played” with other queries that might be interesting and the first one that I wanted to explore since the DShield SIEM [2] capture and parse the iptables logs and store the…
Python Infostealer Patching Windows Exodus App, (Wed, Sep 18th)
A few months ago, I wrote a diary[1] about a Python script that replaced the Exodus[2] Wallet app with a rogue one on macOS. Infostealers are everywhere these days. They target mainly browsers (cookies, credentials) and classic applications that may…
ISC Stormcast For Wednesday, September 18th, 2024 https://isc.sans.edu/podcastdetail/9142, (Wed, Sep 18th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, September 18th, 2024…
23:59, Time to Exfiltrate!, (Tue, Sep 17th)
Last week, I posted a diary about suspicious Python modules. One of them was Firebase [1], the cloud service provided by Google[2]. Firebase services abused by attackers is not new, usually, it's used to host malicious files that will be…
ISC Stormcast For Tuesday, September 17th, 2024 https://isc.sans.edu/podcastdetail/9140, (Tue, Sep 17th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, September 17th, 2024…
Managing PE Files With Overlays, (Mon, Sep 16th)
There is a common technique used by attackers: They append some data at the end of files (this is called an overlay). This can be used for two main reasons: To hide the appended data from the operating system (steganography).…
ISC Stormcast For Monday, September 16th, 2024 https://isc.sans.edu/podcastdetail/9138, (Mon, Sep 16th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, September 16th, 2024…
YARA-X’s Dump Command, (Sun, Sep 15th)
YARA-X is not just a rewrite of YARA in Rust, it comes with new features too. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: YARA-X’s Dump Command, (Sun, Sep 15th)
YARA 4.5.2 Release, (Sat, Sep 14th)
YARA 4.5.2 was released with 3 small changes and 4 bugfixes. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: YARA 4.5.2 Release, (Sat, Sep 14th)
Finding Honeypot Data Clusters Using DBSCAN: Part 2, (Fri, Sep 13th)
In an earlier diary [1], I reviewed how using tools like DBSCAN [2] can be useful to group similar data. I used DBSCAN to try and group similar commands submitted to Cowrie [3] and URL paths submitted to the DShield…
Finding Honeypot Data Clusters Using DBSCAN: Part 2, (Fri, Aug 23rd)
In an earlier diary [1], I reviewed how using tools like DBSCAN [2] can be useful to group similar data. I used DBSCAN to try and group similar commands submitted to Cowrie [3] and URL paths submitted to the DShield…
ISC Stormcast For Friday, September 13th, 2024 https://isc.sans.edu/podcastdetail/9136, (Fri, Sep 13th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, September 13th, 2024…
Hygiene, Hygiene, Hygiene! [Guest Diary], (Wed, Sep 11th)
[This is a Guest Diary by Paul Olson, an ISC intern as part of the SANS.edu BACS program] This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Hygiene, Hygiene, Hygiene! [Guest Diary], (Wed,…
Python Libraries Used for Malicious Purposes, (Wed, Sep 11th)
Since I'm interested in malicious Python scripts, I found multiple samples that rely on existing libraries. The most-known repository is probably pypi.org[1] that reports, as of today, 567,478 projects! Malware developers are like regular developers: They don't want to reinvent…
ISC Stormcast For Wednesday, September 11th, 2024 https://isc.sans.edu/podcastdetail/9134, (Wed, Sep 11th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, September 11th, 2024…
Microsoft September 2024 Patch Tuesday, (Tue, Sep 10th)
Today, Microsoft released its scheduled September set of patches. This update addresses 79 different vulnerabilities. Seven of these vulnerabilities are rated critical. Four vulnerabilities are already being exploited and have been made public. This article has been indexed from…
ISC Stormcast For Tuesday, September 10th, 2024 https://isc.sans.edu/podcastdetail/9132, (Tue, Sep 10th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, September 10th, 2024…
Wireshark 4.4’s IP Address Functions, (Mon, Sep 9th)
New IP address functions have been added in Wireshark 4.4 (if you use Wireshark on Windows, there's a bug in release 4.4.0: the DLL with these functions is missing, it will be included in release 4.4.1; all is fine with…

Password Cracking & Energy: More Dedails, (Sun, Sep 8th)
Here are more details on the power consumption of my desktop computer when I crack passwords (cfr diary entry “Quickie: Password Cracking & Energy”). This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article:…
ISC Stormcast For Monday, September 9th, 2024 https://isc.sans.edu/podcastdetail/9130, (Mon, Sep 9th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, September 9th, 2024…

Python & Notepad++, (Sat, Sep 7th)
PythonScript is a Notepad++ plugin that provides a Python interpreter to edit Notepad++ documents. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: 
Python & Notepad++, (Sat, Sep 7th)
Password Cracking & Energy: More Dedails, (Sun, Sep 8th)
Here are more details on the power consumption of my desktop computer when I crack passwords (cfr diary entry “Quickie: Password Cracking & Energy”). This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article:…
Python & Notepad++, (Sat, Sep 7th)
PythonScript is a Notepad++ plugin that provides a Python interpreter to edit Notepad++ documents. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Python & Notepad++, (Sat, Sep 7th)
ISC Stormcast For Friday, September 6th, 2024 https://isc.sans.edu/podcastdetail/9128, (Fri, Sep 6th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, September 6th, 2024…
Enrichment Data: Keeping it Fresh, (Fri, Sep 6th)
I like to enrich my honeypot data from a variety of sources to help understand a bit more about the context of the attack. This includes the types of networks the attacks are coming from or whether malware submitted to…
ISC Stormcast For Thursday, September 5th, 2024 https://isc.sans.edu/podcastdetail/9126, (Thu, Sep 5th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, September 5th, 2024…
Attack Surface [Guest Diary], (Wed, Sep 4th)
[This is a Guest Diary by Joshua Tyrrell, an ISC intern as part of the SANS.edu BACS program] This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Attack Surface [Guest Diary], (Wed, Sep…
Scans for Moodle Learning Platform Following Recent Update, (Wed, Sep 4th)
On August 10th, the popular learning platform “Moodle” released an update fixing %%cve:2024-43425%%. RedTeam Pentesting found the vulnerability and published a detailed blog post late last week. The blog post demonstrates in detail how a user with the “trainer” role could…
ISC Stormcast For Wednesday, September 4th, 2024 https://isc.sans.edu/podcastdetail/9124, (Wed, Sep 4th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, September 4th, 2024…
ISC Stormcast For Tuesday, September 3rd, 2024 https://isc.sans.edu/podcastdetail/9122, (Tue, Sep 3rd)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, September 3rd, 2024…
Protected OOXML Text Documents, (Mon, Sep 2nd)
Just like “Protected OOXML Spreadsheets”, Word documents can also be protected: This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Protected OOXML Text Documents, (Mon, Sep 2nd)
Wireshark 4.4: Converting Display Filters to BPF Capture Filters, (Sun, Sep 1st)
Display filters are used to define expressions that decide which packets get displayed, and which not in Wireshark's packet list. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Wireshark 4.4: Converting Display…
Wireshark 4.4.0 is now available, (Sat, Aug 31st)
This is the first 4.4 release. Many new features have been added, details are here. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Wireshark 4.4.0 is now available, (Sat, Aug 31st)
ISC Stormcast For Friday, August 30th, 2024 https://isc.sans.edu/podcastdetail/9120, (Fri, Aug 30th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, August 30th, 2024…
Simulating Traffic With Scapy, (Fri, Aug 30th)
It can be helpful to simulate different kinds of system activity. I had an instance where I wanted to generate logs to test a log forwarding agent. This agent was processing DNS logs. There are a variety of ways that…
Live Patching DLLs with Python, (Thu, Aug 29th)
In my previous diary[1], I explained why Python became popular for attackers. One of the given reason was that, from Python scripts, it's possible to call any Windows API and, therefore, perform low-level activities on the system. In another script,…
ISC Stormcast For Thursday, August 29th, 2024 https://isc.sans.edu/podcastdetail/9118, (Thu, Aug 29th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, August 29th, 2024…
ISC Stormcast For Wednesday, August 28th, 2024 https://isc.sans.edu/podcastdetail/9116, (Wed, Aug 28th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, August 28th, 2024…
Vega-Lite with Kibana to Parse and Display IP Activity over Time, (Tue, Aug 27th)
I have been curious for a while looking at Kibana's Vega log parsing options to try to come up with displays and layout that aren't standard in Kibana. A lot of the potential layouts already exists in Kibana but some…
Why Is Python so Popular to Infect Windows Hosts?, (Tue, Aug 27th)
It has been a while since I started to track how Python is used in the Windows eco-system[1]. Almost every day I find new pieces of malicious Python scripts. The programming language itself is not malicious. There are plenty of…
ISC Stormcast For Tuesday, August 27th, 2024 https://isc.sans.edu/podcastdetail/9114, (Tue, Aug 27th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, August 27th, 2024…
From Highly Obfuscated Batch File to XWorm and Redline, (Mon, Aug 26th)
If you follow my diaries, you probably already know that one of my favorite topics around malware is obfuscation. I'm often impressed by the crazy techniques attackers use to make reverse engineers' lives more difficult. Last week, I spotted a…
ISC Stormcast For Monday, August 26th, 2024 https://isc.sans.edu/podcastdetail/9112, (Mon, Aug 26th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, August 26th, 2024…
Pandas Errors: What encoding are my logs in?, (Fri, Aug 23rd)
While trying to process some of my honeypot data, I ran into the following error in my Python script: This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Pandas Errors: What encoding are…
ISC Stormcast For Friday, August 23rd, 2024 https://isc.sans.edu/podcastdetail/9110, (Fri, Aug 23rd)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, August 23rd, 2024…
OpenAI Scans for Honeypots. Artificially Malicious? Action Abuse?, (Thu, Aug 22nd)
For a whille now, I have seen scans that contain the pattern “%%target%%” in the URL. For example, today this particular URL is popular: This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article:…
ISC Stormcast For Thursday, August 22nd, 2024 https://isc.sans.edu/podcastdetail/9108, (Thu, Aug 22nd)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, August 22nd, 2024…
ISC Stormcast For Wednesday, August 21st, 2024 https://isc.sans.edu/podcastdetail/9106, (Wed, Aug 21st)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, August 21st, 2024…
Mapping Threats with DNSTwist and the Internet Storm Center [Guest Diary], (Tue, Aug 20th)
[This is a Guest Diary by Michael Tigges, an ISC intern as part of the SANS.edu BACS program] This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Mapping Threats with DNSTwist and the…
Where are we with CVE-2024-38063: Microsoft IPv6 Vulnerability, (Tue, Aug 20th)
I recorded a quick live stream with a quick update on CVE-2024-38063. The video focuses on determining the exploitability, particularly whether your systems are reachable by IPv6. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read…
ISC Stormcast For Tuesday, August 20th, 2024 https://isc.sans.edu/podcastdetail/9104, (Tue, Aug 20th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, August 20th, 2024…
Do you Like Donuts? Here is a Donut Shellcode Delivered Through PowerShell/Python, (Mon, Aug 19th)
I found a tiny .bat file that looked not suspicious at all: 3650.bat (SHA256:bca5c30a413db21f2f85d7297cf3a9d8cedfd662c77aacee49e821c8b7749290) with a very low VirusTotal score (2/65)[1]. The file is very simple, it invokes a PowerShell: This article has been indexed from SANS Internet Storm Center,…
ISC Stormcast For Monday, August 19th, 2024 https://isc.sans.edu/podcastdetail/9102, (Mon, Aug 19th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, August 19th, 2024…
ISC Stormcast For Friday, August 16th, 2024 https://isc.sans.edu/podcastdetail/9100, (Fri, Aug 16th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, August 16th, 2024…
[Guest Diary] 7 minutes and 4 steps to a quick win: A write-up on custom tools, (Fri, Aug 16th)
[This is a Guest Diary by Justin Leibach, an ISC intern as a part of the SANS.edu BACS [1] degree program] This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: [Guest Diary] 7…
Wireshark 4.4.0rc1’s Custom Columns, (Thu, Aug 15th)
In diary entry “A Wireshark Lua Dissector for Fixed Field Length Protocols”, I show how to use a protocol dissector I wrote in Lua to parse TCP data. This article has been indexed from SANS Internet Storm Center, InfoCON: green…
ISC Stormcast For Thursday, August 15th, 2024 https://isc.sans.edu/podcastdetail/9098, (Thu, Aug 15th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, August 15th, 2024…
Multiple Malware Dropped Through MSI Package, (Wed, Aug 14th)
One of my hunting rules hit on potentially malicious PowerShell code. The file was an MSI package (not an MSIX, these are well-known to execute malicious scripts[1]). This file was a good old OLE package: This article has been indexed…
ISC Stormcast For Wednesday, August 14th, 2024 https://isc.sans.edu/podcastdetail/9096, (Wed, Aug 14th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, August 14th, 2024…
Microsoft August 2024 Patch Tuesday, (Tue, Aug 13th)
This month we got patches for 186 vulnerabilities. Of these, 9 are critical, and 9 are zero-days (3 previously disclosed, and 6 are already being exploited). This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the…
ISC Stormcast For Tuesday, August 13th, 2024 https://isc.sans.edu/podcastdetail/9094, (Tue, Aug 13th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, August 13th, 2024…
ISC Stormcast For Monday, August 12th, 2024 https://isc.sans.edu/podcastdetail/9092, (Mon, Aug 12th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, August 12th, 2024…
Video: Same Origin, CORS, DNS Rebinding and Localhost, (Mon, Aug 12th)
Trying something a bit different. A video demo to illustrate some concepts around “Origin” in web applications. Let me know if this is something you would like to see more of. This article has been indexed from SANS Internet Storm…
ISC Stormcast For Friday, August 9th, 2024 https://isc.sans.edu/podcastdetail/9090, (Fri, Aug 9th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, August 9th, 2024…
ISC Stormcast For Thursday, August 8th, 2024 https://isc.sans.edu/podcastdetail/9088, (Thu, Aug 8th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, August 8th, 2024…
ISC Stormcast For Wednesday, August 7th, 2024 https://isc.sans.edu/podcastdetail/9086, (Wed, Aug 7th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, August 7th, 2024…
Same Scripts, Different Day: What My DShield Honeypot Taught Me About the Importance of Security Fundamentals [Guest Diary], (Wed, Aug 7th)
[This is a Guest Diary by Riché Wiley, an ISC intern as part of the SANS.edu BACS program] This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Same Scripts, Different Day: What My…
A Survey of Scans for GeoServer Vulnerabilities, (Tue, Aug 6th)
A little bit over a year ago, I wrote about scans for GeoServer [1][2]. GeoServer is a platform to process geographic data [3]. It makes it easy to share geospatial data in various common standard formats. Recently, new vulnerabilities were…
ISC Stormcast For Tuesday, August 6th, 2024 https://isc.sans.edu/podcastdetail/9084, (Tue, Aug 6th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, August 6th, 2024…
Script obfuscation using multiple instances of the same function, (Mon, Aug 5th)
Threat actors like to make detection and analysis of any malicious code they create as difficult as possible – for obvious reasons. There are any number of techniques which they may employ in this area, nevertheless, the one approach, that…
ISC Stormcast For Monday, August 5th, 2024 https://isc.sans.edu/podcastdetail/9082, (Mon, Aug 5th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, August 5th, 2024…
OOXML Spreadsheets Protected By Verifier Hashes, (Sat, Aug 3rd)
When I wrote about the internal file format of protected spreadsheets, I mentioned a simple 16-bit hash for .xls files in diary entry “16-bit Hash Collisions in .xls Spreadsheets” and a complex hash based on SHA256 for .xlsx files in…
Even Linux users should take a look at this Microsoft KB article., (Fri, Aug 2nd)
Secure boot has been a standard feature since at least Windows 8. As the name implies, the feature protects the boot process. The integrity of the boot process is ensured by digitally signing any software (“firmware”) used during the boot…
ISC Stormcast For Friday, August 2nd, 2024 https://isc.sans.edu/podcastdetail/9080, (Fri, Aug 2nd)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, August 2nd, 2024…
Tracking Proxy Scans with IPv4.Games, (Thu, Aug 1st)
Today, I saw a proxy scan that was a little bit different: This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Tracking Proxy Scans with IPv4.Games, (Thu, Aug 1st)
ISC Stormcast For Thursday, August 1st, 2024 https://isc.sans.edu/podcastdetail/9078, (Thu, Aug 1st)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, August 1st, 2024…
Increased Activity Against Apache OFBiz CVE-2024-32113, (Wed, Jul 31st)
As part of its extensive project portfolio, the Apache Foundation supports OFBiz, a Java-based framework for creating ERP (Enterprise Resource Planning) applications [1]. OFBiz appears to be far less prevalent than commercial alternatives [2]. However, just as with any other…
ISC Stormcast For Wednesday, July 31st, 2024 https://isc.sans.edu/podcastdetail/9076, (Wed, Jul 31st)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, July 31st, 2024…
Apple Patches Everything. July 2024 Edition, (Tue, Jul 30th)
Yesterday, Apple released patches across all of its operating systems. A standalone patch for Safari was released to address WebKit problems in older macOS versions. Apple does not provide CVSS scores or severity ratings. The ratings below are based on…
ISC Stormcast For Tuesday, July 30th, 2024 https://isc.sans.edu/podcastdetail/9074, (Tue, Jul 30th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, July 30th, 2024…
ISC Stormcast For Monday, July 29th, 2024 https://isc.sans.edu/podcastdetail/9072, (Mon, Jul 29th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, July 29th, 2024…

Quickie: Password Cracking & Energy, (Sun, Jul 28th)
When Johannes talked about my diary entry “Protected OOXML Spreadsheets” on his StormCast podcast, he mentioned that I privately shared data on the power consumption of my desktop with a NVIDIA GeForce RTX 3080 GPU when running Hashcat. This article…
CrowdStrike Outage Themed Maldoc, (Mon, Jul 29th)
I found a malicious Word document with VBA code using the CrowdStrike outage for social engineering purposes. It's an .ASD file (AutoRecover file). My tool oledump.py can analyze it: This article has been indexed from SANS Internet Storm Center, InfoCON:…
Quickie: Password Cracking & Energy, (Sun, Jul 28th)
When Johannes talked about my diary entry “Protected OOXML Spreadsheets” on his StormCast podcast, he mentioned that I privately shared data on the power consumption of my desktop with a NVIDIA GeForce RTX 3080 GPU when running Hashcat. This article…
Create Your Own BSOD: NotMyFault, (Sat, Jul 27th)
With all the Blue Screen Of Death screenshots we saw lately, I got the idea to write about Sysinternals' tool NotMyFault. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Create Your Own…
ExelaStealer Delivered “From Russia With Love”, (Fri, Jul 26th)
Some simple PowerShell scripts might deliver nasty content if executed by the target. I found a very simple one (with a low VT score of 8/65): This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the…
ISC Stormcast For Friday, July 26th, 2024 https://isc.sans.edu/podcastdetail/9070, (Fri, Jul 26th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, July 26th, 2024…
XWorm Hidden With Process Hollowing, (Thu, Jul 25th)
XWorm is not a brand-new malware family[1]. It's a common RAT (Remote Access Tool) re-use regularly in new campaigns. Yesterday, I found a sample that behaves like a dropper and runs the malware using the Process Hollowing technique[2]. The sample…
ISC Stormcast For Thursday, July 25th, 2024 https://isc.sans.edu/podcastdetail/9068, (Thu, Jul 25th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, July 25th, 2024…
“Mouse Logger” Malicious Python Script, (Wed, Jul 24th)
Keylogging is a pretty common feature of many malware families because recording the key pressed on a keyboard may reveal a lot of interesting information like usernames, passwords, etc. Back from SANSFIRE, I looked at my backlog of hunting results and…
ISC Stormcast For Wednesday, July 24th, 2024 https://isc.sans.edu/podcastdetail/9066, (Wed, Jul 24th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, July 24th, 2024…
New Exploit Variation Against D-Link NAS Devices (CVE-2024-3273), (Tue, Jul 23rd)
In April, an OS command injection vulnerability in various D-Link NAS devices was made public [1]. The vulnerability, %%CVE:2024-3273%% was exploited soon after it became public. Many of the affected devices are no longer supported. This article has been indexed…
ISC Stormcast For Tuesday, July 23rd, 2024 https://isc.sans.edu/podcastdetail/9064, (Tue, Jul 23rd)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, July 23rd, 2024…
CrowdStrike: The Monday After, (Mon, Jul 22nd)
Last Friday, after Crowdstrike released a bad sensor configuration update that caused widespread crashes of Windows systems. The most visible effects of these crashes appear to have been mitigated. I am sure many IT workers had to spend the weekend…