This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, July 22nd, 2024…
Tag: SANS Internet Storm Center, InfoCON: green
Widespread Windows Crashes Due to Crowdstrike Updates, (Fri, Jul 19th)
Last night, endpoint security company Crowdstrike released an update that is causing widespread “blue screens of death” (BSOD) on Windows systems. Crowdstrike released an advisory, which is only available after logging into the Crowdstrike support platform. A brief public statement…
ISC Stormcast For Friday, July 19th, 2024 https://isc.sans.edu/podcastdetail/9060, (Fri, Jul 19th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, July 19th, 2024…
ISC Stormcast For Thursday, July 18th, 2024 https://isc.sans.edu/podcastdetail/9058, (Thu, Jul 18th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, July 18th, 2024…
ISC Stormcast For Wednesday, July 17th, 2024 https://isc.sans.edu/podcastdetail/9056, (Wed, Jul 17th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, July 17th, 2024…
Who You Gonna Call? AndroxGh0st Busters! [Guest Diary], (Tue, Jul 16th)
[This is a Guest Diary by Michael Gallant, an ISC intern as part of the SANS.edu BACS program] This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Who You Gonna Call? AndroxGh0st Busters!…
“Reply-chain phishing” with a twist, (Tue, Jul 16th)
Few weeks ago, I was asked by a customer to take a look at a phishing message which contained a link that one of their employees clicked on. The concern was whether the linked-to site was only a generic credential…
ISC Stormcast For Tuesday, July 16th, 2024 https://isc.sans.edu/podcastdetail/9054, (Tue, Jul 16th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, July 16th, 2024…
Protected OOXML Spreadsheets, (Mon, Jul 15th)
I was asked a question about the protection of an .xlsm spreadsheet. I've written before on the protection of .xls spreadsheets, for example in diary entries “Unprotecting Malicious Documents For Inspection” and “16-bit Hash Collisions in .xls Spreadsheets”; and blog…
ISC Stormcast For Monday, July 15th, 2024 https://isc.sans.edu/podcastdetail/9052, (Mon, Jul 15th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, July 15th, 2024…
Wireshark 4.2.6 Released, (Sun, Jul 14th)
Wireshark release 4.2.6 fixes 1 vulnerability (SPRT parser crash) and 10 bugs. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Wireshark 4.2.6 Released, (Sun, Jul 14th)
16-bit Hash Collisions in .xls Spreadsheets, (Sat, Jul 13th)
A couple years ago, in diary entry “Unprotecting Malicious Documents For Inspection” I explain how .xls spreadsheets are password protected (but not encrypted). And in follow-up diary entry “Maldocs: Protection Passwords”, I talk about an update to my oledump plugin…
Attacks against the “Nette” PHP framework CVE-2020-15227, (Fri, Jul 12th)
Today, I noticed some exploit attempts against an older vulnerability in the “Nette Framework”, CVE-2020-15227 [1]. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Attacks against the “Nette” PHP framework CVE-2020-15227, (Fri,…
ISC Stormcast For Friday, July 12th, 2024 https://isc.sans.edu/podcastdetail/9050, (Fri, Jul 12th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, July 12th, 2024…
Understanding SSH Honeypot Logs: Attackers Fingerprinting Honeypots, (Thu, Jul 11th)
Some of the commands observed can be confusing for a novice looking at ssh honeypot logs. Sure, you have some obvious commands like “uname -a” to fingerprint the kernel. However, other commands are less intuitive and are not commands a…
ISC Stormcast For Thursday, July 11th, 2024 https://isc.sans.edu/podcastdetail/9048, (Thu, Jul 11th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, July 11th, 2024…
Finding Honeypot Data Clusters Using DBSCAN: Part 1, (Wed, Jul 10th)
Sometimes data needs to be transformed or different tools need to be used so that it can be compared with other data. Some honeypot data is easy to compare since there is no customized information such as randomly generated file…
ISC Stormcast For Wednesday, July 10th, 2024 https://isc.sans.edu/podcastdetail/9046, (Wed, Jul 10th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, July 10th, 2024…
Microsoft Patch Tuesday July 2024, (Tue, Jul 9th)
Microsoft today released patches for 142 vulnerabilities. Only four of the vulnerabilities are rated as “critical”. There are two vulnerabilities that have already been discussed and two that have already been exploited. This article has been indexed from SANS Internet…
ISC Stormcast For Tuesday, July 9th, 2024 https://isc.sans.edu/podcastdetail/9044, (Tue, Jul 9th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, July 9th, 2024…
Kunai: Keep an Eye on your Linux Hosts Activity, (Mon, Jul 8th)
Microsoft has a very popular tool (part of the SysInternals) called Sysmon[1]. It is a system service and device driver designed to monitor and log system activity, including very useful events like process creations, network connections, DNS requests, file changes,…
ISC Stormcast For Monday, July 8th, 2024 https://isc.sans.edu/podcastdetail/9042, (Mon, Jul 8th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, July 8th, 2024…
Overlooked Domain Name Resiliency Issues: Registrar Communications, (Fri, Jul 5th)
I often think the Internet would work better without DNS. People unable to remember an IP address would be unable to use it. But on the other hand, there is more to DNS than translating a human-readable hostname to a…
SSH “regreSSHion” Remote Code Execution Vulnerability in OpenSSH., (Mon, Jul 1st)
Qualys published a blog posts with details regarding a critical remote code execution vulnerability [1] This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: SSH “regreSSHion” Remote Code Execution Vulnerability in OpenSSH., (Mon,…
Support of SSL 2.0 on web servers in 2024, (Fri, Jun 28th)
We last discussed SSLv2 support on internet-exposed web servers about a year ago, when we discovered that there were still about 450 thousand web servers that supported this protocol left on the internet[1]. We also found that a significant portion…
ISC Stormcast For Friday, June 28th, 2024 https://isc.sans.edu/podcastdetail/9040, (Fri, Jun 28th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, June 28th, 2024…
ISC Stormcast For Thursday, June 27th, 2024 https://isc.sans.edu/podcastdetail/9038, (Thu, Jun 27th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, June 27th, 2024…
What Setting Live Traps for Cybercriminals Taught Me About Security [Guest Diary], (Wed, Jun 26th)
[This is a Guest Diary by Kelly Fiocchi-Tapani, an ISC intern as part of the SANS.edu BACS program] This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: What Setting Live Traps for Cybercriminals…
ISC Stormcast For Wednesday, June 26th, 2024 https://isc.sans.edu/podcastdetail/9036, (Wed, Jun 26th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, June 26th, 2024…
ISC Stormcast For Tuesday, June 25th, 2024 https://isc.sans.edu/podcastdetail/9034, (Tue, Jun 25th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, June 25th, 2024…
Configuration Scanners Adding Java Specific Configuration Files, (Mon, Jun 24th)
Hunting for configuration files is one of the favorite tricks we typically see used against our honeypots. Traditionally, standard and more generic configuration files like “.env” or “.config” are the target, with some cloud-specific configuration files sprinkled in. This article…
ISC Stormcast For Monday, June 24th, 2024 https://isc.sans.edu/podcastdetail/9032, (Mon, Jun 24th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, June 24th, 2024…
Sysinternals’ Process Monitor Version 4 Released, (Sat, Jun 22nd)
Version 4.01 of Sysinternals' Process Monitor (procmon) was released (just one day after the release of version 4.0). This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Sysinternals’ Process Monitor Version 4 Released,…
ISC Stormcast For Friday, June 21st, 2024 https://isc.sans.edu/podcastdetail/9030, (Fri, Jun 21st)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, June 21st, 2024…
No Excuses, Free Tools to Help Secure Authentication in Ubuntu Linux [Guest Diary], (Thu, Jun 20th)
[This is a Guest Diary by Owen Slubowski, an ISC intern as part of the SANS.edu BACS program] This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: No Excuses, Free Tools to Help…
Handling BOM MIME Files, (Wed, Jun 19th)
A reader contacted me with an eml file (which turned out to be benign) that emldump.py could not parse correctly. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Handling BOM MIME Files,…
Video Meta Data: DJI Drones, (Sun, Jun 16th)
Many years ago, I wrote about the EXIF data in pictures taken with Smartphones. Smartphones often record extensive meta data including GPS and accelerometer data. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original…
ISC Stormcast For Tuesday, June 18th, 2024 https://isc.sans.edu/podcastdetail/9028, (Tue, Jun 18th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, June 18th, 2024…
New NetSupport Campaign Delivered Through MSIX Packages, (Mon, Jun 17th)
It's amazing to see how attackers reuse and combine known techniques to target their victims with new campaigns! Last week, I spotted some malicious MSIX packages on VT that drop a NetSupport[1] client preconfigured to phone home to an attacker's…
ISC Stormcast For Monday, June 17th, 2024 https://isc.sans.edu/podcastdetail/9026, (Mon, Jun 17th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, June 17th, 2024…
Overview of My Tools That Handle JSON Data, (Sat, Jun 15th)
I wrote a couple of diary entries showing my tools that produce and consume JSON data. Like “Analyzing PDF Streams”, “Another PDF Streams Example: Extracting JPEGs” and “Analyzing MSG Files”. This article has been indexed from SANS Internet Storm Center,…
ISC Stormcast For Friday, June 14th, 2024 https://isc.sans.edu/podcastdetail/9024, (Fri, Jun 14th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, June 14th, 2024…
The Art of JQ and Command-line Fu [Guest Diary], (Thu, Jun 13th)
[This is a Guest Diary by Kaela Reed, an ISC intern as part of the SANS.edu BACS program] This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: The Art of JQ and Command-line…
ISC Stormcast For Thursday, June 13th, 2024 https://isc.sans.edu/podcastdetail/9022, (Thu, Jun 13th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, June 13th, 2024…
Port 1801 Traffic: Microsoft Message Queue, (Wed, Jun 12th)
I planned a bit a more conclusive story here, but after running into issues decoding the packets and running out of time between looking at student papers, I figured I would leave it up to the audience ;-) Maybe someone…
ISC Stormcast For Wednesday, June 12th, 2024 https://isc.sans.edu/podcastdetail/9020, (Wed, Jun 12th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, June 12th, 2024…
Microsoft Patch Tuesday June 2024, (Tue, Jun 11th)
Microsoft's June 2024 update fixes a total of 58 vulnerabilities. 7 of these vulnerabilities are associated with Chromium and Microsoft's Brave browser. Only one vulnerability is rated critical. One of the vulnerabilities had been disclosed before today. This article has…
ISC Stormcast For Tuesday, June 11th, 2024 https://isc.sans.edu/podcastdetail/9018, (Tue, Jun 11th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, June 11th, 2024…
ISC Stormcast For Monday, June 10th, 2024 https://isc.sans.edu/podcastdetail/9016, (Mon, Jun 10th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, June 10th, 2024…
Attacker Probing for New PHP Vulnerablity CVE-2024-4577, (Sun, Jun 9th)
Our honeypots have detected the first probes for CVE-2024-4577. This vulnerability was originally discovered by Orange Tsai on Friday (June 7th) [1][2]. Watchtwr labs followed up with a detailed blog post and a proof of concept exploit [3]. This article…
Finding End of Support Dates: UK PTSI Regulation, (Fri, Jun 7th)
One of the challenges with many IoT devices, in particular those targeting consumers and small businesses, is the ability to find how long a device is supported. This “expiration date” is becoming important as vulnerabilities are often discovered after a…
ISC Stormcast For Friday, June 7th, 2024 https://isc.sans.edu/podcastdetail/9014, (Fri, Jun 7th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, June 7th, 2024…
Malicious Python Script with a “Best Before” Date, (Thu, Jun 6th)
When you buy some fresh food, it's always a good idea to keep an eye on the best-before date. I found a funny piece of malicious Python script that implements the same technique. It will execute only before a specified…
ISC Stormcast For Thursday, June 6th, 2024 https://isc.sans.edu/podcastdetail/9012, (Thu, Jun 6th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, June 6th, 2024…
Brute Force Attacks Against Watchguard VPN Endpoints, (Wed, Jun 5th)
If you have a pulse and work in information security (or are a new scraping script without a pulse), you have probably seen reports of attacks against VPN endpoints. Running any VPN without strong authentication has been negligent for years,…
ISC Stormcast For Wednesday, June 5th, 2024 https://isc.sans.edu/podcastdetail/9010, (Wed, Jun 5th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, June 5th, 2024…
No-Defender, Yes-Defender, (Tue, Jun 4th)
This is a guest diary by John Moutos This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: No-Defender, Yes-Defender, (Tue, Jun 4th)
ISC Stormcast For Tuesday, June 4th, 2024 https://isc.sans.edu/podcastdetail/9008, (Tue, Jun 4th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, June 4th, 2024…
A Wireshark Lua Dissector for Fixed Field Length Protocols, (Mon, Jun 3rd)
I developed a Wireshark dissector in Lua to parse binary protocols (over TCP) that are composed of fields with fixed lengths. I got this idea while taking a SANS ICS training: for protocol reversing, it would be useful to have…
ISC Stormcast For Monday, June 3rd, 2024 https://isc.sans.edu/podcastdetail/9006, (Mon, Jun 3rd)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, June 3rd, 2024…
“K1w1” InfoStealer Uses gofile.io for Exfiltration, (Fri, May 31st)
Python remains a nice language for attackers and I keep finding interesting scripts that are usually not very well detected by antivirus solutions. The one I found has a VT score of 7/65! (SHA256:a6230d4d00a9d8ecaf5133b02d9b61fe78283ac4826a8346b72b4482d9aab54c[1]). I decided to call it “k1w1”…
ISC Stormcast For Friday, May 31st, 2024 https://isc.sans.edu/podcastdetail/9004, (Fri, May 31st)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, May 31st, 2024…
Feeding MISP with OSSEC, (Thu, May 30th)
I'm a big fan of OSSEC[1] for years. OSSEC (“Open Source Security Event Correlator”) is a comprehensive, open-source host-based intrusion detection system (HIDS). It is designed to monitor and analyze system logs, detect suspicious activities, and provide real-time alerts for…
ISC Stormcast For Thursday, May 30th, 2024 https://isc.sans.edu/podcastdetail/9002, (Thu, May 30th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, May 30th, 2024…

Is that It? Finding the Unknown: Correlations Between Honeypot Logs & PCAPs [Guest Diary], (Tue, May 28th)
[This is a Guest Diary by Joshua Jobe, an ISC intern as part of the SANS.edu BACS program] This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: 
Is that It? Finding the Unknown:…
ISC Stormcast For Wednesday, May 29th, 2024 https://isc.sans.edu/podcastdetail/9000, (Wed, May 29th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, May 29th, 2024…
Is that It? Finding the Unknown: Correlations Between Honeypot Logs & PCAPs [Guest Diary], (Tue, May 28th)
[This is a Guest Diary by Joshua Jobe, an ISC intern as part of the SANS.edu BACS program] This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Is that It? Finding the Unknown:…
ISC Stormcast For Tuesday, May 28th, 2024 https://isc.sans.edu/podcastdetail/8998, (Tue, May 28th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, May 28th, 2024…
Files with TXZ extension used as malspam attachments, (Mon, May 27th)
Malicious e-mail attachments come in all shapes and sizes. In general, however, threat actors usually either send out files, which themselves carry a malicious payload – such as different scripts, Office documents or PDFs – or they send out “containersâ€,…
YARA 4.5.1 Release, (Sun, May 26th)
YARA 4.5.0 was released with a small change to the regex syntax (allowing more whitespace) and many bugfixes. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: YARA 4.5.1 Release, (Sun, May 26th)
csvkit, (Sat, May 25th)
After reading my diary entry “Checking CSV Files”, a reader informed me that CSV toolkit csvkit also contains a command to check CSV files: csvstat.py. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original…
ISC Stormcast For Friday, May 24th, 2024 https://isc.sans.edu/podcastdetail/8996, (Fri, May 24th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, May 24th, 2024…
ISC Stormcast For Thursday, May 23rd, 2024 https://isc.sans.edu/podcastdetail/8994, (Thu, May 23rd)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, May 23rd, 2024…
Analysis of ?redtail? File Uploads to ICS Honeypot, a Multi-Architecture Coin Miner [Guest Diary], (Wed, May 22nd)
[This is a Guest Diary by Robert Riley, an ISC intern as part of the SANS.edu BACS program] This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Analysis of ?redtail? File Uploads to…
NMAP Scanning without Scanning (Part 2) – The ipinfo API, (Wed, May 22nd)
Going back a year or so, I wrote a story on the passive recon, specifically the IPINFO API (https://isc.sans.edu/diary/28596). This API returns various information on an IP address: the registered owning organization and ASN, and a (usually reasonably accurate) approximation…
ISC Stormcast For Wednesday, May 22nd, 2024 https://isc.sans.edu/podcastdetail/8992, (Wed, May 22nd)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, May 22nd, 2024…
Scanning without Scanning with NMAP (APIs FTW), (Tue, May 21st)
A year ago I wrote up using Shodan's API to collect info on open ports and services without actually scanning for them (Shodan's API for the (Recon) Win!). This past week I was trolling through the NMAP scripts directory, and…
ISC Stormcast For Tuesday, May 21st, 2024 https://isc.sans.edu/podcastdetail/8990, (Tue, May 21st)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, May 21st, 2024…
Analyzing MSG Files, (Mon, May 20th)
.msg email files are ole files and can be analyzed with my tool oledump.py. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Analyzing MSG Files, (Mon, May 20th)
ISC Stormcast For Monday, May 20th, 2024 https://isc.sans.edu/podcastdetail/8988, (Mon, May 20th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, May 20th, 2024…
Wireshark 4.2.5 Released, (Sat, May 18th)
Wireshark release 4.2.5 fixes 3 vulnerabilities (%%cve:2024-4853%%, %%cve:2024-4854%% and %%cve:2024-4855%%) and 19 bugs. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Wireshark 4.2.5 Released, (Sat, May 18th)
Another PDF Streams Example: Extracting JPEGs, (Fri, May 17th)
In my diary entry “Analyzing PDF Streams” I showed how to use my tools file-magic.py and myjson-filter.py together with my PDF analysis tool pdf-parser.py to analyze PDF streams en masse. This article has been indexed from SANS Internet Storm Center,…
ISC Stormcast For Friday, May 17th, 2024 https://isc.sans.edu/podcastdetail/8986, (Fri, May 17th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, May 17th, 2024…
Why yq? Adventures in XML, (Thu, May 16th)
I was recently asked to “recover” a RADIUS key from a Microsoft NPS server.  No problem I think, just export the config and it's all there in clear text right? This article has been indexed from SANS Internet Storm Center,…
ISC Stormcast For Thursday, May 16th, 2024 https://isc.sans.edu/podcastdetail/8984, (Thu, May 16th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, May 16th, 2024…
Got MFA? If not, Now is the Time!, (Wed, May 15th)
I had an interesting call from a client recently – they had a number of “net use” and “psexec” commands pop up on a domain controller, all called from PSEXEC (thank goodness for a good EDR deployed across the board!!).…
ISC Stormcast For Wednesday, May 15th, 2024 https://isc.sans.edu/podcastdetail/8982, (Wed, May 15th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, May 15th, 2024…
Microsoft May 2024 Patch Tuesday, (Tue, May 14th)
This month we got patches for 67 vulnerabilities. Of these, 1 are critical, and 1 is being exploited according to Microsoft. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Microsoft May 2024…
ISC Stormcast For Tuesday, May 14th, 2024 https://isc.sans.edu/podcastdetail/8980, (Tue, May 14th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, May 14th, 2024…
Apple Patches Everything: macOS, iOS, iPadOS, watchOS, tvOS updated., (Tue, May 14th)
Apple today released updates for its various operating systems. The updates cover iOS, iPadOS, macOS, watchOS and tvOS. A standalone update for Safari was released for older versions of macOS. One already exploited vulnerability, CVE-2024-23296 is patched for older versions…
ISC Stormcast For Monday, May 13th, 2024 https://isc.sans.edu/podcastdetail/8978, (Mon, May 13th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, May 13th, 2024…
DNS Suffixes on Windows, (Sun, May 12th)
I was asked if I could provide mote details on the following sentence from my diary entry “nslookup's Debug Options”: This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: DNS Suffixes on Windows,…
ISC Stormcast For Friday, May 10th, 2024 https://isc.sans.edu/podcastdetail/8976, (Fri, May 10th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, May 10th, 2024…
Analyzing PDF Streams, (Thu, May 9th)
Occasionaly, Xavier and Jim will ask me specific students' questions about my tools when they teach FOR610: Reverse-Engineering Malware. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Analyzing PDF Streams, (Thu, May…
ISC Stormcast For Thursday, May 9th, 2024 https://isc.sans.edu/podcastdetail/8974, (Thu, May 9th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, May 9th, 2024…
Analyzing Synology Disks on Linux, (Wed, May 8th)
Synology NAS solutions are popular devices. They are also used in many organizations. Their product range goes from small boxes with two disks (I'm not sure they still sell a single-disk enclosure today) up to monsters, rackable with plenty of…
ISC Stormcast For Wednesday, May 8th, 2024 https://isc.sans.edu/podcastdetail/8972, (Wed, May 8th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, May 8th, 2024…
Detecting XFinity/Comcast DNS Spoofing, (Mon, May 6th)
ISPs have a history of intercepting DNS. Often, DNS interception is done as part of a “value add” feature to block access to known malicious websites. Sometimes, users are directed to advertisements if they attempt to access a site that…
ISC Stormcast For Tuesday, May 7th, 2024 https://isc.sans.edu/podcastdetail/8970, (Tue, May 7th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, May 7th, 2024…
ISC Stormcast For Monday, May 6th, 2024 https://isc.sans.edu/podcastdetail/8968, (Mon, May 6th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, May 6th, 2024…