サクサク読めて、アプリ限定の機能も多数!
トップへ戻る
GPT-4o
isc.sans.edu
Published: 2023-11-30 Last Updated: 2023-12-01 17:21:37 UTC by Johannes Ullrich (Version: 1) Apple today released patches for two WebKit vulnerabilities affecting macOS, iPadOS and iOS. I would expect standalone Safari updates for older macOS versions in the future. At this point, only the most recent operating system versions received patches. The vulnerabilities have been exploited against versi
Published: 2023-12-23 Last Updated: 2023-12-23 07:07:07 UTC by Xavier Mertens (Version: 1) I found another Python keylogger... This is pretty common because Python has plenty of modules to implement this technique in a few lines of code: from pynput import keyboard from pynput.keyboard import Listener ... keyboard_listener = keyboard.Listener(on_press=self.save_data) with keyboard_listener: self.r
Published: 2023-12-31 Last Updated: 2023-12-31 20:58:25 UTC by Tom Webb (Version: 1) During the holiday season, I've tried many different self-hosting solutions. But one of the most basic options is setting up a Pi-Hole DNS for your home. While the installation is pretty easy, I wanted to use docker on my Pi4, which would be an excellent way to get started. Having this as a docker would allow me t
Published: 2024-01-06 Last Updated: 2024-01-06 09:18:30 UTC by Xavier Mertens (Version: 1) If many people can detect simple phishing emails these days, some attacks are very well crafted and also have built-in techniques not only to ensure that potential victims will fall into the trap but there is another aspect. From an attacker’s point of view, how to improve the quality of collected data? I fo
Published: 2024-01-08 Last Updated: 2024-01-08 14:34:36 UTC by Jesse La Grew (Version: 1) Devices are connecting to different web resources on a regular basis. One method to identify what is connecting to a web resource is through a user agent [1] and many are received on DShield [2] honeypots. Figure 1: Popular user agents seen over the last 7 days from a honeypot Some of these user agents are ea
Published: 2024-01-12 Last Updated: 2024-01-12 06:12:18 UTC by Xavier Mertens (Version: 1) It has been a while since I discussed obfuscation techniques in malicious scripts. I found a VB script that pretends to be a PDF file. As usual, it was delivered through a phishing email with a zip archive. The filename is "rfw_po_docs_order_sheet_01_10_202400000000_pdf.vbs" (SHA256:6e6ecd38cc3c58c40daa4020b
SANS ISC: SANS Internet Storm Center SANS Site Network Current Site SANS Internet Storm Center Other SANS Sites Help Graduate Degree Programs Security Training Security Certification Security Awareness Training Penetration Testing Industrial Control Systems Cyber Defense Foundations DFIR Software Security Government OnSite Training SSL CRL Activity Participate: Learn more about our honeypot networ
Published: 2023-11-01 Last Updated: 2023-11-01 06:33:33 UTC by Xavier Mertens (Version: 1) Did you ever seen ZPAQ archives? This morning, my honeypot captured a phishing attempt which lured the potential victim to open a "ZPAQ" archive. This is not a common file format. This could be used by the attacker to bypass classic security controles. What Wikiepadia says about ZPAQ: ZPAQ is an open source
Published: 2024-01-19 Last Updated: 2024-01-19 05:50:40 UTC by Xavier Mertens (Version: 1) Still today, many people think that Apple and its macOS are less targeted by malware. But the landscape is changing and threats are emerging in this ecosystem too[1]. Here is a good example: I found a malicious Python script targeting wallet application on macOS. The script is not obfuscated and is easy to u
Published: 2024-01-24 Last Updated: 2024-01-24 14:01:00 UTC by Johannes Ullrich (Version: 1) User interface design is one of those often overlooked aspects in software design in general. A bad user interface can quickly become a vulnerability regarding security. Even though I do not remember actual CVE's assigned to bad user-interface design, there probably should be some. One of the more famous u
Published: 2024-01-26 Last Updated: 2024-01-26 07:22:51 UTC by Xavier Mertens (Version: 1) Windows batch files (.bat) are often seen by people as very simple but they can be pretty complex or.. contain interesting encoded payloads! I found one that contains multiple payloads decoded and used by a Powershell process. The magic is behind how comments can be added to such files. The default (or very
Published: 2024-02-01 Last Updated: 2024-02-01 14:16:09 UTC by Johannes Ullrich (Version: 1) In yesterday's diary, I discussed a new proposed top-level domain, ".internal". This reminded me to talk a bit about what a top-level domain is all about, and some different ways to look at the definition of a top-level domain. A quick trip to Google leads to the official definition of "top-level domain" i
The time to receive an initial email was much longer than I suspected. While scanning of the website happened within the first few hours of the website being publicly available, incoming emails took a couple of days. The web form was also the first method used to submit any content. Common themes of the emails received included: Website redesign Android app development Marketing /sales Email Subje
Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu
Published: 2024-02-21 Last Updated: 2024-02-21 07:27:43 UTC by Jan Kopriva (Version: 1) The Internet Archive is a well-known and much-admired institution, devoted to creating a “digital library of Internet sites and other cultural artifacts in digital form”[1]. On its “WayBackMachine” website, which is hosted on https://archive.org/, one can view archived historical web pages from as far back as 1
Published: 2024-02-22 Last Updated: 2024-02-22 16:40:47 UTC by Johannes Ullrich (Version: 1) [UPDATE] As of 11:30am ET, AT&T states that about 75% of its network is operational, and they are recovering the rest. Several news sources noted that Verizon and T-Mobile may also have outages. This is likely due to a misinterpretation of "Downdetector", a website monitoring various websites for user comp
Published: 2024-02-24 Last Updated: 2024-02-25 08:43:36 UTC by Didier Stevens (Version: 1) Almost 2 years ago, a reader asked us about TCP connections they observed. The data of these TCP connections starts with "MGLNDD_": "MGLNDD_* Scans". Reader Michal Soltysik reached out to us with an answer: MGLN is Magellan, RIPE Atlas Tools. RIPE Atlas employs a global network of probes that measure Interne
Published: 2024-04-04 Last Updated: 2024-04-04 17:53:02 UTC by John Moutos (Version: 1) [This is a guest diary by John Moutos] Intro Ever since the LockBit source code leak back in mid-June 2022 [1], it is not surprising that newer ransomware groups have chosen to adopt a large amount of the LockBit code base into their own, given the success and efficiency that LockBit is notorious for. One of th
Published: 2023-08-07 Last Updated: 2023-08-07 20:30:47 UTC by Johannes Ullrich (Version: 1) We have been tracking researchers scanning the Internet for open ports or vulnerabilities for a few years. These groups often show up in our "top 10" lists. We do not make any general recommendations to block these IPs but we want to give you the information you need to make this decision for your network.
© 2024 SANS™ Internet Storm Center Developers: We have an API for you! Link To Us About Us Handlers Privacy Policy
このページを最初にブックマークしてみませんか?
『SANS Internet Storm Center; Cooperative Network Security Community - Internet...』の新着エントリーを見る
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く