サクサク読めて、アプリ限定の機能も多数!
トップへ戻る
ノーベル賞
isc.sans.edu
Published: 2019-05-07. Last Updated: 2019-05-07 23:51:57 UTC by Renato Marinho (Version: 1) An ongoing malicious campaign is looking for vulnerable Apache Jenkins installations to deploy a Monero cryptominer. The dropper uses sophisticated techniques to hide its presence on the system, to move laterally and to look for new victims on the internet. It also downloads and runs the miner software – of
Published: 2024-06-28 Last Updated: 2024-06-28 09:48:07 UTC by Jan Kopriva (Version: 1) We last discussed SSLv2 support on internet-exposed web servers about a year ago, when we discovered that there were still about 450 thousand web servers that supported this protocol left on the internet[1]. We also found that a significant portion of these servers was located in Kazakhstan, Tunisia and in the
Published: 2023-12-23 Last Updated: 2023-12-23 07:07:07 UTC by Xavier Mertens (Version: 1) I found another Python keylogger... This is pretty common because Python has plenty of modules to implement this technique in a few lines of code: from pynput import keyboard from pynput.keyboard import Listener ... keyboard_listener = keyboard.Listener(on_press=self.save_data) with keyboard_listener: self.r
Published: 2023-12-31 Last Updated: 2023-12-31 20:58:25 UTC by Tom Webb (Version: 1) During the holiday season, I've tried many different self-hosting solutions. But one of the most basic options is setting up a Pi-Hole DNS for your home. While the installation is pretty easy, I wanted to use docker on my Pi4, which would be an excellent way to get started. Having this as a docker would allow me t
Published: 2024-07-16 Last Updated: 2024-07-17 00:33:04 UTC by Guy Bruneau (Version: 1) [This is a Guest Diary by Michael Gallant, an ISC intern as part of the SANS.edu BACS program] Image generated by DALL-E [8] Introduction During my internship at the SANS Internet Storm Center, I was tasked with setting up a honeypot, an internet device intentionally vulnerable, to observe and analyze attack ve
Published: 2024-07-19 Last Updated: 2024-07-19 16:59:59 UTC by Johannes Ullrich (Version: 1) Last night, endpoint security company Crowdstrike released an update that is causing widespread "blue screens of death" (BSOD) on Windows systems. Crowdstrike released an advisory, which is only available after logging into the Crowdstrike support platform. A brief public statement can be found here. Crowd
Published: 2024-07-22 Last Updated: 2024-07-22 13:03:41 UTC by Johannes Ullrich (Version: 1) Last Friday, after Crowdstrike released a bad sensor configuration update that caused widespread crashes of Windows systems. The most visible effects of these crashes appear to have been mitigated. I am sure many IT workers had to spend the weekend remediating the issue. It is still early regarding the inc
Published: 2024-01-12 Last Updated: 2024-01-12 06:12:18 UTC by Xavier Mertens (Version: 1) It has been a while since I discussed obfuscation techniques in malicious scripts. I found a VB script that pretends to be a PDF file. As usual, it was delivered through a phishing email with a zip archive. The filename is "rfw_po_docs_order_sheet_01_10_202400000000_pdf.vbs" (SHA256:6e6ecd38cc3c58c40daa4020b
SANS ISC: SANS Internet Storm Center SANS Site Network Current Site SANS Internet Storm Center Other SANS Sites Help Graduate Degree Programs Security Training Security Certification Security Awareness Training Penetration Testing Industrial Control Systems Cyber Defense Foundations DFIR Software Security Government OnSite Training SSL CRL Activity Participate: Learn more about our honeypot networ
Published: 2023-11-01 Last Updated: 2023-11-01 06:33:33 UTC by Xavier Mertens (Version: 1) Did you ever seen ZPAQ archives? This morning, my honeypot captured a phishing attempt which lured the potential victim to open a "ZPAQ" archive. This is not a common file format. This could be used by the attacker to bypass classic security controles. What Wikiepadia says about ZPAQ: ZPAQ is an open source
Published: 2024-01-19 Last Updated: 2024-01-19 05:50:40 UTC by Xavier Mertens (Version: 1) Still today, many people think that Apple and its macOS are less targeted by malware. But the landscape is changing and threats are emerging in this ecosystem too[1]. Here is a good example: I found a malicious Python script targeting wallet application on macOS. The script is not obfuscated and is easy to u
Published: 2024-01-24 Last Updated: 2024-01-24 14:01:00 UTC by Johannes Ullrich (Version: 1) User interface design is one of those often overlooked aspects in software design in general. A bad user interface can quickly become a vulnerability regarding security. Even though I do not remember actual CVE's assigned to bad user-interface design, there probably should be some. One of the more famous u
Published: 2024-07-29 Last Updated: 2024-07-29 00:03:44 UTC by Didier Stevens (Version: 1) I found a malicious Word document with VBA code using the CrowdStrike outage for social engineering purposes. It's an .ASD file (AutoRecover file). My tool oledump.py can analyze it: Before I dive into the VBA code, I want to highlight the metadata of this document: oledump.py's -M option displays the metada
Published: 2024-07-31 Last Updated: 2024-07-31 17:51:09 UTC by Johannes Ullrich (Version: 1) As part of its extensive project portfolio, the Apache Foundation supports OFBiz, a Java-based framework for creating ERP (Enterprise Resource Planning) applications [1]. OFBiz appears to be far less prevalent than commercial alternatives [2]. However, just as with any other ERP system, organizations rely
The time to receive an initial email was much longer than I suspected. While scanning of the website happened within the first few hours of the website being publicly available, incoming emails took a couple of days. The web form was also the first method used to submit any content. Common themes of the emails received included: Website redesign Android app development Marketing /sales Email Subje
© 2024 SANS™ Internet Storm Center Developers: We have an API for you! Link To Us About Us Handlers Privacy Policy
Published: 2024-08-07. Last Updated: 2024-08-07 00:42:13 UTC by Guy Bruneau (Version: 1) [This is a Guest Diary by Riché Wiley, an ISC intern as part of the SANS.edu BACS program] I first set up a DShield honeypot as part of my internship with SANS Internet Storm Center, I was certain I wouldn’t see much traffic. I had managed to convince myself that, as a lone honeypot in the middle of the vast i
Published: 2024-02-22 Last Updated: 2024-02-22 16:40:47 UTC by Johannes Ullrich (Version: 1) [UPDATE] As of 11:30am ET, AT&T states that about 75% of its network is operational, and they are recovering the rest. Several news sources noted that Verizon and T-Mobile may also have outages. This is likely due to a misinterpretation of "Downdetector", a website monitoring various websites for user comp
Published: 2024-08-12. Last Updated: 2024-08-12 00:26:11 UTC by Johannes Ullrich (Version: 1) Trying something a bit different. A video demo to illustrate some concepts around "Origin" in web applications. Let me know if this is something you would like to see more of. Some references to go with this video: 0.0.0.0 Day: Exploiting Localhost APIs From the Browser Private Network Access Cross Origin
Published: 2024-08-29. Last Updated: 2024-08-29 07:24:07 UTC by Xavier Mertens (Version: 1) In my previous diary[1], I explained why Python became popular for attackers. One of the given reason was that, from Python scripts, it’s possible to call any Windows API and, therefore, perform low-level activities on the system. In another script, besides a classic code injection in a remote process, I fo
Published: 2024-10-10. Last Updated: 2024-10-10 02:47:59 UTC by Guy Bruneau (Version: 1) [This is a Guest Diary by Christopher Schroeder, an ISC intern as part of the SANS.edu BACS program] Introduction Honeypots are a useful tool for researchers and defenders and the technology behind them has long been static. I created a new type of honeypot that brings a new outlook, new challenges, and a bit
このページを最初にブックマークしてみませんか?
『SANS Internet Storm Center; Cooperative Network Security Community - Internet...』の新着エントリーを見る
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く