サクサク読めて、アプリ限定の機能も多数!
トップへ戻る
Wikipedia
isc.sans.edu
Published: 2024-06-28 Last Updated: 2024-06-28 09:48:07 UTC by Jan Kopriva (Version: 1) We last discussed SSLv2 support on internet-exposed web servers about a year ago, when we discovered that there were still about 450 thousand web servers that supported this protocol left on the internet[1]. We also found that a significant portion of these servers was located in Kazakhstan, Tunisia and in the
Published: 2023-12-23 Last Updated: 2023-12-23 07:07:07 UTC by Xavier Mertens (Version: 1) I found another Python keylogger... This is pretty common because Python has plenty of modules to implement this technique in a few lines of code: from pynput import keyboard from pynput.keyboard import Listener ... keyboard_listener = keyboard.Listener(on_press=self.save_data) with keyboard_listener: self.r
Published: 2023-12-31 Last Updated: 2023-12-31 20:58:25 UTC by Tom Webb (Version: 1) During the holiday season, I've tried many different self-hosting solutions. But one of the most basic options is setting up a Pi-Hole DNS for your home. While the installation is pretty easy, I wanted to use docker on my Pi4, which would be an excellent way to get started. Having this as a docker would allow me t
Published: 2024-07-16 Last Updated: 2024-07-17 00:33:04 UTC by Guy Bruneau (Version: 1) [This is a Guest Diary by Michael Gallant, an ISC intern as part of the SANS.edu BACS program] Image generated by DALL-E [8] Introduction During my internship at the SANS Internet Storm Center, I was tasked with setting up a honeypot, an internet device intentionally vulnerable, to observe and analyze attack ve
Published: 2024-07-19 Last Updated: 2024-07-19 16:59:59 UTC by Johannes Ullrich (Version: 1) Last night, endpoint security company Crowdstrike released an update that is causing widespread "blue screens of death" (BSOD) on Windows systems. Crowdstrike released an advisory, which is only available after logging into the Crowdstrike support platform. A brief public statement can be found here. Crowd
Published: 2024-07-22 Last Updated: 2024-07-22 13:03:41 UTC by Johannes Ullrich (Version: 1) Last Friday, after Crowdstrike released a bad sensor configuration update that caused widespread crashes of Windows systems. The most visible effects of these crashes appear to have been mitigated. I am sure many IT workers had to spend the weekend remediating the issue. It is still early regarding the inc
Published: 2024-01-12 Last Updated: 2024-01-12 06:12:18 UTC by Xavier Mertens (Version: 1) It has been a while since I discussed obfuscation techniques in malicious scripts. I found a VB script that pretends to be a PDF file. As usual, it was delivered through a phishing email with a zip archive. The filename is "rfw_po_docs_order_sheet_01_10_202400000000_pdf.vbs" (SHA256:6e6ecd38cc3c58c40daa4020b
SANS ISC: SANS Internet Storm Center SANS Site Network Current Site SANS Internet Storm Center Other SANS Sites Help Graduate Degree Programs Security Training Security Certification Security Awareness Training Penetration Testing Industrial Control Systems Cyber Defense Foundations DFIR Software Security Government OnSite Training SSL CRL Activity Participate: Learn more about our honeypot networ
Published: 2023-11-01 Last Updated: 2023-11-01 06:33:33 UTC by Xavier Mertens (Version: 1) Did you ever seen ZPAQ archives? This morning, my honeypot captured a phishing attempt which lured the potential victim to open a "ZPAQ" archive. This is not a common file format. This could be used by the attacker to bypass classic security controles. What Wikiepadia says about ZPAQ: ZPAQ is an open source
Published: 2024-01-19 Last Updated: 2024-01-19 05:50:40 UTC by Xavier Mertens (Version: 1) Still today, many people think that Apple and its macOS are less targeted by malware. But the landscape is changing and threats are emerging in this ecosystem too[1]. Here is a good example: I found a malicious Python script targeting wallet application on macOS. The script is not obfuscated and is easy to u
Published: 2024-01-24 Last Updated: 2024-01-24 14:01:00 UTC by Johannes Ullrich (Version: 1) User interface design is one of those often overlooked aspects in software design in general. A bad user interface can quickly become a vulnerability regarding security. Even though I do not remember actual CVE's assigned to bad user-interface design, there probably should be some. One of the more famous u
Published: 2024-07-29 Last Updated: 2024-07-29 00:03:44 UTC by Didier Stevens (Version: 1) I found a malicious Word document with VBA code using the CrowdStrike outage for social engineering purposes. It's an .ASD file (AutoRecover file). My tool oledump.py can analyze it: Before I dive into the VBA code, I want to highlight the metadata of this document: oledump.py's -M option displays the metada
Published: 2024-02-01 Last Updated: 2024-02-01 14:16:09 UTC by Johannes Ullrich (Version: 1) In yesterday's diary, I discussed a new proposed top-level domain, ".internal". This reminded me to talk a bit about what a top-level domain is all about, and some different ways to look at the definition of a top-level domain. A quick trip to Google leads to the official definition of "top-level domain" i
The time to receive an initial email was much longer than I suspected. While scanning of the website happened within the first few hours of the website being publicly available, incoming emails took a couple of days. The web form was also the first method used to submit any content. Common themes of the emails received included: Website redesign Android app development Marketing /sales Email Subje
Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu
Published: 2024-02-21 Last Updated: 2024-02-21 07:27:43 UTC by Jan Kopriva (Version: 1) The Internet Archive is a well-known and much-admired institution, devoted to creating a “digital library of Internet sites and other cultural artifacts in digital form”[1]. On its “WayBackMachine” website, which is hosted on https://archive.org/, one can view archived historical web pages from as far back as 1
Published: 2024-02-22 Last Updated: 2024-02-22 16:40:47 UTC by Johannes Ullrich (Version: 1) [UPDATE] As of 11:30am ET, AT&T states that about 75% of its network is operational, and they are recovering the rest. Several news sources noted that Verizon and T-Mobile may also have outages. This is likely due to a misinterpretation of "Downdetector", a website monitoring various websites for user comp
Published: 2024-02-24 Last Updated: 2024-02-25 08:43:36 UTC by Didier Stevens (Version: 1) Almost 2 years ago, a reader asked us about TCP connections they observed. The data of these TCP connections starts with "MGLNDD_": "MGLNDD_* Scans". Reader Michal Soltysik reached out to us with an answer: MGLN is Magellan, RIPE Atlas Tools. RIPE Atlas employs a global network of probes that measure Interne
Published: 2024-04-04 Last Updated: 2024-04-04 17:53:02 UTC by John Moutos (Version: 1) [This is a guest diary by John Moutos] Intro Ever since the LockBit source code leak back in mid-June 2022 [1], it is not surprising that newer ransomware groups have chosen to adopt a large amount of the LockBit code base into their own, given the success and efficiency that LockBit is notorious for. One of th
Published: 2024-06-03 Last Updated: 2024-06-03 11:00:11 UTC by Didier Stevens (Version: 1) I developed a Wireshark dissector in Lua to parse binary protocols (over TCP) that are composed of fields with fixed lengths. I got this idea while taking a SANS ICS training: for protocol reversing, it would be useful to have a dissector where I can configure the fields (length, type, name, ...). As an exam
© 2024 SANS™ Internet Storm Center Developers: We have an API for you! Link To Us About Us Handlers Privacy Policy
このページを最初にブックマークしてみませんか?
『SANS Internet Storm Center; Cooperative Network Security Community - Internet...』の新着エントリーを見る
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く