ISC Stormcast For Thursday, July 14th 2016...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleThe Power of Web Shells, (Wed, Jul 13th)
[Warning: this diary contains many pictures and may take some time to load on slow links] Web shellsare not new in the threats landscape. A web shell is a script (written in PHP, ASL, Perl, ... -...
View ArticleISC Stormcast For Friday, July 15th 2016...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleName All the Things!, (Fri, Jul 15th)
With our more and more complex environments and processes, we have to handle a huge amount of information on a daily basis. To improve the communication with our colleagues, peers, it is mandatory to...
View ArticleClik here to view.
Python Malware - Part 3, (Sat, Jul 16th)
I used my YARA rule PE_File_pyinstaller to scan for Python malware for some time now, and came across some interesting samples (after discarding false positives, PyInstaller is of course also used for...
View ArticleJuniper -> Junos: Self-signed certificate with spoofed trusted Issuer CN...
----------- Guy Bruneau IPSS Inc. Twitter: GuyBruneau gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States...
View ArticleISC Stormcast For Monday, July 18th 2016...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleHTTP Proxy Header Vulnerability ("httpoxy"), (Mon, Jul 18th)
HTTPoxy refers to an older vulnerability in how web applications use the HTTP Proxy header incorrectly. The vulnerability was first described in 2001 in libwww-perl, but has survived detection in other...
View ArticleISC Stormcast For Tuesday, July 19th 2016...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleClik here to view.
Office Maldoc: Let's Focus on the VBA Macros Later..., (Tue, Jul 19th)
I received another malicious Office document. oledump.py shows it contains VBA macros, but also a userform (A4 - A7). Before we look at the VBA macros, we" /> It looks like it contains BASE64 text....
View ArticleASN.1 Anyone? CVE-2016-5080, (Tue, Jul 19th)
*Queue Back to the Future Music* Over more than a decade ago there was a major discovery in ASN.1 that contributed to arguably one of the worst vulnerabilities in a long time. Fast forward *Queue awful...
View ArticleISC Stormcast For Wednesday, July 20th 2016...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleCisco Critical Advisory:...
Richard Porter --- ISC Handler on Duty (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleGuest Diary, Etay Nir: Flipping the Economy of a Hacker, (Wed, Jul 20th)
Flipping the economy of a Hacker Palo Alto Networks partnered with the Ponemon Institute to answer a very specific question: what is the economic incentive for adversaries? Ponemon was chosen as they...
View ArticleISC Stormcast For Thursday, July 21st 2016...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticlePractice ntds.dit File, (Thu, Jul 21st)
I know many people that like password cracking. Or that would like to try it out. Thats why I published an Active Directory database file to practise hash extraction and password cracking. You can find...
View ArticleISC Stormcast For Friday, July 22nd 2016...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleThe life of an IT Manager, (Fri, Jul 22nd)
It is true, I am back after a 2 year hiatus from my duties as a Handler at the Internet Storm Center. Some may be wondering why. So here it is. It all started with my new job. I was hired by a company...
View ArticleIt Is Our Policy, (Sat, Jul 23rd)
How many times have you heard someone say out loud our our security policy requires...?Many times we hear and are sometimes even threatened with the security policy. Security policy should set...
View ArticleISC Stormcast For Monday, July 25th 2016...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View Article