SANS Internet Storm Center, InfoCON: green

↧

Petya? I hardly know ya! - an ISC update on the 2017-06-27 ransomware...

June 28, 2017, 10:10 am

This is a follow-up the our previous diary on the ransomware outbreak that happened yesterday on Tuesday 2017-06-27. Introduction By now, it seems almost everyone has written something about yesterdays...

View Article

ISC Stormcast For Thursday, June 29th 2017...

June 28, 2017, 6:10 pm

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

View Article

Catching up with Blank Slate: a malspam campaign still going strong, (Wed,...

June 28, 2017, 7:14 pm

Introduction Blank Slate is the nickname for a malicious spam (malspam) campaign pushing ransomware targeting Windows hosts. Ive already discussed this campaign in a previous diary back in March 2017....

View Article

ISC Stormcast For Friday, June 30th 2017...

June 29, 2017, 6:25 pm

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

View Article

Using nmap to scan for MS17-010 (CVE-2017-0143 EternalBlue), (Sat, Jul 1st)

July 2, 2017, 9:09 am

With both WannaCry and NotPetya using MS17-010 for propagation it is important to be able to detect servers which are vulnerable. Even if you have comprehensive vulnerability management and patching...

View Article

PE Section Name Descriptions, (Sun, Jul 2nd)

July 2, 2017, 2:19 pm

PE files (.exe, .dll, ...) have sections: a section with code, one with data, ... Each section has a name, and different compilers use different section names. Section names can help us identify the...

View Article

ISC Stormcast For Wednesday, July 5th 2017...

July 4, 2017, 4:05 pm

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

View Article

Selecting domains with random names, (Wed, Jul 5th)

July 5, 2017, 11:30 am

I often have to go through lists of domains or URLs, and filter out domains that look like random strings of characters (and could thus have been generated by malware using an algorithm). Thats one of...

View Article

ISC Stormcast For Thursday, July 6th 2017...

July 5, 2017, 12:40 pm

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

View Article

Investigation of BitTorrent Sync (v.2.0) as a P2P Cloud Service (Part 2 ? Log...

July 6, 2017, 12:44 am

[This is a second guest diary by Dr. this post discusses evidencethat can be extracted from related log files of BitTorrent Sync version 2.0 on Windows 8.1, Mac OS X Mavericks 10.9.5, and Ubuntu...

View Article

ISC Stormcast For Friday, July 7th 2017...

July 6, 2017, 1:05 pm

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

View Article

DDoS Extortion E-mail: Yet Another Bluff?, (Fri, Jul 7th)

July 7, 2017, 12:05 pm

And DDoS extortion campaigns continue to be reported. Two weeks ago, Johannes Ullrich published a diary [1] about a fake DDoS pretending to be sent from Anonymous, threatening the targeted company with...

View Article

A VBScript with Obfuscated Base64 Data, (Sat, Jul 8th)

July 7, 2017, 10:56 pm

A few months ago, I posted a diary to explain how to search for (malicious) PE files in Base64 data[1]. Base64 is indeed a common way to distribute binary content in an ASCII form. There are plenty of...

View Article

Image may be NSFW.
Clik here to view.

Adversary hunting with SOF-ELK, (Sun, Jul 9th)

July 8, 2017, 10:51 pm

As we recently celebrated Independence Day in the U.S., Im reminded that we honor what was, of course, an armed conflict. Todays realities, when we think about conflict, are quite different than the...

View Article

ISC Stormcast For Monday, July 10th 2017...

July 9, 2017, 1:40 pm

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

View Article

ISC Stormcast For Tuesday, July 11th 2017...

July 10, 2017, 2:00 pm

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

View Article

Basic Office maldoc analysis, (Mon, Jul 10th)

July 10, 2017, 3:21 pm

Malicious Office documents come in all type of flavors, sometimes very simple: they contain just an embedded file (for example an EXE), without any script or exploit to automatically launch the...

View Article

ISC Stormcast For Wednesday, July 12th 2017...

July 11, 2017, 2:05 pm

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

View Article

July's Microsoft Patch Tuesday, (Tue, Jul 11th)

July 11, 2017, 5:18 pm

TodaysMicrosoft Patch Tuesdayfixes critical and important flaws that, if exploited, could give an attacker a range of possibilities - from privilege escalation to remote code execution (RCE) - on...

View Article

Backup Scripts, the FIM of the Poor, (Wed, Jul 12th)

July 12, 2017, 2:46 am

File Integrity Management or FIM is an interesting security control that can help to detect unusual changes in a file system. By example, on a server, they are directories that do not change often....

View Article