CSAM Month of False Positives: Appropriately Weighting False and True...
This is a guest diary submitted by Chris Sanders. We will gladly forward any responses or please use our comment/forum section to comment publicly.">">If you work with any type of IDS, IPS, or...
View ArticleISC StormCast for Monday, November 3rd 2014...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View Articlejustniffer a Packet Analysis Tool, (Mon, Nov 3rd)
Are you looking for another packet sniffer? justniffer is a packet sniffer with some interesting features. According to the author, this packet sniffer can rebuild and save HTTP file content sent over...
View ArticleWhois someone else?, (Tue, Nov 4th)
A couple of weeks ago, I already covered the situation where a cloud IP address gets re-assigned, and the new owner still sees some of your traffic. Recently, one of our clients had the opposite...
View Article20$ is 999999 Euro, (Tue, Nov 4th)
Newcastle (UK) University researchers claim to have found an exploit for the contactless payment feature of Visa cards. One of the fraud prevention features of these cards is that only small amounts...
View ArticleISC StormCast for Tuesday, November 4th 2014...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleTool Tip: vFeed, (Wed, Nov 5th)
I have had a number of occasions lately to use or talk about vFeed from Toolswatch.org (@toolwatch). NJ a useful Python CLI tool that pulls CVEs and other Mitre datasets. From the vFeed Github repo:...
View ArticleISC StormCast for Wednesday, November 5th 2014...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleNovember's Issue of the OUCH Newsletter is available, covering Social...
-- Alex Stanford - GIAC GWEB GSEC, Research Operations Manager, SANS Internet Storm Center (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United...
View ArticleISC StormCast for Thursday, November 6th 2014...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleCrypto 101 - free book resource, (Thu, Nov 6th)
Regular reader and contributor Gebhard sent us a pointer to Crypto 101, an introductory course on cryptography, freely available for programmers of all ages and skill levels byLaurens Van Houtven (lvh)...
View ArticleISC StormCast for Friday, November 7th 2014...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleGuest Diary: Didier Stevens - Shellcode Detection with XORSearch, (Fri, Nov 7th)
[Guest Diary: Didier Stevens] [Shellcode Detection with XORSearch] Frank Boldewin (http://www.reconstructer.org/) developed a shellcode detection method to find shellcode in Microsoft Office files,...
View ArticleBad Assumptions in Security, (Sat, Nov 8th)
In almost every project I have ever worked the scope is defined as part of the scope/schedule/budget of the project (as it should be), and we have to work within that scope. In most cases that scope is...
View ArticleISC StormCast for Monday, November 10th 2014...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleLessons Learn from attacks on Kippo honeypots, (Mon, Nov 10th)
A number of my fellow Handlers have discussed Kippo [1], a SSH honeypot that can record adversarial behaviour, be it human or machine. Normal behaviour against my set of Kippo honeypots is randomly...
View ArticleISC StormCast for Tuesday, November 11th 2014...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleImportant EMET 5.1 Update. Apply before Patches today, (Tue, Nov 11th)
Microsoft yesterday release EMET 5.1 . One particular sentence in Microsofts blog post suggests that you should apply this update (if you are using EMET) BEFORE you apply the Interent Explorer patch...
View ArticleMicrosoft November 2014 Patch Tuesday, (Tue, Nov 11th)
Important: Please note that Microsoft released EMET 5.1 yesterday to address conflicts between EMET5.0 / IE 11 and the patches released here (likely MS14-065) We are aware that bulletin numbers are...
View ArticleAdobe Flash Update, (Tue, Nov 11th)
Adobe today released a patch for Flash/Adobe Air which fixes 18 different vulnerabilities [1]. The Flash update is rated with a priority of 1 for Windows and OS X, indicating that limited exploitation...
View Article