[This is a Guest Diary by Michael Gallant, an ISC intern as part of the SANS.edu BACS program] This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Who You Gonna Call? AndroxGh0st Busters!…
Category: SANS Internet Storm Center, InfoCON: green
“Reply-chain phishing” with a twist, (Tue, Jul 16th)
Few weeks ago, I was asked by a customer to take a look at a phishing message which contained a link that one of their employees clicked on. The concern was whether the linked-to site was only a generic credential…
ISC Stormcast For Tuesday, July 16th, 2024 https://isc.sans.edu/podcastdetail/9054, (Tue, Jul 16th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, July 16th, 2024…
Protected OOXML Spreadsheets, (Mon, Jul 15th)
I was asked a question about the protection of an .xlsm spreadsheet. I've written before on the protection of .xls spreadsheets, for example in diary entries “Unprotecting Malicious Documents For Inspection” and “16-bit Hash Collisions in .xls Spreadsheets”; and blog…
ISC Stormcast For Monday, July 15th, 2024 https://isc.sans.edu/podcastdetail/9052, (Mon, Jul 15th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, July 15th, 2024…
Wireshark 4.2.6 Released, (Sun, Jul 14th)
Wireshark release 4.2.6 fixes 1 vulnerability (SPRT parser crash) and 10 bugs. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Wireshark 4.2.6 Released, (Sun, Jul 14th)
16-bit Hash Collisions in .xls Spreadsheets, (Sat, Jul 13th)
A couple years ago, in diary entry “Unprotecting Malicious Documents For Inspection” I explain how .xls spreadsheets are password protected (but not encrypted). And in follow-up diary entry “Maldocs: Protection Passwords”, I talk about an update to my oledump plugin…
Attacks against the “Nette” PHP framework CVE-2020-15227, (Fri, Jul 12th)
Today, I noticed some exploit attempts against an older vulnerability in the “Nette Framework”, CVE-2020-15227 [1]. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Attacks against the “Nette” PHP framework CVE-2020-15227, (Fri,…
ISC Stormcast For Friday, July 12th, 2024 https://isc.sans.edu/podcastdetail/9050, (Fri, Jul 12th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, July 12th, 2024…
Understanding SSH Honeypot Logs: Attackers Fingerprinting Honeypots, (Thu, Jul 11th)
Some of the commands observed can be confusing for a novice looking at ssh honeypot logs. Sure, you have some obvious commands like “uname -a” to fingerprint the kernel. However, other commands are less intuitive and are not commands a…