There is a common technique used by attackers: They append some data at the end of files (this is called an overlay). This can be used for two main reasons: To hide the appended data from the operating system (steganography).…
Tag: SANS Internet Storm Center, InfoCON: green
ISC Stormcast For Monday, September 16th, 2024 https://isc.sans.edu/podcastdetail/9138, (Mon, Sep 16th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, September 16th, 2024…
YARA-X’s Dump Command, (Sun, Sep 15th)
YARA-X is not just a rewrite of YARA in Rust, it comes with new features too. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: YARA-X’s Dump Command, (Sun, Sep 15th)
YARA 4.5.2 Release, (Sat, Sep 14th)
YARA 4.5.2 was released with 3 small changes and 4 bugfixes. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: YARA 4.5.2 Release, (Sat, Sep 14th)
Finding Honeypot Data Clusters Using DBSCAN: Part 2, (Fri, Sep 13th)
In an earlier diary [1], I reviewed how using tools like DBSCAN [2] can be useful to group similar data. I used DBSCAN to try and group similar commands submitted to Cowrie [3] and URL paths submitted to the DShield…
Finding Honeypot Data Clusters Using DBSCAN: Part 2, (Fri, Aug 23rd)
In an earlier diary [1], I reviewed how using tools like DBSCAN [2] can be useful to group similar data. I used DBSCAN to try and group similar commands submitted to Cowrie [3] and URL paths submitted to the DShield…
ISC Stormcast For Friday, September 13th, 2024 https://isc.sans.edu/podcastdetail/9136, (Fri, Sep 13th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, September 13th, 2024…
Hygiene, Hygiene, Hygiene! [Guest Diary], (Wed, Sep 11th)
[This is a Guest Diary by Paul Olson, an ISC intern as part of the SANS.edu BACS program] This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Hygiene, Hygiene, Hygiene! [Guest Diary], (Wed,…
Python Libraries Used for Malicious Purposes, (Wed, Sep 11th)
Since I'm interested in malicious Python scripts, I found multiple samples that rely on existing libraries. The most-known repository is probably pypi.org[1] that reports, as of today, 567,478 projects! Malware developers are like regular developers: They don't want to reinvent…
ISC Stormcast For Wednesday, September 11th, 2024 https://isc.sans.edu/podcastdetail/9134, (Wed, Sep 11th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, September 11th, 2024…