A couple years ago, in diary entry “Unprotecting Malicious Documents For Inspection” I explain how .xls spreadsheets are password protected (but not encrypted). And in follow-up diary entry “Maldocs: Protection Passwords”, I talk about an update to my oledump plugin…
Tag: SANS Internet Storm Center, InfoCON: green
Attacks against the “Nette” PHP framework CVE-2020-15227, (Fri, Jul 12th)
Today, I noticed some exploit attempts against an older vulnerability in the “Nette Framework”, CVE-2020-15227 [1]. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Attacks against the “Nette” PHP framework CVE-2020-15227, (Fri,…
ISC Stormcast For Friday, July 12th, 2024 https://isc.sans.edu/podcastdetail/9050, (Fri, Jul 12th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, July 12th, 2024…
Understanding SSH Honeypot Logs: Attackers Fingerprinting Honeypots, (Thu, Jul 11th)
Some of the commands observed can be confusing for a novice looking at ssh honeypot logs. Sure, you have some obvious commands like “uname -a” to fingerprint the kernel. However, other commands are less intuitive and are not commands a…
ISC Stormcast For Thursday, July 11th, 2024 https://isc.sans.edu/podcastdetail/9048, (Thu, Jul 11th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, July 11th, 2024…
Finding Honeypot Data Clusters Using DBSCAN: Part 1, (Wed, Jul 10th)
Sometimes data needs to be transformed or different tools need to be used so that it can be compared with other data. Some honeypot data is easy to compare since there is no customized information such as randomly generated file…
ISC Stormcast For Wednesday, July 10th, 2024 https://isc.sans.edu/podcastdetail/9046, (Wed, Jul 10th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, July 10th, 2024…
Microsoft Patch Tuesday July 2024, (Tue, Jul 9th)
Microsoft today released patches for 142 vulnerabilities. Only four of the vulnerabilities are rated as “critical”. There are two vulnerabilities that have already been discussed and two that have already been exploited. This article has been indexed from SANS Internet…
ISC Stormcast For Tuesday, July 9th, 2024 https://isc.sans.edu/podcastdetail/9044, (Tue, Jul 9th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, July 9th, 2024…
Kunai: Keep an Eye on your Linux Hosts Activity, (Mon, Jul 8th)
Microsoft has a very popular tool (part of the SysInternals) called Sysmon[1]. It is a system service and device driver designed to monitor and log system activity, including very useful events like process creations, network connections, DNS requests, file changes,…