DShield SIEM Docker Updates, (Wed, Sep 10th)
Since the last update [5], over the past few months I added several enhancements to DShield SIEM...
Read More
Tag: SANS
Microsoft Patch Tuesday September 2025, (Tue, Sep 9th)
As part of its September patch Tuesday, Microsoft addressed 177 different vulnerabilities, 86 of which affect Microsoft products. None of the vulnerabilities has been exploited before today. Two of the vulnerabilities were...
Read MoreHTTP Request Signatures, (Mon, Sep 8th)
This weekend, I noticed three related headers being used in requests to some of our honeypots for the first time [1]: Signature-Input Signature-Agent Signature These headers are related to a relatively new feature, HTTP Message...
Read More
From YARA Offsets to Virtual Addresses, (Fri, Sep 5th)
YARA is an excellent tool that most of you probably already know and use daily. If you...
Read MoreExploit Attempts for Dassault DELMIA Apriso. CVE-2025-5086, (Wed, Sep 3rd)
When I am thinking about the security of manufacturing environments, I am usually focusing on IoT devices integrated into production lines. All the little sensors and actuators are often very difficult to secure. On the other...
Read More
A quick look at sextortion at scale: 1,900 messages and 205 Bitcoin addresses spanning four years, (Tue, Sep 2nd)
What can almost 2,000 sextortion messages tell us about how threat actors operate and whether they...
Read MoreWireshark 4.4.9 Released, (Sun, Aug 31st)
Wireshark release 4.4.9 fixes 5 bugs. Didier Stevens Senior handler blog.DidierStevens.com (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States...
Read More
pdf-parser: All Streams, (Sun, Aug 31st)
A user reported a bug in pdf-parser: when dumping all filtered streams, an error would occur: The...
Read More
Increasing Searches for ZIP Files, (Thu, Aug 28th)
I noticed recently that we have more and more requests for ZIP files in our web honeypot logs....
Read More
Interesting Technique to Launch a Shellcode, (Wed, Aug 27th)
In most attack scenarios, attackers have to perform a crucial operation: to load a shellcode in...
Read MoreGetting a Better Handle on International Domain Names and Punycode, (Tue, Aug 26th)
International domain names (IDN) continue to be an interesting topic. For the most part, they are probably less of an issue than some people make them out to be, given that popular browsers like Google Chrome are pretty...
Read More
Reading Location Position Value in Microsoft Word Documents, (Mon, Aug 25th)
While studying for the GX-FE [1], I started exploring the “Position” value in the...
Read More
- 1
- ...
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
- 186
- 187
- ...
- 188