[Guest Diary] Building Better Defenses: RedTail Observations from a Honeypot, (Thu, Oct 9th)
[This is a Guest Diary by Jin Quan Low, an ISC intern as part of the SANS.edu Bachelor’s...
Read More![[Guest Diary] Building Better Defenses: RedTail Observations from a Honeypot, (Thu, Oct 9th)](https://b923496.smushcdn.com/923496/wp-content/uploads/2025/10/2025-10-09_figure1-627x219.png?lossy=1&strip=1&webp=1)
Category: SANS ISC Bulletins
Polymorphic Python Malware, (Wed, Oct 8th)
Today, I spoted on VirusTotal an interesting Python RAT. They are tons of them but this one attracted my attention based on some function names present in the code: self_modifying_wrapper(), decrypt_and_execute()...
Read MoreExploit Against FreePBX (CVE-2025-57819) with code execution., (Tue, Oct 7th)
FreePBX is a popular PBX system built around the open source VoIP system Asterisk. To manage Asterisk more easily, it provides a capable web-based admin interface. Sadly, like so many web applications, it has had its share of...
Read MoreQuick and Dirty Analysis of Possible Oracle E-Business Suite Exploit Script (CVE-2025-61882), (Mon, Oct 6th)
This weekend, Oracle published a surprise security bulletin announcing an exploited vulnerability in Oracle E-Business Suite. As part of the announcement, which also included a patch, Oracle published IoC observed as part of the...
Read More
More .well-known Scans, (Thu, Oct 2nd)
I have been writing about the “.well-known” directory a few times before. Recently,...
Read More![[Guest Diary] Comparing Honeypot Passwords with HIBP, (Wed, Oct 1st)](https://b923496.smushcdn.com/923496/wp-content/uploads/2025/09/2025-10-01_figure1-627x303.png?lossy=1&strip=1&webp=1)
[Guest Diary] Comparing Honeypot Passwords with HIBP, (Wed, Oct 1st)
[This is a Guest Diary by Draden Barwick, an ISC intern as part of the SANS.edu Bachelor’s...
Read More“user=admin”. Sometimes you don’t even need to log in., (Tue, Sep 30th)
One of the common infosec jokes is that sometimes, you do not need to “break” an application, but you have to log in. This is often the case for weak default passwords, which are common in IoT devices. However, an...
Read MoreApple Patches Single Vulnerability CVE-2025-43400, (Mon, Sep 29th)
It is typical for Apple to release a “.0.1” update soon after releasing a major new operating system. These updates typically fix various functional issues, but this time, they also fix a security vulnerability. The...
Read MoreIncrease in Scans for Palo Alto Global Protect Vulnerability (CVE-2024-3400), (Mon, Sep 29th)
We are all aware of the abysmal state of security appliances, no matter their price tag. Ever so often, we see an increase in attacks against some of these vulnerabilities, trying to mop up systems missed in earlier exploit...
Read More
New tool: convert-ts-bash-history.py, (Fri, Sep 26th)
In SANS FOR577[1], we talk about timelines on day 5, both filesystem and super-timelines. but...
Read More
Webshells Hiding in .well-known Places, (Thu, Sep 25th)
Ever so often, I see requests for files in .well-known recorded by our honeypots. As an example:...
Read More
Exploit Attempts Against Older Hikvision Camera Vulnerability, (Wed, Sep 24th)
I notice a new URL showing up in our web honeypot logs, which looked a bit interesting:...
Read More
- 1
- ...
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
- 186
- 187
- 188
- ...
- 189