It is about a week since the release of the four CUPS remote code execution vulnerabilities. After the vulnerabilities became known, I configured one of our honeypots that watches a larger set of IPs to specifically collect UDP...
Read MoreLast week, I posted a diary about suspicious Python modules. One of them was Firebase [1], the cloud service provided by Google[2]. Firebase services abused by attackers is not new, usually, it’s used to host malicious files...
Read More
A few months ago, I wrote a diary[1] about a Python script that replaced the Exodus[2] Wallet app...
Read More
Since posting a diary about Vega-Lite [1], I have “played” with other queries that...
Read More[This is a Guest Diary by Joshua Tyrrell, an ISC intern as part of the SANS.edu BACS program] Managing the Attack Surface You’ve begun the journey of reviewing your IT infrastructure and attempting to figure out how to protect...
Read More
I like to enrich my honeypot data from a variety of sources to help understand a bit more about...
Read MoreIt has been a while since I started to track how Python is used in the Windows eco-system[1]. Almost every day I find new pieces of malicious Python scripts. The programming language itself is not malicious. There are plenty of...
Read More
While trying to process some of my honeypot data, I ran into the following error in my Python...
Read More
For a whille now, I have seen scans that contain the pattern “%%target%%” in the URL....
Read More![Mapping Threats with DNSTwist and the Internet Storm Center [Guest Diary], (Tue, Aug 20th)](https://b923496.smushcdn.com/923496/wp-content/uploads/2024/08/Michael_Tigges_Picture1-627x376.png?lossy=1&strip=1&webp=1)
[This is a Guest Diary by Michael Tigges, an ISC intern as part of the SANS.edu BACS program] On...
Read MoreI recorded a quick live stream with a quick update on CVE-2024-38063. The video focuses on determining the exploitability, particularly whether your systems are reachable by IPv6. After recording this video, Stephen Sims pointed...
Read More
I found a tiny .bat file that looked not suspicious at all: 3650.bat...
Read More