Binary Breadcrumbs: Correlating Malware Samples with Honeypot Logs Using PowerShell [Guest Diary], (Wed, Nov 5th)
[This is a Guest Diary by David Hammond, an ISC intern as part of the SANS.edu BACS program] My...
Read More![Binary Breadcrumbs: Correlating Malware Samples with Honeypot Logs Using PowerShell [Guest Diary], (Wed, Nov 5th)](https://b923496.smushcdn.com/923496/wp-content/uploads/2025/11/David_Hammond_pic1.png?lossy=1&strip=1&webp=1)
Category: SANS ISC Bulletins
Updates to Domainname API, (Wed, Nov 5th)
For several years, we have offered a “new domain” list of recently registered (or, more accurately, recently discovered) domains. This list is offered via our API (https://isc.sans.edu/api). However, the size of the...
Read MoreApple Patches Everything, Again, (Tue, Nov 4th)
Apple released its expected set of operating system upgrades. This is a minor feature upgrade that also includes fixes for 110 different vulnerabilities. As usual for Apple, many of the vulnerabilities affect multiple operating...
Read More
XWiki SolrSearch Exploit Attempts (CVE-2025-24893) with link to Chicago Gangs/Rappers, (Mon, Nov 3rd)
XWiki describes itself as “The Advanced Open-Source Enterprise Wiki” and considers...
Read More
Scans for Port 8530/8531 (TCP). Likely related to WSUS Vulnerability CVE-2025-59287, (Sun, Nov 2nd)
Sensors reporting firewall logs detected a significant increase in scans for port 8530/TCP and...
Read More
X-Request-Purpose: Identifying “research” and bug bounty related scans?, (Thu, Oct 30th)
This week, I noticed some new HTTP request headers that I had not seen before: X-Request-Purpose:...
Read More
How to collect memory-only filesystems on Linux systems, (Wed, Oct 29th)
I’ve been doing Unix/Linux IR and Forensics for a long time. I logged into a Unix system for...
Read More
A phishing with invisible characters in the subject line, (Tue, Oct 28th)
While reviewing malicious messages that were delivered to our handler inbox over the past few...
Read More
Bytes over DNS, (Mon, Oct 27th)
I was intrigued when Johannes talked about malware that uses BASE64 over DNS to communicate. Take...
Read More
Kaitai Struct WebIDE, (Sun, Oct 26th)
When I have a binary file to analyze, I often use tools like 010 Editor or format-bytes.py (a tool...
Read More
Phishing Cloud Account for Information, (Thu, Oct 23rd)
Over the past two months, my outlook account has been receiving phishing email regarding cloud...
Read More
Infostealer Targeting Android Devices, (Thu, Oct 23rd)
Infostealers landscape exploded in 2024 and they remain a top threat today. If Windows remains a...
Read More
- 1
- ...
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
- 186
- 187
- 188
- 189
- 190
- ...
- 191