Exploring Uploads in a Dshield Honeypot Environment [Guest Diary], (Thu, Sep 18th)
[This is a Guest Diary by Nathan Smisson, an ISC intern as part of the SANS.edu BACS program] The...
Read More[This is a Guest Diary by Nathan Smisson, an ISC intern as part of the SANS.edu BACS program] The...
Read MoreWhen you’re debugging a malware sample, you probably run it into a debugger and define some breakpoints. The idea is to take over the program control before it will perform “interesting” actions. Usually, we set breakpoints on...
Read MoreThe recent (and still ongoing) phishing of NPM developer accounts showed yet again that even...
Read MoreToday, as expected, Apple released iOS/iPadOS/macOS/watchOS/tvOS 26. Going forward, Apple will adopt the same OS number across its different offerings, setting us up for a potential year 2100 issue. Notably, VisionOS was not...
Read MoreJohannes wrote a diary entry “Increasing Searches for ZIP Files” where he analyzed the increase of requests for ZIP files (like backup.zip, web.zip, …) for our web honeypots. I took a look at my logs, and...
Read MoreSince the last update [5], over the past few months I added several enhancements to DShield SIEM...
Read MoreAs part of its September patch Tuesday, Microsoft addressed 177 different vulnerabilities, 86 of which affect Microsoft products. None of the vulnerabilities has been exploited before today. Two of the vulnerabilities were...
Read MoreThis weekend, I noticed three related headers being used in requests to some of our honeypots for the first time [1]: Signature-Input Signature-Agent Signature These headers are related to a relatively new feature, HTTP Message...
Read MoreYARA is an excellent tool that most of you probably already know and use daily. If you...
Read MoreWhen I am thinking about the security of manufacturing environments, I am usually focusing on IoT devices integrated into production lines. All the little sensors and actuators are often very difficult to secure. On the other...
Read MoreWhat can almost 2,000 sextortion messages tell us about how threat actors operate and whether they...
Read MoreWireshark release 4.4.9 fixes 5 bugs. Didier Stevens Senior handler blog.DidierStevens.com (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States...
Read More