[Guest Diary] Building Better Defenses: RedTail Observations from a Honeypot, (Thu, Oct 9th)
[This is a Guest Diary by Jin Quan Low, an ISC intern as part of the SANS.edu Bachelor’s...
Read More[This is a Guest Diary by Jin Quan Low, an ISC intern as part of the SANS.edu Bachelor’s...
Read MoreToday, I spoted on VirusTotal an interesting Python RAT. They are tons of them but this one attracted my attention based on some function names present in the code: self_modifying_wrapper(), decrypt_and_execute()...
Read MoreFreePBX is a popular PBX system built around the open source VoIP system Asterisk. To manage Asterisk more easily, it provides a capable web-based admin interface. Sadly, like so many web applications, it has had its share of...
Read MoreThis weekend, Oracle published a surprise security bulletin announcing an exploited vulnerability in Oracle E-Business Suite. As part of the announcement, which also included a patch, Oracle published IoC observed as part of the...
Read MoreI have been writing about the “.well-known” directory a few times before. Recently,...
Read More[This is a Guest Diary by Draden Barwick, an ISC intern as part of the SANS.edu Bachelor’s...
Read MoreOne of the common infosec jokes is that sometimes, you do not need to “break” an application, but you have to log in. This is often the case for weak default passwords, which are common in IoT devices. However, an...
Read MoreIt is typical for Apple to release a “.0.1” update soon after releasing a major new operating system. These updates typically fix various functional issues, but this time, they also fix a security vulnerability. The...
Read MoreWe are all aware of the abysmal state of security appliances, no matter their price tag. Ever so often, we see an increase in attacks against some of these vulnerabilities, trying to mop up systems missed in earlier exploit...
Read MoreIn SANS FOR577[1], we talk about timelines on day 5, both filesystem and super-timelines. but...
Read MoreEver so often, I see requests for files in .well-known recorded by our honeypots. As an example:...
Read MoreI notice a new URL showing up in our web honeypot logs, which looked a bit interesting:...
Read More