A quick look at sextortion at scale: 1,900 messages and 205 Bitcoin addresses spanning four years, (Tue, Sep 2nd)
What can almost 2,000 sextortion messages tell us about how threat actors operate and whether they...
Read MoreWhat can almost 2,000 sextortion messages tell us about how threat actors operate and whether they...
Read MoreWireshark release 4.4.9 fixes 5 bugs. Didier Stevens Senior handler blog.DidierStevens.com (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States...
Read MoreA user reported a bug in pdf-parser: when dumping all filtered streams, an error would occur: The...
Read MoreI noticed recently that we have more and more requests for ZIP files in our web honeypot logs....
Read MoreIn most attack scenarios, attackers have to perform a crucial operation: to load a shellcode in...
Read MoreInternational domain names (IDN) continue to be an interesting topic. For the most part, they are probably less of an issue than some people make them out to be, given that popular browsers like Google Chrome are pretty...
Read MoreWhile studying for the GX-FE [1], I started exploring the “Position” value in the...
Read MoreThe Internet Storm Center and DShield websites are about 25 years old. Back in the day, I made some questionable decisions that I have never quite cleaned up later. One of these decisions was to use a “15 character...
Read MoreA lot of people like the command line, the CLI, the shell (name it as you want) because it provides a lot of powerful tools to perform investigations. The best example is probably parsing logs! Even if we have SIEM to ingest and...
Read MoreLooking at new usernames collected by our Cowrie honeypots, you will first of all notice a number of HTTP headers. It is very common for attackers to scan for web servers on ports that are covered by our Telnet honeypots. The...
Read MoreI noticed an increase in scans that appear to try to identify Elasticsearch instances....
Read MoreI recently woke up (as one does each day, hopefully) and saw a few Microsoft MFA prompts had pinged me overnight. Since I had just awakened, I just deleted them, then two minutes later clued in – this means that one of my...
Read More