Reading Location Position Value in Microsoft Word Documents, (Mon, Aug 25th)
While studying for the GX-FE [1], I started exploring the “Position” value in the...
Read More
Category: SANS ISC Bulletins
The end of an era: Properly formated IP addresses in all of our data., (Sun, Aug 24th)
The Internet Storm Center and DShield websites are about 25 years old. Back in the day, I made some questionable decisions that I have never quite cleaned up later. One of these decisions was to use a “15 character...
Read MoreDon’t Forget The “-n” Command Line Switch, (Thu, Aug 21st)
A lot of people like the command line, the CLI, the shell (name it as you want) because it provides a lot of powerful tools to perform investigations. The best example is probably parsing logs! Even if we have SIEM to ingest and...
Read MoreAirtell Router Scans, and Mislabeled usernames, (Wed, Aug 20th)
Looking at new usernames collected by our Cowrie honeypots, you will first of all notice a number of HTTP headers. It is very common for attackers to scan for web servers on ports that are covered by our Telnet honeypots. The...
Read More
Increased Elasticsearch Recognizance Scans, (Tue, Aug 19th)
I noticed an increase in scans that appear to try to identify Elasticsearch instances....
Read MoreKeeping an Eye on MFA-Bombing Attacks, (Mon, Aug 18th)
I recently woke up (as one does each day, hopefully) and saw a few Microsoft MFA prompts had pinged me overnight. Since I had just awakened, I just deleted them, then two minutes later clued in – this means that one of my...
Read More
SNI5GECT: Sniffing and Injecting 5G Traffic Without Rogue Base Stations, (Thu, Aug 14th)
As the world gradually adopts and transitions to using 5G for mobile, operational technology (OT),...
Read More![AI and Faster Attack Analysis [Guest Diary], (Wed, Aug 13th)](https://b923496.smushcdn.com/923496/wp-content/uploads/2025/08/Joseph_Noa_Picture1.png?lossy=1&strip=1&webp=1)
AI and Faster Attack Analysis [Guest Diary], (Wed, Aug 13th)
[This is a Guest Diary by Joseph Noa, an ISC intern as part of the SANS.edu BACS program]...
Read More
CVE-2017-11882 Will Never Die, (Wed, Aug 13th)
One of the key messages broadcasted by security professionals is: “Patch, patch and patch...
Read MoreMicrosoft August 2025 Patch Tuesday, (Tue, Aug 12th)
This month’s Microsoft patch update addresses a total of 111 vulnerabilities, with 17 classified as critical. Among these, one vulnerability was disclosed prior to the patch release, marking it as a zero-day. While none of...
Read More
Google Paid Ads for Fake Tesla Websites, (Sun, Aug 10th)
In recent media events, Tesla has demoed progressively more sophisticated versions of its Optimus...
Read MoreLegacy May Kill, (Sun, Aug 3rd)
Just saw something that I thought was long gone. The username “pop3user” is showing up in our telnet/ssh logs. I don’t know how long ago it was that I used POP3 to retrieve e-mail from one of my mail servers....
Read More
- 1
- ...
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
- 186
- ...
- 187