TShark Tip: Extracting Field Values From Capture Files, (Sat, Dec 25th)
TShark is WireShark's console program: it's like WireShark, but with a command-line interface in stead…
Year: 2021
Quicktip: TShark's Options -e and -T, (Sun, Dec 26th)
When you use TShark's option -e to display a field value, you need to include…
ISC Stormcast For Monday, December 27th, 2021 https://isc.sans.edu/podcastdetail.html?id=7810, (Mon, Dec 27th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Attackers are abusing MSBuild to evade defenses and implant Cobalt Strike beacons, (Mon, Dec 27th)
Microsoft Build Engine is the platform for building applications on Windows, mainly used in environments…
ISC Stormcast For Tuesday, December 28th, 2021 https://isc.sans.edu/podcastdetail.html?id=7812, (Tue, Dec 28th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
LotL Classifier tests for shells, exfil, and miners, (Tue, Dec 28th)
A supervised learning approach to Living off the Land attack classification from Adobe SI …
ISC Stormcast For Wednesday, December 29th, 2021 https://isc.sans.edu/podcastdetail.html?id=7814, (Wed, Dec 29th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Log4j 2 Security Vulnerabilities Update Guide, (Wed, Dec 29th)
As Apache Log4j 2 security vulnerabilities continue to surface, and are quickly addressed by the…
Agent Tesla Updates SMTP Data Exfiltration Technique, (Thu, Dec 30th)
Introduction Agent Tesla is a Windows-based keylogger and RAT that commonly uses SMTP or FTP…
ISC Stormcast For Thursday, December 30th, 2021 https://isc.sans.edu/podcastdetail.html?id=7816, (Thu, Dec 30th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.