-
Honeypot Iptables Maintenance and DShield-SIEM Logging, (Wed, Apr 23rd)
In the last week I ran into some issues that I hadn’t anticipated: Residential IP changed, some honeypots inacessible remotely Rebuilit DShield-SIEM [1], Zeek logs not displaying Be mindful of network interface labels First, an IP address changing for a residential network is not uncommon. Some ISPs may regularly change IP addresses for homes…
-
xorsearch.py: “Ad Hoc YARA Rules”, (Tue, Apr 22nd)
In diary entry “xorsearch.py: Searching With Regexes” I showed how one can let xorsearch.py generate a YARA rule with a given regular expression. This is a feature in many of my tools that support YARA, and I call it “Ad Hoc Yara Rules“: rules that are created on the spot with your input. Here is…
-
ISC Stormcast For Tuesday, April 22nd, 2025 https://isc.sans.edu/podcastdetail/9418, (Tue, Apr 22nd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
It’s 2025… so why are obviously malicious advertising URLs still going strong?, (Mon, Apr 21st)
While the old adage stating that “the human factor is the weakest link in the cyber security chain” will undoubtedly stay relevant in the near (and possibly far) future, the truth is that the tech industry could – and should – help alleviate the problem significantly more than it does today. One clear example of…
-
ISC Stormcast For Monday, April 21st, 2025 https://isc.sans.edu/podcastdetail/9416, (Mon, Apr 21st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Wireshark 4.4.6 Released, (Sun, Apr 20th)
Wireshark release 4.4.6 fixes 14 bugs. Didier Stevens Senior handler blog.DidierStevens.com (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
ISC Stormcast For Friday, April 18th, 2025 https://isc.sans.edu/podcastdetail/9414, (Fri, Apr 18th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
ISC Stormcast For Thursday, April 17th, 2025 https://isc.sans.edu/podcastdetail/9412, (Thu, Apr 17th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
![RedTail, Remnux and Malware Management [Guest Diary], (Wed, Apr 16th)](/wp-content/uploads/2025/04/Jacob_Claycamp_Picture1-b8Nxcm.png)
RedTail, Remnux and Malware Management [Guest Diary], (Wed, Apr 16th)
[This is a Guest Diary by Jacob Claycamp, an ISC intern as part of the SANS.edu BACS program] Introduction When I first saw malware being uploaded to my honeypot, I was lacking the requisite experience to reverse engineer it, and to understand what was happening with the code. Even though I could use any text…
-
Apple Patches Exploited Vulnerability, (Wed, Apr 16th)
Today, Apple patched two vulnerabilities that had already been exploited. The vulnerabilities were exploited against iOS but also exist in macOS, tvOS, and visionOS. Apple released updates for all affected operating systems. iOS 18.4.1 and iPadOS 18.4.1 macOS Sequoia 15.4.1 tvOS 18.4.1 visionOS 2.4.1 CVE-2025-31200: Processing an audio stream in a maliciously crafted…
