-
New tool: immutable.py, (Sat, Jan 18th)
When performing triage on a Linux system you suspect might be compromised, there are many aspects of the system that you may want to look at. In SANS FOR577, we talk about some existing tools and even writing your own bash script to collect triage data. In a case I worked a year or so…
-
![Leveraging Honeypot Data for Offensive Security Operations [Guest Diary], (Fri, Jan 17th)](/wp-content/uploads/2025/01/Alex_Sanders_pic1-YPqzan.png)
Leveraging Honeypot Data for Offensive Security Operations [Guest Diary], (Fri, Jan 17th)
[This is a Guest Diary by Alex Sanders, an ISC intern as part of the SANS.edu BACS program] Introduction As an offensive security professional, it is often part of my job to stand up infrastructure that is intentionally malicious and must be exposed to the internet. Examples of this could include Evilginx, Cobalt Strike, or…
-
ISC Stormcast For Friday, January 17th, 2025 https://isc.sans.edu/podcastdetail/9284, (Fri, Jan 17th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Extracting Practical Observations from Impractical Datasets, (Thu, Jan 16th)
[This is a Guest Diary by Curtis Dibble, an ISC intern as part of the SANS.edu BACS [1] program] Figure 1: A heatmap showing the date and frequency a given set of commands input to the honeypot Spoiler alert, sugar costs money, and syntactic sugar is the most expensive type. Fortunately, we live in an era…
-
Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications
Note: The CVEs in this advisory are unrelated to vulnerabilities (CVE-2025-0282 and CVE-2025-0283) in Ivanti’s Connect Secure, Policy Secure and ZTA Gateways. For more information on mitigating CVE -2025-0282 and CVE-2025-0283, see Ivanti Releases Security Updates for Connect Secure, Policy Secure, and ZTA Gateways. Summary The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of…
-
Cybersafe NV Press Release – 9.25.2013
