-
ISC Stormcast For Wednesday, August 27th, 2025 https://isc.sans.edu/podcastdetail/9588, (Wed, Aug 27th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Getting a Better Handle on International Domain Names and Punycode, (Tue, Aug 26th)
International domain names (IDN) continue to be an interesting topic. For the most part, they are probably less of an issue than some people make them out to be, given that popular browsers like Google Chrome are pretty selective in displaying them. But on the other hand, they are still used legitimately or not, and…
-
ISC Stormcast For Tuesday, August 26th, 2025 https://isc.sans.edu/podcastdetail/9586, (Tue, Aug 26th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
ISC Stormcast For Monday, August 25th, 2025 https://isc.sans.edu/podcastdetail/9584, (Mon, Aug 25th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Reading Location Position Value in Microsoft Word Documents, (Mon, Aug 25th)
While studying for the GX-FE [1], I started exploring the “Position” value in the registry that helps to tell Microsoft Word where you “left off”. It’s a feature many people that use Word have seen on numerous occasions and is explored in FOR500: Windows Forensic Analysis [2]. Figure 1: Word pop-up offering to continue at…
-
The end of an era: Properly formated IP addresses in all of our data., (Sun, Aug 24th)
The Internet Storm Center and DShield websites are about 25 years old. Back in the day, I made some questionable decisions that I have never quite cleaned up later. One of these decisions was to use a “15 character 0-padded” format for IP addresses. This format padded each byte in the IP address with leading…
-
ISC Stormcast For Friday, August 22nd, 2025 https://isc.sans.edu/podcastdetail/9582, (Fri, Aug 22nd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Don’t Forget The “-n” Command Line Switch, (Thu, Aug 21st)
A lot of people like the command line, the CLI, the shell (name it as you want) because it provides a lot of powerful tools to perform investigations. The best example is probably parsing logs! Even if we have SIEM to ingest and process them, many people still fall back to the good old suite of…
-
ISC Stormcast For Thursday, August 21st, 2025 https://isc.sans.edu/podcastdetail/9580, (Thu, Aug 21st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Airtell Router Scans, and Mislabeled usernames, (Wed, Aug 20th)
Looking at new usernames collected by our Cowrie honeypots, you will first of all notice a number of HTTP headers. It is very common for attackers to scan for web servers on ports that are covered by our Telnet honeypots. The result is that HTTP request headers end up in our username and password database. …
