-
ISC Stormcast For Monday, April 28th, 2025 https://isc.sans.edu/podcastdetail/9426, (Mon, Apr 28th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
SRUM-DUMP Version 3: Uncovering Malware Activity in Forensics, (Sun, Apr 27th)
SRUM-DUMP Version 3: Uncovering Malware Activity in Forensics For digital forensics and incident response professionals, extracting precise evidence from Windows systems is critical to understanding and mitigating threats. I’m excited to introduce SRUM-DUMP Version 3, a powerful forensic tool I’ve developed to analyze the Windows System Resource Usage Monitor (SRUM) database. Available on GitHub at…
-
Steganography Analysis With pngdump.py, (Sat, Apr 26th)
I like it when a diary entry like “Example of a Payload Delivered Through Steganography” is published: it gives me an opportunity to test my tools, in particular pngdump.py, a tool to analyze PNG files. A PNG file consists of a header followed by chunks. pngdump.py shows this (sample c2219ddbd3456e3df0a8b10c7bbdf018da031d8ba5e9b71ede45618f50f2f4b6): The IHDR chunk gives us…
-
Example of a Payload Delivered Through Steganography, (Fri, Apr 25th)
In this diary, I’ll show you a practical example of how steganography is used to hide payloads (or other suspicious data) from security tools and Security Analysts’ eyes. Steganography can be defined like this: It is the art and science of concealing a secret message, file, or image within an ordinary-looking carrier—such as a digital…
-
ISC Stormcast For Friday, April 25th, 2025 https://isc.sans.edu/podcastdetail/9424, (Fri, Apr 25th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Attacks against Teltonika Networks SMS Gateways, (Thu, Apr 24th)
Ever wonder where all the SMS spam comes from? If you are trying to send SMS “at scale,” there are a few options: You could sign up for a messaging provider like Twilio, the AWS SNS service, or several similar services. These services offer easily scriptable and affordable ways to send SMS messages. We have…
-
ISC Stormcast For Thursday, April 24th, 2025 https://isc.sans.edu/podcastdetail/9422, (Thu, Apr 24th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
ISC Stormcast For Wednesday, April 23rd, 2025 https://isc.sans.edu/podcastdetail/9420, (Wed, Apr 23rd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Honeypot Iptables Maintenance and DShield-SIEM Logging, (Wed, Apr 23rd)
In the last week I ran into some issues that I hadn’t anticipated: Residential IP changed, some honeypots inacessible remotely Rebuilit DShield-SIEM [1], Zeek logs not displaying Be mindful of network interface labels First, an IP address changing for a residential network is not uncommon. Some ISPs may regularly change IP addresses for homes…
-
xorsearch.py: “Ad Hoc YARA Rules”, (Tue, Apr 22nd)
In diary entry “xorsearch.py: Searching With Regexes” I showed how one can let xorsearch.py generate a YARA rule with a given regular expression. This is a feature in many of my tools that support YARA, and I call it “Ad Hoc Yara Rules“: rules that are created on the spot with your input. Here is…
