-
ISC Stormcast For Tuesday, April 15th, 2025 https://isc.sans.edu/podcastdetail/9408, (Tue, Apr 15th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
xorsearch.py: Searching With Regexes, (Mon, Apr 14th)
As promised in diary entry “XORsearch: Searching With Regexes“, I will outline another method to search with xorsearch and regexes. In stead of XORsearch.exe, the original tool that is written in C and compiled, we will use xorsearch.py, a new tool written in Python. Unlike XORsearch.exe, xorsearch.py supports YARA rules, and thus regex searches. Let’s…
-
ISC Stormcast For Monday, April 14th, 2025 https://isc.sans.edu/podcastdetail/9406, (Mon, Apr 14th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Exploit Attempts for Recent Langflow AI Vulnerability (CVE-2025-3248), (Sat, Apr 12th)
Two weeks ago, version 1.3.0 of Langflow was released. The release notes list many fixes but do not mention that one of the “Bug Fixes” addresses a major vulnerability. Instead, the release notes state, “auth current user on code validation.” [1] Its website states, “Langflow is a low-code tool for developers that makes it easier…
-
ISC Stormcast For Friday, April 11th, 2025 https://isc.sans.edu/podcastdetail/9404, (Fri, Apr 11th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
ISC Stormcast For Thursday, April 10th, 2025 https://isc.sans.edu/podcastdetail/9402, (Thu, Apr 10th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
![Network Infraxploit [Guest Diary], (Wed, Apr 9th)](/wp-content/uploads/2025/04/Matthew_Gorman_pic1-guOZ2Q.png)
Network Infraxploit [Guest Diary], (Wed, Apr 9th)
[This is a Guest Diary by Matthew Gorman, an ISC intern as part of the SANS.edu BACS program] Background I recently had the opportunity to get hands on with some Cisco networking devices. Due to being a network engineer prior to my current job as a network forensics analyst, I have a relatively solid understanding…
-
ISC Stormcast For Wednesday, April 9th, 2025 https://isc.sans.edu/podcastdetail/9400, (Wed, Apr 9th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Obfuscated Malicious Python Scripts with PyArmor, (Wed, Apr 9th)
Obfuscation is very important for many developers. They may protect their code for multiple reasons like copyright, anti-cheat (games), or to protect their code from being reused. If an obfuscated program does not mean automatically that it is malicious, it’s often a good sign. For malware developers, obfuscation helps bypass many static security controls and…
-
Microsoft April 2024 Patch Tuesday, (Tue, Apr 8th)
This month, Microsoft has released patches addressing a total of 125 vulnerabilities. Among these, 11 are classified as critical, highlighting the potential for significant impact if exploited. Notably, one vulnerability is currently being exploited in the wild, underscoring the importance of timely updates. While no vulnerabilities were disclosed prior to this patch release, the comprehensive…
