-
![[Guest Diary] How Access Brokers Maintain Persistence, (Fri, Jan 24th)](/wp-content/uploads/2025/01/2025-01-24_figure1-HVgyvn.png)
[Guest Diary] How Access Brokers Maintain Persistence, (Fri, Jan 24th)
[This is a Guest Diary by Joseph Flint, an ISC intern as part of the SANS.edu BACS [1] program] Access brokers are groups referred to that obtain initial access in compromised environments, establish persistence through different methods, and sell this access to secondary bad actor groups who contribute to follow up attacks. CrowdStrike wrote an…
-
ISC Stormcast For Friday, January 24th, 2025 https://isc.sans.edu/podcastdetail/9294, (Fri, Jan 24th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
XSS Attempts via E-Mail, (Thu, Jan 23rd)
One of the hardest applications to create securely is webmail. E-mail is a complex standard, and almost all e-mail sent today uses HTML. Displaying complex HTML received in an e-mail within a web application is dangerous and often leads to XSS vulnerabilities. Typical solutions include the use of iframe sandboxes and HTML sanitizers. But still,…
-
ISC Stormcast For Thursday, January 23rd, 2025 https://isc.sans.edu/podcastdetail/9292, (Wed, Jan 22nd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Catching CARP: Fishing for Firewall States in PFSync Traffic, (Wed, Jan 22nd)
Legend has it that in the Middle Ages, monchs raised carp to be as “round” as possible. The reason was that during Lent, one could only eat as much as fit on a plate, and the round shape of a carp gave them the most “fish per plate”. But we are not here to exchange…
-
ISC Stormcast For Wednesday, January 22nd, 2025 https://isc.sans.edu/podcastdetail/9290, (Wed, Jan 22nd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Geolocation and Starlink, (Tue, Jan 21st)
Until now, satellite internet access has been more of a niche solution for internet access. But with the wide availability of Starlink, this is changing. Starlink’s performance and price are competitive for many rural users to forgo solutions like cellular or slower DSL speeds if they are available at all. Starlink offers a substantially different…
-
ISC Stormcast For Tuesday, January 21st, 2025 https://isc.sans.edu/podcastdetail/9288, (Tue, Jan 21st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Partial ZIP File Downloads, (Mon, Jan 20th)
Say you want a file that is inside a huge online ZIP file (several gigabytes large). Downloading the complete ZIP file would take too long. If the HTTP server supports the range header, you can do the following: We will work with my DidierStevensSuite.zip file as an example (it’s 13MB in size, not several GBs,…
-
ISC Stormcast For Monday, January 20th, 2025 https://isc.sans.edu/podcastdetail/9286, (Mon, Jan 20th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
