-
Catching CARP: Fishing for Firewall States in PFSync Traffic, (Wed, Jan 22nd)
Legend has it that in the Middle Ages, monchs raised carp to be as “round” as possible. The reason was that during Lent, one could only eat as much as fit on a plate, and the round shape of a carp gave them the most “fish per plate”. But we are not here to exchange…
-
ISC Stormcast For Wednesday, January 22nd, 2025 https://isc.sans.edu/podcastdetail/9290, (Wed, Jan 22nd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Geolocation and Starlink, (Tue, Jan 21st)
Until now, satellite internet access has been more of a niche solution for internet access. But with the wide availability of Starlink, this is changing. Starlink’s performance and price are competitive for many rural users to forgo solutions like cellular or slower DSL speeds if they are available at all. Starlink offers a substantially different…
-
ISC Stormcast For Tuesday, January 21st, 2025 https://isc.sans.edu/podcastdetail/9288, (Tue, Jan 21st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Partial ZIP File Downloads, (Mon, Jan 20th)
Say you want a file that is inside a huge online ZIP file (several gigabytes large). Downloading the complete ZIP file would take too long. If the HTTP server supports the range header, you can do the following: We will work with my DidierStevensSuite.zip file as an example (it’s 13MB in size, not several GBs,…
-
ISC Stormcast For Monday, January 20th, 2025 https://isc.sans.edu/podcastdetail/9286, (Mon, Jan 20th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Zero Trust and Entra ID Conditional Access, (Sun, Jan 19th)
Microsoft Entra ID (Formerly Azure AD) Conditional Access (CA) policies are the key components to a Zero Trust strategy, as it provides the ability to function as the front door for users and devices. CA policies use attributes, or signals, of various components as variables to be used to enforce specific access controls. Attributes include…
-
New tool: immutable.py, (Sat, Jan 18th)
When performing triage on a Linux system you suspect might be compromised, there are many aspects of the system that you may want to look at. In SANS FOR577, we talk about some existing tools and even writing your own bash script to collect triage data. In a case I worked a year or so…
-
![Leveraging Honeypot Data for Offensive Security Operations [Guest Diary], (Fri, Jan 17th)](/wp-content/uploads/2025/01/Alex_Sanders_pic1-YPqzan.png)
Leveraging Honeypot Data for Offensive Security Operations [Guest Diary], (Fri, Jan 17th)
[This is a Guest Diary by Alex Sanders, an ISC intern as part of the SANS.edu BACS program] Introduction As an offensive security professional, it is often part of my job to stand up infrastructure that is intentionally malicious and must be exposed to the internet. Examples of this could include Evilginx, Cobalt Strike, or…
-
ISC Stormcast For Friday, January 17th, 2025 https://isc.sans.edu/podcastdetail/9284, (Fri, Jan 17th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
