-
Extracting Practical Observations from Impractical Datasets, (Thu, Jan 16th)
[This is a Guest Diary by Curtis Dibble, an ISC intern as part of the SANS.edu BACS [1] program] Figure 1: A heatmap showing the date and frequency a given set of commands input to the honeypot Spoiler alert, sugar costs money, and syntactic sugar is the most expensive type. Fortunately, we live in an era…
-
The Curious Case of a 12-Year-Old Netgear Router Vulnerability, (Wed, Jan 15th)
-
Microsoft January 2025 Patch Tuesday, (Tue, Jan 14th)
This month’s Microsoft patch update addresses a total of 209 vulnerabilities, including 12 classified as critical. Among these, 3 vulnerabilities have been actively exploited in the wild, and 5 have been disclosed prior to the patch release, marking them as zero-days. The updates span various components, with significant attention required for vulnerabilities that could lead to…
-
ISC Stormcast For Tuesday, January 14th, 2025 https://isc.sans.edu/podcastdetail/9278, (Mon, Jan 13th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Hikvision Password Reset Brute Forcing, (Mon, Jan 13th)
One common pattern in password resets is sending a one-time password to the user to enable them to reset their password. The flow usually looks like: User Requests a password reset The user enters an e-mail address or phone number that is already registered with the application The application may ask for a password reset…
-
ISC Stormcast For Monday, January 13th, 2025 https://isc.sans.edu/podcastdetail/9276, (Mon, Jan 13th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Multi-OLE, (Sun, Jan 12th)
VBA macros and embedded files/objects are stored as OLE files inside OOXML files. You can have .docm files with many OLE files, like this one, analyzed with zipdump.py: If you analyze this with oledump.py, each OLE file inside the ZIP container will get its own letter prefix: Use this letter prefix to select the correct…
-
Wireshark 4.4.3 Released, (Sat, Jan 11th)
Wireshark release 4.4.3 fixes 0 vulnerabilities and 8 bugs. Didier Stevens Senior handler blog.DidierStevens.com (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
ISC Stormcast For Friday, January 10th, 2025 https://isc.sans.edu/podcastdetail/9274, (Fri, Jan 10th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Windows Defender Chrome Extension Detection, (Fri, Jan 10th)
With the recent Cyberhaven Extension(2) attack, looking for specific Chrome extensions installed can be very helpful. If you are running Defender with enhanced vulnerability management, Defender automatically catalogs installed extensions by going to Vulnerability Management -> Inventories and selecting Browser Extension from the Defender Console. Also, you can do Hunt Queries on the DeviceTvmBrowserExtensions table. For…
