-
ISC Stormcast For Monday, September 29th, 2025 https://isc.sans.edu/podcastdetail/9632, (Mon, Sep 29th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
New tool: convert-ts-bash-history.py, (Fri, Sep 26th)
In SANS FOR577[1], we talk about timelines on day 5, both filesystem and super-timelines. but sometimes, I want something quick and dirty and rather than fire up plaso, just to create a timeline of .bash_history data, it is nice to just be able to parse them and, if timestamps are enabled, see them in a…
-
ISC Stormcast For Friday, September 26th, 2025 https://isc.sans.edu/podcastdetail/9630, (Fri, Sep 26th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Webshells Hiding in .well-known Places, (Thu, Sep 25th)
Ever so often, I see requests for files in .well-known recorded by our honeypots. As an example: GET /.well-known/xin1.php?p Host: [honeypot host name] The file names indicate that they are likely looking for webshells. In my opinion, the reason they are looking in .well-known is that this makes a decent place to hide webshells without…
-
ISC Stormcast For Thursday, September 25th, 2025 https://isc.sans.edu/podcastdetail/9628, (Thu, Sep 25th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Exploit Attempts Against Older Hikvision Camera Vulnerability, (Wed, Sep 24th)
I notice a new URL showing up in our web honeypot logs, which looked a bit interesting: /System/deviceInfo?auth=YWRtaW46MTEK The full request: GET /System/deviceInfo?auth=YWRtaW46MTEK Host: 3.87.70.24 User-Agent: python-requests/2.32.4 Accept-Encoding: gzip, deflate Accept: */* Connection: keep-alive The “auth” string caught my attention, in particular as it was followed by a base64 encoded string. The string decodes to…
-
ISC Stormcast For Wednesday, September 24th, 2025 https://isc.sans.edu/podcastdetail/9626, (Wed, Sep 24th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
![[Guest Diary] Distracting the Analyst for Fun and Profit, (Tue, Sep 23rd)](/wp-content/uploads/2025/09/2025-09-23_figure1-5vKbCt.png)
[Guest Diary] Distracting the Analyst for Fun and Profit, (Tue, Sep 23rd)
[This is a Guest Diary by Taylor House, an ISC intern as part of the SANS.edu Bachelor’s Degree in Applied Cybersecurity (BACS) program [1].] Distributed denial of service (DDoS) attacks are a type of cyber-attack where the threat actor attempts to disrupt a service by flooding the target with a ton of requests to overload…
-
ISC Stormcast For Tuesday, September 23rd, 2025 https://isc.sans.edu/podcastdetail/9624, (Tue, Sep 23rd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
ISC Stormcast For Monday, September 22nd, 2025 https://isc.sans.edu/podcastdetail/9622, (Mon, Sep 22nd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
