-
Help Wanted: What are these odd reuqests about?, (Sun, Sep 21st)
Looking at our web honeypot data, I came across an odd new request header I hadn’t seen before: “X-Forwarded-App”. My first guess was that this is yet another issue with a proxy-server bucket brigade spilling secrets when a particular “App” is connecting to it. So I dove in a bit deeper, and found requests like…
-
ISC Stormcast For Friday, September 19th, 2025 https://isc.sans.edu/podcastdetail/9620, (Fri, Sep 19th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
ISC Stormcast For Thursday, September 18th, 2025 https://isc.sans.edu/podcastdetail/9618, (Thu, Sep 18th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
![Exploring Uploads in a Dshield Honeypot Environment [Guest Diary], (Thu, Sep 18th)](/wp-content/uploads/2025/09/Nathan_Smisson_pic1-BtbacJ.png)
Exploring Uploads in a Dshield Honeypot Environment [Guest Diary], (Thu, Sep 18th)
[This is a Guest Diary by Nathan Smisson, an ISC intern as part of the SANS.edu BACS program] The goal of this project is to test the suitability of various data entry points within the dshield ecosystem to determine which metrics are likely to yield consistently interesting results. This article explores analysis of files uploaded…
-
CTRL-Z DLL Hooking, (Wed, Sep 17th)
When you’re debugging a malware sample, you probably run it into a debugger and define some breakpoints. The idea is to take over the program control before it will perform “interesting” actions. Usually, we set breakpoints on memory management API call (like VirtualAlloc()) or process activities (like CreateProcess(), CreateRemoteThread(), …). The default technique used by debuggers to implement breakpoints…
-
ISC Stormcast For Wednesday, September 17th, 2025 https://isc.sans.edu/podcastdetail/9616, (Wed, Sep 17th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Why You Need Phishing Resistant Authentication NOW., (Tue, Sep 16th)
The recent (and still ongoing) phishing of NPM developer accounts showed yet again that even technically sophisticated and aware users are falling for phishing lures. Anybody will fall for phishing if a well-targeted e-mail is used. All it took for the NPM phish to succeed was a well-written email and a convincing landing page. This…
-
ISC Stormcast For Tuesday, September 16th, 2025 https://isc.sans.edu/podcastdetail/9614, (Tue, Sep 16th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Apple Updates Everything – iOS/macOS 26 Edition, (Mon, Sep 15th)
Today, as expected, Apple released iOS/iPadOS/macOS/watchOS/tvOS 26. Going forward, Apple will adopt the same OS number across its different offerings, setting us up for a potential year 2100 issue. Notably, VisionOS was not updated. There are two options to apply the security updates: You may stick with the old major operating system version (iOS 18 or…
-
ISC Stormcast For Monday, September 15th, 2025 https://isc.sans.edu/podcastdetail/9612, (Mon, Sep 15th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
