-
ISC Stormcast For Friday, November 8th, 2024 https://isc.sans.edu/podcastdetail/9214, (Fri, Nov 8th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Steam Account Checker Poisoned with Infostealer, (Thu, Nov 7th)
I found an interesting script targeting Steam users. Steam[1] is a popular digital distribution platform for purchasing, downloading, and playing video games on personal computers. The script is called “steam-account-checker” and is available in Github[2]. Its description is: steam account checker ? check your steam log 2024 ? simple script that validates steam logins fast and easy. Updated…
-
ISC Stormcast For Thursday, November 7th, 2024 https://isc.sans.edu/podcastdetail/9212, (Thu, Nov 7th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
![[Guest Diary] Insights from August Web Traffic Surge, (Wed, Nov 6th)](/wp-content/uploads/2024/11/2024-11-02_figure1-LAEWq0.png)
[Guest Diary] Insights from August Web Traffic Surge, (Wed, Nov 6th)
[This is a Guest Diary by Trevor Coleman, an ISC intern as part of the SANS.edu Bachelor’s Degree in Applied Cybersecurity (BACS) program [1]. Figure 1: ISC Web Honeypot Log Overview Chart [2] The month of August brought with it a notable surge in web traffic log activities, catching my attention. As I delved into…
-
ISC Stormcast For Wednesday, November 6th, 2024 https://isc.sans.edu/podcastdetail/9210, (Wed, Nov 6th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Python RAT with a Nice Screensharing Feature, (Tue, Nov 5th)
While hunting, I found another interesting Python RAT in the wild. This is not brand new because the script was released two years ago[1]. The script I found is based on the same tool and still has a low VT score: 3/64 (SHA256:1281b7184278f2a4814b245b48256da32a6348b317b83c440008849a16682ccb)[2]. The RAT has a lot of features to control the victim’s computer: remnux@remnux:/MalwareZoo/20241021$…
-
ISC Stormcast For Tuesday, November 5th, 2024 https://isc.sans.edu/podcastdetail/9208, (Tue, Nov 5th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Analyzing an Encrypted Phishing PDF, (Mon, Nov 4th)
Once in a while, I get a question about my pdf-parser.py tool, not able to decode strings and streams from a PDF document. And often, I have the answer without looking at the PDF: it’s encrypted. PDF documents can be encrypted, and what’s special about encrypted PDFs, is that the structure of the PDF document…
-
ISC Stormcast For Monday, November 4th, 2024 https://isc.sans.edu/podcastdetail/9206, (Mon, Nov 4th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
qpdf: Extracting PDF Streams, (Sat, Nov 2nd)
In diary entry “Analyzing PDF Streams” I answer a question asked by a student of Xavier: “how can you export all streams of a PDF?”. I explained how to do this with my pdf-parser.py tool. I recently found another method, using the open-source tool qpdf. Since version 11, you can extract streams with qpdf. If…
