Malicious PowerShell Targeting Cryptocurrency Browser Extensions, (Wed, Jun 22nd)
While hunting, I found an interesting PowerShell script. After a quick check, my first conclusion…
Category: SANS
ISC Stormcast For Wednesday, June 22nd, 2022, (Wed, Jun 22nd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. http://ISC Stormcast…
Experimental New Domain / Domain Age API, (Tue, Jun 21st)
One of our goals is to provide data to "color your logs" (or "Augment" them,…
ISC Stormcast For Tuesday, June 21st, 2022, (Tue, Jun 21st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. https://isc.sans.edu/podcastdetail.html?id=8058
Odd TCP Fast Open Packets. Anybody understands why?, (Mon, Jun 20th)
TCP Fast Open (TFO) is a relatively new TCP feature. The corresponding RFC7413 was published in…
ISC Stormcast For Monday, June 20th, 2022, (Mon, Jun 20th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. https://isc.sans.edu/podcastdetail.html?id=8056
Video: Decoding Obfuscated BASE64 Statistically, (Sun, Jun 19th)
I recorded a video for my diary entry "Decoding Obfuscated BASE64 Statistically ". Didier Stevens…
Wireshark 3.6.6 Released, (Sun, Jun 19th)
Wireshark version 3.6.6 was released. If you use Wireshark on Windows 11, you need to…
Decoding Obfuscated BASE64 Statistically, (Sat, Jun 18th)
In diary entry "Houdini is Back Delivered Through a JavaScript Dropper", Xavier mentions that he…
Critical vulnerability in Splunk Enterprise?s deployment server functionality, (Fri, Jun 17th)
Splunk published an advisory about a critical security vulnerability in deployment server, which is a…