News

How Safe Are Your Docker Images?, (Thu, Apr 22nd)

Published April 22, 2021

Today, I don’t know any organization that is using Docker today. For only test and development only or to full production systems, containers are deployed everywhere! In the same way, most popular tools today have a “dockerized” version ready to use, sometimes maintained by the developers themselves, sometimes maintained by third parties. An example is […]

Read more

ISC Stormcast For Thursday, April 22nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7468, (Thu, Apr 22nd)

Published April 21, 2021

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Reposted from SANS. View original.

Read more

A Case for Lockdown and Isolation (and not the Covid kind), (Wed, Apr 21st)

Published April 21, 2021

A reader wrote in expressing concerns over a vendor software management platform that had 3rd party module vulnerabilities [1]. Reasonable risk assessment if you ask me. This comes along with the two “One Liners” we posted yesterday [2] [3]. This sounds like a case for isolation and or lockdown. Considering 2021’s climate, let’s be clear […]

Read more

ISC Stormcast For Wednesday, April 21st, 2021 https://isc.sans.edu/podcastdetail.html?id=7466, (Wed, Apr 21st)

Published April 20, 2021

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Reposted from SANS. View original.

Read more

PluseSecure Out of Cycle Advisory: https://kb.pulsesecure.net/articles/Pulse_Secure_Article/SA44784/, (Tue, Apr 20th)

Published April 20, 2021

Richard Porter — ISC Handler on Duty (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Reposted from SANS. View original.

Read more

SonicWall releases Security Notice: Email Security Zero-Day Vulnerabilities https://bit.ly/3eh1r9n, (Tue, Apr 20th)

Published April 20, 2021

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Reposted from SANS. View original.

Read more

ISC Stormcast For Tuesday, April 20th, 2021 https://isc.sans.edu/podcastdetail.html?id=7464, (Tue, Apr 20th)

Published April 19, 2021

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Reposted from SANS. View original.

Read more

Hunting phishing websites with favicon hashes, (Mon, Apr 19th)

Published April 19, 2021

HTTP favicons are often used by bug bounty hunters and red teamers to discover vulnerable services in a target AS or IP range. It makes sense – since different tools (and sometimes even different versions of the same tool) use different favicons[1] and services such as Shodan calculate MurmurHash values[2] for all favicons they discover […]

Read more

ISC Stormcast For Monday, April 19th, 2021 https://isc.sans.edu/podcastdetail.html?id=7462, (Mon, Apr 19th)

Published April 18, 2021

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Reposted from SANS. View original.

Read more

Decoding Cobalt Strike Traffic, (Sun, Apr 18th)

Published April 18, 2021

In diary entry “Example of Cleartext Cobalt Strike Traffic (Thanks Brad)” I share a capture file I found with unencrypted Cobalt Strike traffic. The traffic is unencrypted since the malicious actors used a trial version of Cobalt Strike. This weekend I carried on with the analysis of that traffic, you can see my findings in […]

Read more