News
How Safe Are Your Docker Images?, (Thu, Apr 22nd)
Today, I don’t know any organization that is using Docker today. For only test and development only or to full production systems, containers are deployed everywhere! In the same way, most popular tools today have a “dockerized” version ready to use, sometimes maintained by the developers themselves, sometimes maintained by third parties. An example is […]
Read moreISC Stormcast For Thursday, April 22nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7468, (Thu, Apr 22nd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Reposted from SANS. View original.
Read moreA Case for Lockdown and Isolation (and not the Covid kind), (Wed, Apr 21st)
A reader wrote in expressing concerns over a vendor software management platform that had 3rd party module vulnerabilities [1]. Reasonable risk assessment if you ask me. This comes along with the two “One Liners” we posted yesterday [2] [3]. This sounds like a case for isolation and or lockdown. Considering 2021’s climate, let’s be clear […]
Read moreISC Stormcast For Wednesday, April 21st, 2021 https://isc.sans.edu/podcastdetail.html?id=7466, (Wed, Apr 21st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Reposted from SANS. View original.
Read morePluseSecure Out of Cycle Advisory: https://kb.pulsesecure.net/articles/Pulse_Secure_Article/SA44784/, (Tue, Apr 20th)
Richard Porter — ISC Handler on Duty (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Reposted from SANS. View original.
Read moreSonicWall releases Security Notice: Email Security Zero-Day Vulnerabilities https://bit.ly/3eh1r9n, (Tue, Apr 20th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Reposted from SANS. View original.
Read moreISC Stormcast For Tuesday, April 20th, 2021 https://isc.sans.edu/podcastdetail.html?id=7464, (Tue, Apr 20th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Reposted from SANS. View original.
Read moreHunting phishing websites with favicon hashes, (Mon, Apr 19th)
HTTP favicons are often used by bug bounty hunters and red teamers to discover vulnerable services in a target AS or IP range. It makes sense – since different tools (and sometimes even different versions of the same tool) use different favicons[1] and services such as Shodan calculate MurmurHash values[2] for all favicons they discover […]
Read moreISC Stormcast For Monday, April 19th, 2021 https://isc.sans.edu/podcastdetail.html?id=7462, (Mon, Apr 19th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Reposted from SANS. View original.
Read moreDecoding Cobalt Strike Traffic, (Sun, Apr 18th)
In diary entry “Example of Cleartext Cobalt Strike Traffic (Thanks Brad)” I share a capture file I found with unencrypted Cobalt Strike traffic. The traffic is unencrypted since the malicious actors used a trial version of Cobalt Strike. This weekend I carried on with the analysis of that traffic, you can see my findings in […]
Read more