News

An infection from Rig exploit kit, (Mon, Jun 17th)

Published June 16, 2019

Introduction Rig exploit kit (EK) is one of a handful of EKs still active as reported in May 2019 by Malwarebytes.  Even though EKs are far less active than in previous years, EK traffic is still sometimes noted in the wild.  Twitter accounts like @nao_sec, @david_jursa, @jeromesegura, and @tkanalyst occasionally tweet about EK activity.  Today’s […]

Read more

ISC Stormcast For Monday, June 17th 2019 https://isc.sans.edu/podcastdetail.html?id=6542, (Mon, Jun 17th)

Published June 16, 2019

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Reposted from SANS. View original.

Read more

Sysmon Version 10: DNS Logging, (Sun, Jun 16th)

Published June 16, 2019

Sysmon Version 10.0 brings DNS query logging. By default, DNS query logging is not enabled. You need to provide a configuration file, like this simple config.xml:             This config file will log all DNS queries: using onmatch=”exclude” without any filters excludes no events at all. Remark also that the event is DnsQuery […]

Read more

Issue #47 – Volume XXI – SANS Newsbites – June 14th, 2019

Published June 14, 2019

Reposted from SANS NewsBites. Click here to read the original posting.

Read more

ISC Stormcast For Friday, June 14th 2019 https://isc.sans.edu/podcastdetail.html?id=6540, (Fri, Jun 14th)

Published June 13, 2019

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Reposted from SANS. View original.

Read more

A few Ghidra tips for IDA users, part 4 – function call graphs, (Fri, Jun 14th)

Published June 13, 2019

One of the features of IDA that we use in FOR610 that can be helpful for detecting malicious patterns of API calls is the feature for creating a graph of all function calls called from the current function and any functions that it calls. The graph itself isn’t all that pretty to look at, but […]

Read more

Issue #46 – Volume XXI – SANS Newsbites – June 11th, 2019

Published June 13, 2019

Reposted from SANS NewsBites. Click here to read the original posting.

Read more

ISC Stormcast For Thursday, June 13th 2019 https://isc.sans.edu/podcastdetail.html?id=6538, (Thu, Jun 13th)

Published June 12, 2019

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Reposted from SANS. View original.

Read more

What is "THAT" Address Doing on my Network, (Thu, Jun 13th)

Published June 12, 2019

Disclosure: ISC does not endorse any one particular vendor. That said, you may recognize what type of firewall I use 🙂 So this all started with a strange log entry with SYN packet going to a RFC1918 [1] Address. Now, that address is not in regular use on my network, all the more puzzling. Below […]

Read more

ISC Stormcast For Wednesday, June 12th 2019 https://isc.sans.edu/podcastdetail.html?id=6536, (Wed, Jun 12th)

Published June 11, 2019

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Reposted from SANS. View original.

Read more