2021
Open ports statistics for Q3 2021
· β˜• 2 min read
Only the last three months remain until the end of 2021, which means it's time for a look at how the internet as a whole changed in the third quarter of the year...

Interview - ECSC 2021
· β˜• 1 min read
Prague is currently hosting this year’s European Cyber Security Challenge - an international security competition for teams of young talents from different European countries. Since I am the author of one of the practical challenges that make up the competition and ALEF is one of its sponsors, I was asked for a short interview by the competition’s organizers in the run up to the Challenge itself. The resulting video was published on Youtube today.

Presentation from TF-CSIRT meeting - How TLS 1.3 adoption (and disposal of SSL) is going
· β˜• 1 min read
64th meeting of the TF-CSIRT community took place today. I've had the pleasure to contribute to it with a short presentation about the current state of adoption of TLS 1.3 and continued use of SSL protocols. Although I usually don't mention presentations I've prepared for TF-CSIRT meetings here, I've decided to make an exception for this one, since I believe that it might be worth looking at even without the accompanying commentary...

TriOp update - version 1.3
· β˜• 1 min read
I’ve published version 1.3 of TriOp today. The only change in this version is the addition of vulnerabilities used in the ProxyShell attack (CVE-2021-31207, CVE-2021-34473 and CVE-2021-34523) to the relevant search list...

List of free online malware analysis sandboxes v1.7
· β˜• 1 min read
Since the online malware sandbox landscape has changed somewhat over the last six months, I have updated my list of most useful sandboxes to reflect these changes. One improvement that deserves a special mention was a significant increase in number of supported operating systems by the Hatching Triage platform...

SANS ISC Diary - A sextortion e-mail from...IT support?!
· β˜• 1 min read
A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at a slightly unusual sextortion phishing, in which its author claimed to work for an IT service company hired by recipients e-mail provider…