2021
SANS ISC Diary - Hunting phishing websites with favicon hashes
· β˜• 1 min read
A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at how HTTP favicon hashes may be used to identify IP addresses hosting phishing websites…

SANS ISC Diary - Malspam with Lokibot vs. Outlook and RFCs
· β˜• 1 min read
A Diary of mine was published today on the SANS Internet Storm Center website. In it, we’ll take a look at an interesting malspam message carrying the Lokibot infostealer and also causing quite unusual behavior in Outlook…

Open ports statistics for Q1 2021
· β˜• 2 min read
The first quarter of 2020 is behind us, which means it's time for another look at some of the interesting ports accessible on public IPs. This time however, we will take a look at how the internet as a whole changed during the past 3 months, but also at specific changes related to support of different versions of SSL and TLS...

TriOp update - version 1.2
· β˜• 1 min read
I’ve published version 1.2 of TriOp today. A bug was present in the 'add' mode in version 1.1, which resulted in incorrect behavior when parameterized queries were present in search files, and this update fixes it...

TriOp update - version 1.1
· β˜• 2 min read
I’ve published version 1.1 of TriOp today. I’ve added CVEs for the recent Exchange vulnerabilities to the vulnerability search list, since Shodan is now capable of detecting systems affected by them. In response to a request from the CSIRT community, I’ve also added the option for use of arbitrary filter along with a list of parameters...

SANS ISC Diary - Qakbot in a response to Full Disclosure post
· β˜• 1 min read
A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at an interesting e-mail message carrying Qakbot downloader, which appeared to be sent in a response to a historical Full Disclosure mailing list post…