2025 – Untrusted Network

SANS ISC Diary - A phishing with invisible characters in the subject line

📅 Oct 28, 2025 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at an unusual phishing message which contained “invisible” characters in its subject line…

SANS ISC Diary - A quick look at sextortion at scale: 1,900 messages and 205 Bitcoin addresses spanning four years

📅 Sep 2, 2025 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll discuss the analysis of approximately 1,900 sextortion e-mails spanning years 2021-2025, and look at interesting statistical data that resulted from this analysis…

SANS ISC Diary - Do sextortion scams still work in 2025?

📅 Aug 6, 2025 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll discuss whether sextortion scams are still effective in 2025…

SANS ISC Diary - How quickly do we patch? A quick look from the global viewpoint

📅 Jul 21, 2025 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at how quickly do we – as a global society – patch actively-exploited vulnerabilities when it comes to our internet-facing systems…

SANS ISC Diary - Phishing e-mail that hides malicious link from Outlook users

📅 Jun 4, 2025 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at an interesting phishing e-mail that hides the link to a malicious site from Oulook users…

SANS ISC Diary - Another day, another phishing campaign abusing google.com open redirects

📅 May 14, 2025 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at an actively exploited open redirect vulnerability in Google Travel service that enables threat actors to craft links pointing to www.google.com which cause redirection to an arbitrary URL…

SANS ISC Diary - It's 2025... so why are obviously malicious advertising URLs still going strong?

📅 Apr 21, 2025 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at a phishing campaign, in which Google Ad service was used for redirection of victims, and at security weaknesses of web-based ad services in general…

SANS ISC Diary - A Tale of Two Phishing Sites

📅 Mar 28, 2025 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at two phishing sites based on the same phishing kit, that differed significantly (not just) in the level of obfuscation…

Measuring security operations capabilities and improving their maturity, efficiency, and effectiveness

📅 Mar 4, 2025 · ☕ 15 min read

To slightly paraphrase Peter Drucker’s famous quote, one can’t manage what one can’t measure. This – of course – holds true even for Computer Security Incident Response Teams (CSIRTs) and Security Operations Centers (SOCs). The only question is, how can we “measure” what they do in a meaningful way? This is what we will discuss in this article...

10 years of Untrusted Network

📅 Mar 3, 2025 · ☕ 1 min read

Today marks the 10-year anniversary of this website. It has changed a lot since 2015, and not just visually, but also in terms of content. And since I thought it would be worthwhile to share something interesting for the anniversary, in this post, you will find some high-level AWStats data that encompasses the entire lifetime of this website…