News – Untrusted Network

SANS ISC Diary - What pages do bad bots look for?

📅 Aug 1, 2020 · ☕ 1 min read

A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at which interesting pages “bad” bots look for the most on web servers.

SANS ISC Diary - Couple of interesting Covid-19 related stats

📅 Jul 21, 2020 · ☕ 1 min read

A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at how regional travel restrictions impact (or don’t) the number of IP addresses which expose remote access protocols to the internet.

SANS ISC Diary - Using Shell Links as zero-touch downloaders and to initiate network connections

📅 Jun 24, 2020 · ☕ 1 min read

A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at a weakness handling of LNK files in Windows, through which one may force the OS to download an arbitrary file from a remote server any time the shortcut file is displayed.

SANS ISC Diary - Broken phishing accidentally exploiting Outlook zero-day

📅 Jun 18, 2020 · ☕ 1 min read

A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at a phishing, which accidentally exploited a 0-day vulnerability in Outlook, which allows for creation or modification of links when an e-mail is forwarded by Outlook.

Update of overview of free online malware analysis sandboxes

📅 May 30, 2020 · ☕ 1 min read

Since there have been some small changes in the free online malware analysis sandbox landscape over the last couple of months, I've updated the comparison table to reflect them...

SANS ISC Diary - Frankenstein's phishing using Google Cloud Storage

📅 May 27, 2020 · ☕ 1 min read

A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at a strange phishing campaign, which was, due to combination of quite sophisticated and extremely amateurish components, reminiscent of the creation of Shelley’s Dr. Frankenstein.

SANS ISC Diary - Agent Tesla delivered by the same phishing campaign for over a year

📅 Apr 28, 2020 · ☕ 1 min read

A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at a phishing campaign that has been running almost unchanged for more than a year and seems to be distributing exclusively Agent Tesla.

SANS ISC Diary - Look at the same phishing campaign 3 months apart

📅 Apr 13, 2020 · ☕ 1 min read

A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at two phishing e-mails from the same campaign sent out 3 months apart.

Open ports in the Time of Corona

📅 Apr 2, 2020 · ☕ 3 min read

One of the side effects of social distancing and self-quarantining due to COVID-19 was a large increase in the use of VPNs (and, in some cases, different remote access protocols, such as RDP or SSH) by companies around the world, so that their employees might work from home. I was wondering how large this increase would be when compared to the usual state of affairs. To determine this, I took a look at data I gathered from Shodan over the course of March and made couple of - hopefully interesting - charts.

SANS ISC Diary - Crashing explorer.exe with(out) a click

📅 Mar 30, 2020 · ☕ 1 min read

A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at a vulnerability in the way Windows handles self-referential links, which makes it possible to use specially crafted URL and LNK files to crash Explorer.