Untrusted Network

SANS ISC Diary - PowerPoint attachments, Agent Tesla and code reuse in malware

📅 Dec 20, 2021 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at a malspam message with macro-enabled PowerPoint attachment that turned out to be first stage of an Agent Tesla infection chain…

SANS ISC Diary - Phishing page hiding itself using dynamically adjusted IP-based allow list

📅 Nov 24, 2021 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at an interesting protection mechanism used on a phishing site to deny access to it to anyone but the victim who first clicked the link in a phishing mail…

TriOp update - version 1.4 (and Shodan Trends)

📅 Oct 28, 2021 · ☕ 1 min read

I’ve published version 1.4 of TriOp today. The only change in this version is the addition of CVE-2021-31206 (vulnerability used in the ProxyShell attack) to the relevant search list. One additional point that deserves a mention is that Shodan has recently opened access to a new service called Shodan Trends...

Open ports statistics for Q3 2021

📅 Oct 1, 2021 · ☕ 2 min read

Only the last three months remain until the end of 2021, which means it's time for a look at how the internet as a whole changed in the third quarter of the year...

Interview - ECSC 2021

📅 Sep 30, 2021 · ☕ 1 min read

Prague is currently hosting this year’s European Cyber Security Challenge - an international security competition for teams of young talents from different European countries. Since I am the author of one of the practical challenges that make up the competition and ALEF is one of its sponsors, I was asked for a short interview by the competition’s organizers in the run up to the Challenge itself. The resulting video was published on Youtube today.

SANS ISC Diary - TLS 1.3 and SSL - the current state of affairs

📅 Sep 28, 2021 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at the current state of adoption of TLS 1.3 and disposal of SSL 2.0 and 3.0…

SANS ISC Diary - Phishing 101: why depend on one suspicious message subject when you can use many?

📅 Sep 16, 2021 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at a phishing that tried to use multiple suspicious message subjects to lure the recipient to a phishing site…

Presentation from TF-CSIRT meeting - How TLS 1.3 adoption (and disposal of SSL) is going

📅 Sep 14, 2021 · ☕ 1 min read

64th meeting of the TF-CSIRT community took place today. I've had the pleasure to contribute to it with a short presentation about the current state of adoption of TLS 1.3 and continued use of SSL protocols. Although I usually don't mention presentations I've prepared for TF-CSIRT meetings here, I've decided to make an exception for this one, since I believe that it might be worth looking at even without the accompanying commentary...

SANS ISC Diary - There may be (many) more SPF records than we might expect

📅 Aug 25, 2021 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at the surprisingly high number of SPF records set for domains in the CZ TLD…

TriOp update - version 1.3

📅 Aug 12, 2021 · ☕ 1 min read

I’ve published version 1.3 of TriOp today. The only change in this version is the addition of vulnerabilities used in the ProxyShell attack (CVE-2021-31207, CVE-2021-34473 and CVE-2021-34523) to the relevant search list...