One of the side effects of social distancing and self-quarantining due to COVID-19 was a large increase in the use of VPNs (and, in some cases, different remote access protocols, such as RDP or SSH) by companies around the world, so that their employees might work from home.
I was wondering how large this increase would be when compared to the usual state of affairs. To determine this, I took a look at data I gathered from Shodan over the course of March and made couple of - hopefully interesting - charts.
A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at a vulnerability in the way Windows handles self-referential links, which makes it possible to use specially crafted URL and LNK files to crash Explorer.
Videos of all presentations from last weeks CrisisCon are now accessible on Youtube. Among them is my own talk on known unpatched vulnerabilities and weaknesses in Windows.
If you couldn’t make it to the online conference, I recommend you at least go through some of the recordings as couple of the talks were quite interesting.
A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at a vulnerability in the way Windows handles desktop.ini files, which makes it possible to use them as an interesting post-exploitation tool.
Whether your work has anything to do with security monitoring, malware analysis, incident response, or just general IT administration, you’ve probably come across VirusTotal. It is an invaluable tool when it comes to identifying malicious code, however sometimes we need to dig a bit deeper than just getting a 'detection score' for a potentially dangerous file...
A Diary of mine was published today on the SANS Internet Storm Center. In this one, we delve into the support of HTTP and HTTPS among web servers on the internet, as well as support for Telnet and SSH, over the last six months.
A Diary of mine was published today on the SANS Internet Storm Center. This one deals with a strange side effect of the way in which Windows deals with file permissions, which enables any user, regardless of permissions, to brute-force contents of any local folder.
A Diary of mine was published today on the SANS Internet Storm Center. In this one we take a look at a current phishing campaign which shows quite well the current “let’s get all the users' data” mentality of the attackers.