SANS ISC Diary - E-mail from Agent Tesla
· β 1 min read
A Diary of mine was published today on the SANS Internet Storm Center. In this one we take a look at a multi-stage downloader for Agent Tesla.
SANS ISC Diary - Analysis of a strangely poetic malware
· β 1 min read
A Diary of mine was published today on the SANS Internet Storm Center. In this one we take a look at a macro-based dropper sent to the Internet Storm Center by one of our readers.
SANS ISC Diary - Lessons learned from playing a willing phish
· β 1 min read
A Diary of mine was published today on the SANS Internet Storm Center. In this one we take a look at baiting phishing attackers and at some of the lessons we may learn from it.
SANS ISC Diary - Did the recent malicious BlueKeep campaign have any positive impact when it comes to patching?
· β 1 min read
A Diary of mine was published today on the SANS Internet Storm Center. If you wondered whether the recent 'BlueKeep worm scare' had any impact when it comes to the number of vulnerable systems out there, then this one is for you.
SANS ISC Diary - EML attachments in O365 - a recipe for phishing
· β 1 min read
A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at the absence of filtering of EML attachments in O365 and what it can lead to.
Do automated tools really detect only 45% of all vulnerabilities?
· β 7 min read
If you've dealt with IT security for any length of time, chances are that you've come across a claim that research has shown that automated tools can only detect 45% of vulnerabilities. It is often cited to illustrate the need for participation of human experts in security and penetration tests. However is the claim really true? You may find it in, among many other places, the latest OWASP Testing Guide...
SANS ISC Diary - Phishing e-mail spoofing SPF-enabled domain
· β 1 min read
A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at SPF and when even SPF-enabled domains may be spoofed.
ALEF Security Report 2019
· β 1 min read
Couple of months back, my colleagues and I created a report covering current cyber security situation in the Czech Republic. If you’d like to know, what security services were most in demand during the last couple of years, how large is the percentage of Czech organizations, which conduct phishing tests of their employees, or how STARTTLS adoption is progressing in Czech Republic, you may download it here.
SANS ISC Diary - Tricky LNK points to TrickBot
· β 1 min read
A Guest Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at analyzing a malicious LNK file which leads us to a sample of Trickbot.
SANS ISC Diary - Open Redirect: A Small But Very Common Vulnerability
· β 1 min read
A Guest Diary of mine was published today on the SANS Internet Storm Center. In this one, I discuss open redirect vulnerabilities and how to find them. If you’ve never heard of open redirects, this might be a useful introductory text.