Posts

SANS ISC Diary - 'Passive' analysis of a phishing attachment

📅 May 1, 2023 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at a “passive”, OPSEC-friendly approach to the analysis of HTML phishing attachments…

SANS ISC Diary - The strange case of Great honeypot of China

📅 Apr 17, 2023 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at a sharp increase of Shodan’s detections of honeypots in China…

SANS ISC Diary - Use of X-Frame-Options and CSP frame-ancestors security headers on 1 million most popular domains

📅 Mar 31, 2023 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at the use of security-related HTTP headers that are able to prevent “framing attacks” on one million most commonly visited domains…

SANS ISC Diary - IPFS phishing and the need for correctly set HTTP security headers

📅 Mar 15, 2023 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at several phishing pages hosted on a disributed file system IPFS and shortly dicuss the potential of HTTP security headers to serve as a defense against phishing…

SANS ISC Diary - HTML phishing attachment with browser-in-the-browser technique

📅 Feb 16, 2023 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at the use of “browser-in-the-browser” technique in a generic phishing campaign…

SANS ISC Diary - SPF and DMARC use on 100k most popular domains

📅 Jan 19, 2023 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at SPF and DMARC use on world’s most popular domains…

SANS ISC Diary - Passive detection of internet-connected systems affected by vulnerabilities from the CISA KEV catalog

📅 Jan 11, 2023 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at a new function of my TriOp tool and its use for passive identification of systems affected by vulnerabilities listed in the CISA KEV Catalog…

TriOp update - version 1.5

📅 Jan 11, 2023 · ☕ 1 min read

I’ve published version 1.5 of TriOp today. Besides the addition of several CVEs into the internal list of vulnerabilities, a new feature was also introduced, which enables automatic generation of Shodan queries for the current list of vulnerabilities from the CISA Known Exploited Vulnerabilities (KEV) Catalog...

SANS ISC Diary - SPF and DMARC use on GOV domains in different ccTLDs

📅 Dec 30, 2022 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at the use of SPF and DMARC on second-level governmental domains in different ccTLDs…

Presentations from 67th TF-CSIRT meeting - Threat modeling with ATT&CK and How quickly do we patch?

📅 Oct 1, 2022 · ☕ 1 min read

67th meeting of the TF-CSIRT community took place this week and I've had a chance to contribute to it with two presentations - one discussing the speed with which we apply patches (from a global standpoint), and another one, in which we looked at a basic approach to threat modeling using MITRE ATT&CK. If you would like to take a look at the slides, they are now available for download...