Posts
Log4shell Lightning talk - 2022 TF-CSIRT Meeting & FIRST Regional Symposium Europe
· β˜• 1 min read
Few weeks ago, I attended the 2022 TF-CSIRT Meeting & FIRST Regional Symposium Europe and gave a lighting talk there discussing couple of interesting trends seen in Log4shell exploitation attempts and the possibility to create a simple generic defense agains similar attacks in the future. Recordings of all the talks are now available on YouTube...

SANS ISC Diary - Phishing e-mail with...an advertisement?
· β˜• 1 min read
A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at a slightly unusual phishing message that contained text reminiscent of an advertisement for Xerox products…

Podcast with Gaper.io about (not just) work from home security
· β˜• 1 min read
I’ve been invited to do a podcast with Gaper.io some time back, and the resulting recording was published today. Mark Allen, Gaper’s business development director, and I spent nearly 20 minutes talking about different security aspects of work from home, general security awareness and several other topics. If you’re looking for a light, security-related podcast listen to, this one might not be a bad choice…

Open ports statistics for 2021
· β˜• 3 min read
The year 2021 is behind us which means that the time has come for us to take a look at how the internet changed over its 365 days...

TriOp update - version 1.4 (and Shodan Trends)
· β˜• 1 min read
I’ve published version 1.4 of TriOp today. The only change in this version is the addition of CVE-2021-31206 (vulnerability used in the ProxyShell attack) to the relevant search list. One additional point that deserves a mention is that Shodan has recently opened access to a new service called Shodan Trends...