SANS ISC Diary

SMBGhost - the critical vulnerability many seem to have forgotten to patch

📅 Oct 28, 2020 · ☕ 1 min read

A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at the concerning number of machines connected to the internet, that are still not patched for the critical SMBGhost vulnerability.

SANS ISC Diary - BazarLoader phishing lures: plan a Halloween party, get a bonus and be fired in the same afternoon

📅 Oct 22, 2020 · ☕ 1 min read

A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at phishing campaigns spreading BazarLoader malware and the lures which they use.

SANS ISC Diary - Phishing kits as far as the eye can see

📅 Oct 9, 2020 · ☕ 1 min read

A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at phishing kits, which are offered on the indexed part of the web.

SANS ISC Diary - Slightly broken overlay phishing

📅 Sep 21, 2020 · ☕ 1 min read

A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at an interesting (and slightly broken) phishing campaign, which overlays legitimate pages with fake login prompts.

SANS ISC Diary - A blast from the past - XXEncoded VB6.0 Trojan

📅 Sep 4, 2020 · ☕ 1 min read

A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at a campaign in which the malicious actors decided to go reall “old school” when it comes to file formats they would use.

SANS ISC Diary - Security.txt - one small file for an admin, one giant help to a security researcher

📅 Aug 27, 2020 · ☕ 1 min read

A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at the draft standard for “A File Format to Aid in Security Vulnerability Disclosure”, better known as security.txt.

SANS ISC Diary - Definition of 'overkill' - using 130 MB executable to hide 24 kB malware

📅 Aug 14, 2020 · ☕ 1 min read

A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at a 130 MB EXE carrying within it a 24 kB malicious payload.

SANS ISC Diary - What pages do bad bots look for?

📅 Aug 1, 2020 · ☕ 1 min read

A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at which interesting pages “bad” bots look for the most on web servers.

SANS ISC Diary - Couple of interesting Covid-19 related stats

📅 Jul 21, 2020 · ☕ 1 min read

A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at how regional travel restrictions impact (or don’t) the number of IP addresses which expose remote access protocols to the internet.

SANS ISC Diary - Using Shell Links as zero-touch downloaders and to initiate network connections

📅 Jun 24, 2020 · ☕ 1 min read

A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at a weakness handling of LNK files in Windows, through which one may force the OS to download an arbitrary file from a remote server any time the shortcut file is displayed.