SANS ISC Diary

SANS ISC Diary - HTML phishing attachments - now with anti-analysis features

📅 Jun 1, 2022 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at an unusual use of anti-debugging/anti-analysis techniques in a phishing page…

SANS ISC Diary - Do you want 30 BTC? Nothing is easier (or cheaper) in this phishing campaign...

📅 May 18, 2022 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at a sophisticated phishing campaign that offered 30 BTC (in someone else’s account) in an attempt to get victims to send it money…

SANS ISC Diary - What is the simplest malware in the world?

📅 May 6, 2022 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at what might be the simplest malware in the world…

SANS ISC Diary - MITRE ATT&CK v11 - a small update that can help (not just) with detection engineering

📅 Apr 27, 2022 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at a new version of the MITRE ATT&CK framework, which was published this week…

SANS ISC Diary - How is Ukrainian internet holding up during the Russian invasion?

📅 Apr 13, 2022 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at the impact of the current war in Ukraine on the country’s internet…

SANS ISC Diary - Over 20 thousand servers have their iLO interfaces exposed to the internet, many with outdated and vulnerable versions of FW

📅 Jan 26, 2022 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at the high number of HP servers that have their out-of-band configuration interface exposed to the internet…

SANS ISC Diary - Phishing e-mail with...an advertisement?

📅 Jan 18, 2022 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at a slightly unusual phishing message that contained text reminiscent of an advertisement for Xerox products…

SANS ISC Diary - Do you want your Agent Tesla in the 300 MB or 8 kB package?

📅 Dec 31, 2021 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at some of the largest and smallest malicious PE files that were caught by my malspam trap in 2021…

SANS ISC Diary - PowerPoint attachments, Agent Tesla and code reuse in malware

📅 Dec 20, 2021 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at a malspam message with macro-enabled PowerPoint attachment that turned out to be first stage of an Agent Tesla infection chain…

SANS ISC Diary - Phishing page hiding itself using dynamically adjusted IP-based allow list

📅 Nov 24, 2021 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at an interesting protection mechanism used on a phishing site to deny access to it to anyone but the victim who first clicked the link in a phishing mail…