SANS ISC Diary

SANS ISC Diary - Phishing e-mail with...an advertisement?

📅 Jan 18, 2022 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at a slightly unusual phishing message that contained text reminiscent of an advertisement for Xerox products…

SANS ISC Diary - Do you want your Agent Tesla in the 300 MB or 8 kB package?

📅 Dec 31, 2021 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at some of the largest and smallest malicious PE files that were caught by my malspam trap in 2021…

SANS ISC Diary - PowerPoint attachments, Agent Tesla and code reuse in malware

📅 Dec 20, 2021 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at a malspam message with macro-enabled PowerPoint attachment that turned out to be first stage of an Agent Tesla infection chain…

SANS ISC Diary - Phishing page hiding itself using dynamically adjusted IP-based allow list

📅 Nov 24, 2021 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at an interesting protection mechanism used on a phishing site to deny access to it to anyone but the victim who first clicked the link in a phishing mail…

SANS ISC Diary - TLS 1.3 and SSL - the current state of affairs

📅 Sep 28, 2021 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at the current state of adoption of TLS 1.3 and disposal of SSL 2.0 and 3.0…

SANS ISC Diary - Phishing 101: why depend on one suspicious message subject when you can use many?

📅 Sep 16, 2021 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at a phishing that tried to use multiple suspicious message subjects to lure the recipient to a phishing site…

SANS ISC Diary - There may be (many) more SPF records than we might expect

📅 Aug 25, 2021 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at the surprisingly high number of SPF records set for domains in the CZ TLD…

SANS ISC Diary - ProxyShell - how many Exchange servers are affected and where are they?

📅 Aug 9, 2021 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at the number of Exchange serveres vulnerable to the ProxyShell attack…

SANS ISC Diary - A sextortion e-mail from...IT support?!

📅 Jul 28, 2021 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at a slightly unusual sextortion phishing, in which its author claimed to work for an IT service company hired by recipients e-mail provider…

SANS ISC Diary - One way to fail at malspam - give recipients the wrong password for an encrypted attachment

📅 Jul 14, 2021 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at a malspam campaign, whose authors failed to include a correct password to decrypt the malicious attachment…