SANS ISC Diary

SANS ISC Diary - From small LNK to large malicious BAT file with zero VT score

📅 Aug 3, 2023 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at a malicious BAT file which was used in a phishing campaign last week and according to VirusTotal is still being detected as benign by all anti-virus engines it has access to…

SANS ISC Diary - Kazakhstan - the world's last SSLv2 superpower... and a country with potentially vulnerable last-mile internet infrastructure

📅 Jun 28, 2023 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at a surprisingly high number of old network devices in Kazakhstan, which still support SSL version 2.0…

SANS ISC Diary - After 28 years, SSLv2 is still not gone from the internet... but we're getting there

📅 Jun 1, 2023 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at how SSLv2 support on web servers connected to the internet is slowly “dying off”…

SANS ISC Diary - Ongoing Facebook phishing campaign without a sender and (almost) without links

📅 May 15, 2023 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at an interesting, long-term phishing campaign targeting Facebook users…

SANS ISC Diary - 'Passive' analysis of a phishing attachment

📅 May 1, 2023 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at a “passive”, OPSEC-friendly approach to the analysis of HTML phishing attachments…

SANS ISC Diary - The strange case of Great honeypot of China

📅 Apr 17, 2023 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at a sharp increase of Shodan’s detections of honeypots in China…

SANS ISC Diary - Use of X-Frame-Options and CSP frame-ancestors security headers on 1 million most popular domains

📅 Mar 31, 2023 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at the use of security-related HTTP headers that are able to prevent “framing attacks” on one million most commonly visited domains…

SANS ISC Diary - IPFS phishing and the need for correctly set HTTP security headers

📅 Mar 15, 2023 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at several phishing pages hosted on a disributed file system IPFS and shortly dicuss the potential of HTTP security headers to serve as a defense against phishing…

SANS ISC Diary - HTML phishing attachment with browser-in-the-browser technique

📅 Feb 16, 2023 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at the use of “browser-in-the-browser” technique in a generic phishing campaign…

SANS ISC Diary - SPF and DMARC use on 100k most popular domains

📅 Jan 19, 2023 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at SPF and DMARC use on world’s most popular domains…