SANS – Untrusted Network

SANS ISC Diary - Use of X-Frame-Options and CSP frame-ancestors security headers on 1 million most popular domains

📅 Mar 31, 2023 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at the use of security-related HTTP headers that are able to prevent “framing attacks” on one million most commonly visited domains…

SANS ISC Diary - IPFS phishing and the need for correctly set HTTP security headers

📅 Mar 15, 2023 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at several phishing pages hosted on a disributed file system IPFS and shortly dicuss the potential of HTTP security headers to serve as a defense against phishing…

SANS ISC Diary - HTML phishing attachment with browser-in-the-browser technique

📅 Feb 16, 2023 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at the use of “browser-in-the-browser” technique in a generic phishing campaign…

SANS ISC Diary - SPF and DMARC use on 100k most popular domains

📅 Jan 19, 2023 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at SPF and DMARC use on world’s most popular domains…

SANS ISC Diary - Passive detection of internet-connected systems affected by vulnerabilities from the CISA KEV catalog

📅 Jan 11, 2023 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at a new function of my TriOp tool and its use for passive identification of systems affected by vulnerabilities listed in the CISA KEV Catalog…

SANS ISC Diary - SPF and DMARC use on GOV domains in different ccTLDs

📅 Dec 30, 2022 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at the use of SPF and DMARC on second-level governmental domains in different ccTLDs…

SANS ISC Diary - Traffic Light Protocol (TLP) 2.0 is here

📅 Aug 4, 2022 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at a new version of the Traffic Light Protocol standard, which was published by FIRST earlier this week…

SANS ISC Diary - EternalBlue 5 years after WannaCry and NotPetya

📅 Jul 5, 2022 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at the number of internet-exposed systems that are still vulnerable to the EternalBlue exploit…

SANS ISC Diary - HTML phishing attachments - now with anti-analysis features

📅 Jun 1, 2022 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at an unusual use of anti-debugging/anti-analysis techniques in a phishing page…

SANS ISC Diary - Do you want 30 BTC? Nothing is easier (or cheaper) in this phishing campaign...

📅 May 18, 2022 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at a sophisticated phishing campaign that offered 30 BTC (in someone else’s account) in an attempt to get victims to send it money…