SANS – Untrusted Network

SANS ISC Diary - Malspam with Lokibot vs. Outlook and RFCs

📅 Apr 6, 2021 · ☕ 1 min read

A Diary of mine was published today on the SANS Internet Storm Center website. In it, we’ll take a look at an interesting malspam message carrying the Lokibot infostealer and also causing quite unusual behavior in Outlook…

SANS ISC Diary - Old TLS versions - gone, but not forgotten... well, not really 'gone' either

📅 Mar 30, 2021 · ☕ 1 min read

A Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at changes in the number of web servers, which support TLS 1.0 and TLS 1.1…

SANS ISC Diary - 50 years of malware? Not really. 50 years of computer worms? That's a different story...

📅 Mar 16, 2021 · ☕ 1 min read

A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at Creeper, the first computer worm, which was created 50 years ago - according to some sources, on this very day in 1971…

SANS ISC Diary - Qakbot in a response to Full Disclosure post

📅 Feb 23, 2021 · ☕ 1 min read

A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at an interesting e-mail message carrying Qakbot downloader, which appeared to be sent in a response to a historical Full Disclosure mailing list post…

SANS ISC Diary - Agent Tesla hidden in a historical anti-malware tool

📅 Feb 11, 2021 · ☕ 1 min read

A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at an interesting sample of Agent Tesla, which was hidden in the code of a legitimate historical anti-malware tool…

SANS ISC Diary - TriOp - tool for gathering (not just) security-related data from Shodan.io

📅 Jan 27, 2021 · ☕ 1 min read

A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at TriOp - my recently published tool, which enables anyone to periodically gather interesting data from Shodan.

SANS ISC Diary - From a small BAT file to Mass Logger infostealer

📅 Jan 4, 2021 · ☕ 1 min read

A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at an interesting BAT file from 2020, which turned out to be a downloader for the Mass Logger infostealer.

SANS ISC Diary - TLS 1.3 is now supported by about 1 in every 5 HTTPS servers

📅 Dec 30, 2020 · ☕ 1 min read

A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at the increse in support of TLS 1.3 by HTTPS servers and the decrease in support of SSL 2.0.

SANS ISC Diary - Want to know what's in a folder you don't have a permission to access? Try asking your AV solution...

📅 Dec 29, 2020 · ☕ 1 min read

A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look a small issue present in many anti-malware tools, which may be used to bypass file system level folder listing permissions.

SANS ISC Diary - A slightly optimistic tale of how patching went for CVE-2019-19781

📅 Dec 18, 2020 · ☕ 1 min read

A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at how many publicly accessible systems are still vulnerable to CVE-2019-19781, AKA Shitrix.