SANS ISC Diary - EternalBlue 5 years after WannaCry and NotPetya
· โ˜• 1 min read
A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at the number of internet-exposed systems that are still vulnerable to the EternalBlue exploit…

Log4shell Lightning talk - 2022 TF-CSIRT Meeting & FIRST Regional Symposium Europe
· โ˜• 1 min read
Few weeks ago, I attended the 2022 TF-CSIRT Meeting & FIRST Regional Symposium Europe and gave a lighting talk there discussing couple of interesting trends seen in Log4shell exploitation attempts and the possibility to create a simple generic defense agains similar attacks in the future. Recordings of all the talks are now available on YouTube...

TriOp update - version 1.1
· โ˜• 2 min read
Iโ€™ve published version 1.1 of TriOp today. Iโ€™ve added CVEs for the recent Exchange vulnerabilities to the vulnerability search list, since Shodan is now capable of detecting systems affected by them. In response to a request from the CSIRT community, Iโ€™ve also added the option for use of arbitrary filter along with a list of parameters...

Most common vulnerabilities based on Shodan scans
· โ˜• 3 min read
My recent post on the Internet Storm Center website about the surprisingly high number of systems still affected by critical vulnerabilities, which have been patched for a long time, received quite a positive feedback. I have consequently decided to take a look at the issue in a more comprehensive manner and since I didnโ€™t know, which vulnerabilities Shodan was able to detect, Iโ€™ve used my TriOp tool to gather data for all of the approximately 190k CVEs ever published. After couple of days the script took to run, I have the results and they are quite interestingโ€ฆ