SANS Database 2020 -  H  2022  2021  2020  2019  2018  2017  2016  2015  2014  2013  2012 

Poslední aktualizace v 06.07.2017 15:54:46

DateTitle
2020-12-31End of Year Traffic Analysis Quiz
2020-11-30Decrypting PowerShell Payloads (video)
2020-12-30TLS 1.3 is now supported by about 1 in every 5 HTTPS servers
2020-12-30ISC Stormcast For Wednesday, December 30th 2020
2020-12-29Want to know what's in a folder you don't have a permission to access? Try asking your AV solution...
2020-12-29ISC Stormcast For Tuesday, December 29th 2020
2020-12-28ISC Stormcast For Monday, December 28th 2020
2020-12-27Quickie: Bit Shifting With translate.py
2020-12-26base64dump.py Supported Encodings
2020-12-25Quickie: String Analysis & Maldocs
2020-12-24Malicious Word Document Delivering an Octopus Backdoor
2020-12-23Analysis Dridex Dropper, IoC extraction (guest diary)
2020-12-23ISC Stormcast For Wednesday, December 23rd 2020
2020-12-22ISC Stormcast For Tuesday, December 22nd 2020
2020-12-22Malware Victim Selection Through WiFi Identification
2020-12-21What's the deal with openportstats.com?
2020-12-21ISC Stormcast For Monday, December 21st 2020
2020-12-20Heads-up: VirusTotal Functionality in Sysinternals Tools Not Working
2020-12-20Wireshark 3.4.2 Released
2020-12-19Secure Communication using TLS in Elasticsearch
2020-12-18A slightly optimistic tale of how patching went for CVE-2019-19781
2020-12-18ISC Stormcast For Friday, December 18th 2020
2020-12-17"Amazon" invoice that asks to call 1-866-335-0659 "to cancel" an order that you never made is (obviously) a #scam
2020-12-17ISC Stormcast For Thursday, December 17th 2020
2020-12-16DNS Logs in Public Clouds
2020-12-16ISC Stormcast For Wednesday, December 16th 2020
2020-12-15ISC Stormcast For Tuesday, December 15th 2020
2020-12-15Analyzing FireEye Maldocs
2020-12-14ISC Stormcast For Monday, December 14th 2020
2020-12-14SolarWinds Breach Used to Infiltrate Customer Networks (Solarigate)
2020-12-13KringleCon 2020
2020-12-13Wireshark 3.4.1 Released
2020-12-12Office 95 Excel 4 Macros
2020-12-11Cisco Jabber Desktop and Mobile Security Advisory Published (CVSS: 9.9):
2020-12-11ISC Stormcast For Friday, December 11th 2020
2020-12-10Writing Yara Rules for Fun and Profit: Notes from the FireEye Breach Countermeasures
2020-12-10ISC Stormcast For Thursday, December 10th 2020
2020-12-10Python Backdoor Talking to a C2 Through Ngrok
2020-12-09ISC Stormcast For Wednesday, December 9th 2020
2020-12-09Recent Qakbot (Qbot) activity
2020-12-08December 2020 Microsoft Patch Tuesday: Exchange, Sharepoint, Dynamics and DNS Spoofing
2020-12-08ISC Stormcast For Tuesday, December 8th 2020
2020-12-07ISC Stormcast For Monday, December 7th 2020
2020-12-07Corrupt BASE64 Strings: Detection and Decoding
2020-12-06oledump's Indicators (video)
2020-12-05Is IP 91.199.118.137 testing Access to aahwwx.52host.xyz?
2020-12-04ISC Stormcast For Friday, December 4th 2020
2020-12-04Detecting Actors Activity with Threat Intel
2020-12-03ISC Stormcast For Thursday, December 3rd 2020
2020-12-03Traffic Analysis Quiz: Mr Natural
2020-12-02ISC Stormcast For Wednesday, December 2nd 2020
2020-12-01ISC Stormcast For Tuesday, December 1st 2020
2020-11-30ISC Stormcast For Monday, November 30th 2020
2020-11-29Quick Tip: Using JARM With a SOCKS Proxy
2020-11-27Threat Hunting with JARM
2020-11-25ISC Stormcast For Wednesday, November 25th 2020
2020-11-25Live Patching Windows API Calls Using PowerShell
2020-11-24The special case of TCP RST
2020-11-24ISC Stormcast For Tuesday, November 24th 2020
2020-11-23ISC Stormcast For Monday, November 23rd 2020
2020-11-23Quick Tip: Cobalt Strike Beacon Analysis
2020-11-22Quick Tip: Extracting all VBA Code from a Maldoc - JSON Format
2020-11-21VMware privilege escalation vulnerabilities (CVE-2020-4004, CVE-2020-4005) -
2020-11-20Malicious Python Code and LittleSnitch Detection
2020-11-20ISC Stormcast For Friday, November 20th 2020
2020-11-19ISC Stormcast For Thursday, November 19th 2020
2020-11-19PowerShell Dropper Delivering Formbook
2020-11-18When Security Controls Lead to Security Issues
2020-11-18ISC Stormcast For Wednesday, November 18th 2020
2020-11-17ISC Stormcast For Tuesday, November 17th 2020
2020-11-16Heartbleed, BlueKeep and other vulnerabilities that didn't disappear just because we don't talk about them anymore
2020-11-16ISC Stormcast For Monday, November 16th 2020
2020-11-15oledump's ! Indicator
2020-11-13Old Worm But New Obfuscation Technique
2020-11-13ISC Stormcast For Friday, November 13th 2020
2020-11-12ISC Stormcast For Thursday, November 12th 2020
2020-11-12Preventing Exposed Azure Blob Storage
2020-11-12Exposed Blob Storage in Azure
2020-11-11ISC Stormcast For Wednesday, November 11th 2020
2020-11-11Traffic Analysis Quiz: DESKTOP-FX23IK5
2020-11-10Microsoft November 2020 Patch Tuesday
2020-11-10ISC Stormcast For Tuesday, November 10th 2020
2020-11-09ISC Stormcast For Monday, November 9th 2020
2020-11-09How Attackers Brush Up Their Malicious Scripts
2020-11-08Quick Tip: Extracting all VBA Code from a Maldoc
2020-11-07Cryptojacking Targeting WebLogic TCP/7001
2020-11-06Rediscovering Limitations of Stateful Firewalls: "NAT Slipstreaming" ? Implications, Detections and Mitigations
2020-11-06ISC Stormcast For Friday, November 6th 2020
2020-11-05Did You Spot "Invoke-Expression"?
2020-11-05ISC Stormcast For Thursday, November 5th 2020
2020-11-04ISC Stormcast For Wednesday, November 4th 2020
2020-11-03ISC Stormcast For Tuesday, November 3rd 2020
2020-11-03Attackers Exploiting WebLogic Servers via CVE-2020-14882 to install Cobalt Strike
2020-11-03Emotet -> Qakbot -> more Emotet
2020-11-02ISC Stormcast For Monday, November 2nd 2020
2020-11-02AV Cleaned Maldoc
2020-11-01Wireshark 3.2.8 and 3.4.0 Released
2020-10-31More File Selection Gaffes
2020-10-30ISC Stormcast For Friday, October 30th 2020
2020-10-30Quick Status of the CAA DNS Record Adoption
2020-10-29ISC Stormcast For Thursday, October 29th 2020
2020-10-29PATCH NOW: CVE-2020-14882 Weblogic Actively Exploited Against Honeypots
2020-10-28SMBGhost - the critical vulnerability many seem to have forgotten to patch
2020-10-28ISC Stormcast For Wednesday, October 28th 2020
2020-10-27ISC Stormcast For Tuesday, October 27th 2020
2020-10-26Excel 4 Macros: "Abnormal Sheet Visibility"
2020-10-26ISC Stormcast For Monday, October 26th 2020
2020-10-25Video: Pascal Strings
2020-10-24An Alternative to Shodan, Censys with User-Agent CensysInspect/1.1
2020-10-23Russian State-Sponsored APT Actor Compromises U.S. Gov Targets
2020-10-23Sooty: SOC Analyst's All-in-One Tool
2020-10-23ISC Stormcast For Friday, October 23rd 2020
2020-10-22BazarLoader phishing lures: plan a Halloween party, get a bonus and be fired in the same afternoon
2020-10-22ISC Stormcast For Thursday, October 22nd 2020
2020-10-2120 new Cisco security advisories for ASA and Firepower with CVSS>7:
2020-10-21ISC Stormcast For Wednesday, October 21st 2020
2020-10-21Shipping dangerous goods
2020-10-20ISC Stormcast For Tuesday, October 20th 2020
2020-10-20Mirai-alike Python Scanner
2020-10-19ISC Stormcast For Monday, October 19th 2020
2020-10-18File Selection Gaffe
2020-10-17CVE-2020-5135 - Buffer Overflow in SonicWall VPNs - Patch Now
2020-10-16CVE-2020-3991 VMWare Security Advisory for VMWare Horizon Client -
2020-10-16Traffic Analysis Quiz: Ugly-Wolf.net
2020-10-16ISC Stormcast For Friday, October 16th 2020
2020-10-15CVE-2020-16898: Windows ICMPv6 Router Advertisement RRDNS Option Remote Code Execution Vulnerability
2020-10-15ISC Stormcast For Thursday, October 15th 2020
2020-10-14Nicely Obfuscated Python RAT
2020-10-14ISC Stormcast For Wednesday, October 14th 2020
2020-10-14More TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-10-13Microsoft October 2020 Patch Tuesday
2020-10-13ISC Stormcast For Tuesday, October 13th 2020
2020-10-12Nested .MSGs: Turtles All The Way Down
2020-10-12ISC Stormcast For Monday, October 12th 2020
2020-10-11Analyzing MSG Files With plugin_msg_summary
2020-10-10Open Packaging Conventions
2020-10-09Phishing kits as far as the eye can see
2020-10-09ISC Stormcast For Friday, October 9th 2020
2020-10-08ISC Stormcast For Thursday, October 8th 2020
2020-10-07Today, Nobody is Going to Attack You.
2020-10-07ISC Stormcast For Wednesday, October 7th 2020
2020-10-06ISC Stormcast For Tuesday, October 6th 2020
2020-10-05Obfuscation and Repetition
2020-10-05ISC Stormcast For Monday, October 5th 2020
2020-10-04Nmap 7.90 Released
2020-10-03Scanning for SOHO Routers
2020-10-02ISC Stormcast For Friday, October 2nd 2020
2020-10-02Analysis of a Phishing Kit
2020-10-01ISC Stormcast For Thursday, October 1st 2020
2020-10-01Making sense of Azure AD (AAD) activity logs
2020-10-01IOC's turning into IOOI's
2020-09-30Scans for FPURL.xml: Reconnaissance or Not?
2020-09-30ISC Stormcast For Wednesday, September 30th 2020
2020-09-29Managing Remote Access for Partners & Contractors
2020-09-29ISC Stormcast For Tuesday, September 29th 2020
2020-09-28Some Tyler Technologies Customers Targeted with The Installation of a Bomgar Client
2020-09-28ISC Stormcast For Monday, September 28th 2020
2020-09-28PowerShell Backdoor Launched from a ShellCode
2020-09-27Decoding Corrupt BASE64 Strings
2020-09-27Wireshark 3.2.7 Released
2020-09-25Securing Exchange Online [Guest Diary]
2020-09-25ISC Stormcast For Friday, September 25th 2020
2020-09-24ISC Stormcast For Thursday, September 24th 2020
2020-09-24Party in Ibiza with PowerShell
2020-09-23ISC Stormcast For Wednesday, September 23rd 2020
2020-09-23Malicious Word Document with Dynamic Content
2020-09-22ISC Stormcast For Tuesday, September 22nd 2020
2020-09-21Slightly broken overlay phishing
2020-09-21ISC Stormcast For Monday, September 21st 2020
2020-09-20Analysis of a Salesforce Phishing Emails
2020-09-18ISC Stormcast For Friday, September 18th 2020
2020-09-18A Mix of Python & VBA in a Malicious Word Document
2020-09-17Suspicious Endpoint Containment with OSSEC
2020-09-17ISC Stormcast For Thursday, September 17th 2020
2020-09-16Do Vulnerabilities Ever Get Old? Recent "Mirai" Variant Scanning for 20 Year Old Amanda Version?
2020-09-16ISC Stormcast For Wednesday, September 16th 2020
2020-09-15ISC Stormcast For Tuesday, September 15th 2020
2020-09-15Traffic Analysis Quiz: Oh No... Another Infection!
2020-09-14Not Everything About ".well-known" is Well Known
2020-09-14ISC Stormcast For Monday, September 14th 2020
2020-09-13Creating patched binaries for pentesting purposes
2020-09-12Office Documents with Embedded Objects
2020-09-11What's in Your Clipboard? Pillaging and Protecting the Clipboard
2020-09-11ISC Stormcast For Friday, September 11th 2020
2020-09-10ISC Stormcast For Thursday, September 10th 2020
2020-09-10Recent Dridex activity
2020-09-09A First Look at macOS 11 Big Sur Network Traffic (New! Now with more GREASE!)
2020-09-09ISC Stormcast For Wednesday, September 9th 2020
2020-09-08Microsoft September 2020 Patch Tuesday
2020-09-08ISC Stormcast For Tuesday, September 8th 2020
2020-09-07Office: About OLE and ZIP Files
2020-09-04A blast from the past - XXEncoded VB6.0 Trojan
2020-09-04ISC Stormcast For Friday, September 4th 2020
2020-09-03Sandbox Evasion Using NTP
2020-09-03ISC Stormcast For Thursday, September 3rd 2020
2020-09-02Python and Risky Windows API Calls
2020-09-02ISC Stormcast For Wednesday, September 2nd 2020
2020-09-01Exposed Windows Domain Controllers Used in CLDAP DDoS Attacks
2020-09-01ISC Stormcast For Tuesday, September 1st 2020
2020-08-31ISC Stormcast For Monday, August 31st 2020
2020-08-31Finding The Original Maldoc
2020-08-30CenturyLink Outage Causing Internet Wide Problems
2020-08-29Malicious Excel Sheet with a NULL VT Score: More Info
2020-08-28ISC Stormcast For Friday, August 28th 2020
2020-08-28Example of Malicious DLL Injected in PowerShell
2020-08-27Security.txt - one small file for an admin, one giant help to a security researcher
2020-08-27ISC Stormcast For Thursday, August 27th 2020
2020-08-26Malicious Excel Sheet with a NULL VT Score
2020-08-26ISC Stormcast For Wednesday, August 26th 2020
2020-08-25Keep An Eye on LOLBins
2020-08-25ISC Stormcast For Tuesday, August 25th 2020
2020-08-24Tracking A Malware Campaign Through VT
2020-08-24ISC Stormcast For Monday, August 24th 2020
2020-08-23Small Challenge: A Simple Word Maldoc - Part 4
2020-08-22Remote Desktop (TCP/3389) and Telnet (TCP/23), What might they have in Common?
2020-08-22VMware App Volumes patches address Stored Cross-Site Scripting (XSS) vulnerability -
2020-08-21ISC Stormcast For Friday, August 21st 2020
2020-08-20ISC Stormcast For Thursday, August 20th 2020
2020-08-20Office 365 Mail Forwarding Rules (and other Mail Rules too)
2020-08-19Example of Word Document Delivering Qakbot
2020-08-19ISC Stormcast For Wednesday, August 19th 2020
2020-08-18ISC Stormcast For Tuesday, August 18th 2020
2020-08-18ISC Blocked
2020-08-18Using API's to Track Attackers
2020-08-17Password Reuse Strikes Again!
2020-08-17ISC Stormcast For Monday, August 17th 2020
2020-08-16Small Challenge: A Simple Word Maldoc - Part 3
2020-08-15Wireshark 3.2.6 Released
2020-08-14Definition of 'overkill' - using 130 MB executable to hide 24 kB malware
2020-08-14ISC Stormcast For Friday, August 14th 2020
2020-08-13ISC Stormcast For Thursday, August 13th 2020
2020-08-12Wireshark 3.2.6 released, Kafka dissector crash repaired:
2020-08-12To the Brim at the Gates of Mordor Pt. 1
2020-08-12ISC Stormcast For Wednesday, August 12th 2020
2020-08-11Microsoft August 2020 Patch Tuesday
2020-08-11ISC Stormcast For Tuesday, August 11th 2020
2020-08-10Scoping web application and web service penetration tests
2020-08-10ISC Stormcast For Monday, August 10th 2020
2020-08-09Small Challenge: A Simple Word Maldoc - Part 2
2020-08-08Scanning Activity Include Netcat Listener
2020-08-07ISC Stormcast For Friday, August 7th 2020
2020-08-07TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-08-06ISC Stormcast For Thursday, August 6th 2020
2020-08-06A Fork of the FTCode Powershell Ransomware
2020-08-05ISC Stormcast For Wednesday, August 5th 2020
2020-08-05Traffic Analysis Quiz: What's the Malware From This Infection?
2020-08-04Internet Choke Points: Concentration of Authoritative Name Servers
2020-08-04Reminder: Patch Cisco ASA / FTD Devices (CVE-2020-3452). Exploitation Continues
2020-08-04ISC Stormcast For Tuesday, August 4th 2020
2020-08-03A Word of Caution: Helping Out People Being Stalked Online
2020-08-03Powershell Bot with Multiple C2 Protocols
2020-08-03ISC Stormcast For Monday, August 3rd 2020
2020-08-02Small Challenge: A Simple Word Maldoc
2020-08-01What pages do bad bots look for?
2020-07-31Building a .freq file with Public Domain Data Sources
2020-07-31ISC Stormcast For Friday, July 31st 2020
2020-07-30Python Developers: Prepare!!!
2020-07-30ISC Stormcast For Thursday, July 30th 2020
2020-07-29Consumer VPNs: You May Be Fine Without
2020-07-29ISC Stormcast For Wednesday, July 29th 2020
2020-07-28All I want this Tuesday: More Data
2020-07-28ISC Stormcast For Tuesday, July 28th 2020
2020-07-27In Memory of Donald Smith
2020-07-27ISC Stormcast For Monday, July 27th 2020
2020-07-27Analyzing Metasploit ASP .NET Payloads
2020-07-26Cracking Maldoc VBA Project Passwords
2020-07-25ndisasm Update 2.15
2020-07-24ISC Stormcast For Friday, July 24th 2020
2020-07-24Compromized Desktop Applications by Web Technologies
2020-07-23ISC Stormcast For Thursday, July 23rd 2020
2020-07-23Simple Blocklisting with MISP & pfSense
2020-07-22A few IoCs related to CVE-2020-5902
2020-07-22ISC Stormcast For Wednesday, July 22nd 2020
2020-07-21Couple of interesting Covid-19 related stats
2020-07-21ISC Stormcast For Tuesday, July 21st 2020
2020-07-20ISC Stormcast For Monday, July 20th 2020
2020-07-20Sextortion Update: The Final Final Chapter
2020-07-19Scanning Activity for ZeroShell Unauthenticated Access
2020-07-18Zone.Identifier: A Couple Of Observations
2020-07-17ISC Stormcast For Friday, July 17th 2020
2020-07-16Hunting for SigRed Exploitation
2020-07-16Apple Releases Security Update 2020-04 for iOS, patches some arbitrary code execution flaws. More here:
2020-07-16ISC Stormcast For Thursday, July 16th 2020
2020-07-15PATCH NOW - SIGRed - CVE-2020-1350 - Microsoft DNS Server Vulnerability
2020-07-15ISC Stormcast For Wednesday, July 15th 2020
2020-07-15Word docs with macros for IcedID (Bokbot)
2020-07-14Microsoft July 2020 Patch Tuesday - Patch Now!
2020-07-14ISC Stormcast For Tuesday, July 14th 2020
2020-07-13VBA Project Passwords
2020-07-13ISC Stormcast For Monday, July 13th 2020
2020-07-12Maldoc: VBA Purging Example
2020-07-11Scanning Home Internet Facing Devices to Exploit
2020-07-11VMware XPC Client validation privilege escalation vulnerability -
2020-07-10ISC Stormcast For Friday, July 10th 2020
2020-07-10Excel spreasheet macro kicks off Formbook infection
2020-07-09Active Exploit Attempts Targeting Recent Citrix ADC Vulnerabilities CTX276688
2020-07-09ISC Stormcast For Thursday, July 9th 2020
2020-07-08ISC Stormcast For Wednesday, July 8th 2020
2020-07-08If You Want Something Done Right, You Have To Do It Yourself... Malware Too!
2020-07-07Happy Birthday DShield: DShield.org was registered 20 years ago.
2020-07-07F5 BigIP vulnerability exploitation followed by a backdoor implant attempt
2020-07-07ISC Stormcast For Tuesday, July 7th 2020
2020-07-06Summary of CVE-2020-5902 F5 BIG-IP RCE Vulnerability Exploits
2020-07-06CVE-2020-5902: F5 BIG-IP RCE Vulnerability
2020-07-06ISC Stormcast For Monday, July 6th 2020
2020-07-05CVE-2020-5902 F5 BIG-IP Exploitation Attempt
2020-07-05Wireshark 3.2.5 Released
2020-07-04Happy FouRth of July from the Internet Storm Center
2020-07-02ISC Stormcast For Thursday, July 2nd 2020
2020-07-01Setting up the Dshield honeypot and tcp-honeypot.py
2020-07-01Elastalert with Sigma
2020-07-01ISC Stormcast For Wednesday, July 1st 2020
2020-06-30ISC Snapshot: SpectX IP Hitcount Query
2020-06-30ISC Stormcast For Tuesday, June 30th 2020
2020-06-29Sysmon and Alternate Data Streams
2020-06-29ISC Stormcast For Monday, June 29th 2020
2020-06-28tcp-honeypot.py Logstash Parser & Dashboard Update
2020-06-27Video: YARA's BASE64 Strings
2020-06-26Share the Mic in Cyber
2020-06-26ISC Stormcast For Friday, June 26th 2020
2020-06-25Tech Tuesday Recap / Recordings: Part 2 (Installing the Honeypot) release.
2020-06-25ISC Stormcast For Thursday, June 25th 2020
2020-06-24Using Shell Links as zero-touch downloaders and to initiate network connections
2020-06-24VMware security advisory VMSA-2020-0015
2020-06-24ISC Stormcast For Wednesday, June 24th 2020
2020-06-23ISC Stormcast For Tuesday, June 23rd 2020
2020-06-22Comparing Office Documents with WinMerge
2020-06-22Cyberbunker 2.0: Analysis of the Remnants of a Bullet Proof Hosting Provider
2020-06-22ISC Stormcast For Monday, June 22nd 2020
2020-06-21ISC Handler Series: SANS@MIC - Maldocs: a bit of blue, a bit of red
2020-06-20Pi Zero HoneyPot
2020-06-19Sigma rules! The generic signature format for SIEM systems.
2020-06-19ISC Stormcast For Friday, June 19th 2020
2020-06-18Broken phishing accidentally exploiting Outlook zero-day
2020-06-18ISC Stormcast For Thursday, June 18th 2020
2020-06-17ISC Stormcast For Wednesday, June 17th 2020
2020-06-16Odd "Protest" Spam (Scam?) Targeting Atlanta Police Foundation
2020-06-16ISC Stormcast For Tuesday, June 16th 2020
2020-06-16Sextortion to The Next Level
2020-06-15HTML based Phishing Run
2020-06-15VMWare Security Advisory - VMSA-2020-0013 -
2020-06-15ISC Stormcast For Monday, June 15th 2020
2020-06-14YARA's BASE64 Strings
2020-06-13Mirai Botnet Activity
2020-06-12Malicious Excel Delivering Fileless Payload
2020-06-12ISC Stormcast For Friday, June 12th 2020
2020-06-11Anti-Debugging JavaScript Techniques
2020-06-11ISC Stormcast For Thursday, June 11th 2020
2020-06-10ISC Stormcast For Wednesday, June 10th 2020
2020-06-10Job application-themed malspam pushes ZLoader
2020-06-09Microsoft June 2020 Patch Tuesday
2020-06-09ISC Stormcast For Tuesday, June 9th 2020
2020-06-08Translating BASE64 Obfuscated Scripts
2020-06-08ISC Stormcast For Monday, June 8th 2020
2020-06-05Cyber Security for Protests
2020-06-05Not so FastCGI!
2020-06-05ISC Stormcast For Friday, June 5th 2020
2020-06-04Suspending Suspicious Domain Feed / Update to Researcher IP Feed
2020-06-04ISC Stormcast For Thursday, June 4th 2020
2020-06-04Anti-Debugging Technique based on Memory Protection
2020-06-04Polish malspam pushes ZLoader malware
2020-06-03ISC Stormcast For Wednesday, June 3rd 2020
2020-06-02ISC Stormcast For Tuesday, June 2nd 2020
2020-06-01Stackstrings, type 2
2020-06-01XLMMacroDeobfuscator: An Update
2020-06-01ISC Stormcast For Monday, June 1st 2020
2020-05-31Windows 10 Built-in Packet Sniffer - PktMon
2020-05-30YARA v4.0.1
2020-05-29The Impact of Researchers on Our Data
2020-05-29ISC Stormcast For Friday, May 29th 2020
2020-05-28Flashback on CVE-2019-19781
2020-05-28ISC Stormcast For Thursday, May 28th 2020
2020-05-27Frankenstein's phishing using Google Cloud Storage
2020-05-27ISC Stormcast For Wednesday, May 27th 2020
2020-05-26Seriously, SHA3 where art thou?
2020-05-26ISC Stormcast For Tuesday, May 26th 2020
2020-05-24Zloader Maldoc Analysis With xlm-deobfuscator
2020-05-24Wireshark 3.2.4 Released
2020-05-23AgentTesla Delivered via a Malicious PowerPoint Add-In
2020-05-22Some Strings to Remember
2020-05-22ISC Stormcast For Friday, May 22nd 2020
2020-05-21Malware Triage with FLOSS: API Calls Based Behavior
2020-05-21ISC Stormcast For Thursday, May 21st 2020
2020-05-20ISC Stormcast For Wednesday, May 20th 2020
2020-05-20Microsoft Word document with malicious macro pushes IcedID (Bokbot)
2020-05-19VMWare Security Advisory - VMSA-2020-0010 -
2020-05-19Wireshark Release - 2.6.17, 3.0.11 and 3.2.4 -
2020-05-19What is up on Port 62234?
2020-05-19Cisco Advisories for FTD, ASA, Firepower 1000
2020-05-19ISC Stormcast For Tuesday, May 19th 2020
2020-05-18Automating nmap scans
2020-05-18ISC Stormcast For Monday, May 18th 2020
2020-05-17Antivirus & Multiple Detections
2020-05-16Scanning for Outlook Web Access (OWA) & Microsoft Exchange Control Panel (ECP)
2020-05-15SHA3 Hashes (on Windows) - Where Art Thou?
2020-05-15Hashes in PowerShell
2020-05-15ISC Stormcast For Friday, May 15th 2020
2020-05-14Patch Tuesday Revisited - CVE-2020-1048 isn't as "Medium" as MS Would Have You Believe
2020-05-14Base Conversions and Creating GUI Apps in PowerShell
2020-05-14ISC Stormcast For Thursday, May 14th 2020
2020-05-13ISC Stormcast For Wednesday, May 13th 2020
2020-05-13Malspam with links to zip archives pushes Dridex malware
2020-05-12Microsoft May 2020 Patch Tuesday
2020-05-12ISC Stormcast For Tuesday, May 12th 2020
2020-05-11Excel 4 Macro Analysis: XLMMacroDeobfuscator
2020-05-11ISC Stormcast For Monday, May 11th 2020
2020-05-10YARA v4.0.0: BASE64 Strings
2020-05-09Nmap Basics - The Security Practitioner's Swiss Army Knife
2020-05-09VMWare vRealize Critical vulnerabilities due to SaltStack - VMSA-2020-0009
2020-05-08ISC Stormcast For Friday, May 8th 2020
2020-05-08Using Nmap As a Lightweight Vulnerability Scanner
2020-05-07Scanning with nmap?s NSE scripts
2020-05-07ISC Stormcast For Thursday, May 7th 2020
2020-05-06Keeping an Eye on Malicious Files Life Time
2020-05-06ISC Stormcast For Wednesday, May 6th 2020
2020-05-05Cloud Security Features Don't Replace the Need for Personnel Security Capabilities
2020-05-05ISC Stormcast For Tuesday, May 5th 2020
2020-05-04Sysmon and File Deletion
2020-05-04ISC Stormcast For Monday, May 4th 2020
2020-05-03ZIP & AES
2020-05-02Phishing PDF with Unusual Hostname
2020-05-01ISC Stormcast For Friday, May 1st 2020
2020-05-01Attack traffic on TCP port 9673
2020-04-30ISC Stormcast For Thursday, April 30th 2020
2020-04-30Collecting IOCs from IMAP Folder
2020-04-29Privacy Preserving Protocols to Trace Covid19 Exposure
2020-04-29ISC Stormcast For Wednesday, April 29th 2020
2020-04-28Agent Tesla delivered by the same phishing campaign for over a year
2020-04-28ISC Stormcast For Tuesday, April 28th 2020
2020-04-27Powershell Payload Stored in a PSCredential Object
2020-04-27ISC Stormcast For Monday, April 27th 2020
2020-04-26Video: Malformed .docm File
2020-04-25MALWARE Bazaar
2020-04-24ISC Stormcast For Friday, April 24th 2020
2020-04-24Malicious Excel With a Strong Obfuscation and Sandbox Evasion
2020-04-23ISC Stormcast For Thursday, April 23rd 2020
2020-04-22ISC Stormcast For Wednesday, April 22nd 2020
2020-04-21ISC Stormcast For Tuesday, April 21st 2020
2020-04-21SpectX: Log Parser for DFIR
2020-04-20ISC Stormcast For Monday, April 20th 2020
2020-04-20KPOT AutoIt Script: Analysis
2020-04-19KPOT Analysis: Obtaining the Decrypted KPOT EXE
2020-04-18Maldoc Falsely Represented as DOCX Invoice Redirecting to Fake Apple Store
2020-04-17ISC Stormcast For Friday, April 17th 2020
2020-04-17Weaponized RTF Document Generator & Mailer in PowerShell
2020-04-16Using AppLocker to Prevent Living off the Land Attacks
2020-04-16ISC Stormcast For Thursday, April 16th 2020
2020-04-15No IOCs? No Problem! Getting a Start Hunting for Malicious Office Files (10 Comments)
2020-04-15ISC Stormcast For Wednesday, April 15th 2020
2020-04-14Microsoft April 2020 Patch Tuesday
2020-04-14ISC Stormcast For Tuesday, April 14th 2020
2020-04-13Look at the same phishing campaign 3 months apart
2020-04-13ISC Stormcast For Monday, April 13th 2020
2020-04-12Reader Analysis: "Dynamic analysis technique to get decrypted KPOT Malware."
2020-04-11Wireshark 3.2.3 Released: Mac Users Pay Attention Please
2020-04-10Critical Vuln in vCenter vmdir (CVE-2020-3952)
2020-04-10PowerShell Sample Extracting Payload From SSL
2020-04-10ISC Stormcast For Friday, April 10th 2020
2020-04-09ISC Stormcast For Thursday, April 9th 2020
2020-04-08ISC Stormcast For Wednesday, April 8th 2020
2020-04-08German malspam pushes ZLoader malware
2020-04-07Increase in RDP Scanning
2020-04-07ISC Stormcast For Tuesday, April 7th 2020
2020-04-06Password Protected Malicious Excel Files
2020-04-06ISC Stormcast For Monday, April 6th 2020
2020-04-05Maldoc XLS Invoice with Excel 4 Macros
2020-04-04New Bypass Technique or Corrupt Word Document?
2020-04-03Obfuscated with a Simple 0x0A
2020-04-03ISC Stormcast For Friday, April 3rd 2020
2020-04-02ISC Stormcast For Thursday, April 2nd 2020
2020-04-02TPOT's Cowrie to ISC Logs
2020-04-01ISC Stormcast For Wednesday, April 1st 2020
2020-04-01Qakbot malspam sent from an infected Windows host
2020-03-31ISC Stormcast For Tuesday, March 31st 2020
2020-03-31Kwampirs Targeted Attacks Involving Healthcare Sector
2020-03-30Crashing explorer.exe with(out) a click
2020-03-30ISC Stormcast For Monday, March 30th 2020
2020-03-29Obfuscated Excel 4 Macros
2020-03-28Covid19 Domain Classifier
2020-03-27Help us classify Covid19 related domains (login required)
2020-03-27Malicious JavaScript Dropping Payload in the Registry
2020-03-27ISC Stormcast For Friday, March 27th 2020
2020-03-26ISC Stormcast For Thursday, March 26th 2020
2020-03-26Very Large Sample as Evasion Technique?
2020-03-25ISC Stormcast For Wednesday, March 25th 2020
2020-03-25Recent Dridex activity
2020-03-24SANS CyberCast Hallway Talk: Microsoft Windows Type 1 Font Parsing 0-Day
2020-03-24Another Critical COVID-19 Shortage: Digital Security
2020-03-24ISC Stormcast For Tuesday, March 24th 2020
2020-03-23Windows Zeroday Actively Exploited: Type 1 Font Parsing Remote Code Execution Vulnerability
2020-03-23KPOT Deployed via AutoIt Script
2020-03-23ISC Stormcast For Monday, March 23rd 2020
2020-03-22More COVID-19 Themed Malware
2020-03-21Honeypot - Scanning and Targeting Devices & Services
2020-03-20ISC Stormcast For Friday, March 20th 2020
2020-03-19ISC Stormcast For Thursday, March 19th 2020
2020-03-19COVID-19 Themed Multistage Malware
2020-03-18ISC Stormcast For Wednesday, March 18th 2020
2020-03-18Trickbot gtag red5 distributed as a DLL file
2020-03-17A Quick Summary of Current Reflective DNS DDoS Attacks
2020-03-17ISC Stormcast For Tuesday, March 17th 2020
2020-03-16Desktop.ini as a post-exploitation tool
2020-03-16ISC Stormcast For Monday, March 16th 2020
2020-03-16SANS Work From Home Deployment Kit. Free Material to Help You Stay Secure While Working From Home
2020-03-15VPN Access and Activity Monitoring
2020-03-14Phishing PDF With Incremental Updates.
2020-03-13Microsoft Patches SMBv3 Compression RCE bug -
2020-03-13VMware Patches for Bugs in DHCP Service (Workstation, Fusion, Horizon, VMRC)
2020-03-13ISC Stormcast For Friday, March 13th 2020
2020-03-13Not all Ethernet NICs are Created Equal - Trying to Capture Invalid Ethernet Frames
2020-03-12ISC Stormcast For Thursday, March 12th 2020
2020-03-12Hancitor distributed through coronavirus-themed malspam
2020-03-12Critical SMBv3 Vulnerability: Remote Code Execution
2020-03-11ISC Stormcast For Wednesday, March 11th 2020
2020-03-11Agent Tesla Delivered via Fake Canon EOS Notification on Free OwnCloud Account
2020-03-10Microsoft Patch Tuesday March 2020
2020-03-10ISC Stormcast For Tuesday, March 10th 2020
2020-03-09Malicious Spreadsheet With Data Connection and Excel 4 Macros
2020-03-09ISC Stormcast For Monday, March 9th 2020
2020-03-08Excel Maldocs: Hidden Sheets
2020-03-07Wireshark 3.2.2 Released: Windows' Users Pay Attention Please
2020-03-07Chain Reactor: Simulate Adversary Behaviors on Linux
2020-03-06ISC Stormcast For Friday, March 6th 2020
2020-03-06A Safe Excel Sheet Not So Safe
2020-03-05Will You Put Your Password in a Survey?
2020-03-05ISC Stormcast For Thursday, March 5th 2020
2020-03-04Let's Encrypt Revoking 3 Million Certificates
2020-03-04ISC Stormcast For Wednesday, March 4th 2020
2020-03-03Introduction to EvtxEcmd (Evtx Explorer)
2020-03-03ISC Stormcast For Tuesday, March 3rd 2020
2020-03-02Secure vs. cleartext protocols - couple of interesting stats
2020-03-02ISC Stormcast For Monday, March 2nd 2020
2020-02-29Hazelcast IMDG Discover Scan
2020-02-28ISC Stormcast For Friday, February 28th 2020
2020-02-28Show me Your Clipboard Data!
2020-02-27ISC Stormcast For Thursday, February 27th 2020
2020-02-27Offensive Tools Are For Blue Teams Too
2020-02-26ISC Stormcast For Wednesday, February 26th 2020
2020-02-25Quick look at a couple of current online scam campaigns
2020-02-25ISC Stormcast For Tuesday, February 25th 2020
2020-02-24Maldoc: Excel 4 Macros and VBA, Devil and Angel?
2020-02-24ISC Stormcast For Monday, February 24th 2020
2020-02-23Maldoc: Excel 4 Macros in OOXML Format
2020-02-22Simple but Efficient VBScript Obfuscation
2020-02-21Quick Analysis of an Encrypted Compound Document Format
2020-02-21ISC Stormcast For Friday, February 21st 2020
2020-02-20Whodat? Enumerating Who "owns" a Workstation for IR
2020-02-20ISC Stormcast For Thursday, February 20th 2020
2020-02-19ISC Stormcast For Wednesday, February 19th 2020
2020-02-18Discovering contents of folders in Windows without permissions
2020-02-18ISC Stormcast For Tuesday, February 18th 2020
2020-02-17curl and SSPI
2020-02-17ISC Stormcast For Monday, February 17th 2020
2020-02-16SOAR or not to SOAR?
2020-02-15bsdtar on Windows 10
2020-02-14Keep an Eye on Command-Line Browsers
2020-02-14ISC Stormcast For Friday, February 14th 2020
2020-02-13Auth-mageddon deferred (but not averted), Microsoft LDAP Changes now slated for Q3Q4 2020
2020-02-13ISC Stormcast For Thursday, February 13th 2020
2020-02-12March Patch Tuesday is Coming - the LDAP Changes will Change Your Life!
2020-02-12ISC Stormcast For Wednesday, February 12th 2020
2020-02-12Malpsam pushes Ursnif through Italian language Word docs
2020-02-11Microsoft Patch Tuesday for February 2020
2020-02-11ISC Stormcast For Tuesday, February 11th 2020
2020-02-10Current PayPal phishing campaign or "give me all your personal information"
2020-02-10ISC Stormcast For Monday, February 10th 2020
2020-02-08After Action Review
2020-02-07Sandbox Detection Tricks & Nice Obfuscation in a Single VBScript
2020-02-07ISC Stormcast For Friday, February 7th 2020
2020-02-06ISC Stormcast For Thursday, February 6th 2020
2020-02-05Fake browser update pages are "still a thing"
2020-02-05ISC Stormcast For Wednesday, February 5th 2020
2020-02-04ISC Stormcast For Tuesday, February 4th 2020
2020-02-03Analysis of a triple-encrypted AZORult downloader
2020-02-03ISC Stormcast For Monday, February 3rd 2020
2020-02-02Video: Stego & Cryptominers
2020-02-01Wireshark 3.2.1 Released
2020-01-31ISC Stormcast For Friday, January 31st 2020
2020-01-30ISC Stormcast For Thursday, January 30th 2020
2020-01-29ISC Stormcast For Wednesday, January 29th 2020
2020-01-28ISC Stormcast For Tuesday, January 28th 2020
2020-01-28Emotet epoch 1 infection with Trickbot gtag mor84
2020-01-27Network Security Perspective on Coronavirus Preparedness
2020-01-27ISC Stormcast For Monday, January 27th 2020
2020-01-25Is Threat Hunting the new Fad?
2020-01-25Visibility Gap of Your Security Tools
2020-01-24Why Phishing Remains So Popular?
2020-01-24ISC Stormcast For Friday, January 24th 2020
2020-01-23Complex Obfuscation VS Simple Trick
2020-01-23ISC Stormcast For Thursday, January 23rd 2020
2020-01-22ISC Stormcast For Wednesday, January 22nd 2020
2020-01-22German language malspam pushes Ursnif
2020-01-21DeepBlueCLI: Powershell Threat Hunting
2020-01-21ISC Stormcast For Tuesday, January 21st 2020
2020-01-20ISC Stormcast For Monday, January 20th 2020
2020-01-20Citrix ADC Exploits Update
2020-01-17ISC Stormcast For Friday, January 17th 2020
2020-01-16Summing up CVE-2020-0601, or the Let?s Decrypt vulnerability
2020-01-16Picks of 2019 malware - the large, the small and the one full of null bytes
2020-01-16ISC Stormcast For Thursday, January 16th 2020
2020-01-15CVE-2020-0601 Followup
2020-01-15ISC Stormcast For Wednesday, January 15th 2020
2020-01-14Microsoft Patch Tuesday for January 2020
2020-01-14ISC Stormcast For Tuesday, January 14th 2020
2020-01-13ISC Stormcast For Monday, January 13th 2020
2020-01-13Citrix ADC Exploits: Overview of Observed Payloads
2020-01-12ELK Dashboard and Logstash parser for tcp-honeypot Logs
2020-01-11Citrix ADC Exploits are Public and Heavily Used. Attempts to Install Backdoor
2020-01-10More Data Exfiltration
2020-01-10ISC Stormcast For Friday, January 10th 2020
2020-01-09Quick Analyzis of a(nother) Maldoc
2020-01-09ISC Stormcast For Thursday, January 9th 2020
2020-01-09Windows 7 - End of Life
2020-01-08ISC Stormcast For Wednesday, January 8th 2020
2020-01-07A Quick Update on Scanning for CVE-2019-19781 (Citrix ADC / Gateway Vulnerability)
2020-01-07ISC Stormcast For Tuesday, January 7th 2020
2020-01-06SNMP service: still opened to the public and still queried by attackers
2020-01-06Increase in Number of Sources January 3rd and 4th: spoofed
2020-01-06ISC Stormcast For Monday, January 6th 2020
2020-01-05etl2pcapng: Convert .etl Capture Files To .pcapng Format
2020-01-04KringleCon 2019
2020-01-03CCPA - Quick Overview
2020-01-03ISC Stormcast For Friday, January 3rd 2020
2020-01-02Ransomware in Node.js
2020-01-01"Nim httpclient/1.0.4"
2019-12-31Some Thoughts About the Critical Citrix ADC/Gateway Vulnerability (CVE-2019-19781)
2019-12-31ISC Stormcast For Tuesday, December 31st 2019
2019-12-30ISC Stormcast For Monday, December 30th 2019
2019-12-30Miscellaneous Updates to our "Threatfeed" API
2019-12-29ELK Dashboard for Pihole Logs
2019-12-28Corrupt Office Documents
2019-12-27Enumerating office365 users
2019-12-27ISC Stormcast For Friday, December 27th 2019
2019-12-26Bypassing UAC to Install a Cryptominer
2019-12-25Merry christmas!
2019-12-25Timely acquisition of network traffic evidence in the middle of an incident response procedure
2019-12-24Malspam with links to Word docs pushes IcedID (Bokbot)
2019-12-23ISC Stormcast For Monday, December 23rd 2019
2019-12-23New oledump.py plugin: plugin_version_vba
2019-12-22Extracting VBA Macros From .DWG Files
2019-12-21Wireshark 3.2.0 Released
2019-12-20ISC Stormcast For Friday, December 20th 2019
2019-12-19More DNS over HTTPS: Become One With the Packet. Be the Query. See the Query
2019-12-19ISC Stormcast For Thursday, December 19th 2019
2019-12-18ISC Stormcast For Wednesday, December 18th 2019
2019-12-18Emotet infection with spambot activity
2019-12-17ISC Stormcast For Tuesday, December 17th 2019
2019-12-17Is it Possible to Identify DNS over HTTPs Without Decrypting TLS?
2019-12-16ISC Stormcast For Monday, December 16th 2019
2019-12-16Malicious .DWG Files?
2019-12-15VirusTotal Email Submissions
2019-12-14(Lazy) Sunday Maldoc Analysis: A Bit More ...
2019-12-13Internet banking sites and their use of TLS... and SSLv3... and SSLv2?!
2019-12-13ISC Stormcast For Friday, December 13th 2019
2019-12-12Critical VMware Vulnerability (OpenSLP):
2019-12-12ISC Stormcast For Thursday, December 12th 2019
2019-12-12Code & Data Reuse in the Malware Ecosystem
2019-12-11ISC Stormcast For Wednesday, December 11th 2019
2019-12-11German language malspam pushes yet another wave of Trickbot
2019-12-10Microsoft December 2019 Patch Tuesday
2019-12-10ISC Stormcast For Tuesday, December 10th 2019
2019-12-09ISC Stormcast For Monday, December 9th 2019
2019-12-09(Lazy) Sunday Maldoc Analysis
2019-12-08Wireshark 3.0.7 Released
2019-12-07Integrating Pi-hole Logs in ELK with Logstash
2019-12-06Phishing with a self-contained credentials-stealing webpage
2019-12-06ISC Stormcast For Friday, December 6th 2019
2019-12-05E-mail from Agent Tesla
2019-12-05ISC Stormcast For Thursday, December 5th 2019
2019-12-04Analysis of a strangely poetic malware
2019-12-04ISC Stormcast For Wednesday, December 4th 2019
2019-12-03ISC Stormcast For Tuesday, December 3rd 2019
2019-12-03Ursnif infection with Dridex
2019-12-02Next up, what's up with TCP port 26?
2019-12-02ISC Stormcast For Monday, December 2nd 2019
2019-11-29ISC Snapshot: Search with SauronEye
2019-11-27ISC Stormcast For Wednesday, November 27th 2019
2019-11-27Finding an Agent Tesla malware sample
2019-11-26Lessons learned from playing a willing phish
2019-11-26ISC Stormcast For Tuesday, November 26th 2019
2019-11-25My Little DoH Setup
2019-11-25ISC Stormcast For Monday, November 25th 2019
2019-11-23Local Malware Analysis with Malice
2019-11-22ISC Stormcast For Friday, November 22nd 2019
2019-11-22Abusing Web Filters Misconfiguration for Reconnaissance
2019-11-21Gathering information to determine unusual network traffic
2019-11-21ISC Stormcast For Thursday, November 21st 2019
2019-11-20ISC Stormcast For Wednesday, November 20th 2019
2019-11-20Hancitor infection with Pony, Evil Pony, Ursnif, and Cobalt Strike
2019-11-19Cheap Chinese JAWS of DVR Exploitability on Port 60001
2019-11-19ISC Stormcast For Tuesday, November 19th 2019
2019-11-18SMS and 2FA: Another Reason to Move away from It.
2019-11-18ISC Stormcast For Monday, November 18th 2019
2019-11-15ISC Stormcast For Friday, November 15th 2019
2019-11-13ISC Stormcast For Wednesday, November 13th 2019
2019-11-13An example of malspam pushing Lokibot malware, November 2019
2019-11-12November 2019 Microsoft Patch Tuesday
2019-11-12ISC Stormcast For Tuesday, November 12th 2019
2019-11-11Are We Going Back to TheMoon (and How is Liquor Involved)?
2019-11-11Some packet-fu with Zeek (previously known as bro)
2019-11-11ISC Stormcast For Monday, November 11th 2019
2019-11-10Did the recent malicious BlueKeep campaign have any positive impact when it comes to patching?
2019-11-09Fake Netflix Update Request by Text
2019-11-08Microsoft Apps Diverted from Their Main Use
2019-11-08ISC Stormcast For Friday, November 8th 2019
2019-11-07Getting the best value out of security assessments
2019-11-07ISC Stormcast For Thursday, November 7th 2019
2019-11-06ISC Stormcast For Wednesday, November 6th 2019
2019-11-06More malspam pushing Formbook
2019-11-05ISC Stormcast For Tuesday, November 5th 2019
2019-11-05Bluekeep exploitation causing Bluekeep vulnerability scan to fail
2019-11-04ISC Stormcast For Monday, November 4th 2019
2019-11-04rConfig Install Directory Remote Code Execution Vulnerability Exploited
2019-11-03You Too? "Unusual Activity with Double Base64 Encoding"
2019-11-02Remark on EML Attachments
2019-11-01Tip: Password Managers and 2FA
2019-11-01ISC Stormcast For Friday, November 1st 2019
2019-10-31EML attachments in O365 - a recipe for phishing
2019-10-31ISC Stormcast For Thursday, October 31st 2019
2019-10-30Keep an Eye on Remote Access to Mailboxes
2019-10-30ISC Stormcast For Wednesday, October 30th 2019
2019-10-29ISC Stormcast For Tuesday, October 29th 2019
2019-10-29Generating PCAP Files from YAML
2019-10-28ISC Stormcast For Monday, October 28th 2019
2019-10-27Using scdbg to Find Shellcode
2019-10-27Unusual Activity with Double Base64 Encoding
2019-10-27Wireshark 3.0.6 Released
2019-10-25VMware Patch Alert!
2019-10-25More on DNS Archeology (with PowerShell)
2019-10-25ISC Stormcast For Friday, October 25th 2019
2019-10-24Your Supply Chain Doesn't End At Receiving: How Do You Decommission Network Equipment?
2019-10-24ISC Stormcast For Thursday, October 24th 2019
2019-10-23ISC Stormcast For Wednesday, October 23rd 2019
2019-10-22Testing TLSv1.3 and supported ciphers
2019-10-22ISC Stormcast For Tuesday, October 22nd 2019
2019-10-21What's up with TCP 853 (DNS over TLS)?
2019-10-21ISC Stormcast For Monday, October 21st 2019
2019-10-20Scanning Activity for NVMS-9000 Digital Video Recorder
2019-10-19What Assumptions Are You Making?
2019-10-18Quick Malicious VBS Analysis
2019-10-18ISC Stormcast For Friday, October 18th 2019
2019-10-17Phishing e-mail spoofing SPF-enabled domain
2019-10-17ISC Stormcast For Thursday, October 17th 2019
2019-10-16New VMware security advisory: | Oracle quarterly patches bundle: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
2019-10-16Security Monitoring: At Network or Host Level?
2019-10-16ISC Stormcast For Wednesday, October 16th 2019
2019-10-15ISC Stormcast For Tuesday, October 15th 2019
2019-10-14When MacOS Catalina Comes to Life: The First Few Minutes of Network Traffic From MacOS 10.15.
2019-10-14YARA's XOR Modifier
2019-10-14ISC Stormcast For Monday, October 14th 2019
2019-10-12YARA v3.11.0 released
2019-10-11ISC Stormcast For Friday, October 11th 2019
2019-10-10Mining Live Networks for OUI Data Oddness
2019-10-10ISC Stormcast For Thursday, October 10th 2019
2019-10-09ISC Stormcast For Wednesday, October 9th 2019
2019-10-09What data does Vidar malware steal from an infected host?
2019-10-08Microsoft October 2019 Patch Tuesday
2019-10-08ISC Stormcast For Tuesday, October 8th 2019
2019-10-07ISC Stormcast For Monday, October 7th 2019
2019-10-06visNetwork for Network Data
2019-10-04ISC Stormcast For Friday, October 4th 2019
2019-10-03Buffer overflows found in libpcap and tcpdump
2019-10-03ISC Stormcast For Thursday, October 3rd 2019
2019-10-03"Lost_Files" Ransomware
2019-10-02ISC Stormcast For Wednesday, October 2nd 2019
2019-10-02A recent example of Emotet malspam
2019-10-01A Quick Look at Some Current Comment Spam
2019-10-01ISC Stormcast For Tuesday, October 1st 2019
2019-09-30Maldoc, PowerShell & BITS
2019-09-30ISC Stormcast For Monday, September 30th 2019
2019-09-29Encrypted Maldoc, Wrong Password
2019-09-27New Scans for Polycom Autoconfiguration Files
2019-09-27ISC Stormcast For Friday, September 27th 2019
2019-09-26Vulnerability on specific Cisco Industrial / Grid router models
2019-09-26Mining MAC Address and OUI Information
2019-09-26ISC Stormcast For Thursday, September 26th 2019
2019-09-25ISC Stormcast For Wednesday, September 25th 2019
2019-09-25Malspam pushing Quasar RAT
2019-09-24Huge Amount of remotewebaccess.com Sites Found in Certificate Transparency Logs
2019-09-24ISC Stormcast For Tuesday, September 24th 2019
2019-09-23ISC Stormcast For Monday, September 23rd 2019
2019-09-22YARA XOR Strings: an Update
2019-09-22Video: Encrypted Sextortion PDFs
2019-09-21Wireshark 3.0.5 Release: Potential Windows Crash when Updating
2019-09-20ISC Stormcast For Friday, September 20th 2019
2019-09-19Blacklisting or Whitelisting in the Right Way
2019-09-19Agent Tesla Trojan Abusing Corporate Email Accounts
2019-09-19ISC Stormcast For Thursday, September 19th 2019
2019-09-18ISC Stormcast For Wednesday, September 18th 2019
2019-09-18Emotet malspam is back
2019-09-17Investigating Gaps in your Windows Event Logs
2019-09-17ISC Stormcast For Tuesday, September 17th 2019
2019-09-16Encrypted Sextortion PDFs
2019-09-16ISC Stormcast For Monday, September 16th 2019
2019-09-13ISC Stormcast For Friday, September 13th 2019
2019-09-12Rig Exploit Kit Delivering VBScript
2019-09-12Blocking Firefox DoH with Bind
2019-09-12ISC Stormcast For Thursday, September 12th 2019
2019-09-11ISC Stormcast For Wednesday, September 11th 2019
2019-09-10Microsoft September 2019 Patch Tuesday
2019-09-10ISC Stormcast For Tuesday, September 10th 2019
2019-09-09ISC Stormcast For Monday, September 9th 2019
2019-09-07Unidentified Scanning Activity
2019-09-06PowerShell Script with a builtin DLL
2019-09-06ISC Stormcast For Friday, September 6th 2019
2019-09-05Private IP Addresses in Malware Samples?
2019-09-05ISC Stormcast For Thursday, September 5th 2019
2019-09-04ISC Stormcast For Wednesday, September 4th 2019
2019-09-04Malspam using password-protected Word docs to push Remcos RAT
2019-09-03[Guest Diary] Tricky LNK points to TrickBot
2019-09-03ISC Stormcast For Tuesday, September 3rd 2019
2019-09-02ISC Stormcast For Monday, September 2nd 2019
2019-08-30Malware Dropping a Local Node.js Instance
2019-08-30ISC Stormcast For Friday, August 30th 2019
2019-08-29ISC Stormcast For Thursday, August 29th 2019
2019-08-28Malware Samples Compiling Their Next Stage on Premise
2019-08-28[Guest Diary] Open Redirect: A Small But Very Common Vulnerability
2019-08-28ISC Stormcast For Wednesday, August 28th 2019
2019-08-27ISC Stormcast For Tuesday, August 27th 2019
2019-08-26Is it Safe to Require TLS 1.2 for E-Mail
2019-08-26ISC Stormcast For Monday, August 26th 2019
2019-08-25Are there any Advantages of Buying Cyber Security Insurance?
2019-08-23ISC Stormcast For Friday, August 23rd 2019
2019-08-22Simple Mimikatz & RDPWrapper Dropper
2019-08-22ISC Stormcast For Thursday, August 22nd 2019
2019-08-21KAPE: Kroll Artifact Parser and Extractor
2019-08-21ISC Stormcast For Wednesday, August 21st 2019
2019-08-20ISC Stormcast For Tuesday, August 20th 2019
2019-08-20Guildma malware is now accessing Facebook and YouTube to keep up-to-date
2019-08-19Compressed ISO Files (ISZ)
2019-08-19ISC Stormcast For Monday, August 19th 2019
2019-08-18Video: Analyzing DAA Files
2019-08-16The DAA File Format
2019-08-16ISC Stormcast For Friday, August 16th 2019
2019-08-15Analysis of a Spearphishing Maldoc
2019-08-15ISC Stormcast For Thursday, August 15th 2019
2019-08-14ISC Stormcast For Wednesday, August 14th 2019
2019-08-14Recent example of MedusaHTTP malware
2019-08-13August 2019 Microsoft Patch Tuesday
2019-08-13ISC Stormcast For Tuesday, August 13th 2019
2019-08-12Malicious .DAA Attachments
2019-08-12ISC Stormcast For Monday, August 12th 2019
2019-08-11Nmap Defcon Release: 7.80
2019-08-09ISC Stormcast For Friday, August 9th 2019
2019-08-09100% JavaScript Phishing Page
2019-08-08[Guest Diary] The good, the bad and the non-functional, or "how not to do an attack campaign"
2019-08-08ISC Stormcast For Thursday, August 8th 2019
2019-08-07Verifying SSL/TLS configuration (part 2)
2019-08-07ISC Stormcast For Wednesday, August 7th 2019
2019-08-06ISC Stormcast For Tuesday, August 6th 2019
2019-08-05ISC Stormcast For Monday, August 5th 2019
2019-08-05Scanning for Bluekeep vulnerable RDP instances
2019-08-05Sextortion: Follow the Money - The Final Chapter
2019-08-04Detecting ZLIB Compression
2019-08-02Combining Low Tech Scams: SMS + SET + Credit Card Harvesting
2019-08-02ISC Stormcast For Friday, August 2nd 2019
2019-08-01What is Listening On Port 9527/TCP?
2019-08-01ISC Stormcast For Thursday, August 1st 2019
2019-07-31ISC Stormcast For Wednesday, July 31st 2019
2019-07-31Targeted Phishing Attacks in the Financial Industry: Fire-3 Phishing Kit
2019-07-30Can You Spell 2FA? A Luno Phish Example
2019-07-30ISC Stormcast For Tuesday, July 30th 2019
2019-07-29Recognizing ZLIB Compression
2019-07-29ISC Stormcast For Monday, July 29th 2019
2019-07-28Video: Analyzing Compressed PowerShell Scripts
2019-07-27A Python TCP proxy
2019-07-26DVRIP Port 34567 - Uptick
2019-07-26ISC Stormcast For Friday, July 26th 2019
2019-07-25When Users Attack! Users (and Admins) Thwarting Security Controls
2019-07-25ISC Stormcast For Thursday, July 25th 2019
2019-07-24May People Be Considered as IOC?
2019-07-24ISC Stormcast For Wednesday, July 24th 2019
2019-07-23Verifying SSL/TLS configuration (part 1)
2019-07-23ISC Stormcast For Tuesday, July 23rd 2019
2019-07-22Analyzing Compressed PowerShell Scripts
2019-07-22ISC Stormcast For Monday, July 22nd 2019
2019-07-21Malicious RTF Analysis CVE-2017-11882 by a Reader
2019-07-20Re-evaluating Network Security - It is Increasingly More Complex
2019-07-19ISC Stormcast For Friday, July 19th 2019
2019-07-18Malicious PHP Script Back on Stage?
2019-07-18The Other Side of Critical Control 1: 802.1x Wired Network Access Controls
2019-07-18ISC Stormcast For Thursday, July 18th 2019
2019-07-17Analyzis of DNS TXT Records
2019-07-17ISC Stormcast For Wednesday, July 17th 2019
2019-07-16ISC Stormcast For Tuesday, July 16th 2019
2019-07-16Commando VM: The Complete Mandiant Offensive VM
2019-07-15isodump.py and Malicious ISO Files
2019-07-15ISC Stormcast For Monday, July 15th 2019
2019-07-13Guidance to Protect DNS Against Hijacking & Scanning for Version.BIND Still a Thing
2019-07-12ISC Stormcast For Friday, July 12th 2019
2019-07-11Russian Dolls Malicious Script Delivering Ursnif
2019-07-11Remembering Mike Assante
2019-07-11ISC Stormcast For Thursday, July 11th 2019
2019-07-11Recent AZORult activity
2019-07-10Dumping File Contents in Hex (in PowerShell)
2019-07-10Samba Project tells us "What's New" - SMBv1 Disabled by Default (finally)
2019-07-10ISC Stormcast For Wednesday, July 10th 2019
2019-07-09VMWare Security Advisory on DoS Vulnerability in ESXi
2019-07-09MSFT July 2019 Patch Tuesday
2019-07-09Solving the WHOIS and Privacy Problem: A Draft of Implementing WHOIS in DNS
2019-07-09ISC Stormcast For Tuesday, July 9th 2019
2019-07-08Machine Code? No!
2019-07-08ISC Stormcast For Monday, July 8th 2019
2019-07-07OpSec and OSInt
2019-07-06Malicious XSL Files
2019-07-05A "Stream O" Maldoc
2019-07-04Machine Code?
2019-07-03ISC Stormcast For Wednesday, July 3rd 2019
2019-07-02Malicious Script With Multiple Payloads
2019-07-02Using Powershell in Basic Incident Response - A Domain Wide "Kill-Switch"
2019-07-02ISC Stormcast For Tuesday, July 2nd 2019
2019-07-01Maldoc: Payloads in User Forms
2019-06-30ISC Stormcast For Sunday, June 30th 2019
2019-06-28Verifying Running Processes against VirusTotal - Domain-Wide
2019-06-27ISC Stormcast For Friday, June 28th 2019
2019-06-27Finding the Gold in a Pile of Pennies - Long Tail Analysis in PowerShell
2019-06-26The Other Side of CIS Critical Control 2 - Inventorying *Unwanted* Software
2019-06-25ISC Stormcast For Wednesday, June 26th 2019
2019-06-25Rig Exploit Kit sends Pitou.B Trojan
2019-06-24ISC Stormcast For Tuesday, June 25th 2019
2019-06-24Extensive BGP Issues Affecting Cloudflare and possibly others
2019-06-23ISC Stormcast For Monday, June 24th 2019
2019-06-21ISC Stormcast For Friday, June 21st 2019
2019-06-21Netstat Local and Remote -new and improved, now with more PowerShell!
2019-06-20Using a Travel Packing App for Infosec Purpose
2019-06-20ISC Stormcast For Thursday, June 20th 2019
2019-06-19Quick Detect: Exim "Return of the Wizard" Attack
2019-06-19Critical Actively Exploited WebLogic Flaw Patched CVE-2019-2729
2019-06-19ISC Stormcast For Wednesday, June 19th 2019
2019-06-18What You Need To Know About TCP "SACK Panic"
2019-06-18ISC Stormcast For Tuesday, June 18th 2019
2019-06-18Malspam with password-protected Word docs pushing Dridex
2019-06-17An infection from Rig exploit kit
2019-06-17ISC Stormcast For Monday, June 17th 2019
2019-06-16Sysmon Version 10: DNS Logging
2019-06-14ISC Stormcast For Friday, June 14th 2019
2019-06-14A few Ghidra tips for IDA users, part 4 - function call graphs
2019-06-13ISC Stormcast For Thursday, June 13th 2019
2019-06-13What is "THAT" Address Doing on my Network
2019-06-12ISC Stormcast For Wednesday, June 12th 2019
2019-06-11MSFT June 2019 Patch Tuesday
2019-06-11ISC Stormcast For Tuesday, June 11th 2019
2019-06-10Interesting JavaScript Obfuscation Example
2019-06-10ISC Stormcast For Monday, June 10th 2019
2019-06-09Tip: Sysmon Will Log DNS Queries
2019-06-06ISC Stormcast For Friday, June 7th 2019
2019-06-06Keep an Eye on Your WMI Logs
2019-06-06New VMWare security advisory that affects VMware tools and Workstation - more information at
2019-06-06Time is (partially) on our side: the new Exim vulnerability
2019-06-06ISC Stormcast For Thursday, June 6th 2019
2019-06-05Getting (proper) value out of security assessments
2019-06-05GoldBrute Botnet Brute Forcing 1.5 Million RDP Servers
2019-06-05Cisco Security Advisories (2x HIGH) per PSIRT 05 JUN 2019:
2019-06-05ISC Stormcast For Wednesday, June 5th 2019
2019-06-04ISC snapshot: r-cyber with rud.is
2019-06-04ISC Stormcast For Tuesday, June 4th 2019
2019-06-03Tip: BASE64 Encoded PowerShell Scripts are Recognizable by the Amount of Letter As
2019-06-03ISC Stormcast For Monday, June 3rd 2019
2019-05-31Retrieving Second Stage Payload with Ncat
2019-05-31ISC Stormcast For Friday, May 31st 2019
2019-05-30Analyzing First Stage Shellcode
2019-05-30ISC Stormcast For Thursday, May 30th 2019
2019-05-29Behavioural Malware Analysis with Microsoft ASA
2019-05-29ISC Stormcast For Wednesday, May 29th 2019
2019-05-28Office Document & BASE64? PowerShell!
2019-05-28ISC Stormcast For Tuesday, May 28th 2019
2019-05-27nmap Service Fingerprint
2019-05-26Video: nmap Service Detection Customization
2019-05-25Do You Remember the SUBST Command?
2019-05-24ISC Stormcast For Friday, May 24th 2019
2019-05-23Investigating an Odd DNS Query
2019-05-22ISC Stormcast For Thursday, May 23rd 2019
2019-05-22An Update on the Microsoft Windows RDP "Bluekeep" Vulnerability (CVE-2019-0708) [now with pcaps]
2019-05-21ISC Stormcast For Wednesday, May 22nd 2019
2019-05-21Using Shodan Monitoring
2019-05-20ISC Stormcast For Tuesday, May 21st 2019
2019-05-20CVE-2019-0604 Attack
2019-05-19ISC Stormcast For Monday, May 20th 2019
2019-05-19Is Metadata Only Approach, Good Enough for Network Traffic Analysis?
2019-05-17ISC Stormcast For Friday, May 17th 2019
2019-05-16The Risk of Authenticated Vulnerability Scans
2019-05-16ISC Stormcast For Thursday, May 16th 2019
2019-05-15ISC Stormcast For Wednesday, May 15th 2019
2019-05-14VMWare just released a security update to address a DLL-hijacking issue affecting VMware Workstation Pro / Player. Details:
2019-05-14Microsoft May 2019 Patch Tuesday
2019-05-14ISC Stormcast For Tuesday, May 14th 2019
2019-05-13From Phishing To Ransomware?
2019-05-13ISC Stormcast For Monday, May 13th 2019
2019-05-10DSSuite - A Docker Container with Didier's Tools
2019-05-10ISC Stormcast For Friday, May 10th 2019
2019-05-09ISC Stormcast For Thursday, May 9th 2019
2019-05-08ISC Stormcast For Wednesday, May 8th 2019
2019-05-08Email roulette, May 2019
2019-05-07Vulnerable Apache Jenkins exploited in the wild
2019-05-07ISC Stormcast For Tuesday, May 7th 2019
2019-05-06Text and Text
2019-05-05ISC Stormcast For Monday, May 6th 2019
2019-05-03A few Ghidra tips for IDA users, part 3 - conversion, labels, and comments
2019-05-03ISC Stormcast For Friday, May 3rd 2019
2019-05-02ISC Stormcast For Thursday, May 2nd 2019
2019-05-01VBA Office Document: Which Version?
2019-05-01Another Day, Another Suspicious UDF File
2019-05-01ISC Stormcast For Wednesday, May 1st 2019
2019-04-30Introduction to KAPE
2019-04-30ISC Stormcast For Tuesday, April 30th 2019
2019-04-29ISC Stormcast For Monday, April 29th 2019
2019-04-28Update about Weblogic CVE-2019-2725 (Exploits Used in the Wild, Patch Status)
2019-04-27Quick Tip for Dissecting CVE-2017-11882 Exploits
2019-04-26Pillaging Passwords from Service Accounts
2019-04-26ISC Stormcast For Friday, April 26th 2019
2019-04-25Service Accounts Redux - Collecting Service Accounts with PowerShell
2019-04-25Unpatched Vulnerability Alert - WebLogic Zero Day
2019-04-25ISC Stormcast For Thursday, April 25th 2019
2019-04-24Finding Local Administrators on a Domain Member Stations
2019-04-24Where have all the Domain Admins gone? Rooting out Unwanted Domain Administrators
2019-04-24ISC Stormcast For Wednesday, April 24th 2019
2019-04-23Malicious VBA Office Document Without Source Code
2019-04-22ISC Stormcast For Tuesday, April 23rd 2019
2019-04-22.rar Files and ACE Exploit CVE-2018-20250
2019-04-22ISC Stormcast For Monday, April 22nd 2019
2019-04-19Analyzing UDF Files with Python
2019-04-19ISC Stormcast For Friday, April 19th 2019
2019-04-18ISC Stormcast For Thursday, April 18th 2019
2019-04-17Malware Sample Delivered Through UDF Image
2019-04-17ISC Stormcast For Wednesday, April 17th 2019
2019-04-17A few Ghidra tips for IDA users, part 2 - strings and parameters
2019-04-16ISC Stormcast For Tuesday, April 16th 2019
2019-04-16Odd DNS Requests that are Normal
2019-04-15ISC Stormcast For Monday, April 15th 2019
2019-04-13Configuring MTA-STS and TLS Reporting For Your Domain
2019-04-12When Windows 10 Comes to Live: The First Few Minutes in the Live of a Windows 10 System
2019-04-12ISC Stormcast For Friday, April 12th 2019
2019-04-11How to Find Hidden Cameras in your AirBNB
2019-04-11ISC Stormcast For Thursday, April 11th 2019
2019-04-10Blue + Red: An Infosec Purple Pyramid
2019-04-09ISC Stormcast For Wednesday, April 10th 2019
2019-04-09Microsoft April 2019 Patch Tuesday
2019-04-09ISC Stormcast For Tuesday, April 9th 2019
2019-04-08A few Ghidra tips for IDA users, part 1 - the decompiler/unreachable code
2019-04-07ISC Stormcast For Monday, April 8th 2019
2019-04-07Fake Office 365 Payment Information Update
2019-04-05Beagle: Graph transforms for DFIR data & logs
2019-04-04ISC Stormcast For Friday, April 5th 2019
2019-04-04New Waves of Scans Detected by an Old Rule
2019-04-04ISC Stormcast For Thursday, April 4th 2019
2019-04-03ISC Stormcast For Wednesday, April 3rd 2019
2019-04-03A few Ghidra tips for IDA users, part 0 - automatic comments for API call parameters
2019-04-02ISC Stormcast For Tuesday, April 2nd 2019
2019-04-02Fake AV is Back: LaCie Network Drives Used to Spread Malware
2019-04-01Analysis of PDFs Created with OpenOffice/LibreOffice
2019-03-31ISC Stormcast For Monday, April 1st 2019
2019-03-31Maldoc Analysis of the Weekend by a Reader
2019-03-30"404" is not Malware
2019-03-29Annotating Golang binaries with Cutter and Jupyter
2019-03-28ISC Stormcast For Friday, March 29th 2019
2019-03-27ISC Stormcast For Thursday, March 28th 2019
2019-03-27Running your Own Passive DNS Service
2019-03-26ISC Stormcast For Wednesday, March 27th 2019
2019-03-25ISC Stormcast For Tuesday, March 26th 2019
2019-03-25"VelvetSweatshop" Maldocs: Shellcode Analysis
2019-03-24ISC Stormcast For Monday, March 25th 2019
2019-03-24Decoding QR Codes with Python
2019-03-23"VelvetSweatshop" Maldocs
2019-03-22Introduction to analysing Go binaries
2019-03-21ISC Stormcast For Thursday, March 21st 2019
2019-03-21New Wave of Extortion Emails: Central Intelligence Agency Case
2019-03-20ISC Stormcast For Wednesday, March 20th 2019
2019-03-20Using AD to find hosts that aren't in AD - fun with the [IPAddress] construct!
2019-03-19ISC Stormcast For Wednesday, March 20th 2019
2019-03-18Wireshark 3.0.0 and Npcap: Some Remarks
2019-03-18ISC Stormcast For Monday, March 18th 2019
2019-03-17ISC Stormcast For Sunday, March 17th 2019
2019-03-17Video: Maldoc Analysis: Excel 4.0 Macro
2019-03-16Maldoc: Excel 4.0 Macros
2019-03-15Binary Analysis with Jupyter and Radare2
2019-03-15ISC Stormcast For Friday, March 15th 2019
2019-03-14Tip: Ghidra & ZIP Files
2019-03-13ISC Stormcast For Wednesday, March 13th 2019
2019-03-13Malspam pushes Emotet with Qakbot as the follow-up malware
2019-03-12Microsoft March 2019 Patch Tuesday
2019-03-12Test Diary
2019-03-12ISC Stormcast For Tuesday, March 12th 2019
2019-03-11Wireshark 3.0.0 and Npcap
2019-03-10ISC Stormcast For Monday, March 11th 2019
2019-03-10Quick and Dirty Malicious HTA Analysis
2019-03-10Malicious HTA Analysis by a Reader
2019-03-09A Comparison Study of SSH Port Activity - TCP 22 & 2222
2019-03-08Analysing meterpreter payload with Ghidra
2019-03-08ISC Stormcast For Friday, March 8th 2019
2019-03-07ISC Stormcast For Thursday, March 7th 2019
2019-03-06Keep an Eye on Disposable Email Addresses
2019-03-06March Edition of Ouch! Newsletter: Securely Disposing Mobile Devices
2019-03-06ISC Stormcast For Wednesday, March 6th 2019
2019-03-06Malspam with password-protected word docs still pushing IcedID (Bokbot) with Trickbot
2019-03-05ISC Stormcast For Tuesday, March 5th 2019
2019-03-05Powershell, Active Directory and the Windows Host Firewall
2019-03-04ISC Stormcast For Monday, March 4th 2019
2019-03-01Critical Cisco Wireless Patch for RV Series, CVE-2019-1663.
2019-03-01ISC Stormcast For Friday, March 1st 2019
2019-02-28ISC Stormcast For Thursday, February 28th 2019
2019-02-28Phishing impersonations
2019-02-27Maldoc Analysis by a Reader
2019-02-27ISC Stormcast For Wednesday, February 27th 2019
2019-02-26Ad Blocking With Pi Hole
2019-02-26ISC Stormcast For Tuesday, February 26th 2019
2019-02-25Sextortion Email Variant: With QR Code
2019-02-25ISC Stormcast For Monday, February 25th 2019
2019-02-24Packet Editor and Builder by Colasoft
2019-02-22ISC Stormcast For Friday, February 22nd 2019
2019-02-21Simple Powershell Keyloggers are Back
2019-02-21ISC Stormcast For Thursday, February 21st 2019
2019-02-20ISC Stormcast For Wednesday, February 20th 2019
2019-02-20More Russian language malspam pushing Shade (Troldesh) ransomware
2019-02-19Identifying Files: Failure Happens
2019-02-19ISC Stormcast For Tuesday, February 19th 2019
2019-02-18VMware Security Advisory Released: VMSA-2019-0001
2019-02-18ISC Stormcast For Monday, February 18th 2019
2019-02-18Know What You Are Logging
2019-02-17Video: Finding Property Values in Office Documents
2019-02-16Finding Property Values in Office Documents
2019-02-15ISC Stormcast For Friday, February 15th 2019
2019-02-14Old H-Worm Delivered Through GitHub
2019-02-14Suspicious PDF Connecting to a Remote SMB Share
2019-02-14ISC Stormcast For Thursday, February 14th 2019
2019-02-13ISC Stormcast For Wednesday, February 13th 2019
2019-02-13Fake Updates campaign still active in 2019
2019-02-12Microsoft February 2019 Patch Tuesday
2019-02-12ISC Stormcast For Tuesday, February 12th 2019
2019-02-11Have You Seen an Email Virus Recently?
2019-02-11ISC Stormcast For Monday, February 11th 2019
2019-02-10Video: Maldoc Analysis of the Weekend
2019-02-09Maldoc Analysis of the Weekend
2019-02-08ISC Stormcast For Friday, February 8th 2019
2019-02-07Phishing Kit with JavaScript Keylogger
2019-02-07UAC is not all that bad really
2019-02-06ISC Stormcast For Thursday, February 7th 2019
2019-02-06Hancitor malspam and infection traffic from Tuesday 2019-02-05
2019-02-06ISC Stormcast For Wednesday, February 6th 2019
2019-02-05Mitigations against Mimikatz Style Attacks
2019-02-05ISC Stormcast For Tuesday, February 5th 2019
2019-02-04Wikipedia Articles as part of Tech Support Scamming Campaigns?
2019-02-04Struts Vulnerability CVE-2017-5638 on VMware vCenter - the Gift that Keeps on Giving
2019-02-04ISC Stormcast For Monday, February 4th 2019
2019-02-03Video: Analyzing a Simple HTML Phishing Attachment
2019-02-02Scanning for WebDAV PROPFIND Exploiting CVE-2017-7269
2019-02-01ISC Stormcast For Friday, February 1st 2019
2019-02-01Sextortion: Follow the Money Part 3 - The cashout begins!
2019-01-31Tracking Unexpected DNS Changes
2019-01-31ISC Stormcast For Thursday, January 31st 2019
2019-01-30CR19-010: The United States vs. Huawei
2019-01-30ISC Stormcast For Wednesday, January 30th 2019
2019-01-29A Not So Well Done Phish (Why Attackers need to Implement IPv6 Now! ;-) )
2019-01-29ISC Stormcast For Tuesday, January 29th 2019
2019-01-28Relaying Exchange?s NTLM authentication to domain admin (and more)
2019-01-28ISC Stormcast For Monday, January 28th 2019
2019-01-27Resolve to Be More Involved In Your Local Community - REVISITED
2019-01-26Video: Analyzing Encrypted Malicious Office Documents
2019-01-25Are you Ready for DNS Flag Day?
2019-01-25ISC Stormcast For Friday, January 25th 2019
2019-01-24Malspam with Word docs uses macro to run Powershell script and steal system data
2019-01-24ISC Stormcast For Thursday, January 24th 2019
2019-01-23ISC Stormcast For Wednesday, January 23rd 2019
2019-01-22DNS Firewalling with MISP
2019-01-22ISC Stormcast For Tuesday, January 22nd 2019
2019-01-21Suspicious GET Request: Do You Know What This Is?
2019-01-21ISC Stormcast For Monday, January 21st 2019
2019-01-18Sextortion Bitcoin on the Move
2019-01-18ISC Stormcast For Friday, January 18th 2019
2019-01-16ISC Stormcast For Wednesday, January 16th 2019
2019-01-15Oracle Has Published 284 Security Updates in their January Patch Advisory, More here:
2019-01-15Microsoft Publishes Patches for Skype for Business and Team Foundation Server
2019-01-14ISC Stormcast For Tuesday, January 15th 2019
2019-01-14Microsoft LAPS - Blue Team / Red Team
2019-01-14Still Running Windows 7? Time to think about that upgrade project!
2019-01-14ISC Stormcast For Monday, January 14th 2019
2019-01-12Snorpy a Web Base Tool to Build Snort/Suricata Rules
2019-01-11Quick Maldoc Analysis
2019-01-11ISC Stormcast For Friday, January 11th 2019
2019-01-10ISC Stormcast For Thursday, January 10th 2019
2019-01-10Heartbreaking Emails: "Love You" Malspam
2019-01-09Wireshark 2.4.12 & 2.6.6 released, vulns & bugs fixed -
2019-01-09gganimate: Animate YouR Security Analysis
2019-01-09ISC Stormcast For Wednesday, January 9th 2019
2019-01-08Microsoft January 2019 Patch Tuesday
2019-01-08ISC Stormcast For Tuesday, January 8th 2019
2019-01-07ISC Stormcast For Monday, January 7th 2019
2019-01-07Analyzing Encrypted Malicious Office Documents
2019-01-06Malicious .tar Attachments
2019-01-05A Malicious JPEG? Second Example
2019-01-04A Malicious JPEG?
2019-01-04ISC Stormcast For Friday, January 4th 2019
2019-01-03ISC Stormcast For Thursday, January 3rd 2019
2019-01-02Malicious Script Leaking Data via FTP
2019-01-02Gift Card Scams on the rise
2019-01-02ISC Stormcast For Wednesday, January 2nd 2019
2019-01-02Maldoc with Nonfunctional Shellcode
2019-01-01Make a Wheel in 2019!