| Date |
Title |
|
2019-12-31 |
Some Thoughts About the Critical Citrix ADC/Gateway
Vulnerability (CVE-2019-19781) |
|
2019-12-31 |
ISC Stormcast For Tuesday, December 31st 2019
|
|
2019-12-30 |
ISC Stormcast For Monday, December 30th 2019 |
|
2019-12-30 |
Miscellaneous Updates to our "Threatfeed" API
|
|
2019-12-29 |
ELK Dashboard for Pihole Logs |
|
2019-12-28 |
Corrupt Office Documents
|
|
2019-12-27 |
Enumerating office365 users
|
|
2019-12-27 |
ISC Stormcast For Friday, December 27th 2019 |
|
2019-12-26 |
Bypassing UAC to Install a Cryptominer
|
|
2019-12-25 |
Merry christmas! |
|
2019-12-25 |
Timely acquisition of network traffic evidence in the
middle of an incident response procedure
|
|
2019-12-24 |
Malspam with links to Word docs pushes IcedID (Bokbot)
|
|
2019-12-23 |
ISC Stormcast For Monday, December 23rd 2019
|
|
2019-12-23 |
New oledump.py plugin: plugin_version_vba |
|
2019-12-22 |
Extracting VBA Macros From .DWG Files |
|
2019-12-21 |
Wireshark 3.2.0 Released |
|
2019-12-20 |
ISC Stormcast For Friday, December 20th 2019
|
|
2019-12-19 |
More DNS over HTTPS: Become One With the Packet. Be the
Query. See the Query |
|
2019-12-19 |
ISC Stormcast For Thursday, December 19th 2019
|
|
2019-12-18 |
ISC Stormcast For Wednesday, December 18th 2019
|
|
2019-12-18 |
Emotet infection with spambot activity |
|
2019-12-17 |
ISC Stormcast For Tuesday, December 17th 2019
|
|
2019-12-17 |
Is it Possible to Identify DNS over HTTPs Without
Decrypting TLS? |
|
2019-12-16 |
ISC Stormcast For Monday, December 16th 2019
|
|
2019-12-16 |
Malicious .DWG Files? |
|
2019-12-15 |
VirusTotal Email Submissions |
|
2019-12-14 |
(Lazy) Sunday Maldoc Analysis: A Bit More ... |
|
2019-12-13 |
Internet banking sites and their use of TLS... and
SSLv3... and SSLv2?! |
|
2019-12-13 |
ISC Stormcast For Friday, December 13th 2019
|
|
2019-12-12 |
Critical VMware Vulnerability (OpenSLP): |
|
2019-12-12 |
ISC Stormcast For Thursday, December 12th 2019
|
|
2019-12-12 |
Code & Data Reuse in the Malware Ecosystem |
|
2019-12-11 |
ISC Stormcast For Wednesday, December 11th 2019
|
|
2019-12-11 |
German language malspam pushes yet another wave of
Trickbot |
|
2019-12-10 |
Microsoft December 2019 Patch Tuesday |
|
2019-12-10 |
ISC Stormcast For Tuesday, December 10th 2019
|
|
2019-12-09 |
ISC Stormcast For Monday, December 9th 2019
|
|
2019-12-09 |
(Lazy) Sunday Maldoc Analysis |
|
2019-12-08 |
Wireshark 3.0.7 Released |
|
2019-12-07 |
Integrating Pi-hole Logs in ELK with Logstash |
|
2019-12-06 |
Phishing with a self-contained credentials-stealing
webpage |
|
2019-12-06 |
ISC Stormcast For Friday, December 6th 2019
|
|
2019-12-05 |
E-mail from Agent Tesla |
|
2019-12-05 |
ISC Stormcast For Thursday, December 5th 2019
|
|
2019-12-04 |
Analysis of a strangely poetic malware |
|
2019-12-04 |
ISC Stormcast For Wednesday, December 4th 2019
|
|
2019-12-03 |
ISC Stormcast For Tuesday, December 3rd 2019
|
|
2019-12-03 |
Ursnif infection with Dridex |
|
2019-12-02 |
Next up, what's up with TCP port 26? |
|
2019-12-02 |
ISC Stormcast For Monday, December 2nd 2019
|
|
2019-11-29 |
ISC Snapshot: Search with SauronEye |
|
2019-11-27 |
ISC Stormcast For Wednesday, November 27th 2019
|
|
2019-11-27 |
Finding an Agent Tesla malware sample |
|
2019-11-26 |
Lessons learned from playing a willing phish |
|
2019-11-26 |
ISC Stormcast For Tuesday, November 26th 2019
|
|
2019-11-25 |
My Little DoH Setup |
|
2019-11-25 |
ISC Stormcast For Monday, November 25th 2019
|
|
2019-11-23 |
Local Malware Analysis with Malice |
|
2019-11-22 |
ISC Stormcast For Friday, November 22nd 2019
|
|
2019-11-22 |
Abusing Web Filters Misconfiguration for Reconnaissance |
|
2019-11-21 |
Gathering information to determine unusual network
traffic |
|
2019-11-21 |
ISC Stormcast For Thursday, November 21st 2019
|
|
2019-11-20 |
ISC Stormcast For Wednesday, November 20th 2019
|
|
2019-11-20 |
Hancitor infection with Pony, Evil Pony, Ursnif, and
Cobalt Strike |
|
2019-11-19 |
Cheap Chinese JAWS of DVR Exploitability on Port 60001 |
|
2019-11-19 |
ISC Stormcast For Tuesday, November 19th 2019
|
|
2019-11-18 |
SMS and 2FA: Another Reason to Move away from It. |
|
2019-11-18 |
ISC Stormcast For Monday, November 18th 2019
|
|
2019-11-15 |
ISC Stormcast For Friday, November 15th 2019
|
|
2019-11-13 |
ISC Stormcast For Wednesday, November 13th 2019
|
|
2019-11-13 |
An example of malspam pushing Lokibot malware, November
2019 |
|
2019-11-12 |
November 2019 Microsoft Patch Tuesday |
|
2019-11-12 |
ISC Stormcast For Tuesday, November 12th 2019
|
|
2019-11-11 |
Are We Going Back to TheMoon (and How is Liquor Involved)? |
|
2019-11-11 |
Some packet-fu with Zeek (previously known as bro) |
|
2019-11-11 |
ISC Stormcast For Monday, November 11th 2019
|
|
2019-11-10 |
Did the recent malicious BlueKeep campaign have any
positive impact when it comes to patching? |
|
2019-11-09 |
Fake Netflix Update Request by Text |
|
2019-11-08 |
Microsoft Apps Diverted from Their Main Use |
|
2019-11-08 |
ISC Stormcast For Friday, November 8th 2019
|
|
2019-11-07 |
Getting the best value out of security assessments |
|
2019-11-07 |
ISC Stormcast For Thursday, November 7th 2019
|
|
2019-11-06 |
ISC Stormcast For Wednesday, November 6th 2019
|
|
2019-11-06 |
More malspam pushing Formbook |
|
2019-11-05 |
ISC Stormcast For Tuesday, November 5th 2019
|
|
2019-11-05 |
Bluekeep exploitation causing Bluekeep vulnerability scan
to fail |
|
2019-11-04 |
ISC Stormcast For Monday, November 4th 2019
|
|
2019-11-04 |
rConfig Install Directory Remote Code Execution
Vulnerability Exploited |
|
2019-11-03 |
You Too? "Unusual Activity with Double Base64 Encoding" |
|
2019-11-02 |
Remark on EML Attachments |
|
2019-11-01 |
Tip: Password Managers and 2FA |
|
2019-11-01 |
ISC Stormcast For Friday, November 1st 2019
|
|
2019-10-31 |
EML attachments in O365 - a recipe for phishing |
|
2019-10-31 |
ISC Stormcast For Thursday, October 31st 2019
|
|
2019-10-30 |
Keep an Eye on Remote Access to Mailboxes |
|
2019-10-30 |
ISC Stormcast For Wednesday, October 30th 2019
|
|
2019-10-29 |
ISC Stormcast For Tuesday, October 29th 2019
|
|
2019-10-29 |
Generating PCAP Files from YAML |
|
2019-10-28 |
ISC Stormcast For Monday, October 28th 2019
|
|
2019-10-27 |
Using scdbg to Find Shellcode |
|
2019-10-27 |
Unusual Activity with Double Base64 Encoding |
|
2019-10-27 |
Wireshark 3.0.6 Released |
|
2019-10-25 |
VMware Patch Alert! |
|
2019-10-25 |
More on DNS Archeology (with PowerShell) |
|
2019-10-25 |
ISC Stormcast For Friday, October 25th 2019
|
|
2019-10-24 |
Your Supply Chain Doesn't End At Receiving: How Do You
Decommission Network Equipment? |
|
2019-10-24 |
ISC Stormcast For Thursday, October 24th 2019
|
|
2019-10-23 |
ISC Stormcast For Wednesday, October 23rd 2019
|
|
2019-10-22 |
Testing TLSv1.3 and supported ciphers |
|
2019-10-22 |
ISC Stormcast For Tuesday, October 22nd 2019
|
|
2019-10-21 |
What's up with TCP 853 (DNS over TLS)? |
|
2019-10-21 |
ISC Stormcast For Monday, October 21st 2019
|
|
2019-10-20 |
Scanning Activity for NVMS-9000 Digital Video Recorder |
|
2019-10-19 |
What Assumptions Are You Making? |
|
2019-10-18 |
Quick Malicious VBS Analysis |
|
2019-10-18 |
ISC Stormcast For Friday, October 18th 2019
|
|
2019-10-17 |
Phishing e-mail spoofing SPF-enabled domain |
|
2019-10-17 |
ISC Stormcast For Thursday, October 17th 2019
|
|
2019-10-16 |
New VMware security advisory: | Oracle quarterly patches
bundle: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
|
|
2019-10-16 |
Security Monitoring: At Network or Host Level? |
|
2019-10-16 |
ISC Stormcast For Wednesday, October 16th 2019
|
|
2019-10-15 |
ISC Stormcast For Tuesday, October 15th 2019
|
|
2019-10-14 |
When MacOS Catalina Comes to Life: The First Few Minutes
of Network Traffic From MacOS 10.15. |
|
2019-10-14 |
YARA's XOR Modifier |
|
2019-10-14 |
ISC Stormcast For Monday, October 14th 2019
|
|
2019-10-12 |
YARA v3.11.0 released |
|
2019-10-11 |
ISC Stormcast For Friday, October 11th 2019
|
|
2019-10-10 |
Mining Live Networks for OUI Data Oddness |
|
2019-10-10 |
ISC Stormcast For Thursday, October 10th 2019
|
|
2019-10-09 |
ISC Stormcast For Wednesday, October 9th 2019
|
|
2019-10-09 |
What data does Vidar malware steal from an infected host? |
|
2019-10-08 |
Microsoft October 2019 Patch Tuesday |
|
2019-10-08 |
ISC Stormcast For Tuesday, October 8th 2019
|
|
2019-10-07 |
ISC Stormcast For Monday, October 7th 2019
|
|
2019-10-06 |
visNetwork for Network Data |
|
2019-10-04 |
ISC Stormcast For Friday, October 4th 2019
|
|
2019-10-03 |
Buffer overflows found in libpcap and tcpdump |
|
2019-10-03 |
ISC Stormcast For Thursday, October 3rd 2019
|
|
2019-10-03 |
"Lost_Files" Ransomware |
|
2019-10-02 |
ISC Stormcast For Wednesday, October 2nd 2019
|
|
2019-10-02 |
A recent example of Emotet malspam |
|
2019-10-01 |
A Quick Look at Some Current Comment Spam |
|
2019-10-01 |
ISC Stormcast For Tuesday, October 1st 2019
|
|
2019-09-30 |
Maldoc, PowerShell & BITS |
|
2019-09-30 |
ISC Stormcast For Monday, September 30th 2019
|
|
2019-09-29 |
Encrypted Maldoc, Wrong Password |
|
2019-09-27 |
New Scans for Polycom Autoconfiguration Files |
|
2019-09-27 |
ISC Stormcast For Friday, September 27th 2019
|
|
2019-09-26 |
Vulnerability on specific Cisco Industrial / Grid router
models |
|
2019-09-26 |
Mining MAC Address and OUI Information |
|
2019-09-26 |
ISC Stormcast For Thursday, September 26th 2019
|
|
2019-09-25 |
ISC Stormcast For Wednesday, September 25th 2019
|
|
2019-09-25 |
Malspam pushing Quasar RAT |
|
2019-09-24 |
Huge Amount of remotewebaccess.com Sites Found in
Certificate Transparency Logs |
|
2019-09-24 |
ISC Stormcast For Tuesday, September 24th 2019
|
|
2019-09-23 |
ISC Stormcast For Monday, September 23rd 2019
|
|
2019-09-22 |
YARA XOR Strings: an Update |
|
2019-09-22 |
Video: Encrypted Sextortion PDFs |
|
2019-09-21 |
Wireshark 3.0.5 Release: Potential Windows Crash when
Updating |
|
2019-09-20 |
ISC Stormcast For Friday, September 20th 2019
|
|
2019-09-19 |
Blacklisting or Whitelisting in the Right Way |
|
2019-09-19 |
Agent Tesla Trojan Abusing Corporate Email Accounts |
|
2019-09-19 |
ISC Stormcast For Thursday, September 19th 2019
|
|
2019-09-18 |
ISC Stormcast For Wednesday, September 18th 2019
|
|
2019-09-18 |
Emotet malspam is back |
|
2019-09-17 |
Investigating Gaps in your Windows Event Logs |
|
2019-09-17 |
ISC Stormcast For Tuesday, September 17th 2019
|
|
2019-09-16 |
Encrypted Sextortion PDFs |
|
2019-09-16 |
ISC Stormcast For Monday, September 16th 2019
|
|
2019-09-13 |
ISC Stormcast For Friday, September 13th 2019
|
|
2019-09-12 |
Rig Exploit Kit Delivering VBScript |
|
2019-09-12 |
Blocking Firefox DoH with Bind |
|
2019-09-12 |
ISC Stormcast For Thursday, September 12th 2019
|
|
2019-09-11 |
ISC Stormcast For Wednesday, September 11th 2019
|
|
2019-09-10 |
Microsoft September 2019 Patch Tuesday |
|
2019-09-10 |
ISC Stormcast For Tuesday, September 10th 2019
|
|
2019-09-09 |
ISC Stormcast For Monday, September 9th 2019
|
|
2019-09-07 |
Unidentified Scanning Activity |
|
2019-09-06 |
PowerShell Script with a builtin DLL |
|
2019-09-06 |
ISC Stormcast For Friday, September 6th 2019
|
|
2019-09-05 |
Private IP Addresses in Malware Samples? |
|
2019-09-05 |
ISC Stormcast For Thursday, September 5th 2019
|
|
2019-09-04 |
ISC Stormcast For Wednesday, September 4th 2019
|
|
2019-09-04 |
Malspam using password-protected Word docs to push Remcos
RAT |
|
2019-09-03 |
[Guest Diary] Tricky LNK points to TrickBot |
|
2019-09-03 |
ISC Stormcast For Tuesday, September 3rd 2019
|
|
2019-09-02 |
ISC Stormcast For Monday, September 2nd 2019
|
|
2019-08-30 |
Malware Dropping a Local Node.js Instance |
|
2019-08-30 |
ISC Stormcast For Friday, August 30th 2019
|
|
2019-08-29 |
ISC Stormcast For Thursday, August 29th 2019
|
|
2019-08-28 |
Malware Samples Compiling Their Next Stage on Premise |
|
2019-08-28 |
[Guest Diary] Open Redirect: A Small But Very Common
Vulnerability |
|
2019-08-28 |
ISC Stormcast For Wednesday, August 28th 2019
|
|
2019-08-27 |
ISC Stormcast For Tuesday, August 27th 2019
|
|
2019-08-26 |
Is it Safe to Require TLS 1.2 for E-Mail |
|
2019-08-26 |
ISC Stormcast For Monday, August 26th 2019
|
|
2019-08-25 |
Are there any Advantages of Buying Cyber Security
Insurance? |
|
2019-08-23 |
ISC Stormcast For Friday, August 23rd 2019
|
|
2019-08-22 |
Simple Mimikatz & RDPWrapper Dropper |
|
2019-08-22 |
ISC Stormcast For Thursday, August 22nd 2019
|
|
2019-08-21 |
KAPE: Kroll Artifact Parser and Extractor |
|
2019-08-21 |
ISC Stormcast For Wednesday, August 21st 2019
|
|
2019-08-20 |
ISC Stormcast For Tuesday, August 20th 2019
|
|
2019-08-20 |
Guildma malware is now accessing Facebook and YouTube to
keep up-to-date |
|
2019-08-19 |
Compressed ISO Files (ISZ) |
|
2019-08-19 |
ISC Stormcast For Monday, August 19th 2019
|
|
2019-08-18 |
Video: Analyzing DAA Files |
|
2019-08-16 |
The DAA File Format |
|
2019-08-16 |
ISC Stormcast For Friday, August 16th 2019
|
|
2019-08-15 |
Analysis of a Spearphishing Maldoc |
|
2019-08-15 |
ISC Stormcast For Thursday, August 15th 2019
|
|
2019-08-14 |
ISC Stormcast For Wednesday, August 14th 2019
|
|
2019-08-14 |
Recent example of MedusaHTTP malware |
|
2019-08-13 |
August 2019 Microsoft Patch Tuesday |
|
2019-08-13 |
ISC Stormcast For Tuesday, August 13th 2019
|
|
2019-08-12 |
Malicious .DAA Attachments |
|
2019-08-12 |
ISC Stormcast For Monday, August 12th 2019
|
|
2019-08-11 |
Nmap Defcon Release: 7.80 |
|
2019-08-09 |
ISC Stormcast For Friday, August 9th 2019
|
|
2019-08-09 |
100% JavaScript Phishing Page |
|
2019-08-08 |
[Guest Diary] The good, the bad and the non-functional,
or "how not to do an attack campaign" |
|
2019-08-08 |
ISC Stormcast For Thursday, August 8th 2019
|
|
2019-08-07 |
Verifying SSL/TLS configuration (part 2) |
|
2019-08-07 |
ISC Stormcast For Wednesday, August 7th 2019
|
|
2019-08-06 |
ISC Stormcast For Tuesday, August 6th 2019
|
|
2019-08-05 |
ISC Stormcast For Monday, August 5th 2019
|
|
2019-08-05 |
Scanning for Bluekeep vulnerable RDP instances |
|
2019-08-05 |
Sextortion: Follow the Money - The Final Chapter |
|
2019-08-04 |
Detecting ZLIB Compression |
|
2019-08-02 |
Combining Low Tech Scams: SMS + SET + Credit Card
Harvesting |
|
2019-08-02 |
ISC Stormcast For Friday, August 2nd 2019
|
|
2019-08-01 |
What is Listening On Port 9527/TCP? |
|
2019-08-01 |
ISC Stormcast For Thursday, August 1st 2019
|
|
2019-07-31 |
ISC Stormcast For Wednesday, July 31st 2019
|
|
2019-07-31 |
Targeted Phishing Attacks in the Financial Industry: Fire-3
Phishing Kit |
|
2019-07-30 |
Can You Spell 2FA? A Luno Phish Example |
|
2019-07-30 |
ISC Stormcast For Tuesday, July 30th 2019
|
|
2019-07-29 |
Recognizing ZLIB Compression |
|
2019-07-29 |
ISC Stormcast For Monday, July 29th 2019 |
|
2019-07-28 |
Video: Analyzing Compressed PowerShell Scripts |
|
2019-07-27 |
A Python TCP proxy |
|
2019-07-26 |
DVRIP Port 34567 - Uptick |
|
2019-07-26 |
ISC Stormcast For Friday, July 26th 2019 |
|
2019-07-25 |
When Users Attack! Users (and Admins) Thwarting Security
Controls |
|
2019-07-25 |
ISC Stormcast For Thursday, July 25th 2019
|
|
2019-07-24 |
May People Be Considered as IOC? |
|
2019-07-24 |
ISC Stormcast For Wednesday, July 24th 2019
|
|
2019-07-23 |
Verifying SSL/TLS configuration (part 1) |
|
2019-07-23 |
ISC Stormcast For Tuesday, July 23rd 2019
|
|
2019-07-22 |
Analyzing Compressed PowerShell Scripts |
|
2019-07-22 |
ISC Stormcast For Monday, July 22nd 2019 |
|
2019-07-21 |
Malicious RTF Analysis CVE-2017-11882 by a Reader |
|
2019-07-20 |
Re-evaluating Network Security - It is Increasingly More
Complex |
|
2019-07-19 |
ISC Stormcast For Friday, July 19th 2019 |
|
2019-07-18 |
Malicious PHP Script Back on Stage? |
|
2019-07-18 |
The Other Side of Critical Control 1: 802.1x Wired
Network Access Controls |
|
2019-07-18 |
ISC Stormcast For Thursday, July 18th 2019
|
|
2019-07-17 |
Analyzis of DNS TXT Records |
|
2019-07-17 |
ISC Stormcast For Wednesday, July 17th 2019
|
|
2019-07-16 |
ISC Stormcast For Tuesday, July 16th 2019
|
|
2019-07-16 |
Commando VM: The Complete Mandiant Offensive VM |
|
2019-07-15 |
isodump.py and Malicious ISO Files |
|
2019-07-15 |
ISC Stormcast For Monday, July 15th 2019 |
|
2019-07-13 |
Guidance to Protect DNS Against Hijacking & Scanning for
Version.BIND Still a Thing |
|
2019-07-12 |
ISC Stormcast For Friday, July 12th 2019 |
|
2019-07-11 |
Russian Dolls Malicious Script Delivering Ursnif |
|
2019-07-11 |
Remembering Mike Assante |
|
2019-07-11 |
ISC Stormcast For Thursday, July 11th 2019
|
|
2019-07-11 |
Recent AZORult activity |
|
2019-07-10 |
Dumping File Contents in Hex (in PowerShell) |
|
2019-07-10 |
Samba Project tells us "What's New" - SMBv1 Disabled by
Default (finally) |
|
2019-07-10 |
ISC Stormcast For Wednesday, July 10th 2019
|
|
2019-07-09 |
VMWare Security Advisory on DoS Vulnerability in ESXi |
|
2019-07-09 |
MSFT July 2019 Patch Tuesday |
|
2019-07-09 |
Solving the WHOIS and Privacy Problem: A Draft of
Implementing WHOIS in DNS |
|
2019-07-09 |
ISC Stormcast For Tuesday, July 9th 2019 |
|
2019-07-08 |
Machine Code? No! |
|
2019-07-08 |
ISC Stormcast For Monday, July 8th 2019 |
|
2019-07-07 |
OpSec and OSInt |
|
2019-07-06 |
Malicious XSL Files |
|
2019-07-05 |
A "Stream O" Maldoc |
|
2019-07-04 |
Machine Code? |
|
2019-07-03 |
ISC Stormcast For Wednesday, July 3rd 2019
|
|
2019-07-02 |
Malicious Script With Multiple Payloads |
|
2019-07-02 |
Using Powershell in Basic Incident Response - A Domain
Wide "Kill-Switch" |
|
2019-07-02 |
ISC Stormcast For Tuesday, July 2nd 2019 |
|
2019-07-01 |
Maldoc: Payloads in User Forms |
|
2019-06-30 |
ISC Stormcast For Sunday, June 30th 2019 |
|
2019-06-28 |
Verifying Running Processes against VirusTotal - Domain-Wide |
|
2019-06-27 |
ISC Stormcast For Friday, June 28th 2019 |
|
2019-06-27 |
Finding the Gold in a Pile of Pennies - Long Tail
Analysis in PowerShell |
|
2019-06-26 |
The Other Side of CIS Critical Control 2 - Inventorying *Unwanted*
Software |
|
2019-06-25 |
ISC Stormcast For Wednesday, June 26th 2019
|
|
2019-06-25 |
Rig Exploit Kit sends Pitou.B Trojan |
|
2019-06-24 |
ISC Stormcast For Tuesday, June 25th 2019
|
|
2019-06-24 |
Extensive BGP Issues Affecting Cloudflare and possibly
others |
|
2019-06-23 |
ISC Stormcast For Monday, June 24th 2019 |
|
2019-06-21 |
ISC Stormcast For Friday, June 21st 2019 |
|
2019-06-21 |
Netstat Local and Remote -new and improved, now with more
PowerShell! |
|
2019-06-20 |
Using a Travel Packing App for Infosec Purpose |
|
2019-06-20 |
ISC Stormcast For Thursday, June 20th 2019
|
|
2019-06-19 |
Quick Detect: Exim "Return of the Wizard" Attack |
|
2019-06-19 |
Critical Actively Exploited WebLogic Flaw Patched CVE-2019-2729 |
|
2019-06-19 |
ISC Stormcast For Wednesday, June 19th 2019
|
|
2019-06-18 |
What You Need To Know About TCP "SACK Panic" |
|
2019-06-18 |
ISC Stormcast For Tuesday, June 18th 2019
|
|
2019-06-18 |
Malspam with password-protected Word docs pushing Dridex |
|
2019-06-17 |
An infection from Rig exploit kit |
|
2019-06-17 |
ISC Stormcast For Monday, June 17th 2019 |
|
2019-06-16 |
Sysmon Version 10: DNS Logging |
|
2019-06-14 |
ISC Stormcast For Friday, June 14th 2019 |
|
2019-06-14 |
A few Ghidra tips for IDA users, part 4 - function call
graphs |
|
2019-06-13 |
ISC Stormcast For Thursday, June 13th 2019
|
|
2019-06-13 |
What is "THAT" Address Doing on my Network |
|
2019-06-12 |
ISC Stormcast For Wednesday, June 12th 2019
|
|
2019-06-11 |
MSFT June 2019 Patch Tuesday |
|
2019-06-11 |
ISC Stormcast For Tuesday, June 11th 2019
|
|
2019-06-10 |
Interesting JavaScript Obfuscation Example |
|
2019-06-10 |
ISC Stormcast For Monday, June 10th 2019 |
|
2019-06-09 |
Tip: Sysmon Will Log DNS Queries |
|
2019-06-06 |
ISC Stormcast For Friday, June 7th 2019 |
|
2019-06-06 |
Keep an Eye on Your WMI Logs |
|
2019-06-06 |
New VMWare security advisory that affects VMware tools
and Workstation - more information at |
|
2019-06-06 |
Time is (partially) on our side: the new Exim
vulnerability |
|
2019-06-06 |
ISC Stormcast For Thursday, June 6th 2019
|
|
2019-06-05 |
Getting (proper) value out of security assessments |
|
2019-06-05 |
GoldBrute Botnet Brute Forcing 1.5 Million RDP Servers |
|
2019-06-05 |
Cisco Security
Advisories (2x HIGH) per PSIRT 05 JUN 2019: |
|
2019-06-05 |
ISC Stormcast For Wednesday, June 5th 2019
|
|
2019-06-04 |
ISC snapshot: r-cyber with rud.is |
|
2019-06-04 |
ISC Stormcast For Tuesday, June 4th 2019 |
|
2019-06-03 |
Tip: BASE64 Encoded PowerShell Scripts are Recognizable
by the Amount of Letter As |
|
2019-06-03 |
ISC Stormcast For Monday, June 3rd 2019 |
|
2019-05-31 |
Retrieving Second Stage Payload with Ncat |
|
2019-05-31 |
ISC Stormcast For Friday, May 31st 2019 |
|
2019-05-30 |
Analyzing First Stage Shellcode |
|
2019-05-30 |
ISC Stormcast For Thursday, May 30th 2019
|
|
2019-05-29 |
Behavioural Malware Analysis with Microsoft ASA |
|
2019-05-29 |
ISC Stormcast For Wednesday, May 29th 2019
|
|
2019-05-28 |
Office Document & BASE64? PowerShell! |
|
2019-05-28 |
ISC Stormcast For Tuesday, May 28th 2019 |
|
2019-05-27 |
nmap Service Fingerprint |
|
2019-05-26 |
Video: nmap Service Detection Customization |
|
2019-05-25 |
Do You Remember the SUBST Command? |
|
2019-05-24 |
ISC Stormcast For Friday, May 24th 2019 |
|
2019-05-23 |
Investigating an Odd DNS Query |
|
2019-05-22 |
ISC Stormcast For Thursday, May 23rd 2019
|
|
2019-05-22 |
An Update on the Microsoft Windows RDP "Bluekeep"
Vulnerability (CVE-2019-0708) [now with pcaps] |
|
2019-05-21 |
ISC Stormcast For Wednesday, May 22nd 2019
|
|
2019-05-21 |
Using Shodan Monitoring |
|
2019-05-20 |
ISC Stormcast For Tuesday, May 21st 2019 |
|
2019-05-20 |
CVE-2019-0604 Attack |
|
2019-05-19 |
ISC Stormcast For Monday, May 20th 2019 |
|
2019-05-19 |
Is Metadata Only Approach, Good Enough for Network
Traffic Analysis? |
|
2019-05-17 |
ISC Stormcast For Friday, May 17th 2019 |
|
2019-05-16 |
The Risk of Authenticated Vulnerability Scans |
|
2019-05-16 |
ISC Stormcast For Thursday, May 16th 2019
|
|
2019-05-15 |
ISC Stormcast For Wednesday, May 15th 2019
|
|
2019-05-14 |
VMWare just released a security update to address a DLL-hijacking
issue affecting VMware Workstation Pro / Player. Details:
|
|
2019-05-14 |
Microsoft May 2019 Patch Tuesday |
|
2019-05-14 |
ISC Stormcast For Tuesday, May 14th 2019 |
|
2019-05-13 |
From Phishing To Ransomware? |
|
2019-05-13 |
ISC Stormcast For Monday, May 13th 2019 |
|
2019-05-10 |
DSSuite - A Docker Container with Didier's Tools |
|
2019-05-10 |
ISC Stormcast For Friday, May 10th 2019 |
|
2019-05-09 |
ISC Stormcast For Thursday, May 9th 2019 |
|
2019-05-08 |
ISC Stormcast For Wednesday, May 8th 2019
|
|
2019-05-08 |
Email roulette, May 2019 |
|
2019-05-07 |
Vulnerable Apache Jenkins exploited in the wild |
|
2019-05-07 |
ISC Stormcast For Tuesday, May 7th 2019 |
|
2019-05-06 |
Text and Text |
|
2019-05-05 |
ISC Stormcast For Monday, May 6th 2019 |
|
2019-05-03 |
A few Ghidra tips for IDA users, part 3 - conversion,
labels, and comments |
|
2019-05-03 |
ISC Stormcast For Friday, May 3rd 2019 |
|
2019-05-02 |
ISC Stormcast For Thursday, May 2nd 2019 |
|
2019-05-01 |
VBA Office Document: Which Version? |
|
2019-05-01 |
Another Day, Another Suspicious UDF File |
|
2019-05-01 |
ISC Stormcast For Wednesday, May 1st 2019
|
|
2019-04-30 |
Introduction to KAPE |
|
2019-04-30 |
ISC Stormcast For Tuesday, April 30th 2019
|
|
2019-04-29 |
ISC Stormcast For Monday, April 29th 2019
|
|
2019-04-28 |
Update about Weblogic CVE-2019-2725 (Exploits Used in the
Wild, Patch Status) |
|
2019-04-27 |
Quick Tip for Dissecting CVE-2017-11882 Exploits |
|
2019-04-26 |
Pillaging Passwords from Service Accounts |
|
2019-04-26 |
ISC Stormcast For Friday, April 26th 2019
|
|
2019-04-25 |
Service Accounts Redux - Collecting Service Accounts with
PowerShell |
|
2019-04-25 |
Unpatched Vulnerability Alert - WebLogic Zero Day |
|
2019-04-25 |
ISC Stormcast For Thursday, April 25th 2019
|
|
2019-04-24 |
Finding Local Administrators on a Domain Member Stations |
|
2019-04-24 |
Where have all the Domain Admins gone? Rooting out
Unwanted Domain Administrators |
|
2019-04-24 |
ISC Stormcast For Wednesday, April 24th 2019
|
|
2019-04-23 |
Malicious VBA Office Document Without Source Code |
|
2019-04-22 |
ISC Stormcast For Tuesday, April 23rd 2019
|
|
2019-04-22 |
.rar Files and ACE Exploit CVE-2018-20250 |
|
2019-04-22 |
ISC Stormcast For Monday, April 22nd 2019
|
|
2019-04-19 |
Analyzing UDF Files with Python |
|
2019-04-19 |
ISC Stormcast For Friday, April 19th 2019
|
|
2019-04-18 |
ISC Stormcast For Thursday, April 18th 2019
|
|
2019-04-17 |
Malware Sample Delivered Through UDF Image |
|
2019-04-17 |
ISC Stormcast For Wednesday, April 17th 2019
|
|
2019-04-17 |
A few Ghidra tips for IDA users, part 2 - strings and
parameters |
|
2019-04-16 |
ISC Stormcast For Tuesday, April 16th 2019
|
|
2019-04-16 |
Odd DNS Requests that are Normal |
|
2019-04-15 |
ISC Stormcast For Monday, April 15th 2019
|
|
2019-04-13 |
Configuring MTA-STS and TLS Reporting For Your Domain |
|
2019-04-12 |
When Windows 10 Comes to Live: The First Few Minutes in
the Live of a Windows 10 System |
|
2019-04-12 |
ISC Stormcast For Friday, April 12th 2019
|
|
2019-04-11 |
How to Find Hidden Cameras in your AirBNB |
|
2019-04-11 |
ISC Stormcast For Thursday, April 11th 2019
|
|
2019-04-10 |
Blue + Red: An Infosec Purple Pyramid |
|
2019-04-09 |
ISC Stormcast For Wednesday, April 10th 2019
|
|
2019-04-09 |
Microsoft April 2019 Patch Tuesday |
|
2019-04-09 |
ISC Stormcast For Tuesday, April 9th 2019
|
|
2019-04-08 |
A few Ghidra tips for IDA users, part 1 - the decompiler/unreachable
code |
|
2019-04-07 |
ISC Stormcast For Monday, April 8th 2019 |
|
2019-04-07 |
Fake Office 365 Payment Information Update |
|
2019-04-05 |
Beagle: Graph transforms for DFIR data & logs |
|
2019-04-04 |
ISC Stormcast For Friday, April 5th 2019 |
|
2019-04-04 |
New Waves of Scans Detected by an Old Rule |
|
2019-04-04 |
ISC Stormcast For Thursday, April 4th 2019
|
|
2019-04-03 |
ISC Stormcast For Wednesday, April 3rd 2019
|
|
2019-04-03 |
A few Ghidra tips for IDA users, part 0 - automatic
comments for API call parameters |
|
2019-04-02 |
ISC Stormcast For Tuesday, April 2nd 2019
|
|
2019-04-02 |
Fake AV is Back: LaCie Network Drives Used to Spread
Malware |
|
2019-04-01 |
Analysis of PDFs Created with OpenOffice/LibreOffice |
|
2019-03-31 |
ISC Stormcast For Monday, April 1st 2019 |
|
2019-03-31 |
Maldoc Analysis of the Weekend by a Reader |
|
2019-03-30 |
"404" is not Malware |
|
2019-03-29 |
Annotating Golang binaries with Cutter and Jupyter |
|
2019-03-28 |
ISC Stormcast For Friday, March 29th 2019
|
|
2019-03-27 |
ISC Stormcast For Thursday, March 28th 2019
|
|
2019-03-27 |
Running your Own Passive DNS Service |
|
2019-03-26 |
ISC Stormcast For Wednesday, March 27th 2019
|
|
2019-03-25 |
ISC Stormcast For Tuesday, March 26th 2019
|
|
2019-03-25 |
"VelvetSweatshop" Maldocs: Shellcode Analysis |
|
2019-03-24 |
ISC Stormcast For Monday, March 25th 2019
|
|
2019-03-24 |
Decoding QR Codes with Python |
|
2019-03-23 |
"VelvetSweatshop" Maldocs |
|
2019-03-22 |
Introduction to analysing Go binaries |
|
2019-03-21 |
ISC Stormcast For Thursday, March 21st 2019
|
|
2019-03-21 |
New Wave of Extortion Emails: Central Intelligence Agency
Case |
|
2019-03-20 |
ISC Stormcast For Wednesday, March 20th 2019
|
|
2019-03-20 |
Using AD to find hosts that aren't in AD - fun with the [IPAddress]
construct! |
|
2019-03-19 |
ISC Stormcast For Wednesday, March 20th 2019
|
|
2019-03-18 |
Wireshark 3.0.0 and Npcap: Some Remarks |
|
2019-03-18 |
ISC Stormcast For Monday, March 18th 2019
|
|
2019-03-17 |
ISC Stormcast For Sunday, March 17th 2019
|
|
2019-03-17 |
Video: Maldoc Analysis: Excel 4.0 Macro |
|
2019-03-16 |
Maldoc: Excel 4.0 Macros |
|
2019-03-15 |
Binary Analysis with Jupyter and Radare2 |
|
2019-03-15 |
ISC Stormcast For Friday, March 15th 2019
|
|
2019-03-14 |
Tip: Ghidra & ZIP Files |
|
2019-03-13 |
ISC Stormcast For Wednesday, March 13th 2019
|
|
2019-03-13 |
Malspam pushes Emotet with Qakbot as the follow-up
malware |
|
2019-03-12 |
Microsoft March 2019 Patch Tuesday |
|
2019-03-12 |
Test Diary |
|
2019-03-12 |
ISC Stormcast For Tuesday, March 12th 2019
|
|
2019-03-11 |
Wireshark 3.0.0 and Npcap |
|
2019-03-10 |
ISC Stormcast For Monday, March 11th 2019
|
|
2019-03-10 |
Quick and Dirty Malicious HTA Analysis |
|
2019-03-10 |
Malicious HTA Analysis by a Reader |
|
2019-03-09 |
A Comparison Study of SSH Port Activity - TCP 22 & 2222 |
|
2019-03-08 |
Analysing meterpreter payload with Ghidra |
|
2019-03-08 |
ISC Stormcast For Friday, March 8th 2019 |
|
2019-03-07 |
ISC Stormcast For Thursday, March 7th 2019
|
|
2019-03-06 |
Keep an Eye on Disposable Email Addresses |
|
2019-03-06 |
March Edition of Ouch! Newsletter: Securely Disposing
Mobile Devices |
|
2019-03-06 |
ISC Stormcast For Wednesday, March 6th 2019
|
|
2019-03-06 |
Malspam with password-protected word docs still pushing
IcedID (Bokbot) with Trickbot |
|
2019-03-05 |
ISC Stormcast For Tuesday, March 5th 2019
|
|
2019-03-05 |
Powershell, Active Directory and the Windows Host
Firewall |
|
2019-03-04 |
ISC Stormcast For Monday, March 4th 2019 |
|
2019-03-01 |
Critical Cisco Wireless Patch for RV Series, CVE-2019-1663. |
|
2019-03-01 |
ISC Stormcast For Friday, March 1st 2019 |
|
2019-02-28 |
ISC Stormcast For Thursday, February 28th 2019
|
|
2019-02-28 |
Phishing impersonations |
|
2019-02-27 |
Maldoc Analysis by a Reader |
|
2019-02-27 |
ISC Stormcast For Wednesday, February 27th 2019
|
|
2019-02-26 |
Ad Blocking With Pi Hole |
|
2019-02-26 |
ISC Stormcast For Tuesday, February 26th 2019
|
|
2019-02-25 |
Sextortion Email Variant: With QR Code |
|
2019-02-25 |
ISC Stormcast For Monday, February 25th 2019
|
|
2019-02-24 |
Packet Editor and Builder by Colasoft |
|
2019-02-22 |
ISC Stormcast For Friday, February 22nd 2019
|
|
2019-02-21 |
Simple Powershell Keyloggers are Back |
|
2019-02-21 |
ISC Stormcast For Thursday, February 21st 2019
|
|
2019-02-20 |
ISC Stormcast For Wednesday, February 20th 2019
|
|
2019-02-20 |
More Russian language malspam pushing Shade (Troldesh)
ransomware |
|
2019-02-19 |
Identifying Files: Failure Happens |
|
2019-02-19 |
ISC Stormcast For Tuesday, February 19th 2019
|
|
2019-02-18 |
VMware Security Advisory Released: VMSA-2019-0001
|
|
2019-02-18 |
ISC Stormcast For Monday, February 18th 2019
|
|
2019-02-18 |
Know What You Are Logging |
|
2019-02-17 |
Video: Finding Property Values in Office Documents |
|
2019-02-16 |
Finding Property Values in Office Documents |
|
2019-02-15 |
ISC Stormcast For Friday, February 15th 2019
|
|
2019-02-14 |
Old H-Worm Delivered Through GitHub |
|
2019-02-14 |
Suspicious PDF Connecting to a Remote SMB Share |
|
2019-02-14 |
ISC Stormcast For Thursday, February 14th 2019
|
|
2019-02-13 |
ISC Stormcast For Wednesday, February 13th 2019
|
|
2019-02-13 |
Fake Updates campaign still active in 2019 |
|
2019-02-12 |
Microsoft February 2019 Patch Tuesday |
|
2019-02-12 |
ISC Stormcast For Tuesday, February 12th 2019
|
|
2019-02-11 |
Have You Seen an Email Virus Recently? |
|
2019-02-11 |
ISC Stormcast For Monday, February 11th 2019
|
|
2019-02-10 |
Video: Maldoc Analysis of the Weekend |
|
2019-02-09 |
Maldoc Analysis of the Weekend |
|
2019-02-08 |
ISC Stormcast For Friday, February 8th 2019
|
|
2019-02-07 |
Phishing Kit with JavaScript Keylogger |
|
2019-02-07 |
UAC is not all that bad really |
|
2019-02-06 |
ISC Stormcast For Thursday, February 7th 2019
|
|
2019-02-06 |
Hancitor malspam and infection traffic from Tuesday
2019-02-05 |
|
2019-02-06 |
ISC Stormcast For Wednesday, February 6th 2019
|
|
2019-02-05 |
Mitigations against Mimikatz Style Attacks |
|
2019-02-05 |
ISC Stormcast For Tuesday, February 5th 2019
|
|
2019-02-04 |
Wikipedia Articles as part of Tech Support Scamming
Campaigns? |
|
2019-02-04 |
Struts Vulnerability CVE-2017-5638 on VMware vCenter -
the Gift that Keeps on Giving |
|
2019-02-04 |
ISC Stormcast For Monday, February 4th 2019
|
|
2019-02-03 |
Video: Analyzing a Simple HTML Phishing Attachment |
|
2019-02-02 |
Scanning for WebDAV PROPFIND Exploiting CVE-2017-7269 |
|
2019-02-01 |
ISC Stormcast For Friday, February 1st 2019
|
|
2019-02-01 |
Sextortion: Follow the Money Part 3 - The cashout begins! |
|
2019-01-31 |
Tracking Unexpected DNS Changes |
|
2019-01-31 |
ISC Stormcast For Thursday, January 31st 2019
|
|
2019-01-30 |
CR19-010: The United States vs. Huawei |
|
2019-01-30 |
ISC Stormcast For Wednesday, January 30th 2019
|
|
2019-01-29 |
A Not So Well Done Phish (Why Attackers need to Implement
IPv6 Now! ;-) ) |
|
2019-01-29 |
ISC Stormcast For Tuesday, January 29th 2019
|
|
2019-01-28 |
Relaying Exchange?s NTLM authentication to domain admin (and
more) |
|
2019-01-28 |
ISC Stormcast For Monday, January 28th 2019
|
|
2019-01-27 |
Resolve to Be More Involved In Your Local Community -
REVISITED |
|
2019-01-26 |
Video: Analyzing Encrypted Malicious Office Documents |
|
2019-01-25 |
Are you Ready for DNS Flag Day? |
|
2019-01-25 |
ISC Stormcast For Friday, January 25th 2019
|
|
2019-01-24 |
Malspam with Word docs uses macro to run Powershell
script and steal system data |
|
2019-01-24 |
ISC Stormcast For Thursday, January 24th 2019
|
|
2019-01-23 |
ISC Stormcast For Wednesday, January 23rd 2019
|
|
2019-01-22 |
DNS Firewalling with MISP |
|
2019-01-22 |
ISC Stormcast For Tuesday, January 22nd 2019
|
|
2019-01-21 |
Suspicious GET Request: Do You Know What This Is? |
|
2019-01-21 |
ISC Stormcast For Monday, January 21st 2019
|
|
2019-01-18 |
Sextortion Bitcoin on the Move |
|
2019-01-18 |
ISC Stormcast For Friday, January 18th 2019
|
|
2019-01-16 |
ISC Stormcast For Wednesday, January 16th 2019
|
|
2019-01-15 |
Oracle Has Published 284 Security Updates in their
January Patch Advisory, More here: |
|
2019-01-15 |
Microsoft Publishes Patches for Skype for Business and
Team Foundation Server |
|
2019-01-14 |
ISC Stormcast For Tuesday, January 15th 2019
|
|
2019-01-14 |
Microsoft LAPS - Blue Team / Red Team |
|
2019-01-14 |
Still Running Windows 7? Time to think about that upgrade
project! |
|
2019-01-14 |
ISC Stormcast For Monday, January 14th 2019
|
|
2019-01-12 |
Snorpy a Web Base Tool to Build Snort/Suricata Rules |
|
2019-01-11 |
Quick Maldoc Analysis |
|
2019-01-11 |
ISC Stormcast For Friday, January 11th 2019
|
|
2019-01-10 |
ISC Stormcast For Thursday, January 10th 2019
|
|
2019-01-10 |
Heartbreaking Emails: "Love You" Malspam |
|
2019-01-09 |
Wireshark 2.4.12 & 2.6.6 released, vulns & bugs fixed - |
|
2019-01-09 |
gganimate: Animate YouR Security Analysis |
|
2019-01-09 |
ISC Stormcast For Wednesday, January 9th 2019
|
|
2019-01-08 |
Microsoft January 2019 Patch Tuesday |
|
2019-01-08 |
ISC Stormcast For Tuesday, January 8th 2019
|
|
2019-01-07 |
ISC Stormcast For Monday, January 7th 2019
|
|
2019-01-07 |
Analyzing Encrypted Malicious Office Documents |
|
2019-01-06 |
Malicious .tar Attachments |
|
2019-01-05 |
A Malicious JPEG? Second Example |
|
2019-01-04 |
A Malicious JPEG? |
|
2019-01-04 |
ISC Stormcast For Friday, January 4th 2019
|
|
2019-01-03 |
ISC Stormcast For Thursday, January 3rd 2019
|
|
2019-01-02 |
Malicious Script Leaking Data via FTP |
|
2019-01-02 |
Gift Card Scams on the rise |
|
2019-01-02 |
ISC Stormcast For Wednesday, January 2nd 2019
|
|
2019-01-02 |
Maldoc with Nonfunctional Shellcode |
|
2019-01-01 |
Make a Wheel in 2019! |