• ISC Stormcast For Wednesday, March 12th, 2025 https://isc.sans.edu/podcastdetail/9360, (Wed, Mar 12th)

    Updated: 2025-03-12 02:00:02
    , , : Internet Storm Center Sign In Sign Up Handler on Duty : Johannes Ullrich Threat Level : green previous My next : class Application Security : Securing Web Apps , APIs , and Microservices Orlando Apr 13th Apr 18th 2025 ISC Stormcast For Wednesday , March 12th , 2025 https : isc.sans.edu podcastdetail 9360 My next : class Application Security : Securing Web Apps , APIs , and Microservices Orlando Apr 13th Apr 18th 2025 previous Comments Login here to join the . discussion Top of page Ø Diary Archives Homepage Diaries Podcasts Jobs Data TCP UDP Port Activity Port Trends SSH Telnet Scanning Activity Weblogs Threat Feeds Activity Threat Feeds Map Useful InfoSec Links Presentations Papers Research Papers API Tools DShield Sensor DNS Looking Glass Honeypot RPi AWS InfoSec Glossary Contact

  • Microsoft Patch Tuesday: March 2025, (Tue, Mar 11th)

    Updated: 2025-03-11 17:52:02
    The March patch Tuesday looks like a fairly light affair, with only 51 vulnerabilities total and only six rated as critical. However, this patch Tuesday also includes six patches for already exploited, aka "0-Day" vulnerabilities. None of the already exploited vulnerabilities are rated as critical.

  • ISC Stormcast For Tuesday, March 11th, 2025 https://isc.sans.edu/podcastdetail/9358, (Tue, Mar 11th)

    Updated: 2025-03-11 02:00:02
    The March patch Tuesday looks like a fairly light affair, with only 51 vulnerabilities total and only six rated as critical. However, this patch Tuesday also includes six patches for already exploited, aka "0-Day" vulnerabilities. None of the already exploited vulnerabilities are rated as critical.

  • Shellcode Encoded in UUIDs, (Mon, Mar 10th)

    Updated: 2025-03-10 08:23:57
    I returned from another FOR610[1] class last week in London. One key tip I give to my students is to keep an eye on "strange" API calls. In the Windows ecosystem, Microsoft offers tons of API calls to developers. The fact that an API is used in a program does not always mean we are facing malicious code, but sometimes, some of them are derived from their official purpose. One of my hunting rules for malicious scripts is to search for occurrences of the ctypes[2] library. It allows Python to call functions in DLLs or shared libraries.

  • ISC Stormcast For Monday, March 10th, 2025 https://isc.sans.edu/podcastdetail/9356, (Mon, Mar 10th)

    Updated: 2025-03-10 02:00:02
    I returned from another FOR610[1] class last week in London. One key tip I give to my students is to keep an eye on "strange" API calls. In the Windows ecosystem, Microsoft offers tons of API calls to developers. The fact that an API is used in a program does not always mean we are facing malicious code, but sometimes, some of them are derived from their official purpose. One of my hunting rules for malicious scripts is to search for occurrences of the ctypes[2] library. It allows Python to call functions in DLLs or shared libraries.

  • Commonly Probed Webshell URLs, (Sun, Mar 9th)

    Updated: 2025-03-09 15:28:12
    Looking over some weblogs on my way back from class in Baltimore, I feel a reminder is appropriate that (a) weblogs are still a thing and (b) what some of the common webshells are that attackers are looking for.

  • ISC Stormcast For Friday, March 7th, 2025 https://isc.sans.edu/podcastdetail/9354, (Fri, Mar 7th)

    Updated: 2025-03-07 02:45:24
    Looking over some weblogs on my way back from class in Baltimore, I feel a reminder is appropriate that (a) weblogs are still a thing and (b) what some of the common webshells are that attackers are looking for.

  • ISC Stormcast For Thursday, March 6th, 2025 https://isc.sans.edu/podcastdetail/9352, (Thu, Mar 6th)

    Updated: 2025-03-06 02:45:34
    Looking over some weblogs on my way back from class in Baltimore, I feel a reminder is appropriate that (a) weblogs are still a thing and (b) what some of the common webshells are that attackers are looking for.

  • DShield Traffic Analysis using ELK, (Thu, Mar 6th)

    Updated: 2025-03-06 00:54:44
    Using the Kibana interface, sometimes it can be difficult to find traffic of interest since there can be so much of it. The 3 logs used for traffic analysis are cowrie, webhoneypot and the firewall logs. Other options to add to the honeypot are packet capture, netflow and Zeek.

  • ISC Stormcast For Wednesday, March 5th, 2025 https://isc.sans.edu/podcastdetail/9350, (Wed, Mar 5th)

    Updated: 2025-03-05 02:00:02
    Using the Kibana interface, sometimes it can be difficult to find traffic of interest since there can be so much of it. The 3 logs used for traffic analysis are cowrie, webhoneypot and the firewall logs. Other options to add to the honeypot are packet capture, netflow and Zeek.

  • How to set PCAP as default save file format in Wireshark

    Updated: 2025-02-25 10:33:00
    Did you know that there is a setting in Wireshark for changing the default save file format from pcapng to pcap? In Wireshark, click Edit, Preferences. Then select Advanced and look for the capture.pcap_ng setting. Change the value to FALSE if you want Wireshark to save packets in the pcap file form[...]

Previous Months Items

Feb 2025 | Jan 2025 | Dec 2024 | Nov 2024 | Oct 2024 | Sep 2024