• ISC Stormcast For Friday, March 31st, 2023 https://isc.sans.edu/podcastdetail.html?id=8434, (Fri, Mar 31st)

    Updated: 2023-03-31 02:00:02
    In my last Diary[1], I shortly mentioned the need for correctly set Content Security Policy and/or the obsolete[2] X-Frame-Options HTTP security headers (not just) in order to prevent phishing pages, which overlay a fake login prompt over a legitimate website, from functioning correctly. Or, to be more specific, to prevent them from dynamically loading a legitimate page in an iframe under the fake login prompt, since this makes such phishing websites look much less like a legitimate login page and thus much less effective.

  • A PAM Innovation Story How Privilege Management for… BeyondTrust BeyondTrust

    Updated: 2023-03-31 01:40:22
    : BeyondTrust Skip to content Skip to content Products Products All Products All Products Integrations Integrations Solutions Solutions By Use Case By Use Case By Industry By Industry Resources Resources Resource Center Resource Center Events Events Support Support Professional Services Professional Services Customers Customers Customer Support Customer Support Professional Services Professional Services User Groups User Groups Case Studies Case Studies Partners Partners Find a Partner Find a Partner Integration Partners Integration Partners Become a Partner Become a Partner About About Get Started View a Demo Choose a product Password Safe Privilege Management Privileged Remote Access Remote Support I agree to receive product related communications from BeyondTrust as detailed in the

  • ISC Stormcast For Thursday, March 30th, 2023 https://isc.sans.edu/podcastdetail.html?id=8432, (Thu, Mar 30th)

    Updated: 2023-03-30 02:00:02
    Yesterday, I found a malicious PowerShell script that was heavily obfuscated. The filename is “B0A4.ps1"[1] (SHA256:b4814c8db16ecdd7904e81186715bf2a4b4ba28ef5853a41a8f59824f47f8f24), reported with a very low score on VirusTotal: 6/58. The file size is abnormal for a script like this (496KB). A first look at it reveals that it has been strongly obfuscated:

  • ISC Stormcast For Wednesday, March 29th, 2023 https://isc.sans.edu/podcastdetail.html?id=8430, (Wed, Mar 29th)

    Updated: 2023-03-29 02:00:02
    Reader Martin asks us for some help extracting embedded content from a submitted malicious document.

  • Network Data Collector Placement Makes a Difference, (Tue, Mar 28th)

    Updated: 2023-03-28 18:03:01
    A previous diary [1] described processing some local PCAP data with Zeek. This data was collected using tcpdump on a DShield Honeypot. When looking at the Zeek connection logs, the connection state information was unexpected. To help understand why, we will compare data from different locations on the network and process the data in a similar way. This will help narrow down where the discrepancies might be coming from, or at least where they are not coming from. Some initial factors considered:

  • ISC Stormcast For Tuesday, March 28th, 2023 https://isc.sans.edu/podcastdetail.html?id=8428, (Tue, Mar 28th)

    Updated: 2023-03-28 02:20:01
    A previous diary [1] described processing some local PCAP data with Zeek. This data was collected using tcpdump on a DShield Honeypot. When looking at the Zeek connection logs, the connection state information was unexpected. To help understand why, we will compare data from different locations on the network and process the data in a similar way. This will help narrow down where the discrepancies might be coming from, or at least where they are not coming from. Some initial factors considered:

  • Mitigating the Sudoedit Privilege Escalation… BeyondTrust BeyondTrust

    Updated: 2023-03-16 18:00:36
    BeyondTrust Skip to content Skip to content Products Products All Products All Products Integrations Integrations Solutions Solutions By Use Case By Use Case By Industry By Industry Resources Resources Resource Center Resource Center Events Events Support Support Professional Services Professional Services Customers Customers Customer Support Customer Support Professional Services Professional Services User Groups User Groups Case Studies Case Studies Partners Partners Find a Partner Find a Partner Integration Partners Integration Partners Become a Partner Become a Partner About About Get Started View a Demo Choose a product Password Safe Privilege Management Privileged Remote Access Remote Support I agree to receive product related communications from BeyondTrust as detailed in the

  • What is Identity Threat Detection Response ITDR and… BeyondTrust BeyondTrust

    Updated: 2023-03-11 06:47:27
    BeyondTrust Skip to content Skip to content Products Products All Products All Products Integrations Integrations Solutions Solutions By Use Case By Use Case By Industry By Industry Resources Resources Resource Center Resource Center Events Events Support Support Professional Services Professional Services Customers Customers Customer Support Customer Support Professional Services Professional Services User Groups User Groups Case Studies Case Studies Partners Partners Find a Partner Find a Partner Integration Partners Integration Partners Become a Partner Become a Partner About About Get Started View a Demo Choose a product Password Safe Privilege Management Privileged Remote Access Remote Support I agree to receive product related communications from BeyondTrust as detailed in the

  • BeyondTrust BeyondTrust

    Updated: 2023-03-06 20:11:34
    BeyondTrust Skip to content Skip to content Products Products All Products All Products Integrations Integrations Solutions Solutions By Use Case By Use Case By Industry By Industry Resources Resources Resource Center Resource Center Events Events Support Support Professional Services Professional Services Customers Customers Customer Support Customer Support Professional Services Professional Services User Groups User Groups Case Studies Case Studies Partners Partners Find a Partner Find a Partner Integration Partners Integration Partners Become a Partner Become a Partner About About Get Started View a Demo Choose a product Password Safe Privilege Management Privileged Remote Access Remote Support I agree to receive product related communications from BeyondTrust as detailed in the

Current Feed Items | Previous Months Items

Feb 2023 | Jan 2023 | Dec 2022 | Nov 2022 | Oct 2022 | Sep 2022