Updated: 2023-10-31 14:51:53
It has been a while that I did not find an interesting malicious Python script. All the scripts that I recently spotted were always the same:&#;x26;#;xc2;&#;x26;#;xa0;a classic intostealer using Discord as C2 channel. Today I found one that contains a lot of anti-sanboxing techniques. Let&#;x26;#;39;s review them. For malware, it&#;x26;#;39;s key to detect the environment where they are executed. When detonated inside a sandbox (automatically or, manually, by an Analyst), they will be able to change their behaviour (most likely, do nothing)
Updated: 2023-10-31 00:05:28
, , : Internet Storm Center Sign In Sign Up Handler on Duty : Xavier Mertens Threat Level : green previous next ISC Stormcast For Tuesday , October 31st , 2023 https : isc.sans.edu podcastdetail 8724 previous next Comments Login here to join the . discussion Top of page Ø Diary Archives Homepage Diaries Podcasts Jobs Data TCP UDP Port Activity Port Trends SSH Telnet Scanning Activity Weblogs Threat Feeds Activity Threat Feeds Map Useful InfoSec Links Presentations Papers Research Papers API Tools DShield Sensor DNS Looking Glass Honeypot RPi AWS InfoSec Glossary Contact Us Contact Us About Us Handlers Slack Channel Mastodon Twitter 2023 SANS™ Internet Storm Center Developers : We have an API for you Link To Us About Us Handlers Privacy Policy
Updated: 2023-10-30 01:43:13
The recent patch to iOS/macOS for CVE-2023-42846 made me think it is probably time to write up a reminder about the privacy impact of UPNP and multicast DNS. This is not a new issue, but it appears to have been forgotten a bit [vuln]. In particular, Apple devices are well-known for their verbose multicast DNS messages.
Updated: 2023-10-29 17:09:35
We are now at the end of the Cybersecurity Awareness month, it is important to remain digitally safe all year round [1][2][3].
Updated: 2023-10-28 11:54:41
Internet Storm Center Sign In Sign Up Handler on Duty : Xavier Mertens Threat Level : green previous next Size Matters for Many Security Controls Published 2023-10-28 Last Updated 2023-10-28 11:54:41 UTC by Xavier Mertens Version : 1 0 comment(s This week , I'm teaching FOR610 in Manchester , and while my students are busy resolving some challenges , I'm looking at my hunting results from the previous days . I found an interesting sample . The file was delivered via an email with a URL pointing to a well-known file-sharing service : nbsp hxxps : www[ . Mediafire[ . com file o3m15ydxnhlm9w0 New+Purchase+Order+pdf.tgz file . The file is not available anymore , but I was able to find it back on VirusTotal : New Purchase Order pdf.tgz
Updated: 2023-10-27 10:45:02
, , : Internet Storm Center Sign In Sign Up Handler on Duty : Xavier Mertens Threat Level : green previous next ISC Stormcast For Friday , October 27th , 2023 https : isc.sans.edu podcastdetail 8720 previous next Comments Login here to join the . discussion Top of page Ø Diary Archives Homepage Diaries Podcasts Jobs Data TCP UDP Port Activity Port Trends SSH Telnet Scanning Activity Weblogs Threat Feeds Activity Threat Feeds Map Useful InfoSec Links Presentations Papers Research Papers API Tools DShield Sensor DNS Looking Glass Honeypot RPi AWS InfoSec Glossary Contact Us Contact Us About Us Handlers Slack Channel Mastodon Twitter 2023 SANS™ Internet Storm Center Developers : We have an API for you Link To Us About Us Handlers Privacy Policy
Updated: 2023-10-26 00:56:27
It should be pretty easy to validate an IP address. IPv4 addresses are 32-bit unsigned integers, and IPv6 addresses are 128-bit unsigned integers. Things get "interesting" when developers attempt to validate IP addresses as a string. There have been a few interesting vulnerabilities around this issue (CVE-2021-28918, CVE-2021-29921, CVE-2021-29418).
Updated: 2023-10-25 19:01:33
Apple released iOS, iPadOS, macOS, tvOS, and Safari updates today. The iOS/macOS updates go back two "generations". This is particularly important for iOS 15, which now receives a patch for CVE-2023-32434, a vulnerability already exploited against earlier versions of iOS. This is also the only issue addressed for these earlier iOS versions.