Wireshark 4.4.0 is now available, (Sat, Aug 31st)
Updated: 2024-08-31 05:56:41
This is the first 4.4 release. Many new features have been added, details are here.
ISC Stormcast For Friday, August 30th, 2024 https://isc.sans.edu/podcastdetail/9120, (Fri, Aug 30th)
Updated: 2024-08-30 02:00:02This is the first 4.4 release. Many new features have been added, details are here.ISC Stormcast For Thursday, August 29th, 2024 https://isc.sans.edu/podcastdetail/9118, (Thu, Aug 29th)
Updated: 2024-08-29 02:00:02In my previous diary[1], I explained why Python became popular for attackers. One of the given reason was that, from Python scripts, it's possible to call any Windows API and, therefore, perform low-level activities on the system. In another script, besides a classic code injection in a remote process, I found an implementation of another goold old technique: live patching of a DLL.ISC Stormcast For Wednesday, August 28th, 2024 https://isc.sans.edu/podcastdetail/9116, (Wed, Aug 28th)
Updated: 2024-08-28 02:00:02In my previous diary[1], I explained why Python became popular for attackers. One of the given reason was that, from Python scripts, it's possible to call any Windows API and, therefore, perform low-level activities on the system. In another script, besides a classic code injection in a remote process, I found an implementation of another goold old technique: live patching of a DLL.Why Is Python so Popular to Infect Windows Hosts?, (Tue, Aug 27th)
Updated: 2024-08-27 10:24:42It has been a while since I started to track how Python is used in the Windows eco-system&#;x26;#;x5b;1&#;x26;#;x5d;. Almost every day I find new pieces of malicious Python scripts. The programming language itself is not malicious. There are plenty of reasons to use Python on Windows. Think about all Didier&#;x26;#;39;s tools&#;x26;#;x5b;2&#;x26;#;x5d;, Most of them are written in Python!ISC Stormcast For Tuesday, August 27th, 2024 https://isc.sans.edu/podcastdetail/9114, (Tue, Aug 27th)
Updated: 2024-08-27 02:00:02It has been a while since I started to track how Python is used in the Windows eco-system&#;x26;#;x5b;1&#;x26;#;x5d;. Almost every day I find new pieces of malicious Python scripts. The programming language itself is not malicious. There are plenty of reasons to use Python on Windows. Think about all Didier&#;x26;#;39;s tools&#;x26;#;x5b;2&#;x26;#;x5d;, Most of them are written in Python!How to Inspect TLS Encrypted Traffic
Updated: 2024-08-07 11:40:00
Do you want to analyze decrypted TLS traffic in Wireshark or let an IDS, like Suricata, Snort or Zeek, inspect the application layer data of potentially malicious TLS encrypted traffic? There are many different TLS inspection solutions to choose from, but not all of them might be suitable for the sp[...]