Author Archives: SANS Internet Storm Center, InfoCON: green

A few days ago I wrote a diary called “Malicious Script Delivering More Maliciousness”[1]. In the malware infection chain, there was a JPEG picture that embedded the last payload delimited with “BaseStart-” and “-BaseEnd” tags.

Continue reading Tracking Malware Campaigns With Reused Material, (Wed, Feb 18th)→

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Continue reading ISC Stormcast For Wednesday, February 18th, 2026 https://isc.sans.edu/podcastdetail/9814, (Wed, Feb 18th)→

This morning, I received an interesting phishing email. I&#;x26;#;xe2;&#;x26;#;x80;&#;x26;#;x99;ve a &#;x26;#;xe2;&#;x26;#;x80;&#;x26;#;x9c;love &#;x26; hate&#;x26;#;xe2;&#;x26;#;x80;&#;x9d; relation with such emails because I always have the impression to lose time when reviewing them but sometimes it&#;x26;#;xe2;&#;x26;#;x80;&#;x26;#;x99;s a win because you spot interesting &#;x26;#;xe2;&#;x26;#;x80;&#;x26;#;x9c;TTPs&#;x26;#;xe2;&#;x26;#;x80;&#;x9d; (&#;x26;#;xe2;&#;x26;#;x80;&#;x26;#;x9c;tools, techniques &#;x26;&#;xc2;&#;xa0; procedures&#;x26;#;xe2;&#;x26;#;x80;&#;x9d;). Maybe one day, I&#;x26;#;39;ll try to automate this process!

Continue reading Fake Incident Report Used in Phishing Campaign, (Tue, Feb 17th)→

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Continue reading ISC Stormcast For Tuesday, February 17th, 2026 https://isc.sans.edu/podcastdetail/9812, (Tue, Feb 17th)→

In 2022 (time flies!), I wrote a diary about the 32-bits VS. 64-bits malware landscape[1]. It demonstrated that, despite the growing number of 64-bits computers, the “old-architecture” remained the standard. In the SANS malware reversing training (FOR610[2]), we quickly cover the main differences between the two architectures. One of the conclusions is that 32-bits code is still popular because it acts like a comme denominator and allows threat actors to target more Windows computers. Yes, Microsoft Windows can smoothly execute 32-bits code on 64-bits computers. It is still the case in 2026? Did the situation evolved?

Continue reading 2026 64-Bits Malware Trend, (Mon, Feb 16th)→

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Continue reading ISC Stormcast For Monday, February 16th, 2026 https://isc.sans.edu/podcastdetail/9810, (Mon, Feb 16th)→

Unstructured text to interactive knowledge graph via LLM & SPO triplet extraction

Continue reading AI-Powered Knowledge Graph Generator & APTs, (Thu, Feb 12th)→

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Continue reading ISC Stormcast For Friday, February 13th, 2026 https://isc.sans.edu/podcastdetail/9808, (Fri, Feb 13th)→

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Continue reading ISC Stormcast For Thursday, February 12th, 2026 https://isc.sans.edu/podcastdetail/9806, (Thu, Feb 12th)→

[This is a Guest Diary by Johnathan Husch, an ISC intern as part of the SANS.edu BACS program]

Continue reading Four Seconds to Botnet – Analyzing a Self Propagating SSH Worm with Cryptographically Signed C2 [Guest Diary], (Wed, Feb 11th)→