Author Archives: SANS Internet Storm Center, InfoCON: green

[This is a Guest Diary by Taylor House, an ISC intern as part of the SANS.edu Bachelor's Degree in Applied Cybersecurity (BACS) program [1].]

Continue reading [Guest Diary] Distracting the Analyst for Fun and Profit, (Tue, Sep 23rd)→

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Continue reading ISC Stormcast For Tuesday, September 23rd, 2025 https://isc.sans.edu/podcastdetail/9624, (Tue, Sep 23rd)→

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Continue reading ISC Stormcast For Monday, September 22nd, 2025 https://isc.sans.edu/podcastdetail/9622, (Mon, Sep 22nd)→

Looking at our web honeypot data, I came across an odd new request header I hadn&#;x26;#;39;t seen before: “X-Forwarded-App”. My first guess was that this is yet another issue with a proxy-server bucket brigade spilling secrets when a particular “App” is connecting to it. So I dove in a bit deeper, and found requests like this:

Continue reading Help Wanted: What are these odd reuqests about?, (Sun, Sep 21st)→

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Continue reading ISC Stormcast For Friday, September 19th, 2025 https://isc.sans.edu/podcastdetail/9620, (Fri, Sep 19th)→

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Continue reading ISC Stormcast For Thursday, September 18th, 2025 https://isc.sans.edu/podcastdetail/9618, (Thu, Sep 18th)→

[This is a Guest Diary by Nathan Smisson, an ISC intern as part of the SANS.edu BACS program]

Continue reading Exploring Uploads in a Dshield Honeypot Environment [Guest Diary], (Thu, Sep 18th)→

When you’re debugging a malware sample, you probably run it into a debugger and define some breakpoints. The idea is to take over the program control before it will perform “interesting” actions. Usually, we set breakpoints on memory management API call (like VirtualAlloc()) or process activities (like CreateProcess(), CreateRemoteThread(), …).

Continue reading CTRL-Z DLL Hooking, (Wed, Sep 17th)→

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Continue reading ISC Stormcast For Wednesday, September 17th, 2025 https://isc.sans.edu/podcastdetail/9616, (Wed, Sep 17th)→

The recent (and still ongoing) phishing of NPM developer accounts showed yet again that even technically sophisticated and aware users are falling for phishing lures. Anybody will fall for phishing if a well-targeted e-mail is used.

Continue reading Why You Need Phishing Resistant Authentication NOW., (Tue, Sep 16th)→