SANS Internet Storm Center, InfoCON: green – Page 4

Reconstructing an Akira Ransomware Kill Chain from Perimeter and Endpoint Logs, (Wed, May 27th)

Posted on May 27, 2026 by SANS Internet Storm Center, InfoCON: green

Most Akira write-ups focus on the ransom note or the encryption routine. By the time those show up the interesting forensic work is over. The questions that matter to defenders sit earlier. How did they get in. When did they get domain admin. What did they touch before the binary fired. Those answers live in the days before impact. They sit in two log sources that almost never get joined. The perimeter firewall and the Windows event channel.

Continue reading Reconstructing an Akira Ransomware Kill Chain from Perimeter and Endpoint Logs, (Wed, May 27th)→

ISC Stormcast For Wednesday, May 27th, 2026 https://isc.sans.edu/podcastdetail/9946, (Wed, May 27th)

Posted on May 27, 2026 by SANS Internet Storm Center, InfoCON: green

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Continue reading ISC Stormcast For Wednesday, May 27th, 2026 https://isc.sans.edu/podcastdetail/9946, (Wed, May 27th)→

ISC Stormcast For Tuesday, May 26th, 2026 https://isc.sans.edu/podcastdetail/9944, (Tue, May 26th)

Posted on May 26, 2026 by SANS Internet Storm Center, InfoCON: green

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Continue reading ISC Stormcast For Tuesday, May 26th, 2026 https://isc.sans.edu/podcastdetail/9944, (Tue, May 26th)→

Possible ACR Stealer From Page Impersonating Claude, (Tue, May 26th)

Posted on May 26, 2026 by SANS Internet Storm Center, InfoCON: green

Introduction

Continue reading Possible ACR Stealer From Page Impersonating Claude, (Tue, May 26th)→

Microsoft Access VBA, (Mon, May 25th)

Posted on May 25, 2026 by SANS Internet Storm Center, InfoCON: green

Microsoft Access files (Microsoft Office&#;x26;#;39;s Database) can contain VBA code.

Continue reading Microsoft Access VBA, (Mon, May 25th)→

Microsoft Access VBA, (Mon, May 25th)

Posted on May 25, 2026 by SANS Internet Storm Center, InfoCON: green

Microsoft Access files (Microsoft Office&#;x26;#;39;s Database) can contain VBA code.

Continue reading Microsoft Access VBA, (Mon, May 25th)→

TeamPCP Supply Chain Campaign: Activity Through 2026-05-24, (Mon, May 25th)

Posted on May 25, 2026 by SANS Internet Storm Center, InfoCON: green

TeamPCP now operates across three package ecosystems in parallel, it reached GitHub&#;x26;#;39;s own internal codebase, it trojanized an officially Microsoft-published Python SDK, and it appears to have open-sourced its own framework on GitHub.

Continue reading TeamPCP Supply Chain Campaign: Activity Through 2026-05-24, (Mon, May 25th)→

TeamPCP Supply Chain Campaign: Activity Through 2026-05-24, (Mon, May 25th)

Posted on May 25, 2026 by SANS Internet Storm Center, InfoCON: green

Continue reading TeamPCP Supply Chain Campaign: Activity Through 2026-05-24, (Mon, May 25th)→

Wireshark 4.6.6 Released, (Sun, May 24th)

Posted on May 24, 2026 by SANS Internet Storm Center, InfoCON: green

Wireshark release 4.6.6 fixes 1 vulnerability and 11 bugs.

Continue reading Wireshark 4.6.6 Released, (Sun, May 24th)→

An Example of Stack String in High Level Language, (Sat, May 23rd)

Posted on May 23, 2026 by SANS Internet Storm Center, InfoCON: green

This week, I’m attending the SEC670[1] training (â€œRed Teaming Tools – Developing Windows Implants, Shellcode, Command and Controlâ€). From my point of view, this training fits perfectly with FOR610 or FOR710 (malware analysis) because it addresses malware from the opposite: Instead of performing reverse engineering, you write malicious code! Always interesting to have another point of view.

Continue reading An Example of Stack String in High Level Language, (Sat, May 23rd)→