Collaborate Disseminate
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Continue reading ISC Stormcast For Friday, August 29th, 2025 https://isc.sans.edu/podcastdetail/9592, (Fri, Aug 29th)
I noticed recently that we have more and more requests for ZIP files in our web honeypot logs. Over the last year, we have had a substantial increase in these requests.
Continue reading Increasing Searches for ZIP Files, (Thu, Aug 28th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Continue reading ISC Stormcast For Thursday, August 28th, 2025 https://isc.sans.edu/podcastdetail/9590, (Thu, Aug 28th)
In most attack scenarios, attackers have to perform a crucial operation: to load a shellcode in memory and execute it. This is often performed in a three-step process:
Continue reading Interesting Technique to Launch a Shellcode, (Wed, Aug 27th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Continue reading ISC Stormcast For Wednesday, August 27th, 2025 https://isc.sans.edu/podcastdetail/9588, (Wed, Aug 27th)
International domain names (IDN) continue to be an interesting topic. For the most part, they are probably less of an issue than some people make them out to be, given that popular browsers like Google Chrome are pretty selective in displaying them. But on the other hand, they are still used legitimately or not, and keeping a handle on them is interesting.
Continue reading Getting a Better Handle on International Domain Names and Punycode, (Tue, Aug 26th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Continue reading ISC Stormcast For Tuesday, August 26th, 2025 https://isc.sans.edu/podcastdetail/9586, (Tue, Aug 26th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Continue reading ISC Stormcast For Monday, August 25th, 2025 https://isc.sans.edu/podcastdetail/9584, (Mon, Aug 25th)
While studying for the GX-FE &#;x26;#;x5b;1&#;x26;#;x5d;, I started exploring the “Position” value in the registry that helps to tell Microsoft Word where you “left off”. It&#;x26;#;39;s a feature many people that use Word have seen on numerous occasions and is explored in FOR500: Windows Forensic Analysis &#;x26;#;x5b;2&#;x26;#;x5d;.
Continue reading Reading Location Position Value in Microsoft Word Documents, (Mon, Aug 25th)
The Internet Storm Center and DShield websites are about 25 years old. Back in the day, I made some questionable decisions that I have never quite cleaned up later. One of these decisions was to use a “15 character 0-padded” format for IP addresses. This format padded each byte in the IP address with leading 0&#;x26;#;39;s, ensuring that they were all 15 characters long (including the &#;x26;#;39;.&#;x26;#;39;).