Collaborate Disseminate
You can send your address (from, whatever) with the data.
For me, it’s logical to verify the domain’s IP (from whatever) with the sender’s IP.
This would mean, that you have to register a domain to send phishing emails.
Another point, of c… Continue reading Are phishing emails domain depending? [closed]
My network sniffer for websites has discovered a number of hosting domains in the report which I can not correctly assign to categories. I don’t know if there are providers behind these domains that load tags or trackers or if malware/adwa… Continue reading Looking for origin/ verification of malicious domain names
I work in a place where system admins can run any EXE on any computers in the building without any logs. In my first years, I didn’t think anything bad would come out from this situation until I realized that one day keylogger injected int… Continue reading How to protect myself from malevolent system admin? [closed]
I published the following diary on isc.sans.edu: “Attackers Will Always Abuse Major Events in our Lifes“: All major events in our daily life are potential sources of revenue for attackers. When elections or major sports events are organized, attackers will surf on these waves and try to make some profit or
The post [SANS ISC] Attackers Will Always Abuse Major Events in our Lifes appeared first on /dev/random.
Continue reading [SANS ISC] Attackers Will Always Abuse Major Events in our Lifes
When I create domain user account with denied interactive logon, what are real security risks when hacker gets the password?
http://paulasitblog.blogspot.com/2017/01/deny-interactive-logon-for-service.html
Computer Configuration / Windows… Continue reading What are security risks of a domain user accounts with denied interactive logon?
We are moving users and computers/servers from an old domain to a new one within our company. The domains are managed using Active Directory.
What are the security risks, considerations, and controls I need to consider to allow a secure mi… Continue reading What are the security risks when doing domain migration of users and computers?
My company has a domain name that we use to serve our customers, say company.com for the main website, app.company.com for the web application and api.company.com. These are all public domains that our customers connect to use our services… Continue reading Should I have another domain name for my company internal tools
17 domains used in Business Email Compromise (BEC) scams have been seized by Microsoft’s Digital Crimes Unit (DCU), following an investigation by the software giant into attacks that could have stolen millions of dollars from innocent firms.
Read mo… Continue reading Homoglyph domains used in BEC scams shut down by Microsoft
For my personal use, I bought a domain for internal ssl validation for my pfsense. I was able to get the LetsEncrypt’s ACME script to successfully validate my domain and produce an ssl certificate for a subdomain. I setup my pfsense to use… Continue reading How does DNS-01 validation for LetsEncrypt know what the right IP address is?
Domains impersonating companies and their brand names still pose a significant threat—research from Digital Shadows released today found that on average 1,100 fake websites are registered against individual organizations annually. And with commercial … Continue reading Spoofed Domains Still a Persistent Threat