SANS Internet Storm Center – Page 12

[SANS ISC] When Security Controls Lead to Security Issues

Posted on November 18, 2020 by Xavier

I published the following diary on isc.sans.edu: “When Security Controls Lead to Security Issues“: The job of security professionals is to protect customers’ assets and, even more, today, customers’ data. The security landscape is full of solutions that help to improve security by detecting (and blocking) threats knocking on the

The post [SANS ISC] When Security Controls Lead to Security Issues appeared first on /dev/random.

Continue reading [SANS ISC] When Security Controls Lead to Security Issues→

[SANS ISC] When Security Controls Lead to Security Issues

Posted on November 18, 2020 by Xavier

The post [SANS ISC] When Security Controls Lead to Security Issues appeared first on /dev/random.

Continue reading [SANS ISC] When Security Controls Lead to Security Issues→

[SANS ISC] Old Worm But New Obfuscation Technique

Posted on November 13, 2020 by Xavier

I published the following diary on isc.sans.edu: “Old Worm But New Obfuscation Technique“: Yesterday I found an interesting JavaSvript script delivered through a regular phishing campaign (SHA256:70c0b9d1c88f082bad6ae01fef653da6266d0693b24e08dcb04156a629dd6f81) and has a VT score of 17/61. The script obfuscation is simple but effective: the malicious code is decoded and passed to an eval()

The post [SANS ISC] Old Worm But New Obfuscation Technique appeared first on /dev/random.

Continue reading [SANS ISC] Old Worm But New Obfuscation Technique→

[SANS ISC] How Attackers Brush Up Their Malicious Scripts

Posted on November 9, 2020 by Xavier

I published the following diary on isc.sans.edu: “How Attackers Brush Up Their Malicious Scripts“: On Friday, I received a bunch of alerts from one of my YARA hunting rules. Several samples were submitted from the same account (through the VT API), from the same country (US), and in a very

The post [SANS ISC] How Attackers Brush Up Their Malicious Scripts appeared first on /dev/random.

Continue reading [SANS ISC] How Attackers Brush Up Their Malicious Scripts→

[SANS ISC] Did You Spot “Invoke-Expression”?

Posted on November 5, 2020 by Xavier

I published the following diary on isc.sans.edu: “Did You Spot “Invoke-Expression”?“:

When a PowerShell script is obfuscated, the deobfuscation process is, most of the time, performed through the Invoke-Expression cmdlet. In… Continue reading [SANS ISC] Did You Spot “Invoke-Expression”?→

[SANS ISC] Quick Status of the CAA DNS Record Adoption

Posted on October 30, 2020 by Xavier

I published the following diary on isc.sans.edu: “Quick Status of the CAA DNS Record Adoption“: In 2017, we already published a guest diary about “CAA” or “Certification Authority Authorization”. I was curious about the status of this technique and the adoption level in 2020. Has it been adopted massively since

The post [SANS ISC] Quick Status of the CAA DNS Record Adoption appeared first on /dev/random.

Continue reading [SANS ISC] Quick Status of the CAA DNS Record Adoption→

[SANS ISC] Mirai-alike Python Scanner

Posted on October 20, 2020 by Xavier

I published the following diary on isc.sans.edu: “Mirai-alike Python Scanner“: Last week, I found an interesting Python script that behaves like a Mirai bot. It scans for vulnerable devices exposing their telnet (TCP/23) interface in the wild, then tries to connect using a dictionary of credentials. The script has been uploaded to

The post [SANS ISC] Mirai-alike Python Scanner appeared first on /dev/random.

Continue reading [SANS ISC] Mirai-alike Python Scanner→

[SANS ISC] Nicely Obfuscated Python RAT

Posted on October 15, 2020 by Xavier

I published the following diary on isc.sans.edu: “Nicely Obfuscated Python RAT“: While hunting, I found an interesting Python script. It matched one of my YARA rules due to the interesting list of imports but the content itself was nicely obfuscated. The script SHA256 hash is c5c8b428060bcacf2f654d1b4d9d062dfeb98294cad4e12204ee4aa6e2c93a0b and the current VT score

The post [SANS ISC] Nicely Obfuscated Python RAT appeared first on /dev/random.

Continue reading [SANS ISC] Nicely Obfuscated Python RAT→

[SANS ISC] Analysis of a Phishing Kit

Posted on October 2, 2020 by Xavier

I published the following diary on isc.sans.edu: “Analysis of a Phishing Kit“:

Sometimes, attackers make mistakes and allow security researchers to access interesting resources. This time, it’s another phishing kit that was left i… Continue reading [SANS ISC] Analysis of a Phishing Kit→

[SANS ISC] Managing Remote Access for Partners & Contractors

Posted on September 29, 2020 by Xavier

I published the following diary on isc.sans.edu: “Managing Remote Access for Partners & Contractors“: Yesterday, I wrote a quick diary about a potential security issue that some Tyler customers faced. Some people reacted to my diary with interesting comments in our forums. Two of them were interesting and deserve some

The post [SANS ISC] Managing Remote Access for Partners & Contractors appeared first on /dev/random.

Continue reading [SANS ISC] Managing Remote Access for Partners & Contractors→