Clik here to view.
/dev/random: [SANS ISC] Searching for Base64-encoded PE Files
I published the following diary on isc.sans.org: “Searching for Base64-encoded PE Files“.When hunting for suspicious activity, it’s always a good idea to search for Microsoft Executables. They are easy...
View ArticleSANS Internet Storm Center, InfoCON: green: Searching for Base64-encoded PE...
When hunting for suspicious activity, its always a good idea to search for Microsoft Executables. They are easy to identify: They start with the characters MZ at the beginning of the file[1]. But, to...
View ArticleClik here to view.
Didier Stevens: That Is Not My Child Process!
Years ago I released a tool to create a Windows process with selected parent process: SelectMyParent.You can not blindly trust parent-child process relations in Windows: the parent of a process can be...
View ArticleSANS Internet Storm Center, InfoCON: green: ISC Stormcast For Monday, March...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleClik here to view.
Infosec Events: Week 12 In Review – 2017
Events RelatedBSidesSF 2017– www.youtube.com Security BSides San Francisco is a two-day information security conference. It is a conference by the community for the community.Hackers Earns big at...
View ArticleClik here to view.
contagio: DeepEnd Research: Analysis of Trump's secret server story
We posted our take on the Trump's server story. If you have any feedback or corrections, send me an email (see my blog profile on Contagio or DeepEnd Research)Analysis of Trump's secret server story...
View ArticleClik here to view.
Un informático en el lado del mal: How To: Saltarse el login de un Honeywell...
Las técnicas “Pass-the-hash” y "Pass-the-ticket" se basan en la posibilidad de autenticarse en un sistema protegido con autenticación débil (usuario y contraseña) sin la necesidad de poseer nada más...
View ArticleSANS Internet Storm Center, InfoCON: green: What is really being proxied?,...
An observation from the road, was with a client recently and the discussion of proxy entered into the conversation. Now before we get all Political and start dropping packet bombs, a technical...
View ArticleClik here to view.
Darknet - The Darkside: SessionGopher – Session Extraction Tool
SessionGopher is a PowerShell Session Extraction tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote...
View ArticleFortinet FortiGuard Blog: FortiGuard Labs Telemetry – Round up of 2016 IoT...
IP cameras were the second most attacked devices in 2015, at around 363,000 hits. But in 2016 the number dropped to approximately 36,000 hits
View ArticleFortinet FortiGuard Blog: Join Fortinet at IBM InterConnect 2017
Fortinet is participating in IBM’s premier industry event, the IBM InterConnect 2017 conference, this week, from March 19-23 in Las Vegas
View ArticleClik here to view.
ArsTechnica: Security Content: A simple command allows the CIA to commandeer...
Cisco Systems said that more than 300 models of switches it sells contain a critical vulnerability that allows the CIA to use a simple command to remotely execute malicious code that takes full control...
View ArticleClik here to view.
/dev/random: TROOPERS 2017 Day #1 Wrap-Up
I’m in Heidelberg (Germany) for the 10th edition of the TROOPERS conference. The regular talks are scheduled on Wednesday and Thursday. The two first days are reserved for some trainings and a...
View ArticleClik here to view.
Un informático en el lado del mal: Big Data Security Tales: Apache CouchDB...
Han pasado unos meses desde que escribí el último artículo dedicado a la serie de Big Data Security Tales que centré en Kibana y ElasticSearch, así que hoy es un buen día para volver a ella. En...
View ArticleClik here to view.
ArsTechnica: Security Content: Firefox gets complaint for labeling...
Enlarge/ Passwords help keep hackers like this out, but passwords are pretty terrible. (credit: TeachPrivacy)The operator of a website that accepts subscriber logins only over unencrypted HTTP pages...
View ArticleSANS Internet Storm Center, InfoCON: green: Malspam with password-protected...
IntroductionOn Monday 2017-03-20, the ISC received a notification through our contact page. Someone reported numerous items of malicious spam (malspam) sent to addresses at his organization. The...
View ArticleSANS Internet Storm Center, InfoCON: green: ISC Stormcast For Tuesday, March...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleClik here to view.
Dancho Danchev's Blog - Mind Streams of Information Security Knowledge:...
Dear, blog readers, are, you, on Twitter? Feel, free, to, follow me. Enjoy!
View ArticleClik here to view.
Dancho Danchev's Blog - Mind Streams of Information Security Knowledge:...
Dear blog readers, as I'm currently busy launching a private security community, I decided, to publicly announce, its, existence. Topics of discussion: - cybercrime research - threat intelligence -...
View ArticleClik here to view.
Dancho Danchev's Blog - Mind Streams of Information Security Knowledge:...
Dear blog readers, I'm currently seeking an investment regarding a cybercrime research project, with, the, project, proposal, available, on request. Send your proposal at: ddanchev@protonmail.ch
View Article