Reverse engineers must have a good understanding of the environment where malware are executed (read: the operating system). In a previous diary, I talked about malicious code that could be executed when loading a DLL[1]. Today, Iâll show you how...
ISC Stormcast For Friday, January 9th, 2026 https://isc.sans.edu/podcastdetail/9760, (Fri, Jan 9th)
Date inconnue(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Who Benefited from the Aisuru and Kimwolf Botnets?
Date inconnueOur first story of 2026 revealed how a destructive new botnet called Kimwolf has infected more than two million devices by mass-compromising a vast number of unofficial Android TV streaming boxes. Today, weâll dig through digital clues left...
Happy 23rd Birthday TaoSecurity Blog
Date inconnueHappy birthday TaoSecurity Blog, born on this day in 2003!The best way to digest the key lessons from this site is to browse my four volume Best of TaoSecurity Blog book series, published in 2020. It's available in print as seen here, or as a...
AI & Humans: Making the Relationship Work
Date inconnueLeaders of many organizations are urging their teams to adopt agentic AI to improve efficiency, but are finding it hard to achieve any benefit. Managers attempting to add AI agents to existing human teams may find that bots fail to faithfully...
ISC Stormcast For Thursday, January 8th, 2026 https://isc.sans.edu/podcastdetail/9758, (Thu, Jan 8th)
Date inconnue(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
I'm always looking for new ways of manipulating the data captured by my DShield sensor [1]. This time I used Gephi [2] and Graphiz [3] a popular and powerful tool for visualizing and exploring relationships between nodes, to examine the...
Clang Hardening Cheat Sheet - Ten Years Later
Date inconnueIntroduction Ten years ago, we published on this blog a Clang Hardening Cheat Sheet. The original post walked through essential hardening techniques available at the time, such as FORTIFY_SOURCE checks, ASLR via position-independent code, stack...
The New York City Wegmanâs is collecting biometric information about customers.
Malicious use of QR codes has long been ubiquitous, both in the real world as well as in electronic communication. This is hardly surprising given that a scan of a QR code can lead one to a phishing page as easily as clicking a link in an e-mail....
ISC Stormcast For Wednesday, January 7th, 2026 https://isc.sans.edu/podcastdetail/9756, (Wed, Jan 7th)
Date inconnue(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
A Cyberattack Was Part of the US Assault on Venezuela
Date inconnueWe donât have many details: President Donald Trump suggested Saturday that the U.S. used cyberattacks or other technical capabilities to cut power off in Caracas during strikes on the Venezuelan capital that led to the capture of Venezuelan...
Tool Review: Tailsnitch, (Tue, Jan 6th)
Date inconnueIn yesterday's podcast, I mentioned "tailsnitch", a new tool to audit Tailscale configurations. Tailscale is an easy-to-use overlay to Wireshark. It is probably best compared to STUN servers in VoIP in that it allows devices behind NAT to connect...
ISC Stormcast For Tuesday, January 6th, 2026 https://isc.sans.edu/podcastdetail/9754, (Tue, Jan 6th)
Date inconnue(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Holiday Hack 2025: Spare Key
Date inconnueIntroduction Spare KeyDifficulty:â â â â â Help Goose Barry near the pond identify which identity has been granted excessive Owner permissions at the subscription level, violating the principle of least privilege. Barry the Goose is next to Grace by...
Introduction Blob Storage Challenge in the NeighborhoodDifficulty:â â â â â Help the Goose Grace near the pond find which Azure Storage account has been misconfigured to allow public blob access by analyzing the export file. Grace the Goose is over by...
Holiday Hack 2025: Intro to Nmap
Date inconnueIntroduction Intro to NmapDifficulty:â â â â â Meet Eric in the hotel parking lot for Nmap know-how and scanning secrets. Help him connect to the wardriving rig on his motorcycle! Eric Pursley is in the hotel parking lot with a motorcycle: Eric...
Holiday Hack 2025: Visual Firewall Thinger
Date inconnueIntroduction Visual Firewall ThingerDifficulty:â â â â â Find Elgee in the big hotel for a firewall frolic and some techy fun. Chris Elgee is in the NetWars room in the Hotel: Chris Elgee Oh hi! Am I on the road again? I should buy souvenirs for the...
Holiday Hack 2025: Visual Networking Thinger
Date inconnueIntroduction Visual Networking ThingerDifficulty:â â â â â Skate over to Jared at the frozen pond for some network magic and learn the ropes by the hockey rink. Iâll find Jared over at the frozen pond: Jared Folkins Jared Folkins here! My favorite...
Introduction Santa's Gift-Tracking Service Port MysteryDifficulty:â â â â â Chat with Yori near the apartment building about Santa's mysterious gift tracker and unravel the holiday mystery. Yori is outside the apartment building: Yori Kvitchko Hi! Iâm...
Aucun article de sécurité disponible