17°C
peu nuageux
[This is a Guest Diary by Austin Bodolay, an ISC intern as part of the SANS.edu BACS program] Over the past several months, I have gained practical insight into the challenges of deploying and operating a honeypot, even within a relatively simple...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
[This is a guest diary contributed by Claire Perry (LinkedIn)] The structural integrity of modern society is predicated upon a dense and often opaque network of interconnected systems. For decades, the modeling of these systems remained siloed...
All it takes to poison AI training data is to create a website: I spent 20 minutes writing an article on my personal website titled âThe best tech journalists at eating hot dogs.â Every word is a lie. I claimed (without evidence) that competitive...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
In 2010, OWASP added "Unvalidated Redirects and Forwards" to its Top 10 list and merged it into "Sensitive Data Exposure" in 2013. Open redirects are often overlooked, and their impact is not always well understood. At first, it does not look...
Politicians fixate on the global race for technological supremacy between US and China. They debate geopolitical implications of chip exports, latest model releases from each country, and military applications of AI. Someday, they believe, we...
Bruno is a Windows Active Directory box. Iâll start by finding a .NET sample scanning application on FTP, and after reverse engineering it, discover a ZipSlip vulnerability in how it handles zip archives. Combining that with a DLL hijack, Iâll...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Je colle ci-dessous mes notes que je commenterai ensuite Mardi 17 février vers 10h15Bus [xxx]Un homme taille moyenne blanc lunettes noires bonnet barbe courte.Il agresse verbalement le chauffeur en haussant la voix et en le traitant de connard.Le...
In his last two diaries, Xavier discussed recent malware campaigns that download JPEG files with embedded malicious payload[1,2]. At that point in time, Iâve not come across the malicious âMSI imageâ myself, but while I was going over malware...
Good article on password managers that secretly have a backdoor. New research shows that these claims arenât true in all cases, particularly when account recovery is in place or password managers are set to share vaults or organize users into...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Giveback starts with a WordPress website with a donation plugin thatâs vulnerable to a RCE exploit. Iâll get a shell in a Kubernetes pod, and use it to scan an internal legacy app running PHP-CGI. Iâll abuse a vulnerability in that application to...
Introduction For at least the past year or so, I've been receiving Japanese-language phishing emails to my blog email addresses at @malware-traffic-analysis.net. I'm not Japanese, but I suppose my blog's email addresses ended up on a list used by...
This is a fix for option âyarastrings. rtfdump_V0_0_15.zip (http)MD5: C70F327DDC11B549A399B2F85B2B9607SHA256: 9EFDEB5978372BD93065BCDAB6486DAECA4CB7E2EDA15DD5BD4C98AF69FB19A7
I like this one. As usual, you can also use this squid post to talk about the security stories in the news that I havenât covered. Blog moderation policy.
Itâs a demonstration of how toxic the surveillance-tech company Flock has become when Amazonâs Ring cancels the partnership between the two companies. As Hamilton Nolan advises, remove your Ring doorbell.
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
This update adds option -C (âcombinations). When this option is used together with -j (âjsonoutput), 2 extra versions of each stream are added. One with option -H enabled, and one with option -H and -S enabled. rtfdump_V0_0_14.zip (http)MD5:...
Aucun article de sécurité disponible