10°C
peu nuageux
RustyKey starts as an assume breach Windows AD box, with initial creds provided for a low privilege account. I’ll collect BloodHound data and find some interesting computer accounts. I’ll Timeroast and crack the password for one of these computer...
This is just a quick diary entry to report that I saw requests on my honeypot for (code) repositories: /.git/logs/refs/remotes/origin/main /.git/objects/info /.github /.github/dependabot.yml /.github/funding.yml /.github/ISSUE_TEMPLATE...
The second season of the Netflix reality competition show Squid Game: The Challenge has dropped. (Too many links to pick a few—search for it.) As usual, you can also use this squid post to talk about the security stories in the news that I...
Over the past few decades, it’s become easier and easier to create fake receipts. Decades ago, it required special paper and printers—I remember a company in the UK advertising its services to people trying to cover up their affairs. Then,...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Introduction Security is a core concern in the development of any open-source project. To ensure reliability and resilience, many teams choose to conduct independent audits that help identify potential weaknesses and strengthen their systems. In...
I'm hosting a new podcast for Corelight. Check out my first episode with our field CTO, Vince Stoffer. Expect new episodes every two weeks. This is no buddy cop discussion -- max content, minimum banter, in about 15 minutes!...
The Department of Justice has indicted thirty-one people over the high-tech rigging of high-stakes poker games. In a typical legitimate poker game, a dealer uses a shuffling machine to shuffle the cards randomly before dealing them to all the...
[This is a Guest Diary by David Hammond, an ISC intern as part of the SANS.edu BACS program] My last college credit on my way to earning a bachelor's degree was an internship opportunity at the Internet Storm Center. A great opportunity, but one...
For the past week, domains associated with the massive Aisuru botnet have repeatedly usurped Amazon, Apple, Google and Microsoft in Cloudflare’s public ranking of the most frequently requested websites. Cloudflare responded by redacting Aisuru...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
For several years, we have offered a "new domain" list of recently registered (or, more accurately, recently discovered) domains. This list is offered via our API (https://isc.sans.edu/api). However, the size of the list has been causing issues,...
For many in the research community, it’s gotten harder to be optimistic about the impacts of artificial intelligence. As authoritarianism is rising around the world, AI-generated “slop” is overwhelming legitimate media, while AI-generated...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Apple released its expected set of operating system upgrades. This is a minor feature upgrade that also includes fixes for 110 different vulnerabilities. As usual for Apple, many of the vulnerabilities affect multiple operating systems. None of...
Microsoft is warning of a scam involving online payroll systems. Criminals use social engineering to steal people’s credentials, and then divert direct deposits into accounts that they control. Sometimes they do other things to make it harder for...
Dump has a website that collects packets on a specific port. It can also handle PCAP uploads and download all the current PCAP files in a zip archive. I’ll abuse wildcard injection in the zip command with some carefully crafted filenames to get...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
In March I created a Windows Application Using Visual Studio Code, Cline, OpenRouter, and Claude. This was a program that created square screen captures. The user doesn't need to manually ensure the dimensions are a square. The program makes the...
XWiki describes itself as "The Advanced Open-Source Enterprise Wiki" and considers itself an alternative to Confluence and MediaWiki. In February, XWiki released an advisory (and patch) for an arbitrary remote code execution vulnerability....
Aucun article de sécurité disponible