ISC Stormcast For Wednesday, March 4th, 2026 https://isc.sans.edu/podcastdetail/9834, (Wed, Mar 4th)
Date inconnue(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Bruteforce Scans for CrushFTP , (Tue, Mar 3rd)
Date inconnueCrushFTP is a Java-based open source file transfer system. It is offered for multiple operating systems. If you run a CrushFTP instance, you may remember that the software has had some serious vulnerabilities: CVE-2024-4040 (the...
On Moltbook
Date inconnueThe MIT Technology Review has a good article on Moltbook, the supposed AI-only social network: Many people have pointed out that a lot of the viral comments were in fact posted by people posing as bots. But even the bot-written posts are...
HTB: Barrier
Date inconnueBarrier is a Linux box with GitLab, Authentik, and Apache Guacamole. I’ll exploit a SAML signature bypass vulnerability in GitLab’s Ruby SAML library to forge a SAML assertion and log in as admin. From GitLab’s CI/CD variables, I’ll recover an...
ISC Stormcast For Tuesday, March 3rd, 2026 https://isc.sans.edu/podcastdetail/9832, (Tue, Mar 3rd)
Date inconnue(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Introduction Avira Internet Security ships with a handful of modules that quietly handle privileged operations in the background: software updates, performance monitoring and system cleanup. Each one runs parts of its workflow as SYSTEM. Three of...
LLM-Assisted Deanonymization
Date inconnueTurns out that LLMs are good at de-anonymization: We show that LLM agents can figure out who you are from your anonymous online posts. Across Hacker News, Reddit, LinkedIn, and anonymized interview transcripts, our method identifies users with...
Quick Howto: ZIP Files Inside RTF, (Mon, Mar 2nd)
Date inconnueIn diary entry "Quick Howto: Extract URLs from RTF files" I mentioned ZIP files. There are OLE objects inside this RTF file: They can be analyzed with oledump.py like this: Options --storages and -E %CLSID% are used to show the abused CLSID....
Wireshark 4.6.4 Released, (Mon, Mar 2nd)
Date inconnueWireshark release 4.6.4 fixes 3 vulnerabilities and 15 bugs. Didier Stevens Senior handler blog.DidierStevens.com (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Overview of Content Published in February
Date inconnueHere is an overview of content I published in February: Blog posts: Update: rtfdump.py Version 0.0.14 Update: rtfdump.py Version 0.0.15 SANS ISC Diary entries: YARA-X 1.13.0 Release Quick Howto: Extract URLs from RTF files
ISC Stormcast For Monday, March 2nd, 2026 https://isc.sans.edu/podcastdetail/9830, (Mon, Mar 2nd)
Date inconnue(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
HTB: Guardian
Date inconnueGuardian is a Linux box hosting a university portal built with PHP. I’ll exploit an IDOR in the chat feature to find Gitea credentials, then use the source code to identify a vulnerability in PhpSpreadsheet that allows XSS through a malicious...
Friday Squid Blogging: Squid Fishing in Peru
Date inconnuePeru has increased its squid catch limit. The article says “giant squid,” but they can’t possibly mean that. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.
Fake Fedex Email Delivers Donuts!, (Fri, Feb 27th)
Date inconnueIt’s Friday, let’s have a look at another simple piece of malware to close a busy week! I received a Fedex notification about a delivery. Usually, such emails are simple phishing attacks that redirect you to a fake login page to collect your...
Why Tehran’s Two-Tiered Internet Is So Dangerous
Date inconnueIran is slowly emerging from the most severe communications blackout in its history and one of the longest in the world. Triggered as part of January’s government crackdown against citizen protests nationwide, the regime implemented an internet...
Phishing Attacks Against People Seeking Programming Jobs
Date inconnueThis is new. North Korean hackers are posing as company recruiters, enticing job candidates to participate in coding challenges. When they run the code they are supposed to work on, it installs malware on their system. News article.
ISC Stormcast For Friday, February 27th, 2026 https://isc.sans.edu/podcastdetail/9828, (Fri, Feb 27th)
Date inconnue(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
LLMs Generate Predictable Passwords
Date inconnueLLMs are bad at generating passwords: There are strong noticeable patterns among these 50 passwords that can be seen easily: All of the passwords start with a letter, usually uppercase G, almost always followed by the digit 7. Character choices...
Finding Signal in the Noise: Lessons Learned Running a Honeypot with AI Assistance [Guest Diary], (Tue, Feb 24th)
Date inconnue[This is a Guest Diary by Austin Bodolay, an ISC intern as part of the SANS.edu BACS program] Over the past several months, I have gained practical insight into the challenges of deploying and operating a honeypot, even within a relatively simple...
ISC Stormcast For Thursday, February 26th, 2026 https://isc.sans.edu/podcastdetail/9826, (Thu, Feb 26th)
Date inconnue(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Aucun article de sécurité disponible