Handler on Duty: Didier Stevens
Threat Level: green
Guy Bruneau Diaries
- Kickstart Your DShield Honeypot [Guest Diary]
- OSINT - Image Analysis or More Where, When, and Metadata [Guest Diary]
- Time-to-Live Analysis of DShield Data with Vega-Lite
- Hygiene, Hygiene, Hygiene! [Guest Diary]
- Attack Surface [Guest Diary]
- Vega-Lite with Kibana to Parse and Display IP Activity over Time
- Mapping Threats with DNSTwist and the Internet Storm Center [Guest Diary]
- Same Scripts, Different Day: What My DShield Honeypot Taught Me About the Importance of Security Fundamentals [Guest Diary]
- Who You Gonna Call? AndroxGh0st Busters! [Guest Diary]
- What Setting Live Traps for Cybercriminals Taught Me About Security [Guest Diary]
- No Excuses, Free Tools to Help Secure Authentication in Ubuntu Linux [Guest Diary]
- The Art of JQ and Command-line Fu [Guest Diary]
- Is that It? Finding the Unknown: Correlations Between Honeypot Logs & PCAPs [Guest Diary]
- Analysis of ?redtail? File Uploads to ICS Honeypot, a Multi-Architecture Coin Miner [Guest Diary]
- Linux Trojan - Xorddos with Filename eyshcjdmzg
- A Use Case for Adding Threat Hunting to Your Security Operations Team. Detecting Adversaries Abusing Legitimate Tools in A Customer Environment. [Guest Diary]
- Gamified Learning: Using Capture the Flag Challenges to Supplement Cybersecurity Training [Guest Diary]
- What happens when you accidentally leak your AWS API keys? [Guest Diary]
- Capturing DShield Packets with a LAN Tap [Guest Diary]
- Scanning for Confluence CVE-2022-26134
- Utilizing the VirusTotal API to Query Files Uploaded to DShield Honeypot [Guest Diary]
- Mirai-Mirai On The Wall... [Guest Diary]
- DShield Sensor Log Collection with Elasticsearch
- Suspicious Prometei Botnet Activity
- Unveiling the Mirai: Insights into Recent DShield Honeypot Activity [Guest Diary]
- How to Protect your Webserver from Directory Enumeration Attack ? Apache2 [Guest Diary]
- T-shooting Terraform for DShield Honeypot in Azure [Guest Diary]
- Honeypots: From the Skeptical Beginner to the Tactical Enthusiast
- Revealing the Hidden Risks of QR Codes [Guest Diary]
- Decoding the Patterns: Analyzing DShield Honeypot Activity [Guest Diary]
- CVE-2023-1389: A New Means to Expand Botnets
- Routers Targeted for Gafgyt Botnet [Guest Diary]
- Spam or Phishing? Looking for Credentials & Passwords
- Domain Name Used as Password Captured by DShield Sensor
- Scanning for Laravel - a PHP Framework for Web Artisants
- ?Anyone get the ASN of the Truck that Hit Me?!?: Creating a PowerShell Function to Make 3rd Party API Calls for Extending Honeypot Information [Guest Diary]
- Potential Weaponizing of Honeypot Logs [Guest Diary]
- How I made a qwerty ?keyboard walk? password generator with ChatGPT [Guest Diary]
- SystemBC Malware Activity
- DShield Sensor Monitoring with a Docker ELK Stack [Guest Diary]
- Install & Configure Filebeat on Raspberry Pi ARM64 to Parse DShield Sensor Logs
- Email Spam with Attachment Modiloader
- DShield Honeypot Activity for May 2023
- We Can no Longer Ignore the Cost of Cybersecurity
- DShield Sensor Update
- Using Linux grep and Windows findstr to Manipulate Files
- Microsoft Released an Update for Windows Snipping Tool Vulnerability
- AsynRAT Trojan - Bill Payment (Pago de la factura)
- Spear Phishing Handlers for Username/Password
- Assemblyline as a Malware Analysis Sandbox
- DShield Sensor JSON Log to Elasticsearch
- DShield Sensor JSON Log Analysis
- DShield Sensor Setup in Azure
- Exchange OWASSRF Exploited for Remote Code Execution
- Infostealer Malware with Double Extension
- VMware Security Updates
- Linux LOLBins Applications Available in Windows
- McAfee Fake Antivirus Phishing Campaign is Back!
- Windows Malware with VHD Extension
- Malware - Covid Vaccination Supplier Declaration
- Phishing Word Documents with Suspicious URL
- HTTP/2 Packet Analysis with Wireshark
- Phishing HTML Attachment as Voicemail Audio Transcription
- Analysis of SSH Honeypot Data with PowerBI
- Excel 4 Emotet Maldoc Analysis using CyberChef
- Spam Email Contains a Very Large ISO file
- Phishing PDF Received in my ISC Mailbox
- Are Roku Streaming Devices Safe from Exploitation?
- Is buying Cyber Insurance a Must Now?
- Using Snort IDS Rules with NetWitness PacketDecoder
- DHL Spear Phishing to Capture Username/Password
- SIEM In this Decade, Are They Better than the Last?
- 10 Most Popular Targeted Ports in the Past 3 Weeks
- Exchange Server - Email Trapped in Transport Queues
- A Review of Year 2021
- Searching for Exposed ASUS Routers Vulnerable to CVE-2021-20090
- Hikvision Security Cameras Potentially Exposed to Remote Code Execution
- Remote Desktop Protocol (RDP) Discovery
- Apache is Actively Scan for CVE-2021-41773 & CVE-2021-42013
- Scanning for Previous Oracle WebLogic Vulnerabilities
- Shipping to Elasticsearch Microsoft DNS Logs
- Filter JSON Data by Value with Linux jq
- Scanning for Microsoft Exchange eDiscovery
- Unsolicited DNS Queries
- Scanning for Microsoft Secure Socket Tunneling Protocol
- CVE-2019-9670: Zimbra Collaboration Suite XXE vulnerability
- Fortinet Targeted for Unpatched SSL VPN Discovery Activity
- Spear-phishing Email Targeting Outlook Mail Clients
- Who is Probing the Internet for Research Purposes?
- Base64 Hashes Used in Web Scanning
- Building an IDS Sensor with Suricata & Zeek with Logs to ELK
- Malware Analysis with elastic-agent and Microsoft Sandbox
- Microsoft DHCP Logs Shipped to ELK
- Pretending to be an Outlook Version Update
- Using Logstash to Parse IPtables Firewall Logs
- PacketSifter as Network Parsing and Telemetry Tool
- Obfuscated DNS Queries
- Protecting Home Office and Enterprise in 2021
- Secure Communication using TLS in Elasticsearch
- Is IP 91.199.118.137 testing Access to aahwwx.52host.xyz?
- Detecting Actors Activity with Threat Intel
- Cryptojacking Targeting WebLogic TCP/7001
- An Alternative to Shodan, Censys with User-Agent CensysInspect/1.1
- Scanning for SOHO Routers
- Analysis of a Salesforce Phishing Emails
- Remote Desktop (TCP/3389) and Telnet (TCP/23), What might they have in Common?
- Scanning Activity Include Netcat Listener
- Scanning Activity for ZeroShell Unauthenticated Access
- Scanning Home Internet Facing Devices to Exploit
- tcp-honeypot.py Logstash Parser & Dashboard Update
- Mirai Botnet Activity
- Windows 10 Built-in Packet Sniffer - PktMon
- Scanning for Outlook Web Access (OWA) & Microsoft Exchange Control Panel (ECP)
- Phishing PDF with Unusual Hostname
- Maldoc Falsely Represented as DOCX Invoice Redirecting to Fake Apple Store
- Maldoc XLS Invoice with Excel 4 Macros
- Honeypot - Scanning and Targeting Devices & Services
- VPN Access and Activity Monitoring
- Hazelcast IMDG Discover Scan
- SOAR or not to SOAR?
- Is Threat Hunting the new Fad?
- ELK Dashboard and Logstash parser for tcp-honeypot Logs
- ELK Dashboard for Pihole Logs
- Integrating Pi-hole Logs in ELK with Logstash
- Local Malware Analysis with Malice
- Fake Netflix Update Request by Text
- Unusual Activity with Double Base64 Encoding
- Scanning Activity for NVMS-9000 Digital Video Recorder
- Unidentified Scanning Activity
- Are there any Advantages of Buying Cyber Security Insurance?
- Re-evaluating Network Security - It is Increasingly More Complex
- Guidance to Protect DNS Against Hijacking & Scanning for Version.BIND Still a Thing
- Is Metadata Only Approach, Good Enough for Network Traffic Analysis?
- Fake Office 365 Payment Information Update
- A Comparison Study of SSH Port Activity - TCP 22 & 2222
- Packet Editor and Builder by Colasoft
- Scanning for WebDAV PROPFIND Exploiting CVE-2017-7269
- Snorpy a Web Base Tool to Build Snort/Suricata Rules
- Scanning Activity, end Goal is to add Hosts to Mirai Botnet
- Random Port Scan for Open RDP Backdoor
- Multipurpose PCAP Analysis Tool
- Latest Release of rockNSM 2.1
- Apple Security Updates
- Using RITA for Threat Analysis
- Hello Peppa! - PHP Scans
- Capture and Analysis of User Agents
- Scans Attempting to use PowerShell to Download PHP Script
- Scanning for Apache Struts Vulnerability CVE-2017-5638
- Blackhole Advertising Sites with Pi-hole
- SSH Scans by Clients Types
- What are your Security Challenges for 2018?
- Exim Remote Code Exploit
- Benefits associated with the use of Open Source Software
- VBE Embeded Script (info.zip)
- jsonrpc Scanning for root account
- rockNSM as a Incident Response Package
- tshark 2.4 New Feature - Command Line Export Objects
- Text Banking Scams
- Mapping Use Cases to Logs. Which Logs are the Most Important to Collect?
- CyberChef a Must Have Tool in your Tool bag!
- Microsoft Released Guidance for WannaCrypt
- IPFire - A Household Multipurpose Security Gateway
- Honeypot Logs and Tracking a VBE Script
- It is Tax Season - Watch out for Suspicious Attachment
- Unpatched Microsoft Edge and IE Bug
- Request for Packets and Logs - TCP 5358
- Using daemonlogger as a Software Tap
- Bitcoin Miner File Upload via FTP
- Request for Packets TCP 4786 - CVE-2016-6385
- Is there an Infosec Cybersecurity Talent Shortage?
- Multiple Cisco Products affected by IKEv1 Vulnerability
- Spam with Obfuscated Javascript
- Is Data Privacy part of your Company's Culture?
- DNS Sinkhole ISO Version 2.0
- Analysis of a Distributed Denial of Service (DDoS)
- INetSim as a Basic Honeypot
- Highlights from the 2016 HPE Annual Cyber Threat Report
- A Look at the Mandiant M-Trends 2016 Report
- RFC 6598 - Carrier Grade NAT
- OpenSSL Security Update Planned for 1 March Release
- Wireshark Fixes Several Bugs and Vulnerabilities
- VMware VMSA-2015-0007.3 has been Re-released
- Windows 10 and System Protection for DATA Default is OFF
- OpenSSL 1.0.2 Advisory and Update
- What are you Concerned the Most in 2016?
- Are you looking to setup your own Malware Sandbox?
- OpenDNS Research Used to Predict Threat
- Nmap 7.00 is out!
- Data Visualization,What is your Tool of Choice?
- Adobe Acrobat and Reader Pre-Announcement
- Are you a "Hunter"?
- PHP 5.x Security Updates
- Is Windows XP still around in your Network a year after Support Ended?
- Business Value in "Big Data"
- 'Dead Drops' Hidden USB Sticks Around the World
- Blind SQL Injection against WordPress SEO by Yoast
- Should it be Mandatory to have an Independent Security Audit after a Breach?
- Beware of Phishing and Spam Super Bowl Fans!
- Strange & Random GET PHP Queries
- Site www.nfc.usda.gov and www.usda.gov Currently Down
- Do you have a Data Breach Response Plan?
- justniffer a Packet Analysis Tool
- Apple Multiple Security Updates
- Microsoft MSRT October Update
- What has Bash and Heartbleed Taught Us?
- PHP Fixes Several Bugs in Version 5.4 and 5.5
- Web Scan looking for /info/whitelist.pac
- NSS Labs Cyber Resilience Report
- Management and Control of Mobile Device Security
- Malware Analysis with pedump
- Java Support ends for Windows XP
- BIND Security Update for CVE-2014-3859
- efax Spam Containing Malware
- Microsoft May Patch Pre-Announcement
- Verizon 2014 Data Breach Report
- New Project by Linux Foundation - Core Infrastructure Initiative
- Android Users - Beware of Bitcoin Mining Malware
- Interested in a Heartbleed Challenge?
- Heartbleed Fix Available for Download for Cisco Products
- OpenSSL CVE-2014-0160 Fixed
- How the Compromise of a User Account Lead to a Spam Incident
- Microsoft March Patch Pre-Announcement
- Finding in Cisco's Annual Security Report
- Notification Glitch - Multiple New Diary Notifications
- tcpflow 1.4.4 and some of its most Interesting Features
- Strange DNS Queries - Request for Packets
- Microsoft December Patch Pre-Announcement
- Suspected Active Rovnix Botnet Controller
- VMware ESX 4.x Security Advisory
- Sagan as a Log Normalizer
- IE Zero-Day Vulnerability Exploiting msvcrt.dll
- Active Perl/Shellbot Trojan
- VMware Release Multiple Security Updates
- Microsoft September Patch Pre-Announcement
- Multiple Cisco Security Notice
- Snort IDS Sensor with Sguil New ISO Released
- Business Risks and Cyber Attacks
- Wireshark 1.8.9 and 1.10.1 Security Update
- Why use Regular Expressions?
- Ubuntu Forums Security Breach
- Is Metadata the Magic in Modern Network Security?
- Microsoft July Patch Pre-Announcement
- .biz DNSSEC DNSKEY is Invalid
- Facebook Reports a Potential Leak of User Data
- HP iLO3/iLO4 Remote Unauthorized Access with Single-Sign-On
- Exploit Sample for Win32/CVE-2012-0158
- Safe - Tools, Tactics and Techniques
- Port 51616 - Got Packets?
- Apple ID Two-step Verification Now Available in some Countries
- IPv6 Focus Month: IPv6 Encapsulation - Protocol 41
- Apple Blocking Java Web plug-in
- Wireshark Security Updates
- Adobe Acrobat and Reader Security Update Planned this Week
- HP ArcSight Connector Appliance and Logger Vulnerabilities
- Java 7 Update 11 Still has a Flaw
- D-link Wireless-G Router Year Issue (Y2K-plus-13)
- Adobe ColdFusion Security Advisory
- "FixIt" Patch for CVE-2012-4792 Bypassed
- Collecting Logs from Security Devices at Home
- Zero Day MySQL Buffer Overflow
- Storing your Collection of Malware Samples with Malwarehouse
- Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10 (2755801)
- IE Cumulative Updates MS12-063 - KB2744842
- Phishing/Spam Pretending to be from BBB
- Webmin Input Validation Vulnerabilities
- Suspicious eFax Spear Phishing Messages
- Wireshark Security Update
- Opera Security Update
- End of Days for MS-CHAPv2
- BIND 9 Security Updates
- Oracle July 2012 Critical Patch Pre-Release Announcement
- Using JSDetox to Analyze and Deobfuscate Javascript
- Issues with Windows Update Agent
- CVE-2012-1875 exploit is now available
- Technical Analysis of Flash Player CVE-2012-0779
- Google Publish Transparency Report
- iOS 5.1.1 Software Update for iPod, iPhone, iPad
- Adobe Security Flash Update
- WordPress Release Security Update
- Apple Java Updates for Mac OS X
- wicd Privilege Escalation 0day exploit for Backtrack 5 R2
- HP ProCurve 5400 zl Switch, Flash Cards Infected with Malware
- Wireshark 1.6.6 and 1.4.2 Released
- VMware New and Updated Security Advisories
- OpenSSL Security Update
- VMware New and Updated Advisories
- Reflected XSS in Splunk Web Affecting Version 4.0 to 4.3
- Flashback Trojan in the Wild
- Sophos 2012 Security Threat Report
- DNS Sinkhole Scripts Fixes/Update
- Strange DNS Queries - Request Packets/Logs
- New Generic Top-Level Domains (gTLDs) out for Sale
- New Version of tcpflow Available in Beta
- January 2012 Patch Tuesday Pre-release
- SSH Password Brute Forcing may be on the Rise
- Duqu Mitigation
- November 2011 Patch Tuesday Pre-release
- tcpdump and IPv6
- Oracle Java SE Critical Patch Update
- DNS Sinkhole Parser Script Update
- Critical Control 10: Continuous Vulnerability Assessment and Remediation
- MS Security Advisory Update - Fraudulent DigiNotar Certificates
- Google Chrome Security Updates
- Apple Certificate Trust Policy Update
- IPv6 and DNS Sinkhole
- Telex - A Radical New Approach to Bypass Security
- FireCAT 2.0 Released
- BlackBerry Enterprise Server Critical Update
- Samba 3.6.0 Released
- XenApp and XenDesktop could result in Arbitrary Code Execution
- Are Mobile Devices taking over your Corporate Network?
- New Sguil HTTPRY Agent
- Symantec Report - Spam Surge against Social Networks
- How Good is your Employee Termination Policy?
- WordPress Forces Password Reset
- Mozilla Firefox and Thunderbird Security Updates
- Sega Pass Compromised - 1.29 Million Customers Data Leaked
- SonyPictures Site Compromised
- Oracle Java SE Critical Patch Update Pre-Release Announcement - June 2011
- Release of Wireshark 1.6.0rc2
- Sysinternals Updates, Analyzing Stuxnet Infection with Sysinternals Tools Part 3
- Common Vulnerability Reporting Framework (CVRF)
- Distributed Denial of Service Cheat Sheet
- Websense Study Claims Canada Next Hotbed for Cybercrime Web Hosting Activity
- Incident Response Methodologies Worm Infection Cheat Sheet
- Firefox, Thunderbird and SeaMonkey Security Updates
- VMware ESXi 4.1 Security and Firmware Updates
- Adobe Reader and Acrobat Security Updates
- Silverlight Update Available
- Strange Shockwave File with Surprising Attachments
- Japan Earthquake: Possible scams / malware
- Snort IDS Sensor with Sguil Framework ISO
- Snort Data Acquisition Library
- OpenSSH Legacy Certificate Information Disclosure Vulnerability
- Nmap 5.50 Released
- OpenOffice Security Fixes
- ISC DHCP DHCPv6 Vulnerability
- January 2011 Patch Tuesday Pre-release
- PandaLabs 2010 Annual Report
- Patch Issues with Outlook 2007
- Highlight of Survey Related to Issues Affecting Businesses in 2010
- Cisco Unified Videoconferencing Affected by Multiple Vulnerabilities
- Conficker B++ Activated on Nov 15
- Reference on Open Source Digital Forensics
- Acrobat and Adobe Reader Security Update
- OpenSSL TLS Extension Parsing Race Condition
- Register.com DNS Issues
- Honeynet Forensic Challenge - Analyzing Malicious Portable Destructive Files
- Scripting with Unix Date
- Cyber Security Awareness Month - Day 30 - Role of the network team
- Security Update for Shockwave Player
- Cyber Security Awareness Month - Day 16 - Securing a donated computer
- Adobe out-of-cycle Updates
- Shadowserver Binary Whitelisting Service
- Cisco IOS Software 15.1(2)T TCP DoS
- QuickTime Security Updates
- Wireshark 1.2.10 released
- Web Traffic Analysis with httpry
- SophosLabs Released Free Tool to Validate Microsoft Shortcut
- socat to Simulate a Website
- DNS Sinkhole ISO Available for Download
- Security Advisory for Flash Player, Adobe Reader and Acrobat
- OpenOffice.org 3.2.1 Fixes Bugs and Vulnerabilities
- Microsoft Patch Tuesday June 2010 Pre-Release
- Wireshark DOCSIS Dissector DoS Vulnerability
- Microsoft Patch Tuesday May 2010 Pre-Release
- MS10-025 Security Update has been Pulled
- McAfee DAT 5958 Update Issues
- Some NetSol hosted sites breached
- Microsoft Patch Tuesday April 2010 Pre-Release
- Oracle Java SE and Java for Business Critical Patch Update Advisory
- Foxit Reader Security Update
- Apple QuickTime and iTunes Security Update
- Security Advisory for ESX Service Console
- Create a Summary of IP Addresses from PCAP Files using Unix Tools
- HP-UX Running NFS/ONCplus, Inadvertently Enabled NFS
- PHP 5.2.13 Security Update
- LANDesk Management Gateway Vulnerability
- Oracle WebLogic Server Security Alert
- Cisco Secure Desktop Remote XSS Vulnerability
- Adobe ColdFusion Information Disclosure
- Sun Java JRE 6 Update 18 Released
- Easy DNS BIND Sinkhole Setup
- Secure USB Flaw Exposed
- Ready to use IDS Sensor with Sguil
- KDC DoS in cross-realm referral processing
- Microsoft IIS File Parsing Extension Vulnerability
- F5 BIG-IP ASM and PSM Remote Buffer Overflow
- Java JRE Buffer and Integer Overflow
- Metasploit Framework 3.3 Released
- OpenVPN Fixed OpenSSL Session Renegotiation Issue
- Apple Security Update 2009-006 for Mac OS X v10.6.2
- Samba Security Information Disclosure and DoS
- Cyber Security Awareness Month - Day 4 - Port 20/21 - FTP-data/FTP
- Firefox 3.5.3 and 3.0.14 has been released
- Bug Fixes in Sun SDK 5 and Java SE 6
- Microsoft September 2009 Black Tuesday Overview
- Cisco Security Advisory TCP DoS
- Vista/2008/Windows 7 SMB2 BSOD 0Day
- Gmail Down
- Opera 10 with Security Fixes
- Immunet Protect - Cloud and Community Malware Protection
- XML Libraries Data Parsing Vulnerabilities
- Changes in Windows Security Center
- WordPress Fixes Multiple vulnerabilities
- IP Address Range Search with libpcap
- Wireshark 1.2.0 released
- SANSFIRE 2009 Starts Tomorrow