I published the following diary on isc.sans.edu: “Another File Extension to Block in your MTA: .jnlp“:
When hunting, one thing that I like to learn is how attackers can be imaginative at deploying new techniques. I spotted some emails that had suspicious attachments based on the ‘.jnlp’ extension. I’m pretty sure that many people don’t know what’s their purpose and, if you don’t know them, you don’t have a look at them on your logs, SIEM, … That makes them a good candidate to deliver malicious code… [Read more]