I published the following diary on isc.sans.org: “Example of Targeted Attack Through a Proxy PAC File“. Yesterday, I discovered a nice example of targeted attack against a Brazilian bank. It started with an email sample like this …Â [Read more]
Category: SANS Internet Storm Center
[SANS ISC Diary] Voice Message Notifications Deliver Ransomware
I published the following diary on isc.sans.org: “Voice Message Notifications Deliver Ransomware“. Bad guys need to constantly find new ways to lure their victims. If billing notifications were very common for a while, not all people in a company are working with such kind of documents. Which types of notification
[SANS ISC Diary] Data Classification For the Masses
I published the following diary on isc.sans.org: “Data Classification For the Masses“. Data classification isn’t a brand new topic. For a long time, international organizations or military are doing “data classificationâ€. It can be defined as: “A set of processes and tools to help the organization to know what data
[SANS ISC Diary] Analyze of a Linux botnet client source code
I published the following diary on isc.sans.org: “Analyze of a Linux botnet client source code“. I like to play active-defense. Every day, I extract attacker’s IP addresses from my SSH honeypots and perform a quick Nmap scan against them. The goal is to gain more knowledge about the compromised hosts. Most
[SANS ISC Diary] Name All the Things!
I published the following diary on isc.sans.org: “Name All the Things!“. With our more and more complex environments and processes, we have to handle a huge amount of information on a daily basis. To improve the communication with our colleagues, peers, it is mandatory to speak the same language and
[SANS ISC Diary] The Power of Web Shells
I published the following diary on isc.sans.org: “The Power of Web Shells“. Web shells are not new in the threats landscape. A web shell is a script (written in PHP, ASL, Perl, … – depending on the available environment) that can be uploaded to a web server to enable remote administration.
[SANS ISC Diary] Hunting for Malicious Files with MISP + OSSEC
I published the following diary on isc.sans.org: Hunting for Malicious Files with MISP + OSSEC.
[SANS ISC Diary] Phishing Campaign with Blurred Images
I published the following diary was published on isc.sans.org: Phishing Campaign with Blurred Images.
$HOME Sweet $HOME – SANSFIRE Edition
I’m in Washington DC at the SANSFIRE event. I’m following a training and meeting fellow SANS ISC Handlers. I also gave a talk tonight about the risks of the Internet of Things and quick tips to protect your home network against their invasion. Here is a copy of the slides: Link: http://www.slideshare.net/xme/home-sweet-home-sansfire-edition.
[SANS ISC Diary] Offensive or Defensive Security? Both!
I published the following diary was published on isc.sans.org:Â Offensive or Defensive Security? Both!