I published the following diary on isc.sans.edu: “Sextortion to The Next Level“: For a long time, our mailboxes are flooded with emails from â€œhackersâ€ (note the quotes) who pretend to have infected our computers with malware. The scenario is always the same: They successfully collected sensitive pieces of evidence about
â€œHunting with OSSECâ€ at BruCON Spring Training
My training submission has been accepted at the BruCON Spring Training session in April 2019. This training is intendedÂ for Blue Team members and system/security engineers who would like to take advantage of theÂ OSSECÂ integration capabilities with other tools and increase the visibility of their infrastructure behaviour. OSSEC is sometimes described as
[SANS ISC] Querying DShield from Cortex
I published the following diary on isc.sans.edu: “Querying DShield from Cortex”: Cortex is a tool part of the TheHive project. As stated on the website, it is a “PowerfulÂ Observable Analysis Engine”. Cortex can analyze observables like IP addresses, emails, hashes, filenames against a huge (and growing) list of online services.
[SANS ISC] Tracking Newly Registered Domains
I published the following diary on isc.sans.org: “Tracking Newly Registered Domains“: Here is the next step in my series of diaries related to domain names. After tracking suspicious domains with a dashboard and proactively searching for malicious domains, letâ€™s focus on newly registered domains. They are a huge number of
[SANS ISC] Proactive Malicious Domain Search
I published the following diary on isc.sans.org: “Proactive Malicious Domain Search“: In a previous diary, I presented a dashboard that Iâ€™m using to keep track of the DNS traffic on my networks. Tracking malicious domains is useful but what if you could, in a certain way, â€œpredictâ€ the upcoming domains
ISC Top-100 Malicious IP: STIX Feed Updated
Based on my previous ISC SANS Diary, I updated the STIX feed to answer the requests made by some readers. The feed is now available in two formats: STIX 1.2 (XML) (link) STIX 2.0 (JSON) (link) There are updated every 2 hours. Enjoy!
[SANS ISC Diary] Retro Hunting!
I published the following diary on isc.sans.org: “Retro Hunting!“. For a while, one of the securityÂ trends is to integrate information from 3rd-party feeds to improve the detection of suspicious activities. By collecting indicators of compromize, other tools may correlate them with their own data and generate alerts on specific conditions.
[SANS ISC Diary] Many Malware Samples Found on Pastebin
I published the following diary on isc.sans.org: “Many Malware Samples Found on Pastebin“. pastebin.com is a wonderful website. I’m scrapping all posted pasties (not only from pastebin.com) and pass them to a bunch of regular expressions. As I said in a previous diary, it is a good way to perform
IP Address Open Source Intelligence for the Win
During the last edition of theÂ TroopersÂ security conference in March, I attendedÂ a talk about “JustMetaData”. It’s a tool developed by Chris Truncer to perform open source intelligence against IP addresses. Since then, I used this tool on a regular basis. Often when you’re using a tool, you have ideas to improve