We reached December, it’s time for another edition of the Botconf security conference fully dedicate to fighting botnets. This is already the fifth edition that I’m attending. This year, the beautiful city of Montpellier in the south of France is hosting the conference. I arrived on Monday evening to attend
I published the following diary on isc.sans.org: “Using Bad Material for the Good“: There is a huge amount of information shared online by attackers. Once again, pastebin.com is a nice place to start hunting. As this material is available for free, why not use it for the good? Attackers (with
I published the following diary on isc.sans.org: “Phishing Kit (Ab)Using Cloud Services“: When you build a phishing kit, they are several critical points to address. You must generate a nice-looking page which will match as close as possible to the original one and you must work stealthily to not be blocked
I published the following diary on isc.sans.org: “Fileless Malicious PowerShell Sample“: Pastebin.com remains one of my favourite place for hunting. I’m searching for juicy content and report finding in a Splunk dashboard: Yesterday, I found an interesting pastie with a simple Windows CMD script… [Read more]
I published the following diary on isc.sans.org: “Proactive Malicious Domain Search“: In a previous diary, I presented a dashboard that I’m using to keep track of the DNS traffic on my networks. Tracking malicious domains is useful but what if you could, in a certain way, “predict†the upcoming domains
Based on my previous ISC SANS Diary, I updated the STIX feed to answer the requests made by some readers. The feed is now available in two formats: STIX 1.2 (XML) (link) STIX 2.0 (JSON) (link) There are updated every 2 hours. Enjoy!
I published the following diary on isc.sans.org: “Top-100 Malicious IP STIX Feed“. Yesterday, we were contacted by one of our readers who asked if we provide a STIX feed of our blocked list or top-100 suspicious IP addresses. STIX means “Structured Threat Information eXpression†and enables organizations to share indicator
I published the following diary on isc.sans.org: “Suspicious Domains Tracking Dashboard“. Domain names remain a gold mine to investigate security incidents or to prevent some malicious activity to occur on your network (example by using a DNS firewall). The ISC has also a page dedicated to domain names. But how
I published the following diary on isc.sans.org: “If you want something done right, do it yourself!“. Another day, another malicious document! I like to discover how the bad guys are creative to write new pieces of malicious code. Yesterday, I found another interesting sample. It’s always the same story, a
I published the following diary on isc.sans.org: “Keep An Eye on your Root Certificates“. A few times a year, we can read in the news that a rogue root certificate was installed without the user consent. The latest story that pops up in my mind is the Savitech audio drivers
