The popular web conference platform Zoom has been in the storm for a few weeks. With the COVID19 pandemic, more and more people are working from home and the demand for web conference tools has been growing. Vulnerabilities have been discovered in the Zoom client and, based on the fact
I published the following diary on isc.sans.edu: “Querying DShield from Cortex”: Cortex is a tool part of the TheHive project. As stated on the website, it is a “Powerful Observable Analysis Engine”. Cortex can analyze observables like IP addresses, emails, hashes, filenames against a huge (and growing) list of online services.
I published the following diary on isc.sans.org: “Tracking Newly Registered Domains“: Here is the next step in my series of diaries related to domain names. After tracking suspicious domains with a dashboard and proactively searching for malicious domains, let’s focus on newly registered domains. They are a huge number of
Based on my previous ISC SANS Diary, I updated the STIX feed to answer the requests made by some readers. The feed is now available in two formats: STIX 1.2 (XML) (link) STIX 2.0 (JSON) (link) There are updated every 2 hours. Enjoy!
I published the following diary on isc.sans.org: “Many Malware Samples Found on Pastebin“. pastebin.com is a wonderful website. I’m scrapping all posted pasties (not only from pastebin.com) and pass them to a bunch of regular expressions. As I said in a previous diary, it is a good way to perform
During the last edition of the Troopers security conference in March, I attended a talk about “JustMetaData”. It’s a tool developed by Chris Truncer to perform open source intelligence against IP addresses. Since then, I used this tool on a regular basis. Often when you’re using a tool, you have ideas to improve
