I published the following diary on isc.sans.edu: “From Phishing To Ransomware?“: On Friday, one of our readers reported a phishing attempt to us (thanks to him!). Usually, those emails are simply part of classic phishing waves and try to steal credentials from victims but, this time, it was not a
I published the following diary on isc.sans.edu: “DSSuite – A Docker Container with Didier’s Tools“: If you follow us and read our daily diaries, you probably already know some famous tools developed by Didier (like oledump.py, translate.py and many more). Didier is using them all the time to analyze malicious
I published the following diary on isc.sans.edu: “Another Day, Another Suspicious UDF File“: In my last diary, I explained that I found a malcious UDF image used to deliver a piece of malware. After this, I created a YARA rule on VT to try to spot more UDF files in
I published the following diary on isc.sans.edu: “Malware Sample Delivered Through UDF Image“: I found an interesting phishing email which was delivered with a malicious attachment: an UDF image (.img). UDF means “Universal Disk Format†and, as said by Wikipedia], is an open vendor-neutral file system for computer data storage. It
I published the following diary on isc.sans.edu: “New Waves of Scans Detected by an Old Rule“: Who remembers the famous ShellShock (CVE-2014-6271)? This bug affected the bash shell in 2014 and was critical due to the facts that it was easy to exploit and that bash is a widespread shell
I published the following diary on isc.sans.edu: “Running your Own Passive DNS Service“: Passive DNS is not new but remains a very interesting component to have in your hunting arsenal. As defined by CIRCL, a passive DNS is “a database storing historical DNS records from various resources. The historical data
I published the following diary on isc.sans.edu: “New Wave of Extortion Emails: Central Intelligence Agency Case“: The extortion attempts haved moved to another step recently. After the “sextortion†emails that are propagating for a while, attackers started to flood people with a new type of fake emails and their imaginnation is endless… I
I published the following diary on isc.sans.edu: “Keep an Eye on Disposable Email Addresses“: In many organisations, emails still remain a classic infection path today. The good old email is still today a common communication channel to exchange information with people outside of the security perimeter. Many security controls are
I published the following diary on isc.sans.edu: “Suspicious PDF Connecting to a Remote SMB Share”: Yesterday I stumbled upon a PDF file that was flagged as suspicious by a customer’s anti-malware solution and placed in the quarantine. Later, the recipient contacted the team in charge of emails to access his document because
I published the following diary on isc.sans.edu: “Tracking Unexpected DNS Changes”: DNS is a key element of the Internet and, regularly, we read new bad stories. One of the last one was the Department of Homeland Security warning about recent DNS hijacking attacks. Indeed, when you want to visit the website ‘isc.sans.org’, you
