I published the following diary on isc.sans.org: “Increase of phpMyAdmin scans“. PMA (or “phpMyAdmin”) is a well-known MySQL front-end written in PHP that “brings MySQL to the web” as stated on the web site. The tool is very popular amongst web developers because it helps to maintain databases just by using
I published the following diary on isc.sans.org: “TinyPot, My Small Honeypot“. Running honeypots is always interesting to get an overview of what’s happening on the Internet in terms of scanners or new threats. Honeypots are useful not only in the Wild but also on your internal networks. There are plenty
I published the following diary on isc.sans.org: “Bots Searching for Keys & Config Files“. If you don’t know our “404” project, I would definitively recommend having a look at it! The idea is to track HTTP 404 errors returned by your web servers. I like to compare the value of 404 errors
I published the following diary on isc.sans.org: “Backup Scripts, the FIM of the Poor“. File Integrity Management or “FIM” is an interesting security control that can help to detect unusual changes in a file system. By example, on a server, they are directories that do not change often. Example with
I published the following diary on isc.sans.org: “A VBScript with Obfuscated Base64 Data“. A few months ago, I posted a diary to explain how to search for (malicious) PE files in Base64 data. Base64 is indeed a common way to distribute binary content in an ASCII form. There are plenty
I published the following diary on isc.sans.org: “Obfuscating without XOR“. Malicious files are generated and spread over the wild Internet daily (read: “hourly”). The goal of the attackers is to use files that are: not know by signature-based solutions not easy to read for the human eye That’s why many
I published the following diary on isc.sans.org: “Systemd Could Fallback to Google DNS?“. Google is everywhere and provides free services to everyone. Amongst the huge list of services publicly available, there are the Google DNS, well known as 8.8.8.8, 8.8.4.4 (IPv4) and 2001:4860:4860::8888, 2001:4860:4860::8844Â (IPv6)… [Read more]
I published the following diary on isc.sans.org: “Phishing Campaigns Follow Trends“. Those phishing emails that we receive every day in our mailboxes are often related to key players in different fields (…) But the landscape of online services is ever changing and new actors (and more precisely their customers) become
I published the following diary on isc.sans.org: “Sharing Private Data with Webcast Invitations“. Last week, at a customer, we received a forwarded email in a shared mailbox. It was somebody from another department that shared an invitation for a webcast “that could be interesting for you, guys!â€. This time, no phishing
I published the following diary on isc.sans.org: “My Little CVE Bot“. The massive spread of the WannaCry ransomware last Friday was another good proof that many organisations still fail to patch their systems. Everybody admits that patching is a boring task. They are many constraints that make this process very
