Skip to content
/dev/random

/dev/random

"If the enemy leaves a door open, you must rush in." – Sun Tzu

  • About Me
    • About Me
    • Online Presentations
    • PGP Public Key
  • Disclaimer
  • Tools
    • alerts2afterglow
    • hoover
    • inotes.py
    • known_hosts_bruteforcer
    • pastemon
    • oplb
    • ossec_dashboard
    • ossec2dshield
    • twittermon
    • rrhunter
    • syslog2loggly

Tag: Spam

[SANS ISC] Another File Extension to Block in your MTA: .jnlp

January 22, 2021 Malware, SANS Internet Storm Center, Security Leave a comment

I published the following diary on isc.sans.edu: “Another File Extension to Block in your MTA: .jnlp“: When hunting, one thing that I like to learn is how attackers can be imaginative at deploying new techniques. I spotted some emails that had suspicious attachments based on the ‘.jnlp’ extension. I’m pretty sure

Continue reading »
SANS ISC

[SANS ISC] Malicious JavaScript Targeting Mobile Browsers

June 18, 2018 Malware, SANS Internet Storm Center, Security 2 comments

I published the following diary on isc.sans.org: “Malicious JavaScript Targeting Mobile Browsers“: A reader reported a suspicious piece of a Javascript code that was found on a website. In the meantime, the compromized website has been cleaned but it was running WordPress (again, I would say![1]).  The code was obfuscated,

Continue reading »
SANS ISC

[SANS ISC] A Bunch of Compromized WordPress Sites

June 14, 2018 SANS Internet Storm Center, Security, Websites Leave a comment

I published the following diary on isc.sans.org: “A Bunch of Compromized WordPress Sites“: A few days ago, one of our readers contacted reported an incident affecting his website based on WordPress. He performed quick checks by himself and found some pieces of evidence: The main index.php file was modified and some

Continue reading »
SANS ISC

[SANS ISC] Surge in blackmailing?

March 21, 2018 SANS Internet Storm Center, Security One comment

I published the following diary on isc.sans.org: “Surge in blackmailing?“: What’s happening with blackmails? For those who don’t know the word, it is a piece of mail sent to a victim to ask money in return for not revealing compromising information about him/her. For a few days, we noticed a peak

Continue reading »
SANS ISC

[SANS ISC Diary] Spam Delivered via .ICS Files

October 20, 2016 SANS Internet Storm Center, Security 4 comments

I published the following diary on isc.sans.org: “Spam Delivered via .ICS Files“. Yesterday, I received a few interesting emails in my honeypot. I set up catch-all email addresses for domains that are well known by spammers. I’m capturing emails and extracting MIME attachments for further analysis. Today, my honeypot received three

Continue reading »

Automatic MIME Attachments Triage

December 4, 2015 Malware, Security Leave a comment

A few weeks ago I posted a diary on the ISC SANS website about a script to automate the extraction and analyze of MIME attachments in emails. Being the happy owner of an old domain (15y), this domain is present in all spammer’s mailing lists. I’m receiving a lot of

Continue reading »

Honeymail: Track Who’s Leaking Your E-mail Addresses

December 21, 2011 Privacy, Security, Websites 2 comments

“E-mail”… What a wonderful online service! When I first connected to the Internet around 1994 (I’m feeling old writing this!), I was so exited to receive my first e-mail! Today, I’m very happy when I received less than 50 e-mails per day! E-mail has been, for years, associated with spam.

Continue reading »

You Like? Spammers Like You Too!

March 11, 2011 Websites One comment

Our best worst friend Facebook is full of resources. Not only for attackers but also spammers. The “I like” button became very popular on many personal (blogs) and professional websites. Basically, the purpose is simple and efficient: If you are logged on Facebook and visit a website which proposes an

Continue reading »

Compliance: a Marketing Argument?

December 3, 2009 Business Leave a comment

I received yesterday a mail spam about a commercial SSH solution. The mail presented their product like this: “Find out how SSH can ease the burden of PCI DSS, SOX and other mandates and IT audits with a robust data security solution used by millions worldwide! <deleted name> delivers unparalleled

Continue reading »

Stay in Touch

RSS Twitter LinkedIn

Upcoming Events

Here is a list of events that I will attend and cover via Twitter and wrap-ups. Ping me if you want to meet! The list is regularly updated.

SANS Amsterdam 2020

Recent Articles

  • [SANS ISC] Dynamic Data Exchange (DDE) is Back in the Wild?
  • myMail Manages Your Mailbox… in a Strange Way!
  • [SANS ISC] Agent Tesla Dropped Through Automatic Click in Microsoft Help File
  • Network Flows Visualization With Nanoleaf Light Panels
  • [SANS ISC] VBA Macro Trying to Alter the Application Menus

Popular Articles

  • Keep an Eye on SSH Forwarding! 40.3k views
  • Show me your SSID’s, I’ll Tell Who You Are! 40.3k views
  • Sending Windows Event Logs to Logstash 32.6k views
  • Check Point Firewall Logs and Logstash (ELK) Integration 29.2k views
  • Socat, Another Network Swiss Army Knife 28.9k views
  • Forensics: Reconstructing Data from Pcap Files 24.7k views
  • dns2tcp: How to bypass firewalls or captive portals? 23.5k views
  • Vulnerability Scanner within Nmap 19.8k views
  • Bruteforcing SSH Known_Hosts Files 18.8k views
  • Post-BruCON Experience – Running a Wall of Sheep in the Wild 18.4k views

Recent Tweets

  • "Silver Sparrow" #OSX malware uses Amazon #S3 buckets for C2 communications: redcanary.com/blog/clipping-si…

    February 22, 2021 07:56

  • Early Flight over the Water... pic.twitter.com/gsS7GX86BL

    February 21, 2021 11:45

  • Great initiative! twitter.com/verovaleros/status…

    February 20, 2021 09:10

  • [/dev/random] [SANS ISC] Dynamic Data Exchange (DDE) is Back in the Wild? blog.rootshell.be/2021/02/19/s…

    February 19, 2021 11:00

  • [/dev/random] myMail Manages Your Mailbox… in a Strange Way! blog.rootshell.be/2021/02/19/m…

    February 19, 2021 10:54

Time Machine

RSS NVD Vulnerabilities Feed

  • CVE-2021-27370 (monica) February 22, 2021
    The Contact page in Monica 2.19.1 allows stored XSS via the Last Name field.
  • CVE-2021-27559 (monica) February 22, 2021
    The Contact page in Monica 2.19.1 allows stored XSS via the Nickname field.
  • CVE-2021-27371 (monica) February 22, 2021
    The Contact page in Monica 2.19.1 allows stored XSS via the Description field.
  • CVE-2021-27369 (monica) February 22, 2021
    The Contact page in Monica 2.19.1 allows stored XSS via the Middle Name field.
  • CVE-2021-27368 (monica) February 22, 2021
    The Contact page in Monica 2.19.1 allows stored XSS via the First Name field.
  • CVE-2020-12374 (bmc_firmware) February 19, 2021
    Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow a privileged user to potentially enable escalation of privilege via local access.
  • CVE-2020-36247 (open_ondemand) February 19, 2021
    Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF.
  • CVE-2019-25024 (openrepeater) February 19, 2021
    OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters in the functions/ajax_system.php post_service parameter.
Copyright Xavier Mertens © 2003-2021 | Powered by Xameco.
This website uses cookies to improve your experience. By using our services, you agree to our use of cookies. Accept Learn more
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

SAVE & ACCEPT