![[Guest Diary] Insights from August Web Traffic Surge, (Wed, Nov 6th)](https://grchive.com/wp-content/uploads/2024/07/security-5043368_1280.jpg.webp)
[This is a Guest Diary by Trevor Coleman, an ISC intern as part of the SANS.edu Bachelor's Degree in Applied Cybersecurity (BACS) program [1]. Figure 1: ISC Web Honeypot Log Overview Chart [2] The month of
Continue ReadingBlog
ISC Stormcast For Wednesday, November 6th, 2024 https://isc.sans.edu/podcastdetail/9210, (Wed, Nov 6th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingPython RAT with a Nice Screensharing Feature, (Tue, Nov 5th)
While hunting, I found another interesting Python RAT in the wild. This is not brand new because the script was released two years ago[1]. The script I found is based on the same tool and still
Continue ReadingISC Stormcast For Tuesday, November 5th, 2024 https://isc.sans.edu/podcastdetail/9208, (Tue, Nov 5th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingCISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-8957 PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability CVE-2024-8956 PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability These types of vulnerabilities are
Continue ReadingAnalyzing an Encrypted Phishing PDF, (Mon, Nov 4th)
Once in a while, I get a question about my pdf-parser.py tool, not able to decode strings and streams from a PDF document. And often, I have the answer without looking at the PDF: it's encrypted.
Continue ReadingISC Stormcast For Monday, November 4th, 2024 https://isc.sans.edu/podcastdetail/9206, (Mon, Nov 4th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue Readingqpdf: Extracting PDF Streams, (Sat, Nov 2nd)
In diary entry "Analyzing PDF Streams" I answer a question asked by a student of Xavier: "how can you export all streams of a PDF?". I explained how to do this with my pdf-parser.py tool. I
Continue ReadingForeign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments
CISA has received multiple reports of a large-scale spear-phishing campaign targeting organizations in several sectors, including government and information technology (IT). The foreign threat actor, often posing as a trusted entity, is sending spear-phishing emails containing
Continue ReadingPredict D.C. and London: The Fight Against Ransomware Enters a New Phase
Having just wrapped up our D.C. and London Predict 2024 conferences, the Recorded Future team is incredibly excited about the future of cybersecurity. Over the span two days in both cities, Predict attendees heard from global
Continue Reading