(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingCategory: SANS™ Internet Storm Center
Using ES|QL in Kibana to Queries DShield Honeypot Logs, (Thu, Feb 20th)
With the Elastic released of version 8.17.0, it included "The technical preview of new MATCH and query string (QSTR) functions in ES|QL makes log searches easier and more intuitive."[1] With this released, I started exploring some
Continue ReadingXWorm Cocktail: A Mix of PE data with PowerShell Code, (Wed, Feb 19th)
While hunting, I spent some time trying to deobfuscate a malicious file discovered on VT. It triggered my PowerShell rule. At the end, I found two files that look close together: 7c2f2a9a6078d37ee241e43f392f825630016c8ca8416bfd12cd27501b6876d1 (Score: 3/61)[1] d0b448d4de707a9fb611166278065afa2c52029234f7876158c8dd4798f08f9f (Score:
Continue ReadingISC Stormcast For Wednesday, February 19th, 2025 https://isc.sans.edu/podcastdetail/9330, (Wed, Feb 19th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue Readinghttps://SecTemplates.com – simplified, free open-source templates to enable engineering and smaller security teams to bootstrap security capabilities for their organizations, (Tue, Feb 18th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingModelScan – Protection Against Model Serialization Attacks, (Mon, Feb 17th)
Protect AI’s OSS portfolio includes tools aimed at improving security of AI/ML software. These tools are meant for a wide range of engineering, security and ML practitioners including developers, security engineers/researchers, ML engineers, LLM engineers and prompt engineers, and
Continue ReadingISC Stormcast For Tuesday, February 18th, 2025 https://isc.sans.edu/podcastdetail/9328, (Tue, Feb 18th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingMy Very Personal Guidance and Strategies to Protect Network Edge Devices, (Thu, Feb 6th)
Last week, CISA and other national cyber security organizations published an extensive document outlining "Guidance and Strategies to Protect Network Edge Devices." [1] The document is good but also very corporate and "bland." It summarizes good, well-intended
Continue ReadingISC Stormcast For Monday, February 17th, 2025 https://isc.sans.edu/podcastdetail/9326, (Mon, Feb 17th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingThe Danger of IP Volatility, (Sat, Feb 15th)
What do I mean by “IP volatility”? Today, many organizations use cloud services and micro-services. In such environments, IP addresses assigned to virtual machines or services can often be volatile, meaning they can change or be
Continue Reading