(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingCategory: SANS™ Internet Storm Center
Pandas Errors: What encoding are my logs in?, (Fri, Aug 23rd)
While trying to process some of my honeypot data, I ran into the following error in my Python script: "Exception has occurred: ValueError values should be unique if codes is not None" I received the error
Continue ReadingISC Stormcast For Friday, August 23rd, 2024 https://isc.sans.edu/podcastdetail/9110, (Fri, Aug 23rd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingOpenAI Scans for Honeypots. Artificially Malicious? Action Abuse?, (Thu, Aug 22nd)
For a whille now, I have seen scans that contain the pattern "%%target%%" in the URL. For example, today this particular URL is popular: /%%target%%/wp-content/themes/twentytwentyone/style.css I have been ignoring these scans so far. The "wp-content" in
Continue ReadingISC Stormcast For Thursday, August 22nd, 2024 https://isc.sans.edu/podcastdetail/9108, (Thu, Aug 22nd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingISC Stormcast For Wednesday, August 21st, 2024 https://isc.sans.edu/podcastdetail/9106, (Wed, Aug 21st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingMapping Threats with DNSTwist and the Internet Storm Center [Guest Diary], (Tue, Aug 20th)
[This is a Guest Diary by Michael Tigges, an ISC intern as part of the SANS.edu BACS program] On July 16, 2024, I received notification of a suspicious tunnel being opened via SSH in relation to
Continue ReadingWhere are we with CVE-2024-38063: Microsoft IPv6 Vulnerability, (Tue, Aug 20th)
I recorded a quick live stream with a quick update on CVE-2024-38063. The video focuses on determining the exploitability, particularly whether your systems are reachable by IPv6. After recording this video, Stephen Sims pointed me to
Continue ReadingISC Stormcast For Tuesday, August 20th, 2024 https://isc.sans.edu/podcastdetail/9104, (Tue, Aug 20th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingDo you Like Donuts? Here is a Donut Shellcode Delivered Through PowerShell/Python, (Mon, Aug 19th)
I found a tiny .bat file that looked not suspicious at all: 3650.bat (SHA256:bca5c30a413db21f2f85d7297cf3a9d8cedfd662c77aacee49e821c8b7749290) with a very low VirusTotal score (2/65)[1]. The file is very simple, it invokes a PowerShell: @shift /0 @echo off powershell.exe -WindowStyle Hidden
Continue Reading