Category: SANS™ Internet Storm Center

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

What do I mean by “IP volatility”? Today, many organizations use cloud services and micro-services. In such environments, IP addresses assigned to virtual machines or services can often be volatile, meaning they can change or be

I found a Python script that implements a funny anti-analysis trick. The script has a low score on VT (4/59) (SHA256:d716c2edbcdb76c6a6d31b21f154fee7e0f8613617078b69da69c8f4867c9534)[1]. This sample attracted my attention because it uses the tkinter[2] library. This library is used to create graphical

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Over the past several weeks, I have been testing various enhancements to the DShield SIEM, to process DShield sensor log from local and cloud sensors with Filebeat and Filebeat modules to easily send Zeek and NetFlow

Blue teams have it hard – they maintain a watchful eye on whatever technology is deployed to detect threats, respond to incidents, perform digital forensics and reverse malware (or make malware happy!) when needed. Hopefully, no

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

This month, Microsoft has released patches addressing a total of 141 vulnerabilities. Among these, 4 are classified as critical, highlighting the potential for significant impact if exploited. Notably, 2 vulnerabilities are currently being exploited in the wild,

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.