[This is a Guest Diary by Trevor Coleman, an ISC intern as part of the SANS.edu Bachelor's Degree in Applied Cybersecurity (BACS) program [1]. Figure 1: ISC Web Honeypot Log Overview Chart [2] The month of
Continue ReadingCategory: SANS™ Internet Storm Center
ISC Stormcast For Wednesday, November 6th, 2024 https://isc.sans.edu/podcastdetail/9210, (Wed, Nov 6th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingPython RAT with a Nice Screensharing Feature, (Tue, Nov 5th)
While hunting, I found another interesting Python RAT in the wild. This is not brand new because the script was released two years ago[1]. The script I found is based on the same tool and still
Continue ReadingISC Stormcast For Tuesday, November 5th, 2024 https://isc.sans.edu/podcastdetail/9208, (Tue, Nov 5th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingAnalyzing an Encrypted Phishing PDF, (Mon, Nov 4th)
Once in a while, I get a question about my pdf-parser.py tool, not able to decode strings and streams from a PDF document. And often, I have the answer without looking at the PDF: it's encrypted.
Continue ReadingISC Stormcast For Monday, November 4th, 2024 https://isc.sans.edu/podcastdetail/9206, (Mon, Nov 4th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue Readingqpdf: Extracting PDF Streams, (Sat, Nov 2nd)
In diary entry "Analyzing PDF Streams" I answer a question asked by a student of Xavier: "how can you export all streams of a PDF?". I explained how to do this with my pdf-parser.py tool. I
Continue ReadingISC Stormcast For Thursday, October 31st, 2024 https://isc.sans.edu/podcastdetail/9204, (Thu, Oct 31st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingOctober 2024 Activity with Username chenzilong, (Thu, Oct 31st)
After reviewing the Top 10 Not So Common SSH Usernames and Passwords [1] published by Johannes 2 weeks ago, I noticed activity by one in his list that we don't really know what it is. Beginning
Continue ReadingScans for RDP Gateways, (Wed, Oct 30th)
RDP is one of the most prominent entry points into networks. Ransomware actors have taken down many large networks after initially entering via RDP. Credentials for RDP access are often traded by “initial access brokers". I
Continue Reading