Today our "First Seen" page displayed a number of simple URLs: /wp-backup.sh /submit.sh /stage-deploy.sh /scripts/driverenv.sh /s3.sh /run-deploy.sh /passwords.sh /m/index.php /library.sh /installer.sh /envvars.sh /driverenv.sh /driver.sh /docker/startup.sh /develop.sh /bucket.sh /aws_cli.sh /aws-env.sh These URLs are not associated with a
Continue ReadingCategory: SANS™ Internet Storm Center
ISC Stormcast For Wednesday, October 23rd, 2024 https://isc.sans.edu/podcastdetail/9192, (Wed, Oct 23rd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingHow much HTTP (not HTTPS) Traffic is Traversing Your Perimeter?, (Tue, Oct 22nd)
Back in June of 2010, The Electronic Frontier Foundation (EFF) released the first beta release of the "HTTPS Everywhere" plugin [1]. Even then, most websites offered HTTPS. But unlike today, HTTP was often still the default,
Continue ReadingISC Stormcast For Tuesday, October 22nd, 2024 https://isc.sans.edu/podcastdetail/9190, (Tue, Oct 22nd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingA Network Nerd’s Take on Emergency Preparedness, (Tue, Oct 15th)
Over the last month, two hurricanes barely missed me. Luckily, neither caused me any significant inconvenience. Sadly, others were not as lucky, and I think this is a good time to do a little "Lessons Learned"
Continue ReadingISC Stormcast For Monday, October 21st, 2024 https://isc.sans.edu/podcastdetail/9188, (Mon, Oct 21st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingISC Stormcast For Friday, October 18th, 2024 https://isc.sans.edu/podcastdetail/9186, (Fri, Oct 18th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingISC Stormcast For Thursday, October 17th, 2024 https://isc.sans.edu/podcastdetail/9184, (Thu, Oct 17th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingScanning Activity from Subnet 15.184.0.0/16, (Thu, Oct 17th)
I noticed in my logs 2 weeks ago regular probe from a subnet in the Amazone cloud only scanning for TCP/8080 capture by the iptables of my DShield sensor. The scanning started on the 15 Aug -
Continue ReadingThe Top 10 Not So Common SSH Usernames and Passwords, (Wed, Oct 16th)
Our list of "Top" ssh usernames and password is pretty static. Well known defaults, like "root" and "admin" are at the top of the list. But there are always some usernames and password in the list
Continue Reading