PythonScript is a Notepad++ plugin that provides a Python interpreter to edit Notepad++ documents. You install PythonScript in Notepad++ like this: Use "New Script" to create a new Python script: As an example, I will create
Continue ReadingCategory: SANS™ Internet Storm Center
ISC Stormcast For Friday, September 6th, 2024 https://isc.sans.edu/podcastdetail/9128, (Fri, Sep 6th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingEnrichment Data: Keeping it Fresh, (Fri, Sep 6th)
I like to enrich my honeypot data from a variety of sources to help understand a bit more about the context of the attack. This includes the types of networks the attacks are coming from or
Continue ReadingISC Stormcast For Thursday, September 5th, 2024 https://isc.sans.edu/podcastdetail/9126, (Thu, Sep 5th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingAttack Surface [Guest Diary], (Wed, Sep 4th)
[This is a Guest Diary by Joshua Tyrrell, an ISC intern as part of the SANS.edu BACS program] Managing the Attack Surface You’ve begun the journey of reviewing your IT infrastructure and attempting to figure out
Continue ReadingScans for Moodle Learning Platform Following Recent Update, (Wed, Sep 4th)
On August 10th, the popular learning platform "Moodle" released an update fixing %%cve:2024-43425%%. RedTeam Pentesting found the vulnerability and published a detailed blog post late last week. The blog post demonstrates in detail how a user with
Continue ReadingISC Stormcast For Wednesday, September 4th, 2024 https://isc.sans.edu/podcastdetail/9124, (Wed, Sep 4th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingISC Stormcast For Tuesday, September 3rd, 2024 https://isc.sans.edu/podcastdetail/9122, (Tue, Sep 3rd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingProtected OOXML Text Documents, (Mon, Sep 2nd)
Just like "Protected OOXML Spreadsheets", Word documents can also be protected: You have to look into the word/settings.xml file, and search for element w:documentProtection: The hash algorithm is the same as for OOXML spreadsheets. However, you
Continue ReadingWireshark 4.4: Converting Display Filters to BPF Capture Filters, (Sun, Sep 1st)
Display filters are used to define expressions that decide which packets get displayed, and which not in Wireshark's packet list. Berkeley Packet Filter (BPF) expressions decide which packets get captured, and which not when Wireshark is
Continue Reading