Handler on Duty: Didier Stevens
Threat Level: green
Manuel Humberto Santander Pelaez Diaries
- Noticing command and control channels by reviewing DNS protocols
- Controlling network access to ICS systems
- Management of DMARC control for email impersonation of domains in the .co TLD - part 2
- Management of DMARC control for email impersonation of domains in the .co TLD - part 1
- Security headers you should add into your application to increase cyber risk protection
- Scanning s3 buckets
- More packet fu with zeek
- Creating patched binaries for pentesting purposes
- Performing deception to OS Fingerprint (Part 1: nmap)
- SNMP service: still opened to the public and still queried by attackers
- Enumerating office365 users
- Merry christmas!
- Timely acquisition of network traffic evidence in the middle of an incident response procedure
- Gathering information to determine unusual network traffic
- Some packet-fu with Zeek (previously known as bro)
- The danger of sending information for API consumption without adequate security measures
- Another quickie: Discovering patterns in network traffic with silk
- Effective security governance
- Encryption inside Utility Industrial Control Systems (ICS) communication protocols: a must to preserve the confidentiality of information and reliability of the industrial process
- CVE-2016-7461: VMware Workstation and Fusion updates address critical out-of-bounds memory access vulnerability
- Performing network forensics with Dshell. Part 2: Decoder development process
- VMWare Security Advisories VMSA-2016-0005
- CVE-2016-2208 Symantec Antivirus Engine Malformed PE Header Parser Memory Access Violation
- Performing network forensics with Dshell. Part 1: Basic usage
- Angler EK campaign targeting several .co domains deploying teslacrypt 3.0 malware
- Ransom32: The first javascript ransomware
- Testing for DNS recursion and avoiding being part of DNS amplification attacks
- Scanning tricks with scapy
- Enhancing pentesting recon with nmap
- Microsoft patch tuesday problem with Symantec Cloud Endpoint protection?
- More patch tuesday: adobe released security update for adobe flash player
- August 2015 Microsoft Patch Tuesday
- Internet Storm Center state of the internet panel
- RFC 7540 - HTTP/2 protocol
- Checking for BACNet devices inside corporate networks
- Address spoofing vulnerability in Safari Web Browser
- Massive malware spam campain to corporate domains in Colombia
- Strange wordpress login patterns
- Which security tool is your favorite?
- Why patch management is ALSO REQUIRED in ICS infrastructure
- Merry Christmas!
- Detecting irregular programs and services installed in your network
- Testing for opened ports with firewalk technique
- Strange ICMP traffic seen in destination
- Issues with Microsoft Updates
- Coming up next: Microsoft Patch Tuesday
- Checking for vulnerabilities in the Smart Grid System
- Testing your website for the heartbleed vulnerability with nmap
- Looking for malicious traffic in electrical SCADA networks - part 2 - solving problems with DNP3 Secure Authentication Version 5
- WinXP and/or Win2003 hanged systems because of SC Forefront Endpoint Protection faulty update
- Looking for malicious traffic in electrical SCADA networks - part 1
- Malicious PDF sent in massive scam to Colombian users claiming to be from Credit score agency
- Taking care when publishing Citrix services inside the corporate network or to the Internet
- Default configuration check for Microsoft SQL Server - Taking advantage of quiet days in holidays
- Merry christmas!
- Google having a hiccup in Colombia
- When attackers use your DNS to check for the sites you are visiting
- Old D-Link routers with coded backdoor
- Do you have your network perimeter secured against downloading malicious content?
- Information leakage through cloud file storage services
- Do you have rogue Internet gateways in your network? Check it with nmap
- Using nmap scripts to enhance vulnerability asessment results
- NIST Cybersecurity Framework
- Knowing where to look for the owner of an offending IP address
- UDP port 1434 directed attack to AS13489 IP ranges
- More massive malicious spam! This time claiming to be from Almacenes Exito
- Massive Google scam sent by email to Colombian domains
- SANS SCADA Summit at Orlando - Bigger problems and so far from getting them solved
- What can happen within a cyberterrorist attack to the electrical grid of a country?
- New year and new CA compromised
- How to determine which NAC solutions fits best to your needs
- Happy new year!
- Merry Christmas!
- Google blocks silent Chrome extension installation
- Information Security Incidents are now a concern for colombian government
- Cyber Security Awareness Month - Day 6 - NERC: The standard that enforces security on power SCADA
- Do we need test procedures in our companies before implementing Antivirus signatures?
- Authentication Issues between entities during protocol message exchange in SCADA Systems
- Internet Storm Center panel tonight at SANSFIRE 2012!
- CVE-2012-1889 exploit arrived to metasploit
- PHP vulnerability CVE-2012-1823 being exploited in the wild
- New e-mail scam targeting Colombian Internet users: This time claiming to be from the Transport authority
- PHP 5.4 Exploit PoC in the wild
- MacOS Users vulnerable to Blackhole exploit kit
- Another airline scam! This time from US Airways
- LAN Airlines scam - Social Engineering Attacks still happening and will keep happening ...
- Phishing with obfuscated javascript, shellcode and malware
- Problem with Microsoft Antivirus regarding malware from google website
- MS11-100 DoS PoC exploit published
- Snort 2.9.2 now supporting SCADA protocol checks
- Critical Control 15: Data Loss Prevention
- Critical Control 14: Wireless Device Control
- Controlling a Cisco IOS device from an IRC channel
- DNS cache poisoning: still works and still makes lots of damage
- Phishing: Same goal, same techniques and people still falling for such scams
- Image search can lead to malware download
- iPhoneMap: iPhoneTracker port to Linux
- In-house developed applications: The constant headache for the information security officer
- DroidDream android malware analysis
- Rogue apps inside Android Marketplace
- Poor man's DLP solution
- Bind DOS vulnerability (CVE-2011-0414)
- Possible new Twitter worm
- VirusTotal VTzilla firefox/chrome plugin
- Facebook virus spreads via photo album chat messages
- Happy New Year 2011!!!
- ISC infocon monitor app for OS X
- An interesting vulnerability playground to learn application vulnerabilities
- Merry Christmas!!
- HP StorageWorks P2000 G3 MSA hardcoded user
- Vulnerability in the PDF distiller of the BlackBerry Attachment Service
- December 2010 Microsoft Black Tuesday Summary
- Network Security Perimeter: How to choose the correct firewall and IPS for your environment?
- DST to EST error summary
- CVE-2010-3654 exploit in the wild
- Checkpoint UTM-1 edge VPN boxes worldwide did an unscheduled reboot
- Cyber Security Awareness Month - Day 29- Role of the office geek
- CVE-2010-3654 - New dangerous 0-day authplay library adobe products vulnerability
- Intypedia project
- Cyber Security Awareness Month - Day 18 - What you should tell your boss when there's a crisis
- CVE-2010-3081 kernel: 64-bit Compatibility Mode Stack Pointer Underflow
- Adobe SING table parsing exploit (CVE-2010-2883) in the wild
- Enhanced Mitigation Experience Toolkit can block Adobe 0-day exploit
- Adobe Acrobat pushstring Memory Corruption paper
- Firefox plugins to perform penetration testing activities
- SCADA: A big challenge for information security professionals
- Anatomy of a PDF exploit
- Python to test web application security
- Opensolaris project cancelled, replaced by Solaris 11 express
- Obfuscated SQL Injection attacks
- Adobe Acrobat Font Parsing Integer Overflow Vulnerability
- Securing Windows Internet Kiosk
- Evation because IPS fails to validate TCP checksums?
- Transmiting logon information unsecured in the network
- GnuPG gpgsm bug
- Types of diary: One liners vs full diary
- Firefox 3.6.7 is out!!
- Lowering infocon back to green
- Truecrypt 7.0 released
- iTunes buffer overflow vulnerability
- LNK vulnerability now with Metasploit module implementing the WebDAV method
- New metasploit GUI written in Java
- SAGAN: An open-source event correlation system - Part 1: Installation
- Apple ITunes account security compromised
- Interesting analysis of the PHP SplObjectStorage Vulnerability
- Malware inside PDF Files
- New Winpcap Version
- Study of clickjacking vulerabilities on popular sites
- Apple releases advisory for Mac OS X - Multiple vulnerabilities discovered
- iPhone 4 Order Security Breach Exposes Private Information
- Microsoft Windows Help and Support Center vulnerability (CVE 2010-1885) exploit in the wild
- Mastercard delivering cards with OTP device included
- TCP evasions for IDS/IPS
- Rogue facebook application acting like a worm
- Small lot of Olympus Stylus Tough 6010 shipped with malware
- Python on a microcontroller?
- Metasploit 101
- Another way to get protection for application-level attacks
- New way of social engineering on IRC
- June 2010 Microsoft Black Tuesday Summary
- Internet Storm Center panel tonight at SANSFIRE
- Software Restriction Policy to keep malware away
- Nice OS X exploit tutorial
- Oracle Java SE and Java for Business 'MixerSequencer' Remote Code Execution Vulnerability
- e-mail scam announcing Fidel Castro's funeral ... and nasty malware to your computer.
