www.secnews.physaphae.fr

www.secnews.physaphae.fr This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-06T06:00:12+00:00 www.secnews.physaphae.fr SANS Institute - SANS est un acteur de defense et formation Packet Tuesday Episode 3: TCP Urgent Flag. https://packettuesday.com , (Tue, Nov 29th) SANS.edu Twitter| ]]> 2022-11-29T16:04:44+00:00 https://isc.sans.edu/diary/rss/29284 www.secnews.physaphae.fr/article.php?IdArticle=8282482 False None None 3.0000000000000000 SANS Institute - SANS est un acteur de defense et formation Identifying Groups of "Bot" Accounts on LinkedIn, (Tue, Nov 29th) 2022-11-29T15:46:37+00:00 https://isc.sans.edu/diary/rss/29282 www.secnews.physaphae.fr/article.php?IdArticle=8282483 False Threat None 3.0000000000000000 SANS Institute - SANS est un acteur de defense et formation Ukraine Themed Twitter Spam Pushing iOS Scareware, (Mon, Nov 28th) 2022-11-28T12:36:18+00:00 https://isc.sans.edu/diary/rss/29276 www.secnews.physaphae.fr/article.php?IdArticle=8271215 False Spam None 2.0000000000000000 SANS Institute - SANS est un acteur de defense et formation Happy 22nd Birthday DShield.org!, (Fri, Nov 25th) 2022-11-25T18:46:46+00:00 https://isc.sans.edu/diary/rss/29272 www.secnews.physaphae.fr/article.php?IdArticle=8223595 False None None 2.0000000000000000 SANS Institute - SANS est un acteur de defense et formation Attackers Keep Phishing Victims Under Stress, (Thu, Nov 24th) 2022-11-24T08:13:01+00:00 https://isc.sans.edu/diary/rss/29270 www.secnews.physaphae.fr/article.php?IdArticle=8196684 False None None 4.0000000000000000 SANS Institute - SANS est un acteur de defense et formation Packet Tuesday: Episode 2 - Extended DNS Option Type 0 , (Tue, Nov 22nd) Packet Tuesday. Staying with DNS for this episode (don&#;x26;#;39;t worry: Episode 3 will not be about DNS) ]]> 2022-11-22T17:57:03+00:00 https://isc.sans.edu/diary/rss/29268 www.secnews.physaphae.fr/article.php?IdArticle=8165682 False None None 4.0000000000000000 SANS Institute - SANS est un acteur de defense et formation Log4Shell campaigns are using Nashorn to get reverse shell on victim\'s machines, (Mon, Nov 21st) here and here. ]]> 2022-11-21T20:48:27+00:00 https://isc.sans.edu/diary/rss/29266 www.secnews.physaphae.fr/article.php?IdArticle=8152345 False Vulnerability None None SANS Institute - SANS est un acteur de defense et formation McAfee Fake Antivirus Phishing Campaign is Back!, (Sat, Nov 19th) 1]. ]]> 2022-11-20T00:02:43+00:00 https://isc.sans.edu/diary/rss/29264 www.secnews.physaphae.fr/article.php?IdArticle=8121924 False None None None SANS Institute - SANS est un acteur de defense et formation Lessons Learned from Automatic Failover: When 8.8.8.8 "disappears". IPv6 to the Rescue?, (Thu, Nov 17th) XKCD cartoon talks about the importance of the often taken for granted "8.8.8.8" Google DNS server. Like many, I use it often as a quick connectivity check. 8.8.8.8 is an anycast address that exists many times around the globe. I also started to use it for automatic failover on my OPNSense firewall/router. ]]> 2022-11-17T15:16:05+00:00 https://isc.sans.edu/diary/rss/29260 www.secnews.physaphae.fr/article.php?IdArticle=8069944 False None None None SANS Institute - SANS est un acteur de defense et formation Evil Maid Attacks - Remediation for the Cheap, (Wed, Nov 16th) DShield slack] ]]> 2022-11-16T18:15:23+00:00 https://isc.sans.edu/diary/rss/29256 www.secnews.physaphae.fr/article.php?IdArticle=8052372 False None None None SANS Institute - SANS est un acteur de defense et formation Packet Tuesday: Network Traffic Analysis for the Whole Family, (Tue, Nov 15th) 2022-11-15T17:17:06+00:00 https://isc.sans.edu/diary/rss/29252 www.secnews.physaphae.fr/article.php?IdArticle=8031456 False None None None SANS Institute - SANS est un acteur de defense et formation Extracting \'HTTP CONNECT\' Requests with Python, (Mon, Nov 14th) 2022-11-14T02:35:27+00:00 https://isc.sans.edu/diary/rss/29246 www.secnews.physaphae.fr/article.php?IdArticle=8000496 False None None None SANS Institute - SANS est un acteur de defense et formation Extracting Information From "logfmt" Files With CyberChef, (Sat, Nov 12th) video for this diary entry. ]]> 2022-11-12T13:15:59+00:00 https://isc.sans.edu/diary/rss/29244 www.secnews.physaphae.fr/article.php?IdArticle=7969446 False None None None SANS Institute - SANS est un acteur de defense et formation Update: IPv4 Address Representations, (Fri, Nov 11th) IPv4 Address Representations": CyberChef&#;x26;#;39;s operation Change IP Format does transform IPv4 representations. ]]> 2022-11-11T08:35:36+00:00 https://isc.sans.edu/diary/rss/29242 www.secnews.physaphae.fr/article.php?IdArticle=7944584 False None None None SANS Institute - SANS est un acteur de defense et formation Do you collect "Observables" or "IOCs"?, (Thu, Nov 10th) 2022-11-10T10:48:11+00:00 https://isc.sans.edu/diary/rss/29238 www.secnews.physaphae.fr/article.php?IdArticle=7925090 False Malware,Threat None None SANS Institute - SANS est un acteur de defense et formation Another Script-Based Ransomware, (Wed, Nov 9th) 1]. The last one I found was only a â€œproof-of-conceptâ€ (my guess) but it demonstrates how easy such malware can be developed and how they remain undetected by most antivirus products. ]]> 2022-11-09T02:27:20+00:00 https://isc.sans.edu/diary/rss/29234 www.secnews.physaphae.fr/article.php?IdArticle=7899325 False Ransomware,Malware None None SANS Institute - SANS est un acteur de defense et formation Microsoft November 2022 Patch Tuesday, (Tue, Nov 8th) 2022-11-08T18:41:13+00:00 https://isc.sans.edu/diary/rss/29230 www.secnews.physaphae.fr/article.php?IdArticle=7893274 True None None None SANS Institute - SANS est un acteur de defense et formation IPv4 Address Representations, (Sun, Nov 6th) maldoc. Not with the analysis itself, but how to understand where the URL is pointing to. ]]> 2022-11-06T10:56:42+00:00 https://isc.sans.edu/diary/rss/29224 www.secnews.physaphae.fr/article.php?IdArticle=7865331 False None None None SANS Institute - SANS est un acteur de defense et formation Windows Malware with VHD Extension, (Sat, Nov 5th) 2022-11-05T22:02:59+00:00 https://isc.sans.edu/diary/rss/29222 www.secnews.physaphae.fr/article.php?IdArticle=7853990 False Malware None None SANS Institute - SANS est un acteur de defense et formation Remcos Downloader with Unicode Obfuscation, (Fri, Nov 4th) 2022-11-04T07:08:23+00:00 https://isc.sans.edu/diary/rss/29220 www.secnews.physaphae.fr/article.php?IdArticle=7818720 False None None None SANS Institute - SANS est un acteur de defense et formation Breakpoints in Burp, (Wed, Nov 2nd) 2022-11-03T01:29:48+00:00 https://isc.sans.edu/diary/rss/29214 www.secnews.physaphae.fr/article.php?IdArticle=7792610 False None None None SANS Institute - SANS est un acteur de defense et formation Who put the "Dark" in DarkVNC?, (Wed, Nov 2nd) 2022-11-02T05:07:52+00:00 https://isc.sans.edu/diary/rss/29210 www.secnews.physaphae.fr/article.php?IdArticle=7776280 False None None None SANS Institute - SANS est un acteur de defense et formation Critical OpenSSL 3.0 Update Released. Patches CVE-2022-3786, (Tue, Nov 1st) 2022-11-01T15:59:18+00:00 https://isc.sans.edu/diary/rss/29208 www.secnews.physaphae.fr/article.php?IdArticle=7766476 False None None 2.0000000000000000 SANS Institute - SANS est un acteur de defense et formation NMAP without NMAP - Port Testing and Scanning with PowerShell, (Mon, Oct 31st) 2022-10-31T01:52:42+00:00 https://isc.sans.edu/diary/rss/29202 www.secnews.physaphae.fr/article.php?IdArticle=7747250 False None None None SANS Institute - SANS est un acteur de defense et formation Sysinternals Updates: Process Explorer v17.0, Handle v5.0, Process Monitor v3.92 and Sysmon v14.11, (Sun, Oct 30th) Sysinternals tools updates have been released for ]]> 2022-10-30T09:13:45+00:00 https://isc.sans.edu/diary/rss/29200 www.secnews.physaphae.fr/article.php?IdArticle=7738290 False None None None SANS Institute - SANS est un acteur de defense et formation Quickie: CyberChef & Microsoft Script Decoding, (Sat, Oct 29th) quite familiar with the algorythm: "Microsoft Script Decoder" (it&#;x26;#;39;s been there at least since 2017). ]]> 2022-10-29T14:07:37+00:00 https://isc.sans.edu/diary/rss/29198 www.secnews.physaphae.fr/article.php?IdArticle=7721156 False None None None SANS Institute - SANS est un acteur de defense et formation Supersizing your DUO and 365 Integration, (Thu, Oct 27th) 2022-10-27T22:52:34+00:00 https://isc.sans.edu/diary/rss/29194 www.secnews.physaphae.fr/article.php?IdArticle=7710698 False None None None SANS Institute - SANS est un acteur de defense et formation Upcoming Critical OpenSSL Vulnerability: What will be Affected?, (Thu, Oct 27th) 2022-10-27T14:06:50+00:00 https://isc.sans.edu/diary/rss/29192 www.secnews.physaphae.fr/article.php?IdArticle=7704327 False Vulnerability,Patching None None SANS Institute - SANS est un acteur de defense et formation Why is My Cat Using Baidu? And Other IoT DNS Oddities, (Wed, Oct 26th) My cat, Gluon, is having a problem. Last year, a new cat, Einstein, invaded her property, and since then, she has no longer ventured outside after some unfortunate encounters with Einstein. Gluon now spends most of her time inside doing cat stuff like grooming and sleeping; unfortunately, she has gained an unhealthy amount of weight. To help, we got her an automated cat feeder to better control her food intake. The cat feeder is sporting not just the obligatory WiFi and Cloud/App connectivity but also a camera, so it was immediately moved to our "IoT" network. ]]> 2022-10-26T13:09:23+00:00 https://isc.sans.edu/diary/rss/29188 www.secnews.physaphae.fr/article.php?IdArticle=7687017 False None None None SANS Institute - SANS est un acteur de defense et formation Apple Patches Everything: October 2022 Edition, (Tue, Oct 25th) 2022-10-25T00:22:44+00:00 https://isc.sans.edu/diary/rss/29182 www.secnews.physaphae.fr/article.php?IdArticle=7669423 False None None None SANS Institute - SANS est un acteur de defense et formation C2 Communications Through outlook.com, (Mon, Oct 24th) 2022-10-24T07:12:13+00:00 https://isc.sans.edu/diary/rss/29180 www.secnews.physaphae.fr/article.php?IdArticle=7663343 False Malware None None SANS Institute - SANS est un acteur de defense et formation Video: PNG Analysis, (Sun, Oct 23rd) video for my diary entry "PNG Analysis". ]]> 2022-10-23T00:02:40+00:00 https://isc.sans.edu/diary/rss/29176 www.secnews.physaphae.fr/article.php?IdArticle=7639093 False None None None SANS Institute - SANS est un acteur de defense et formation rtfdump\'s Find Option, (Sat, Oct 22nd) 2022-10-22T20:30:51+00:00 https://isc.sans.edu/diary/rss/29174 www.secnews.physaphae.fr/article.php?IdArticle=7635398 False None None None SANS Institute - SANS est un acteur de defense et formation sczriptzzbn inject pushes malware for NetSupport RAT, (Fri, Oct 21st) 2022-10-21T00:03:49+00:00 https://isc.sans.edu/diary/rss/29170 www.secnews.physaphae.fr/article.php?IdArticle=7594422 False Malware None None SANS Institute - SANS est un acteur de defense et formation Forensic Value of Prefetch, (Thu, Oct 20th) Logan Flook] When a program executes on a Windows system there are many artifacts that are generated which can assist digital forensic investigations. One of particular note is the Windows Prefetch file. Found in C:\Windows\Prefetch by default, prefetch files (.pf) contain a wealth of information that can prove vital to any investigation. ]]> 2022-10-20T14:08:02+00:00 https://isc.sans.edu/diary/rss/29168 www.secnews.physaphae.fr/article.php?IdArticle=7585500 False None None None SANS Institute - SANS est un acteur de defense et formation Are Internet Scanning Services Good or Bad for You?, (Wed, Oct 19th) 1]. There was an interesting keynote performed by Patrice Auffret[2], the founder of Onyphe, about "Ethical Internet Scanning in 2022". They are plenty of online scanners that work 24x7 to build a map of the Internet. They scan the entire IP addresses space and look for interesting devices, vulnerabilities, etc. Big players are Shodan, Onyphe, Censys, ZoomEye, etc. ]]> 2022-10-19T11:57:59+00:00 https://isc.sans.edu/diary/rss/29164 www.secnews.physaphae.fr/article.php?IdArticle=7561065 False None None None SANS Institute - SANS est un acteur de defense et formation Python Obfuscation for Dummies, (Tue, Oct 18th) 2022-10-18T05:11:17+00:00 https://isc.sans.edu/diary/rss/29160 www.secnews.physaphae.fr/article.php?IdArticle=7534711 False None None None SANS Institute - SANS est un acteur de defense et formation Fileless Powershell Dropper, (Mon, Oct 17th) 1]. By "fileless", it means that the malware tries to reduce at the minimum interactions with the file system. But, to achieve persistence, it must write something on the disk. Most of the time, it&#;x26;#;39;s done through registry keys. That&#;x26;#;39;s what happens with this sample: ]]> 2022-10-17T10:05:24+00:00 https://isc.sans.edu/diary/rss/29156 www.secnews.physaphae.fr/article.php?IdArticle=7527852 False Malware None None SANS Institute - SANS est un acteur de defense et formation Video: Analysis of a Malicious HTML File (QBot), (Sun, Oct 16th) video for diary entry "Analysis of a Malicious HTML File (QBot)": ]]> 2022-10-16T07:25:05+00:00 https://isc.sans.edu/diary/rss/29152 www.secnews.physaphae.fr/article.php?IdArticle=7502614 False None None None SANS Institute - SANS est un acteur de defense et formation Malware - Covid Vaccination Supplier Declaration, (Sat, Oct 15th) 2022-10-15T22:41:34+00:00 https://isc.sans.edu/diary/rss/29150 www.secnews.physaphae.fr/article.php?IdArticle=7493131 False None None None SANS Institute - SANS est un acteur de defense et formation Analysis of a Malicious HTML File (QBot), (Thu, Oct 13th) malicious HTML page that contains BASE64 images with malware. ]]> 2022-10-13T17:37:42+00:00 https://isc.sans.edu/diary/rss/29146 www.secnews.physaphae.fr/article.php?IdArticle=7438934 False None None None SANS Institute - SANS est un acteur de defense et formation Scans for old Fortigate Vulnerability: Building Target Lists?, (Wed, Oct 12th) 2022-10-12T09:15:26+00:00 https://isc.sans.edu/diary/rss/29142 www.secnews.physaphae.fr/article.php?IdArticle=7410190 False Vulnerability None None SANS Institute - SANS est un acteur de defense et formation October 2022 Microsoft Patch Tuesday, (Tue, Oct 11th) 2022-10-11T17:22:43+00:00 https://isc.sans.edu/diary/rss/29138 www.secnews.physaphae.fr/article.php?IdArticle=7395920 False None None None SANS Institute - SANS est un acteur de defense et formation Wireshark: Specifying a Protocol Stack Layer in Display Filters, (Mon, Oct 10th) release of Wireshark 4.0.0 brings many new features, especially for the display filter syntax. ]]> 2022-10-10T06:05:20+00:00 https://isc.sans.edu/diary/rss/29130 www.secnews.physaphae.fr/article.php?IdArticle=7380089 False None None None SANS Institute - SANS est un acteur de defense et formation Curl\'s resolve Option, (Sun, Oct 9th) Downloading Samples From Takendown Domains". ]]> 2022-10-09T17:57:45+00:00 https://isc.sans.edu/diary/rss/29132 www.secnews.physaphae.fr/article.php?IdArticle=7371812 False None None None SANS Institute - SANS est un acteur de defense et formation Wireshark 4.0.0 Released, (Sat, Oct 8th) Wireshark 4.0.0 was released. As announced here before, Windows 32-bit executables are no longer included in Wireshark releases starting with this release. ]]> 2022-10-08T07:46:31+00:00 https://isc.sans.edu/diary/rss/29128 www.secnews.physaphae.fr/article.php?IdArticle=7348558 False None None None SANS Institute - SANS est un acteur de defense et formation Sysmon v14.1 Release, (Sat, Oct 8th) Sysmon brings another blocking feature: FileBlockShredding. This prevents wiping tools like sdelete to shred files. ]]> 2022-10-08T07:29:36+00:00 https://isc.sans.edu/diary/rss/29126 www.secnews.physaphae.fr/article.php?IdArticle=7348559 False None None None SANS Institute - SANS est un acteur de defense et formation Critical Fortinet Vulnerability Ahead, (Fri, Oct 7th) 1] its customers to update as soon as possible to the latest version of their firewall (Fortigate) and proxies (FortiProxy) to fix a critical vulnerability. Assigned %%cve:2022-40684%%, it is related to an authentication bypass on the administrative interface. ]]> 2022-10-07T14:34:23+00:00 https://isc.sans.edu/diary/rss/29124 www.secnews.physaphae.fr/article.php?IdArticle=7335367 False Vulnerability None None SANS Institute - SANS est un acteur de defense et formation Powershell Backdoor with DGA Capability, (Fri, Oct 7th) 2022-10-07T06:21:03+00:00 https://isc.sans.edu/diary/rss/29122 www.secnews.physaphae.fr/article.php?IdArticle=7330143 False Malware None None SANS Institute - SANS est un acteur de defense et formation What is in your Infosec Calendar? , (Thu, Oct 6th) 2022-10-06T17:07:19+00:00 https://isc.sans.edu/diary/rss/29118 www.secnews.physaphae.fr/article.php?IdArticle=7321534 False None None None SANS Institute - SANS est un acteur de defense et formation More IcedID, (Wed, Oct 5th) 2022-10-05T12:29:15+00:00 https://isc.sans.edu/diary/rss/29116 www.secnews.physaphae.fr/article.php?IdArticle=7306913 False None None None SANS Institute - SANS est un acteur de defense et formation Credential Harvesting with Telegram API, (Tue, Oct 4th) 2022-10-04T16:09:37+00:00 https://isc.sans.edu/diary/rss/29112 www.secnews.physaphae.fr/article.php?IdArticle=7296902 False None None None SANS Institute - SANS est un acteur de defense et formation Exchange Server 0-Day Actively Exploited, (Fri, Sep 30th) 2022-09-30T13:43:24+00:00 https://isc.sans.edu/diary/rss/29106 www.secnews.physaphae.fr/article.php?IdArticle=7225717 False None None None SANS Institute - SANS est un acteur de defense et formation PNG Analysis, (Thu, Sep 29th) different samples tagged with PNG on MalwareBazaar. ]]> 2022-09-29T06:53:47+00:00 https://isc.sans.edu/diary/rss/29100 www.secnews.physaphae.fr/article.php?IdArticle=7195479 False Tool None None SANS Institute - SANS est un acteur de defense et formation 10 Years Later: Attacker re-discovering old VTiger CRM Vulnerability?, (Wed, Sep 28th) 2022-09-28T12:10:03+00:00 https://isc.sans.edu/diary/rss/29098 www.secnews.physaphae.fr/article.php?IdArticle=7179522 False None None None SANS Institute - SANS est un acteur de defense et formation DNS Option 15: Debugging DNSSEC Errors., (Tue, Sep 27th) 2022-09-27T13:41:11+00:00 https://isc.sans.edu/diary/rss/29094 www.secnews.physaphae.fr/article.php?IdArticle=7160787 False None None None SANS Institute - SANS est un acteur de defense et formation Easy Python Sandbox Detection , (Mon, Sep 26th) 1], but it requires some extra code in the script. Because we are lazy (attackers too), why not try to automate this and easily detect the presence of such a security mechanism? ]]> 2022-09-26T07:44:33+00:00 https://isc.sans.edu/diary/rss/29090 www.secnews.physaphae.fr/article.php?IdArticle=7147519 False None None None SANS Institute - SANS est un acteur de defense et formation Downloading Samples From Takendown Domains, (Sun, Sep 25th) 2022-09-25T08:01:58+00:00 https://isc.sans.edu/diary/rss/29086 www.secnews.physaphae.fr/article.php?IdArticle=7128028 False None None None SANS Institute - SANS est un acteur de defense et formation Maldoc Analysis Info On MalwareBazaar, (Sat, Sep 24th) MalwareBazaar, like this sample, you can see analysis data from olevba and oledump. ]]> 2022-09-25T07:29:33+00:00 https://isc.sans.edu/diary/rss/29084 www.secnews.physaphae.fr/article.php?IdArticle=7127093 False None None None SANS Institute - SANS est un acteur de defense et formation Kids Like Cookies, Malware Too!, (Fri, Sep 23rd) 1];, the very popular communication tool used daily by millions of people (me too). Security researchers found that Teams storesÂ; ;session tokens in clear text on the file system. I wonâ;€;™;t discuss the vulnerability here; read the blog post if you want to learn more. The critical element is that once the token has been stolen, an attacker can impersonate the user. ]]> 2022-09-23T08:41:43+00:00 https://isc.sans.edu/diary/rss/29082 www.secnews.physaphae.fr/article.php?IdArticle=7079171 False Malware,Tool,Vulnerability None None SANS Institute - SANS est un acteur de defense et formation RAT Delivered Through FODHelper , (Thu, Sep 22nd) 1] RAT through an old UAC Bypass technique. This technique is based on the "fodhelper" utility ("Features On Demand Helper"). Once launched, this tool will search for specific registry keys and, if present, will execute their content with high privileges. ]]> 2022-09-22T07:11:21+00:00 https://isc.sans.edu/diary/rss/29078 www.secnews.physaphae.fr/article.php?IdArticle=7057295 False Tool None None SANS Institute - SANS est un acteur de defense et formation Phishing Campaigns Use Free Online Resources, (Wed, Sep 21st) 2022-09-21T05:59:53+00:00 https://isc.sans.edu/diary/rss/29074 www.secnews.physaphae.fr/article.php?IdArticle=7032373 False None None None SANS Institute - SANS est un acteur de defense et formation Chainsaw: Hunt, search, and extract event log records, (Mon, Sep 19th) ]]> 2022-09-20T00:32:37+00:00 https://isc.sans.edu/diary/rss/29066 www.secnews.physaphae.fr/article.php?IdArticle=7008543 False None None None SANS Institute - SANS est un acteur de defense et formation Preventing ISO Malware , (Sun, Sep 18th) 2022-09-18T22:58:27+00:00 https://isc.sans.edu/diary/rss/29062 www.secnews.physaphae.fr/article.php?IdArticle=6990802 False Malware None 5.0000000000000000 SANS Institute - SANS est un acteur de defense et formation Video: Grep & Tail -f With Notepad++, (Sun, Sep 18th) video for diary entry "Quickie: Grep & Tail -f With Notepad++". ]]> 2022-09-18T11:01:46+00:00 https://isc.sans.edu/diary/rss/29060 www.secnews.physaphae.fr/article.php?IdArticle=6978573 False None None None SANS Institute - SANS est un acteur de defense et formation Video: Analyzing Obfuscated VBS with CyberChef, (Sat, Sep 17th) video for my diary entry "Analyzing Obfuscated VBS with CyberChef". ]]> 2022-09-17T07:07:19+00:00 https://isc.sans.edu/diary/rss/29058 www.secnews.physaphae.fr/article.php?IdArticle=6948837 False None None None SANS Institute - SANS est un acteur de defense et formation Word Maldoc With CustomXML and Renamed VBAProject.bin, (Fri, Sep 16th) 0xThiebaut just gave me a heads up for this interesting sample: 2056b52f8c2f62e222107e6fb6ca82708cdae73a91671d40e61aef8698e3e139 ]]> 2022-09-16T10:07:55+00:00 https://isc.sans.edu/diary/rss/29056 www.secnews.physaphae.fr/article.php?IdArticle=6928423 False None None None SANS Institute - SANS est un acteur de defense et formation Malicious Word Document with a Frameset, (Thu, Sep 15th) 1]. This time, the document does not contain any malicious code but just refers to a second stage that will be delivered when the document is opened. ]]> 2022-09-15T06:33:30+00:00 https://isc.sans.edu/diary/rss/29052 www.secnews.physaphae.fr/article.php?IdArticle=6903845 False Vulnerability None None SANS Institute - SANS est un acteur de defense et formation Easy Process Injection within Python, (Wed, Sep 14th) 1&#;x26;#;x5d;. When I&#;x26;#;39;m teaching FOR610, students are often surprised that it&#;x26;#;39;s a feature of the operating system, so, by default, not malicious. Microsoft offers all the required API calls to perform this. Some legit applications use many process injection techniques like your best antivirus or EDR solution! ]]> 2022-09-14T06:57:33+00:00 https://isc.sans.edu/diary/rss/29048 www.secnews.physaphae.fr/article.php?IdArticle=6883270 False Malware None None SANS Institute - SANS est un acteur de defense et formation Microsoft September 2022 Patch Tuesday, (Tue, Sep 13th) 2022-09-13T17:32:31+00:00 https://isc.sans.edu/diary/rss/29044 www.secnews.physaphae.fr/article.php?IdArticle=6872472 True None None None SANS Institute - SANS est un acteur de defense et formation VirusTotal Result Comparisons for Honeypot Malware, (Mon, Sep 12th) 2022-09-12T13:11:44+00:00 https://isc.sans.edu/diary/rss/29040 www.secnews.physaphae.fr/article.php?IdArticle=6860621 False None None None SANS Institute - SANS est un acteur de defense et formation Wireshark 3.6.8 and 4.0.0rc1 Released, (Sun, Sep 11th) 3.6.8 was released. It fixes 1 vulnerability and 15 bugs. ]]> 2022-09-11T06:48:33+00:00 https://isc.sans.edu/diary/rss/29036 www.secnews.physaphae.fr/article.php?IdArticle=6838257 False Vulnerability None None SANS Institute - SANS est un acteur de defense et formation Phishing Word Documents with Suspicious URL, (Sat, Sep 10th) tools, I ran through the following checks to see what could be embedded in it that is likely suspicious. I first checked the file using oledump.py to see if there were any OLE files in this document. ]]> 2022-09-10T17:42:59+00:00 https://isc.sans.edu/diary/rss/29034 www.secnews.physaphae.fr/article.php?IdArticle=6827896 False Malware None None SANS Institute - SANS est un acteur de defense et formation Maldoc With Decoy BASE64, (Fri, Sep 9th) Maldoc Analysis: Rehearsed vs. Unrehearsed". ]]> 2022-09-09T15:13:56+00:00 https://isc.sans.edu/diary/rss/29032 www.secnews.physaphae.fr/article.php?IdArticle=6804948 False None None None SANS Institute - SANS est un acteur de defense et formation Analyzing Obfuscated VBS with CyberChef, (Thu, Sep 8th) sample on MalwareBazaar, because it had no tags (now it has a VBS tag). ]]> 2022-09-08T08:56:26+00:00 https://isc.sans.edu/diary/rss/29028 www.secnews.physaphae.fr/article.php?IdArticle=6782066 False None None None SANS Institute - SANS est un acteur de defense et formation PHP Deserialization Exploit attempt, (Wed, Sep 7th) 2022-09-07T13:32:38+00:00 https://isc.sans.edu/diary/rss/29024 www.secnews.physaphae.fr/article.php?IdArticle=6768122 False None None None SANS Institute - SANS est un acteur de defense et formation Quickie: Grep & Tail -f With Notepad++, (Mon, Sep 5th) Notepad++ is a free and open source text editor for Windows. ]]> 2022-09-05T14:10:24+00:00 https://isc.sans.edu/diary/rss/29018 www.secnews.physaphae.fr/article.php?IdArticle=6740708 False None None None SANS Institute - SANS est un acteur de defense et formation Video: VBA Maldoc & UTF7 (APT-C-35), (Sun, Sep 4th) video for the maldoc analysis I did in diary entries "VBA Maldoc & UTF7 (APT-C-35)" and "Update: VBA Maldoc & UTF7 (APT-C-35)". ]]> 2022-09-04T15:12:31+00:00 https://isc.sans.edu/diary/rss/29016 www.secnews.physaphae.fr/article.php?IdArticle=6727599 False None None None SANS Institute - SANS est un acteur de defense et formation Video: James Webb JPEG With Malware, (Sat, Sep 3rd) video for yesterday&#;x26;#;39;s diary entry James Webb JPEG With Malware. ]]> 2022-09-03T08:01:26+00:00 https://isc.sans.edu/diary/rss/29012 www.secnews.physaphae.fr/article.php?IdArticle=6701619 False None None None SANS Institute - SANS est un acteur de defense et formation James Webb JPEG With Malware, (Fri, Sep 2nd) Wednesday&#;x26;#;39;s stormcast, Johannes talked about a JPEG picture (coming from the Jales Webb telescope) that malware authors had laced with malware. ]]> 2022-09-02T19:22:15+00:00 https://isc.sans.edu/diary/rss/29010 www.secnews.physaphae.fr/article.php?IdArticle=6691817 False Malware None None SANS Institute - SANS est un acteur de defense et formation Jolokia Scans: Possible Hunt for Vulnerable Apache Geode Servers (CVE-2022-37021), (Thu, Sep 1st) 2022-09-01T13:14:38+00:00 https://isc.sans.edu/diary/rss/29006 www.secnews.physaphae.fr/article.php?IdArticle=6665740 False None None None SANS Institute - SANS est un acteur de defense et formation Underscores and DNS: The Privacy Story, (Wed, Aug 31st) 2022-08-31T18:15:59+00:00 https://isc.sans.edu/diary/rss/29002 www.secnews.physaphae.fr/article.php?IdArticle=6649959 False None None None SANS Institute - SANS est un acteur de defense et formation Two things that will never die: bash scripts and IRC!, (Tue, Aug 30th) 2022-08-30T15:01:40+00:00 https://isc.sans.edu/diary/rss/28998 www.secnews.physaphae.fr/article.php?IdArticle=6628482 False None None None SANS Institute - SANS est un acteur de defense et formation Update: VBA Maldoc & UTF7 (APT-C-35), (Mon, Aug 29th) VBA Maldoc & UTF7 (APT-C-35)", I analyze a malicious document with VBA code that injects shellcode into the host process. That shellcode is UTF7 encoded. ]]> 2022-08-29T10:41:28+00:00 https://isc.sans.edu/diary/rss/28994 www.secnews.physaphae.fr/article.php?IdArticle=6611970 False None None None SANS Institute - SANS est un acteur de defense et formation Dealing With False Positives when Scanning Memory Dumps for Cobalt Strike Beacons, (Sun, Aug 28th) 1768.py to deal with false positives in Windows system&#;x26;#;39;s memory dumps. ]]> 2022-08-28T11:24:43+00:00 https://isc.sans.edu/diary/rss/28990 www.secnews.physaphae.fr/article.php?IdArticle=6593643 False Tool None None SANS Institute - SANS est un acteur de defense et formation Sysinternals Updates: Sysmon v14.0 and ZoomIt v6.01, (Sun, Aug 28th) Sysmon and ZoomIt) received updates that significantly extends their scope: Sysmon can now also block actions, and ZoomIt can record videos. ]]> 2022-08-28T09:03:38+00:00 https://isc.sans.edu/diary/rss/28988 www.secnews.physaphae.fr/article.php?IdArticle=6591787 False None None None SANS Institute - SANS est un acteur de defense et formation HTTP/2 Packet Analysis with Wireshark, (Fri, Aug 26th) 1][2][3] regarding this protocol. These packets are from censys.io[4] which is a site that provides internet discovery and inventory like Shodan. In my logs, the activity looked like this: ]]> 2022-08-27T02:06:54+00:00 https://isc.sans.edu/diary/rss/28986 www.secnews.physaphae.fr/article.php?IdArticle=6557977 False None None None SANS Institute - SANS est un acteur de defense et formation Paypal Phishing/Coinbase in One Image, (Fri, Aug 26th) 2022-08-26T05:31:39+00:00 https://isc.sans.edu/diary/rss/28984 www.secnews.physaphae.fr/article.php?IdArticle=6536936 False Spam None None SANS Institute - SANS est un acteur de defense et formation Taking Apart URL Shorteners, (Thu, Aug 25th) 2022-08-25T13:38:19+00:00 https://isc.sans.edu/diary/rss/28980 www.secnews.physaphae.fr/article.php?IdArticle=6521536 False None None None SANS Institute - SANS est un acteur de defense et formation Monster Libra (TA551/Shathak) --> IcedID (Bokbot) --> Cobalt Strike & DarkVNC, (Wed, Aug 24th) 2022-08-24T00:20:34+00:00 https://isc.sans.edu/diary/rss/28974 www.secnews.physaphae.fr/article.php?IdArticle=6493592 False None None None SANS Institute - SANS est un acteur de defense et formation Who\'s Looking at Your security.txt File?, (Tue, Aug 23rd) 1&#;x26;#;x5d;. It was already popular for a while, but an RFC is always a good way to &#;x26;#;xe2;&#;x26;#;x80;&#;x26;#;x9c;promote&#;x26;#;xe2;&#;x26;#;x80;&#;x26;#;x9d; some best practices&#;x26;#;x21; If you&#;x26;#;39;re unaware of this file, it helps to communicate security contacts (email addresses, phone, ...) to people who would like to contact you to report an issue with your website or your organization. This security.txt file was deployed on my websites for a while, and I never really paid attention to its popularity. The ISC also has its one&#;x26;#;x5b;2&#;x26;#;x5d;. ]]> 2022-08-23T06:46:32+00:00 https://isc.sans.edu/diary/rss/28972 www.secnews.physaphae.fr/article.php?IdArticle=6480000 False None None None SANS Institute - SANS est un acteur de defense et formation 32 or 64 bits Malware?, (Mon, Aug 22nd) 2022-08-22T05:03:23+00:00 https://isc.sans.edu/diary/rss/28968 www.secnews.physaphae.fr/article.php?IdArticle=6469622 False Malware None None SANS Institute - SANS est un acteur de defense et formation YARA 4.2.3 Released, (Sat, Aug 20th) 4.2.3 of YARA was released. ]]> 2022-08-20T21:51:02+00:00 https://isc.sans.edu/diary/rss/28964 www.secnews.physaphae.fr/article.php?IdArticle=6443092 False None None None SANS Institute - SANS est un acteur de defense et formation Brazil malspam pushes Astaroth (Guildma) malware, (Fri, Aug 19th) 2022-08-19T22:43:52+00:00 https://isc.sans.edu/diary/rss/28962 www.secnews.physaphae.fr/article.php?IdArticle=6422207 False None None None SANS Institute - SANS est un acteur de defense et formation Windows Security Blocks UPX Compressed (packed) Binaries, (Fri, Aug 19th) 2022-08-19T13:19:01+00:00 https://isc.sans.edu/diary/rss/28960 www.secnews.physaphae.fr/article.php?IdArticle=6414417 False None None None SANS Institute - SANS est un acteur de defense et formation Honeypot Attack Summaries with Python, (Thu, Aug 18th) 2022-08-18T17:53:28+00:00 https://isc.sans.edu/diary/rss/28956 www.secnews.physaphae.fr/article.php?IdArticle=6397300 False None None None SANS Institute - SANS est un acteur de defense et formation Apple Patches Two Exploited Vulnerabilities, (Wed, Aug 17th) 2022-08-17T21:03:07+00:00 https://isc.sans.edu/diary/rss/28952 www.secnews.physaphae.fr/article.php?IdArticle=6380255 False Vulnerability None None SANS Institute - SANS est un acteur de defense et formation A Quick VoIP Experiment, (Wed, Aug 17th) 2022-08-17T12:48:11+00:00 https://isc.sans.edu/diary/rss/28950 www.secnews.physaphae.fr/article.php?IdArticle=6373360 False None None None SANS Institute - SANS est un acteur de defense et formation VBA Maldoc & UTF7 (APT-C-35), (Tue, Aug 16th) 394c97cc9d567e556a357f129aea03f737cbd2a1761df32146ef69d93afc73dc. ]]> 2022-08-16T13:34:33+00:00 https://isc.sans.edu/diary/rss/28946 www.secnews.physaphae.fr/article.php?IdArticle=6353833 False None None None SANS Institute - SANS est un acteur de defense et formation Realtek SDK SIP ALG Vulnerability: A Big Deal, but not much you can do about it. CVE 2022-27255, (Sun, Aug 14th) 2022-08-14T18:17:20+00:00 https://isc.sans.edu/diary/rss/28940 www.secnews.physaphae.fr/article.php?IdArticle=6323793 False Vulnerability None None