Handler on Duty: Xavier Mertens
Threat Level: green
Bojan Zdrnja Diaries
- New Windows Print Spooler Vulnerability - CVE-2021-34481
- Mitre CWE - Common Weakness Enumeration
- Quick and dirty Python: nmap
- Quick and dirty Python: masscan
- Important Apple Updates
- Querying Spamhaus for IP reputation
- What's the deal with openportstats.com?
- Threat Hunting with JARM
- CVE-2020-5135 - Buffer Overflow in SonicWall VPNs - Patch Now
- ISC Blocked
- Password Reuse Strikes Again!
- A few IoCs related to CVE-2020-5902
- Sextortion Update: The Final Final Chapter
- HTML based Phishing Run
- What is up on Port 62234?
- Cisco Advisories for FTD, ASA, Firepower 1000
- Automating nmap scans
- Nmap Basics - The Security Practitioner's Swiss Army Knife
- VMWare vRealize Critical vulnerabilities due to SaltStack - VMSA-2020-0009
- Bluekeep exploitation causing Bluekeep vulnerability scan to fail
- Sextortion: Follow the Money - The Final Chapter
- Scanning for Bluekeep vulnerable RDP instances
- OpSec and OSInt
- Sextortion: Follow the Money Part 3 - The cashout begins!
- Bombstortion?? Boomstortion??
- Using the Neutrino ip-blocklist API to test general badness of an IP
- Sextortion - Follow the Money Update
- Sextortion - Follow the Money
- Something Wicked this way comes
- Microsoft Security Update for Spectre V2
- Increase in port 2580 probe sources
- Flaw in Intel's Active Management Technology (AMT)
- One year Anniversary of Dyn DDOS
- Cisco fixes for KRACKs not complete
- Using nmap to scan for MS17-010 (CVE-2017-0143 EternalBlue)
- Cloudflare data leak...what does it mean to me?
- Practical collision attack against SHA-1
- Multiple vulnerabilities discovered in popular printer models
- More on Protocol 47 denys
- Increase in Protocol 47 denys
- Mirai - now with DGA
- Benevolent malware? reincarna/Linux.Wifatch
- First Hurricane Matthew related Phish
- What is happening on 2323/TCP?
- The era of big DDOS?
- YAHDD! (Yet another HUGE data Breach!)
- Cisco ASA SNMP Remote Code Execution Vulnerability
- Bart - a new Ransomware
- VMWare Security Advisories
- Technical Report about the RUAG attack
- TeslaCrypt closes down...Releases master decryption key
- An oldie but a goodie - 419 Death Scam
- OpenSSL Updates
- Lean Threat Intelligence
- Fake Chrome update for Android
- Critical Adobe Updates - March 2016
- Paypal Phishing landing pages hosted at HostGator
- DDOS is down, but still a concern for ISPs
- hashcat and oclHashcat are now open source
- The other Juniper vulnerability - CVE-2015-7756
- Cisco Cloud Web Security DNS Hijack
- Oracle WebLogic Server: CVE-2015-4852 patched
- Microsoft Patch Tuesday followup: KB3097877 re-issued!
- DNS Reconnaissance using nmap
- Android Stagefright multimedia viewer prone to remote exploitation
- VENOM - Does it live up to the hype?
- Interesting Home Depot Spam
- Watch for updated router firmware!
- Advisory: Seagate NAS Remote Code Execution
- Let's Encrypt!
- DDOS are way down? Why?
- Improving SSL Warnings
- The argument for moving SSH off port 22
- Defensible network architecture
- oledump analysis of Rocket Kitten - Guest Diary by Didier Stevens
- Incident Response at Sony
- Grown Up Security Christmas List
- Google App Engine Java Security Sandbox bypasses
- CSAM: Month of False Positives - Breach Emails?
- 1900/UDP (SSDP) Scanning and DDOS
- Part 2: Is your home network unwittingly contributing to NTP DDOS attacks?
- Part 1: Is your home network unwittingly contributing to NTP DDOS attacks?
- Symantec Endpoint Protection Privilege Escalation Zero Day
- Using nmap to scan for DDOS reflectors
- NTIA begins transition of Root DNS Management
- IOS SSL vulnerability also present in OS X
- Anatomy of a Malware distribution campaign
- Port 0 DDOS
- Apple not updating OS X Mountain Lion?
- Tales of Password Reuse
- Microsoft and Facebook announce bug bounty
- Protecting Your Family's Computers
- Tools for reviewing infected websites
- Microsoft August 2012 Black Tuesday Update - Overview
- Interesting scan for medical certification information...
- OpenDNS is looking for a few good malware people!
- TippingPoint DNS Version Request increase
- Excellent Security Education Resources
- Targeted Malware for Industrial Espionage?
- .Net update affects printing from some applications
- Flashback Trojan Removal Tool Released
- DNSChanger resolver shutdown deadline is March 8th
- Analysis of the Stratfor Password List
- nmap 5.61TEST4 released
- What's up with fbi.gov DNS?
- Critical Control 17:Penetration Tests and Red Team Exercises
- MoonSols Dumpit released...for free!
- 30th Anniversary of the IBM PC - What was your first?
- Do you have a personal disaster recovery plan?
- VUPEN Security pwns Google Chrome
- Serious flaw in OpenID
- RSA/EMC: Anatomy of a compromise
- Firefox 4 Beta 12 released
- Obvious Lessons from the Skype outage
- SamuraiWTF Review over at ISSA Toolsmith
- Firefox 3.6.12 available - http://www.mozilla.com/en-US/firefox/personal.html
- Cyber Security Awareness Month - Day 27 - Social Media use in the office
- Cyber Security Awareness Month - Day 11 - Safe Browsing for Teens
- Patch Tuesday Pre-release -- 16 updates
- Cyber Security Awareness Month - Day 8 - Patch Management and System Updates
- Cyber Security Awareness Month - Day 5 - Sites you should stay away from
- Guest Diary: Andrew Hunt - Visualizing the Hosting Patterns of Modern Cybercriminals
- I'm fine, thanks!
- Microsoft Security Advisory for ASP.NET
- Failure of controls...Spanair crash caused by a Trojan
- Updated version of Mandiant's Web Historian
- UnRealCD compromised by Trojan
- New Honeynet Project Forensic Challenge
- SANS 2010 Digital Forensics Summit - APT Based Forensic Challenge
- 2010 Digital Forensics and Incident Response Summit
- IBM distributes malware at AusCERT!
- Upcoming MySQL patch fixes several critical vulnerabilites
- Symantec triggers on World of Warcraft update
- Learn about web app hacking and defense
- DNSSEC...not a bang but a whimper?
- Malicious iFrame on US Treasury and other sites?
- SIFT review in the ISSA Toolsmith
- Honeynet Project: 2010 Forensic Challenge #3
- New version of dnsmap
- Mandiant Mtrends Report
- Buffer overflow in Quicktime
- Microsoft responds to possible IIS 6 0-day
- What's up with port 12174? Possible Symantec server compromise?
- Cheat Sheet: Analyzing Malicious Documents
- Microsoft Security Advisory 977981 - IE 6 and IE 7
- Cyber Security Awareness Month - Day 31, ident
- Unusual traffic from Loopback to Unused ARIN address
- Mozilla disables Microsoft plug-ins?
- Cyber Security Awareness Month - Day 17 - Port 22/SSH
- Sysinternals Tools Updates
- Anybody recognize these packets?
- Interesting malware...affecting the Delphi Compiler?
- Updates to VMWare Products
- Time to update...New Thunderbird version!
- Microsoft Out of Band Patch
- VMWare Security Advisories
- Firefox 3.0.11 is available
- WHO Declares Flu A(H1N1) a Pandemic
- MIR-ROR Motile Incident Response - Respond Objectively Remediate
- SysInternals Survey
- New Version of Mandiant Highlighter
- JSRedir-R/Gumblar badness
- Cisco SAFE Security Reference Guide Updated
- More Swine/Mexican/H1N1 related domains
- Decrease in Conficker P2P?
- Significant increase in port 2967 traffic
- New Beta release of Nmap
- OSSEC Version 2 available!
- Mandiant Memoryze review, Hilighter, other Mandiant tools!
- Twam?? Twammers?
- Twitter/Facebook Phishing Attempt
- Gaza<->Israel Defacements/Hacks
- RAID != Backup
- Tools on my Christmas list.
- Day 31 - Legal Awareness
- Sprint-Cogent Peering Issue
- MS08-067 RPC Vulnerability FAQ
- Day 26 - Restoring Systems from Backup
- Updates to SysInternals tools!
- Day 18 - Containing Other Incidents
- Day 15 - Containing the Damage From a Lost or Stolen Laptop
- Handler Mailbag
- New (to me) nmap Features
