Handler on Duty: Johannes Ullrich
Threat Level: green
Russ McRee Diaries
- Sandfly Security
- Exploratory Data Analysis with CISSM Cyber Attacks Database - Part 2
- Exploratory Data Analysis with CISSM Cyber Attacks Database - Part 1
- Prowler v3: AWS & Azure security assessments
- Chainsaw: Hunt, search, and extract event log records
- EPSScall: An Exploit Prediction Scoring System App
- Log4j 2 Security Vulnerabilities Update Guide
- LotL Classifier tests for shells, exfil, and miners
- Adversary Simulation with Sim
- Gordon for fast cyber reputation checks
- Sooty: SOC Analyst's All-in-One Tool
- To the Brim at the Gates of Mordor Pt. 1
- Happy FouRth of July from the Internet Storm Center
- ISC Snapshot: SpectX IP Hitcount Query
- Cloud Security Features Don't Replace the Need for Personnel Security Capabilities
- SpectX: Log Parser for DFIR
- Another Critical COVID-19 Shortage: Digital Security
- Chain Reactor: Simulate Adversary Behaviors on Linux
- DeepBlueCLI: Powershell Threat Hunting
- ISC Snapshot: Search with SauronEye
- visNetwork for Network Data
- KAPE: Kroll Artifact Parser and Extractor
- Commando VM: The Complete Mandiant Offensive VM
- ISC snapshot: r-cyber with rud.is
- Beagle: Graph transforms for DFIR data & logs
- Ad Blocking With Pi Hole
- CR19-010: The United States vs. Huawei
- gganimate: Animate YouR Security Analysis
- ViperMonkey: VBA maldoc deobfuscation
- Cisco Security Advisories 17 OCT 2018
- RedHunt Linux - Adversary Emulation, Threat Hunting & Intelligence
- Anomaly Detection & Threat Hunting with Anomalize
- Windows Commands Reference - An InfoSec Must Have
- Threat Hunting & Adversary Emulation: The HELK vs APTSimulator - Part 2
- Threat Hunting & Adversary Emulation: The HELK vs APTSimulator - Part 1
- GitHub InfoSec Threepeat: HELK, ptf, and VulnWhisperer
- Detection Lab: Visibility & Introspection for Defenders
- Security Planner: Improve your online safety
- Windows Auditing with WINspect
- Adversary hunting with SOF-ELK
- WannaCry? Do your own data analysis.
- Critical security update: PHPMailer 5.2.20 (CVE-2016-10045)
- Steganography in Action: Image Steganography & StegExpose
- Scapy vs. CozyDuke
- SEC505 DFIR capture script: snapshot.ps1
- Recommended Reading: Intrusion Detection Using Indicators of Compromise Based on Best Practices and Windows Event Logs
- Red Team Tools Updates: hashcat and SpiderFoot
- Resources: Windows Auditing & Monitoring, Linux 2FA
- toolsmith #112: Red vs Blue - PowerSploit vs PowerForensics
- Security Management vs Chaos: Understanding the Butterfly Effect to Manage Outcomes & Reduce Chaos
- AD Security's Unofficial Guide to Mimikatz & Command Reference
- Microsoft Security Bulletin MS15-093 - Critical OOB - Internet Explorer RCE
- Tool Tip: Kansa Stafford released, PowerShell for DFIR
- Tech tip follow-up: Using the data Invoked with R's system command
- froxlor Server Management Portal severe security issue
- Tech tip: Invoke a system command in R
- VolDiff, for memory image differential analysis
- Friday Digest - 27 MAR 2015
- Adobe updates Security Advisory for Adobe Flash Player, Infocon returns to green
- Lots of Black Friday SPAM & Phishing
- Syrian Electronic Army attack leads to malvertising
- Crypto 101 - free book resource
- Tool Tip: vFeed
- Digest: 23 OCT 2014
- telnetd rulez: Cisco Ironport WSA Telnetd Remote Code Execution Vulnerability
- Xen Security Advisory - XSA 108 - http://xenbits.xen.org/xsa/advisory-108.html
- Security Onion news: Updated ShellShock detection scripts for Bro
- DerbyCon highlights
- Threats & Indicators: A Security Intelligence Lifecycle
- Keeping the RATs out: the trap is sprung - Part 3
- Gameover Zeus reported as "returned from the dead"
- Keeping the RATs out: **it happens - Part 2
- Keeping the RATs out: an exercise in building IOCs - Part 1
- Microsoft Interflow announced today at 26th FIRST conference
- OfficeMalScanner helps identify the source of a compromise
- sed and awk will always rock
- Punking Pet Peeves with PowerShell
- UltraDNS DDOS
- Ubuntu 14.04 lockscreen bypass
- Ongoing NTP Amplification Attacks
- Explicit Trusted Proxy in HTTP/2.0 or...not so much
- Threat modeling in the name of security
- Massive RFI scans likely a free web app vuln scanner rather than bots
- Happy New Year from the Syrian Electronic Army - Skype’s Social Media Accounts Hacked
- Six degrees of celebration: Juniper, ANT, Shodan, Maltego, Cisco, and Tails
- OpenSSL suffers apparent defacement
- Weekend Reading List 27 DEC
- A review of Tubes, A Journey to the Center of the Internet
- Secunia's PSI Country Report - Q3 2013
- Happy Halloween: The Ghost Really May Be In The Machine
- SIR v15: Five good reasons to leave Windows XP behind
- Threat Level Yellow: Protection recommendations regarding Internet Explorer exploits in the wild
- Suspect Sendori software
- PHP and VMWare Updates
- Read of the Week: A Fuzzy Future in Malware Research
- Celebrating 4th of July With a Malware PCAP Visualization
- Volatility rules...any questions?
- EMET 4.0 is now available for download
- Apache binary backdoor adds malicious redirect to Blackhole
- SANS's Alan Paller discusses the threat of cyberterrorism on CNN
- What is "up to date anti-virus software"?
- Microsoft's Security Intelligence Report (SIRv14) released
- Java 8 release schedule delayed for renewed focus on security
- OpenSSL Security Advisory including Lucky Thirteen: Breaking the TLS and DTLS Record Protocols
- An expose of a recent SANS GIAC XSS vulnerability
- Sourcefire VRT rules update addresses remote stack buffer overflow in rule 3:20275
- Interesting reads for Friday 18 JAN 2013
- PHP 5.4.11 and PHP 5.3.21 released
- Cisco introducing Cisco Security Notices 16 JAN 2013
- EMET 3.5: The Value of Looking Through an Attacker's Eyes
- Cyber Security Awareness Month - Day 26 - Attackers use trusted domain to propagate Citadel Zeus variant
- Cyber Security Awareness Month - Day 24 - A Standard for Information Security Incident Management - ISO 27035
- Cyber Security Awareness Month - Day 2 - PCI Security Standard: Mobile Payment Acceptance Security Guidelines
- Financial sector advisory: attacks and threats against financial institutions
- Apple and Cisco Security Advisories 19 SEP 2012
- Script kiddie scavenging with Shellbot.S
- Blackhole targeting Java vulnerability via fake Microsoft Services Agreement email phish
- Not so fast: Java 7 Update 7 critical vulnerability discovered in less than 24 hours
- Yahoo service SQL injection vuln leads to account exposure
- 2 for 1: SANSFIRE & MSRA presentations
- VMWare Security Advisory 12 JUL 2012
- Analysis of drive-by attack sample set
- Cisco Security Advisories 20 JUN 2012
- OpenSSL reissues fix for ASN1 BIO vulnerability
- Emergency Operations Centers & Security Incident Management: A Correlation
- Continued interest in Nikjju mass SQL injection campaign
- Comments open for NIST-proposed updates to Digital Signature Standard
- MS12-020 RDP vulnerabilities: Patch, Mitigate, Detect
- Cisco Security Advisories - 29FEB2011
- QOTD from securityburnout.org
- Apple and Apache security fixes and releases
- Firefox 10 and VMWare advisories and updates
- OSINT tactics: parsing from FOCA for Maltego
- OpenSSL vulnerability fixes
- A Siemens SIMATIC conundrum: authentication bypass bungling
- RIM's BlackBerry Mobile Fusion
- Gama-rue, Where Are You!
- Quick Tip: Pastebin Monitoring & Recon
- Operation Ghost Click: FBI bags crime ring responsible for $14 million in losses
- Wireshark updates: 1.6.3 and 1.4.10 released
- Secure languages & frameworks
- Honeynet Project: Android Reverse Engineering (A.R.E.) Virtual Machine released
- Critical Control 19: Data Recovery Capability