2021 – Untrusted Network

TriOp update - version 1.3

📅 Aug 12, 2021 · ☕ 1 min read

I’ve published version 1.3 of TriOp today. The only change in this version is the addition of vulnerabilities used in the ProxyShell attack (CVE-2021-31207, CVE-2021-34473 and CVE-2021-34523) to the relevant search list...

SANS ISC Diary - ProxyShell - how many Exchange servers are affected and where are they?

📅 Aug 9, 2021 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at the number of Exchange serveres vulnerable to the ProxyShell attack…

List of free online malware analysis sandboxes v1.7

📅 Aug 4, 2021 · ☕ 1 min read

Since the online malware sandbox landscape has changed somewhat over the last six months, I have updated my list of most useful sandboxes to reflect these changes. One improvement that deserves a special mention was a significant increase in number of supported operating systems by the Hatching Triage platform...

SANS ISC Diary - A sextortion e-mail from...IT support?!

📅 Jul 28, 2021 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at a slightly unusual sextortion phishing, in which its author claimed to work for an IT service company hired by recipients e-mail provider…

SANS ISC Diary - One way to fail at malspam - give recipients the wrong password for an encrypted attachment

📅 Jul 14, 2021 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at a malspam campaign, whose authors failed to include a correct password to decrypt the malicious attachment…

Open ports statistics for Q2 2021

📅 Jun 30, 2021 · ☕ 2 min read

The first half of 2020 is behind us, which means it's time for a look at how the internet as a whole changed during the past 3 months...

SANS ISC Diary - Phishing asking recipients not to report abuse

📅 Jun 22, 2021 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at a phishing message that ended with an unusual request…

SANS ISC Diary - Architecture, compilers and black magic, or 'what else affects the ability of AVs to detect malicious files'

📅 Jun 9, 2021 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at how the use of a compiler affects the ability of anti-malware tools to detect malicious code…

SANS ISC Diary - All your Base are...nearly equal when it comes to AV evasion, but 64-bit executables are not

📅 May 27, 2021 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at the difference (or lack thereof) different binary-to-text encodings make when it comes to anti-malware evasion…

SANS ISC Diary - Number of industrial control systems on the internet is lower then in 2020...but still far from zero

📅 May 12, 2021 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at the number of Industrial Control Systems accessible from the internet…