Vulnerability
Actively exploited open redirect in Google Web Light
· ☕ 9 min read
An open redirect vulnerability exists in the remains of Google Web Light service, which is being actively exploited in multiple phishing campaigns. Google decided not to fix it, so it might be advisable to block access to the Web Light domain in corporate environments...

TriOp update - version 1.5
· ☕ 1 min read
I’ve published version 1.5 of TriOp today. Besides the addition of several CVEs into the internal list of vulnerabilities, a new feature was also introduced, which enables automatic generation of Shodan queries for the current list of vulnerabilities from the CISA Known Exploited Vulnerabilities (KEV) Catalog...

Presentations from 67th TF-CSIRT meeting - Threat modeling with ATT&CK and How quickly do we patch?
· ☕ 1 min read
67th meeting of the TF-CSIRT community took place this week and I've had a chance to contribute to it with two presentations - one discussing the speed with which we apply patches (from a global standpoint), and another one, in which we looked at a basic approach to threat modeling using MITRE ATT&CK. If you would like to take a look at the slides, they are now available for download...

SANS ISC Diary - EternalBlue 5 years after WannaCry and NotPetya
· ☕ 1 min read
A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at the number of internet-exposed systems that are still vulnerable to the EternalBlue exploit…

Log4shell Lightning talk - 2022 TF-CSIRT Meeting & FIRST Regional Symposium Europe
· ☕ 1 min read
Few weeks ago, I attended the 2022 TF-CSIRT Meeting & FIRST Regional Symposium Europe and gave a lighting talk there discussing couple of interesting trends seen in Log4shell exploitation attempts and the possibility to create a simple generic defense agains similar attacks in the future. Recordings of all the talks are now available on YouTube...

TriOp update - version 1.1
· ☕ 2 min read
I’ve published version 1.1 of TriOp today. I’ve added CVEs for the recent Exchange vulnerabilities to the vulnerability search list, since Shodan is now capable of detecting systems affected by them. In response to a request from the CSIRT community, I’ve also added the option for use of arbitrary filter along with a list of parameters...