SANS Internet Storm Center, InfoCON: green

Latest articles

Decrypting PowerShell Payloads (video), (Mon, Nov 30th)

PowerShell scripts are often used to deliver malicious payloads: shellcode, another PowerShell script, reflective DLL, …

ISC Stormcast For Monday, November 30th 2020 https://isc.sans.edu/podcastdetail.html?id=7270, (Mon, Nov 30th)

Quick Tip: Using JARM With a SOCKS Proxy, (Sun, Nov 29th)

Rik talked about JARM yesterday "Threat Hunting with JARM".

Threat Hunting with JARM, (Fri, Nov 27th)

Recently I have been testing a new tool created by the people at Salesforce.  The tool is called JARM and what it does is query TLS instances (HTTPS servers and services) to create a fingerprint of their TLS configuration.  Much like analyzing the nuances of network traffic can be used to fingerprint the operating system and version of a server, JARM...

Live Patching Windows API Calls Using PowerShell, (Wed, Nov 25th)

It's amazing how attackers can be imaginative when it comes to protecting themselves and preventing security controls to do their job. Here is an example of a malicious PowerShell script that patches live a DLL function to change the way it works (read: "to make it NOT work"). This is not a new technique but it has been a while that I did not find it...

ISC Stormcast For Wednesday, November 25th 2020 https://isc.sans.edu/podcastdetail.html?id=7268, (Wed, Nov 25th)

The special case of TCP RST, (Tue, Nov 24th)

In TCP, packets with the "Reset" (RST or R) flag are sent to abort a connection. Probably the most common reason you are seeing this is that an SYN packet is sent to a closed port.

ISC Stormcast For Tuesday, November 24th 2020 https://isc.sans.edu/podcastdetail.html?id=7266, (Tue, Nov 24th)

Quick Tip: Cobalt Strike Beacon Analysis, (Mon, Nov 23rd)

Several of our handlers, like Brad and Renato, have written diary entries about malware infections that involved the red team framework Cobalt Strike.

ISC Stormcast For Monday, November 23rd 2020 https://isc.sans.edu/podcastdetail.html?id=7264, (Mon, Nov 23rd)

Discover, share and read the best on the web

Subscribe to RSS Feeds, Blogs, Podcasts, Twitter searches, Facebook pages, even Email Newsletters! Get unfiltered news feeds or filter them to your liking.

Get Inoreader
Inoreader - Subscribe to RSS Feeds, Blogs, Podcasts, Twitter searches, Facebook pages, even Email Newsletters!