Decoding Cobalt Strike Traffic, (Sun, Apr 18th)

In diary entry "Example of Cleartext Cobalt Strike Traffic (Thanks Brad)" I share a capture file I found with unencrypted Cobalt Strike traffic. The traffic is unencrypted since the malicious actors used a trial version of Cobalt Strike.

14h

Querying Spamhaus for IP reputation, (Fri, Apr 16th)

Way back in 2018 I posted a diary describing how I have been using the Neutrino API to do IP reputation checks.  In the subsequent 2+ years that python script has evolved some which hopefully I can go over at some point in the future, but for now I would like to show you the most recent capability I added into that script.

1d

HTTPS Support for All Internal Services, (Fri, Apr 16th)

SSL/TLS has been on stage for a while with deprecated protocols[1], free certificates for everybody[2]. The landscape is changing to force more and more people to switch to encrypted communications and this is good! Like Johannes explained yesterday[3], Chrome 90 will now append "https://" by default in the navigation bar. Yesterday diary covered the...

2d

ISC Stormcast For Friday, April 16th, 2021 https://isc.sans.edu/podcastdetail.html?id=7460, (Fri, Apr 16th)

3d

Why and How You Should be Using an Internal Certificate Authority, (Thu, Apr 15th)

Yesterday, Google released Chrome 90, and with that "HTTPS" is becoming the default protocol if you enter just a hostname into the URL bar without specifying the protocol [1]. This is the latest indication that the EFF's "HTTPS Everywhere" initiative is succeeding [2][3]. Browsers are more and more likely to push users to encrypted content. While I...

3d

ISC Stormcast For Thursday, April 15th, 2021 https://isc.sans.edu/podcastdetail.html?id=7458, (Thu, Apr 15th)

3d

ISC Stormcast For Wednesday, April 14th, 2021 https://isc.sans.edu/podcastdetail.html?id=7456, (Wed, Apr 14th)

4d

April 2021 Forensic Quiz: Answers and Analysis, (Wed, Apr 14th)

Introduction

5d

Microsoft April 2021 Patch Tuesday, (Tue, Apr 13th)

This month's score includes 114 Vulnerabilities. There are 19 Criticals this month with 4 previously disclosed and 1 being exploited.

5d

NMAP Announces release of nPcap 1.30, Raw Wifi + Better Performance. https://seclists.org/nmap-announce/2021/1, (Tue, Apr 13th)

5d