If You Want Something Done Right, You Have To Do It Yourself... Malware Too!, (Wed, Jul 8th)

I’m teaching FOR610[1] this week and today is dedicated to malicious web and document files. That’s a good opportunity to share with you a Windows Script that uses a nice obfuscation technique. The attacker's idea is to use a big array containing the second stage payload and interesting strings:

15h

ISC Stormcast For Wednesday, July 8th 2020 https://isc.sans.edu/podcastdetail.html?id=7070, (Wed, Jul 8th)

18h

Happy Birthday DShield: DShield.org was registered 20 years ago., (Tue, Jul 7th)

And all DShield wants for its Birthday is your logs :). See here for details.

1d

F5 BigIP vulnerability exploitation followed by a backdoor implant attempt, (Tue, Jul 7th)

While monitoring SANS Storm Center's honeypots today, I came across the second F5 BIGIP CVE-2020-5902 vulnerability exploitation followed by a backdoor deployment attempt. The first one was seen by Johannes yesterday [1].

1d

ISC Stormcast For Tuesday, July 7th 2020 https://isc.sans.edu/podcastdetail.html?id=7068, (Tue, Jul 7th)

1d

Summary of CVE-2020-5902 F5 BIG-IP RCE Vulnerability Exploits, (Mon, Jul 6th)

Our honeypots have been busy collecting exploit attempts for CVE-2020-5902, the F5 Networks BigIP vulnerability patched last week. Most of the exploits can be considered recognizance. We only saw one working exploit installing a backdoor. Badpackets reported seeing a DDoS bot being installed. 

1d

CVE-2020-5902: F5 BIG-IP RCE Vulnerability, (Mon, Jul 6th)

A remote code execution vulnerability %%cve:2020-5902%% in F5's BIG-IP with CVSS score 10 is actively exploited.

2d

ISC Stormcast For Monday, July 6th 2020 https://isc.sans.edu/podcastdetail.html?id=7066, (Mon, Jul 6th)

2d

CVE-2020-5902 F5 BIG-IP Exploitation Attempt, (Sun, Jul 5th)

A quick heads-up: we are seeing scans for F5 BIG-IP's vulnerability %%cve:2020-5902%%.

3d

Wireshark 3.2.5 Released, (Sun, Jul 5th)

Wireshark version 3.2.5 was released.

3d