SANS Internet Storm Center, InfoCON: green - RSS Feed

Latest articles

Decrypting Cobalt Strike Traffic With a "Leaked" Private Key, (Mon, Oct 25th)

Cobalt Strike C2 traffic is encrypted with AES. The AES key is randomly generated by the beacon, and communicated to the team server via RSA encrypted metadata. The beacon contains the public RSA key, and the team server the private RSA key.

ISC Stormcast For Monday, October 25th, 2021 https://isc.sans.edu/podcastdetail.html?id=7726, (Mon, Oct 25th)

Phishing ZIP With Malformed Filename, (Sun, Oct 24th)

The output of my zipdump.py tool analyzing diary entry "Reader Malware: ZIP/HTML Phish" ZIP file is a bit strange:

Reader Malware: ZIP/HTML Phish, (Sat, Oct 23rd)

Reader Henry submitted a malicious email attachment: a ZIP file.

YARA Release v4.1.3, (Sat, Oct 23rd)

This new release of YARA is just a bug fix release.

October 2021 Contest: Forensic Challenge, (Fri, Oct 22nd)

Introduction

ISC Stormcast For Friday, October 22nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7724, (Fri, Oct 22nd)

ISC Stormcast For Thursday, October 21st, 2021 https://isc.sans.edu/podcastdetail.html?id=7722, (Thu, Oct 21st)

"Stolen Images Evidence" campaign pushes Sliver-based malware, (Thu, Oct 21st)

Introduction

Thanks to COVID-19, New Types of Documents are Lost in The Wild, (Wed, Oct 20th)

In many countries, citizens are vaccinated and authorities are now implementing new rules when you need to attend some events or travels. For example, in Brussel (BE), you must prove that you're completely vaccinated by showing your "COVID Safe Ticket" to go to a restaurant or a bar. The document name changes across countries but it's basically the...

Discover, share and read the best on the web

Follow RSS Feeds, Blogs, Podcasts, Twitter searches, Facebook pages, even Email Newsletters! Get unfiltered news feeds or filter them to your liking.

Get Inoreader
Inoreader - Follow RSS Feeds, Blogs, Podcasts, Twitter searches, Facebook pages, even Email Newsletters!