The Evil MSI Background is Back!, (Fri, Jun 5th) A few months ago, I wrote a diary about a payload that was embedded into a JPEG picture. It was a M... 2026-6-5 06:47:26 | 阅读: 9 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu payload powershell buckets developers diary

ISC Stormcast For Friday, June 5th, 2026 https://isc.sans.edu/podcastdetail/9960, (Fri, Jun 5th) 2026-6-5 02:0:2 | 阅读: 9 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu teaching isc 2026 papers feeds

Microsoft's Coreutils for Windows, (Thu, Jun 4th) I've been using the GnuWin32 CoreUtils for Windows for many years now (it gives you many *nix core... 2026-6-4 06:10:44 | 阅读: 16 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu coreutils windows winget microsoft ptx

ISC Stormcast For Thursday, June 4th, 2026 https://isc.sans.edu/podcastdetail/9958, (Thu, Jun 4th) 2026-6-4 02:0:3 | 阅读: 21 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu johannes 2026 papers feeds teaching

Continuing Scans for swagger.json, (Wed, Jun 3rd) Enterprise applications often still use complex standards like SOAP for web services. The big advan... 2026-6-3 13:40:0 | 阅读: 10 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu swagger 2026 attackers developers apidocs

ISC Stormcast For Wednesday, June 3rd, 2026 https://isc.sans.edu/podcastdetail/9956, (Wed, Jun 3rd) 2026-6-3 02:0:2 | 阅读: 15 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu johannes papers isc teaching feeds

New Wave Of Phishing Emails with SVG Files, (Tue, Jun 2nd) For a few days, my SANS ISC mailbox is flooded with emails that delivers SVG files. An SVG ("Scalab... 2026-6-2 07:29:25 | 阅读: 21 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu cx phishing isc payload ecmascript

ISC Stormcast For Tuesday, June 2nd, 2026 https://isc.sans.edu/podcastdetail/9954, (Tue, Jun 2nd) 2026-6-2 02:0:2 | 阅读: 24 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu teaching isc johannes 2026

ISC Stormcast For Monday, June 1st, 2026 https://isc.sans.edu/podcastdetail/9952, (Mon, Jun 1st) 2026-6-1 02:0:2 | 阅读: 24 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu teaching isc johannes brad diary

Unidentified RAT pushes NetSupport RAT, (Mon, Jun 1st) IntroductionThis diary provides indicators from an unidentified RAT infection on Wednesday 2026-0... 2026-6-1 00:2:30 | 阅读: 29 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu netsupport c2 hxxps smartapesg

YARA-X 1.17.0 Release, (Sun, May 31st) 2026-5-31 16:1:29 | 阅读: 12 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu didier stevens 2026 teaching

ISC Stormcast For Friday, May 29th, 2026 https://isc.sans.edu/podcastdetail/9950, (Fri, May 29th) 2026-5-29 02:0:2 | 阅读: 25 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu johannes isc teaching duty 2026

Analysis of a Year of Files Uploaded to DShield Sensors, (Wed, May 27th) Using the data collected over the past year and using Kibana these two ES|QL query to summarize the... 2026-5-28 19:41:55 | 阅读: 23 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu sensor indicator dshield cowrie sensors

ISC Stormcast For Thursday, May 28th, 2026 https://isc.sans.edu/podcastdetail/9948, (Thu, May 28th) 2026-5-28 02:0:2 | 阅读: 27 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu johannes 2026 isc feeds papers

Reconstructing an Akira Ransomware Kill Chain from Perimeter and Endpoint Logs, (Wed, May 27th) Most Akira write-ups focus on the ransom note or the encryption routine. By the time those show up... 2026-5-27 21:14:3 | 阅读: 19 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu eid 4688 windows sslvpn perimeter

ISC Stormcast For Wednesday, May 27th, 2026 https://isc.sans.edu/podcastdetail/9946, (Wed, May 27th) 2026-5-27 02:0:3 | 阅读: 22 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu isc teaching johannes diary stormcast

ISC Stormcast For Tuesday, May 26th, 2026 https://isc.sans.edu/podcastdetail/9944, (Tue, May 26th) 2026-5-26 02:0:2 | 阅读: 28 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu isc teaching johannes 26th diary

Possible ACR Stealer From Page Impersonating Claude, (Tue, May 26th) IntroductionIn recent weeks, I've searched for pages impersonating Claude that distribute malware... 2026-5-26 00:1:48 | 阅读: 33 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu download hxxps windows claude

Microsoft Access VBA, (Mon, May 25th) Microsoft Access files (Microsoft Office's Database) can contain VBA code.But they are not ole or... 2026-5-25 14:14:58 | 阅读: 29 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu ole microsoft diary ooxml database

TeamPCP Supply Chain Campaign: Activity Through 2026-05-24, (Mon, May 25th) TeamPCP now operates across three package ecosystems in parallel, it reached GitHub's own internal... 2026-5-25 13:26:6 | 阅读: 29 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu github 2026 microsoft publisher malicious