Already youre thinking, did I read that right? The answer is nope, you absolutely can capture by Windows Process, just not with Windump or Wireshark. A while back I wrote a short diary about using NETSH to capture packets ( https://isc.sans.edu/diary/19409 ), and this story builds on that one. A quick recap – to capture …
Read more “Packet Captures Filtered by Process, (Thu, Apr 13th)”
Introduction I ran across some interesting malicious spam (malspam) on Tuesday morning 2017-04-11. At first, I thought it had limited distribution. Later I found several other examples, and they were distributing yet another ransomware variant. I personally havent run across this paricular ransomware until now. The ransomware is very aware of its environment, and I …
Read more “Malspam on 2017-04-11 pushes yet another ransomware variant, (Wed, Apr 12th)”
Today on Tuesday 2017-04-11, Microsoft announced its monthly security release (also known as Patch Tuesday). Reviewing Microsofts Security Update Guide, it looks like theres 644 updates with 210 of them listed as Critical severity. Release notes are here. Details can be found here. The highest profile issue from this set of updates invovles CVE-2017-0199. This …
Read more “April 2017 Microsoft Patch Tuesday, (Tue, Apr 11th)”
Today on Tuesday 2017-04-11, Microsoft announced its monthly security release (also known as Patch Tuesday). Reviewing Microsofts Security Update Guide, it looks like theres 644 updates with 210 of them listed as Critical severity. Release notes are here. Details can be found here. Im currently working on the patch summary, which you can access here: …
Read more “April 2017 Microsoft Patch Tuesday, (Tue, Apr 11th)”
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Introduction Malicious spam (malspam) pushing the Dridex banking Trojan disappeared in mid-2016, but it reappeared in January 2017 starting with a small campaign targeting UK financial institutions [1]. Since then, weve seen a handful of reporting about Dridex, but I hadnt noticed the same large-scale distribution like we saw in 2015 and 2016. At least …
Read more “Dridex malspam seen on Monday 2017-04-10, (Tue, Apr 11th)”
When extracting hashes from an active directory database for password auditing purposes, it can also possible to extract hashes of a user font-size:11pt”>I work for a global Fortune 500 company where employees number in the several tens of thousands. Our password policy isnt monolithic, but at the core it varies some from the nebulous industry …
Read more “Password History: Insights Shared by a Reader, (Mon, Apr 10th)”
A was asked if I could share the files of my last diary entry: text-align:left”>You can find the files on my”>site here. And to teach you how to fish :-), here are the commands I used to produce these lists: margin-right:0px”>csv-cut.py -s t 1 emd.txt text-align:left”>My csv tools can be found on my text-align:left”>My assumption …
Read more “Domain Whitelisting With Alexa and Umbrella Lists – update, (Sun, Apr 9th)”
A was asked if I could share the files of my last diary entry: Domain Whitelisting With Alexa and Umbrella Lists. You can find the files on my site here. And to teach you how to fish :-), here are the commands I used to produce these lists: csv-cut.py -s t 1 emd.txt blacklist.txt csv-lookup.py …
Read more “Domain Whitelisting With Alexa and Umbrella Lists – update, (Sun, Apr 9th)”
I read an interesting blogpost: Domain Whitelist Benchmark: Alexa vs Umbrella The author reported that around 1400 domains on Malwarebytes hpHosts EMD blacklist were in the top 1,000,000 domains Alexa and Umbrella lists. I was interested to know how high these domains ranked, and fortunately they had shared the results. But I was not able …
Read more “Domain Whitelisting With Alexa and Umbrella Lists, (Sat, Apr 8th)”