Go Back > News > RSS Newsfeeds > Categories

User login

Frontpage Sponsor


Google search

For ERP LN feature pack upgrade, what method of install are you using?
Installation Wizard into existing VRC
Installation Wizard into new VRC
Manual into existing VRC
Manual into new VRC
Total votes: 39

Baanboard at LinkedIn

Reference Content


Is this a pentest?, (Sun, Jan 28th)

SANS Internet Storm Center - January 28, 2018 - 10:25pm
Sometimes, when I'm analyzing malware, I think: this is probably part of a penetration test.
Categories: Security

Investigating Microsoft BITS Activity, (Fri, Jan 26th)

SANS Internet Storm Center - January 26, 2018 - 9:32am
Microsoft BITS (“Background Intelligent Transfer Service”) is a tool present[1] in all modern Microsoft Windows operating systems. As the name says, you can see it as a "curl" or "wget" tool for Windows. It helps to transfer files between a server and a client but it also has plenty of interesting features. Such a tool, being always available, is priceless for attackers. They started to use BITS to grab malicious contents from the Internet. In May 2016, I wrote a diary about a piece of malware that already used BITS[2]. But the tool has many more interesting features (for the good as well the bad guys) like executing a command once the download completed, it can also control the bandwidth used (to remain stealthy).
Categories: Security

Ransomware as a Service, (Thu, Jan 25th)

SANS Internet Storm Center - January 25, 2018 - 8:19am
Hunting on the dark web is interesting to find new malicious activities running in the background. Besides the classic sites where you can order drugs and all kind of counterfeited material, I discovered an interesting website which offers a service to create your own ransomware! The process is straightforward, you just have to:
Categories: Security

Apple Updates Everything, Again, (Tue, Jan 23rd)

SANS Internet Storm Center - January 24, 2018 - 3:42am
Apple Patch Summary
Categories: Security

Life after GDPR: Implications for Cybersecurity, (Tue, Jan 23rd)

SANS Internet Storm Center - January 23, 2018 - 10:16pm
It’s not much discussed in the United States, but the EU’s landmark General Data Privacy Regulation will soon become the law that governs how data must be protected, stored, and processed for European citizens. This, of course, has great effect for those organizations doing business in Europe but it has had and will have a myriad of side-effects that we’ll be dealing with for years to come. This is especially true for cybersecurity professionals and those who investigate crime on the internet.
Categories: Security

HTTPS on every port?, (Mon, Jan 22nd)

SANS Internet Storm Center - January 22, 2018 - 10:49pm
Take a look at this Wireshark capture:
Categories: Security

Retrieving malware over Tor, (Sun, Jan 21st)

SANS Internet Storm Center - January 22, 2018 - 12:09am
A couple of years ago, Lenny Zeltser wrote a diary entry on how to use curl to retrieve malware samples.
Categories: Security

An RTF phish, (Sat, Jan 20th)

SANS Internet Storm Center - January 20, 2018 - 11:36pm
I received another RTF file (with .doc extension) via email. Let's take a look with rtfdump:
Categories: Security

Followup to IPv6 brute force and IPv6 blocking, (Fri, Jan 19th)

SANS Internet Storm Center - January 19, 2018 - 9:52pm
My diary earlier this week led to some good discussion in the comments and on twitter. I want to, first off, apologize for not responding as much or as quickly as I would have liked, I've actually been ill most of this week since posting the previous diary (and signing up for this slot as handler on duty). Having said that, the discussion got me thinking about fail2ban (and denyhosts) and how I've used them over the years, which brings me to a number of points I'd like to make and some further discussion I hope we can have. As rightly pointed out, I am sure that the brute forcing I am seeing is not from any scanning but because I setup an IPv6 address in DNS for my wordpress site and the preference for IPv6 over IPv4 if both DNS returns both.. In fact, the attempts to login as 'jim' show that they have at least scraped some content off the site so they thought they could guess at a valid username (in fact, 'jim' is not a valid username on the site, but that is their problem, not mine).
Categories: Security

Comment your Packet Captures!, (Thu, Jan 18th)

SANS Internet Storm Center - January 18, 2018 - 1:28pm
When you are investigating a security incident, a key element is to take notes and to document as much as possible. There is no “best” way to take notes, some people use electronic solutions while others are using good old paper and pencil. Just keep in mind: it must be properly performed if your notes will be used as evidence later… With investigations, there are also chances to you will have to deal with packet captures. Many security tools can record samples of network traffic or you can maybe need a full-packet capture[1]. Some tools, like Moloch, allow you to “tag” some conversations. Later, you can search for them to find back interesting traffic:
Categories: Security

All times are GMT +2. The time now is 12:47.

©2001-2017 - -