Go Back > News > RSS Newsfeeds > Categories

User login

Frontpage Sponsor


What version of Baan have you installed
Baan IV
10.2 (incl. 10.2.1)
Total votes: 13

Baanboard at LinkedIn

Reference Content


What is My IP Again?, (Thu, Nov 9th)

SANS Internet Storm Center - November 9, 2017 - 3:44pm
Until we all fully embrace IPv6, we're living in a NAT world.  And the folks who build security for that world often need to work around NAT that they didn't build.
Categories: Security

SSH Server "Time to Live"? Less than a cup of coffee!, (Wed, Nov 8th)

SANS Internet Storm Center - November 8, 2017 - 3:32pm
After the stories I posted last week on SSH, I had some folks ask me about putting an SSH server on the public internet - apparently lots of lots of folks still think that's a safe thing to do.
Categories: Security

Interesting VBA Dropper, (Tue, Nov 7th)

SANS Internet Storm Center - November 7, 2017 - 8:36am
Here is another sample that I found in my spam trap. The technique to infect the victim's computer is interesting. I captured a mail with a malicious RTF document (SHA256: c247929d3f5c82247db9102d2dec28c27f73dc0824f8b386f92aad1a22fd8edd)[1] that exploits the OLE2Link vulnerability (CVE-2017-0199[2]). Once opened, the document fetches the following URL:
Categories: Security

Metasploit's Maldoc, (Mon, Nov 6th)

SANS Internet Storm Center - November 6, 2017 - 11:42pm
I often write posts and make videos on malicious document analysis, that I post here and on my blog.
Categories: Security

Extracting the text from PDF documents, (Sun, Nov 5th)

SANS Internet Storm Center - November 5, 2017 - 6:20pm
In my previous diary entry, we looked at a phishing PDF and extracted the URLs.
Categories: Security

PDF documents & URLs, (Sat, Nov 4th)

SANS Internet Storm Center - November 4, 2017 - 11:32pm
These days, when I receive a suspect PDF document, it's rare that it contains malicious code, but it will rather be a phishing or other social engineering attack. Such PDFs often contain URLs that can be clicked.
Categories: Security

Simple Analysis of an Obfuscated JAR File, (Fri, Nov 3rd)

SANS Internet Storm Center - November 3, 2017 - 9:46am
Yesterday, I found in my spam trap a file named '0.19238000’ (SHA256: 7bddf3bf47293b4ad8ae64b8b770e0805402b487a4d025e31ef586e9a52add91). The ZIP archive contained a Java archive named '0.19238000 1509447305.jar’ (SHA256: b161c7c4b1e6750fce4ed381c0a6a2595a4d20c3b1bdb756a78b78ead0a92ce4). The file had a score of 0/61 in VT[1] and looks to be a nice candidate for a quick analysis.
Categories: Security

Attacking SSH Over the Wire - Go Red Team!, (Thu, Nov 2nd)

SANS Internet Storm Center - November 2, 2017 - 9:38pm
So, now that we've talked about securing SSH and auditing SSH over the last few days, how about attacking SSH?
Categories: Security

Securing SSH Services - Go Blue Team!!, (Wed, Nov 1st)

SANS Internet Storm Center - November 2, 2017 - 9:29pm
As the world of the attacker evolves and new attacks are developed (Red Team), people in the world of defense sees a matching evolution in recommendations for securing various platforms and services (Blue Team).  It struck me as odd that we don’t see a lot of “high profile” changes in advice for SSH, so I did some digging.
Categories: Security

Auditing SSH Settings (some Blue Team, some Red Team), (Thu, Nov 2nd)

SANS Internet Storm Center - November 2, 2017 - 4:08pm
Yesterday we discussed revisiting SSH configurations and updating settings.  Now that this is done across your organization (just kidding), how will you audit this.  In particular, what about hosts that you don’t know are there, or that you don’t know are running SSH?
Categories: Security

Some Powershell Malicious Code, (Tue, Oct 31st)

SANS Internet Storm Center - October 31, 2017 - 8:27am
Powershell is a great language that can interact at a low-level with Microsoft Windows. While hunting, I found a nice piece of Powershell code. After some deeper checks, it appeared that the code was not brand new but it remains interesting to learn how a malware infects (or not) a computer and tries to collect interesting data from the victim.
Categories: Security

All times are GMT +2. The time now is 15:10.

©2001-2017 - -