ISC Stormcast For Monday, June 9th, 2025 https://isc.sans.edu/podcastdetail/9484, (Mon, Jun 9th) read file error: read notes: is a directory... 2025-6-9 02:0:3 | 阅读: 13 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu 19th 14th papers jul

Extracting With pngdump.py, (Sun, Jun 8th) 作者更新了pngdump.py程序以提取PNG文件中的数据块和额外信息，并分析了一个被木马化的PNG文件，发现其中包含隐藏的有效负载。... 2025-6-8 05:16:10 | 阅读: 12 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu xavier pngdump analysis diary

Wireshark 4.4.7 Released, (Sun, Jun 8th) Wireshark 4.4.7版本修复了1个漏洞（CVE-2025-5601）和8个错误。... 2025-6-8 05:15:25 | 阅读: 26 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu didier stevens 5601 senior

ISC Stormcast For Friday, June 6th, 2025 https://isc.sans.edu/podcastdetail/9482, (Fri, Jun 6th) read file error: read notes: is a directory... 2025-6-6 02:0:2 | 阅读: 14 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu feeds isc 19th jul

Upcoming DShield Honeypot Changes and Customizations, (Fri, Jun 6th) DShield蜜罐更新包括配置文件位置调整、新增网络蜜罐功能及本地日志记录选项。用户可通过修改配置文件启用本地日志，并使用自动化脚本简化设置。这些变化提升了数据收集和分析的灵活性。... 2025-6-6 00:35:23 | 阅读: 15 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu dshield srv honeypot webhoneypot filebeat

Be Careful With Fake Zoom Client Downloads, (Thu, Jun 5th) 文章描述了一起伪装成Zoom会议邀请的钓鱼攻击事件，恶意软件通过诱导用户下载并安装ScreenConnect远程访问工具，使攻击者能够远程控制受害者电脑。... 2025-6-5 06:36:36 | 阅读: 16 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu clientsetup 8041 client

ISC Stormcast For Thursday, June 5th, 2025 https://isc.sans.edu/podcastdetail/9480, (Thu, Jun 5th) read file error: read notes: is a directory... 2025-6-5 02:0:2 | 阅读: 14 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu security 14th 19th papers

Phishing e-mail that hides malicious link from Outlook users, (Wed, Jun 4th) read file error: read notes: is a directory... 2025-6-4 09:23:19 | 阅读: 21 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu phishing malicious mso benign pointed

ISC Stormcast For Wednesday, June 4th, 2025 https://isc.sans.edu/podcastdetail/9478, (Wed, Jun 4th) read file error: read notes: is a directory... 2025-6-4 02:0:2 | 阅读: 14 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu feeds 19th jul papers

vBulletin Exploits (CVE-2025-48827, CVE-2025-48828), (Tue, Jun 3rd) Ryan Dewhurst披露了vBulletin的一个高危漏洞，该漏洞源于PHP 8.1对Reflection机制的更改，允许调用私有方法。尽管补丁早在2024年4月发布，但未提供详细信息。近期已有攻击尝试出现。... 2025-6-3 14:53:54 | 阅读: 53 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu vbulletin php security

ISC Stormcast For Tuesday, June 3rd, 2025 https://isc.sans.edu/podcastdetail/9476, (Tue, Jun 3rd) read file error: read notes: is a directory... 2025-6-3 02:0:3 | 阅读: 14 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu papers isc 14th security feeds

ISC Stormcast For Monday, June 2nd, 2025 https://isc.sans.edu/podcastdetail/9474, (Mon, Jun 2nd) 这是一个网络安全部门的页面，包含登录选项、课程信息、播客链接以及安全工具和资源的导航栏。页面显示当前值班人员为Xavier Mertens，威胁级别为绿色，并提供多种安全相关的服务和信息。... 2025-6-2 09:53:8 | 阅读: 20 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu security 14th papers 19th

Simple SSH Backdoor, (Mon, Jun 2nd) read file error: read notes: is a directory... 2025-6-2 05:20:14 | 阅读: 29 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu ssh windows openssh scp

YARA 4.5.3 Release, (Sun, Jun 1st) read file error: read notes: is a directory... 2025-6-1 08:1:39 | 阅读: 23 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu didier stevens bugfixes remind powering

A PNG Image With an Embedded Gift, (Sat, May 31st) read file error: read notes: is a directory... 2025-5-31 05:34:31 | 阅读: 16 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu iend xhttp objshell user32 python

ISC Stormcast For Friday, May 30th, 2025 https://isc.sans.edu/podcastdetail/9472, (Fri, May 30th) ISC Stormcast 播客于2025年5月30日发布，值班人员为Jesse La Grew，当前威胁级别为绿色。... 2025-5-30 02:0:2 | 阅读: 15 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu jul feeds 14th papers

Usage of "passwd" Command in DShield Honeypots, (Fri, May 30th) read file error: read notes: is a directory... 2025-5-30 00:33:50 | 阅读: 23 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu passwd sshd username ssh uname

ISC Stormcast For Thursday, May 29th, 2025 https://isc.sans.edu/podcastdetail/9470, (Thu, May 29th) read file error: read notes: is a directory... 2025-5-29 02:0:2 | 阅读: 13 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu papers jul feeds 19th security

Alternate Data Streams ? Adversary Defense Evasion and Detection [Guest Diary], (Wed, May 28th) 本文探讨了Windows NTFS文件系统中的替代数据流（ADS），解释其隐藏恶意数据的能力及其在网络安全中的威胁。文章介绍了如何利用ADS隐藏恶意软件，并举例说明BitPaymer勒索软件如何利用ADS来规避检测。此外，还讨论了检测和防范ADS的方法，包括使用工具如Streams.exe和自动化脚本监控文件系统。... 2025-5-29 00:2:44 | 阅读: 18 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu alternate windows microsoft malicious bitpaymer

[Guest Diary] Exploring a Use Case of Artificial Intelligence Assistance with Understanding an Attack, (Wed, May 28th) Jennifer Wilson作为ISC实习生，在实习中使用Raspberry Pi设置并维护了一个DShield蜜罐实例。她记录了一次来自IP地址63[.]212[.]157[.]187的攻击，并通过分析攻击者运行的命令（如查看系统信息、搜索加密货币挖矿进程、访问特定文件路径）发现该攻击可能涉及credential harvesting或SMS hijacking活动。她利用ChatGPT对其中的关键字符串“D877F783D5D3EF8Cs”进行了分析，并验证了其与Telegram相关联的可能性。... 2025-5-28 13:48:55 | 阅读: 20 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu chatgpt attacker tdata honeypot