@isc.sans.edu@rss-parrot.net
I'm an automated parrot! I relay a website's RSS feed to the Fediverse. Every time a new post appears in the feed, I toot about it. Follow me to get all new posts in your Mastodon timeline! Brought to you by the RSS Parrot.
---
SANS Internet Storm Center - Cooperative Cyber Security Monitor
Site URL: isc.sans.edu
Feed URL: isc.sans.edu/rssfeed.xml
Posts: 11
Followers: 3
Static Analysis of GUID Encoded Shellcode, (Mon, Mar 17th)
https://isc.sans.edu/diary/rss/31774
Published: March 17, 2025 07:28
I wanted to figure out how to statically decode the GUID encoded shellcode Xavier wrote about in his diary entry "Shellcode Encoded in UUIDs".
ISC Stormcast For Monday, March 17th, 2025 https://isc.sans.edu/podcastdetail/9366, (Mon, Mar 17th)
https://isc.sans.edu/diary/rss/31772
Published: March 17, 2025 01:35
Mirai Bot now incroporating (malformed?) DrayTek Vigor Router Exploits, (Sun, Mar 16th)
https://isc.sans.edu/diary/rss/31770
Published: March 16, 2025 20:38
Last October, Forescout published a report disclosing several vulnerabilities in DrayTek routers. According to Forescount, about 700,000 devices were exposed to these vulnerabilities [1]. At the time, DrayTek released firmware updates for affected routers…
ISC Stormcast For Friday, March 14th, 2025 https://isc.sans.edu/podcastdetail/9364, (Fri, Mar 14th)
https://isc.sans.edu/diary/rss/31768
Published: March 14, 2025 02:00
ISC Stormcast For Thursday, March 13th, 2025 https://isc.sans.edu/podcastdetail/9362, (Thu, Mar 13th)
https://isc.sans.edu/diary/rss/31766
Published: March 13, 2025 02:00
File Hashes Analysis with Power BI from Data Stored in DShield SIEM, (Wed, Mar 12th)
https://isc.sans.edu/diary/rss/31764
Published: March 13, 2025 00:41
I previously used Power BI [2] to analyze DShield sensor data and this time I wanted to show how it could be used by selecting certain type of data as a large dataset and export it for analysis. This time, I ran a query in Elastic Discover and exported…
Scans for VMWare Hybrid Cloud Extension (HCX) API (Brutefording Credentials?), (Wed, Mar 12th)
https://isc.sans.edu/diary/rss/31762
Published: March 12, 2025 13:59
Today, I noticed increased scans for the VMWare Hyprid Cloud Extension (HCX) "sessions" endpoint. These endpoints are sometimes associated with exploit attempts for various VMWare vulnerabilities to determine if the system is running the extensions or to…
ISC Stormcast For Wednesday, March 12th, 2025 https://isc.sans.edu/podcastdetail/9360, (Wed, Mar 12th)
https://isc.sans.edu/diary/rss/31760
Published: March 12, 2025 02:00
Microsoft Patch Tuesday: March 2025, (Tue, Mar 11th)
https://isc.sans.edu/diary/rss/31756
Published: March 11, 2025 17:52
The March patch Tuesday looks like a fairly light affair, with only 51 vulnerabilities total and only six rated as critical. However, this patch Tuesday also includes six patches for already exploited, aka "0-Day" vulnerabilities. None of the already…
ISC Stormcast For Tuesday, March 11th, 2025 https://isc.sans.edu/podcastdetail/9358, (Tue, Mar 11th)
https://isc.sans.edu/diary/rss/31754
Published: March 11, 2025 02:00
Shellcode Encoded in UUIDs, (Mon, Mar 10th)
https://isc.sans.edu/diary/rss/31752
Published: March 10, 2025 08:23
I returned from another FOR610[1] class last week in London. One key tip I give to my students is to keep an eye on "strange" API calls. In the Windows ecosystem, Microsoft offers tons of API calls to developers. The fact that an API is used in a program…