Go Back > News > RSS Newsfeeds > Categories

User login

Frontpage Sponsor


For ERP LN feature pack upgrade, what method of install are you using?
Installation Wizard into existing VRC
Installation Wizard into new VRC
Manual into existing VRC
Manual into new VRC
Total votes: 31

Baanboard at LinkedIn

Reference Content


Base64 All The Things!, (Mon, Oct 9th)

SANS Internet Storm Center - October 9, 2017 - 10:59am
Here is an interesting maldoc sample captured with my spam trap. The attached file is "PO# 36-14673.DOC” and has a score of 6 on VT[1]. The file contains Open XML data[2] that refers to an invoice:
Categories: Security

A strange JPEG file, (Sun, Oct 8th)

SANS Internet Storm Center - October 9, 2017 - 12:03am
I had a JPEG file to analyze that would not render properly: image viewers would display an error, but no image.
Categories: Security

CIS Controls Implementation Guide for Small-and Medium-Sized Enterprises, (Sat, Oct 7th)

SANS Internet Storm Center - October 7, 2017 - 1:38pm
Recently the Center for Internet Security (CIS) released the CIS Controls Implementation Guide for Small-and Medium-Sized Enterprises (SMEs). The Implementation Guide is directly mapped to the CIS Critical Security Controls and is focused on actionable steps that can be taken right now to assess and improve the cyber security posture and preparedness, particularly in small and medium sized enterprises. Recently a webinar with some of the team members who helped develop the Implementation Guide was made recorded.  
Categories: Security

What's in a cable? The dangers of unauthorized cables, (Fri, Oct 6th)

SANS Internet Storm Center - October 6, 2017 - 4:04pm
As data speeds have increased over the last few years, and interface ports have become more and more multi-functioning and integrated, cables have started to pose a very particular and real danger. So far, they often have been ignored and considered "dumb wires". But far from that, many cables these days hold logic chips of their own and in some cases even upgradable (replaceable) firmware.
Categories: Security

pcap2curl: Turning a pcap file into a set of cURL commands for "replay" , (Thu, Oct 5th)

SANS Internet Storm Center - October 5, 2017 - 2:51pm
Many web browsers have the ability to quickly generate "curl" commands to replay a request. For example, in Google Chrome just open the "Network" pane in Developer Tools," right click on the URL (/baanboard/leftmost column) and select Copy->copy as cURL. This is a great feature when inspecting and reversing HTTP APIs. But recently I ran into an issue when inspecting traffic to a router. The browser would send a request a second, which made it hard to find the right request. To better understand what was going on, I recorded the traffic with tcpdump. But what I needed was a quick way to extract all the HTTP requests, and turn them into cURL commands for replay. The first part isn't all that hard. There are plenty of tools (tcpflow, tshark) to extract the data. The second part isn't difficult either. But the "glue" was missing.
Categories: Security

Security Awareness Month: How to Help Friends and Family, (Wed, Oct 4th)

SANS Internet Storm Center - October 4, 2017 - 9:03pm
For the last few years, October has been "Security Awareness Month", with various organizations using it to promote security awareness. We have done a few "themed" diaries around security awareness in past years, but for the most part, there isn't that much new to say for our core audience. Security awareness is however still a big issue for the rest of humanity, and if you are looking for advice to help friends and family become more security-aware, then the SANS Securing the Human project has a nice newsletter for you.
Categories: Security

Securing "Out of Band" Access, (Wed, Oct 4th)

SANS Internet Storm Center - October 4, 2017 - 8:58pm
How do you get to your critical systems if the network is down? There are a number of different technologies that are used in this case. Often, they involve some kind of terminal server that is connected to the system via a serial terminal (yes... there are still some of them around), or via an IP based KVM switch. The terminal server itself may be reachable via a backup network connection, or maybe someone even has a dial-in setup around for them. But no matter the exact technology you are using to implement this, a "backup connection", or "out of band connection" often bypasses a lot of security controls. This is done by design to ensure that the backup connection can be used even if these security devices do not respond. Often, these connections are also used to manage security devices.
Categories: Security

Investigating Security Incidents with Passive DNS, (Mon, Oct 2nd)

SANS Internet Storm Center - October 2, 2017 - 8:48am
Sometimes when you need to investigate a security incident or to check for suspicious activity, you become frustrated because the online resource that you’re trying to reach has already been cleaned. We cannot blame system administrators and webmasters who are just doing their job. If some servers or websites remains compromised for weeks, others are very quickly restored/patched/cleaned to get rid of the malicious content. It’s the same for domain names. Domains registered only for malicious purposes can be suspended to prevent further attacks. If the domain is not suspended, the offending DNS record is simply removed.
Categories: Security

Who's Borrowing your Resources?, (Sat, Sep 30th)

SANS Internet Storm Center - October 1, 2017 - 1:44pm
There is a buzz that started to stir in the past few days with the rise of cryptocurrency miner javascript code showing up on various websites. In particular, it seems to be Coinhive's miner javascript code.  I do want to note that Coinhive specifically states:
Categories: Security

Good Analysis = Understanding(tools + logs + normal), (Fri, Sep 29th)

SANS Internet Storm Center - September 29, 2017 - 8:40pm
We had a reader send an email in a couple of weeks ago asking about understanding the flags field when looking at data in a report.   He didn't understand what the "flags" were referring to or what the actual flags mean. "They don’t appear related to TCP header flags like I’ve normally seen...S is the most common but I occasionally see RSA, RUS and a few others."
Categories: Security

The easy way to analyze huge amounts of PCAP data, (Thu, Sep 28th)

SANS Internet Storm Center - September 28, 2017 - 8:04am
When you are investigating a security incident, there are chances that, at a certain point, you will have to dive into network traffic analysis. If you’re lucky, you’ll have access to a network capture. Approximatively one year ago, I wrote a quick diary[1] to explain how to implement a simple FPC or “Full Packet Capture” solution based on a Docker container. It’s nice to capture all the traffic in PCAP files but then? PCAP files are not convenient to process and they consume a lot of disk space (depending on the captured traffic of course).
Categories: Security

All times are GMT +2. The time now is 02:22.

©2001-2017 - -