Go Back > News > RSS Newsfeeds > Categories

User login

Frontpage Sponsor


For ERP LN feature pack upgrade, what method of install are you using?
Installation Wizard into existing VRC
Installation Wizard into new VRC
Manual into existing VRC
Manual into new VRC
Total votes: 38

Baanboard at LinkedIn

Reference Content


Another webshell, another backdoor!, (Thu, Sep 14th)

SANS Internet Storm Center - September 14, 2017 - 7:26am
I’m still busy to follow how webshells are evolving… I recently found another backdoor in another webshell called “”. The best place to find webshells remind[1]. When I’m testing a webshell, I copy it in a VM located on a "wild Internet" VLAN in my home lab with, amongst other controls, full packet capture enabled. This way, I can spot immediately is the VM is trying to “phone home” to some external hosts. This was the case this time!
Categories: Security

No IPv6? Challenge Accepted! (Part 1), (Wed, Sep 13th)

SANS Internet Storm Center - September 13, 2017 - 3:18pm
I recently had an internal penetration test with a client.  During the initial discussions, where the client set the scope and so on, I asked if they had any IPv6 in their environment (mainly because I'm hoping that someday, someone will say yes).  Their answer was an emphatic "no".  My answer to that was "Challenge Accepted?", and they ruled IPv6 in scope with a "knock yourself out, there's nothing there".
Categories: Security

Windows Auditing with WINspect, (Mon, Sep 11th)

SANS Internet Storm Center - September 11, 2017 - 2:04am
WINSpect recently hit my radar via Twitter, and the author, Amine Mehdaoui, just posted an update a couple of days ago, so no time like the present to give you a walk-through. WINSpect is a Powershell-based Windows Security Auditing Toolbox. According to Amine's GitHub README, WINSpect "is part of a larger project for auditing different areas of Windows environments. It focuses on enumerating different parts of a Windows machine aiming to identify security weaknesses and point to components that need further hardening. The main targets for the current version are domain-joined windows machines. However, some of the functions still apply for standalone workstations."
Categories: Security

Analyzing JPEG files, (Sun, Sep 10th)

SANS Internet Storm Center - September 10, 2017 - 7:10pm
In my PDF analysis I started last week, I have to analyze a JPEG file. I usually do this with a binary editor with templates (010 Editor), but this is not an open source solution.
Categories: Security

Malware analysis output sanitization, (Sat, Sep 9th)

SANS Internet Storm Center - September 9, 2017 - 8:50pm
An interesting conversation unfolded on my diary entry '"Malware analysis: searching for dots".
Categories: Security

YASRV (Yet Another Struts RCE Vulnerability) yes a different one from yesterday, (Fri, Sep 8th)

SANS Internet Storm Center - September 8, 2017 - 5:50pm
Yesterday saw CVE-2017-9805, today we have a new remote code execution vulnerability in Apache Struts 2 which is CVE-2017-12611. Yesterdays was in the REST API and related to Java XML unsafe deserializarion. Todays relates to using Freemarker in your application. Both should encourage you to patch.
Categories: Security

Equifax breach, (Fri, Sep 8th)

SANS Internet Storm Center - September 8, 2017 - 5:13pm
Equifax, one of the major credit bureaus in the USA has announced a breach that occurred in July. At 143 Million persons affected and considering the type of data this is significant. Canadians may have been affected as well. 
Categories: Security

Modern Web Application Penetration Testing , Hash Length Extension Attacks, (Wed, Sep 6th)

SANS Internet Storm Center - September 7, 2017 - 1:49am
I had the opportunity to sit with my friend Ron Bowes (@iagox86) awhile back to talk about SEC642 content and the state of web application penetration testing in general. He mentioned hash length extension attacks, and that he had coincidentally written the absolute best tool to exploit them! That's definitely something that we would consider adding. Ron has also done write-ups for capture the flag (CTF) challenges that can be solved using his tool hash_extender. 
Categories: Security

Struts vulnerability patch released by apache, patch now, (Tue, Sep 5th)

SANS Internet Storm Center - September 6, 2017 - 5:09pm
UPDATE2: a Metasploit module has been released. Some limited workarounds may be available. Otherwise patch now!
Categories: Security

The Mirai Botnet: A Look Back and Ahead At What's Next, (Tue, Sep 5th)

SANS Internet Storm Center - September 5, 2017 - 3:30pm
It is a bit hard to nail down when the Mirai botnet really started. I usually use scans for %%port:2323%% and the use of the password "xc3511" as an indicator. But of course, that isn't perfect. The very first scan using the password "xc3511" was detected by our sensor on February 26th, 2016, well ahead of Mirai. This scan hit a number of our sensors via ssh. At the time we did not collect telnet brute force attempts. Oddly enough, it was a singular scan from one IP address (%%ip: . Starting August 9th, 2016, we do see daily scans for the password xc3511 at a low level until they increase significantly around September 21st, which is probably the best date to identify as the outbreak of what we now call Mirai. I will use "Mirai" to identify the family of aggressive telnet scanning bots. It includes a wide range of varieties that all pretty much do the same thing: Scan for systems with telnet exposed (not just on port 23) and then trying to log in using a default password.
Categories: Security

All times are GMT +2. The time now is 17:31.

©2001-2017 - -