Jim Clausing Diaries

Back to Handlers

• Security related Docker containers
• Tool update: mac-robber.py and le-hex-to-ip.py
• New tool: linux-pkgs.sh
• Tool updates: le-hex-to-ip.py and sigs.py
• Wireshark updates
• Wireshark releases 2 updates in one day. Mac users especially will want the latest.
• New tool: le-hex-to-ip.py
• Check out a couple of my older posts
• Wireshark 4.0.2 and 3.6.10 released
• Is this traffic bAD?
• Update: mac-robber.py
• Strange goings on with port 37
• Wireshark 3.4.6 (and 3.2.14) released
• So where did those Satori attacks come from?
• More weirdness on TCP port 26
• Analysis Dridex Dropper, IoC extraction (guest diary)
• Setting up the Dshield honeypot and tcp-honeypot.py
• Stackstrings, type 2
• Seriously, SHA3 where art thou?
• Attack traffic on TCP port 9673
• Next up, what's up with TCP port 26?
• What's up with TCP 853 (DNS over TLS)?
• Buffer overflows found in libpcap and tcpdump
• A few Ghidra tips for IDA users, part 4 - function call graphs
• A few Ghidra tips for IDA users, part 3 - conversion, labels, and comments
• A few Ghidra tips for IDA users, part 2 - strings and parameters
• A few Ghidra tips for IDA users, part 1 - the decompiler/unreachable code
• A few Ghidra tips for IDA users, part 0 - automatic comments for API call parameters
• A strange spam
• Quickie: Using radare2 to disassemble shellcode
• Followup to IPv6 brute force and IPv6 blocking
• Are you watching for brute force attacks on IPv6?
• What is going on with port 3333?
• Forensic use of mount --bind
• New tool: mac-robber.py
• WTF tcp port 81
• New tool: sigs.py
• Quick and dirty generic listener
• New tool: docker-mount.py
• Guest Diary: Linux Capabilities - A friend and foe
• Forensicating Docker, Part 1
• Novel method for slowing down Locky on Samba server using fail2ban
• More updates to kippo-log2db
• Scanning for Fortinet ssh backdoor
• VMware security update
• Update to kippo-log2db.pl
• Odd new ssh scanning, possibly for D-Link devices
• OpenVPN server DoS vulnerability fixed
• Microsoft November out-of-cycle patch MS14-068
• SSDEEP update
• UDP port 1900 DDoS traffic
• Unusual CRL traffic?
• New tool: kippo-log2db.pl
• Those strange e-mails with URLs in them can lead to Android malware
• New Apache web server release
• Apple updates iOS and Apple TV
• Updated dumpdns.pl
• What were you doing 25 years ago (yesterday)?
• So what passwords are those ssh scanners trying?
• Is there an epidemic of typo squatting?
• IPv6 Focus Month: Guest Diary: Matthew Newton - IPv6 Cat Feeder - Turning those extra bits into bytes, literally
• IPv6 Focus Month at the Internet Storm Center
• And the Java 0-days just keep on coming
• Oracle quitely releases Java 7u13 early
• Cuckoo 0.5 is out and the world didn't end
• Another month another password disclosure breach
• Skype account hijack vulnerability fixed
• Microsoft November 2012 Black Tuesday Update - Overview
• An analysis of the Yahoo! passwords
• Potential leak of 6.5+ million LinkedIn password hashes
• BIND 9 Update - DoS or information disclosure vulnerability
• Firefox, Thunderbird, and Seamonkey Security Updates
• Tool updates and Win 8
• New automated sandbox for Android malware
• Chrome to stop checking Certificate Revocation List (CRL)?
• Book Review: Practical Packet Analysis, 2nd ed
• Critical Control 6 - Maintenance, Monitoring, and Analysis of Security Audit Logs
• VMware Advisory - UDF file system handling
• Cisco Advisories - FWSM, ASA, and NAC
• Are your tools ready for IPv6? (part 2)
• Are your tools ready for IPv6? (part 1)
• Apple Security Updates 2011-004
• April 2011 Microsoft Black Tuesday Summary
• Apple updates Java
• March 2011 Microsoft Black Tuesday Summary
• What's up with port 8881?
• Updates to a couple of Sysinternals tools
• Help with odd port scans
• Tools updates - Oct 2010
• Cyber Security Awareness Month - Day 20 - Securing Mobile Devices
• August 2010 Micrsoft Black Tuesday Summary
• Free/inexpensive tools for monitoring systems/networks
• July 2010 Microsoft Black Tuesday Summary
• VMware Studio Security Update
• Forensic challenge results
• Wireshark SMB file extraction plug-in
• We are experiencing e-mail issues
• Teredo request for packets
• Memory Analysis - time to move beyond XP
• WordPress iframe injection?
• Apple Security Update 2010-001
• The IE saga continues, out-of-cycle patch coming soon
• 49Gbps DDoS, IPv4 exhaustion, and DNSSEC, oh my!
• Forensic challenges
• Updates to my GREM Gold scripts and a new script
• Microsoft Updates requiring reboot
• Tool updates
• A couple more tools
• Apple Updates
• OSSEC version 2.2 available
• Seclists.org is finally back
• Request for packets
• Tools for extracting files from pcaps
• New and updated cheat sheets
• New Volatility plugins
• Stego in TCP retransmissions
• More new volatility plugins
• NTPD autokey vulnerability
• Wireshark-1.0.8 released
• More tools for (US) Memorial Day
• A packet challenge and how I solved it
• Conficker Working Group site down
• Wireshark 1.0.7 released
• Cool combination of tools
• Followup from last shift and some research to do.
• The continuing IE saga - workarounds
• Critical update to Adobe AIR
• Finding stealth injected DLLs
• How are you coming with that IPv6 migration?
• A new cheat sheet and a contest
• Some recently updated tools
• New Firefoxen out
• Novell eDirectory advisory
• Day 6 - Network-based Intrusion Detection Systems
• Firefox 3.0.3 will be out probably tomorrow
• More on tools/resources/blogs
• Lessons learned from the Palin (and other) account hijacks
• WebEx ActiveX buffer overflow
• Another MS update that may have escaped notice
• OMFW 2008 reflections
• Joomla user password reset vulnerability being actively exploited
• And you thought the DNS issue was an old one...
• Handling the load
• Updates to some of our favorite tools
• Another little script I threw together
• The scoop on the spike in UDP port 7 traffic
• Followup to "What's going on..."
• Firefox 2.0.0.15 is out
• What's going on with these ports? Got packets?
• Followup to 'How do you monitor your website?'
• Emergingthreats.net and ThePlanet
• So, how do you monitor your website?
• Followup to Flash/swf stories
• Disaster donation scams continue
• OSSEC 1.5 released
• More on automated exploit generation
• Some interesting reading for a snowy Saturday
• US Daylight Savings Time starts this weekend
• Microsoft Black Tuesday Advanced Notification
• Wireshark 0.99.8 released
• Firefox 2.0.0.12 is out
• 12, count 'em 12 Microsoft Bulletins coming Tuesday
• Exploiting the admin process
• From the mailbag, December 3rd edition
• WSUS issues?
• OpenSSL bulletin
• Cyber Security Awareness Tip #12: Managing and Understanding Logs on the Desktop or Laptop (AV, Firewall, or System Logs)
• Python script for packer identification
• Apple iPhone update 1.1.1
• AOL changes the free anti-virus they distribute
• Next week's Microsoft patches
• name-services.com DoS
• SANSFIRE 2007 wrap up, part 1
• Interesting new tool
• Other miscellaneous stuff I've come across recently
• Apple TV security update
• Followup to packet tools story
• New PHP releases
• Cisco PIX/ASA DHCP relay agent vulnerability
• Packet tools
• Pidgin 2.0 (previously gaim) released, victim of its own success?
• Is WEP dead yet? Should it be?
• telnetd deja vu, this time it is Kerberos 5 telnetd
• Various Vista Concerns
• Yahoo mail problems
• Weekend grab bag
• Firefox 2.0.0.2 released
• New Samba release fixes security issues
• More on dealing with image spam
• OSSEC turns (v)1.0
• Dealing with images in your spam
• Cacti remote code and SQL injection vulnerability
• What should I do with these gift cards?
• Port 32000 spike, got packets?
• Archiving the snort tips
• Yahoo Messenger critical update
• MS06-075: csrss local privilege escalation (CVE-2006-5585)
• What will the big security stories of 2007 be?
• nmap-4.20 released
• Microsoft December advance patch notification
• GnuPG new versions-upgrade now
• MS06-071: MSXML Core Services
• MS06-069: Adobe Flash Player
• MS06-068: Microsoft Agent
• sinFP-2.03 release
• NetSol Worldnic DNS server issues
• Reader's tip of the day: ratios vs. raw counts
• Back to green, but the exploits are still running wild
• OpenSSH 4.4 (and 4.4p1) released
• MS06-049 re-release
• Issues with e-mail notifier
• Rant-of-the-day: on the dangers of orphaned software (the dark side of open source)
• Log analysis follow up
• Happy birthday, disk drive
• A few preliminary log analysis thoughts
• New feature at isc.sans.org
• Log Analysis tips?
• * MS06-042 reissue
• SquirrelMail 1.4.8 released
• ClamAV versions up to 0.88.3 DoS
• Fedora Core 4 goes into maintenance mode, FC1 and FC2 end-of-life
• Tip of the Day: Read e-mail in plain text (as God intended) :)
• Firefox 1.5.0.6 release imminent
• Thanx to our readers
• Opera 9 long href PoC
• Opera 9.0 released
• Farewell 6Bone
• Firefox and Thunderbird 1.5.0.4 released
• F-Secure web console buffer overflow
• Spamming as 'terror' tactic
• Spaf on reexamining
• SANS Top 20 Spring Update
• Opera updates, too
• Horde exploit attempts in the wild
• IE exploit on the loose, going to yellow
• McAfee DAT 4715 clean up tool available
• A TCP/IP mystery (solved)
• So, when is a security advisory, not a security advisory?
• The 866-PC-SAFETY poll
• New variant of mambo exploit making the rounds
• Problems with MS patch KB913446 (for the IGMP issue, MS06-007)
• Periodic reminder of best practices for cleaning up after infection.
• More on Blackmal/Grew/Nyxem (file deletion payload)
• Exploits in the wild for several PHP-based web apps
• Help us out with a Christmas story
• Update on the SUS issues
• * VMWare vulnerability announced and fixed
• Symantec AV RAR library vulnerability
• Computerized elections, some thoughts
• Odd behavior after MS-SQL scan
• What I'm reading today
• DHCP OS Fingerprinting
• More on hunting rogue access points
• IT Help for Katrina victims; More Katrina Malware; Gas shortage hoax e-mail; MS05-043 exploits in the wild?; Scanning for old Cisco vulnerabilities
• PnP Worm out; More on the current Veritas vuln; Microsoft Update and Win 2K3 w/o SP1; new gaim version
• New IE Exploit PoC; phpBB notes; new book
• ZoneAlarm shutdown problem update, MS Black Tuesday
• German Spam (concise version); MS05-021 and Snort Signatures; Is it a security problem?
• Tax Day and recovering from San Diego; Oracle patches; IRC spam worm
• Shamrocks and March Madness; Perl bots; MS05-004 update
• Happy Valentine's Day; ARCserve probes?; OWA issue; new Opera version
• Corrected: From the mailbag
• Thoughts on VoIP, Holiday recommended reading
• Random thoughts for a quiet Sunday
• Aftermath of Microsoft's October Bulletins, more bots, and Linux rootkits
• Mixed bag for a quiet Sunday
• Updated(2): Checkpoint VPN-1 ASN.1 vulnerability, RADIUS and wireless, reminder about home routers
• Updated: IWAP_WWW account on compromised IIS servers
• (Updated) Additional info on yesterday's Linksys item, the importance of patching
• Update: Sasser.d to start the work week, clean up tools may not be adequate
• Combined exploits of MS vulnerabilities, port 1981 increase
• More agobot/phatbot/polybot variants, cPanel resetpass exploit
• Updated: Bagle C Virus. New Vulnerability in RealSecure and BlackIce Products, Solaris 8 and 9 passwd(1) bulletin, WinZip flaw, IE cross-frame scripting issue
• More on MS04-007
• Updated: Security bulletins from Sun, more Dameware