Guy Bruneau Diaries

Back to Handlers

• October 2024 Activity with Username chenzilong
• Scanning Activity from Subnet 15.184.0.0/16
• Kickstart Your DShield Honeypot [Guest Diary]
• OSINT - Image Analysis or More Where, When, and Metadata [Guest Diary]
• Time-to-Live Analysis of DShield Data with Vega-Lite
• Hygiene, Hygiene, Hygiene! [Guest Diary]
• Attack Surface [Guest Diary]
• Vega-Lite with Kibana to Parse and Display IP Activity over Time
• Mapping Threats with DNSTwist and the Internet Storm Center [Guest Diary]
• Same Scripts, Different Day: What My DShield Honeypot Taught Me About the Importance of Security Fundamentals [Guest Diary]
• Who You Gonna Call? AndroxGh0st Busters! [Guest Diary]
• What Setting Live Traps for Cybercriminals Taught Me About Security [Guest Diary]
• No Excuses, Free Tools to Help Secure Authentication in Ubuntu Linux [Guest Diary]
• The Art of JQ and Command-line Fu [Guest Diary]
• Is that It? Finding the Unknown: Correlations Between Honeypot Logs & PCAPs [Guest Diary]
• Analysis of ?redtail? File Uploads to ICS Honeypot, a Multi-Architecture Coin Miner [Guest Diary]
• Linux Trojan - Xorddos with Filename eyshcjdmzg
• A Use Case for Adding Threat Hunting to Your Security Operations Team. Detecting Adversaries Abusing Legitimate Tools in A Customer Environment. [Guest Diary]
• Gamified Learning: Using Capture the Flag Challenges to Supplement Cybersecurity Training [Guest Diary]
• What happens when you accidentally leak your AWS API keys? [Guest Diary]
• Capturing DShield Packets with a LAN Tap [Guest Diary]
• Scanning for Confluence CVE-2022-26134
• Utilizing the VirusTotal API to Query Files Uploaded to DShield Honeypot [Guest Diary]
• Mirai-Mirai On The Wall... [Guest Diary]
• DShield Sensor Log Collection with Elasticsearch
• Suspicious Prometei Botnet Activity
• Unveiling the Mirai: Insights into Recent DShield Honeypot Activity [Guest Diary]
• How to Protect your Webserver from Directory Enumeration Attack ? Apache2 [Guest Diary]
• T-shooting Terraform for DShield Honeypot in Azure [Guest Diary]
• Honeypots: From the Skeptical Beginner to the Tactical Enthusiast
• Revealing the Hidden Risks of QR Codes [Guest Diary]
• Decoding the Patterns: Analyzing DShield Honeypot Activity [Guest Diary]
• CVE-2023-1389: A New Means to Expand Botnets
• Routers Targeted for Gafgyt Botnet [Guest Diary]
• Spam or Phishing? Looking for Credentials & Passwords
• Domain Name Used as Password Captured by DShield Sensor
• Scanning for Laravel - a PHP Framework for Web Artisants
• ?Anyone get the ASN of the Truck that Hit Me?!?: Creating a PowerShell Function to Make 3rd Party API Calls for Extending Honeypot Information [Guest Diary]
• Potential Weaponizing of Honeypot Logs [Guest Diary]
• How I made a qwerty ?keyboard walk? password generator with ChatGPT [Guest Diary]
• SystemBC Malware Activity
• DShield Sensor Monitoring with a Docker ELK Stack [Guest Diary]
• Install & Configure Filebeat on Raspberry Pi ARM64 to Parse DShield Sensor Logs
• Email Spam with Attachment Modiloader
• DShield Honeypot Activity for May 2023
• We Can no Longer Ignore the Cost of Cybersecurity
• DShield Sensor Update
• Using Linux grep and Windows findstr to Manipulate Files
• Microsoft Released an Update for Windows Snipping Tool Vulnerability
• AsynRAT Trojan - Bill Payment (Pago de la factura)
• Spear Phishing Handlers for Username/Password
• Assemblyline as a Malware Analysis Sandbox
• DShield Sensor JSON Log to Elasticsearch
• DShield Sensor JSON Log Analysis
• DShield Sensor Setup in Azure
• Exchange OWASSRF Exploited for Remote Code Execution
• Infostealer Malware with Double Extension
• VMware Security Updates
• Linux LOLBins Applications Available in Windows
• McAfee Fake Antivirus Phishing Campaign is Back!
• Windows Malware with VHD Extension
• Malware - Covid Vaccination Supplier Declaration
• Phishing Word Documents with Suspicious URL
• HTTP/2 Packet Analysis with Wireshark
• Phishing HTML Attachment as Voicemail Audio Transcription
• Analysis of SSH Honeypot Data with PowerBI
• Excel 4 Emotet Maldoc Analysis using CyberChef
• Spam Email Contains a Very Large ISO file
• Phishing PDF Received in my ISC Mailbox
• Are Roku Streaming Devices Safe from Exploitation?
• Is buying Cyber Insurance a Must Now?
• Using Snort IDS Rules with NetWitness PacketDecoder
• DHL Spear Phishing to Capture Username/Password
• SIEM In this Decade, Are They Better than the Last?
• 10 Most Popular Targeted Ports in the Past 3 Weeks
• Exchange Server - Email Trapped in Transport Queues
• A Review of Year 2021
• Searching for Exposed ASUS Routers Vulnerable to CVE-2021-20090
• Hikvision Security Cameras Potentially Exposed to Remote Code Execution
• Remote Desktop Protocol (RDP) Discovery
• Apache is Actively Scan for CVE-2021-41773 & CVE-2021-42013
• Scanning for Previous Oracle WebLogic Vulnerabilities
• Shipping to Elasticsearch Microsoft DNS Logs
• Filter JSON Data by Value with Linux jq
• Scanning for Microsoft Exchange eDiscovery
• Unsolicited DNS Queries
• Scanning for Microsoft Secure Socket Tunneling Protocol
• CVE-2019-9670: Zimbra Collaboration Suite XXE vulnerability
• Fortinet Targeted for Unpatched SSL VPN Discovery Activity
• Spear-phishing Email Targeting Outlook Mail Clients
• Who is Probing the Internet for Research Purposes?
• Base64 Hashes Used in Web Scanning
• Building an IDS Sensor with Suricata & Zeek with Logs to ELK
• Malware Analysis with elastic-agent and Microsoft Sandbox
• Microsoft DHCP Logs Shipped to ELK
• Pretending to be an Outlook Version Update
• Using Logstash to Parse IPtables Firewall Logs
• PacketSifter as Network Parsing and Telemetry Tool
• Obfuscated DNS Queries
• Protecting Home Office and Enterprise in 2021
• Secure Communication using TLS in Elasticsearch
• Is IP 91.199.118.137 testing Access to aahwwx.52host.xyz?
• Detecting Actors Activity with Threat Intel
• Cryptojacking Targeting WebLogic TCP/7001
• An Alternative to Shodan, Censys with User-Agent CensysInspect/1.1
• Scanning for SOHO Routers
• Analysis of a Salesforce Phishing Emails
• Remote Desktop (TCP/3389) and Telnet (TCP/23), What might they have in Common?
• Scanning Activity Include Netcat Listener
• Scanning Activity for ZeroShell Unauthenticated Access
• Scanning Home Internet Facing Devices to Exploit
• tcp-honeypot.py Logstash Parser & Dashboard Update
• Mirai Botnet Activity
• Windows 10 Built-in Packet Sniffer - PktMon
• Scanning for Outlook Web Access (OWA) & Microsoft Exchange Control Panel (ECP)
• Phishing PDF with Unusual Hostname
• Maldoc Falsely Represented as DOCX Invoice Redirecting to Fake Apple Store
• Maldoc XLS Invoice with Excel 4 Macros
• Honeypot - Scanning and Targeting Devices & Services
• VPN Access and Activity Monitoring
• Hazelcast IMDG Discover Scan
• SOAR or not to SOAR?
• Is Threat Hunting the new Fad?
• ELK Dashboard and Logstash parser for tcp-honeypot Logs
• ELK Dashboard for Pihole Logs
• Integrating Pi-hole Logs in ELK with Logstash
• Local Malware Analysis with Malice
• Fake Netflix Update Request by Text
• Unusual Activity with Double Base64 Encoding
• Scanning Activity for NVMS-9000 Digital Video Recorder
• Unidentified Scanning Activity
• Are there any Advantages of Buying Cyber Security Insurance?
• Re-evaluating Network Security - It is Increasingly More Complex
• Guidance to Protect DNS Against Hijacking & Scanning for Version.BIND Still a Thing
• Is Metadata Only Approach, Good Enough for Network Traffic Analysis?
• Fake Office 365 Payment Information Update
• A Comparison Study of SSH Port Activity - TCP 22 & 2222
• Packet Editor and Builder by Colasoft
• Scanning for WebDAV PROPFIND Exploiting CVE-2017-7269
• Snorpy a Web Base Tool to Build Snort/Suricata Rules
• Scanning Activity, end Goal is to add Hosts to Mirai Botnet
• Random Port Scan for Open RDP Backdoor
• Multipurpose PCAP Analysis Tool
• Latest Release of rockNSM 2.1
• Apple Security Updates
• Using RITA for Threat Analysis
• Hello Peppa! - PHP Scans
• Capture and Analysis of User Agents
• Scans Attempting to use PowerShell to Download PHP Script
• Scanning for Apache Struts Vulnerability CVE-2017-5638
• Blackhole Advertising Sites with Pi-hole
• SSH Scans by Clients Types
• What are your Security Challenges for 2018?
• Exim Remote Code Exploit
• Benefits associated with the use of Open Source Software
• VBE Embeded Script (info.zip)
• jsonrpc Scanning for root account
• rockNSM as a Incident Response Package
• tshark 2.4 New Feature - Command Line Export Objects
• Text Banking Scams
• Mapping Use Cases to Logs. Which Logs are the Most Important to Collect?
• CyberChef a Must Have Tool in your Tool bag!
• Microsoft Released Guidance for WannaCrypt
• IPFire - A Household Multipurpose Security Gateway
• Honeypot Logs and Tracking a VBE Script
• It is Tax Season - Watch out for Suspicious Attachment
• Unpatched Microsoft Edge and IE Bug
• Request for Packets and Logs - TCP 5358
• Using daemonlogger as a Software Tap
• Bitcoin Miner File Upload via FTP
• Request for Packets TCP 4786 - CVE-2016-6385
• Is there an Infosec Cybersecurity Talent Shortage?
• Multiple Cisco Products affected by IKEv1 Vulnerability
• Spam with Obfuscated Javascript
• Is Data Privacy part of your Company's Culture?
• DNS Sinkhole ISO Version 2.0
• Analysis of a Distributed Denial of Service (DDoS)
• INetSim as a Basic Honeypot
• Highlights from the 2016 HPE Annual Cyber Threat Report
• A Look at the Mandiant M-Trends 2016 Report
• RFC 6598 - Carrier Grade NAT
• OpenSSL Security Update Planned for 1 March Release
• Wireshark Fixes Several Bugs and Vulnerabilities
• VMware VMSA-2015-0007.3 has been Re-released
• Windows 10 and System Protection for DATA Default is OFF
• OpenSSL 1.0.2 Advisory and Update
• What are you Concerned the Most in 2016?
• Are you looking to setup your own Malware Sandbox?
• OpenDNS Research Used to Predict Threat
• Nmap 7.00 is out!
• Data Visualization,What is your Tool of Choice?
• Adobe Acrobat and Reader Pre-Announcement
• Are you a "Hunter"?
• PHP 5.x Security Updates
• Is Windows XP still around in your Network a year after Support Ended?
• Business Value in "Big Data"
• 'Dead Drops' Hidden USB Sticks Around the World
• Blind SQL Injection against WordPress SEO by Yoast
• Should it be Mandatory to have an Independent Security Audit after a Breach?
• Beware of Phishing and Spam Super Bowl Fans!
• Strange & Random GET PHP Queries
• Site www.nfc.usda.gov and www.usda.gov Currently Down
• Do you have a Data Breach Response Plan?
• justniffer a Packet Analysis Tool
• Apple Multiple Security Updates
• Microsoft MSRT October Update
• What has Bash and Heartbleed Taught Us?
• PHP Fixes Several Bugs in Version 5.4 and 5.5
• Web Scan looking for /info/whitelist.pac
• NSS Labs Cyber Resilience Report
• Management and Control of Mobile Device Security
• Malware Analysis with pedump
• Java Support ends for Windows XP
• BIND Security Update for CVE-2014-3859
• efax Spam Containing Malware
• Microsoft May Patch Pre-Announcement
• Verizon 2014 Data Breach Report
• New Project by Linux Foundation - Core Infrastructure Initiative
• Android Users - Beware of Bitcoin Mining Malware
• Interested in a Heartbleed Challenge?
• Heartbleed Fix Available for Download for Cisco Products
• OpenSSL CVE-2014-0160 Fixed
• How the Compromise of a User Account Lead to a Spam Incident
• Microsoft March Patch Pre-Announcement
• Finding in Cisco's Annual Security Report
• Notification Glitch - Multiple New Diary Notifications
• tcpflow 1.4.4 and some of its most Interesting Features
• Strange DNS Queries - Request for Packets
• Microsoft December Patch Pre-Announcement
• Suspected Active Rovnix Botnet Controller
• VMware ESX 4.x Security Advisory
• Sagan as a Log Normalizer
• IE Zero-Day Vulnerability Exploiting msvcrt.dll
• Active Perl/Shellbot Trojan
• VMware Release Multiple Security Updates
• Microsoft September Patch Pre-Announcement
• Multiple Cisco Security Notice
• Snort IDS Sensor with Sguil New ISO Released
• Business Risks and Cyber Attacks
• Wireshark 1.8.9 and 1.10.1 Security Update
• Why use Regular Expressions?
• Ubuntu Forums Security Breach
• Is Metadata the Magic in Modern Network Security?
• Microsoft July Patch Pre-Announcement
• .biz DNSSEC DNSKEY is Invalid
• Facebook Reports a Potential Leak of User Data
• HP iLO3/iLO4 Remote Unauthorized Access with Single-Sign-On
• Exploit Sample for Win32/CVE-2012-0158
• Safe - Tools, Tactics and Techniques
• Port 51616 - Got Packets?
• Apple ID Two-step Verification Now Available in some Countries
• IPv6 Focus Month: IPv6 Encapsulation - Protocol 41
• Apple Blocking Java Web plug-in
• Wireshark Security Updates
• Adobe Acrobat and Reader Security Update Planned this Week
• HP ArcSight Connector Appliance and Logger Vulnerabilities
• Java 7 Update 11 Still has a Flaw
• D-link Wireless-G Router Year Issue (Y2K-plus-13)
• Adobe ColdFusion Security Advisory
• "FixIt" Patch for CVE-2012-4792 Bypassed
• Collecting Logs from Security Devices at Home
• Zero Day MySQL Buffer Overflow
• Storing your Collection of Malware Samples with Malwarehouse
• Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10 (2755801)
• IE Cumulative Updates MS12-063 - KB2744842
• Phishing/Spam Pretending to be from BBB
• Webmin Input Validation Vulnerabilities
• Suspicious eFax Spear Phishing Messages
• Wireshark Security Update
• Opera Security Update
• End of Days for MS-CHAPv2
• BIND 9 Security Updates
• Oracle July 2012 Critical Patch Pre-Release Announcement
• Using JSDetox to Analyze and Deobfuscate Javascript
• Issues with Windows Update Agent
• CVE-2012-1875 exploit is now available
• Technical Analysis of Flash Player CVE-2012-0779
• Google Publish Transparency Report
• iOS 5.1.1 Software Update for iPod, iPhone, iPad
• Adobe Security Flash Update
• WordPress Release Security Update
• Apple Java Updates for Mac OS X
• wicd Privilege Escalation 0day exploit for Backtrack 5 R2
• HP ProCurve 5400 zl Switch, Flash Cards Infected with Malware
• Wireshark 1.6.6 and 1.4.2 Released
• VMware New and Updated Security Advisories
• OpenSSL Security Update
• VMware New and Updated Advisories
• Reflected XSS in Splunk Web Affecting Version 4.0 to 4.3
• Flashback Trojan in the Wild
• Sophos 2012 Security Threat Report
• DNS Sinkhole Scripts Fixes/Update
• Strange DNS Queries - Request Packets/Logs
• New Generic Top-Level Domains (gTLDs) out for Sale
• New Version of tcpflow Available in Beta
• January 2012 Patch Tuesday Pre-release
• SSH Password Brute Forcing may be on the Rise
• Duqu Mitigation
• November 2011 Patch Tuesday Pre-release
• tcpdump and IPv6
• Oracle Java SE Critical Patch Update
• DNS Sinkhole Parser Script Update
• Critical Control 10: Continuous Vulnerability Assessment and Remediation
• MS Security Advisory Update - Fraudulent DigiNotar Certificates
• Google Chrome Security Updates
• Apple Certificate Trust Policy Update
• IPv6 and DNS Sinkhole
• Telex - A Radical New Approach to Bypass Security
• FireCAT 2.0 Released
• BlackBerry Enterprise Server Critical Update
• Samba 3.6.0 Released
• XenApp and XenDesktop could result in Arbitrary Code Execution
• Are Mobile Devices taking over your Corporate Network?
• New Sguil HTTPRY Agent
• Symantec Report - Spam Surge against Social Networks
• How Good is your Employee Termination Policy?
• WordPress Forces Password Reset
• Mozilla Firefox and Thunderbird Security Updates
• Sega Pass Compromised - 1.29 Million Customers Data Leaked
• SonyPictures Site Compromised
• Oracle Java SE Critical Patch Update Pre-Release Announcement - June 2011
• Release of Wireshark 1.6.0rc2
• Sysinternals Updates, Analyzing Stuxnet Infection with Sysinternals Tools Part 3
• Common Vulnerability Reporting Framework (CVRF)
• Distributed Denial of Service Cheat Sheet
• Websense Study Claims Canada Next Hotbed for Cybercrime Web Hosting Activity
• Incident Response Methodologies Worm Infection Cheat Sheet
• Firefox, Thunderbird and SeaMonkey Security Updates
• VMware ESXi 4.1 Security and Firmware Updates
• Adobe Reader and Acrobat Security Updates
• Silverlight Update Available
• Strange Shockwave File with Surprising Attachments
• Japan Earthquake: Possible scams / malware
• Snort IDS Sensor with Sguil Framework ISO
• Snort Data Acquisition Library
• OpenSSH Legacy Certificate Information Disclosure Vulnerability
• Nmap 5.50 Released
• OpenOffice Security Fixes
• ISC DHCP DHCPv6 Vulnerability
• January 2011 Patch Tuesday Pre-release
• PandaLabs 2010 Annual Report
• Patch Issues with Outlook 2007
• Highlight of Survey Related to Issues Affecting Businesses in 2010
• Cisco Unified Videoconferencing Affected by Multiple Vulnerabilities
• Conficker B++ Activated on Nov 15
• Reference on Open Source Digital Forensics
• Acrobat and Adobe Reader Security Update
• OpenSSL TLS Extension Parsing Race Condition
• Register.com DNS Issues
• Honeynet Forensic Challenge - Analyzing Malicious Portable Destructive Files
• Scripting with Unix Date
• Cyber Security Awareness Month - Day 30 - Role of the network team
• Security Update for Shockwave Player
• Cyber Security Awareness Month - Day 16 - Securing a donated computer
• Adobe out-of-cycle Updates
• Shadowserver Binary Whitelisting Service
• Cisco IOS Software 15.1(2)T TCP DoS
• QuickTime Security Updates
• Wireshark 1.2.10 released
• Web Traffic Analysis with httpry
• SophosLabs Released Free Tool to Validate Microsoft Shortcut
• socat to Simulate a Website
• DNS Sinkhole ISO Available for Download
• Security Advisory for Flash Player, Adobe Reader and Acrobat
• OpenOffice.org 3.2.1 Fixes Bugs and Vulnerabilities
• Microsoft Patch Tuesday June 2010 Pre-Release
• Wireshark DOCSIS Dissector DoS Vulnerability
• Microsoft Patch Tuesday May 2010 Pre-Release
• MS10-025 Security Update has been Pulled
• McAfee DAT 5958 Update Issues
• Some NetSol hosted sites breached
• Microsoft Patch Tuesday April 2010 Pre-Release
• Oracle Java SE and Java for Business Critical Patch Update Advisory
• Foxit Reader Security Update
• Apple QuickTime and iTunes Security Update
• Security Advisory for ESX Service Console
• Create a Summary of IP Addresses from PCAP Files using Unix Tools
• HP-UX Running NFS/ONCplus, Inadvertently Enabled NFS
• PHP 5.2.13 Security Update
• LANDesk Management Gateway Vulnerability
• Oracle WebLogic Server Security Alert
• Cisco Secure Desktop Remote XSS Vulnerability
• Adobe ColdFusion Information Disclosure
• Sun Java JRE 6 Update 18 Released
• Easy DNS BIND Sinkhole Setup
• Secure USB Flaw Exposed
• Ready to use IDS Sensor with Sguil
• KDC DoS in cross-realm referral processing
• Microsoft IIS File Parsing Extension Vulnerability
• F5 BIG-IP ASM and PSM Remote Buffer Overflow
• Java JRE Buffer and Integer Overflow
• Metasploit Framework 3.3 Released
• OpenVPN Fixed OpenSSL Session Renegotiation Issue
• Apple Security Update 2009-006 for Mac OS X v10.6.2
• Samba Security Information Disclosure and DoS
• Cyber Security Awareness Month - Day 4 - Port 20/21 - FTP-data/FTP
• Firefox 3.5.3 and 3.0.14 has been released
• Bug Fixes in Sun SDK 5 and Java SE 6
• Microsoft September 2009 Black Tuesday Overview
• Cisco Security Advisory TCP DoS
• Vista/2008/Windows 7 SMB2 BSOD 0Day
• Gmail Down
• Opera 10 with Security Fixes
• Immunet Protect - Cloud and Community Malware Protection
• XML Libraries Data Parsing Vulnerabilities
• Changes in Windows Security Center
• WordPress Fixes Multiple vulnerabilities
• IP Address Range Search with libpcap
• Wireshark 1.2.0 released
• SANSFIRE 2009 Starts Tomorrow