This is a Guest Diary by Gokul Prema Thangavel, an ISC intern as part of the SANS.edu Bachelor Degree Program. Introduction The SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 is one of the most-observed Outlaw / Shellbot artifacts on the public internet. VirusTotal first ingested it on 5 July 2018 [2]. It is the SHA-256 of the authorized_keys file written…
Tag: SANSedu
AI, Cybersecurity, Global Security News, Network Security, privacy
[GUEST DIARY] Tearing apart website fraud to see how it works., (Wed, May 13th)
[This is a Guest Diary by Joshua Nikolson, an ISC Intern and part of the SANS.edu Bachelor’s degree in Applied Cybersecurity (BACS) program.] Introduction One day at work, a friend messaged me, “How do you check a website to see if it’s legit?” This friend recently received a phishing text message from a “bank”,…
AI, Apps, Cybersecurity, Exploits, Global Security News
An Adaptive Cyber Analytics UI for Web Honeypot Logs [Guest Diary], (Wed, May 6th)
[This is a Guest Diary by Eric Roldan, an ISC intern as part of the SANS.edu BACS program] Through the expansion of Large Language Models (LLMs), cybersecurity has exploded with a variety of tools for both offensive and defensive purposes. A majority of software and cyber tools are integrating Artificial Intelligence (AI) solutions into their…
AI, APAC, Exploits, Global Security News, malware, Network Security
Danger of Libredtail [Guest Diary], (Wed, Apr 29th)
[This is a Guest Diary by James Roberts, an ISC intern as part of the SANS.edu BACS program] Over the last few months, I have gained valuable experience working with the Internet Storm Center (ISC) operating a honeypot and analyzing its output via a SIEM environment. This work gave me hands on experience with system…
AI, Cybersecurity, Exploits, Global Security News, malware, Network Security, privacy, Risk Management
[Guest Diary] Beyond Cryptojacking: Telegram tdata as a Credential Harvesting Vector, Lessons from a Honeypot Incident, (Wed, Apr 22nd)
[This is a Guest Diary by L. Carty, an ISC intern as part of the SANS.edu Bachelor’s Degree in Applied Cybersecurity (BACS) program [1].] Introduction A few weeks ago, my honeypot logged an incident that changed how I think about modern attacks. A threat actor broke into my system using weak SSH credentials and immediately…
AI, Cybersecurity, Global Security News, malware, Network Security
[Guest Diary] Compromised DVRs and Finding Them in the Wild, (Thu, Apr 16th)
[This is a Guest Diary by Alec Jaffe, an ISC intern as part of the SANS.edu Bachelor’s Degree in Applied Cybersecurity (BACS) program [1]. Security cameras are great at monitoring physical doors, but terrible at locking their own digital ones. Across the internet, thousands of unpatched DVRs sit publicly exposed, many guarded only by the…
AI, Cybersecurity, Data Breaches, Data Security, Exploits, Global Security News, Network Security, Risk Management
When your IoT Device Logs in as Admin, It?s too Late! [Guest Diary], (Wed, Mar 11th)
[This is a Guest Diary by Adam Thorman, an ISC intern as part of the SANS.edu BACS program] Introduction Have you ever installed a new device on your home or company router? Even when setup instructions are straightforward, end users often skip the step that matters most: changing default credentials. The excitement of deploying a…
AI, Apps, Cybersecurity, Exploits, Global Security News, Network Security
Differentiating Between a Targeted Intrusion and an Automated Opportunistic Scanning [Guest Diary], (Wed, Mar 4th)
[This is a Guest Diary by Joseph Gruen, an ISC intern as part of the SANS.edu BACS program] The internet is under constant, automated siege. Every publicly reachable IP address is probed continuously by bots and scanners hunting for anything that can be exploited or retrieved. It’s not because there is a specific target, but…
AI, APAC, Cybersecurity, Exploits, Global Security News, malware, Network Security
Finding Signal in the Noise: Lessons Learned Running a Honeypot with AI Assistance [Guest Diary], (Tue, Feb 24th)
[This is a Guest Diary by Austin Bodolay, an ISC intern as part of the SANS.edu BACS program] Over the past several months, I have gained practical insight into the challenges of deploying and operating a honeypot, even within a relatively simple environment. This work highlighted how varying hardware, software, and network design—can significantly alter…
AI, Exploits, Global Security News, malware, Network Security
Four Seconds to Botnet – Analyzing a Self Propagating SSH Worm with Cryptographically Signed C2 [Guest Diary], (Wed, Feb 11th)
[This is a Guest Diary by Johnathan Husch, an ISC intern as part of the SANS.edu BACS program] Weak SSH passwords remain one of the most consistently exploited attack surfaces on the Internet. Even today, botnet operators continue to deploy credential stuffing malware that is capable of performing a full compromise of Linux systems in…