SharePoint exploitation has entered the parasitic phase. We are seeing hits to >100 distinct possible web shell URLs. Some of them may just be guesses.
Sample:
spininstall[0-9].aspx,spinstallx.aspx,Error404.1.aspx,info3.aspx,error.aspx
spinstall0.thank_you_defeners_for_rapid_response.aspx :)
24.07.2025 14:10 β π 0 π 0 π¬ 0 π 0
To whoever uses the username "/usr/share/wordlists/logins.txt" to attempt to log in to our honeypots: You are using your brute forcing tool wrong! :) [at least use a file in your home directory so we can see your username... probably root?]
06.04.2025 19:26 β π 1 π 0 π¬ 0 π 0
Happy 50th Birthday, Microsoft, and thanks for all the vulnerabilities over the years that have helped me pay many of my bills!
04.04.2025 17:47 β π 2 π 0 π¬ 0 π 0
14.03.2025 18:33 β π 0 π 0 π¬ 0 π 0
Some spam just makes you shake your head... what are they selling? IoT parenting solutions? There is an "Infant Industry"??
25.02.2025 17:21 β π 0 π 0 π¬ 0 π 0
Scanning my news feed: Buffer overflows are a thing, Mirai is attacking routers, and SSL VPN gateway flaws are attacked. Come on: give me something to work with, give me hope! Can I get at a cool SSRF vuln? A Unicode encoding mistake? An IPv6 problem? SOMETHING TO PROVE THAT THAT ANYBODY CARES!!
12.02.2025 17:12 β π 0 π 0 π¬ 0 π 0
animated gif displaying the ISC logo, the text 16 years, 3920 episodes, 435 hours of content and thanks for listening.
16 years ago, I started the daily SANS Internet Storm Center Stormcast. Over 16 years, I recorded about 3,900 episodes and 26,000 minutes of content (sounds more impressive than 16 days :) ).
Subscribe to it wherever you find podcasts. (or Alexa Flash Briefings, YouTube)
isc.sans.edu/podcast.html
10.02.2025 14:01 β π 9 π 5 π¬ 1 π 2
and Track 3 is still my favorite
Just noted this fun memorabilia in my GIAC certification history. Who remembers Track 1 ? Also got a Track 2 (Firewalls) ;-)
04.02.2025 18:48 β π 1 π 0 π¬ 0 π 0
text message advertising a job for a TikTok backup talent.
First time seeing this, one day before the expected TikTok shut down. Final attempts to monetize soon to be obsolete scripts? Anything else behind these obvious scams?
16.01.2025 14:05 β π 1 π 0 π¬ 0 π 0
SANS.edu Internet Storm Center - SANS Internet Storm Center
SANS.edu Internet Storm Center. Today's Top Story: The Curious Case of a 12-Year-Old Netgear Router Vulnerability;
The vulnerability Yee Ching wrote about in today's diary may be 12 years old. But Norton AnitVirus still can't distinguish an article about an attack from the attack itself. If your AV alerts are on isc.sans.edu, the site is safe. I promise :)
15.01.2025 12:36 β π 5 π 2 π¬ 1 π 0
screenshot of a message saying "Ullrich, Johannes" mentioned by "ULLRICH, JohannesB."
Is anybody else getting spam like this from "academia.com"? The reason I call it spam is that (a) I probably didn't mention myself on a platform I am not using (b) the only way to see what I said about myself requires $5.
I am aware of similar platforms like Researchgate and am using them.
22.11.2023 16:03 β π 0 π 0 π¬ 0 π 0
screenshot of Microsoft Defender detail pane showing no details
Clicking on "details" isn't exactly helpful in MSFT Defender
16.11.2023 16:22 β π 0 π 0 π¬ 0 π 0
When your AI sales pitch falls flat..
23.10.2023 14:59 β π 3 π 0 π¬ 0 π 0
First test post⦠and well, just trying to setup this 5G access point as Comcast is down ⦠only one small issue with the default password
20.10.2023 14:09 β π 3 π 0 π¬ 0 π 0
Journalist - cyber/natn'l security. Speaker. Georgetown adjunct prof. Author - COUNTDOWN TO ZERO DAY: Stuxnet and the Launch of the World's First Digital Weapon
Signal: KimZ.42
https://www.zetter-zeroday.com
Writer for WIRED. Author of SANDWORM. New book, TRACERS IN THE DARK: The Global Hunt for the Crime Lords of Cryptocurrency, out now. agreenberg@wired.com. Andy.01 on Signal.
Geopolitics, Russia, China, Cyber
Chairman @silverado.org
Author of WorldOnTheBrink.com
Host GeopoliticsDecanted.com podcast
Founder Alperovitch Institute for Cybersecurity Studies at Johns Hopkins SAIS
Co-Founder CrowdStrike
@DAlperovitch elsewhere
computer security person. former helpdesk.
I am eminently qualified to speak from experience about a variety of dumpster fires.
ICS DFIR at Dragos, martial artist, marksman, humanist, level 14 Neutral Good rogue, USAF retired. I post *very serious* things about infosec. Thoughts my own. Enby. π³οΈβπ
Cloud, code, security automation, boating, biking, beer, and bourbon.
https://pumasecurity.io
Full-time Christian, husband, dad of 4, nerd @Counter Hack; Certified SANS instructor; Cyber Soldier; GSE #259
IT Security guy, penetration testing is my thing. One of the SANS Internet Storm Center handlers at https://isc.sans.org.
SANS SEC542 instructor and course co-author, SEC565 instructor.
I lead the penetration testing team at INFIGO, https://www.infigo.is
Relay Tracking News & Blogs about infosec, cybersec
- source removal/addition suggestions welcome !
CVE : check out @cve.skyfleet.blue
π @skyfleet.blue
official Bluesky account (check usernameπ)
Bugs, feature requests, feedback: support@bsky.app
