Hacking

ISC Stormcast For Friday, October 3rd, 2025 https://isc.sans.edu/podcastdetail/9640, (Fri, Oct 3rd) Source link

I have been writing about the “.well-known” directory a few times before. Recently, about attackers hiding webshells [1], and before that, about the purpose of the directory and why you should set up a “/.well-known/security.txt” file. But I noticed something else when I looked at today’s logs on this web server. Sometimes you do not…

ISC Stormcast For Thursday, October 2nd, 2025 https://isc.sans.edu/podcastdetail/9638, (Thu, Oct 2nd) Source link

Research by: hasherezade Rhadamanthys is a popular, multi-modular stealer, released in 2022. Since then, it has been used in multiple campaigns by various actors. Most recently, it is being observed in the ClickFix campaigns. The latest version, 0.9.2, comes with significant updates that may impact detection and enforce updates to tools used by researchers. Check Point…

ARM64 Windows Payload This latest metasploit-framework release marks a significant milestone, introducing the inaugural payload specifically designed for Windows ARM64 architecture: windows/aarch64/exec. This addition greatly expands the framework’s capabilities, enabling penetration testers and security researchers to develop and deploy exploits against the growing number of Windows devices powered by ARM processors. We extend our sincere gratitude…

Rapid7 was recently tasked with testing a client’s internal network, an environment that included multiple subnets. Due to the size of the network, this was a paired internal – an engagement in which two consultants are assigned to the same network penetration test.  Starting softly We kicked off this one how we typically do: by…

ISC Stormcast For Wednesday, October 1st, 2025 https://isc.sans.edu/podcastdetail/9636, (Wed, Oct 1st) Source link

Multi-factor authentication (MFA) is often touted as a silver-bullet for preventing breaches, but it is only as good as the people using it. Without other compensating controls in place, a malicious actor could be one push notification away from your internal network. This is the story of how I went external-to-internal on an external network…

On Friday, July 18, 2025, managed file transfer vendor CrushFTP released information to a private mailing list on a new critical vulnerability, tracked as CVE-2025-54309, affecting versions below 10.8.5 and 11.3.4_23 across all platforms. According to the public-facing vendor advisory, this vulnerability in the CrushFTP managed file transfer software web interface is being exploited in…

[This is a Guest Diary by Draden Barwick, an ISC intern as part of the SANS.edu Bachelor’s Degree in Applied Cybersecurity (BACS) program [1].] DShield Honeypots are constantly exposed to the internet and inundated with exploit traffic, login attempts, and other malicious activity. Analyzing the logged password attempts can help identify what attackers are targeting. To…