I have, for a long time, been watching my logs for unusually long command line artifacts. Something suspicious doesn't have to be long, but except for a few well-known and easily ignored applications, most long command lines are suspicious. For example, imagine you came across this in your logs: Suspicious,
Very quick post, mostly notes for myself. When using Volatility 3 you might noticed that some plugins cannot be loaded # ./vol.py -h [...] The following plugins could not be loaded (use -vv to see why): volatility.plugins.windows.cachedump, volatility.plugins.windows.callbacks, volatility.plugins.windows.hashdump, volatility.plugins.windows.
I'm a huge fan of https://makemeapassword.ligos.net/generate/readablepassphrase, and regularly advise people to use it when generating passwords that need to be memorized or typed frequently. However, there's been numerous times people have expressed concerns that they're effectively generating passwords on someone else's computer. This is (typically)
I wanted to address a tweet posted today by the UK's National Cyber Security Centre advising people to use three random words as a passphrase. When choosing your password, use #threerandomwords: memorable but not easy to guess, a good compromise between protection and usability https://t.co/6pEf004ohb pic.twitter.
There's really nothing special here except a mildly updated example of the code found here: https://docs.splunk.com/Documentation/Splunk/8.0.1/RESTTUT/RESTsearches#Python_example Basically, updated to python3 due to the impending end-of-life (print() adjustment, and urlencode had changed in Python3). While I was at it,
School Vandals Caught When Smartphones Connect to Wi-Fi https://slate.com/technology/2019/07/glenelg-high-school-graffiti-wifi-login.html Four students who spray-painted hateful symbols on their school were caught, despite covering their faces, when their phones automatically connected to the schools wireless. School administrators simply checked for who had authenticated during the
July Patches for Android Devices Have Been Released https://thehackernews.com/2019/07/android-security-update.html https://source.android.com/security/bulletin/2019-07-01 Of the 33 vulnerabilities patched this month, 9 of these are considered critical and 3 could be used for remote code execution (RCE) on a device. Remember, laptops
I feel like I'm getting better at this, at least I got the day right this time... Third Florida Town in Three Weeks hit by Ransomware https://arstechnica.com/information-technology/2019/06/is-there-something-in-the-water-third-florida-city-hit-by-ransomware/ It appears all three incidents started with a city employee clicking in an email attachment. An interesting
Not off to a great start. I forgot to post last week and I'm a day late this week. Still, here it is. Two Additional Universities Announce Email Compromise https://threatpost.com/university-breaches-email-threats/145759/ On the heels of OSU (last week), Graceland University in Iowa and Missouri Southern State University
I started developing a Cybersecurity Newsletter for those around me (parents, colleges, etc.) and was told it would be a good weekly addition here. The notes below each headline are my own and how they are relevant, a brief summary, or quotes from the article as appropriate. Australian National University
This appears to be a somewhat recent problem, and when searching for an answer, a lot of posts reference solutions or VMWare KB's that don't help (enabling swap, checking inodes, etc.). This problem appeared somewhere between ESXi-6.7.0-20190104001-standard (Build 11675023) and ESXi-6.7.0-20190404001-standard (Build 13473784). When updating via