- Home
- Cyber Events
- Infocon: greenon July 11, 2025 at 12:30 am
SSH Tunneling in Action: direct-tcp requests [Guest Diary]
- SSH Tunneling in Action: direct-tcp requests [Guest Diary], (Wed, Jul 9th)on July 10, 2025 at 9:22 pm
[This is a Guest Diary by Sihui Neo, an ISC intern as part of the SANS.edu BACS program]
- ISC Stormcast For Thursday, July 10th, 2025 https://isc.sans.edu/podcastdetail/9520, (Thu, Jul 10th)on July 10, 2025 at 2:00 am
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
- Setting up Your Own Certificate Authority for Development: Why and How., (Wed, Jul 9th)on July 9, 2025 at 2:32 pm
There are several reasons why one would set up an internal certificate authority. Some are configured to support strong authentication schemes, some for additional flexibility and convenience. I am going to cover the second part. In particular, it can be helpful for developers to have an internal certificate authority to issue certificates for development purposes. Websites used for development and internal testing are usually only used by a few individuals and are generally only accessible via internal networks or VPNs. Often, these sites do not even use TLS. But there are a few reasons why you should consider running TLS on all sites, including internal development sites:
- ISC Stormcast For Wednesday, July 9th, 2025 https://isc.sans.edu/podcastdetail/9518, (Wed, Jul 9th)on July 9, 2025 at 2:00 am
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
- Microsoft Patch Tuesday, July 2025, (Tue, Jul 8th)on July 8, 2025 at 6:24 pm
Today, Microsoft released patches for 130 Microsoft vulnerabilities and 9&#;x26;#;xc2;&#;x26;#;xa0;additional&#;x26;#;xc2;&#;x26;#;xa0;vulnerabilities not part of Microsoft&#;x26;#;39;s portfolio but distributed by Microsoft. 14 of these are rated critical. Only one of the vulnerabilities was disclosed before being patched, and none of the vulnerabilities have so far been exploited.
- ISC Stormcast For Tuesday, July 8th, 2025 https://isc.sans.edu/podcastdetail/9516, (Tue, Jul 8th)on July 8, 2025 at 2:20 am
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
- What's My (File)Name?, (Mon, Jul 7th)on July 7, 2025 at 7:54 am
Modern malware implements a lot of anti-debugging and anti-analysis features. Today, when a malware is spread in the wild, there are chances that it will be automatically sent into a automatic analysis pipe, and a sandbox. To analyze a sample in a sandbox, it must be "copied" into the sandbox and executed. This can happen manually or automatically. When people start the analysis of a suspicious file, they usually call it "sample.exe", "malware.exe" or "suspicious.exe". It&#;x26;#;39;s not always a good idea because it&#;x26;#;39;s can be detected by the malware and make it aware that "I&#;x26;#;39;m being analyzed".
- ISC Stormcast For Monday, July 7th, 2025 https://isc.sans.edu/podcastdetail/9514, (Mon, Jul 7th)on July 7, 2025 at 2:00 am
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
- A few interesting and notable ssh/telnet usernames, (Sun, Jul 6th)on July 6, 2025 at 3:29 pm
Just looked at our telnet/ssh honeypot data, and found some interesting new usernames that attackers attempted to use: