// //

It's Christmas (tree scanning)! -sX

Brilliant it's nearly Christmas and I'm sure everyone is looking forward to a good break and sigh of relief over the Christmas break. However there is one festivity that takes place year round (no it isn't festivus for any Seinfeld fans out there), I'm of course talking about xmas tree scanning. This is a type of port scan whereby your threat ...

  5480 Hits

Splunk .conf 2020. Some great cyber talks and security reminders.

Last week saw Splunk .conf 2020 take place and instead of a Las Vegas venue it swapped to a virtual event, as with so much as an effect of Covid-19. This was my first Splunk .conf event and for the un-initiated there are a huge variety of talks, in all 230 this year and obviously the focus for myself and CND colleagues was on cyber security related...

  5703 Hits

A new version of Nmap has been unleashed.

This week saw the release of Nmap 7.90 although as yet my particular Linux distro repository has yet to be updated (manual installation thus required). For security professionals it's worth reading the full release announcement here (URL), there are some significant changes and impressively the number of OS fingerprints is up to 5,678. If you've st...

  5138 Hits

BASH dear friend I’ve got a new mate, I’ll see you around.

Ask most Linux users or administrators what their favourite shell is, and you will probably be met by a brief pause and a bemused look, what else is there other than BASH (URL) or the Bourne Again Shell? Well, it depends on the *nix distro that you're using and what is installed by default, but for many of my contemporaries starting a new script wi...

  5334 Hits

Your password is listed online...

Most of our readers will be familiar with security researcher Troy Hunt's password breach project 'haveibeenpwned', a simple explanation is that it hosts a database of password breaches which can be searched for exposure. If your company or organisation has suffered from a hacking incident then there's a reasonable chance that any credentials or ha...

  5269 Hits

PHP Deathmatch: Korean Angel vs. the botnets

So, each week I've been writing a tech blog article on some of the trends we see in machine data to one of our monitored web assets. One of the automated searches we have running is long URI's in this case as a POST to the server and below you can see the output of this: Firstly, the raw data needs to be run through a decoder before we can see what...

  5278 Hits

You may be a hacker, but no need to be rude!

Do you remember learning a foreign language at school as a teenager and the first thing that you wanted to do was learn all the rude words, the reverse dictionary would be passed around and sure enough you'd find a list of profanities. Well it seems that is what our latest user-agent hacker has been up to. The four entries that I have from our logs...

  5487 Hits

There’s trouble in Hong Kong…

Further to last week's blog posting on user-agents, we are examining some of the malicious attempts seen crafted against a non-critical web-asset that our SOC monitors. Looking through our machine data using the dashboards that we have developed in this instance using Splunk, we are able to rapidly identify anomalies with low effort. We n...

  5197 Hits

2 + 2 = Rogue FBI most wanted

At CND our SOC analysts are inquisitive by nature; digging a little bit deeper and the further exploration of a lead in data is what we like to do. It's a bit like a prospector looking for that tiny fleck of gold that reveals a giant nugget; the detail is what matters and exploring it often leads you to threats you didn't even realis...

  6824 Hits

Pwny Treck To Own Your IoT

 One of the great things about working in cyber security and specifically CND is that we are constantly required (and encouraged) to keep our knowledge and skillset relevant to combat emerging threats and trends in order to best serve our clients. We all have our favourite news feeds or podcasts, on Wednesday 17th June our Radar Page reported ...

  4036 Hits

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/

Find Out More

© Computer Network Defence Limited 2022