Simple SSH Backdoor Xavier came across a simple SSH backdoor taking advantage of the ssh client preinstalled on recent Windows systems. The backdoor is implemented via an SSH configuration file that instructs the SSH client to connect to a remote system and forward a shell on a random port. This Read More
Send a textDr. Michael Koren joins Kevin Geddings to discuss how Knowledge is Power - especially when it comes to medicine. The doctor explains how diagnostic tests like high sensitivity C-reactive protein (HSCRP) empower physicians and patients by giving insight into heart attack and stroke risk. Dr. Koren also tells Read More
A PNG Image With an Embedded Gift Xavier shows how Python code attached to a PNG image can be used to implement a command and control channel or a complete remote admin kit. https://isc.sans.edu/diary/A+PNG+Image+With+an+Embedded+Gift/31998 Cisco IOS XE WLC Arbitrary File Upload Vulnerability (CVE-2025-20188) Analysis Horizon3 analyzed a recently patched flaw Read More
Alternate Data Streams: Adversary Defense Evasion and Detection Good Primer of alternate data streams and how they are abused, as well as how to detect and defend against ADS abuse. https://isc.sans.edu/diary/Alternate%20Data%20Streams%20%3F%20Adversary%20Defense%20Evasion%20and%20Detection%20%5BGuest%20Diary%5D/31990 Connectwise Breach Affects ScreenConnect Customers Connectwise s ScreenConnect solution was compromised, leading to attacks against a small number of Read More
Exploring a Use Case of Artificial Intelligence Assistance with Understanding an Attack Jennifer Wilson took a weird string found in a recent honeypot sample and worked with ChatGPT to figure out what it is all about. https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Exploring%20a%20Use%20Case%20of%20Artificial%20Intelligence%20Assistance%20with%20Understanding%20an%20Attack/31980 Ransomware Deployed via SimpleHelp Vulnerabilities Ransomware actors are using vulnerabilities in SimpleHelp to Read More
We sit down with John Oldham, a retired Division Chief from the Jacksonville Sheriff's Office, to discuss the crucial intersection of first responder relationships and mental health. As we unpack the effects of psychological trauma, we’ll explore its impact on both first responders and their families. Tune in to learn Read More
Send a textDr. Michael Koren joins Kevin Geddings to discuss why atrial fibrillation (AFib) receives so much attention in advertising compared to other services hospitals provide. The cardiologist explains the financial incentives for hospitals and device manufacturers behind these marketing campaigns, contrasting them with clinical research, which has the financial Read More
Send a textDr. Michael Bernhardt, a dermatologist and clinical researcher, joins Dr. Erich Schramm to discuss the revolutionary advancements in psoriasis treatment over the past two decades. The doctors discuss how psoriasis is an inflammatory disease more than an autoimmune disease. They discuss what inflammation is, the inflammation pathway in Read More
SSH authorized_keys File One of the most common techniques used by many bots is to add rogue keys to the authorized_keys file, implementing an SSH backdoor. Managing these files and detecting unauthorized changes is not hard and should be done if you operate Unix systems. https://isc.sans.edu/diary/Securing%20Your%20SSH%20authorized_keys%20File/31986 REMOTE COMMAND EXECUTION ON Read More
Your brand isn’t just your logo or your tagline. It’s your supply chain. In this solo episode, Blythe breaks down her recent BBC appearance and expands on a bold new thesis: your supply chain isn’t just a backend function. It’s the product. From viral TikToks to luxury handbag knockoffs, this episode explores Read More
SVG Steganography Steganography is not only limited to pixel-based images but can be used to embed messages into vector-based formats like SVG. https://isc.sans.edu/diary/SVG%20Steganography/31978 Fortinet Vulnerability Details CVE-2025-32756 Horizon3.ai shows how it was able to find the vulnerability in Fortinet s products, and how to possibly exploit this issue. The vulnerability Read More
Resilient Secure Backup Connectivity for SMB/Home Users Establishing resilient access to a home network via a second ISP may lead to unintended backdoors. Secure the access and make sure you have the visibility needed to detect abuse. https://isc.sans.edu/diary/Resilient%20Secure%20Backup%20Connectivity%20for%20SMB%20Home%20Users/31972 BadSuccessor: Abusing dMSA to Escalate Privileges in Active Directory An attacker with Read More
Welcome to Episode 402 of the Microsoft Cloud IT Pro Podcast. In today’s episode, we’re thrilled to have Andrew Connell (AC) joining us once again. If you’ve been with us for a while, you’ll recognize AC as a repeat guest and one of the early voices who encouraged us to Read More
New Variant of Crypto Confidence Scam Scammers are offering login credentials for what appears to be high value crypto coin accounts. However, the goal is to trick users into paying for expensive VIP memberships to withdraw the money. https://isc.sans.edu/diary/New%20Variant%20of%20Crypto%20Confidence%20Scam/31968 Malicious Chrome Extensions Malicious Chrome extensions mimick popular services like VPNs Read More
Join us for a compelling episode of Responder Resilience as we speak with Victor Stagnaro, CEO of the National Fallen Firefighters Foundation and the First Responder Center for Excellence. We’ll honor those who made the ultimate sacrifice and discuss the vital mission of NFFF in supporting the mental health and Read More
Send a textDoctor Carolyn Tran joins Neurologist Steven Toenjes to discuss migraines. Migraine is a complex brain disease affecting one in five women and one in ten men, with treatments ranging from traditional medications to cutting-edge therapies targeting specific pathways in the brain. The doctors talk about the causes - Read More
Researchers Scanning the Internet A newish RFC, RFC 9511, suggests researchers identify themselves by adding strings to the traffic they send, or by operating web servers on machines from which the scan originates. We do offer lists of researchers and just added three new groups today https://isc.sans.edu/diary/Researchers%20Scanning%20the%20Internet/31964 Cloudy with a Read More
We’ve all heard the hype about AI, but what’s actually happening behind the scenes? In this episode, Blythe breaks down two major studies that reveal how marketers are really using AI tools, where they’re struggling, and what’s coming next. If you're trying to figure out what to adopt (and what to Read More
RAT Dropped By Two Layers of AutoIT Code Xavier explains how AutoIT was used to install a remote admin tool (RAT) and how to analyse such a tool https://isc.sans.edu/diary/RAT%20Dropped%20By%20Two%20Layers%20of%20AutoIT%20Code/31960 RVTools compromise confirmed Robware.net, the site behind the popular tool RVTools now confirmed that it was compromised. The site is currently Read More
Send a textThe FDA has granted full approval to Novavax's COVID-19 vaccine, providing an alternative to mRNA vaccines that works through a different mechanism using proteins and adjuvants. Despite being four years into the pandemic, COVID-19 remains a significant health concern, causing approximately 1 in 200 deaths in the US Read More
