SANS Internet Storm Center, InfoCON: green SANS Internet Storm Center - Cooperative Cyber Security Monitor
- Infocon: greenon 10 October 2024 at 7:09 pm
GPTHoney: A new class of honeypot [Guest Diary]
- GPTHoney: A new class of honeypot [Guest Diary], (Thu, Oct 10th)on 10 October 2024 at 2:47 am
[This is a Guest Diary by Christopher Schroeder, an ISC intern as part of the SANS.edu BACS program]
- ISC Stormcast For Thursday, October 10th, 2024 https://isc.sans.edu/podcastdetail/9174, (Thu, Oct 10th)on 10 October 2024 at 2:00 am
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
- From Perfctl to InfoStealer, (Wed, Oct 9th)on 9 October 2024 at 7:18 am
A few days ago, a new stealthy malware targeting Linux hosts made a lot of noise: perfctl[1]. The malware has been pretty well analyzed and I won't repeat what has been already disclosed. I found a copy of the "httpd" binary (SHA256:22e4a57ac560ebe1eff8957906589f4dd5934ee555ebcc0f7ba613b07fad2c13)[2]. I dropped the malware in my lab to see how it detonated. I infected the lab without root privileges and detected the same behavior except files were not written to some locations due to a lack of access (not root). When executing without root privileges, the rootkit feature is unavailable and the malware runs "disclosed".
- ISC Stormcast For Wednesday, October 9th, 2024 https://isc.sans.edu/podcastdetail/9172, (Wed, Oct 9th)on 9 October 2024 at 2:00 am
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.