INTERNET STORM CENTER SPOTLIGHT
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
It's 2025... so why are obviously malicious advertising URLs still going strong?
Published: 2025-04-21
Last Updated: 2025-04-21 08:48:44 UTC
by Jan Kopriva (Version: 1)
While the old adage stating that 'the human factor is the weakest link in the cyber security chain' will undoubtedly stay relevant in the near (and possibly far) future, the truth is that the tech industry could Ð and should Ð help alleviate the problem significantly more than it does today.
One clear example of this was provided by a phishing e-mail that was delivered to our mailbox here at the Internet Storm Center this morning.
For anyone aware of modern phishing techniques, the fact that the message was fraudulent would have been obvious at first glance, as you may see from the following pictureÉ In fact, it even used a 'standard' layout that has been commonly used in phishing campaigns for some time now ...
Read the full entry: https://isc.sans.edu/diary/Its+2025+so+why+are+obviously+malicious+advertising+URLs+still+going+strong/31880/
RedTail, Remnux and Malware Management [Guest Diary]
Published: 2025-04-16
Last Updated: 2025-04-17 01:05:49 UTC
by Guy Bruneau (Version: 1)
[This is a Guest Diary by Jacob Claycamp, an ISC intern as part of the SANS.edu BACS program]
Introduction
When I first saw malware being uploaded to my honeypot, I was lacking the requisite experience to reverse engineer it, and to understand what was happening with the code. Even though I could use any text editor to examine the associated scripts that were being uploaded with RedTail malware, I couldn't see what was happening with the RedTail malware itself. So, I decided to create a how-to on setting up a malware analysis program.
The malware analysis platform I chose to use, is Remnux which is a linux distribution, packaged with a variety of analysis tools originally created by Lenny Zeltser, a SANS instructor. My original intent for the Remnux environment was to set it up inside a docker, so it was completely isolated from my computer. This way if I accidentally detonated a malware sample, I could easily just wipe away the docker. I can also wipe away the docker, after I've finished analyzing a sample, and start with a fresh install each time I begin a new investigation.
For this how-to, I'll also make use of kasm workspaces which is a docker container streaming platform, and I'll deploy it inside of a free tier of AWS EC2 instance, this approach will make it easy to access your workspace, from a web browser ...
Read the full entry: https://isc.sans.edu/diary/RedTail+Remnux+and+Malware+Management+Guest+Diary/31868/