Dustin Decker

  • Alerts in Three Minutes

    Alerts in Three Minutes

    Spend three minutes examining Alerts in Security Onion.

    Read More…

  • Random Login Failures

    Random Login Failures

    A brief look at a very small sampling of failed logins. I’ve used green to highlight IP addresses known to be “OK” – Starlink out of Denver where my own connection terminates. Others are highlighted in dark pink and represent attacks with certainty. The orange highlighter is for other “items of interest”. Namely the use…

    Read More…

  • Apple “Point Releases”

    Apple “Point Releases”

    Apple has released significant “point releases” for all its operating systems. Along with new features, we also receive patches for 29 different vulnerabilities. There is a ZERO DAY exploit observed in the wild against the Apple Webkit. These most recent updates are absolutely essential to maintain the security of your devices. How do I update…

    Read More…

  • Backup Migration Plugin for WordPress

    Backup Migration Plugin for WordPress

    Analysis of network traffic for the period alerted on a generic rule: “ET EXPLOIT file_put_contents php base64 encoded Remote Code Execution 2.” The specific URL requested: http://[redacted].com/wp-content/plugins/backup-backup/includes/backup-heart.php1. The payload is fragmented across six frames and reassembled in hopes of avoiding automated forms of analysis. The vulnerability allows unauthenticated attackers to execute remote code via the…

    Read More…

  • Tor “Anonymity”

    Tor “Anonymity”

    The predominate descriptions for the Tor Project on their website include “Explore Freely” and “Defend yourself against tracking and surveillance. Circumvent censorship.” “Tor Browser prevents someone watching your connection from knowing what websites you visit. All anyone monitoring your browsing habits can see is that you’re using Tor.” Tor (The Onion Router) is a free…

    Read More…

  • Gitlab Critical Zero-Day

    Gitlab Critical Zero-Day

    GitLab has released security updates for both the Community and Enterprise Edition to address two critical vulnerabilities, one of them allowing account hijacking with no user interaction. The most critical security issue GitLab patched has the maximum severity score (10 out of 10) and is being tracked as CVE-2023-7028. Successful exploitation does not require any interaction.…

    Read More…

  • QR Codes and qrDecoder

    QR Codes and qrDecoder

    Quick Response (QR) codes are two-dimensional barcodes that can store a variety of data, such as alphanumeric text, URLs, or other binary data. They were initially created by Denso Wave, a subsidiary of Toyota, in 1994 for tracking automotive parts during manufacturing. QR codes have gained widespread popularity due to their ability to store large…

    Read More…

  • Serial to Parallel Updates

    Serial to Parallel Updates

    If you’re an old BASH head like I am, you’ve probably leaned on a FOR loop countless times. It’s become natural enough over the years to just whip one up on the command line, and I use it in scripting every day. Dear Bash FOR loop, You have indeed been trusty and true for many…

    Read More…

  • OAUTH Scans Rising

    OAUTH Scans Rising

    I’ve been monitoring a rise in OAUTH vulnerability scans. Here’s one that hit one of my sensors in Israel between 2023-12-26 16:51:52 and 2023-12-26 16:53:01. Sensor: Israel  Source IP: 85.206.173.215   The URL /openam/oauth2/..;/ccversion/Version is associated with a pre-auth remote code execution (RCE) vulnerability in ForgeRock identity and access management software 1. This vulnerability, identified as…

    Read More…

  • Closing out 2023

    Closing out 2023

    2023 was an absolute rollercoaster for me on so many levels.I’m not too humble to pat myself on the back because I’m extremely proud of overcoming _every_ obstacle that presented itself as a roadblock on this journey. You can do this too! In the course of the year, I’ve completed six new certifications. Let’s forge…

    Read More…

  • SEC Cyber 8-K Rules Now Effective

    SEC Cyber 8-K Rules Now Effective

    The U.S. Securities and Exchange Commission’s (“SEC”) new Form 8-K rules for reporting material cybersecurity incidents took effect on December 18, for filers other than smaller reporting companies. Publicly owned companies operating in the U.S. must comply with a new set of rules requiring them to disclose “material” cyber incidents within 96 hours.Why should the…

    Read More…

  • Message From Ella

    Message From Ella

    Made by Deutsche Telekom as part of the ‘Nachricht von Ella’ (Message From Ella) campaign.

    Read More…

  • Terrapin Attack – What You Should Know

    Terrapin Attack – What You Should Know

    Named Terrapin, the new attack works when an attacker obtains an active adversary-in-the-middle position between a ssh client and server. The exploit allows the attacker to assume the identity of both parties, allowing interception and alteration of communications. There are a host of resources available on the Internet for a “deeper dive” into this issue.…

    Read More…

  • Think about building a “Go Bag”.

    Think about building a “Go Bag”.

    When the phone rings it’s important to have anticipated anything you may need and have it on hand – especially if you’re walking into an airgap. Here are a few I recently obtained that are performing exceptionally well for me. It’s also a good idea to have more than one, based on functional need. I…

    Read More…

  • Uptick in Scams, Because “Holidays”

    Uptick in Scams, Because “Holidays”

    As a security practitioner, I receive perhaps more than my fair share of nefarious email. With “Black Friday” and the impending consumer rush I’ve seen an uptick in the behavior. YOU WILL LIKELY SEE A SUBSTANTIAL INCREASE BETWEEN NOW AND JANUARY 5, 2024. Here we have a pair of fairly classic “scam” emails. Both include…

    Read More…