Interesting article by the Drupal founder on Makers vs Takers He exposes the impact when "takers" start to profit from the work of the "makers" (open source devs) without contributing much to that project. The problem I see on his argument is that the Internet and most of what

Threat Hunting by using Log Analysis - the basics trunc.org/learning/threa… Some ideas on what to look for: -system user logins -login to unauthorized locations -logins outside of "business" hours -password ssh logins -login from proxies/vpns/tor ... Quite a few more.

I love the "security insights" at trunc.org to quickly review any security-relevant logs. Easy flag and check for: -Accounts added -Accounts deleted -Logins from tor -Logins from blacklisted IPs -Apps installed -Apps deleted -Logs cleared -System crashes -Low

Linux tip: Did you know that "nstat" clear the counters between each run, so you only see the data since the last time the command was run? Often more useful than running netstat -s? For example? To see some UDP in/out data + errors: $ nstat |grep -Ei 'TcpActiveOpens|Udp|err'

PRISCILA CID É OITAVA EM ASPEN! 🏂8️⃣ Hoje foi realizada a Copa Norte-Americana Premium de Snowboard Halfpipe, em Aspen, com a brasileira Priscila Cid competindo. A atleta de apenas 14 anos terminou sua volta com nota 45.00, a melhor marca da temporada, terminando na oitava

Anyone with a contact at Quad9 ? They are blocking our Mastodon instance noc[.]social incorrectly.

It is not always DNS, but close... On April 16, between 2:25 P.M. ET and 4:12 P.M. ET, the domain zoom.us was not available due to a server block by GoDaddy Registry. This block was the result of a communication error between Zoom’s domain registrar, Markmonitor,

Big loss for Apple, big win for everyone else: theverge.com/news/659246/ap… Hopefully next is the freedom to easily install Apps from anywhere - outside of the app store.

Nothing more useful than searching through over 1TB of logs in less than a sec with the Trunc terminal for some threat hunting... Both via the terminal and web. It makes finding issues so quick.

First thing I do on any of my new ubuntu servers: apt install net-tools Just so I can have my old ifconfig back.

Have you looked at our DNS database? DNS Archive has over 200m domains, IP addresses and historical DNS data: dnsarchive.net

We put up a list with the top domains (most visited) via our DNS intelligence: dnsarchive.net/top-domains top 100 top 1,000 top 10,000

🚀 Trunc Project just got a fresh redesign. 🧑‍💻 Built for developers who care about clean, fast, secure log management. 🔍 Check it out: trunc.org #SIEM #LogManagement #CyberSecurity #DevTools #SecOps #Infosec #CloudSecurity

Have you noticed this "?slince_golden=test" requests on your logs? It is for a WordPress Backdoor. We wrote a small summary about it here: trunc.org/learning/slinc… Seeing it on your logs too?

Expanded DNSArchive to also add web headers, CMS versions, links , css files, etc. You can now search for it here (in beta): dnsarchive.net/web-search Ex: All sites using PHP/5.2: dnsarchive.net/web-search?q=P… And you can still do DNS specific search here: dnsarchive.net/search

Pretty big issue: Google and Microsoft Trusted Them. 2.3 Million Users Installed Them. They Were Malware. blog.koi.security/google-and-mic… Extensions that get hijacked/bought are a common source of malware these days. Found some additional domains in the same IP address as them ( cc

Interesting.. First scan for CVE-2025-53771 (latest Sharepoint vuln) on our logs was on July 16th, a few days before public disclosure. 172.174.82.132 16/Jul/2025:07:31:10 +0000 "GET /_layouts/15/ToolPane.aspx HTTP/1.1" "http://localhost" "Mozilla/5.0" From a Microsoft IP

Good article on writing and understanding Wazuh (and OSSEC) rules: zaferbalkan.com/wazuh-rules/

Interesting. That's the most scanned URLs on honeypot WordPress sites: trunc.org/threat-analysi… Often looking for vulnerable plugins and backdoors.

Always DNS? "We have identified a potential root cause for error rates ... Based on our investigation, the issue appears to be related to DNS resolution of the DynamoDB API endpoint in US-EAST-1." AWS still down?