My 7yo: "When I grow up, I want to be just like my daddy. He doesn't work and just spends his day at the computer doing nothing."

🏂 Após bronze nos EUA, Priscila Cid é top 8 na Suíça e se despede de temporada no Snowboard Halfpipe com dois dos melhores resultados da carreira 🔗 Acesse o Brasil Zero Grau! brasilzerograu.com.br/2026/0…

Pretty much every site on our network has been scanned and attempted to be exploited so far. If you didn't patch over the weekend, it might be safe to consider it compromised. First attempt I see on the logs was on: 2025-12-03 21:00:24 18.182.x.z 403 "POST /_next/static/chunks/react-flight HTTP/1.1" "-" "Mozilla/5.0 (CVE-2025-55182 PoC)" Before most people were even aware of it.

One of the best explanations for CVE-2025-55182 / React2Shell. Recommended reading.

Interesting.. First scan for CVE-2025-53771 (latest Sharepoint vuln) on our logs was on July 16th, a few days before public disclosure. 172.174.82.132 16/Jul/2025:07:31:10 0000 "GET /_layouts/15/ToolPane.aspx HTTP/1.1" "http://localhost" "Mozilla/5.0" From a Microsoft IP address...

Pretty big issue: Google and Microsoft Trusted Them. 2.3 Million Users Installed Them. They Were Malware. blog.koi.security/google-and… Extensions that get hijacked/bought are a common source of malware these days. Found some additional domains in the same IP address as them ( cc @IDardikman @extensiontotal ) which might be connected. dnsarchive.net/search?q=79.1…

Expanded DNSArchive to also add web headers, CMS versions, links , css files, etc. You can now search for it here (in beta): dnsarchive.net/web-search Ex: All sites using PHP/5.2: dnsarchive.net/web-search?q=… And you can still do DNS specific search here: dnsarchive.net/search Feedback welcome!

Have you noticed this "?slince_golden=test" requests on your logs? It is for a WordPress Backdoor. We wrote a small summary about it here: trunc.org/learning/slince_go… Seeing it on your logs too?

🚀 @logwithtrunc just got a fresh redesign. 🧑‍💻 Built for developers who care about clean, fast, secure log management. 🔍 Check it out: trunc.org/ #SIEM #LogManagement #CyberSecurity #DevTools #SecOps #Infosec #CloudSecurity

We put up a list with the top domains (most visited) via our DNS intelligence: dnsarchive.net/top-domains top 100 top 1,000 top 10,000

Have you looked at our DNS database? DNS Archive has over 200m domains, IP addresses and historical DNS data: dnsarchive.net/

First thing I do on any of my new ubuntu servers: apt install net-tools Just so I can have my old ifconfig back.

Nothing more useful than searching through over 1TB of logs in less than a sec with the Trunc terminal for some threat hunting... Both via the terminal and web. It makes finding issues so quick.

It is not always DNS, but close... On April 16, between 2:25 P.M. ET and 4:12 P.M. ET, the domain zoom.us was not available due to a server block by GoDaddy Registry. This block was the result of a communication error between Zoom’s domain registrar, Markmonitor, and GoDaddy Registry, which resulted in GoDaddy Registry mistakenly shutting down zoom.us domain. .. status.zoom.us/incidents/pw9…

Anyone with a contact at @Quad9DNS ? They are blocking our Mastodon instance noc[.]social incorrectly.

PRISCILA CID É OITAVA EM ASPEN! 🏂8️⃣ Hoje foi realizada a Copa Norte-Americana Premium de Snowboard Halfpipe, em Aspen, com a brasileira Priscila Cid competindo. A atleta de apenas 14 anos terminou sua volta com nota 45.00, a melhor marca da temporada, terminando na oitava posição somando 34.50 pontos FIS. Ela ainda ganhou 32 pontos na classificação da Copa Norte-Americana, chegando a 56 com a etapa de Copper Mountain, subindo pra nona colocação.

Linux tip: Did you know that "nstat" clear the counters between each run, so you only see the data since the last time the command was run? Often more useful than running netstat -s? For example? To see some UDP in/out data errors: $ nstat |grep -Ei 'TcpActiveOpens|Udp|err'

I love the "security insights" at trunc.org to quickly review any security-relevant logs. Easy flag and check for: -Accounts added -Accounts deleted -Logins from tor -Logins from blacklisted IPs -Apps installed -Apps deleted -Logs cleared -System crashes -Low memory warnings -Disk space warnings -Review logins And a bunch more options to quickly see the current state of security based on the logs. @logwithtrunc

Threat Hunting by using Log Analysis - the basics trunc.org/learning/threat-hu… Some ideas on what to look for: -system user logins -login to unauthorized locations -logins outside of "business" hours -password ssh logins -login from proxies/vpns/tor ... Quite a few more.

Interesting article by the Drupal founder on Makers vs Takers He exposes the impact when "takers" start to profit from the work of the "makers" (open source devs) without contributing much to that project. The problem I see on his argument is that the Internet and most of what we use today is built on open source. From the operating systems, network stacks, tools, web servers, browsers, etc. We are all takers. Even him and Matt's company (Automattic) that own open source projects, are also 90 % takers. They rely on the immense work done on Linux, web servers, PHP, MySQL and all the GNU and BSD licensed tools they likely use to run their companies. And the reason why they invest so much on their own open source projects is because they own it. And they get business out of it. And lots of money out if it. When you have for profits owning open source projects, open source becomes a freemium model (their free version). And if someone else is making money on their freemium model, those problems start. Gone are the days where we would see open source for the sake of open source. For the sake of freedom. For the sake of community. Real open source would be glad to see people making money and building on top of their products.

Greg performance analysis. Grep is fast, but how fast? Some numbers we found on how much data it can parse per second -disk limited of course. trunc.org/learning/grep-perf… "The key to making programs fast is to make them do practically nothing. ;-)"