Internet Storm Center
Training
Certification
Cyber Security Graduate School
Security Awareness Training
Computer Forensics
Penetration Testing
IT Audit
Software Security
Volunteer incident handlers donate their valuable time to analyze detects and anomalies, and post a daily diary of their analysis and thoughts on the Storm Center web site. Below you will find Handler details including personal pages, additional scripts or papers, or whatever the respective handler is interested in offering. All content is owned by the respective handler.
- A roadmap is available to learn how to become an Internet Storm Center Handler.
- View the Handler Select News Feed
,
SANS Internet Storm Center Handler
Recent Diaries:
Baggett, Mark
SANS Internet Storm Center Handler
Twitter: | @markbaggett |
Recent Diaries:
• Wipe the drive! Stealthy Malware Persistence - Part 4
• Wipe the drive! Stealthy Malware Persistence - Part 3
• AVG detect legit file as virus
• Wipe the drive! Stealthy Malware Persistence - Part 2
• Wipe the drive! Stealthy Malware Persistence Mechanism - Part 1
Bambenek, John
SANS Internet Storm Center Handler
Twitter: | @ILCyberSecurity |
Recent Diaries:
• FYI: Anonymous Planning "OpUSA" Attacks on Banks and US Gov't on May 7th. More Info as Relevant to Come.
• A Chargen-based DDoS? Chargen is still a thing?
• ISC Handler Lenny Zeltser's REMnux v4 Reviewed on Hak5
• UPDATEDx1: Boston-Related Malware Campaigns Have Begun - Now with Waco Plant Explosion Fun
• Fake Boston Marathon Scams Update
Bruneau, Guy
SANS Internet Storm Center Handler
Twitter: | @guybruneau |
Click to View Handler Created Tools
Recent Diaries:
• Exploit Sample for Win32/CVE-2012-0158
• Safe - Tools, Tactics and Techniques
• Port 51616 - Got Packets?
• Apple ID Two-step Verification Now Available in some Countries
• IPv6 Focus Month: IPv6 Encapsulation - Protocol 41
Bueno, Pedro
SANS Internet Storm Center Handler
Twitter: | @besecure |
Click to View Handler Page
Recent Diaries:
• NBC site redirecting to Exploit kit
• Cyber Security Awareness Month - Day 14 - Poor Man's File Analysis System - Part 1
• Simple Malware Research Tools
• The RedRet connection...
• Updates on ZeroAccess and BlackHole front...
Carothers, Tony
SANS Internet Storm Center Handler
Recent Diaries:
• A scan is a scan is a scan
• Intermittent Outages at Amazon.com
• HP JetDirect Vulnerabilities Discussed
• SSH Brute Force on Non-Standard Ports
• Firefox 16.02 Released
Clausing, Jim
SANS Internet Storm Center Handler
Twitter: | @jclausing |
Click to View Handler Page
Recent Diaries:
• So what passwords are those ssh scanners trying?
• Is there an epidemic of typo squatting?
• IPv6 Focus Month: Guest Diary: Matthew Newton - IPv6 Cat Feeder - Turning those extra bits into bytes, literally
• IPv6 Focus Month at the Internet Storm Center
• And the Java 0-days just keep on coming
de Beaupre, Adrien
SANS Internet Storm Center Handler
Twitter: | @adriendb |
Recent Diaries:
• MoVP II
• Privilege escalation, why should I care?
• Moore, Oklahoma tornado charitable organization scams, malware, and phishing
• Phishing/spam via SMS
• YYABCAFU - Yes Yet Another Bleeping Critical Adobe Flash Update
Esler, Joel
SANS Internet Storm Center Handler
Click to View Handler Page
Recent Diaries:
• Exim/Dovecot exploit making the rounds
• Cisco TelePresence Supervisor MSE 8050 Denial of Service Vulnerability
• Call for Papers - 4th annual Forensics and Incident Response Summit EU
• Microsoft re-releases MS12-078
• VMWare posts some updates
Fendley, Scott
SANS Internet Storm Center Handler
Twitter: | @itsecuritygeek |
Recent Diaries:
• Apple Blocks Older Insecure Versions of Flash Player
• Evernote Security Issue
• Blocking SSH to Limit Security Exposures
• Oracle Releases Java Security Updates
• Apple iTunes Security Update
Frantzen, Swa
SANS Internet Storm Center Handler
Recent Diaries:
• Store passwords the right way in your application
• Adobe June 2013 Black Tuesday Overview
• vmware security advisory VMSA-2013-0008
• Other Microsoft Black Tuesday News
• Microsoft June 2013 Black Tuesday Overview
Hale, Deborah
SANS Internet Storm Center Handler
Recent Diaries:
• Another Company Falls Victim
• Badware 2011
• Merry Christmas, Happy Holidays
• Links on your Facebook Wall
• Data Encryption Ban? Really?
Hall, Stephen
SANS Internet Storm Center Handler
Twitter: | @tarkie101 |
Recent Diaries:
• Java 0-Day patched as Java 7 U 11 released
• Sysinternals Updates
• You encrypt your laptops, but what about portable media?
• Oracle Patch Tuesday Pre-Release
• Java 0-day impact to Java 6 (and beyond?)
Hofman, Mark
SANS Internet Storm Center Handler
Recent Diaries:
• Drupal.org & group.drupal.org password disclosure
• Interesting Credit Card transactions, are you seeing similar?
• Verizon Data Breach report has been released
• MS13-036 has been re-released
• KB2823324 causing boot issues in Brazil and some other locales
Hutcheson, Lorna
SANS Internet Storm Center Handler
Recent Diaries:
• Fedora RedHat Vulnerabilty Released
• Is it Really an Attack?
• What's important on your network?
• Potential Phish for Regular Webmail Accounts
• Demonstrating the value of your Intrusion Detection Program and Analysts
Lam, Jason
SANS Internet Storm Center Handler
Twitter: | @jasonlam_sec |
Recent Diaries:
• Potential 0-day on Bind 9
• Microsoft killed Kelihos botnet
• MySQL.com compromised spreading malware
• Firefox 3.5 forced upgrade coming soon
• Microsoft Security Intelligence Report volume 10
Liston, Kevin
SANS Internet Storm Center Handler
Recent Diaries:
• WinLink Check-In
• How Your Webhosting Account is Getting Hacked
• Untangling the News from South Korea
• Why I think you should try Bro
• "My Computer is Acting Strangely"
Liston, Tom
SANS Internet Storm Center Handler
Click to View Handler Page
Click to View Handler Created Tools
Recent Diaries:
• A Puzzlement...
• New, odd SSH brute force behavior
• What's In A Name?
• Security 101 : Security Basics in 140 Characters Or Less
• The Strange Case of Doctor Jekyll and Mr. ED
McRee, Russ
SANS Internet Storm Center Handler
Twitter: | @holisticinfosec |
Click to View Handler Created Tools
Recent Diaries:
• Volatility rules...any questions?
• EMET 4.0 is now available for download
• Apache binary backdoor adds malicious redirect to Blackhole
• SANS's Alan Paller discusses the threat of cyberterrorism on CNN
• What is "up to date anti-virus software"?
Mohan, Chris
SANS Internet Storm Center Handler
Twitter: | @Chris_Mohan |
Recent Diaries:
• VMware releases new and updated security advisories
• Syria drops from Internet 7th May 2013
• Fake Link removal requests
• Does your breach email notification look like a phish?
• VMware releases new and updated security advisories
Porter, Richard
SANS Internet Storm Center Handler
Twitter: | @packetalien |
Click to View Handler Created Tools
Recent Diaries:
• When Hotel Alarms Sound
• BIND 9 Update fixing CVE-2013-3919
• Apple iTunes Services Outage
• IPv6 Focus Month: Traffic Testing, Firewalls, ACLs, pt 1
• Uptick in MSSQL Activity
Sachs, Marcus
SANS Internet Storm Center Handler
Twitter: | @MarcusSachs |
Recent Diaries:
• New Internet Storm Center Director
• A Day In The Life Of A DShield Sensor
• Stuxnet Analysis
• Cyber Security Awareness Month - Day 31 - Tying it all together
• Cyber Security Awareness Month - Day 15 - What Teachers Need to Know About Their Students
Santander Pelaez, Manuel Humberto
SANS Internet Storm Center Handler
Twitter: | @manuelsantander |
Recent Diaries:
• Knowing where to look for the owner of an offending IP address
• UDP port 1434 directed attack to AS13489 IP ranges
• More massive malicious spam! This time claiming to be from Almacenes Exito
• Massive Google scam sent by email to Colombian domains
• SANS SCADA Summit at Orlando - Bigger problems and so far from getting them solved
Shortt, Kevin
SANS Internet Storm Center Handler
Twitter: | @Kevin_Shortt |
Recent Diaries:
• Port 51616 - Got Packets?
• The Zero-Day Pendulum Swings
• Spamhaus DDOS
• Is it Spam or Is it Malware?
• Cyber Security Awareness Month - Day 29 - Clear Desk: The Unacquainted Standard
smith, donald
SANS Internet Storm Center Handler
Recent Diaries:
• DNS-Changer "clean DNS" extension requested
• GlobalSign releases security incident report.
• New feature in JUNOS to drop or ignore path attributes.
• New Mac Trojan: BASH/QHost.WB
• Health or Performance monitoring to detect security events.
Ullrich, Johannes
SANS Internet Storm Center Handler
Twitter: | @johullrich |
Click to View Handler Page
Recent Diaries:
• Stupid Little IPv6 Tricks
• When Google isn't Google
• Plesk 0-day: Real or not?
• Apple releases OS 10.8.4
• There's value in your logs! (Part 2)
VandenBrink, Rob
SANS Internet Storm Center Handler
Click to View Handler Created Tools
Recent Diaries:
• Java 7 Update 21 is available - Watch for Behaviour Changes !
• Oops - You Mean That Deleted Server was a Certificate Authority?
• Sourcefire VRT Community ruleset is live
• Several Cisco IOS DOS Issues Resolved
• Which IPS is "The Best"?
Wanner, Rick
SANS Internet Storm Center Handler
Twitter: | @namedeplume |
Recent Diaries:
• Microsoft August 2012 Black Tuesday Update - Overview
• Interesting scan for medical certification information...
• OpenDNS is looking for a few good malware people!
• TippingPoint DNS Version Request increase
• Excellent Security Education Resources
Wesemann, Daniel
SANS Internet Storm Center Handler
Recent Diaries:
• SANSFIRE 2013
• 100% Compliant (for 65% of the systems)
• e-netprotections.su ?
• Extracting signatures from Apple .apps
• The cost of cleaning up
Zdrnja, Bojan
SANS Internet Storm Center Handler
Twitter: | @bojanz |
Click to View Handler Created Tools
Recent Diaries:
• SSHD rootkit in the wild
• Auditd is your friend
• Memory acquisition traps
• Analyzing outgoing network traffic (part 2)
• Analyzing outgoing network traffic
Zeltser, Lenny
SANS Internet Storm Center Handler
Twitter: | @lennyzeltser |
Click to View Handler Created Tools
Recent Diaries:
• Extracting Digital Signatures from Signed Malware
• It's a Dangerous Web Out There
• Fake Mandiant APT Report Used as Malware Lure
• Challenges of Anti-Phishing Advice, the Google Docs Edition
• Scam Report - Fake Voice Mail Email Notification Redirects to Malicious Site
