Internet Storm Center
Sign In
Sign Up
Handler on Duty:
Didier Stevens
Threat Level:
green
Date
Author
Title
2024-08-14
Xavier Mertens
Multiple Malware Dropped Through MSI Package
2024-05-08
Xavier Mertens
Analyzing Synology Disks on Linux
2024-04-17
Xavier Mertens
Malicious PDF File Used As Delivery Mechanism
2024-02-22
Johannes Ullrich
Large AT&T Wireless Network Outage #att #outage
2024-02-03
Guy Bruneau
DShield Sensor Log Collection with Elasticsearch
2024-01-25
Xavier Mertens
Facebook AdsManager Targeted by a Python Infostealer
2024-01-08
Jesse La Grew
What is that User Agent?
2023-11-15
Xavier Mertens
Redline Dropped Through MSIX Package
2023-08-23
Xavier Mertens
More Exotic Excel Files Dropping AgentTesla
2023-08-21
Xavier Mertens
Quick Malware Triage With Inotify Tools
2023-07-07
Xavier Mertens
DSSuite (Didier's Toolbox) Docker Image Update
2023-07-01
Russ McRee
Sandfly Security
2023-06-27
Xavier Mertens
The Importance of Malware Triage
2023-05-30
Brad Duncan
Malspam pushes ModiLoader (DBatLoader) infection for Remcos RAT
2023-05-24
Tom Webb
IR Case/Alert Management
2023-04-07
Xavier Mertens
Detecting Suspicious API Usage with YARA Rules
2022-01-06
Xavier Mertens
Malicious Python Script Targeting Chinese People
2021-12-31
Jan Kopriva
Do you want your Agent Tesla in the 300 MB or 8 kB package?
2021-12-30
Brad Duncan
Agent Tesla Updates SMTP Data Exfiltration Technique
2021-12-20
Jan Kopriva
PowerPoint attachments, Agent Tesla and code reuse in malware
2021-12-16
Brad Duncan
How the "Contact Forms" campaign tricks people
2021-12-06
Xavier Mertens
The Importance of Out-of-Band Networks
2021-11-18
Xavier Mertens
JavaScript Downloader Delivers Agent Tesla Trojan
2021-11-04
Tom Webb
Xmount for Disk Images
2021-10-21
Brad Duncan
"Stolen Images Evidence" campaign pushes Sliver-based malware
2021-09-24
Xavier Mertens
Keep an Eye on Your Users Mobile Devices (Simple Inventory)
2021-06-30
Brad Duncan
June 2021 Forensic Contest: Answers and Analysis
2021-05-07
Daniel Wesemann
Exposed Azure Storage Containers
2021-04-22
Xavier Mertens
How Safe Are Your Docker Images?
2021-03-17
Xavier Mertens
Defenders, Know Your Operating System Like Attackers Do!
2021-02-12
Xavier Mertens
AgentTesla Dropped Through Automatic Click in Microsoft Help File
2021-02-11
Jan Kopriva
Agent Tesla hidden in a historical anti-malware tool
2020-11-12
Daniel Wesemann
Exposed Blob Storage in Azure
2020-11-12
Daniel Wesemann
Preventing Exposed Azure Blob Storage
2020-10-21
Daniel Wesemann
Shipping dangerous goods
2020-05-23
Xavier Mertens
AgentTesla Delivered via a Malicious PowerPoint Add-In
2020-05-21
Xavier Mertens
Malware Triage with FLOSS: API Calls Based Behavior
2020-05-06
Xavier Mertens
Keeping an Eye on Malicious Files Life Time
2020-04-28
Jan Kopriva
Agent Tesla delivered by the same phishing campaign for over a year
2020-03-11
Xavier Mertens
Agent Tesla Delivered via Fake Canon EOS Notification on Free OwnCloud Account
2019-11-27
Brad Duncan
Finding an Agent Tesla malware sample
2019-11-01
Didier Stevens
Tip: Password Managers and 2FA
2019-09-19
Xavier Mertens
Agent Tesla Trojan Abusing Corporate Email Accounts
2019-09-19
Xavier Mertens
Blocklisting or Whitelisting in the Right Way
2018-12-19
Xavier Mertens
Using OSSEC Active-Response as a DFIR Framework
2018-11-19
Xavier Mertens
The Challenge of Managing Your Digital Library
2018-08-02
Brad Duncan
DHL-themed malspam reveals embedded malware in animated gif
2018-07-30
Xavier Mertens
Exploiting the Power of Curl
2018-05-27
Guy Bruneau
Capture and Analysis of User Agents
2018-01-01
Didier Stevens
What is new?
2017-12-27
Guy Bruneau
What are your Security Challenges for 2018?
2017-10-30
Johannes Ullrich
Critical Patch For Oracle's Identity Manager
2017-04-13
Rob VandenBrink
Packet Captures Filtered by Process
2017-02-28
Xavier Mertens
Amazon S3 Outage
2017-01-24
Xavier Mertens
Malicious SVG Files in the Wild
2017-01-06
John Bambenek
Great Misadventures of Security Vendors: Absurd Sandboxing Edition
2016-12-11
Russ McRee
Steganography in Action: Image Steganography & StegExpose
2016-06-20
Xavier Mertens
Using Your Password Manager to Monitor Data Leaks
2016-01-05
Guy Bruneau
What are you Concerned the Most in 2016?
2015-07-28
Rick Wanner
Android Stagefright multimedia viewer prone to remote exploitation
2015-07-18
Russell Eubanks
The Value a "Fresh Set Of Eyes" (FSOE)
2015-03-11
Rob VandenBrink
Apple iTunes Store is seeing an extended outage (11 Mar) - watch https://www.apple.com/support/systemstatus/ for status changes. (12 Mar) - service restored, all green!
2014-04-05
Jim Clausing
Those strange e-mails with URLs in them can lead to Android malware
2014-03-17
Johannes Ullrich
Scans for FCKEditor File Manager
2014-01-23
Chris Mohan
Learning from the breaches that happens to others Part 2
2014-01-14
Chris Mohan
Spamming and scanning botnets - is there something I can do to block them from my site?
2014-01-11
Guy Bruneau
tcpflow 1.4.4 and some of its most Interesting Features
2013-11-05
Daniel Wesemann
TIFF images in MS-Office documents used in targeted attacks
2013-09-24
Tom Webb
IDS, NSM, and Log Management with Security Onion 12.04.3
2013-04-17
Richard Porter
Apple iTunes Services Outage
2013-02-25
Rob VandenBrink
Silent Traitors - Embedded Devices in your Datacenter
2013-01-15
Rob VandenBrink
When Disabling IE6 (or Java, or whatever) is not an Option...
2013-01-09
Rob VandenBrink
Hotmail seeing some temporary access issues
2012-12-27
John Bambenek
It's 3pm 2 days after Christmas, do you know where your unmanaged SSH keys are?
2012-09-21
Guy Bruneau
Storing your Collection of Malware Samples with Malwarehouse
2012-08-21
Adrien de Beaupre
RuggedCom fails key management 101 on Rugged Operating System (ROS)
2012-06-25
Rick Wanner
Targeted Malware for Industrial Espionage?
2012-06-25
Guy Bruneau
Issues with Windows Update Agent
2012-04-23
Russ McRee
Emergency Operations Centers & Security Incident Management: A Correlation
2012-04-05
Johannes Ullrich
Evil hides everywhere: Web Application Exploits in Headers
2012-02-29
Johannes Ullrich
COX Network Outage
2011-10-28
Russ McRee
Critical Control 19: Data Recovery Capability
2011-09-27
donald smith
New feature in JUNOS to drop or ignore path attributes.
2011-09-09
Johannes Ullrich
Large power outage in Southern California may last until Friday. http://www.sdge.com
2011-08-26
Daniel Wesemann
User Agent 007
2011-08-15
Rob VandenBrink
8 Years since the Eastern Seaboard Blackout - Has it Been that Long?
2011-08-03
Johannes Ullrich
Malicious Images: What's a QR Code
2011-07-13
Guy Bruneau
New Sguil HTTPRY Agent
2011-04-25
Rob VandenBrink
Sony PlayStation Network Outage - Day 5
2011-04-23
Manuel Humberto Santander Pelaez
Image search can lead to malware download
2011-04-03
Richard Porter
Extreme Disclosure? Not yet but a great trend!
2011-01-30
Richard Porter
The Modern Dark Ages?
2011-01-12
Richard Porter
Yet Another Data Broker? AOL Lifestream.
2010-12-30
Rick Wanner
Obvious Lessons from the Skype outage
2010-12-15
Manuel Humberto Santander Pelaez
HP StorageWorks P2000 G3 MSA hardcoded user
2010-08-19
Rob VandenBrink
Change is Good. Change is Bad. Change is Life.
2010-07-04
Manuel Humberto Santander Pelaez
Interesting analysis of the PHP SplObjectStorage Vulnerability
2010-06-15
Manuel Humberto Santander Pelaez
iPhone 4 Order Security Breach Exposes Private Information
2010-04-09
Mark Hofman
Outage Update - isc.sans.org
2010-04-07
Johannes Ullrich
our primary datacenter is currently experiencing a network outage
2010-03-24
Kyle Haugsness
Wikipedia outage
2010-02-17
Rob VandenBrink
Cisco Security Agent Security Updates: cisco-sa-20100217-csa
2009-11-24
Johannes Ullrich
The ISC and DShield websites will be unavailable on Wednesday Nov 25th from 8-8:30 am EST.
2009-08-18
Deborah Hale
Domain tcpdump.org unavailable
2009-07-13
Adrien de Beaupre
Security Update available for Wyse Device Manager
2009-07-11
Marcus Sachs
Imageshack
2009-05-01
Adrien de Beaupre
Incident Management
2009-04-10
Stephen Hall
Hosted javascript leading to .cn PDF malware
2009-03-20
donald smith
Stealthier then a MBR rootkit, more powerful then ring 0 control, it’s the soon to be developed SMM root kit.
2008-12-28
Raul Siles
Level3 Outage?
2008-12-28
Raul Siles
AT&T Wireless Outage
2008-09-18
Bojan Zdrnja
Monitoring HTTP User-Agent fields
2008-08-14
Mari Nichols
SBC Outage?
2008-08-09
Deborah Hale
Cleveland Outage
2008-06-01
Swa Frantzen
The Planet outage - what can we all learn from it?
2008-04-06
Tony Carothers
Happenings in the Northeast US
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Contact Us
Contact Us
About Us
Handlers
About Us
Slack Channel
Mastodon
Bluesky
X
Make the web a better place by
sharing the SANS Internet Storm Center
with others