| Date | Author | Title |
|---|---|---|
| 2021-11-07 | Didier Stevens | Video: Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory |
| 2021-11-06 | Didier Stevens | Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory |
| 2021-10-25 | Didier Stevens | Decrypting Cobalt Strike Traffic With a "Leaked" Private Key |
| 2021-08-20 | Xavier Mertens | Waiting for the C2 to Show Up |
| 2021-05-28 | Xavier Mertens | Malicious PowerShell Hosted on script.google.com |
| 2021-04-02 | Xavier Mertens | C2 Activity: Sandboxes or Real Victims? |
| 2021-03-19 | Xavier Mertens | Pastebin.com Used As a Simple C2 Channel |
| 2020-12-10 | Xavier Mertens | Python Backdoor Talking to a C2 Through Ngrok |
| 2018-06-15 | Lorna Hutcheson | SMTP Strangeness - Possible C2 |
| 2014-02-27 | Richard Porter | DDoS and BCP 38 |
| 2012-05-16 | Johannes Ullrich | Got Packets? Odd duplicate DNS replies from 10.x IP Addresses |
| 2010-02-17 | Rob VandenBrink | Defining Clouds - " A Cloud by any Other Name Would be a Lot Less Confusing" |
| 2008-04-22 | donald smith | XP SP3 RC2 Available |
Threat Level: green
Handler on Duty: Didier Stevens
SANS ISC: Diaries by Keyword - SANS Internet Storm Center Diaries by Keyword
https://www.sans.edu
Questions? Feedback?
Use our contact form or
report bugs here
For interactive help and to chat with other users, try our Slack group.
Use our contact form or
report bugs here
For interactive help and to chat with other users, try our Slack group.
