Diaries by Keyword - SANS Internet Storm Center

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Handler on Duty: Johannes Ullrich

Threat Level: green

Date	Author	Title
2021-11-07	Didier Stevens	Video: Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory
2021-11-06	Didier Stevens	Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory
2021-10-25	Didier Stevens	Decrypting Cobalt Strike Traffic With a "Leaked" Private Key
2021-08-20	Xavier Mertens	Waiting for the C2 to Show Up
2021-05-28	Xavier Mertens	Malicious PowerShell Hosted on script.google.com
2021-04-02	Xavier Mertens	C2 Activity: Sandboxes or Real Victims?
2021-03-19	Xavier Mertens	Pastebin.com Used As a Simple C2 Channel
2020-12-10	Xavier Mertens	Python Backdoor Talking to a C2 Through Ngrok
2018-06-15	Lorna Hutcheson	SMTP Strangeness - Possible C2
2014-02-27	Richard Porter	DDoS and BCP 38
2012-05-16	Johannes Ullrich	Got Packets? Odd duplicate DNS replies from 10.x IP Addresses
2010-02-17	Rob VandenBrink	Defining Clouds - " A Cloud by any Other Name Would be a Lot Less Confusing"
2008-04-22	donald smith	XP SP3 RC2 Available