Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Diaries by Keyword Diaries by Keyword

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Date Author Title

CA FALSE POSTIVE

2009-07-12Mari NicholsCA Apologizes for False Positive

CA

2020-10-25/a>Didier StevensVideo: Pascal Strings
2020-10-24/a>Guy BruneauAn Alternative to Shodan, Censys with User-Agent CensysInspect/1.1
2020-10-20/a>Xavier MertensMirai-alike Python Scanner
2020-10-14/a>Xavier MertensNicely Obfuscated Python RAT
2020-10-03/a>Guy BruneauScanning for SOHO Routers
2020-09-20/a>Guy BruneauAnalysis of a Salesforce Phishing Emails
2020-09-15/a>Brad DuncanTraffic Analysis Quiz: Oh No... Another Infection!
2020-09-04/a>Jan KoprivaA blast from the past - XXEncoded VB6.0 Trojan
2020-08-22/a>Guy BruneauRemote Desktop (TCP/3389) and Telnet (TCP/23), What might they have in Common?
2020-08-19/a>Xavier MertensExample of Word Document Delivering Qakbot
2020-08-16/a>Didier StevensSmall Challenge: A Simple Word Maldoc - Part 3
2020-08-08/a>Guy BruneauScanning Activity Include Netcat Listener
2020-08-05/a>Brad DuncanTraffic Analysis Quiz: What's the Malware From This Infection?
2020-07-24/a>Xavier MertensCompromized Desktop Applications by Web Technologies
2020-07-19/a>Guy BruneauScanning Activity for ZeroShell Unauthenticated Access
2020-07-15/a>Brad DuncanWord docs with macros for IcedID (Bokbot)
2020-07-11/a>Guy BruneauVMware XPC Client validation privilege escalation vulnerability - https://www.vmware.com/security/advisories/VMSA-2020-0017.html
2020-07-11/a>Guy BruneauScanning Home Internet Facing Devices to Exploit
2020-07-08/a>Xavier MertensIf You Want Something Done Right, You Have To Do It Yourself... Malware Too!
2020-06-16/a>Johannes UllrichOdd "Protest" Spam (Scam?) Targeting Atlanta Police Foundation
2020-06-13/a>Guy BruneauMirai Botnet Activity
2020-06-08/a>Didier StevensTranslating BASE64 Obfuscated Scripts
2020-05-31/a>Guy BruneauWindows 10 Built-in Packet Sniffer - PktMon
2020-05-28/a>Xavier MertensFlashback on CVE-2019-19781
2020-05-20/a>Brad DuncanMicrosoft Word document with malicious macro pushes IcedID (Bokbot)
2020-05-16/a>Guy BruneauScanning for Outlook Web Access (OWA) & Microsoft Exchange Control Panel (ECP)
2020-05-08/a>Xavier MertensUsing Nmap As a Lightweight Vulnerability Scanner
2020-04-27/a>Xavier MertensPowershell Payload Stored in a PSCredential Object
2020-04-24/a>Xavier MertensMalicious Excel With a Strong Obfuscation and Sandbox Evasion
2020-04-10/a>Xavier MertensPowerShell Sample Extracting Payload From SSL
2020-04-08/a>Brad DuncanGerman malspam pushes ZLoader malware
2020-04-07/a>Johannes UllrichIncrease in RDP Scanning
2020-04-03/a>Xavier MertensObfuscated with a Simple 0x0A
2020-04-01/a>Brad DuncanQakbot malspam sent from an infected Windows host
2020-03-31/a>Johannes UllrichKwampirs Targeted Attacks Involving Healthcare Sector
2020-03-21/a>Guy BruneauHoneypot - Scanning and Targeting Devices & Services
2020-03-11/a>Xavier MertensAgent Tesla Delivered via Fake Canon EOS Notification on Free OwnCloud Account
2020-02-29/a>Guy BruneauHazelcast IMDG Discover Scan
2020-02-25/a>Jan KoprivaQuick look at a couple of current online scam campaigns
2020-02-22/a>Xavier MertensSimple but Efficient VBScript Obfuscation
2020-02-07/a>Xavier MertensSandbox Detection Tricks & Nice Obfuscation in a Single VBScript
2020-01-23/a>Xavier MertensComplex Obfuscation VS Simple Trick
2020-01-15/a>Johannes UllrichCVE-2020-0601 Followup
2020-01-13/a>Didier StevensCitrix ADC Exploits: Overview of Observed Payloads
2020-01-11/a>Johannes UllrichCitrix ADC Exploits are Public and Heavily Used. Attempts to Install Backdoor
2020-01-07/a>Johannes UllrichA Quick Update on Scanning for CVE-2019-19781 (Citrix ADC / Gateway Vulnerability)
2020-01-05/a>Didier Stevensetl2pcapng: Convert .etl Capture Files To .pcapng Format
2019-12-31/a>Johannes UllrichSome Thoughts About the Critical Citrix ADC/Gateway Vulnerability (CVE-2019-19781)
2019-12-24/a>Brad DuncanMalspam with links to Word docs pushes IcedID (Bokbot)
2019-12-22/a>Didier StevensExtracting VBA Macros From .DWG Files
2019-12-16/a>Didier StevensMalicious .DWG Files?
2019-12-03/a>Brad DuncanUrsnif infection with Dridex
2019-11-27/a>Brad DuncanFinding an Agent Tesla malware sample
2019-11-23/a>Guy BruneauLocal Malware Analysis with Malice
2019-11-22/a>Xavier MertensAbusing Web Filters Misconfiguration for Reconnaissance
2019-11-18/a>Johannes UllrichSMS and 2FA: Another Reason to Move away from It.
2019-11-09/a>Guy BruneauFake Netflix Update Request by Text
2019-11-05/a>Rick WannerBluekeep exploitation causing Bluekeep vulnerability scan to fail
2019-11-03/a>Didier StevensYou Too? "Unusual Activity with Double Base64 Encoding"
2019-10-30/a>Xavier MertensKeep an Eye on Remote Access to Mailboxes
2019-10-29/a>Xavier MertensGenerating PCAP Files from YAML
2019-10-20/a>Guy BruneauScanning Activity for NVMS-9000 Digital Video Recorder
2019-10-19/a>Russell EubanksWhat Assumptions Are You Making?
2019-10-18/a>Xavier MertensQuick Malicious VBS Analysis
2019-10-09/a>Brad DuncanWhat data does Vidar malware steal from an infected host?
2019-10-03/a>Jim ClausingBuffer overflows found in libpcap and tcpdump
2019-09-27/a>Xavier MertensNew Scans for Polycom Autoconfiguration Files
2019-09-07/a>Guy BruneauUnidentified Scanning Activity
2019-08-09/a>Xavier Mertens100% JavaScript Phishing Page
2019-08-05/a>Rick WannerScanning for Bluekeep vulnerable RDP instances
2019-08-01/a>Johannes UllrichWhat is Listening On Port 9527/TCP?
2019-07-25/a>Rob VandenBrinkWhen Users Attack! Users (and Admins) Thwarting Security Controls
2019-07-18/a>Rob VandenBrinkThe Other Side of Critical Control 1: 802.1x Wired Network Access Controls
2019-07-11/a>Xavier MertensRussian Dolls Malicious Script Delivering Ursnif
2019-07-02/a>Xavier MertensMalicious Script With Multiple Payloads
2019-06-20/a>Xavier MertensUsing a Travel Packing App for Infosec Purpose
2019-06-10/a>Xavier MertensInteresting JavaScript Obfuscation Example
2019-05-31/a>Didier StevensRetrieving Second Stage Payload with Ncat
2019-05-22/a>Johannes UllrichAn Update on the Microsoft Windows RDP "Bluekeep" Vulnerability (CVE-2019-0708) [now with pcaps]
2019-05-16/a>Xavier MertensThe Risk of Authenticated Vulnerability Scans
2019-04-11/a>Johannes UllrichHow to Find Hidden Cameras in your AirBNB
2019-04-04/a>Xavier MertensNew Waves of Scans Detected by an Old Rule
2019-03-18/a>Didier StevensWireshark 3.0.0 and Npcap: Some Remarks
2019-03-11/a>Didier StevensWireshark 3.0.0 and Npcap
2019-03-09/a>Guy BruneauA Comparison Study of SSH Port Activity - TCP 22 & 2222
2019-03-08/a>Remco VerhoefAnalysing meterpreter payload with Ghidra
2019-02-18/a>Didier StevensKnow What You Are Logging
2019-02-02/a>Guy BruneauScanning for WebDAV PROPFIND Exploiting CVE-2017-7269
2019-01-12/a>Guy BruneauSnorpy a Web Base Tool to Build Snort/Suricata Rules
2019-01-02/a>Lorna HutchesonGift Card Scams on the rise
2018-12-31/a>Didier StevensSoftware Crashes: A New Year's Resolution
2018-12-29/a>Didier StevensVideo: De-DOSfuscation Example
2018-12-23/a>Guy BruneauScanning Activity, end Goal is to add Hosts to Mirai Botnet
2018-12-16/a>Guy BruneauRandom Port Scan for Open RDP Backdoor
2018-12-15/a>Didier StevensDe-DOSfuscation Example
2018-12-12/a>Didier StevensYet Another DOSfuscation Sample
2018-12-09/a>Johannes UllrichArrest of Huawei CFO Inspires Advance Fee Scam
2018-11-27/a>Xavier MertensMore obfuscated shell scripts: Fake MacOS Flash update
2018-11-26/a>Xavier MertensObfuscated bash script targeting QNap boxes
2018-11-18/a>Guy BruneauMultipurpose PCAP Analysis Tool
2018-11-16/a>Xavier MertensBasic Obfuscation With Permissive Languages
2018-11-14/a>Brad DuncanDay in the life of a researcher: Finding a wave of Trickbot malspam
2018-11-06/a>Xavier MertensMalicious Powershell Script Dissection
2018-10-23/a>Xavier MertensDiving into Malicious AutoIT Code
2018-10-08/a>Guy BruneauLatest Release of rockNSM 2.1
2018-09-30/a>Didier StevensWhen DOSfuscation Helps...
2018-09-19/a>Rob VandenBrinkCertificates Revisited - SSL VPN Certificates 2 Ways
2018-09-18/a>Rob VandenBrinkUsing Certificate Transparency as an Attack / Defense Tool
2018-09-05/a>Rob VandenBrinkWhere have all my Certificates gone? (And when do they expire?)
2018-09-04/a>Rob VandenBrinkLet's Trade: You Read My Email, I'll Read Your Password!
2018-08-15/a>Xavier MertensTruncating Payloads and Anonymizing PCAP files
2018-07-30/a>Didier StevensMalicious Word documents using DOSfuscation
2018-07-26/a>Xavier MertensWindows Batch File Deobfuscation
2018-07-03/a>Didier StevensProgress indication for scripts on Windows
2018-07-02/a>Guy BruneauHello Peppa! - PHP Scans
2018-06-18/a>Xavier MertensMalicious JavaScript Targeting Mobile Browsers
2018-06-06/a>Xavier MertensConverting PCAP Web Traffic to Apache Log
2018-05-25/a>Xavier MertensAntivirus Evasion? Easy as 1,2,3
2018-05-06/a>Guy BruneauScans Attempting to use PowerShell to Download PHP Script
2018-04-30/a>Remco VerhoefAnother approach to webapplication fingerprinting
2018-01-23/a>John BambenekLife after GDPR: Implications for Cybersecurity
2018-01-18/a>Xavier MertensComment your Packet Captures!
2018-01-07/a>Guy BruneauSSH Scans by Clients Types
2017-12-18/a>Didier StevensPhish or scam? - Part 2
2017-12-17/a>Didier StevensPhish or scam? - Part 1
2017-11-23/a>Xavier MertensProactive Malicious Domain Search
2017-11-13/a>Guy Bruneaujsonrpc Scanning for root account
2017-11-11/a>Xavier MertensKeep An Eye on your Root Certificates
2017-11-03/a>Xavier MertensSimple Analysis of an Obfuscated JAR File
2017-10-27/a>Renato Marinho"Catch-All" Google Chrome Malicious Extension Steals All Posted Data
2017-10-06/a>Johannes UllrichWhat's in a cable? The dangers of unauthorized cables
2017-10-05/a>Johannes Ullrichpcap2curl: Turning a pcap file into a set of cURL commands for "replay"
2017-09-30/a>Lorna HutchesonWho's Borrowing your Resources?
2017-09-28/a>Xavier MertensThe easy way to analyze huge amounts of PCAP data
2017-09-17/a>Guy BruneaurockNSM as a Incident Response Package
2017-08-24/a>Bojan ZdrnjaFree Bitcoins? Why not?
2017-07-30/a>Guy BruneauText Banking Scams
2017-07-24/a>Renato MarinhoUber drivers new threat: the "passenger"
2017-07-24/a>Russell EubanksTrends Over Time
2017-07-19/a>Xavier MertensBots Searching for Keys & Config Files
2017-07-08/a>Xavier MertensA VBScript with Obfuscated Base64 Data
2017-06-22/a>Xavier MertensObfuscating without XOR
2017-06-17/a>Guy BruneauMapping Use Cases to Logs. Which Logs are the Most Important to Collect?
2017-06-15/a>Bojan ZdrnjaUberscammers
2017-06-10/a>Russell EubanksAn Occasional Look in the Rear View Mirror
2017-06-01/a>Xavier MertensSharing Private Data with Webcast Invitations
2017-05-28/a>Pasquale StirparoAnalysis of Competing Hypotheses (ACH part 1)
2017-05-26/a>Lorna HutchesonFile2pcap - A new tool for your toolkit!
2017-05-18/a>Xavier MertensMy Little CVE Bot
2017-05-02/a>Richard PorterDo you have Intel AMT? Then you have a problem today! Intel Active Management Technology INTEL-SA-00075
2017-04-28/a>Xavier MertensAnother Day, Another Obfuscation Technique
2017-04-22/a>Jim ClausingWTF tcp port 81
2017-04-21/a>Xavier MertensAnalysis of a Maldoc with Multiple Layers of Obfuscation
2017-04-19/a>Xavier MertensHunting for Malicious Excel Sheets
2017-04-13/a>Rob VandenBrinkPacket Captures Filtered by Process
2017-03-30/a>Xavier MertensDiverting built-in features for the bad
2017-03-25/a>Russell EubanksDistraction as a Service
2017-03-24/a>Xavier MertensNicely Obfuscated JavaScript Sample
2017-03-18/a>Xavier MertensExample of Multiple Stages Dropper
2017-03-10/a>Xavier MertensThe Side Effect of GeoIP Filters
2017-02-28/a>Xavier MertensAnalysis of a Simple PHP Backdoor
2017-02-12/a>Xavier MertensAnalysis of a Suspicious Piece of JavaScript
2017-01-28/a>Lorna HutchesonPacket Analysis - Where do you start?
2017-01-26/a>Xavier MertensIOC's: Risks of False Positive Alerts Flood Ahead
2017-01-14/a>Xavier MertensBackup Files Are Good but Can Be Evil
2017-01-13/a>Xavier MertensWho's Attacking Me?
2016-12-31/a>Xavier MertensOngoing Scans Below the Radar
2016-11-27/a>Russ McReeScapy vs. CozyDuke
2016-11-11/a>Rick WannerBenevolent malware? reincarna/Linux.Wifatch
2016-11-05/a>Xavier MertensFull Packet Capture for Dummies
2016-11-02/a>Rob VandenBrinkWhat Does a Pentest Look Like?
2016-10-25/a>Xavier MertensAnother Day, Another Spam...
2016-10-19/a>Xavier MertensSpam Delivered via .ICS Files
2016-10-07/a>Rick WannerFirst Hurricane Matthew related Phish
2016-09-15/a>Xavier MertensIn Need of a OTP Manager Soon?
2016-09-10/a>Xavier MertensOngoing IMAP Scan, Anyone Else?
2016-08-29/a>Russ McReeRecommended Reading: Intrusion Detection Using Indicators of Compromise Based on Best Practices and Windows Event Logs
2016-08-28/a>Guy BruneauSpam with Obfuscated Javascript
2016-08-22/a>Russ McReeRed Team Tools Updates: hashcat and SpiderFoot
2016-08-19/a>Xavier MertensData Classification For the Masses
2016-08-01/a>Daniel WesemannAre you getting I-CANNED ?
2016-07-08/a>Mark HofmanMalware being distributed pretending to be from AU Fedcourts
2016-06-29/a>Xavier MertensPhishing Campaign with Blurred Images
2016-06-22/a>Bojan ZdrnjaSecurity through obscurity never works
2016-06-03/a>Tom ListonMySQL is YourSQL
2016-05-26/a>Xavier MertensKeeping an Eye on Tor Traffic
2016-05-08/a>Jim ClausingGuest Diary: Linux Capabilities - A friend and foe
2016-02-20/a>Didier StevensLocky: JavaScript Deobfuscation
2016-02-11/a>Tom WebbTomcat IR with XOR.DDoS
2016-02-07/a>Xavier MertensMore Malicious JavaScript Obfuscation
2016-02-03/a>Xavier MertensAutomating Vulnerability Scans
2016-02-02/a>Johannes UllrichTargeted IPv6 Scans Using pool.ntp.org .
2016-01-29/a>Xavier MertensScripting Web Categorization
2016-01-25/a>Rob VandenBrinkAssessing Remote Certificates with Powershell
2016-01-15/a>Xavier MertensJavaScript Deobfuscation Tool
2015-12-21/a>Daniel WesemannCritical Security Controls: Getting to know the unknown
2015-11-04/a>Richard PorterApplication Aware and Critical Control 2
2015-11-04/a>Johannes UllrichInternet Wide Scanners Wanted
2015-09-08/a>Lenny ZeltserA Close Look at PayPal Overpayment Scams That Target Craigslist Sellers
2015-08-28/a>Didier StevensTest File: PDF With Embedded DOC Dropping EICAR
2015-06-28/a>Didier StevensThe EICAR Test File
2015-05-29/a>Russell EubanksTrust But Verify
2015-04-28/a>Daniel WesemannScammy Nepal earthquake donation requests
2015-04-23/a>Bojan ZdrnjaWhen automation does not help
2015-04-08/a>Tom WebbIs it a breach or not?
2015-03-26/a>Daniel WesemannPin-up on your Smartphone!
2015-02-27/a>Rick WannerLet's Encrypt!
2015-02-17/a>Rob VandenBrinkoclHashcat 1.33 Released
2014-11-24/a>Richard PorterSomeone is using this? PoS: Compressor
2014-11-04/a>Daniel Wesemann20$ is 999999 Euro
2014-10-06/a>Johannes UllrichCSAM: Patch and get pw0ned (not OR).
2014-09-19/a>Guy BruneauAdded today in oclhashcat 131 Django [Default Auth] (PBKDF2 SHA256 Rounds Salt) Support - http://hashcat.net/hashcat/
2014-09-19/a>Guy BruneauWeb Scan looking for /info/whitelist.pac
2014-09-16/a>Daniel Wesemannhttps://yourfakebank.support -- TLD confusion starts!
2014-09-10/a>Johannes UllrichContent Security Policy (CSP) is Growing Up.
2014-08-27/a>Rob VandenBrinkOne More Day of Trolling in POS Memory
2014-08-25/a>Jim ClausingUnusual CRL traffic?
2014-08-09/a>Adrien de BeaupreComplete application ownage via Multi-POST XSRF
2014-07-30/a>Rick WannerSymantec Endpoint Protection Privilege Escalation Zero Day
2014-07-26/a>Chris Mohan"Internet scanning project" scans
2014-07-06/a>Richard PorterPhysical Access, Point of Sale, Vegas
2014-07-03/a>Johannes UllrichCredit Card Processing in 700 Words or Less
2014-06-28/a>Mark HofmanNo more Microsoft advisory email notifications?
2014-06-22/a>Russ McReeOfficeMalScanner helps identify the source of a compromise
2014-06-17/a>Rob VandenBrinkCanada's Anti-Spam Legislation (CASL) 2014
2014-06-13/a>Richard PorterA welcomed response, PF Chang's
2014-06-11/a>Daniel WesemannGimme your keys!
2014-06-04/a>Richard Porterp0f, Got Packets?
2014-06-01/a>Johannes UllrichWhen was the last time you checked your Comcast cable modem settings?
2014-05-22/a>Johannes UllrichDiscontinuing Support for ISC Alert Task Bar Icon
2014-04-17/a>Manuel Humberto Santander PelaezLooking for malicious traffic in electrical SCADA networks - part 2 - solving problems with DNP3 Secure Authentication Version 5
2014-04-15/a>Manuel Humberto Santander PelaezLooking for malicious traffic in electrical SCADA networks - part 1
2014-04-12/a>Guy BruneauCritical Security Update for JetPack WordPress Plugin. Bug has existed since Jetpack 1.9, released in October 2012. - http://jetpack.me/2014/04/10/jetpack-security-update/
2014-03-24/a>Johannes UllrichIntegrating Physical Security Sensors
2014-03-13/a>Daniel WesemannIdentification and authentication are hard ... finding out intention is even harder
2014-03-06/a>Mark BaggettPort 5000 traffic and snort signature
2014-02-26/a>Russ McReeOngoing NTP Amplification Attacks
2014-02-15/a>Rob VandenBrinkMore on HNAP - What is it, How to Use it, How to Find it
2014-02-14/a>Chris MohanScanning activity for /siemens/bootstrapping/JnlpBrowser/Development/
2014-02-13/a>Johannes UllrichLinksys Worm ("TheMoon") Captured
2014-02-12/a>Johannes UllrichSuspected Mass Exploit Against Linksys E1000 / E1200 Routers
2014-01-31/a>Chris MohanLooking for packets from three particular subnets
2014-01-30/a>Johannes UllrichNew gTLDs appearing in the root zone
2014-01-17/a>Russ McReeMassive RFI scans likely a free web app vuln scanner rather than bots
2014-01-13/a>Johannes UllrichSpecial Webcast today: HTML5, Risky Business or Hidden Security Toolchest? https://www.sans.org/webcasts/html5-risky-business-hidden-security-tool-chest-mobile-web-app-authentication-97650
2014-01-11/a>Guy Bruneautcpflow 1.4.4 and some of its most Interesting Features
2014-01-09/a>Bojan ZdrnjaMassive PHP RFI scans
2014-01-08/a>Kevin ShorttIntercepted Email Attempts to Steal Payments
2013-12-28/a>Russ McReeWeekend Reading List 27 DEC
2013-12-24/a>Daniel WesemannMr Jones wants you to appear in court!
2013-12-23/a>Daniel WesemannCostco, BestBuy, Walmart really want to send you a package!
2013-12-21/a>Daniel WesemannAdobe phishing underway
2013-12-20/a>Daniel Wesemannauthorized key lime pie
2013-12-19/a>Rob VandenBrinkTarget US - Credit Card Data Breach
2013-12-19/a>Rob VandenBrinkPassive Scanning Two Ways - How-Tos for the Holidays
2013-12-10/a>Rob VandenBrinkThose Look Just Like Hashes!
2013-12-09/a>Rob VandenBrinkScanning without Scanning
2013-12-01/a>Richard PorterBPF, PCAP, Binary, hex, why they matter?
2013-11-15/a>Johannes UllrichThe Security Impact of HTTP Caching Headers
2013-11-04/a>Manuel Humberto Santander PelaezWhen attackers use your DNS to check for the sites you are visiting
2013-10-22/a>Richard PorterGreenbone and OpenVAS Scanner
2013-10-21/a>Johannes UllrichNew tricks that may bring DNS spoofing back or: "Why you should enable DNSSEC even if it is a pain to do"
2013-10-17/a>Adrien de BeaupreInternet wide DNS scanning
2013-10-12/a>Richard PorterReported Spike in tcp/5901 and tcp/5900
2013-10-05/a>Richard PorterAdobe Breach Notification, Notifications?
2013-10-02/a>John BambenekObamacare related domain registration spike, Government shutdown domain registration beginning
2013-09-18/a>Rob VandenBrinkCisco DCNM Update Released
2013-09-05/a>Rob VandenBrinkBuilding Your Own GPU Enabled Private Cloud
2013-09-05/a>Rob VandenBrinkWhat's Next for IPS?
2013-09-03/a>Rob VandenBrinkIs "Reputation Backscatter" a Thing?
2013-08-26/a>Alex StanfordStop, Drop and File Carve
2013-08-19/a>Rob VandenBrinkZMAP 1.02 released
2013-08-13/a>Swa FrantzenMicrosoft security advisories: RDP and MD5 deprecation in Microsoft root certificates
2013-08-02/a>Johannes UllrichFake American Express Alerts
2013-07-27/a>Scott FendleyDefending Against Web Server Denial of Service Attacks
2013-07-13/a>Lenny ZeltserDecoy Personas for Safeguarding Online Identity Using Deception
2013-07-01/a>Manuel Humberto Santander PelaezUsing nmap scripts to enhance vulnerability asessment results
2013-06-27/a>Tony CarothersPhysical Security in the Cyber World
2013-06-05/a>Richard PorterWireshark 1.10.0 Stable Released http://www.wireshark.org/download.html
2013-05-22/a>Adrien de BeauprePrivilege escalation, why should I care?
2013-05-21/a>Adrien de BeaupreMoore, Oklahoma tornado charitable organization scams, malware, and phishing
2013-05-17/a>Johannes UllrichSSL: Another reason not to ignore IPv6
2013-05-11/a>Lenny ZeltserExtracting Digital Signatures from Signed Malware
2013-04-29/a>Adam SwangerReport Fake Tech Support Calls submission form reminder
2013-04-17/a>John BambenekUPDATEDx1: Boston-Related Malware Campaigns Have Begun - Now with Waco Plant Explosion Fun
2013-04-15/a>Rob VandenBrinkOops - You Mean That Deleted Server was a Certificate Authority?
2013-04-10/a>Manuel Humberto Santander PelaezMassive Google scam sent by email to Colombian domains
2013-04-04/a>Johannes UllrichMicrosoft April Patch Tuesday Advance Notification
2013-03-29/a>Chris MohanDoes your breach email notification look like a phish?
2013-03-23/a>Guy BruneauApple ID Two-step Verification Now Available in some Countries
2013-03-19/a>Johannes UllrichIPv6 Focus Month: The warm and fuzzy side of IPv6
2013-03-06/a>Adam SwangerIPv6 Focus Month: Guest Diary: Stephen Groat - Geolocation Using IPv6 Addresses
2013-03-03/a>Richard PorterUptick in MSSQL Activity
2013-02-20/a>Manuel Humberto Santander PelaezSANS SCADA Summit at Orlando - Bigger problems and so far from getting them solved
2013-02-19/a>Johannes UllrichEDUCAUSE Breach
2013-02-14/a>Adam SwangerISC Monthly Threat Update - February 2013 http://isc.sans.edu/podcastdetail.html?id=3121
2013-02-08/a>Kevin ShorttIs it Spam or Is it Malware?
2013-02-06/a>Johannes UllrichIntel Network Card (82574L) Packet of Death
2013-02-03/a>Lorna HutchesonIs it Really an Attack?
2013-01-25/a>Johannes UllrichVulnerability Scans via Search Engines (Request for Logs)
2013-01-18/a>Russ McReeInteresting reads for Friday 18 JAN 2013
2013-01-10/a>Adam SwangerISC Monthly Threat Update New Format
2013-01-07/a>Adam SwangerPlease consider participating in our 2013 ISC StormCast survey at http://www.surveymonkey.com/s/stormcast
2013-01-03/a>Manuel Humberto Santander PelaezNew year and new CA compromised
2012-12-18/a>Dan GoldbergMitigating the impact of organizational change: a risk assessment
2012-12-06/a>Daniel WesemannFake tech support calls - revisited
2012-12-06/a>Daniel WesemannRich Quick Make Money!
2012-12-03/a>John BambenekJohn McAfee Exposes His Location in Photo About His Being on Run
2012-11-30/a>Daniel WesemannNmap 6.25 released - lots of new goodies, see http://nmap.org/changelog.html
2012-10-26/a>Adam SwangerSecuring the Human Special Webcast - October 30, 2012
2012-10-10/a>Kevin ShorttFacebook Scam Spam
2012-10-06/a>Manuel Humberto Santander PelaezCyber Security Awareness Month - Day 6 - NERC: The standard that enforces security on power SCADA
2012-10-03/a>Kevin ShorttFake Support Calls Reported
2012-09-13/a>Mark BaggettTCP Fuzzing with Scapy
2012-09-05/a>Rob VandenBrinkAuditing a Network for VOIP Call Quality Metrics
2012-08-21/a>Adrien de BeaupreYYABCAFU - Yes Yet Another Bleeping Critical Adobe Flash Update
2012-08-13/a>Rick WannerInteresting scan for medical certification information...
2012-07-18/a>Rob VandenBrinkVote NO to Weak Keys!
2012-07-14/a>Tony CarothersUser Awareness and Education
2012-07-05/a>Adrien de BeaupreMicrosoft advanced notification for July 2012 patch Tuesday
2012-06-27/a>Daniel WesemannWhat's up with port 79 ?
2012-06-25/a>Guy BruneauUsing JSDetox to Analyze and Deobfuscate Javascript
2012-06-20/a>Raul SilesCVE-2012-0217 (from MS12-042) applies to other environments too
2012-06-13/a>Johannes UllrichICANN "Reveal Day" Lists new TLD Applications
2012-06-13/a>Johannes UllrichMicrosoft Certificate Updater
2012-06-04/a>Johannes UllrichMicrosoft Emergency Bulletin: Unauthorized Certificate used in "Flame"
2012-05-31/a>Johannes UllrichSCADA@Home: Your health is no secret no more!
2012-05-22/a>Johannes Ullrichnmap 6 released
2012-04-26/a>Richard PorterDefine Irony: A medical device with a Virus?
2012-04-21/a>Guy BruneauWordPress Release Security Update
2012-04-16/a>Mark BaggettMcAfee DAT troubles
2012-03-30/a>Daniel WesemannFake tech reps calling
2012-03-13/a>Lenny ZeltserPlease transfer this email to your CEO or appropriate person, thanks
2012-02-08/a>Jim ClausingChrome to stop checking Certificate Revocation List (CRL)?
2012-01-31/a>Russ McReeOSINT tactics: parsing from FOCA for Maltego
2012-01-25/a>Bojan ZdrnjapcAnywhere users – patch now!
2012-01-03/a>Bojan ZdrnjaThe tale of obfuscated JavaScript continues
2011-12-12/a>Daniel WesemannYou won 100$ or a free iPad!
2011-12-08/a>Adrien de BeaupreMicrosoft Security Bulletin Advance Notification for December 2011
2011-12-06/a>Kevin ShorttCain & Abel v4.9.43 Released - http://www.oxid.it/
2011-11-23/a>Johannes UllrichSCADA hacks published on Pastebin
2011-11-16/a>Adrien de BeaupreGET BACK TO ME ASAP
2011-11-11/a>Rick WannerAPPLE-SA-2011-11-10-2 Time Capsule and AirPort Base Station (802.11n) Firmware 7.6 update
2011-11-03/a>Richard PorterAn Apple, Inc. Sandbox to play in.
2011-11-01/a>Russ McReeSecure languages & frameworks
2011-10-29/a>Richard PorterThe Sub Critical Control? Evidence Collection
2011-10-28/a>Daniel WesemannCritical Control 20: Security Skills Assessment and Training to fill Gaps
2011-10-27/a>Mark BaggettCritical Control 18: Incident Response Capabilities
2011-10-26/a>Rick WannerCritical Control 17:Penetration Tests and Red Team Exercises
2011-10-23/a>Guy Bruneautcpdump and IPv6
2011-10-19/a>Pedro BuenoThe old new Stuxnet...DuQu?
2011-10-19/a>Johannes UllrichHouse for rent! Observing an Overpayment Scam
2011-10-17/a>Rob VandenBrinkCritical Control 11: Account Monitoring and Control
2011-10-12/a>Adam SwangerWe are experiencing technical issues with the webcast. The webcast will start as soon as these issues are resolved.
2011-09-28/a>Richard PorterAll Along the ARP Tower!
2011-09-19/a>Guy BruneauMS Security Advisory Update - Fraudulent DigiNotar Certificates
2011-09-09/a>Guy BruneauApple Certificate Trust Policy Update
2011-09-09/a>Guy BruneauAdobe Publish its List of Trusted Root Certificate - http://www.adobe.com/security/approved-trust-list.html
2011-09-08/a>Rob VandenBrinkWhen Good CA's go Bad: Other Things to Check in Your Datacenter
2011-08-26/a>Johannes UllrichSANS Virginia Beach Conference Canceled. Details: http://www.sans.org/virginia-beach-2011/
2011-08-26/a>Johannes UllrichSome Hurricane Technology Tips
2011-08-16/a>Johannes UllrichWhat are the most dangerous web applications and how to secure them?
2011-08-15/a>Rob VandenBrink8 Years since the Eastern Seaboard Blackout - Has it Been that Long?
2011-08-14/a>Guy BruneauFireCAT 2.0 Released
2011-07-29/a>Richard PorterApple Lion talking on TCP 5223
2011-07-28/a>Johannes UllrichAnnouncing: The "404 Project"
2011-07-17/a>Mark HofmanSSH Brute Force
2011-07-05/a>Raul SilesHelping Developers Understand Security - Spot the Vuln
2011-06-21/a>Chris MohanStartSSL, a web authentication authority, suspend services after a security breach
2011-05-23/a>Mark HofmanMicrosoft Support Scam (again)
2011-05-18/a>Bojan ZdrnjaAndroid, HTTP and authentication tokens
2011-05-12/a>Johannes UllrichActiveX Flaw Affecting SCADA systems
2011-05-10/a>Swa FrantzenChanging MO in scamming our users ?
2011-04-28/a>Chris MohanDSL Reports advise 9,000 accounts were compromised
2011-04-22/a>Manuel Humberto Santander PelaezIn-house developed applications: The constant headache for the information security officer
2011-04-03/a>Richard PorterExtreme Disclosure? Not yet but a great trend!
2011-03-27/a>Guy BruneauStrange Shockwave File with Surprising Attachments
2011-02-28/a>Deborah HalePossible Botnet Scanning
2011-02-07/a>Pedro BuenoThe Good , the Bad and the Unknown Online Scanners
2011-02-04/a>Daniel WesemannOh, just click "yes"
2011-01-10/a>Manuel Humberto Santander PelaezFacebook virus spreads via photo album chat messages
2010-12-27/a>Johannes UllrichVarious sites "Owned and Exposed"
2010-12-25/a>Manuel Humberto Santander PelaezAn interesting vulnerability playground to learn application vulnerabilities
2010-12-23/a>Mark HofmanOlder AV Scam Active again.
2010-12-21/a>Rob VandenBrinkNetwork Reliability, Part 2 - HSRP Attacks and Defenses
2010-12-13/a>Deborah HaleThe Week to Top All Weeks
2010-12-12/a>Raul SilesNew trend regarding web application vulnerabilities?
2010-12-08/a>Rob VandenBrinkInteresting DDOS activity around Wikileaks
2010-12-01/a>Deborah HaleMcAfee Security Bulletin Released
2010-12-01/a>Deborah HaleA Gentle Reminder - It is that time of year again
2010-11-24/a>Bojan ZdrnjaPrivilege escalation 0-day in almost all Windows versions
2010-11-24/a>Jim ClausingHelp with odd port scans
2010-10-11/a>Adrien de BeaupreOT: Happy Thanksgiving Day Canada
2010-10-03/a>Adrien de BeaupreCanada's Cyber Security Strategy released today
2010-09-21/a>Johannes UllrichImplementing two Factor Authentication on the Cheap
2010-08-22/a>Manuel Humberto Santander PelaezSCADA: A big challenge for information security professionals
2010-08-16/a>Raul SilesBlind Elephant: A New Web Application Fingerprinting Tool
2010-08-15/a>Manuel Humberto Santander PelaezPython to test web application security
2010-08-15/a>Manuel Humberto Santander PelaezObfuscated SQL Injection attacks
2010-08-10/a>Daniel WesemannSSH - new brute force tool?
2010-07-13/a>Jim ClausingVMware Studio Security Update
2010-07-04/a>Manuel Humberto Santander PelaezNew Winpcap Version
2010-07-02/a>Johannes UllrichOISF released version 1.0.0 of Suricata, the open source IDS/IPS engine http://www.openinfosecfoundation.org
2010-06-26/a>Guy Bruneausocat to Simulate a Website
2010-06-21/a>Adrien de BeaupreGoDaddy Scam/Phish/Spam
2010-06-18/a>Johannes UllrichPlease take a second and rate the daily podcast (Stormcast): http://www.surveymonkey.com/s/stormcast
2010-06-15/a>Manuel Humberto Santander PelaezMastercard delivering cards with OTP device included
2010-06-14/a>Manuel Humberto Santander PelaezAnother way to get protection for application-level attacks
2010-06-14/a>Manuel Humberto Santander PelaezSmall lot of Olympus Stylus Tough 6010 shipped with malware
2010-06-14/a>Manuel Humberto Santander PelaezRogue facebook application acting like a worm
2010-06-06/a>Manuel Humberto Santander PelaezNice OS X exploit tutorial
2010-05-29/a>G. N. WhiteRogue AV Indictment
2010-05-23/a>Manuel Humberto Santander Pelaeze-mail scam announcing Fidel Castro's funeral ... and nasty malware to your computer.
2010-05-15/a>Deborah HalePhony Phone Scam
2010-04-22/a>Deborah HaleHow McAfee turned a Disaster Exercise Into a REAL Learning Experience for Our Community Disaster Team
2010-04-21/a>Guy BruneauMcAfee DAT 5958 Update Issues
2010-04-13/a>Adrien de BeaupreWeb App Testing Tools
2010-04-08/a>Bojan ZdrnjaJavaScript obfuscation in PDF: Sky is the limit
2010-04-06/a>Daniel WesemannApplication Logs
2010-04-02/a>Guy BruneauOracle Java SE and Java for Business Critical Patch Update Advisory
2010-03-27/a>Guy BruneauCreate a Summary of IP Addresses from PCAP Files using Unix Tools
2010-03-21/a>Scott FendleySkipfish - Web Application Security Tool
2010-03-17/a>Deborah HaleTrojan outbreak on a College Campus
2010-03-10/a>Rob VandenBrinkMicrosoft re-release of KB973811 - attacks on Extended Protection for Authentication
2010-03-08/a>Raul SilesSamurai WTF 0.8
2010-03-05/a>Kyle HaugsnessJavascript obfuscators used in the wild
2010-03-01/a>Mark HofmanAS/NZ "Online Offensive - Fight fraud online" week March 1-7
2010-02-20/a>Mari NicholsIs "Green IT" Defeating Security?
2010-02-10/a>Johannes UllrichTwitpic, EXIF and GPS: I Know Where You Did it Last Summer
2010-02-02/a>Johannes UllrichNew IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux)
2010-02-01/a>Rob VandenBrinkNMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?
2010-01-29/a>Adrien de BeaupreNeo-legacy applications
2010-01-24/a>Pedro BuenoOutdated client applications
2010-01-09/a>G. N. WhiteWhat's Up With All The Port Scanning Using TCP/6000 As A Source Port?
2009-12-19/a>Deborah HaleEducationing Our Communities
2009-12-16/a>Rob VandenBrinkBeware the Attack of the Christmas Greeting Cards !
2009-12-14/a>Adrien de BeaupreAnti-forensics, COFEE vs. DECAF
2009-12-07/a>Rob VandenBrinkLayer 2 Network Protections – reloaded!
2009-11-25/a>Jim ClausingUpdates to my GREM Gold scripts and a new script
2009-11-24/a>John BambenekBIND Security Advisory (DNSSEC only)
2009-11-18/a>Rob VandenBrinkUsing a Cisco Router as a “Remote Collector” for tcpdump or Wireshark
2009-11-13/a>Deborah HaleIt's Never Too Early To Start Teaching Them
2009-11-03/a>Andre LudwigSURBL now posting abuse statistics for TLD's
2009-11-02/a>Daniel WesemannIDN ccTLDs
2009-10-30/a>Rob VandenBrinkICANN Strategic Planning (2010-2013) Consultation
2009-10-22/a>Adrien de BeaupreCyber Security Awareness Month - Day 22 port 502 TCP - Modbus
2009-10-20/a>Raul SilesWASC 2008 Statistics
2009-10-19/a>Daniel WesemannScam Email
2009-10-09/a>Rob VandenBrinkTHAWTE to discontinue free Email Certificate Services and Web of Trust Service
2009-09-22/a>Jason LamESTA scam
2009-09-16/a>Raul SilesReview the security controls of your Web Applications... all them!
2009-09-10/a>Johannes UllrichHealthcare Spam
2009-09-05/a>Mark HofmanCritical Infrastructure and dependencies
2009-08-28/a>Adrien de BeaupreWPA with TKIP done
2009-08-17/a>Adrien de BeaupreYAMWD: Yet Another Mass Web Defacement
2009-08-13/a>Johannes UllrichCA eTrust update crashes systems
2009-08-13/a>Jim ClausingTools for extracting files from pcaps
2009-07-28/a>Adrien de BeaupreYYAMCCBA
2009-07-23/a>John BambenekMissouri Passes Breach Notification Law: Gap Still Exists for Banking Account Information
2009-07-12/a>Mari NicholsCA Apologizes for False Positive
2009-06-30/a>Chris CarboniObfuscated Code
2009-06-30/a>Chris CarboniDe-Obfuscation Submissions
2009-06-28/a>Guy BruneauIP Address Range Search with libpcap
2009-06-26/a>Mark HofmanPHPMYADMIN scans
2009-06-24/a>Kyle HaugsnessTCP scanning increase for 4899
2009-06-15/a>Daniel WesemannDrive-by Blackouting ?
2009-05-26/a>Jason LamA new Web application security blog
2009-05-20/a>Tom ListonWeb Toolz
2009-05-02/a>Rick WannerMore Swine/Mexican/H1N1 related domains
2009-04-24/a>John BambenekData Leak Prevention: Proactive Security Requirements of Breach Notification Laws
2009-04-21/a>Bojan ZdrnjaWeb application vulnerabilities
2009-04-17/a>Joel EslerInternet Storm Center Podcast Episode Number Fourteen
2009-04-07/a>Bojan ZdrnjaAdvanced JavaScript obfuscation (or why signature scanning is a failure)
2009-04-03/a>Johannes UllrichCyber Security Act of 2009
2009-03-24/a>G. N. WhiteCanSecWest Pwn2Own: Would IE8 have been exploitable had the event waited one more day?
2009-03-19/a>Mark HofmanBrowsers Tumble at CanSecWest
2009-03-02/a>Swa FrantzenObama's leaked chopper blueprints: anything we can learn?
2009-02-19/a>Joel EslerInternet Storm Center Podcast Episode Number Thirteen
2009-02-14/a>Deborah HaleDebit Card Compromise Letter
2009-02-13/a>Andre LudwigThird party information on conficker
2009-02-09/a>Johannes UllrichNew ISC Feature: Micro Podcasts
2009-02-01/a>Chris CarboniScanning for Trixbox vulnerabilities
2009-01-30/a>Mark HofmanRequest for info - Scan and webmail
2009-01-12/a>William SaluskyWeb Application Firewalls (WAF) - Have you deployed WAF technology?
2009-01-02/a>Mark HofmanBlocking access to MD5 signed certs
2008-12-25/a>Maarten Van HorenbeeckChristmas Ecard Malware
2008-12-12/a>Joel EslerInternet Storm Center Podcast Episode Twelve
2008-11-29/a>Pedro BuenoPossible Mumbai Scams?
2008-11-20/a>Jason LamLarge quantity SQL Injection mitigation
2008-10-22/a>Joel EslerPodcast Episode Eleven Posted
2008-09-29/a>Daniel WesemannPatchbag: WinZip / MPlayer / RealWin SCADA vuln
2008-09-09/a>Swa FrantzenEvil side economy: $1 for breaking 1000 CAPTCHAs
2008-09-08/a>Raul SilesCitectSCADA ODBC service exploit published
2008-09-07/a>Daniel WesemannStaying current, but not too current
2008-09-03/a>Daniel WesemannStatic analysis of Shellcode - Part 2
2008-08-26/a>Joel EslerPodcast Episode X Record Notice
2008-08-03/a>Deborah HaleSecuring A Network - Lessons Learned
2008-07-14/a>Daniel WesemannObfuscated JavaScript Redux
2008-07-08/a>Joel EslerPodcast Episode Eight Record Notice
2008-06-24/a>Joel EslerPodcast Episode Seven Record Notice
2008-06-13/a>Joel EslerPodcast Episode Six
2008-06-13/a>Johannes UllrichFloods: More of the same (2)
2008-06-11/a>John BambenekCitectSCADA Buffer Overflow Vulnerability
2008-06-01/a>Mark HofmanFree Yahoo email account! Sign me up, Ok well maybe not.
2008-05-28/a>Joel EslerPodcast Episode Five has been released
2008-05-26/a>Marcus SachsPredictable Response
2008-05-20/a>Joel EslerPodcast Episode Four has been released
2008-05-19/a>Maarten Van HorenbeeckText message and telephone aid scams
2008-05-17/a>Jim ClausingDisaster donation scams continue
2008-05-06/a>Marcus SachsIndustrial Control Systems Vulnerability
2008-05-01/a>Joel EslerISC Podcast Episode Number 3
2008-04-25/a>Joel EslerHey, where is the podcast?
2008-04-22/a>donald smithSpam to your calendar via Google agenda?
2008-04-16/a>William StearnsPasser, a aassive machine and service sniffer
2008-04-09/a>Joel EslerISC Podcast Episode Number 2
2008-04-06/a>Daniel WesemannAdvanced obfuscated JavaScript analysis
2008-04-03/a>Bojan ZdrnjaMixed (VBScript and JavaScript) obfuscation
2008-03-27/a>Johannes UllrichInternet Storm Center Podcast
2006-09-01/a>Joel EslerCA eTrust Antivirus [was] flagging lsass.e x e

FALSE

2018-06-25/a>Didier StevensGuilty by association
2016-02-22/a>Xavier MertensReducing False Positives with Open Data Sources
2014-08-29/a>Johannes UllrichFalse Positive or Not? Difficult to Analyze Javascript
2014-02-03/a>Johannes UllrichWhen an Attack isn't an Attack
2013-10-25/a>Rob VandenBrinkKaspersky flags TCPIP.SYS as Malware
2013-10-24/a>Johannes UllrichFalse Positive: php.net Malware Alert
2012-05-16/a>Johannes UllrichAvira Antivirus false positives http://forum.avira.com/wbb/index.php?page=Thread&threadID=144875
2011-03-09/a>Kevin ShorttAVG Anti-Virus 2011 False Positives - Luhe.Exploit.PDF.B
2010-04-21/a>Guy BruneauMcAfee DAT 5958 Update Issues
2009-12-03/a>Mark HofmanAvast false positives
2009-07-12/a>Mari NicholsCA Apologizes for False Positive
2008-12-04/a>Bojan ZdrnjaFinjan blocking access to isc.sans.org

POSTIVE

2009-07-12/a>Mari NicholsCA Apologizes for False Positive