Diaries by Keyword - SANS Internet Storm Center

Handler on Duty: Didier Stevens

Threat Level: green

Date	Author	Title
DDOS TOOLS
2010-12-09	Mark Hofman	Having a look at the DDOS tool used in the attacks today
DDOS
2024-09-25/a>	Johannes Ullrich	DNS Reflection Update and Odd Corrupted DNS Requests
2024-04-29/a>	Guy Bruneau	Linux Trojan - Xorddos with Filename eyshcjdmzg
2023-11-09/a>	Guy Bruneau	Routers Targeted for Gafgyt Botnet [Guest Diary]
2022-08-10/a>	Johannes Ullrich	And Here They Come Again: DNS Reflection Attacks
2022-08-02/a>	Johannes Ullrich	A Little DDoS in the Morning - Followup
2022-08-01/a>	Johannes Ullrich	A Little DDoS In the Morning
2022-04-13/a>	Jan Kopriva	How is Ukrainian internet holding up during the Russian invasion?
2021-07-31/a>	Guy Bruneau	Unsolicited DNS Queries
2020-09-01/a>	Johannes Ullrich	Exposed Windows Domain Controllers Used in CLDAP DDoS Attacks
2019-08-14/a>	Brad Duncan	Recent example of MedusaHTTP malware
2017-10-20/a>	Rick Wanner	One year Anniversary of Dyn DDOS
2017-07-07/a>	Renato Marinho	DDoS Extortion E-mail: Yet Another Bluff?
2016-12-29/a>	Rick Wanner	More on Protocol 47 denys
2016-12-19/a>	John Bambenek	UPDATED x1: Mirai Scanning for Port 6789 Looking for New Victims / Now hitting tcp/23231
2016-12-09/a>	Rick Wanner	Mirai - now with DGA
2016-05-29/a>	Guy Bruneau	Analysis of a Distributed Denial of Service (DDoS)
2016-02-07/a>	Rick Wanner	DDOS is down, but still a concern for ISPs
2015-06-23/a>	Kevin Shortt	XOR DDOS Mitigation and Analysis
2015-02-27/a>	Rick Wanner	DDOS are way down? Why?
2015-02-19/a>	Daniel Wesemann	DNS-based DDoS
2014-08-31/a>	Rick Wanner	1900/UDP (SSDP) Scanning and DDOS
2014-08-17/a>	Rick Wanner	Part 1: Is your home network unwittingly contributing to NTP DDOS attacks?
2014-08-17/a>	Rick Wanner	Part 2: Is your home network unwittingly contributing to NTP DDOS attacks?
2014-06-24/a>	Kevin Shortt	NTP DDoS Counts Have Dropped
2014-06-02/a>	Rick Wanner	Using nmap to scan for DDOS reflectors
2014-04-30/a>	Russ McRee	UltraDNS DDOS
2014-03-12/a>	Johannes Ullrich	Wordpress "Pingback" DDoS Attacks
2014-02-17/a>	Chris Mohan	NTP reflection attacks continue
2013-11-22/a>	Rick Wanner	Port 0 DDOS
2013-06-05/a>	Richard Porter	BIND 9 Update fixing CVE-2013-3919
2013-04-21/a>	John Bambenek	A Chargen-based DDoS? Chargen is still a thing?
2013-03-28/a>	John Bambenek	Where Were You During the Great DDoS Cybergeddon of 2013?
2013-03-18/a>	Kevin Shortt	Spamhaus DDOS
2012-09-20/a>	Russ McRee	Financial sector advisory: attacks and threats against financial institutions
2012-03-30/a>	Daniel Wesemann	Tomorrow, the world will end
2012-01-22/a>	Johannes Ullrich	Javascript DDoS Tool Analysis
2011-05-20/a>	Guy Bruneau	Distributed Denial of Service Cheat Sheet
2011-04-05/a>	Mark Hofman	Sony DDOS
2011-04-05/a>	Mark Hofman	DNS.be DDOS
2011-03-04/a>	Mark Hofman	DDOS, the new black?
2011-02-12/a>	Kevin Liston	DDoS Analysis Process
2011-01-29/a>	Mark Hofman	Sourceforge attack
2010-12-09/a>	Mark Hofman	Having a look at the DDOS tool used in the attacks today
2010-12-08/a>	Rob VandenBrink	Interesting DDOS activity around Wikileaks
2010-09-14/a>	Adrien de Beaupre	BlackEnergy DDoS
2010-08-16/a>	Raul Siles	DDOS: State of the Art
2010-08-07/a>	Stephen Hall	DnsMadeEasy under a "quite large and unique" ddos.
2010-02-02/a>	Johannes Ullrich	Pushdo Update
2010-01-19/a>	Jim Clausing	49Gbps DDoS, IPv4 exhaustion, and DNSSEC, oh my!
2010-01-06/a>	Johannes Ullrich	Denial of Service Attack Aftermath (and what did Iran have to do with it?)
2009-09-09/a>	Mark Hofman	Possible DDOS on gov.au sites starting tonight?
2009-07-09/a>	John Bambenek	Latest Updates on Ongoing DDoS on Governmental/Commercial Websites in USA and S. Korea
2009-07-08/a>	Marcus Sachs	RFI: DDoS Against Government and Civilian Web Sites
2009-06-23/a>	Bojan Zdrnja	Slowloris and Iranian DDoS attacks
2009-03-08/a>	Marcus Sachs	Behind the Estonia Cyber Attacks
2009-01-31/a>	Swa Frantzen	DNS DDoS - let's use a long term solution
2008-12-03/a>	Andre Ludwig	New ISC Poll! Has your organization suffered a DDoS (Distributed Denial of Service) attack in the last year?
2008-07-20/a>	Kevin Liston	Denial of Service Attack Against Georgia-- Are You Participating?
2008-04-10/a>	Deborah Hale	DSLReports Being Attacked Again
TOOLS
2024-10-24/a>	Johannes Ullrich	Development Features Enabled in Prodcution
2024-09-30/a>	Jim Clausing	Tool update: mac-robber.py and le-hex-to-ip.py
2024-06-15/a>	Didier Stevens	Overview of My Tools That Handle JSON Data
2023-07-24/a>	Rob VandenBrink	JQ: Another Tool We Thought We Knew
2023-07-01/a>	Russ McRee	Sandfly Security
2022-03-24/a>	Xavier Mertens	Malware Delivered Through Free Sharing Tool
2021-10-08/a>	Rob VandenBrink	Sorting Things Out - Sorting Data by IP Address
2020-06-11/a>	Xavier Mertens	Anti-Debugging JavaScript Techniques
2019-05-10/a>	Xavier Mertens	DSSuite - A Docker Container with Didier's Tools
2018-11-11/a>	Pasquale Stirparo	Community contribution: joining forces or multiply solutions?
2018-10-10/a>	Xavier Mertens	"OG" Tools Remain Valuable
2018-08-05/a>	Didier Stevens	Video: Maldoc analysis with standard Linux tools
2018-07-30/a>	Xavier Mertens	Exploiting the Power of Curl
2017-09-19/a>	Jim Clausing	New tool: mac-robber.py
2017-01-12/a>	Mark Baggett	Some tools updates
2017-01-12/a>	Mark Baggett	System Resource Utilization Monitor
2017-01-07/a>	Xavier Mertens	Using Security Tools to Compromize a Network
2016-02-06/a>	Jim Clausing	More updates to kippo-log2db
2015-02-19/a>	Daniel Wesemann	Macros? Really?!
2015-02-07/a>	Jim Clausing	Update to kippo-log2db.pl
2014-11-05/a>	Russ McRee	Tool Tip: vFeed
2014-09-14/a>	Jim Clausing	SSDEEP update
2014-08-12/a>	Adrien de Beaupre	Host discovery with nmap
2013-11-19/a>	Jim Clausing	Updated dumpdns.pl
2013-06-18/a>	Russ McRee	EMET 4.0 is now available for download
2013-06-05/a>	Richard Porter	Windows Sysinternals Updated http://technet.microsoft.com/en-us/sysinternals/default.aspx
2013-05-11/a>	Lenny Zeltser	Extracting Digital Signatures from Signed Malware
2013-02-03/a>	Lorna Hutcheson	Is it Really an Attack?
2012-05-06/a>	Jim Clausing	Tool updates and Win 8
2011-08-22/a>	Jim Clausing	Are your tools ready for IPv6? (part 2)
2011-08-04/a>	Jim Clausing	Are your tools ready for IPv6? (part 1)
2010-12-30/a>	Rick Wanner	SamuraiWTF Review over at ISSA Toolsmith
2010-12-09/a>	Mark Hofman	Having a look at the DDOS tool used in the attacks today
2010-12-05/a>	Jim Clausing	Updates to a couple of Sysinternals tools
2010-10-20/a>	Jim Clausing	Tools updates - Oct 2010
2010-10-19/a>	Rob VandenBrink	Cyber Security Awareness Month - Day 19 - VPN and Remote Access Tools
2010-10-19/a>	Rob VandenBrink	Cyber Security Awareness Month - Day 19 - Remote Access Tools
2010-08-09/a>	Jim Clausing	Free/inexpensive tools for monitoring systems/networks
2010-07-13/a>	Jim Clausing	Forensic challenge results
2010-05-28/a>	Jim Clausing	Wireshark SMB file extraction plug-in
2010-03-30/a>	Marcus Sachs	Zigbee Analysis Tools
2010-03-30/a>	Pedro Bueno	Sharing the Tools
2010-01-19/a>	Jim Clausing	Forensic challenges
2010-01-06/a>	Johannes Ullrich	New Tool: IPv6 conversions http://isc.sans.org/tools/ipv6.html
2009-11-26/a>	Tony Carothers	What Are You Thankful For?
2009-11-25/a>	Jim Clausing	Tool updates
2009-09-24/a>	Jim Clausing	A couple more tools
2009-05-25/a>	Jim Clausing	More tools for (US) Memorial Day
2009-03-01/a>	Jim Clausing	Cool combination of tools
2008-12-13/a>	Jim Clausing	Followup from last shift and some research to do.
2008-11-17/a>	Jim Clausing	How are you coming with that IPv6 migration?
2008-11-13/a>	Jim Clausing	Some recently updated tools
2008-09-22/a>	Jim Clausing	More on tools/resources/blogs
2008-09-07/a>	Lorna Hutcheson	Malware Analysis: Tools are only so good
2008-07-11/a>	Jim Clausing	Updates to some of our favorite tools

DDOS TOOLS

DDOS

TOOLS