Internet Storm Center
Sign In
Sign Up
Participate: Learn more about our honeypot network
https://isc.sans.edu/tools/honeypot/
Handler on Duty:
Didier Stevens
Threat Level:
green
Date
Author
Title
FORENSIC CHALLENGE 6
2010-11-12
Guy Bruneau
Honeynet Forensic Challenge - Analyzing Malicious Portable Destructive Files
FORENSIC
2023-01-26/a>
Tom Webb
Live Linux IR with UAC
2023-01-02/a>
Xavier Mertens
NetworkMiner 2.8 Released
2021-12-22/a>
Brad Duncan
December 2021 Forensic Contest: Answers and Analysis
2021-12-08/a>
Brad Duncan
December 2021 Forensic Challenge
2021-11-04/a>
Tom Webb
Xmount for Disk Images
2021-10-22/a>
Brad Duncan
October 2021 Contest: Forensic Challenge
2021-06-30/a>
Brad Duncan
June 2021 Forensic Contest: Answers and Analysis
2021-06-18/a>
Daniel Wesemann
Network Forensics on Azure VMs (Part #2)
2021-06-17/a>
Daniel Wesemann
Network Forensics on Azure VMs (Part #1)
2021-05-19/a>
Brad Duncan
May 2021 Forensic Contest: Answers and Analysis
2021-05-05/a>
Brad Duncan
May 2021 Forensic Contest
2021-04-01/a>
Brad Duncan
April 2021 Forensic Quiz
2021-02-25/a>
Daniel Wesemann
Forensicating Azure VMs
2020-12-16/a>
Daniel Wesemann
DNS Logs in Public Clouds
2019-10-25/a>
Rob VandenBrink
More on DNS Archeology (with PowerShell)
2019-08-21/a>
Russ McRee
KAPE: Kroll Artifact Parser and Extractor
2018-01-26/a>
Xavier Mertens
Investigating Microsoft BITS Activity
2017-10-02/a>
Xavier Mertens
Investigating Security Incidents with Passive DNS
2017-09-28/a>
Xavier Mertens
The easy way to analyze huge amounts of PCAP data
2017-09-24/a>
Jim Clausing
Forensic use of mount --bind
2017-09-19/a>
Jim Clausing
New tool: mac-robber.py
2017-07-09/a>
Russ McRee
Adversary hunting with SOF-ELK
2017-01-12/a>
Mark Baggett
System Resource Utilization Monitor
2016-10-31/a>
Russ McRee
SEC505 DFIR capture script: snapshot.ps1
2016-08-11/a>
Pasquale Stirparo
Looking for the insider: Forensic Artifacts on iOS Messaging App
2016-06-01/a>
Xavier Mertens
Docker Containers Logging
2016-05-22/a>
Pasquale Stirparo
The strange case of WinZip MRU Registry key
2016-03-28/a>
Xavier Mertens
Improving Bash Forensics Capabilities
2016-03-11/a>
Jim Clausing
Forensicating Docker, Part 1
2016-02-18/a>
Xavier Mertens
Hunting for Executable Code in Windows Environments
2016-01-06/a>
Russ McRee
toolsmith #112: Red vs Blue - PowerSploit vs PowerForensics
2015-04-24/a>
Basil Alawi S.Taher
Fileless Malware
2015-04-17/a>
Didier Stevens
Memory Forensics Of Network Devices
2015-03-18/a>
Daniel Wesemann
New SANS memory forensics poster
2015-02-03/a>
Johannes Ullrich
Another Network Forensic Tool for the Toolbox - Dshell
2014-08-10/a>
Basil Alawi S.Taher
Incident Response with Triage-ir
2014-06-22/a>
Russ McRee
OfficeMalScanner helps identify the source of a compromise
2014-06-03/a>
Basil Alawi S.Taher
An Introduction to RSA Netwitness Investigator
2014-05-18/a>
Russ McRee
sed and awk will always rock
2014-03-11/a>
Basil Alawi S.Taher
Introduction to Memory Analysis with Mandiant Redline
2014-03-07/a>
Tom Webb
Linux Memory Dump with Rekall
2014-02-09/a>
Basil Alawi S.Taher
Mandiant Highlighter 2
2014-01-10/a>
Basil Alawi S.Taher
Windows Autorun-3
2013-12-12/a>
Basil Alawi S.Taher
Acquiring Memory Images with Dumpit
2013-11-21/a>
Mark Baggett
"In the end it is all PEEKS and POKES."
2013-11-20/a>
Mark Baggett
Searching live memory on a running machine with winpmem
2013-11-19/a>
Mark Baggett
Winpmem - Mild mannered memory aquisition tool??
2013-08-26/a>
Alex Stanford
Stop, Drop and File Carve
2013-08-14/a>
Johannes Ullrich
Imaging LUKS Encrypted Drives
2013-07-12/a>
Rob VandenBrink
Hmm - where did I save those files?
2013-05-23/a>
Adrien de Beaupre
MoVP II
2013-04-25/a>
Adam Swanger
SANS 2013 Forensics Survey - https://www.surveymonkey.com/s/2013SANSForensicsSurvey
2012-11-02/a>
Daniel Wesemann
The shortcomings of anti-virus software
2012-09-14/a>
Lenny Zeltser
Analyzing Malicious RTF Files Using OfficeMalScanner's RTFScan
2012-06-04/a>
Lenny Zeltser
Decoding Common XOR Obfuscation in Malicious Code
2011-09-29/a>
Daniel Wesemann
The SSD dilemma
2011-08-05/a>
Johannes Ullrich
Forensics: SIFT Kit 2.1 now available for download http://computer-forensics.sans.org/community/downloads
2011-03-01/a>
Daniel Wesemann
AV software and "sharing samples"
2010-11-17/a>
Guy Bruneau
Reference on Open Source Digital Forensics
2010-11-12/a>
Guy Bruneau
Honeynet Forensic Challenge - Analyzing Malicious Portable Destructive Files
2010-07-13/a>
Jim Clausing
Forensic challenge results
2010-06-04/a>
Rick Wanner
New Honeynet Project Forensic Challenge
2010-05-22/a>
Rick Wanner
SANS 2010 Digital Forensics Summit - APT Based Forensic Challenge
2010-05-21/a>
Rick Wanner
2010 Digital Forensics and Incident Response Summit
2010-05-04/a>
Rick Wanner
SIFT review in the ISSA Toolsmith
2010-04-30/a>
Kevin Liston
The Importance of Small Files
2010-04-11/a>
Marcus Sachs
Network and process forensics toolset
2010-03-28/a>
Rick Wanner
Honeynet Project: 2010 Forensic Challenge #3
2010-03-26/a>
Daniel Wesemann
SIFT2.0 SANS Investigative Forensics Toolkit released
2010-01-19/a>
Jim Clausing
Forensic challenges
2009-12-14/a>
Adrien de Beaupre
Anti-forensics, COFEE vs. DECAF
2009-11-25/a>
Jim Clausing
Updates to my GREM Gold scripts and a new script
2009-08-18/a>
Daniel Wesemann
Forensics: Mounting partitions from full-disk 'dd' images
2009-08-13/a>
Jim Clausing
New and updated cheat sheets
2009-07-02/a>
Daniel Wesemann
Getting the EXE out of the RTF
2009-02-02/a>
Stephen Hall
How do you audit your production code?
2009-01-02/a>
Rick Wanner
Tools on my Christmas list.
2008-11-17/a>
Marcus Sachs
New Tool: NetWitness Investigator
2008-08-17/a>
Kevin Liston
Volatility 1.3 Released
2008-08-15/a>
Jim Clausing
OMFW 2008 reflections
CHALLENGE
2022-12-10/a>
Didier Stevens
Open Now: 2022 SANS Holiday Hack Challenge & KringleCon
2021-12-22/a>
Brad Duncan
December 2021 Forensic Contest: Answers and Analysis
2021-12-08/a>
Brad Duncan
December 2021 Forensic Challenge
2020-08-02/a>
Didier Stevens
Small Challenge: A Simple Word Maldoc
2017-12-27/a>
Guy Bruneau
What are your Security Challenges for 2018?
2014-04-12/a>
Guy Bruneau
Interested in a Heartbleed Challenge?
2013-12-28/a>
Bojan Zdrnja
DRG online challenge(s)
2013-01-02/a>
Chris Mohan
Starting the New Year on the right foot
2012-04-16/a>
Mark Baggett
Challenge: What can you do with Funky Directory Names (Part 2)
2012-04-11/a>
Mark Baggett
Challenge: What can you do with funky directory names?
2011-09-07/a>
Lenny Zeltser
Analyzing Mobile Device Malware - Honeynet Forensic Challenge 9 and Some Tools
2010-12-23/a>
Mark Hofman
Skoudis' Annual Xmas Hacking Challenge - The Nightmare Before Charlie Brown's Christmas
2010-11-12/a>
Guy Bruneau
Honeynet Forensic Challenge - Analyzing Malicious Portable Destructive Files
2010-07-13/a>
Jim Clausing
Forensic challenge results
2010-06-04/a>
Rick Wanner
New Honeynet Project Forensic Challenge
2010-03-28/a>
Rick Wanner
Honeynet Project: 2010 Forensic Challenge #3
2010-01-27/a>
Raul Siles
European Union Security Challenge (Campus Party 2010)
2010-01-19/a>
Jim Clausing
Forensic challenges
2009-07-27/a>
Raul Siles
New Hacker Challenge: Prison Break - Breaking, Entering & Decoding
2008-03-25/a>
Raul Siles
New Security Challenge - It Happened One Friday
2008-03-23/a>
Johannes Ullrich
Finding hidden gems (easter eggs) in your logs (packet challenge!)
6
2023-01-17/a>
Johannes Ullrich
Packet Tuesday: IPv6 Router Advertisements https://www.youtube.com/watch?v=uRWpB_lYIZ8
2022-11-17/a>
Johannes Ullrich
Lessons Learned from Automatic Failover: When 8.8.8.8 "disappears". IPv6 to the Rescue?
2022-10-27/a>
Tom Webb
Supersizing your DUO and 365 Integration
2022-10-16/a>
Didier Stevens
Video: Analysis of a Malicious HTML File (QBot)
2022-10-13/a>
Didier Stevens
Analysis of a Malicious HTML File (QBot)
2022-09-09/a>
Didier Stevens
Maldoc With Decoy BASE64
2022-09-06/a>
Didier Stevens
Analysis of an Encoded Cobalt Strike Beacon
2022-08-28/a>
Didier Stevens
Dealing With False Positives when Scanning Memory Dumps for Cobalt Strike Beacons
2022-08-22/a>
Xavier Mertens
32 or 64 bits Malware?
2022-06-27/a>
Johannes Ullrich
Encrypted Client Hello: Anybody Using it Yet?
2022-06-19/a>
Didier Stevens
Video: Decoding Obfuscated BASE64 Statistically
2022-06-18/a>
Didier Stevens
Decoding Obfuscated BASE64 Statistically
2022-04-28/a>
Johannes Ullrich
A Day of SMB: What does our SMB/RPC Honeypot see? CVE-2022-26809
2022-04-14/a>
Johannes Ullrich
An Update on CVE-2022-26809 - MSRPC Vulnerabliity - PATCH NOW
2022-01-02/a>
Guy Bruneau
Exchange Server - Email Trapped in Transport Queues
2021-12-18/a>
Guy Bruneau
VMware Security Update - https://www.vmware.com/security/advisories/VMSA-2021-0030.html
2021-11-20/a>
Guy Bruneau
Hikvision Security Cameras Potentially Exposed to Remote Code Execution
2021-09-07/a>
Johannes Ullrich
Why I Gave Up on IPv6. And no, it is not because of security issues.
2021-07-16/a>
Xavier Mertens
Multiple BaseXX Obfuscations
2021-07-02/a>
Xavier Mertens
"inception.py"... Multiple Base64 Encodings
2021-06-30/a>
Johannes Ullrich
CVE-2021-1675: Incomplete Patch and Leaked RCE Exploit
2021-06-26/a>
Guy Bruneau
CVE-2019-9670: Zimbra Collaboration Suite XXE vulnerability
2021-06-11/a>
Xavier Mertens
Sonicwall SRA 4600 Targeted By an Old Vulnerability
2021-04-24/a>
Guy Bruneau
Base64 Hashes Used in Web Scanning
2021-02-25/a>
Jim Clausing
So where did those Satori attacks come from?
2021-02-16/a>
Jim Clausing
More weirdness on TCP port 26
2020-12-26/a>
Didier Stevens
base64dump.py Supported Encodings
2020-12-07/a>
Didier Stevens
Corrupt BASE64 Strings: Detection and Decoding
2020-10-28/a>
Jan Kopriva
SMBGhost - the critical vulnerability many seem to have forgotten to patch
2020-09-27/a>
Didier Stevens
Decoding Corrupt BASE64 Strings
2020-08-20/a>
Rob VandenBrink
Office 365 Mail Forwarding Rules (and other Mail Rules too)
2020-06-27/a>
Didier Stevens
Video: YARA's BASE64 Strings
2020-06-14/a>
Didier Stevens
YARA's BASE64 Strings
2020-06-08/a>
Didier Stevens
Translating BASE64 Obfuscated Scripts
2020-05-30/a>
Didier Stevens
YARA v4.0.1
2020-05-19/a>
Rick Wanner
What is up on Port 62234?
2020-05-10/a>
Didier Stevens
YARA v4.0.0: BASE64 Strings
2020-05-01/a>
Jim Clausing
Attack traffic on TCP port 9673
2020-01-16/a>
Bojan Zdrnja
Summing up CVE-2020-0601, or the Let?s Decrypt vulnerability
2020-01-15/a>
Johannes Ullrich
CVE-2020-0601 Followup
2019-12-02/a>
Jim Clausing
Next up, what's up with TCP port 26?
2019-11-19/a>
Johannes Ullrich
Cheap Chinese JAWS of DVR Exploitability on Port 60001
2019-10-27/a>
Guy Bruneau
Unusual Activity with Double Base64 Encoding
2019-08-01/a>
Johannes Ullrich
What is Listening On Port 9527/TCP?
2019-07-26/a>
Kevin Shortt
DVRIP Port 34567 - Uptick
2019-06-03/a>
Didier Stevens
Tip: BASE64 Encoded PowerShell Scripts are Recognizable by the Amount of Letter As
2019-04-07/a>
Guy Bruneau
Fake Office 365 Payment Information Update
2019-02-02/a>
Guy Bruneau
Scanning for WebDAV PROPFIND Exploiting CVE-2017-7269
2019-01-29/a>
Johannes Ullrich
A Not So Well Done Phish (Why Attackers need to Implement IPv6 Now! ;-) )
2018-05-22/a>
Guy Bruneau
VMware updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue - https://www.vmware.com/security/advisories/VMSA-2018-0012.html
2018-02-02/a>
Xavier Mertens
Simple but Effective Malicious XLS Sheet
2018-01-19/a>
Jim Clausing
Followup to IPv6 brute force and IPv6 blocking
2018-01-09/a>
Jim Clausing
Are you watching for brute force attacks on IPv6?
2017-09-13/a>
Rob VandenBrink
No IPv6? Challenge Accepted! (Part 1)
2017-07-08/a>
Xavier Mertens
A VBScript with Obfuscated Base64 Data
2017-03-19/a>
Xavier Mertens
Searching for Base64-encoded PE Files
2017-03-03/a>
Lorna Hutcheson
BitTorrent or Something Else?
2016-11-24/a>
Didier Stevens
Extracting Shellcode From JavaScript
2016-10-22/a>
Guy Bruneau
Request for Packets TCP 4786 - CVE-2016-6385
2016-07-26/a>
Johannes Ullrich
Command and Control Channels Using "AAAA" DNS Records
2016-07-17/a>
Guy Bruneau
Juniper -> Junos: Self-signed certificate with spoofed trusted Issuer CN accepted as valid - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10755&actp=search
2016-03-13/a>
Guy Bruneau
A Look at the Mandiant M-Trends 2016 Report
2016-02-28/a>
Guy Bruneau
RFC 6598 - Carrier Grade NAT
2016-02-13/a>
Guy Bruneau
VMware VMSA-2015-0007.3 has been Re-released
2016-02-02/a>
Johannes Ullrich
Targeted IPv6 Scans Using pool.ntp.org .
2016-01-31/a>
Guy Bruneau
OpenSSL 1.0.2 Advisory and Update
2016-01-05/a>
Guy Bruneau
What are you Concerned the Most in 2016?
2015-07-05/a>
Didier Stevens
Working with base64
2015-04-15/a>
Johannes Ullrich
MS15-034: HTTP.sys (IIS) DoS And Possible Remote Code Execution. PATCH NOW
2015-02-08/a>
Rob VandenBrink
BURP 1.6.10 Released
2014-09-25/a>
Johannes Ullrich
Update on CVE-2014-6271: Vulnerability in bash (shellshock)
2014-09-24/a>
Pedro Bueno
Attention *NIX admins, time to patch!
2014-09-15/a>
Johannes Ullrich
Google DNS Server IP Address Spoofed for SNMP reflective Attacks
2014-07-10/a>
Rob VandenBrink
Certificate Errors in Office 365 Today
2014-07-07/a>
Johannes Ullrich
Multi Platform *Coin Miner Attacking Routers on Port 32764
2014-04-23/a>
Johannes Ullrich
DHCPv6 and DUID Confusion
2014-04-08/a>
Guy Bruneau
OpenSSL CVE-2014-0160 Fixed
2014-03-24/a>
Johannes Ullrich
New Microsoft Advisory: Unpatched Word Flaw used in Targeted Attacks
2014-03-20/a>
Johannes Ullrich
Normalizing IPv6 Addresses
2014-02-27/a>
Richard Porter
DDoS and BCP 38
2014-01-30/a>
Johannes Ullrich
IPv6 and isc.sans.edu (Update)
2014-01-13/a>
Johannes Ullrich
Got an IPv6 Firewall?
2013-11-19/a>
Jim Clausing
Updated dumpdns.pl
2013-08-28/a>
Bojan Zdrnja
MS13-056 (false positive)? alerts
2013-08-15/a>
Johannes Ullrich
Microsoft Pulls MS013-061 due to problems with Exchange Server 2013 http://blogs.technet.com/b/exchange/archive/2013/08/14/exchange-2013-security-update-ms13-061-status-update.aspx
2013-07-12/a>
Johannes Ullrich
Microsoft Teredo Server "Sunset"
2013-06-12/a>
Johannes Ullrich
Stupid Little IPv6 Tricks
2013-05-20/a>
Johannes Ullrich
Ubuntu Package available to submit firewall logs to DShield
2013-05-19/a>
Kevin Shortt
Port 51616 - Got Packets?
2013-05-17/a>
Johannes Ullrich
SSL: Another reason not to ignore IPv6
2013-04-14/a>
Johannes Ullrich
Protocol 61 Packets Follow Up
2013-04-13/a>
Johannes Ullrich
Protocol 61: Anybody got packets?
2013-03-27/a>
Adam Swanger
IPv6 Focus Month: Guest Diary: Stephen Groat - IPv6 moving target defense
2013-03-25/a>
Johannes Ullrich
IPv6 Focus Month: IPv6 over IPv4 Preference
2013-03-21/a>
Jim Clausing
IPv6 Focus Month: Guest Diary: Matthew Newton - IPv6 Cat Feeder - Turning those extra bits into bytes, literally
2013-03-19/a>
Johannes Ullrich
IPv6 Focus Month: The warm and fuzzy side of IPv6
2013-03-18/a>
Johannes Ullrich
IPv6 Focus Month: What is changing with DHCP
2013-03-13/a>
Johannes Ullrich
IPv6 Focus Month: Kaspersky Firewall IPv6 Vulnerability
2013-03-12/a>
Swa Frantzen
IPv6 Focus Month: How to say no!
2013-03-11/a>
Richard Porter
IPv6 Focus Month: Traffic Testing, Firewalls, ACLs, pt 1
2013-03-09/a>
Guy Bruneau
IPv6 Focus Month: IPv6 Encapsulation - Protocol 41
2013-03-08/a>
Johannes Ullrich
IPv6 Focus Month: Filtering ICMPv6 at the Border
2013-03-07/a>
Rob VandenBrink
IPv6 Focus Month: Barriers to Implementing IPv6
2013-03-06/a>
Adam Swanger
IPv6 Focus Month: Guest Diary: Stephen Groat - Geolocation Using IPv6 Addresses
2013-03-05/a>
Mark Hofman
IPv6 Focus Month: Device Defaults
2013-03-04/a>
Johannes Ullrich
IPv6 Focus Month: Addresses
2013-03-01/a>
Jim Clausing
IPv6 Focus Month at the Internet Storm Center
2013-02-19/a>
Johannes Ullrich
APT1, Unit 61398 and are state sponsored attacks real
2013-02-11/a>
John Bambenek
OpenSSL 1.0.1e Released with Corrected fix for CVE-2013-1069, more here: http://www.openssl.org/
2013-01-31/a>
Johannes Ullrich
IPv6 Focus Month
2012-06-01/a>
Johannes Ullrich
What Does "IPv6 Day" mean to you?
2012-05-17/a>
Johannes Ullrich
New IPv6 Video: IPv6 Router Advertisements https://isc.sans.edu/ipv6videos
2012-03-09/a>
Guy Bruneau
Nmap 5.61TEST5 released with 43 new scripts,improved OS & version detection, and more available for download - http://nmap.org/download.html
2012-02-24/a>
Guy Bruneau
Flashback Trojan in the Wild
2012-01-12/a>
Rob VandenBrink
PHP 5.39 was release on the 10th, amongst other things, it addresses CVE-2011-4885 (prevents attacks based on hash collisions) and CVE-2011-4566 (integer overflow when parsing invalid exif header)
2011-11-04/a>
Guy Bruneau
New Poll: In the coming 12 months, what is your deployment plan or status with IPv6?
2011-10-23/a>
Guy Bruneau
tcpdump and IPv6
2011-10-06/a>
Rob VandenBrink
Apache HTTP Server mod_proxy reverse proxy issue
2011-09-09/a>
Guy Bruneau
IPv6 and DNS Sinkhole
2011-08-22/a>
Jim Clausing
Are your tools ready for IPv6? (part 2)
2011-08-04/a>
Jim Clausing
Are your tools ready for IPv6? (part 1)
2011-06-09/a>
Johannes Ullrich
IPv6 Day Summary
2011-06-08/a>
Johannes Ullrich
IPv6 Day Started
2011-06-02/a>
Johannes Ullrich
IPv6 RA-Guard: How it works and how to defeat it
2011-06-01/a>
Johannes Ullrich
Enabling Privacy Enhanced Addresses for IPv6
2011-05-03/a>
Johannes Ullrich
Analyzing Teredo with tshark and Wireshark
2011-04-21/a>
Guy Bruneau
Silverlight Update Available
2011-04-11/a>
Johannes Ullrich
Layer 2 DoS and other IPv6 Tricks
2011-04-05/a>
Johannes Ullrich
IPv6 MITM via fake router advertisements
2011-02-01/a>
Johannes Ullrich
The End Of IP As We Know It
2011-01-27/a>
Guy Bruneau
ISC DHCP DHCPv6 Vulnerability
2011-01-05/a>
Johannes Ullrich
ipv6finder : How ready are you for IPv6?
2010-11-16/a>
Guy Bruneau
OpenSSL TLS Extension Parsing Race Condition
2010-11-12/a>
Guy Bruneau
Honeynet Forensic Challenge - Analyzing Malicious Portable Destructive Files
2010-10-30/a>
Guy Bruneau
Security Update for Shockwave Player
2010-10-28/a>
Manuel Humberto Santander Pelaez
CVE-2010-3654 - New dangerous 0-day authplay library adobe products vulnerability
2010-07-29/a>
Rob VandenBrink
Snort 2.8.6.1 and Snort 2.9 Beta Released
2010-07-26/a>
Guy Bruneau
SophosLabs Released Free Tool to Validate Microsoft Shortcut
2010-07-20/a>
Manuel Humberto Santander Pelaez
LNK vulnerability now with Metasploit module implementing the WebDAV method
2010-06-23/a>
Johannes Ullrich
IPv6 Support in iOS 4
2010-03-24/a>
Kyle Haugsness
Wax nostalgic - commodore64 updated to present time
2010-03-10/a>
Rob VandenBrink
Microsoft Security Advisory 981374 - Remote Code Execution Vulnerability for IE6 and IE7
2010-02-26/a>
Rick Wanner
NIST Guidelines for Secure Deployment of IPv6 - http://csrc.nist.gov/publications/drafts/800-119/draft-sp800-119_feb2010.pdf
2010-02-16/a>
Jim Clausing
Teredo request for packets
2010-02-16/a>
Johannes Ullrich
Teredo "stray packet" analysis
2010-02-02/a>
Johannes Ullrich
New IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux)
2010-01-19/a>
Jim Clausing
49Gbps DDoS, IPv4 exhaustion, and DNSSEC, oh my!
2010-01-13/a>
Guy Bruneau
Sun Java JRE 6 Update 18 Released
2010-01-12/a>
Adrien de Beaupre
PoC for CVE-2009-0689 MacOS X 10.5/10.6 vulnerability
2010-01-12/a>
Johannes Ullrich
IPv6 and isc.sans.org
2010-01-09/a>
G. N. White
What's Up With All The Port Scanning Using TCP/6000 As A Source Port?
2010-01-06/a>
Johannes Ullrich
New Tool: IPv6 conversions http://isc.sans.org/tools/ipv6.html
2010-01-06/a>
Johannes Ullrich
Denial of Service Attack Aftermath (and what did Iran have to do with it?)
2009-11-22/a>
Marcus Sachs
IE6 and IE7 0-Day Reported
2009-11-07/a>
Marcus Sachs
More Thoughts on Legacy Systems
2009-10-28/a>
Johannes Ullrich
Sniffing SSL: RFC 4366 and TLS Extensions
2009-10-15/a>
Deborah Hale
Cyber Security Awareness Month - Day 15 - Ports 995, 465, and 993 - Secure Email
2009-10-11/a>
Mark Hofman
Cyber Security Awareness Month - Day 12 Ports 161/162 Simple Network Management Protocol (SNMP)
2009-10-06/a>
Adrien de Beaupre
Cyber Security Awareness Month - Day 6 ports 67&68 udp - bootp and dhcp
2009-09-07/a>
Jim Clausing
Request for packets
2009-05-02/a>
Rick Wanner
Significant increase in port 2967 traffic
2009-04-30/a>
Marcus Sachs
ARIN Notification Concerning IPv6
2009-04-18/a>
Johannes Ullrich
Twitter Packet Challenge Solution
2009-03-25/a>
David Goldsmith
Java Runtime Environment 6.0 Update 13 Released
2009-02-13/a>
Andre Ludwig
Third party information on conficker
2009-01-12/a>
William Salusky
Downadup / Conficker - MS08-067 exploit and Windows domain account lockout
2008-12-13/a>
Jim Clausing
Followup from last shift and some research to do.
2008-11-17/a>
Jim Clausing
How are you coming with that IPv6 migration?
2006-11-20/a>
Joel Esler
MS06-070 Remote Exploit
2006-10-10/a>
Johannes Ullrich
MS06-056: ASP.NET XSS Information Disclosure Vulnerability (moderate)
2006-10-10/a>
Johannes Ullrich
MS06-061: XSLT/MSXML Buffer Overflow Code Execution Vulnerability (moderate)
2006-10-10/a>
Kyle Haugsness
MS06-063: Mailslot DoS (Server service)
2006-09-19/a>
Swa Frantzen
Yet another MSIE 0-day: VML
2006-09-12/a>
Swa Frantzen
Microsoft security patches for September 2006
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Forums
Auditing
Diary Discussions
Forensics
General Discussions
Industry News
Network Security
Penetration Testing
Software Security
Contact Us
Contact Us
About Us
Handlers
Slack Channel
Mastodon
Twitter
Subscribe to the daily podcast via
RSS
or
iTunes