Internet Storm Center
Sign In
Sign Up
Participate: Learn more about our honeypot network
https://isc.sans.edu/tools/honeypot/
Handler on Duty:
Didier Stevens
Threat Level:
green
Date
Author
Title
2023-01-26
Tom Webb
Live Linux IR with UAC
2023-01-21
Guy Bruneau
DShield Sensor JSON Log to Elasticsearch
2022-08-22
Xavier Mertens
32 or 64 bits Malware?
2022-04-19
Johannes Ullrich
Resetting Linux Passwords with U-Boot Bootloaders
2021-12-04
Guy Bruneau
A Review of Year 2021
2021-11-04
Tom Webb
Xmount for Disk Images
2021-09-11
Guy Bruneau
Shipping to Elasticsearch Microsoft DNS Logs
2021-06-18
Daniel Wesemann
Network Forensics on Azure VMs (Part #2)
2021-06-17
Daniel Wesemann
Network Forensics on Azure VMs (Part #1)
2021-05-14
Xavier Mertens
"Open" Access to Industrial Systems Interface is Also Far From Zero
2021-05-12
Jan Kopriva
Number of industrial control systems on the internet is lower then in 2020...but still far from zero
2021-02-25
Daniel Wesemann
Forensicating Azure VMs
2021-02-13
Guy Bruneau
Using Logstash to Parse IPtables Firewall Logs
2021-01-30
Guy Bruneau
PacketSifter as Network Parsing and Telemetry Tool
2020-12-19
Guy Bruneau
Secure Communication using TLS in Elasticsearch
2020-12-16
Daniel Wesemann
DNS Logs in Public Clouds
2020-12-08
Johannes Ullrich
December 2020 Microsoft Patch Tuesday: Exchange, Sharepoint, Dynamics and DNS Spoofing
2020-08-01
Jan Kopriva
What pages do bad bots look for?
2020-05-06
Xavier Mertens
Keeping an Eye on Malicious Files Life Time
2020-03-02
Jan Kopriva
Secure vs. cleartext protocols - couple of interesting stats
2019-10-25
Rob VandenBrink
More on DNS Archeology (with PowerShell)
2019-08-21
Russ McRee
KAPE: Kroll Artifact Parser and Extractor
2019-07-11
Johannes Ullrich
Remembering Mike Assante
2018-11-30
Remco Verhoef
CoinMiners searching for hosts
2018-07-29
Guy Bruneau
Using RITA for Threat Analysis
2018-02-25
Guy Bruneau
Blackhole Advertising Sites with Pi-hole
2018-01-26
Xavier Mertens
Investigating Microsoft BITS Activity
2017-10-02
Xavier Mertens
Investigating Security Incidents with Passive DNS
2017-09-24
Jim Clausing
Forensic use of mount --bind
2017-09-19
Jim Clausing
New tool: mac-robber.py
2017-07-09
Russ McRee
Adversary hunting with SOF-ELK
2017-05-23
Rob VandenBrink
What did we Learn from WannaCry? - Oh Wait, We Already Knew That!
2017-05-16
Russ McRee
WannaCry? Do your own data analysis.
2017-01-12
Mark Baggett
System Resource Utilization Monitor
2016-10-31
Russ McRee
SEC505 DFIR capture script: snapshot.ps1
2016-10-19
Xavier Mertens
Spam Delivered via .ICS Files
2016-08-11
Pasquale Stirparo
Looking for the insider: Forensic Artifacts on iOS Messaging App
2016-07-10
Kevin Liston
Lessons Learned from Industrial Control Systems
2016-05-22
Pasquale Stirparo
The strange case of WinZip MRU Registry key
2016-03-28
Xavier Mertens
Improving Bash Forensics Capabilities
2016-03-11
Jim Clausing
Forensicating Docker, Part 1
2016-02-18
Xavier Mertens
Hunting for Executable Code in Windows Environments
2016-01-06
Russ McRee
toolsmith #112: Red vs Blue - PowerSploit vs PowerForensics
2015-12-04
Tom Webb
Automating Phishing Analysis using BRO
2015-08-29
Tom Webb
Automating Metrics using RTIR REST API
2015-04-24
Basil Alawi S.Taher
Fileless Malware
2015-04-17
Didier Stevens
Memory Forensics Of Network Devices
2015-03-18
Daniel Wesemann
New SANS memory forensics poster
2015-02-03
Johannes Ullrich
Another Network Forensic Tool for the Toolbox - Dshell
2014-08-10
Basil Alawi S.Taher
Incident Response with Triage-ir
2014-06-22
Russ McRee
OfficeMalScanner helps identify the source of a compromise
2014-06-03
Basil Alawi S.Taher
An Introduction to RSA Netwitness Investigator
2014-05-18
Russ McRee
sed and awk will always rock
2014-03-11
Basil Alawi S.Taher
Introduction to Memory Analysis with Mandiant Redline
2014-03-07
Tom Webb
Linux Memory Dump with Rekall
2014-02-09
Basil Alawi S.Taher
Mandiant Highlighter 2
2014-01-10
Basil Alawi S.Taher
Windows Autorun-3
2013-12-12
Basil Alawi S.Taher
Acquiring Memory Images with Dumpit
2013-11-21
Mark Baggett
"In the end it is all PEEKS and POKES."
2013-11-20
Mark Baggett
Searching live memory on a running machine with winpmem
2013-11-19
Mark Baggett
Winpmem - Mild mannered memory aquisition tool??
2013-08-26
Alex Stanford
Stop, Drop and File Carve
2013-08-14
Johannes Ullrich
Imaging LUKS Encrypted Drives
2013-07-12
Rob VandenBrink
Hmm - where did I save those files?
2013-05-23
Adrien de Beaupre
MoVP II
2013-04-25
Adam Swanger
SANS 2013 Forensics Survey - https://www.surveymonkey.com/s/2013SANSForensicsSurvey
2013-02-20
Manuel Humberto Santander Pelaez
SANS SCADA Summit at Orlando - Bigger problems and so far from getting them solved
2012-11-02
Daniel Wesemann
The shortcomings of anti-virus software
2012-09-14
Lenny Zeltser
Analyzing Malicious RTF Files Using OfficeMalScanner's RTFScan
2012-07-16
Jim Clausing
An analysis of the Yahoo! passwords
2012-06-04
Lenny Zeltser
Decoding Common XOR Obfuscation in Malicious Code
2011-09-29
Daniel Wesemann
The SSD dilemma
2011-08-05
Johannes Ullrich
Forensics: SIFT Kit 2.1 now available for download http://computer-forensics.sans.org/community/downloads
2011-03-01
Daniel Wesemann
AV software and "sharing samples"
2010-11-26
Mark Hofman
Using password cracking as metric/indicator for the organisation's security posture
2010-11-17
Guy Bruneau
Reference on Open Source Digital Forensics
2010-05-22
Rick Wanner
SANS 2010 Digital Forensics Summit - APT Based Forensic Challenge
2010-05-21
Rick Wanner
2010 Digital Forensics and Incident Response Summit
2010-04-30
Kevin Liston
The Importance of Small Files
2010-04-11
Marcus Sachs
Network and process forensics toolset
2010-03-26
Daniel Wesemann
SIFT2.0 SANS Investigative Forensics Toolkit released
2009-12-14
Adrien de Beaupre
Anti-forensics, COFEE vs. DECAF
2009-11-25
Jim Clausing
Updates to my GREM Gold scripts and a new script
2009-10-20
Raul Siles
WASC 2008 Statistics
2009-08-18
Daniel Wesemann
Forensics: Mounting partitions from full-disk 'dd' images
2009-08-13
Jim Clausing
New and updated cheat sheets
2009-07-02
Daniel Wesemann
Getting the EXE out of the RTF
2009-02-02
Stephen Hall
How do you audit your production code?
2009-01-02
Rick Wanner
Tools on my Christmas list.
2008-11-17
Marcus Sachs
New Tool: NetWitness Investigator
2008-09-08
Raul Siles
Quick Analysis of the 2007 Web Application Security Statistics
2008-08-17
Kevin Liston
Volatility 1.3 Released
2008-08-15
Jim Clausing
OMFW 2008 reflections
2008-06-18
Marcus Sachs
Olympics Part II
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Forums
Auditing
Diary Discussions
Forensics
General Discussions
Industry News
Network Security
Penetration Testing
Software Security
Contact Us
Contact Us
About Us
Handlers
Slack Channel
Mastodon
Twitter
This site is powered by
your submissions
, so tell us
what you see happening