Diaries by Keyword - SANS Internet Storm Center

Handler on Duty: Didier Stevens

Threat Level: green

Date	Author	Title
2024-09-18	Guy Bruneau	Time-to-Live Analysis of DShield Data with Vega-Lite
2024-08-30	Jesse La Grew	Simulating Traffic With Scapy
2023-10-09	Didier Stevens	ZIP's DOSTIME & DOSDATE Formats
2023-07-07	Xavier Mertens	DSSuite (Didier's Toolbox) Docker Image Update
2023-05-30	Brad Duncan	Malspam pushes ModiLoader (DBatLoader) infection for Remcos RAT
2023-02-28	Brad Duncan	BB17 distribution Qakbot (Qbot) activity
2022-12-30	Jan Kopriva	SPF and DMARC use on GOV domains in different ccTLDs
2022-12-20	Xavier Mertens	Linux File System Monitoring & Actions
2022-10-24	Xavier Mertens	C2 Communications Through outlook.com
2022-06-26	Didier Stevens	More Decoding Analysis
2022-04-07	Johannes Ullrich	What is BIMI and how is it supposed to help with Phishing.
2022-03-04	Johannes Ullrich	Scam E-Mail Impersonating Red Cross
2022-02-05	Didier Stevens	Power over Ethernet and Thermal Imaging
2022-01-29	Guy Bruneau	SIEM In this Decade, Are They Better than the Last?
2021-12-23	Johannes Ullrich	Defending Cloud IMDS Against log4shell (and more)
2021-12-16	Brad Duncan	How the "Contact Forms" campaign tricks people
2021-11-04	Tom Webb	Xmount for Disk Images
2021-10-21	Brad Duncan	"Stolen Images Evidence" campaign pushes Sliver-based malware
2021-06-26	Guy Bruneau	CVE-2019-9670: Zimbra Collaboration Suite XXE vulnerability
2021-04-22	Xavier Mertens	How Safe Are Your Docker Images?
2021-03-02	Russ McRee	Adversary Simulation with Sim
2020-10-07	Johannes Ullrich	Today, Nobody is Going to Attack You.
2020-08-12	Russ McRee	To the Brim at the Gates of Mordor Pt. 1
2020-04-30	Xavier Mertens	Collecting IOCs from IMAP Folder
2019-12-12	Xavier Mertens	Code & Data Reuse in the Malware Ecosystem
2019-11-02	Didier Stevens	Remark on EML Attachments
2019-10-30	Xavier Mertens	Keep an Eye on Remote Access to Mailboxes
2019-08-22	Xavier Mertens	Simple Mimikatz & RDPWrapper Dropper
2019-05-01	Xavier Mertens	Another Day, Another Suspicious UDF File
2019-04-17	Xavier Mertens	Malware Sample Delivered Through UDF Image
2019-02-05	Rob VandenBrink	Mitigations against Mimikatz Style Attacks
2019-01-09	Russ McRee	gganimate: Animate YouR Security Analysis
2018-10-31	Brad Duncan	More malspam using password-protected Word docs
2018-06-27	Renato Marinho	Silently Profiling Unknown Malware Samples
2018-05-16	Mark Hofman	EFAIL, a weakness in openPGP and S\MIME
2017-11-25	Guy Bruneau	Exim Remote Code Exploit
2017-09-19	Jim Clausing	New tool: mac-robber.py
2017-07-12	Xavier Mertens	Backup Scripts, the FIM of the Poor
2017-06-28	Brad Duncan	Catching up with Blank Slate: a malspam campaign still going strong
2017-06-17	Guy Bruneau	Mapping Use Cases to Logs. Which Logs are the Most Important to Collect?
2017-05-10	Johannes Ullrich	Read This If You Are Using a Script to Pull Data From This Site
2017-05-03	Bojan Zdrnja	Powershelling with exploits
2017-04-28	Russell Eubanks	KNOW before NO
2017-03-25	Russell Eubanks	Distraction as a Service
2017-03-11	Russell Eubanks	What's On Your Not To Do List?
2017-01-24	Xavier Mertens	Malicious SVG Files in the Wild
2016-12-11	Russ McRee	Steganography in Action: Image Steganography & StegExpose
2016-11-20	Pasquale Stirparo	How many “Epoch” times? Epocalypse.py timestamp converter
2016-11-13	Guy Bruneau	Bitcoin Miner File Upload via FTP
2016-09-10	Xavier Mertens	Ongoing IMAP Scan, Anyone Else?
2016-05-14	Guy Bruneau	INetSim as a Basic Honeypot
2016-03-30	Xavier Mertens	What to watch with your FIM?
2016-01-24	Didier Stevens	Obfuscated MIME Files
2016-01-05	Guy Bruneau	What are you Concerned the Most in 2016?
2015-12-14	Russ McRee	AD Security's Unofficial Guide to Mimikatz & Command Reference
2015-05-15	Didier Stevens	Another Maldoc? I'm Afraid So...
2015-05-09	Didier Stevens	Malicious Word Document: This Time The Maldoc Is A MIME File
2015-02-10	Mark Baggett	Detecting Mimikatz Use On Your Network
2014-01-24	Johannes Ullrich	How to send mass e-mail the right way
2013-11-05	Daniel Wesemann	TIFF images in MS-Office documents used in targeted attacks
2013-08-14	Johannes Ullrich	Imaging LUKS Encrypted Drives
2013-05-22	Adrien de Beaupre	Apple QuickTime 7.7.4 for Windows updated, MANY security vulnerabilities: http://support.apple.com/kb/HT1222
2013-04-25	Adam Swanger	Guest Diary: Dylan Johnson - A week in the life of some Perimeter Firewalls
2013-02-06	Johannes Ullrich	Are you losing system logging information (and don't know it)?
2012-12-22	Guy Bruneau	New Poll - Which of the following issues impacted the most your business in 2012? - https://isc.sans.edu/poll.html
2012-06-22	Kevin Liston	Investigator's Tool-kit: Timeline
2012-06-15	Johannes Ullrich	Authenticating E-Mail
2012-02-07	Johannes Ullrich	Secure E-Mail Access
2011-11-11	Rick Wanner	APPLE-SA-2011-11-10-2 Time Capsule and AirPort Base Station (802.11n) Firmware 7.6 update
2011-08-04	Jim Clausing	Apple release Quicktime 7.7 fixes 14 CVEs, see http://support.apple.com/kb/HT1222
2011-08-03	Johannes Ullrich	Malicious Images: What's a QR Code
2011-05-14	Guy Bruneau	Websense Study Claims Canada Next Hotbed for Cybercrime Web Hosting Activity
2011-05-06	Richard Porter	Unpatched Exploit: Skype for MAC
2011-04-23	Manuel Humberto Santander Pelaez	Image search can lead to malware download
2010-12-17	Johannes Ullrich	Reports of Attacks against EXIM vulnerability
2010-12-12	Raul Siles	Apple Quickime 7.6.9 was released a few days ago (just in case you missed it): http://support.apple.com/kb/HT1222. Update all your web browser plugins!
2010-12-10	Mark Hofman	EXIM MTA vulnerability
2010-11-08	Manuel Humberto Santander Pelaez	Network Security Perimeter: How to choose the correct firewall and IPS for your environment?
2010-11-07	Adrien de Beaupre	Change your clocks?
2010-09-25	Rick Wanner	Guest Diary: Andrew Hunt - Visualizing the Hosting Patterns of Modern Cybercriminals
2010-08-30	Adrien de Beaupre	Apple QuickTime potential vulnerability/backdoor
2010-08-22	Manuel Humberto Santander Pelaez	SCADA: A big challenge for information security professionals
2010-08-14	Tony Carothers	Freedom of Information
2010-08-13	Guy Bruneau	QuickTime Security Updates
2010-04-02	Guy Bruneau	Apple QuickTime and iTunes Security Update
2010-03-23	John Bambenek	The Top 10 Riskiest US Cities for Cybercrime
2010-03-11	donald smith	Cert write up on Skype IMBot Logic and Functionality.
2010-01-17	Rick Wanner	Buffer overflow in Quicktime
2009-11-05	Swa Frantzen	RIM fixes random code execution vulnerability
2009-09-12	Jim Clausing	Apple Updates
2009-09-04	Adrien de Beaupre	Fake anti-virus
2009-07-11	Marcus Sachs	Imageshack
2009-06-02	Deborah Hale	Another Quicktime Update
2009-02-14	Deborah Hale	Microsoft Time Sync Appears to Down
2009-02-06	Adrien de Beaupre	Fake stimulus payments
2008-11-02	Adrien de Beaupre	Daylight saving time
2008-09-09	Swa Frantzen	Apple updates iTunes+QuickTime
2008-07-15	Maarten Van Horenbeeck	BlackBerry PDF parsing vulnerability
2008-07-15	Maarten Van Horenbeeck	Bot controller mimicry
2008-06-10	Swa Frantzen	Upgrade to QuickTime 7.5
2008-04-22	donald smith	Maximus root kit downloads via MySpace social engineering trick.
2008-04-03	Bojan Zdrnja	A bag of vulnerabilities (and fixes) in QuickTime
2006-12-18	Toby Kohlenberg	Skype worm
2006-09-12	Swa Frantzen	Apple Quicktime 7.1.3 released