Diaries by Keyword - SANS Internet Storm Center

Participate: Learn more about our honeypot network
https://isc.sans.edu/tools/honeypot/

Handler on Duty: Jesse La Grew

Threat Level: green

Date	Author	Title
LAYER 2
2019-10-10	Rob VandenBrink	Mining Live Networks for OUI Data Oddness
2019-09-26	Rob VandenBrink	Mining MAC Address and OUI Information
2011-04-11	Johannes Ullrich	Layer 2 DoS and other IPv6 Tricks
2010-05-12	Rob VandenBrink	Layer 2 Security - Private VLANs (the Story Continues ...)
2009-12-07	Rob VandenBrink	Layer 2 Network Protections – reloaded!
2009-11-11	Rob VandenBrink	Layer 2 Network Protections against Man in the Middle Attacks
LAYER
2019-10-10/a>	Rob VandenBrink	Mining Live Networks for OUI Data Oddness
2019-09-26/a>	Rob VandenBrink	Mining MAC Address and OUI Information
2016-10-26/a>	Johannes Ullrich	Critical Flash Player Update APSB16-36
2015-01-23/a>	Adrien de Beaupre	Infocon change to yellow for Adobe Flash issues
2014-04-28/a>	Russ McRee	Adobe Security Bulletin: Security updates available for Adobe Flash Player http://adobe.ly/QVjO72
2013-03-02/a>	Scott Fendley	Apple Blocks Older Insecure Versions of Flash Player
2012-11-08/a>	Daniel Wesemann	Adobe Patches
2012-10-24/a>	Rob VandenBrink	Time to run Windows Update - - Microsoft Updates KB2755801 for Windows RT / IE10 / Flash Player - http://technet.microsoft.com/en-us/security/advisory/2755801
2012-10-09/a>	Johannes Ullrich	Adobe Flash Player update http://www.adobe.com/support/security/bulletins/apsb12-22.html
2012-09-20/a>	Russ McRee	Flash Player update but no announcement, check your version http://www.adobe.com/software/flash/about/
2012-08-03/a>	Guy Bruneau	Flash Player 11.3.300.270 for Windows released to address a crash - http://forums.adobe.com/message/4594596#4594596
2012-03-28/a>	Kevin Shortt	Adobe Flash Player APSB12-07 - 28 March 2012
2012-03-05/a>	Johannes Ullrich	Adobe Flash Player Security Update
2012-02-16/a>	Johannes Ullrich	Adobe Flash Player Update
2011-04-11/a>	Johannes Ullrich	Layer 2 DoS and other IPv6 Tricks
2010-11-01/a>	Manuel Humberto Santander Pelaez	CVE-2010-3654 exploit in the wild
2010-10-30/a>	Guy Bruneau	Security Update for Shockwave Player
2010-08-25/a>	Pedro Bueno	Adobe released security update for Shockwave player that fix several CVEs: APSB1020
2010-06-16/a>	Kevin Shortt	Adobe Flash Player 10.1 - Security Update Available
2010-06-05/a>	Guy Bruneau	Security Advisory for Flash Player, Adobe Reader and Acrobat
2010-05-12/a>	Rob VandenBrink	Layer 2 Security - Private VLANs (the Story Continues ...)
2010-02-12/a>	G. N. White	Adobe Flash Player 10.0.45.2 and AIR 1.5.3.9130 released to correct vulnerability CVE-2010-0186 Details: http://www.adobe.com/support/security/bulletins/apsb10-06.html
2010-01-12/a>	Johannes Ullrich	Microsoft Advices XP Users to Uninstall Flash Player 6
2009-12-07/a>	Rob VandenBrink	Layer 2 Network Protections – reloaded!
2009-11-11/a>	Rob VandenBrink	Layer 2 Network Protections against Man in the Middle Attacks
2009-01-21/a>	Raul Siles	Traffic increase for port UDP/8247
2008-05-27/a>	Adrien de Beaupre	Adobe flash player vuln
2006-12-12/a>	Robert Danford	MS06-078: 2 Windows Media Format Vulnerabilities (CVE-2006-4702, CVE-2006-6134)
2
2024-04-23/a>	Johannes Ullrich	Struts "devmode": Still a problem ten years later?
2024-03-14/a>	Jan Kopriva	Increase in the number of phishing messages pointing to IPFS and to R2 buckets
2023-12-20/a>	Guy Bruneau	How to Protect your Webserver from Directory Enumeration Attack ? Apache2 [Guest Diary]
2023-11-30/a>	John Bambenek	Prophetic Post by Intern on CVE-2023-1389 Foreshadows Mirai Botnet Expansion Today
2023-11-22/a>	Guy Bruneau	CVE-2023-1389: A New Means to Expand Botnets
2023-11-06/a>	Johannes Ullrich	Exploit Activity for CVE-2023-22518, Atlassian Confluence Data Center and Server
2023-08-28/a>	Didier Stevens	Analysis of RAR Exploit Files (CVE-2023-38831)
2023-08-25/a>	Xavier Mertens	Python Malware Using Postgresql for C2 Communications
2023-07-12/a>	Brad Duncan	Loader activity for Formbook "QM18"
2023-06-22/a>	Brad Duncan	Qakbot (Qbot) activity, obama271 distribution tag
2023-06-17/a>	Brad Duncan	Formbook from Possible ModiLoader (DBatLoader)
2023-05-14/a>	Guy Bruneau	VMware Aria Operations addresses multiple Local Privilege Escalations and a Deserialization issue
2023-05-09/a>	Russ McRee	Exploratory Data Analysis with CISSM Cyber Attacks Database - Part 2
2023-03-25/a>	Guy Bruneau	Microsoft Released an Update for Windows Snipping Tool Vulnerability
2023-02-22/a>	Johannes Ullrich	Internet Wide Scan Fingerprinting Confluence Servers
2022-12-22/a>	Guy Bruneau	Exchange OWASSRF Exploited for Remote Code Execution
2022-12-16/a>	Guy Bruneau	VMware Security Updates
2022-12-10/a>	Didier Stevens	Open Now: 2022 SANS Holiday Hack Challenge & KringleCon
2022-10-24/a>	Xavier Mertens	C2 Communications Through outlook.com
2022-10-15/a>	Guy Bruneau	Malware - Covid Vaccination Supplier Declaration
2022-10-07/a>	Xavier Mertens	Powershell Backdoor with DGA Capability
2022-08-26/a>	Guy Bruneau	HTTP/2 Packet Analysis with Wireshark
2022-08-22/a>	Xavier Mertens	32 or 64 bits Malware?
2022-08-14/a>	Johannes Ullrich	Realtek SDK SIP ALG Vulnerability: A Big Deal, but not much you can do about it. CVE 2022-27255
2022-07-23/a>	Guy Bruneau	Analysis of SSH Honeypot Data with PowerBI
2022-06-09/a>	Brad Duncan	TA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt)
2022-05-13/a>	Johannes Ullrich	From 0-Day to Mirai: 7 days of BIG-IP Exploits
2022-04-28/a>	Johannes Ullrich	A Day of SMB: What does our SMB/RPC Honeypot see? CVE-2022-26809
2022-04-14/a>	Johannes Ullrich	An Update on CVE-2022-26809 - MSRPC Vulnerabliity - PATCH NOW
2022-01-12/a>	Johannes Ullrich	A Quick CVE-2022-21907 FAQ
2022-01-02/a>	Guy Bruneau	Exchange Server - Email Trapped in Transport Queues
2021-12-19/a>	Didier Stevens	Office 2021: VBA Project Version
2021-12-18/a>	Guy Bruneau	VMware Security Update - https://www.vmware.com/security/advisories/VMSA-2021-0030.html
2021-12-14/a>	Johannes Ullrich	Log4j: Getting ready for the long haul (CVE-2021-44228)
2021-12-11/a>	Johannes Ullrich	Log4j / Log4Shell Followup: What we see and how to defend (and how to access our data)
2021-11-26/a>	Guy Bruneau	Searching for Exposed ASUS Routers Vulnerable to CVE-2021-20090
2021-11-20/a>	Guy Bruneau	Hikvision Security Cameras Potentially Exposed to Remote Code Execution
2021-11-07/a>	Didier Stevens	Video: Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory
2021-11-06/a>	Didier Stevens	Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory
2021-10-30/a>	Guy Bruneau	Remote Desktop Protocol (RDP) Discovery
2021-10-25/a>	Didier Stevens	Decrypting Cobalt Strike Traffic With a "Leaked" Private Key
2021-10-16/a>	Guy Bruneau	Apache is Actively Scan for CVE-2021-41773 & CVE-2021-42013
2021-10-06/a>	Johannes Ullrich	Apache 2.4.49 Directory Traversal Vulnerability (CVE-2021-41773)
2021-08-20/a>	Xavier Mertens	Waiting for the C2 to Show Up
2021-08-03/a>	Johannes Ullrich	Three Problems with Two Factor Authentication
2021-06-30/a>	Johannes Ullrich	CVE-2021-1675: Incomplete Patch and Leaked RCE Exploit
2021-06-26/a>	Guy Bruneau	CVE-2019-9670: Zimbra Collaboration Suite XXE vulnerability
2021-05-28/a>	Xavier Mertens	Malicious PowerShell Hosted on script.google.com
2021-05-21/a>	Xavier Mertens	Locking Kernel32.dll As Anti-Debugging Technique
2021-05-18/a>	Xavier Mertens	From RunDLL32 to JavaScript then PowerShell
2021-04-02/a>	Xavier Mertens	C2 Activity: Sandboxes or Real Victims?
2021-03-19/a>	Xavier Mertens	Pastebin.com Used As a Simple C2 Channel
2021-02-25/a>	Jim Clausing	So where did those Satori attacks come from?
2021-02-24/a>	Brad Duncan	Malspam pushes GuLoader for Remcos RAT
2021-02-16/a>	Jim Clausing	More weirdness on TCP port 26
2021-02-02/a>	Xavier Mertens	New Example of XSL Script Processing aka "Mitre T1220"
2020-12-18/a>	Jan Kopriva	A slightly optimistic tale of how patching went for CVE-2019-19781
2020-12-13/a>	Didier Stevens	KringleCon 2020
2020-12-10/a>	Xavier Mertens	Python Backdoor Talking to a C2 Through Ngrok
2020-11-21/a>	Guy Bruneau	VMware privilege escalation vulnerabilities (CVE-2020-4004, CVE-2020-4005) - https://www.vmware.com/security/advisories/VMSA-2020-0026.html
2020-10-29/a>	Johannes Ullrich	PATCH NOW: CVE-2020-14882 Weblogic Actively Exploited Against Honeypots
2020-10-28/a>	Jan Kopriva	SMBGhost - the critical vulnerability many seem to have forgotten to patch
2020-08-08/a>	Guy Bruneau	Scanning Activity Include Netcat Listener
2020-08-04/a>	Johannes Ullrich	Reminder: Patch Cisco ASA / FTD Devices (CVE-2020-3452). Exploitation Continues
2020-07-22/a>	Rick Wanner	A few IoCs related to CVE-2020-5902
2020-07-15/a>	Johannes Ullrich	PATCH NOW - SIGRed - CVE-2020-1350 - Microsoft DNS Server Vulnerability
2020-07-06/a>	Johannes Ullrich	Summary of CVE-2020-5902 F5 BIG-IP RCE Vulnerability Exploits
2020-05-19/a>	Rick Wanner	What is up on Port 62234?
2020-05-14/a>	Rob VandenBrink	Patch Tuesday Revisited - CVE-2020-1048 isn't as "Medium" as MS Would Have You Believe
2020-04-29/a>	Johannes Ullrich	Privacy Preserving Protocols to Trace Covid19 Exposure
2020-02-21/a>	Xavier Mertens	Quick Analysis of an Encrypted Compound Document Format
2020-02-18/a>	Jan Kopriva	Discovering contents of folders in Windows without permissions
2020-01-16/a>	Bojan Zdrnja	Summing up CVE-2020-0601, or the Let?s Decrypt vulnerability
2020-01-15/a>	Johannes Ullrich	CVE-2020-0601 Followup
2020-01-13/a>	Didier Stevens	Citrix ADC Exploits: Overview of Observed Payloads
2020-01-11/a>	Johannes Ullrich	Citrix ADC Exploits are Public and Heavily Used. Attempts to Install Backdoor
2020-01-07/a>	Johannes Ullrich	A Quick Update on Scanning for CVE-2019-19781 (Citrix ADC / Gateway Vulnerability)
2019-12-02/a>	Jim Clausing	Next up, what's up with TCP port 26?
2019-11-18/a>	Johannes Ullrich	SMS and 2FA: Another Reason to Move away from It.
2019-11-06/a>	Brad Duncan	More malspam pushing Formbook
2019-11-01/a>	Didier Stevens	Tip: Password Managers and 2FA
2019-10-10/a>	Rob VandenBrink	Mining Live Networks for OUI Data Oddness
2019-09-26/a>	Rob VandenBrink	Mining MAC Address and OUI Information
2019-08-01/a>	Johannes Ullrich	What is Listening On Port 9527/TCP?
2019-07-18/a>	Rob VandenBrink	The Other Side of Critical Control 1: 802.1x Wired Network Access Controls
2019-06-19/a>	Johannes Ullrich	Critical Actively Exploited WebLogic Flaw Patched CVE-2019-2729
2019-05-22/a>	Johannes Ullrich	An Update on the Microsoft Windows RDP "Bluekeep" Vulnerability (CVE-2019-0708) [now with pcaps]
2019-04-28/a>	Johannes Ullrich	Update about Weblogic CVE-2019-2725 (Exploits Used in the Wild, Patch Status)
2019-04-02/a>	Johannes Ullrich	Fake AV is Back: LaCie Network Drives Used to Spread Malware
2019-03-29/a>	Remco Verhoef	Annotating Golang binaries with Cutter and Jupyter
2019-03-15/a>	Remco Verhoef	Binary Analysis with Jupyter and Radare2
2019-03-09/a>	Guy Bruneau	A Comparison Study of SSH Port Activity - TCP 22 & 2222
2019-02-02/a>	Guy Bruneau	Scanning for WebDAV PROPFIND Exploiting CVE-2017-7269
2019-01-09/a>	Russ McRee	gganimate: Animate YouR Security Analysis
2018-12-21/a>	Lorna Hutcheson	Phishing Attempts That Bypass 2FA
2018-10-10/a>	Xavier Mertens	New Campaign Using Old Equation Editor Vulnerability
2018-10-08/a>	Guy Bruneau	Latest Release of rockNSM 2.1
2018-08-31/a>	Jim Clausing	Quickie: Using radare2 to disassemble shellcode
2018-08-20/a>	Didier Stevens	OpenSSH user enumeration (CVE-2018-15473)
2018-06-27/a>	Renato Marinho	Silently Profiling Unknown Malware Samples
2018-06-15/a>	Lorna Hutcheson	SMTP Strangeness - Possible C2
2018-06-01/a>	Remco Verhoef	Binary analysis with Radare2
2018-05-22/a>	Guy Bruneau	VMware updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue - https://www.vmware.com/security/advisories/VMSA-2018-0012.html
2018-01-19/a>	Jim Clausing	Followup to IPv6 brute force and IPv6 blocking
2017-12-27/a>	Guy Bruneau	What are your Security Challenges for 2018?
2017-10-16/a>	Johannes Ullrich	WPA2 "KRACK" Attack
2017-09-08/a>	Adrien de Beaupre	YASRV (Yet Another Struts RCE Vulnerability) yes a different one from yesterday
2017-09-05/a>	Johannes Ullrich	The Mirai Botnet: A Look Back and Ahead At What's Next
2017-05-26/a>	Lorna Hutcheson	File2pcap - A new tool for your toolkit!
2017-05-13/a>	Guy Bruneau	Microsoft Released Guidance for WannaCrypt
2017-01-30/a>	Didier Stevens	py2exe Decompiling - Part 2
2016-10-22/a>	Guy Bruneau	Request for Packets TCP 4786 - CVE-2016-6385
2016-10-10/a>	Didier Stevens	Radare2: rahash2
2016-09-15/a>	Xavier Mertens	In Need of a OTP Manager Soon?
2016-07-17/a>	Guy Bruneau	Juniper -> Junos: Self-signed certificate with spoofed trusted Issuer CN accepted as valid - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10755&actp=search
2016-07-05/a>	Johannes Ullrich	Apache Update: TLS Certificate Authentication Bypass with HTTP/2 (CVE-2016-4979)
2016-05-18/a>	Russ McRee	Resources: Windows Auditing & Monitoring, Linux 2FA
2016-03-13/a>	Guy Bruneau	A Look at the Mandiant M-Trends 2016 Report
2016-03-06/a>	Jim Clausing	Novel method for slowing down Locky on Samba server using fail2ban
2016-02-13/a>	Guy Bruneau	VMware VMSA-2015-0007.3 has been Re-released
2016-01-31/a>	Guy Bruneau	OpenSSL 1.0.2 Advisory and Update
2016-01-05/a>	Guy Bruneau	What are you Concerned the Most in 2016?
2015-10-12/a>	Guy Bruneau	Critical Vulnerability in Multiple Cisco Products - Apache Struts 2 Command Execution http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2
2015-08-12/a>	Rob VandenBrink	Wireshark 1.12.7 is released, multiple fixes. Find the release notes at: https://www.wireshark.org/docs/relnotes/wireshark-1.12.7.html and the binaries at: https://www.wireshark.org/download.html
2015-07-12/a>	Guy Bruneau	PHP 5.x Security Updates
2015-06-16/a>	John Bambenek	CVE-2014-4114 and an Interesting AV Bypass Technique
2015-04-15/a>	Johannes Ullrich	MS15-034: HTTP.sys (IIS) DoS And Possible Remote Code Execution. PATCH NOW
2015-02-05/a>	Johannes Ullrich	Adobe Flash Player Update Released, Fixing CVE 2015-0313
2015-01-27/a>	Johannes Ullrich	New Critical GLibc Vulnerability CVE-2015-0235 (aka GHOST)
2014-09-25/a>	Johannes Ullrich	Update on CVE-2014-6271: Vulnerability in bash (shellshock)
2014-09-24/a>	Pedro Bueno	Attention *NIX admins, time to patch!
2014-09-22/a>	Johannes Ullrich	Cyber Security Awareness Month: What's your favorite/most scary false positive
2014-08-23/a>	Guy Bruneau	NSS Labs Cyber Resilience Report
2014-07-07/a>	Johannes Ullrich	Multi Platform *Coin Miner Attacking Routers on Port 32764
2014-06-30/a>	Johannes Ullrich	Should I setup a Honeypot? [SANSFIRE]
2014-06-12/a>	Johannes Ullrich	Metasploit now includes module to exploit CVE-2014-0195 (OpenSSL DTLS Fragment Vuln.)
2014-05-23/a>	Richard Porter	Highlights from Cisco Live 2014 - The Internet of Everything
2014-04-08/a>	Guy Bruneau	OpenSSL CVE-2014-0160 Fixed
2014-03-24/a>	Johannes Ullrich	New Microsoft Advisory: Unpatched Word Flaw used in Targeted Attacks
2014-03-02/a>	Stephen Hall	Symantec goes yellow
2014-02-27/a>	Richard Porter	DDoS and BCP 38
2014-02-07/a>	Rob VandenBrink	New ISO Standards on Vulnerability Handling and Disclosure
2013-12-05/a>	Mark Hofman	Updated Standards Part 1 - ISO 27001
2013-11-28/a>	Rob VandenBrink	Microsoft Security Advisory (2914486): Vulnerability in Microsoft Windows Kernel 0 day exploit in wild
2013-10-25/a>	Rob VandenBrink	Kaspersky flags TCPIP.SYS as Malware
2013-10-15/a>	Rob VandenBrink	CSAM: Microsoft Logs - NPS and IAS (RADIUS)
2013-10-10/a>	Mark Hofman	CSAM Some more unusual scans
2013-10-09/a>	Johannes Ullrich	CSAM: SSL Request Logs
2013-10-02/a>	Johannes Ullrich	CSAM: Misc. DNS Logs
2013-10-01/a>	Adrien de Beaupre	CSAM! Send us your logs!
2013-10-01/a>	John Bambenek	*Metaspoit Releases Module to Exploit Unpatched IE Vuln CVE-2013-3893
2013-09-20/a>	Russ McRee	Threat Level Yellow: Protection recommendations regarding Internet Explorer exploits in the wild
2013-09-18/a>	Rob VandenBrink	Cisco DCNM Update Released
2013-09-17/a>	John Bambenek	Microsoft Releases Out-of-Band Advisory for all Versions of Internet Explorer
2013-08-16/a>	Kevin Liston	CVE-2013-2251 Apache Struts 2.X OGNL Vulnerability
2013-08-09/a>	Kevin Shortt	Copy Machines - Changing Scanned Content
2013-07-06/a>	Guy Bruneau	Microsoft July Patch Pre-Announcement
2013-06-01/a>	Guy Bruneau	Exploit Sample for Win32/CVE-2012-0158
2013-05-20/a>	Guy Bruneau	Safe - Tools, Tactics and Techniques
2013-05-09/a>	Johannes Ullrich	Microsoft released a Fix-it for the Internet Explorer 8 Vulnerability http://support.microsoft.com/kb/2847140
2013-04-25/a>	Adam Swanger	SANS 2013 Forensics Survey - https://www.surveymonkey.com/s/2013SANSForensicsSurvey
2013-04-16/a>	Rob VandenBrink	Java 7 Update 21 is available - Watch for Behaviour Changes !
2013-03-25/a>	Johannes Ullrich	IPv6 Focus Month: IPv6 over IPv4 Preference
2013-02-22/a>	Chris Mohan	PHP 5.4.12 and PHP 5.3.22 released http://www.php.net/ChangeLog-5.php
2013-02-11/a>	John Bambenek	OpenSSL 1.0.1e Released with Corrected fix for CVE-2013-1069, more here: http://www.openssl.org/
2013-01-19/a>	Guy Bruneau	Java 7 Update 11 Still has a Flaw
2013-01-10/a>	Rob VandenBrink	What Else runs Telnets? Or, Pentesters Love Video Conferencing Units Too!
2013-01-09/a>	Richard Porter	The 80's called - They Want Their Mainframe Back!
2013-01-07/a>	Adam Swanger	Please consider participating in our 2013 ISC StormCast survey at http://www.surveymonkey.com/s/stormcast
2013-01-04/a>	Guy Bruneau	"FixIt" Patch for CVE-2012-4792 Bypassed
2012-10-30/a>	Mark Hofman	Cyber Security Awareness Month - Day 30 - DSD 35 mitigating controls
2012-10-29/a>	Kevin Shortt	Cyber Security Awareness Month - Day 29 - Clear Desk: The Unacquainted Standard
2012-10-26/a>	Russ McRee	Cyber Security Awareness Month - Day 26 - Attackers use trusted domain to propagate Citadel Zeus variant
2012-10-25/a>	Richard Porter	Cyber Security Awareness Month - Day 25 - Pro Audio & Video Packets on the Wire
2012-10-24/a>	Russ McRee	Cyber Security Awareness Month - Day 24 - A Standard for Information Security Incident Management - ISO 27035
2012-10-23/a>	Rob VandenBrink	Cyber Security Awareness Month - Day 23: Character Encoding Standards - ASCII and Successors
2012-10-21/a>	Johannes Ullrich	Cyber Security Awareness Month - Day 22: Connectors
2012-10-19/a>	Johannes Ullrich	Cyber Security Awareness Month - Day 19: Standard log formats and CEE.
2012-10-18/a>	Rob VandenBrink	Cyber Security Awareness Month - Day 18 - Vendor Standards: The vSphere Hardening Guide
2012-10-17/a>	Rob VandenBrink	Cyber Security Awareness Month - Day 17 - A Standard for Risk Management - ISO 27005
2012-10-16/a>	Richard Porter	CyberAwareness Month - Day 15, Standards Body Soup (pt2), Same Soup Different Cook.
2012-10-16/a>	Johannes Ullrich	Cyber Security Awareness Month - Day 16: W3C and HTML
2012-10-14/a>	Pedro Bueno	Cyber Security Awareness Month - Day 14 - Poor Man's File Analysis System - Part 1
2012-10-13/a>	Guy Bruneau	New Poll - Cyber Security Awareness Month Activities 2012 - https://isc.sans.edu/poll.html
2012-10-12/a>	Mark Hofman	Cyber Security Awareness Month - Day 12 PCI DSS
2012-10-11/a>	Rob VandenBrink	Cyber Security Awareness Month - Day 11 - Vendor Agnostic Standards (Center for Internet Security)
2012-10-10/a>	Kevin Shortt	Cyber Security Awareness Month - Day 10 - Standard Sudo - Part Two
2012-10-09/a>	Johannes Ullrich	Cyber Security Awreness Month - Day 9 - Request for Comment (RFC)
2012-10-08/a>	Mark Hofman	Cyber Security Awareness Month - Day 8 ISO 27001
2012-10-07/a>	Tony Carothers	Cyber Security Awareness Month - Day 7 - Rollup Review of CSAM Week 1
2012-10-06/a>	Manuel Humberto Santander Pelaez	Cyber Security Awareness Month - Day 6 - NERC: The standard that enforces security on power SCADA
2012-10-05/a>	Johannes Ullrich	Cyber Security Awareness Month - Day 5: Standards Body Soup, So many Flavors in the bowl.
2012-10-04/a>	Johannes Ullrich	Cyber Security Awareness Month - Day 4: Crypto Standards
2012-10-03/a>	Kevin Shortt	Cyber Security Awareness Month - Day 3 - Standard Sudo - Part One
2012-10-02/a>	Russ McRee	Cyber Security Awareness Month - Day 2 - PCI Security Standard: Mobile Payment Acceptance Security Guidelines
2012-10-01/a>	Johannes Ullrich	Cyber Security Awareness Month
2012-09-23/a>	Tony Carothers	Update for CVE-2012-3132
2012-09-21/a>	Guy Bruneau	IE Cumulative Updates MS12-063 - KB2744842
2012-09-21/a>	Guy Bruneau	Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10 (2755801)
2012-09-09/a>	Guy Bruneau	Phishing/Spam Pretending to be from BBB
2012-07-30/a>	Guy Bruneau	End of Days for MS-CHAPv2
2012-07-18/a>	Rob VandenBrink	Vote NO to Weak Keys!
2012-07-15/a>	Guy Bruneau	Oracle July 2012 Critical Patch Pre-Release Announcement
2012-07-10/a>	Rob VandenBrink	Today at SANSFIRE (09 July 2012) - ISC Panel Discussion on the State of the Internet
2012-06-18/a>	Guy Bruneau	CVE-2012-1875 exploit is now available
2012-05-25/a>	Guy Bruneau	Technical Analysis of Flash Player CVE-2012-0779
2012-05-16/a>	Johannes Ullrich	Got Packets? Odd duplicate DNS replies from 10.x IP Addresses
2012-05-05/a>	Tony Carothers	Vulnerability Exploit for Snow Leopard
2012-04-27/a>	Mark Hofman	Microsoft has added MSSQL 2008 R2 SP1 to the list of affected software for MS12-027 (Thanks Ryan). More info here --> http://technet.microsoft.com/security/bulletin/ms12-027
2012-04-19/a>	Kevin Shortt	OpenSSL Security Advisory - CVE-2012-2110
2012-04-12/a>	Guy Bruneau	wicd Privilege Escalation 0day exploit for Backtrack 5 R2
2012-02-03/a>	Guy Bruneau	Sophos 2012 Security Threat Report
2012-01-12/a>	Rob VandenBrink	PHP 5.39 was release on the 10th, amongst other things, it addresses CVE-2011-4885 (prevents attacks based on hash collisions) and CVE-2011-4566 (integer overflow when parsing invalid exif header)
2011-12-21/a>	Johannes Ullrich	New Vulnerability in Windows 7 64 bit
2011-10-29/a>	Richard Porter	The Sub Critical Control? Evidence Collection
2011-10-28/a>	Russ McRee	Critical Control 19: Data Recovery Capability
2011-10-28/a>	Daniel Wesemann	Critical Control 20: Security Skills Assessment and Training to fill Gaps
2011-10-27/a>	Mark Baggett	Critical Control 18: Incident Response Capabilities
2011-10-26/a>	Rick Wanner	Critical Control 17:Penetration Tests and Red Team Exercises
2011-10-17/a>	Rob VandenBrink	Critical Control 11: Account Monitoring and Control
2011-10-13/a>	Guy Bruneau	Critical Control 10: Continuous Vulnerability Assessment and Remediation
2011-10-12/a>	Kevin Shortt	Critical Control 8 - Controlled Use of Administrative Privileges
2011-10-11/a>	Swa Frantzen	Critical Control 7 - Application Software Security
2011-10-10/a>	Jim Clausing	Critical Control 6 - Maintenance, Monitoring, and Analysis of Security Audit Logs
2011-10-07/a>	Mark Hofman	Critical Control 5 - Boundary Defence
2011-10-06/a>	Rob VandenBrink	Apache HTTP Server mod_proxy reverse proxy issue
2011-10-04/a>	Johannes Ullrich	Critical Control 3 - Secure Configurations for Hardware and Software on Laptops, Workstations and Servers
2011-10-04/a>	Rob VandenBrink	Critical Control 2 - Inventory of Authorized and Unauthorized Software
2011-10-03/a>	Mark Hofman	Critical Control 1 - Inventory of Authorized and Unauthorized Devices
2011-10-03/a>	Mark Baggett	What are the 20 Critical Controls?
2011-10-03/a>	Tom Liston	Security 101 : Security Basics in 140 Characters Or Less
2011-10-02/a>	Mark Hofman	Cyber Security Awareness Month Day 1/2 - Schedule
2011-10-02/a>	Mark Hofman	Cyber Security Awareness Month Day 1/2 - Introduction to the controls
2011-09-21/a>	Mark Hofman	October 2011 Cyber Security Awareness Month
2011-08-30/a>	Johannes Ullrich	A Packet Challenge: Help us identify this traffic
2011-08-15/a>	Rob VandenBrink	8 Years since the Eastern Seaboard Blackout - Has it Been that Long?
2011-08-10/a>	Guy Bruneau	Samba 3.6.0 Released
2011-06-30/a>	Rob VandenBrink	Update for RSA Authentication Manager
2011-05-22/a>	Kevin Shortt	Facebook goes two-factor
2011-04-28/a>	Chris Mohan	Gathering and use of location information fears - or is it all a bit too late
2011-04-21/a>	Guy Bruneau	Silverlight Update Available
2011-04-18/a>	John Bambenek	Wordpress.com Security Breach
2011-04-15/a>	Kevin Liston	MS11-020 (KB2508429) Upgrading from Critical to PATCH NOW
2011-04-11/a>	Johannes Ullrich	Layer 2 DoS and other IPv6 Tricks
2011-02-23/a>	Manuel Humberto Santander Pelaez	Bind DOS vulnerability (CVE-2011-0414)
2011-02-21/a>	Adrien de Beaupre	What’s New, it's Python 3.2
2011-01-08/a>	Guy Bruneau	PandaLabs 2010 Annual Report
2011-01-03/a>	Johannes Ullrich	What Will Matter in 2011
2010-12-20/a>	Guy Bruneau	Highlight of Survey Related to Issues Affecting Businesses in 2010
2010-12-20/a>	Guy Bruneau	Patch Issues with Outlook 2007
2010-12-15/a>	Manuel Humberto Santander Pelaez	HP StorageWorks P2000 G3 MSA hardcoded user
2010-11-16/a>	Guy Bruneau	OpenSSL TLS Extension Parsing Race Condition
2010-10-31/a>	Marcus Sachs	Cyber Security Awareness Month - Day 31 - Tying it all together
2010-10-30/a>	Guy Bruneau	Security Update for Shockwave Player
2010-10-30/a>	Guy Bruneau	Cyber Security Awareness Month - Day 30 - Role of the network team
2010-10-29/a>	Manuel Humberto Santander Pelaez	Cyber Security Awareness Month - Day 29- Role of the office geek
2010-10-28/a>	Rick Wanner	Cyber Security Awareness Month - Day 27 - Social Media use in the office
2010-10-28/a>	Tony Carothers	Cyber Security Awareness Month - Day 28 - Role of the employee
2010-10-28/a>	Manuel Humberto Santander Pelaez	CVE-2010-3654 - New dangerous 0-day authplay library adobe products vulnerability
2010-10-26/a>	Pedro Bueno	Cyber Security Awareness Month - Day 26 - Sharing Office Files
2010-10-25/a>	Kevin Shortt	Cyber Security Awareness Month - Day 25 - Using Home Computers for Work
2010-10-24/a>	Swa Frantzen	Cyber Security Awarenes Month - Day 24 - Using work computers at home
2010-10-23/a>	Mark Hofman	Cyber Security Awareness Month - Day 23 - The Importance of compliance
2010-10-22/a>	Daniel Wesemann	Cyber Security Awareness Month - Day 22 - Security of removable media
2010-10-21/a>	Chris Carboni	Cyber Security Awareness Month - Day 21 - Impossible Requests from the Boss
2010-10-20/a>	Jim Clausing	Cyber Security Awareness Month - Day 20 - Securing Mobile Devices
2010-10-19/a>	Rob VandenBrink	Cyber Security Awareness Month - Day 19 - Remote Access Tools
2010-10-19/a>	Rob VandenBrink	Cyber Security Awareness Month - Day 19 - Remote User VPN Tunnels - to Split or not to Split?
2010-10-19/a>	Rob VandenBrink	Cyber Security Awareness Month - Day 19 - VPN Architectures – SSL or IPSec?
2010-10-19/a>	Rob VandenBrink	Cyber Security Awareness Month - Day 19 - Remote User VPN Access – Are things getting too easy, or too hard?
2010-10-19/a>	Rob VandenBrink	Cyber Security Awareness Month - Day 19 - VPN and Remote Access Tools
2010-10-18/a>	Manuel Humberto Santander Pelaez	Cyber Security Awareness Month - Day 18 - What you should tell your boss when there's a crisis
2010-10-17/a>	Stephen Hall	Cyber Security Awareness Month - Day 17 - What a boss should and should not have access to
2010-10-15/a>	Marcus Sachs	Cyber Security Awareness Month - Day 15 - What Teachers Need to Know About Their Students
2010-10-15/a>	Guy Bruneau	Cyber Security Awareness Month - Day 16 - Securing a donated computer
2010-10-14/a>	Johannes Ullrich	Cyber Security Awareness Month - Day 14 - Securing a public computer
2010-10-13/a>	Deborah Hale	Cyber Security Awareness Month - Day 13 - Online Bullying
2010-10-12/a>	Scott Fendley	Cyber Security Awareness Month - Day 12 - Protecting and Managing Your Digital Identity On Social Media Sites
2010-10-11/a>	Rick Wanner	Cyber Security Awareness Month - Day 11 - Safe Browsing for Teens
2010-10-10/a>	Kevin Liston	Cyber Security Awareness Month - Day 10 - Safe browsing for pre-teens
2010-10-09/a>	Kevin Shortt	Cyber Security Awareness Month - Day 9 - Disposal of an Old Computer
2010-10-08/a>	Rick Wanner	Cyber Security Awareness Month - Day 8 - Patch Management and System Updates
2010-10-06/a>	Rob VandenBrink	Cyber Security Awareness Month - Day 7 - Remote Access and Monitoring Tools
2010-10-06/a>	Marcus Sachs	Cyber Security Awareness Month - Day 6 - Computer Monitoring Tools
2010-10-05/a>	Rick Wanner	Cyber Security Awareness Month - Day 5 - Sites you should stay away from
2010-10-04/a>	Daniel Wesemann	Cyber Security Awareness Month - Day 4 - Managing EMail
2010-10-03/a>	Adrien de Beaupre	Cyber Security Awareness Month - Day 3 - Recognizing phishing and online scams
2010-10-02/a>	Mark Hofman	Cyber Security Awareness Month - Day 2 - Securing the Family Network
2010-10-01/a>	Marcus Sachs	Cyber Security Awareness Month - 2010
2010-10-01/a>	Marcus Sachs	Cyber Security Awareness Month - Day 1 - Securing the Family PC
2010-09-17/a>	Robert Danford	Circa 2007 Linux Kernel Vulnerability Resurfaces (Was CVE-2007-4573, Now CVE-2010-3301)
2010-09-13/a>	Manuel Humberto Santander Pelaez	Adobe SING table parsing exploit (CVE-2010-2883) in the wild
2010-09-12/a>	Manuel Humberto Santander Pelaez	Adobe Acrobat pushstring Memory Corruption paper
2010-09-08/a>	John Bambenek	Adobe Acrobat/Reader 0-day in Wild, Adobe Issues Advisory
2010-08-25/a>	Pedro Bueno	Adobe released security update for Shockwave player that fix several CVEs: APSB1020
2010-08-22/a>	Manuel Humberto Santander Pelaez	SCADA: A big challenge for information security professionals
2010-07-29/a>	Rob VandenBrink	Snort 2.8.6.1 and Snort 2.9 Beta Released
2010-07-26/a>	Guy Bruneau	SophosLabs Released Free Tool to Validate Microsoft Shortcut
2010-07-20/a>	Manuel Humberto Santander Pelaez	LNK vulnerability now with Metasploit module implementing the WebDAV method
2010-07-20/a>	Manuel Humberto Santander Pelaez	iTunes buffer overflow vulnerability
2010-07-10/a>	Tony Carothers	Oracle July 2010 Pre-Release Announcement
2010-06-15/a>	Manuel Humberto Santander Pelaez	Microsoft Windows Help and Support Center vulnerability (CVE 2010-1885) exploit in the wild
2010-05-12/a>	Rob VandenBrink	Layer 2 Security - Private VLANs (the Story Continues ...)
2010-04-27/a>	Rob VandenBrink	Layer 2 Security - L2TPv3 for Disaster Recovery Sites
2010-04-22/a>	Guy Bruneau	MS10-025 Security Update has been Pulled
2010-04-16/a>	G. N. White	MS10-021: Encountering A Failed WinXP Update
2010-03-28/a>	Rick Wanner	Honeynet Project: 2010 Forensic Challenge #3
2010-03-10/a>	Rob VandenBrink	Microsoft re-release of KB973811 - attacks on Extended Protection for Authentication
2010-03-01/a>	Mark Hofman	Microsoft will drop support for Vista (without any Service Packs) on April 13 and support for XP SP2 ends July 13. (i.e. no more security updates). If you are still running these, it it time to update.
2010-02-23/a>	Mark Hofman	What is your firewall telling you and what is TCP249?
2010-02-21/a>	Tony Carothers	TCP Port 12174 Request For Packets
2010-02-17/a>	Rob VandenBrink	Defining Clouds - " A Cloud by any Other Name Would be a Lot Less Confusing"
2010-02-01/a>	Rob VandenBrink	NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?
2010-01-19/a>	Jim Clausing	The IE saga continues, out-of-cycle patch coming soon
2010-01-15/a>	Kevin Liston	Exploit code available for CVE-2010-0249
2010-01-12/a>	Adrien de Beaupre	PoC for CVE-2009-0689 MacOS X 10.5/10.6 vulnerability
2010-01-04/a>	Bojan Zdrnja	Sophisticated, targeted malicious PDF documents exploiting CVE-2009-4324
2009-12-29/a>	Rick Wanner	What's up with port 12174? Possible Symantec server compromise?
2009-12-07/a>	Rob VandenBrink	Layer 2 Network Protections – reloaded!
2009-11-14/a>	Adrien de Beaupre	Microsoft advisory for Windows 7 / Windows Server 2008 R2 Remote SMB DoS Exploit released
2009-11-12/a>	Rob VandenBrink	Windows 7 / Windows Server 2008 Remote SMB Exploit
2009-11-11/a>	Rob VandenBrink	Layer 2 Network Protections against Man in the Middle Attacks
2009-10-31/a>	Rick Wanner	Cyber Security Awareness Month - Day 31, ident
2009-10-30/a>	Rob VandenBrink	Cyber Security Awareness Month - Day 30 - The "Common" IPSEC VPN Protocols - IKE / ISAKMP (500/udp), ESP (IP Protocol 50), NAT-T-IKE (500/udp, 4500/udp), PPTP (tcp/1723), GRE (IP Protocol 47)
2009-10-29/a>	Kyle Haugsness	Cyber Security Awareness Month - Day 29 - dns port 53
2009-10-28/a>	Johannes Ullrich	Cyber Security Awareness Month - Day 28 - ntp (123/udp)
2009-10-25/a>	Lorna Hutcheson	Cyber Security Awareness Month - Day 25 - Port 80 and 443
2009-10-22/a>	Adrien de Beaupre	Cyber Security Awareness Month - Day 22 port 502 TCP - Modbus
2009-10-22/a>	Adrien de Beaupre	Sysinternals updates: Disk2vhd v1.1, ZoomIt v4.1, Coreinfo v2.0, VMMap v2.4
2009-10-19/a>	Daniel Wesemann	Cyber Security Awareness Month - Day 19 - ICMP
2009-10-17/a>	Rick Wanner	Cyber Security Awareness Month - Day 17 - Port 22/SSH
2009-10-16/a>	Adrien de Beaupre	Cyber Security Awareness Month - Day 16 - Port 1521 - Oracle TNS Listener
2009-10-11/a>	Mark Hofman	Cyber Security Awareness Month - Day 12 Ports 161/162 Simple Network Management Protocol (SNMP)
2009-10-09/a>	Rob VandenBrink	Cyber Security Awareness Month - Day 9 - Port 3389/tcp (RDP)
2009-10-08/a>	Johannes Ullrich	Cyber Security Awareness Month - Day 8 - Port 25 - SMTP
2009-10-06/a>	Adrien de Beaupre	Cyber Security Awareness Month - Day 6 ports 67&68 udp - bootp and dhcp
2009-10-05/a>	Adrien de Beaupre	Cyber Security Awareness Month - Day 5 port 31337
2009-09-16/a>	Bojan Zdrnja	SMB2 remote exploit released
2009-09-08/a>	Guy Bruneau	Vista/2008/Windows 7 SMB2 BSOD 0Day
2009-09-07/a>	Jim Clausing	Request for packets
2009-08-28/a>	Adrien de Beaupre	WPA with TKIP done
2009-08-08/a>	Kevin Liston	Sun OpenSSO Enterprise/Sun Access Manager XML Vulnerabilities
2009-07-12/a>	Mari Nichols	CA Apologizes for False Positive
2009-06-20/a>	Mark Hofman	G'day from Sansfire2009
2009-06-14/a>	Guy Bruneau	SANSFIRE 2009 Starts Tomorrow
2009-05-28/a>	Stephen Hall	Microsoft DirectShow vulnerability
2009-05-27/a>	donald smith	WebDAV write-up
2009-05-26/a>	Jason Lam	Vista & Win2K8 SP2 available
2009-05-02/a>	Rick Wanner	Significant increase in port 2967 traffic
2009-03-24/a>	G. N. White	CanSecWest Pwn2Own: Would IE8 have been exploitable had the event waited one more day?
2009-02-19/a>	Bojan Zdrnja	MS09-002, XML/DOC and initial infection vector
2009-02-17/a>	Bojan Zdrnja	MS09-002 exploit in the wild
2009-01-31/a>	Swa Frantzen	VMware updates
2008-11-04/a>	Marcus Sachs	Cyber Security Awareness Month 2008 - Summary and Links
2008-11-03/a>	Joel Esler	Day 34 -- Feeding The Lessons Learned Back to the Preparation Phase
2008-11-02/a>	Mari Nichols	Day 33 - Working with Management to Improve Processes
2008-11-01/a>	Koon Yaw Tan	Day 32 - What Should I Make Public?
2008-10-31/a>	Rick Wanner	Day 31 - Legal Awareness
2008-10-30/a>	Kevin Liston	Day 30 - Applying Patches and Updates
2008-10-29/a>	Deborah Hale	Day 29 - Should I Switch Software Vendors?
2008-10-28/a>	Jason Lam	Day 28 - Avoiding Finger Pointing and the Blame Game
2008-10-27/a>	Johannes Ullrich	Day 27 - Validation via Vulnerability Scanning
2008-10-25/a>	Koon Yaw Tan	Day 25 - Finding and Removing Hidden Files and Directories
2008-10-25/a>	Rick Wanner	Day 26 - Restoring Systems from Backup
2008-10-24/a>	Stephen Hall	Day 24 - Cleaning Email Servers and Clients
2008-10-22/a>	Johannes Ullrich	Day 22 - Wiping Disks and Media
2008-10-22/a>	Chris Carboni	Day 23 - Turning off Unused Services
2008-10-21/a>	Johannes Ullrich	Day 21 - Removing Bots, Keyloggers, and Spyware
2008-10-20/a>	Raul Siles	Day 20 - Eradicating a Rootkit
2008-10-19/a>	Lorna Hutcheson	Day 19 - Eradication: Forensic Analysis Tools - What Happened?
2008-10-17/a>	Rick Wanner	Day 18 - Containing Other Incidents
2008-10-17/a>	Patrick Nolan	Day 17 - Containing a DNS Hijacking
2008-10-16/a>	Mark Hofman	Day 16 - Containing a Malware Outbreak
2008-10-15/a>	Rick Wanner	Day 15 - Containing the Damage From a Lost or Stolen Laptop
2008-10-14/a>	Swa Frantzen	Day 14 - Containment: a Personal IdentityTheft Incident
2008-10-13/a>	Adrien de Beaupre	Day 13 - Containment: Containing on Production Systems Such as a Web Server
2008-10-12/a>	Mari Nichols	Day 12 Containment: Gathering Evidence That Can be Used in Court
2008-10-11/a>	Stephen Hall	Day 11 - Identification: Other Methods of Identifying an Incident
2008-10-10/a>	Marcus Sachs	Day 10 - Identification: Using Your Help Desk to Identify Security Incidents
2008-10-09/a>	Marcus Sachs	Day 9 - Identification: Log and Audit Analysis
2008-10-08/a>	Johannes Ullrich	Day 8 - Global Incident Awareness
2008-10-07/a>	Kyle Haugsness	Day 7 - Identification: Host-based Intrusion Detection Systems
2008-10-06/a>	Jim Clausing	Day 6 - Network-based Intrusion Detection Systems
2008-10-05/a>	Stephen Hall	Day 5 - Identification: Events versus Incidents
2008-10-04/a>	Marcus Sachs	Day 4 - Preparation: What Goes Into a Response Kit
2008-10-03/a>	Jason Lam	Day 3 - Preparation: Building Checklists
2008-10-02/a>	Marcus Sachs	Day 2 - Preparation: Building a Response Team
2008-10-01/a>	Marcus Sachs	Day 1 - Preparation: Policies, Management Support, and User Awareness
2008-09-30/a>	Marcus Sachs	Cyber Security Awareness Month - Daily Topics
2008-09-15/a>	donald smith	Fake antivirus 2009 and search engine results
2008-08-26/a>	John Bambenek	Active attacks using stolen SSH keys (UPDATED)
2008-08-15/a>	Jim Clausing	Another MS update that may have escaped notice
2008-04-27/a>	Marcus Sachs	What's With Port 20329?
2008-04-22/a>	donald smith	XP SP3 RC2 Available
2008-04-10/a>	Deborah Hale	Symantec Threatcon Level 2
2006-09-19/a>	Swa Frantzen	Yet another MSIE 0-day: VML
2006-09-15/a>	Swa Frantzen	MSIE DirectAnimation ActiveX 0-day update
2006-09-12/a>	Swa Frantzen	Microsoft security patches for September 2006
2000-01-02/a>	Deborah Hale	2010 A Look Back - 2011 A Look Ahead
2000-01-01/a>	Manuel Humberto Santander Pelaez	Happy New Year 2011!!!

LAYER 2

LAYER

2