Internet Storm Center
Sign In
Sign Up
Watch ISC TV. Great for NOCs, SOCs and Living Rooms:
https://isctv.sans.edu
Handler on Duty:
Yee Ching Tok
Threat Level:
green
Date
Author
Title
2022-10-21
Brad Duncan
sczriptzzbn inject pushes malware for NetSupport RAT
2022-09-22
Xavier Mertens
RAT Delivered Through FODHelper
2022-07-28
Johannes Ullrich
Exfiltrating Data With Bookmarks
2022-06-16
Xavier Mertens
Houdini is Back Delivered Through a JavaScript Dropper
2022-06-04
Guy Bruneau
Spam Email Contains a Very Large ISO file
2022-05-20
Xavier Mertens
A 'Zip Bomb' to Bypass Security Controls & Sandboxes
2022-05-05
Brad Duncan
Password-protected Excel spreadsheet pushes Remcos RAT
2022-05-03
Rob VandenBrink
Finding the Real "Last Patched" Day (Interim Version)
2022-03-11
Xavier Mertens
Keep an Eye on WebSockets
2022-03-09
Xavier Mertens
Infostealer in a Batch File
2022-02-18
Xavier Mertens
Remcos RAT Delivered Through Double Compressed Archive
2022-02-11
Xavier Mertens
CinaRAT Delivered Through HTML ID Attributes
2022-01-07
Xavier Mertens
Custom Python RAT Builder
2021-12-01
Xavier Mertens
Info-Stealer Using webhook.site to Exfiltrate Data
2021-11-04
Brad Duncan
October 2021 Forensic Contest: Answers and Analysis
2021-09-01
Brad Duncan
STRRAT: a Java-based RAT that doesn't care if you have Java
2021-06-21
Rick Wanner
Mitre CWE - Common Weakness Enumeration
2021-04-09
Xavier Mertens
No Python Interpreter? This Simple RAT Installs Its Own Copy
2021-03-31
Xavier Mertens
Quick Analysis of a Modular InfoStealer
2021-03-04
Xavier Mertens
From VBS, PowerShell, C Sharp, Process Hollowing to RAT
2021-02-24
Brad Duncan
Malspam pushes GuLoader for Remcos RAT
2021-02-04
Bojan Zdrnja
Abusing Google Chrome extension syncing for data exfiltration and C&C
2020-10-14
Xavier Mertens
Nicely Obfuscated Python RAT
2020-09-30
Johannes Ullrich
Scans for FPURL.xml: Reconnaissance or Not?
2020-09-28
Xavier Mertens
Some Tyler Technologies Customers Targeted with The Installation of a Bomgar Client
2020-08-25
Xavier Mertens
Keep An Eye on LOLBins
2020-08-18
Xavier Mertens
Using API's to Track Attackers
2020-08-10
Bojan Zdrnja
Scoping web application and web service penetration tests
2020-08-04
Johannes Ullrich
Internet Choke Points: Concentration of Authoritative Name Servers
2020-05-14
Rob VandenBrink
Patch Tuesday Revisited - CVE-2020-1048 isn't as "Medium" as MS Would Have You Believe
2020-04-17
Xavier Mertens
Weaponized RTF Document Generator & Mailer in PowerShell
2020-02-05
Brad Duncan
Fake browser update pages are "still a thing"
2020-01-10
Xavier Mertens
More Data Exfiltration
2019-10-29
Xavier Mertens
Generating PCAP Files from YAML
2019-09-27
Xavier Mertens
New Scans for Polycom Autoconfiguration Files
2019-09-25
Brad Duncan
Malspam pushing Quasar RAT
2019-09-19
Xavier Mertens
Agent Tesla Trojan Abusing Corporate Email Accounts
2019-09-19
Xavier Mertens
Blocklisting or Whitelisting in the Right Way
2019-04-26
Rob VandenBrink
Pillaging Passwords from Service Accounts
2019-04-24
Rob VandenBrink
Where have all the Domain Admins gone? Rooting out Unwanted Domain Administrators
2019-03-06
Xavier Mertens
Keep an Eye on Disposable Email Addresses
2018-11-27
Rob VandenBrink
Data Exfiltration in Penetration Tests
2018-09-19
Rob VandenBrink
Certificates Revisited - SSL VPN Certificates 2 Ways
2018-09-05
Rob VandenBrink
Where have all my Certificates gone? (And when do they expire?)
2018-08-24
Xavier Mertens
Microsoft Publisher Files Delivering Malware
2018-06-15
Lorna Hutcheson
SMTP Strangeness - Possible C2
2018-05-19
Xavier Mertens
Malicious Powershell Targeting UK Bank Customers
2018-05-10
Bojan Zdrnja
Exfiltrating data from (very) isolated environments
2017-12-13
Xavier Mertens
Tracking Newly Registered Domains
2017-11-03
Xavier Mertens
Simple Analysis of an Obfuscated JAR File
2017-08-17
Xavier Mertens
Maldoc with auto-updated link
2017-06-08
Tom Webb
Summer STEM for Kids
2017-05-10
Johannes Ullrich
Read This If You Are Using a Script to Pull Data From This Site
2017-04-20
Xavier Mertens
DNS Query Length... Because Size Does Matter
2016-09-04
Russ McRee
Kali Linux 2016.2 Release: https://www.kali.org/news/kali-linux-20162-release/
2016-07-26
Johannes Ullrich
Command and Control Channels Using "AAAA" DNS Records
2016-06-15
Richard Porter
Warp Speed Ahead, L7 Open Source Packet Generator: Warp17
2016-04-02
Russell Eubanks
Why Can't We Be Friends?
2015-12-24
Xavier Mertens
Unity Makes Strength
2015-11-09
John Bambenek
Protecting Users and Enterprises from the Mobile Malware Threat
2015-09-03
Xavier Mertens
Querying the DShield API from RTIR
2014-08-22
Richard Porter
OCLHashCat 1.30 Released
2014-08-09
Adrien de Beaupre
Complete application ownage via Multi-POST XSRF
2014-07-19
Russ McRee
Keeping the RATs out: the trap is sprung - Part 3
2014-07-18
Russ McRee
Keeping the RATs out: **it happens - Part 2
2014-07-16
Russ McRee
Keeping the RATs out: an exercise in building IOCs - Part 1
2014-03-13
Daniel Wesemann
Identification and authentication are hard ... finding out intention is even harder
2013-06-18
Russ McRee
Volatility rules...any questions?
2013-04-25
Adam Swanger
Guest Diary: Dylan Johnson - A week in the life of some Perimeter Firewalls
2013-04-17
John Bambenek
UPDATEDx1: Boston-Related Malware Campaigns Have Begun - Now with Waco Plant Explosion Fun
2013-04-16
John Bambenek
Fake Boston Marathon Scams Update
2013-04-15
John Bambenek
Please send any spam (full headers), URLs or other suspicious content scamming off Boston Marathon explosions to handlers@sans.org
2013-03-03
Richard Porter
Uptick in MSSQL Activity
2013-02-06
Johannes Ullrich
Are you losing system logging information (and don't know it)?
2012-10-30
Mark Hofman
Cyber Security Awareness Month - Day 30 - DSD 35 mitigating controls
2012-05-22
Johannes Ullrich
nmap 6 released
2012-01-03
Rick Wanner
Analysis of the Stratfor Password List
2011-12-25
Deborah Hale
Another Company Falls Victim
2011-10-26
Rick Wanner
Critical Control 17:Penetration Tests and Red Team Exercises
2010-10-03
Adrien de Beaupre
Canada's Cyber Security Strategy released today
2010-08-23
Manuel Humberto Santander Pelaez
Firefox plugins to perform penetration testing activities
2010-08-16
Raul Siles
Blind Elephant: A New Web Application Fingerprinting Tool
2010-07-08
Kyle Haugsness
Pirate Bay account database compromised
2010-06-06
Manuel Humberto Santander Pelaez
Nice OS X exploit tutorial
2010-04-13
Adrien de Beaupre
Web App Testing Tools
2010-03-06
Tony Carothers
Integration and the Security of New Technologies
2010-02-22
Rob VandenBrink
New Risks in Penetration Testing
2009-07-27
Raul Siles
New Hacker Challenge: Prison Break - Breaking, Entering & Decoding
2009-04-21
Bojan Zdrnja
Web application vulnerabilities
2009-01-20
Adrien de Beaupre
Obamamania
2008-11-25
Andre Ludwig
The beginnings of a collaborative approach to IDS
2008-09-20
Rick Wanner
New (to me) nmap Features
2008-07-18
Adrien de Beaupre
Exit process?
2008-03-30
Mark Hofman
Mail Anyone?
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Forums
Auditing
Diary Discussions
Forensics
General Discussions
Industry News
Network Security
Penetration Testing
Software Security
Contact Us
Contact Us
About Us
Handlers
Slack Channel
Mastodon
Twitter
Make the web a better place by
sharing the SANS Internet Storm Center
with others
