Diaries by Keyword - SANS Internet Storm Center

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Handler on Duty: Yee Ching Tok

Threat Level: green

Date	Author	Title
2023-11-18	Xavier Mertens	Quasar RAT Delivered Through Updated SharpLoader
2023-08-20	Guy Bruneau	SystemBC Malware Activity
2023-08-18	Xavier Mertens	From a Zalando Phishing to a RAT
2023-08-11	Xavier Mertens	Show me All Your Windows!
2023-06-29	Brad Duncan	GuLoader- or DBatLoader/ModiLoader-style infection for Remcos RAT
2023-06-16	Xavier Mertens	Another RAT Delivered Through VBS
2023-05-30	Brad Duncan	Malspam pushes ModiLoader (DBatLoader) infection for Remcos RAT
2023-05-20	Xavier Mertens	Phishing Kit Collecting Victim's IP Address
2023-05-19	Xavier Mertens	When the Phisher Messes Up With Encoding
2023-05-14	Guy Bruneau	VMware Aria Operations addresses multiple Local Privilege Escalations and a Deserialization issue
2023-05-07	Didier Stevens	Quickly Finding Encoded Payloads in Office Documents
2023-05-03	Xavier Mertens	Increased Number of Configuration File Scans
2023-03-12	Guy Bruneau	AsynRAT Trojan - Bill Payment (Pago de la factura)
2023-03-11	Xavier Mertens	Overview of a Mirai Payload Generator
2022-10-21	Brad Duncan	sczriptzzbn inject pushes malware for NetSupport RAT
2022-09-22	Xavier Mertens	RAT Delivered Through FODHelper
2022-07-28	Johannes Ullrich	Exfiltrating Data With Bookmarks
2022-06-16	Xavier Mertens	Houdini is Back Delivered Through a JavaScript Dropper
2022-06-04	Guy Bruneau	Spam Email Contains a Very Large ISO file
2022-05-20	Xavier Mertens	A 'Zip Bomb' to Bypass Security Controls & Sandboxes
2022-05-05	Brad Duncan	Password-protected Excel spreadsheet pushes Remcos RAT
2022-05-03	Rob VandenBrink	Finding the Real "Last Patched" Day (Interim Version)
2022-03-11	Xavier Mertens	Keep an Eye on WebSockets
2022-03-09	Xavier Mertens	Infostealer in a Batch File
2022-02-18	Xavier Mertens	Remcos RAT Delivered Through Double Compressed Archive
2022-02-11	Xavier Mertens	CinaRAT Delivered Through HTML ID Attributes
2022-01-07	Xavier Mertens	Custom Python RAT Builder
2021-12-01	Xavier Mertens	Info-Stealer Using webhook.site to Exfiltrate Data
2021-11-04	Brad Duncan	October 2021 Forensic Contest: Answers and Analysis
2021-09-01	Brad Duncan	STRRAT: a Java-based RAT that doesn't care if you have Java
2021-06-21	Rick Wanner	Mitre CWE - Common Weakness Enumeration
2021-04-09	Xavier Mertens	No Python Interpreter? This Simple RAT Installs Its Own Copy
2021-03-31	Xavier Mertens	Quick Analysis of a Modular InfoStealer
2021-03-04	Xavier Mertens	From VBS, PowerShell, C Sharp, Process Hollowing to RAT
2021-02-24	Brad Duncan	Malspam pushes GuLoader for Remcos RAT
2021-02-04	Bojan Zdrnja	Abusing Google Chrome extension syncing for data exfiltration and C&C
2020-10-14	Xavier Mertens	Nicely Obfuscated Python RAT
2020-09-30	Johannes Ullrich	Scans for FPURL.xml: Reconnaissance or Not?
2020-09-28	Xavier Mertens	Some Tyler Technologies Customers Targeted with The Installation of a Bomgar Client
2020-08-25	Xavier Mertens	Keep An Eye on LOLBins
2020-08-18	Xavier Mertens	Using API's to Track Attackers
2020-08-10	Bojan Zdrnja	Scoping web application and web service penetration tests
2020-08-04	Johannes Ullrich	Internet Choke Points: Concentration of Authoritative Name Servers
2020-05-14	Rob VandenBrink	Patch Tuesday Revisited - CVE-2020-1048 isn't as "Medium" as MS Would Have You Believe
2020-04-17	Xavier Mertens	Weaponized RTF Document Generator & Mailer in PowerShell
2020-02-05	Brad Duncan	Fake browser update pages are "still a thing"
2020-01-10	Xavier Mertens	More Data Exfiltration
2019-10-29	Xavier Mertens	Generating PCAP Files from YAML
2019-09-27	Xavier Mertens	New Scans for Polycom Autoconfiguration Files
2019-09-25	Brad Duncan	Malspam pushing Quasar RAT
2019-09-19	Xavier Mertens	Agent Tesla Trojan Abusing Corporate Email Accounts
2019-09-19	Xavier Mertens	Blocklisting or Whitelisting in the Right Way
2019-04-26	Rob VandenBrink	Pillaging Passwords from Service Accounts
2019-04-24	Rob VandenBrink	Where have all the Domain Admins gone? Rooting out Unwanted Domain Administrators
2019-03-06	Xavier Mertens	Keep an Eye on Disposable Email Addresses
2018-11-27	Rob VandenBrink	Data Exfiltration in Penetration Tests
2018-09-19	Rob VandenBrink	Certificates Revisited - SSL VPN Certificates 2 Ways
2018-09-05	Rob VandenBrink	Where have all my Certificates gone? (And when do they expire?)
2018-08-24	Xavier Mertens	Microsoft Publisher Files Delivering Malware
2018-06-15	Lorna Hutcheson	SMTP Strangeness - Possible C2
2018-05-19	Xavier Mertens	Malicious Powershell Targeting UK Bank Customers
2018-05-10	Bojan Zdrnja	Exfiltrating data from (very) isolated environments
2017-12-13	Xavier Mertens	Tracking Newly Registered Domains
2017-11-03	Xavier Mertens	Simple Analysis of an Obfuscated JAR File
2017-08-17	Xavier Mertens	Maldoc with auto-updated link
2017-06-08	Tom Webb	Summer STEM for Kids
2017-05-10	Johannes Ullrich	Read This If You Are Using a Script to Pull Data From This Site
2017-04-20	Xavier Mertens	DNS Query Length... Because Size Does Matter
2016-09-04	Russ McRee	Kali Linux 2016.2 Release: https://www.kali.org/news/kali-linux-20162-release/
2016-07-26	Johannes Ullrich	Command and Control Channels Using "AAAA" DNS Records
2016-06-15	Richard Porter	Warp Speed Ahead, L7 Open Source Packet Generator: Warp17
2016-04-02	Russell Eubanks	Why Can't We Be Friends?
2015-12-24	Xavier Mertens	Unity Makes Strength
2015-11-09	John Bambenek	Protecting Users and Enterprises from the Mobile Malware Threat
2015-09-03	Xavier Mertens	Querying the DShield API from RTIR
2014-08-22	Richard Porter	OCLHashCat 1.30 Released
2014-08-09	Adrien de Beaupre	Complete application ownage via Multi-POST XSRF
2014-07-19	Russ McRee	Keeping the RATs out: the trap is sprung - Part 3
2014-07-18	Russ McRee	Keeping the RATs out: **it happens - Part 2
2014-07-16	Russ McRee	Keeping the RATs out: an exercise in building IOCs - Part 1
2014-03-13	Daniel Wesemann	Identification and authentication are hard ... finding out intention is even harder
2013-06-18	Russ McRee	Volatility rules...any questions?
2013-04-25	Adam Swanger	Guest Diary: Dylan Johnson - A week in the life of some Perimeter Firewalls
2013-04-17	John Bambenek	UPDATEDx1: Boston-Related Malware Campaigns Have Begun - Now with Waco Plant Explosion Fun
2013-04-16	John Bambenek	Fake Boston Marathon Scams Update
2013-04-15	John Bambenek	Please send any spam (full headers), URLs or other suspicious content scamming off Boston Marathon explosions to handlers@sans.org
2013-03-03	Richard Porter	Uptick in MSSQL Activity
2013-02-06	Johannes Ullrich	Are you losing system logging information (and don't know it)?
2012-10-30	Mark Hofman	Cyber Security Awareness Month - Day 30 - DSD 35 mitigating controls
2012-05-22	Johannes Ullrich	nmap 6 released
2012-01-03	Rick Wanner	Analysis of the Stratfor Password List
2011-12-25	Deborah Hale	Another Company Falls Victim
2011-10-26	Rick Wanner	Critical Control 17:Penetration Tests and Red Team Exercises
2010-10-03	Adrien de Beaupre	Canada's Cyber Security Strategy released today
2010-08-23	Manuel Humberto Santander Pelaez	Firefox plugins to perform penetration testing activities
2010-08-16	Raul Siles	Blind Elephant: A New Web Application Fingerprinting Tool
2010-07-08	Kyle Haugsness	Pirate Bay account database compromised
2010-06-06	Manuel Humberto Santander Pelaez	Nice OS X exploit tutorial
2010-04-13	Adrien de Beaupre	Web App Testing Tools
2010-03-06	Tony Carothers	Integration and the Security of New Technologies
2010-02-22	Rob VandenBrink	New Risks in Penetration Testing
2009-07-27	Raul Siles	New Hacker Challenge: Prison Break - Breaking, Entering & Decoding
2009-04-21	Bojan Zdrnja	Web application vulnerabilities
2009-01-20	Adrien de Beaupre	Obamamania
2008-11-25	Andre Ludwig	The beginnings of a collaborative approach to IDS
2008-09-20	Rick Wanner	New (to me) nmap Features
2008-07-18	Adrien de Beaupre	Exit process?
2008-03-30	Mark Hofman	Mail Anyone?