Internet Storm Center
Sign In
Sign Up
Participate: Learn more about our honeypot network
https://isc.sans.edu/tools/honeypot/
Handler on Duty:
Yee Ching Tok
Threat Level:
green
Date
Author
Title
2023-01-17
Rob VandenBrink
Finding that one GPO Setting in a Pool of Hundreds of GPOs
2023-01-04
Rob VandenBrink
Update to RTRBK - Diff and File Dates in PowerShell
2022-12-28
Rob VandenBrink
Playing with Powershell and JSON (and Amazon and Firewalls)
2022-11-09
Xavier Mertens
Another Script-Based Ransomware
2022-10-31
Rob VandenBrink
NMAP without NMAP - Port Testing and Scanning with PowerShell
2022-10-17
Xavier Mertens
Fileless Powershell Dropper
2022-10-07
Xavier Mertens
Powershell Backdoor with DGA Capability
2022-09-14
Xavier Mertens
Easy Process Injection within Python
2022-07-25
Xavier Mertens
PowerShell Script with Fileless Capability
2022-06-25
Xavier Mertens
Malicious Code Passed to PowerShell via the Clipboard
2022-06-22
Xavier Mertens
Malicious PowerShell Targeting Cryptocurrency Browser Extensions
2022-06-03
Xavier Mertens
Sandbox Evasion... With Just a Filename!
2022-05-12
Rob VandenBrink
When Get-WebRequest Fails You
2022-04-25
Xavier Mertens
Simple PDF Linking to Malicious Content
2022-03-31
Johannes Ullrich
Spring Vulnerability Update - Exploitation Attempts CVE-2022-22965
2022-03-30
Johannes Ullrich
Possible new Java Spring Framework Vulnerability (Updated: not a Spring problem)
2022-03-30
Johannes Ullrich
Java Springtime Confusion: What Vulnerability are We Talking About
2022-03-11
Xavier Mertens
Keep an Eye on WebSockets
2022-02-23
Johannes Ullrich
The Rise and Fall of log4shell
2022-01-22
Xavier Mertens
Mixed VBA & Excel4 Macro In a Targeted Excel Sheet
2022-01-20
Xavier Mertens
RedLine Stealer Delivered Through FTP
2022-01-17
Johannes Ullrich
Log4Shell Attacks Getting "Smarter"
2022-01-06
Xavier Mertens
Malicious Python Script Targeting Chinese People
2021-12-23
Johannes Ullrich
log4shell and cloud provider internal meta data services (IMDS)
2021-12-23
Johannes Ullrich
Defending Cloud IMDS Against log4shell (and more)
2021-12-21
Xavier Mertens
More Undetected PowerShell Dropper
2021-12-15
Xavier Mertens
Simple but Undetected PowerShell Backdoor
2021-12-14
Johannes Ullrich
Log4j: Getting ready for the long haul (CVE-2021-44228)
2021-12-11
Johannes Ullrich
Log4j / Log4Shell Followup: What we see and how to defend (and how to access our data)
2021-12-10
Xavier Mertens
Python Shellcode Injection From JSON Data
2021-12-10
Bojan Zdrnja
RCE in log4j, Log4Shell, or how things can get bad quickly
2021-12-07
Johannes Ullrich
Webshells, Webshells everywhere!
2021-11-15
Rob VandenBrink
Changing your AD Password Using the Clipboard - Not as Easy as You'd Think!
2021-10-18
Xavier Mertens
Malicious PowerShell Using Client Certificate Authentication
2021-10-01
Xavier Mertens
New Tool to Add to Your LOLBAS List: cvtres.exe
2021-08-20
Xavier Mertens
Waiting for the C2 to Show Up
2021-08-09
Jan Kopriva
ProxyShell - how many Exchange servers are affected and where are they?
2021-05-28
Xavier Mertens
Malicious PowerShell Hosted on script.google.com
2021-05-18
Xavier Mertens
From RunDLL32 to JavaScript then PowerShell
2021-05-06
Xavier Mertens
Alternative Ways To Perform Basic Tasks
2021-04-08
Xavier Mertens
Simple Powershell Ransomware Creating a 7Z Archive of your Files
2021-02-12
Xavier Mertens
AgentTesla Dropped Through Automatic Click in Microsoft Help File
2021-02-01
Rob VandenBrink
Taking a Shot at Reverse Shell Attacks, CNC Phone Home and Data Exfil from Servers
2021-01-21
Xavier Mertens
Powershell Dropping a REvil Ransomware
2021-01-18
Didier Stevens
Doc & RTF Malicious Document
2021-01-10
Didier Stevens
Maldoc Analysis With CyberChef
2021-01-09
Didier Stevens
Maldoc Strings Analysis
2020-12-24
Xavier Mertens
Malicious Word Document Delivering an Octopus Backdoor
2020-11-30
Didier Stevens
Decrypting PowerShell Payloads (video)
2020-11-25
Xavier Mertens
Live Patching Windows API Calls Using PowerShell
2020-11-19
Xavier Mertens
PowerShell Dropper Delivering Formbook
2020-11-05
Xavier Mertens
Did You Spot "Invoke-Expression"?
2020-09-24
Xavier Mertens
Party in Ibiza with PowerShell
2020-09-23
Xavier Mertens
Malicious Word Document with Dynamic Content
2020-09-11
Rob VandenBrink
What's in Your Clipboard? Pillaging and Protecting the Clipboard
2020-09-02
Xavier Mertens
Python and Risky Windows API Calls
2020-08-28
Xavier Mertens
Example of Malicious DLL Injected in PowerShell
2020-08-20
Rob VandenBrink
Office 365 Mail Forwarding Rules (and other Mail Rules too)
2020-08-06
Xavier Mertens
A Fork of the FTCode Powershell Ransomware
2020-08-03
Xavier Mertens
Powershell Bot with Multiple C2 Protocols
2020-07-27
Didier Stevens
Analyzing Metasploit ASP .NET Payloads
2020-07-19
Guy Bruneau
Scanning Activity for ZeroShell Unauthenticated Access
2020-06-12
Xavier Mertens
Malicious Excel Delivering Fileless Payload
2020-05-15
Rob VandenBrink
Hashes in PowerShell
2020-05-15
Rob VandenBrink
SHA3 Hashes (on Windows) - Where Art Thou?
2020-04-27
Xavier Mertens
Powershell Payload Stored in a PSCredential Object
2020-04-24
Xavier Mertens
Malicious Excel With a Strong Obfuscation and Sandbox Evasion
2020-04-17
Xavier Mertens
Weaponized RTF Document Generator & Mailer in PowerShell
2020-04-10
Xavier Mertens
PowerShell Sample Extracting Payload From SSL
2020-02-28
Xavier Mertens
Show me Your Clipboard Data!
2020-01-23
Xavier Mertens
Complex Obfuscation VS Simple Trick
2019-12-26
Xavier Mertens
Bypassing UAC to Install a Cryptominer
2019-12-09
Didier Stevens
(Lazy) Sunday Maldoc Analysis
2019-10-27
Didier Stevens
Using scdbg to Find Shellcode
2019-10-25
Rob VandenBrink
More on DNS Archeology (with PowerShell)
2019-09-17
Rob VandenBrink
Investigating Gaps in your Windows Event Logs
2019-07-28
Didier Stevens
Video: Analyzing Compressed PowerShell Scripts
2019-07-11
Xavier Mertens
Russian Dolls Malicious Script Delivering Ursnif
2019-07-10
Rob VandenBrink
Dumping File Contents in Hex (in PowerShell)
2019-06-28
Rob VandenBrink
Verifying Running Processes against VirusTotal - Domain-Wide
2019-06-27
Rob VandenBrink
Finding the Gold in a Pile of Pennies - Long Tail Analysis in PowerShell
2019-06-21
Rob VandenBrink
Netstat Local and Remote -new and improved, now with more PowerShell!
2019-06-03
Didier Stevens
Tip: BASE64 Encoded PowerShell Scripts are Recognizable by the Amount of Letter As
2019-05-31
Didier Stevens
Retrieving Second Stage Payload with Ncat
2019-05-30
Didier Stevens
Analyzing First Stage Shellcode
2019-05-28
Didier Stevens
Office Document & BASE64? PowerShell!
2019-04-25
Rob VandenBrink
Service Accounts Redux - Collecting Service Accounts with PowerShell
2019-04-24
Rob VandenBrink
Where have all the Domain Admins gone? Rooting out Unwanted Domain Administrators
2019-04-04
Xavier Mertens
New Waves of Scans Detected by an Old Rule
2019-03-30
Didier Stevens
"404" is not Malware
2019-03-20
Rob VandenBrink
Using AD to find hosts that aren't in AD - fun with the [IPAddress] construct!
2019-03-10
Didier Stevens
Malicious HTA Analysis by a Reader
2019-03-10
Didier Stevens
Quick and Dirty Malicious HTA Analysis
2019-03-05
Rob VandenBrink
Powershell, Active Directory and the Windows Host Firewall
2019-02-21
Xavier Mertens
Simple Powershell Keyloggers are Back
2019-02-17
Didier Stevens
Video: Finding Property Values in Office Documents
2019-02-16
Didier Stevens
Finding Property Values in Office Documents
2019-02-10
Didier Stevens
Video: Maldoc Analysis of the Weekend
2019-02-09
Didier Stevens
Maldoc Analysis of the Weekend
2019-01-24
Brad Duncan
Malspam with Word docs uses macro to run Powershell script and steal system data
2019-01-14
Rob VandenBrink
Microsoft LAPS - Blue Team / Red Team
2019-01-02
Didier Stevens
Maldoc with Nonfunctional Shellcode
2019-01-02
Xavier Mertens
Malicious Script Leaking Data via FTP
2018-12-19
Xavier Mertens
Restricting PowerShell Capabilities with NetSh
2018-12-15
Didier Stevens
De-DOSfuscation Example
2018-12-12
Didier Stevens
Yet Another DOSfuscation Sample
2018-12-03
Didier Stevens
Word maldoc: yet another place to hide a command
2018-11-27
Xavier Mertens
More obfuscated shell scripts: Fake MacOS Flash update
2018-11-26
Xavier Mertens
Obfuscated bash script targeting QNap boxes
2018-11-22
Xavier Mertens
Divided Payload in Multiple Pasties
2018-11-16
Xavier Mertens
Basic Obfuscation With Permissive Languages
2018-11-06
Xavier Mertens
Malicious Powershell Script Dissection
2018-10-26
Xavier Mertens
Dissecting Malicious Office Documents with Linux
2018-10-22
Xavier Mertens
Malicious Powershell using a Decoy Picture
2018-09-30
Didier Stevens
When DOSfuscation Helps...
2018-09-24
Didier Stevens
Analyzing Encoded Shellcode with scdbg
2018-09-08
Didier Stevens
Video: Using scdbg to analyze shellcode
2018-09-05
Xavier Mertens
Malicious PowerShell Compiling C# Code on the Fly
2018-09-03
Didier Stevens
Another quickie: Using scdbg to analyze shellcode
2018-08-31
Jim Clausing
Quickie: Using radare2 to disassemble shellcode
2018-07-30
Didier Stevens
Malicious Word documents using DOSfuscation
2018-07-26
Xavier Mertens
Windows Batch File Deobfuscation
2018-06-19
Xavier Mertens
PowerShell: ScriptBlock Logging... Or Not?
2018-06-04
Rob VandenBrink
Digging into Authenticode Certificates
2018-05-19
Xavier Mertens
Malicious Powershell Targeting UK Bank Customers
2018-05-09
Xavier Mertens
Nice Phishing Sample Delivering Trickbot
2018-05-06
Guy Bruneau
Scans Attempting to use PowerShell to Download PHP Script
2018-03-04
Xavier Mertens
The Crypto Miners Fight For CPU Cycles
2017-11-29
Xavier Mertens
Fileless Malicious PowerShell Sample
2017-11-15
Xavier Mertens
If you want something done right, do it yourself!
2017-11-11
Xavier Mertens
Keep An Eye on your Root Certificates
2017-10-31
Xavier Mertens
Some Powershell Malicious Code
2017-09-14
Xavier Mertens
Another webshell, another backdoor!
2017-09-11
Russ McRee
Windows Auditing with WINspect
2017-08-23
Xavier Mertens
Malicious script dropping an executable signed by Avast?
2017-08-20
Didier Stevens
It's Not An Invoice ...
2017-08-01
Rob VandenBrink
Rooting Out Hosts that Support Older Samba Versions
2017-05-12
Xavier Mertens
When Bad Guys are Pwning Bad Guys...
2017-05-03
Bojan Zdrnja
Powershelling with exploits
2017-03-30
Xavier Mertens
Diverting built-in features for the bad
2017-02-28
Xavier Mertens
Analysis of a Simple PHP Backdoor
2017-02-17
Rob VandenBrink
RTRBK - Router / Switch / Firewall Backups in PowerShell (tool drop)
2016-12-02
Rob VandenBrink
Protecting Powershell Credentials (NOT)
2016-11-24
Didier Stevens
Extracting Shellcode From JavaScript
2016-11-23
Tom Webb
Mapping Attack Methodology to Controls
2016-11-18
Didier Stevens
VBA Shellcode and Windows 10
2016-10-31
Russ McRee
SEC505 DFIR capture script: snapshot.ps1
2016-07-13
Xavier Mertens
The Power of Web Shells
2016-06-03
Tom Liston
MySQL is YourSQL
2016-04-28
Rob VandenBrink
DNS and DHCP Recon using Powershell
2016-04-15
Xavier Mertens
Windows Command Line Persistence?
2016-01-26
Rob VandenBrink
Pentest Time Machine: NMAP + Powershell + whatever tool is next
2016-01-25
Rob VandenBrink
Assessing Remote Certificates with Powershell
2016-01-19
Rob VandenBrink
Powershell and HTTPS ? It Ain?t All Rainbows And Lollipops! (or is it?)
2016-01-06
Russ McRee
toolsmith #112: Red vs Blue - PowerSploit vs PowerForensics
2015-12-14
Russ McRee
AD Security's Unofficial Guide to Mimikatz & Command Reference
2015-12-10
Rob VandenBrink
Uninstalling Problem Applications using Powershell
2015-12-09
Xavier Mertens
Enforcing USB Storage Policy with PowerShell
2015-12-02
Rob VandenBrink
Nessus and Powershell is like Chocolate and Peanut Butter!
2015-08-12
Rob VandenBrink
Windows Service Accounts - Why They're Evil and Why Pentesters Love them!
2015-06-29
Rob VandenBrink
The Powershell Diaries 2 - Software Inventory
2015-06-24
Rob VandenBrink
The Powershell Diaries - Finding Problem User Accounts in AD
2015-03-30
Didier Stevens
YARA Rules For Shellcode
2015-02-03
Johannes Ullrich
Another Network Forensic Tool for the Toolbox - Dshell
2014-10-24
Kevin Liston
Shellshock via SMTP
2014-10-23
Russ McRee
Digest: 23 OCT 2014
2014-10-06
Johannes Ullrich
Shellshock: More details released about CVE-2014-6277 and CVE-2014-6278. Also: Does Windows have a shellshock problem?
2014-10-01
Russ McRee
Security Onion news: Updated ShellShock detection scripts for Bro
2014-09-29
Johannes Ullrich
Apple Released Update to Fix Shellshock Vulnerability http://support.apple.com/kb/DL1769
2014-09-25
Johannes Ullrich
Update on CVE-2014-6271: Vulnerability in bash (shellshock)
2014-04-06
Basil Alawi S.Taher
"Power Worm" PowerShell based Malware
2013-10-26
Guy Bruneau
Active Perl/Shellbot Trojan
2013-06-25
Bojan Zdrnja
The race for resources
2013-02-28
Daniel Wesemann
Parsing Windows Eventlogs in Powershell
2012-04-25
Daniel Wesemann
Blacole's shell code
2011-11-10
Rob VandenBrink
Stuff I Learned Scripting - - Parsing XML in a One-Liner
2009-10-17
Rick Wanner
Cyber Security Awareness Month - Day 17 - Port 22/SSH
2009-07-05
Bojan Zdrnja
More on ColdFusion hacks
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Forums
Auditing
Diary Discussions
Forensics
General Discussions
Industry News
Network Security
Penetration Testing
Software Security
Contact Us
Contact Us
About Us
Handlers
Slack Channel
Mastodon
Twitter
Subscribe to the daily podcast via
RSS
or
iTunes