Internet Storm Center
Sign In
Sign Up
Participate: Learn more about our honeypot network
https://isc.sans.edu/tools/honeypot/
Handler on Duty:
Guy Bruneau
Threat Level:
green
Date
Author
Title
2023-03-11
Xavier Mertens
Overview of a Mirai Payload Generator
2023-02-04
Guy Bruneau
Assemblyline as a Malware Analysis Sandbox
2022-12-20
Xavier Mertens
Linux File System Monitoring & Actions
2022-05-07
Guy Bruneau
Phishing PDF Received in my ISC Mailbox
2022-02-22
Xavier Mertens
A Good Old Equation Editor Vulnerability Delivering Malware
2021-10-16
Guy Bruneau
Apache is Actively Scan for CVE-2021-41773 & CVE-2021-42013
2021-09-24
Xavier Mertens
Keep an Eye on Your Users Mobile Devices (Simple Inventory)
2021-09-15
Brad Duncan
Hancitor campaign abusing Microsoft's OneDrive
2021-07-28
Jan Kopriva
A sextortion e-mail from...IT support?!
2021-07-09
Brad Duncan
Hancitor tries XLL as initial malware file
2021-06-30
Brad Duncan
June 2021 Forensic Contest: Answers and Analysis
2021-06-25
Jim Clausing
Is this traffic bAD?
2021-05-07
Daniel Wesemann
Exposed Azure Storage Containers
2021-02-25
Jim Clausing
So where did those Satori attacks come from?
2021-02-16
Jim Clausing
More weirdness on TCP port 26
2021-01-13
Brad Duncan
Hancitor activity resumes after a hoilday break
2020-12-06
Didier Stevens
oledump's Indicators (video)
2020-12-05
Guy Bruneau
Is IP 91.199.118.137 testing Access to aahwwx.52host.xyz?
2020-12-04
Guy Bruneau
Detecting Actors Activity with Threat Intel
2020-11-29
Didier Stevens
Quick Tip: Using JARM With a SOCKS Proxy
2020-11-12
Daniel Wesemann
Exposed Blob Storage in Azure
2020-11-12
Daniel Wesemann
Preventing Exposed Azure Blob Storage
2020-10-01
Daniel Wesemann
Making sense of Azure AD (AAD) activity logs
2020-09-29
Xavier Mertens
Managing Remote Access for Partners & Contractors
2020-07-20
Rick Wanner
Sextortion Update: The Final Final Chapter
2020-07-19
Guy Bruneau
Scanning Activity for ZeroShell Unauthenticated Access
2020-06-16
Xavier Mertens
Sextortion to The Next Level
2020-06-13
Guy Bruneau
Mirai Botnet Activity
2020-04-17
Xavier Mertens
Weaponized RTF Document Generator & Mailer in PowerShell
2020-03-15
Guy Bruneau
VPN Access and Activity Monitoring
2020-03-12
Brad Duncan
Hancitor distributed through coronavirus-themed malspam
2019-12-31
Johannes Ullrich
Some Thoughts About the Critical Citrix ADC/Gateway Vulnerability (CVE-2019-19781)
2019-11-20
Brad Duncan
Hancitor infection with Pony, Evil Pony, Ursnif, and Cobalt Strike
2019-10-29
Xavier Mertens
Generating PCAP Files from YAML
2019-10-16
Xavier Mertens
Security Monitoring: At Network or Host Level?
2019-09-22
Didier Stevens
Video: Encrypted Sextortion PDFs
2019-09-16
Didier Stevens
Encrypted Sextortion PDFs
2019-08-05
Rick Wanner
Sextortion: Follow the Money - The Final Chapter
2019-07-26
Kevin Shortt
DVRIP Port 34567 - Uptick
2019-04-24
Rob VandenBrink
Where have all the Domain Admins gone? Rooting out Unwanted Domain Administrators
2019-03-24
Didier Stevens
Decoding QR Codes with Python
2019-03-21
Xavier Mertens
New Wave of Extortion Emails: Central Intelligence Agency Case
2019-02-25
Didier Stevens
Sextortion Email Variant: With QR Code
2019-02-24
Guy Bruneau
Packet Editor and Builder by Colasoft
2019-02-06
Brad Duncan
Hancitor malspam and infection traffic from Tuesday 2019-02-05
2019-02-01
Rick Wanner
Sextortion: Follow the Money Part 3 - The cashout begins!
2019-01-31
Xavier Mertens
Tracking Unexpected DNS Changes
2019-01-18
John Bambenek
Sextortion Bitcoin on the Move
2018-12-14
Rick Wanner
Bombstortion?? Boomstortion??
2018-12-05
Brad Duncan
Campaign evolution: Hancitor changes its Word macros
2018-11-19
Xavier Mertens
The Challenge of Managing Your Digital Library
2018-11-14
Brad Duncan
Day in the life of a researcher: Finding a wave of Trickbot malspam
2018-10-30
Brad Duncan
Campaign evolution: Hancitor malspam starts pushing Ursnif this week
2018-10-12
Xavier Mertens
More Equation Editor Exploit Waves
2018-10-10
Xavier Mertens
New Campaign Using Old Equation Editor Vulnerability
2018-08-13
Didier Stevens
New Extortion Tricks: Now Including Your (Partial) Phone Number!
2018-07-12
Johannes Ullrich
New Extortion Tricks: Now Including Your Password!
2018-07-03
Didier Stevens
Progress indication for scripts on Windows
2018-06-07
Remco Verhoef
Automated twitter loot collection
2018-03-03
Xavier Mertens
Reminder: Beware of the "Cloud"
2018-02-25
Didier Stevens
Retrieving malware over Tor on Windows
2017-10-17
Brad Duncan
Hancitor malspam uses DDE attack
2017-07-18
Bojan Zdrnja
Investigation of BitTorrent Sync (v.2.0) as a P2P Cloud Service (Part 4 ? Windows Thumbnail Cache, Registry, Prefetch Files, and Link Files artefacts)
2017-07-13
Bojan Zdrnja
Investigation of BitTorrent Sync (v.2.0) as a P2P Cloud Service (Part 3 ? Physical Memory artefacts)
2017-07-07
Renato Marinho
DDoS Extortion E-mail: Yet Another Bluff?
2017-06-17
Guy Bruneau
Mapping Use Cases to Logs. Which Logs are the Most Important to Collect?
2017-04-20
Xavier Mertens
DNS Query Length... Because Size Does Matter
2017-04-10
Didier Stevens
Password History: Insights Shared by a Reader
2017-03-15
Xavier Mertens
Retro Hunting!
2017-03-03
Lorna Hutcheson
BitTorrent or Something Else?
2017-02-10
Brad Duncan
Hancitor/Pony malspam
2017-01-10
Johannes Ullrich
Realtors Be Aware: You Are a Target
2016-12-05
Didier Stevens
Hancitor Maldoc Videos
2016-11-02
Rob VandenBrink
What Does a Pentest Look Like?
2016-08-29
Russ McRee
Recommended Reading: Intrusion Detection Using Indicators of Compromise Based on Best Practices and Windows Event Logs
2016-06-15
Richard Porter
Warp Speed Ahead, L7 Open Source Packet Generator: Warp17
2016-05-26
Xavier Mertens
Keeping an Eye on Tor Traffic
2016-05-18
Russ McRee
Resources: Windows Auditing & Monitoring, Linux 2FA
2016-04-15
Xavier Mertens
Windows Command Line Persistence?
2016-03-30
Xavier Mertens
What to watch with your FIM?
2016-03-13
Guy Bruneau
A Look at the Mandiant M-Trends 2016 Report
2016-03-07
Xavier Mertens
OSX Ransomware Spread via a Rogue BitTorrent Client Installer
2016-01-31
Guy Bruneau
Windows 10 and System Protection for DATA Default is OFF
2015-12-29
Daniel Wesemann
New Years Resolutions
2015-12-12
Russell Eubanks
What Signs Are You Missing?
2015-07-17
Didier Stevens
Autoruns and VirusTotal
2015-06-29
Rob VandenBrink
The Powershell Diaries 2 - Software Inventory
2015-06-24
Rob VandenBrink
The Powershell Diaries - Finding Problem User Accounts in AD
2015-05-10
Didier Stevens
Wireshark TCP Flags: How To Install On Windows Video
2015-04-05
Didier Stevens
Wireshark TCP Flags
2015-02-27
Rick Wanner
Tor Browser Version 4.0.4 released - https://blog.torproject.org/blog/tor-browser-404-released
2014-09-27
Guy Bruneau
What has Bash and Heartbleed Taught Us?
2014-08-22
Richard Porter
OCLHashCat 1.30 Released
2014-07-02
Johannes Ullrich
Simple Javascript Extortion Scheme Advertised via Bing
2014-05-18
Russ McRee
sed and awk will always rock
2014-04-21
Daniel Wesemann
Allow us to leave!
2014-03-17
Johannes Ullrich
Scans for FCKEditor File Manager
2014-02-28
Daniel Wesemann
Oversharing
2014-02-22
Tony Carothers
Cisco UCS Director Vulnerability and Update
2014-01-10
Basil Alawi S.Taher
Windows Autorun-3
2013-12-23
Rob VandenBrink
How-To's for the Holidays - Java Whitelisting using AD Group Policy
2013-08-30
Kevin Liston
Tor Use Uptick
2013-08-02
Johannes Ullrich
Scans for Open File Uploads into CKEditor
2013-06-21
Guy Bruneau
Sysinternals Updates for Autoruns, Strings & ZoomIt http://blogs.technet.com/b/sysinternals/archive/2013/06/20/updates-autoruns-v11-61-strings-v2-52-zoomit-v4-5.aspx
2013-05-21
Adrien de Beaupre
Moore, Oklahoma tornado charitable organization scams, malware, and phishing
2013-03-23
Guy Bruneau
Apple ID Two-step Verification Now Available in some Countries
2013-03-09
Guy Bruneau
IPv6 Focus Month: IPv6 Encapsulation - Protocol 41
2013-03-06
Adam Swanger
IPv6 Focus Month: Guest Diary: Stephen Groat - Geolocation Using IPv6 Addresses
2013-02-17
Guy Bruneau
HP ArcSight Connector Appliance and Logger Vulnerabilities
2013-01-07
Adam Swanger
Please consider participating in our 2013 ISC StormCast survey at http://www.surveymonkey.com/s/stormcast
2012-09-21
Guy Bruneau
Storing your Collection of Malware Samples with Malwarehouse
2012-09-02
Lorna Hutcheson
Demonstrating the value of your Intrusion Detection Program and Analysts
2012-08-30
Bojan Zdrnja
Analyzing outgoing network traffic (part 2)
2012-08-23
Bojan Zdrnja
Analyzing outgoing network traffic
2012-05-22
Johannes Ullrich
When factors collapse and two factor authentication becomes one.
2012-01-13
Guy Bruneau
Sysinternals Updates - http://blogs.technet.com/b/sysinternals/archive/2012/01/13/updates-autoruns-v11-21-coreinfo-v3-03-portmon-v-3-03-process-explorer-v15-12-mark-s-blog-and-mark-at-rsa-2012.aspx
2011-10-17
Rob VandenBrink
Critical Control 11: Account Monitoring and Control
2011-09-05
Bojan Zdrnja
Bitcoin – crypto currency of future or heaven for criminals?
2011-06-07
Johannes Ullrich
RSA Offers to Replace Tokens
2011-05-22
Kevin Shortt
Facebook goes two-factor
2011-02-11
Kevin Johnson
Two-Factor Auth: Can we just Google the response?
2010-12-15
Manuel Humberto Santander Pelaez
HP StorageWorks P2000 G3 MSA hardcoded user
2010-09-21
Johannes Ullrich
Implementing two Factor Authentication on the Cheap
2010-08-03
Johannes Ullrich
Solar activity may cause problems this week
2010-07-25
Rick Wanner
Updated version of Mandiant's Web Historian
2010-07-04
Manuel Humberto Santander Pelaez
Interesting analysis of the PHP SplObjectStorage Vulnerability
2010-06-18
Johannes Ullrich
Please take a second and rate the daily podcast (Stormcast): http://www.surveymonkey.com/s/stormcast
2010-04-06
Daniel Wesemann
Application Logs
2010-02-11
Deborah Hale
Critical Update for AD RMS
2009-10-02
Stephen Hall
New SysInternal fun for the weekend
2009-09-19
Rick Wanner
Sysinternals Tools Updates
2009-07-03
Adrien de Beaupre
FCKEditor advisory
2009-05-11
Mari Nichols
Sysinternals Updates 3 Applications
2009-02-25
donald smith
AutoRun disabling patch released
2009-01-15
Bojan Zdrnja
Conficker's autorun and social engineering
2008-12-25
Maarten Van Horenbeeck
Merry Christmas, and beware of digital hitchhikers!
2008-10-06
Jim Clausing
Novell eDirectory advisory
2008-07-04
Kevin Liston
Storm Botnet Celebrates Birthday With Fireworks
2008-06-07
Jim Clausing
Followup to 'How do you monitor your website?'
2008-06-02
donald smith
New Stormworm download site
2008-05-26
Marcus Sachs
Predictable Response
2008-03-31
Stephen Hall
Storming into April on Fools Day
2006-10-17
Arrigo Triulzi
Hacking Tor, the anonymity onion routing network
2006-09-10
Lenny Zeltser
Early Discussions of Computer Security in the Media
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Forums
Auditing
Diary Discussions
Forensics
General Discussions
Industry News
Network Security
Penetration Testing
Software Security
Contact Us
Contact Us
About Us
Handlers
Slack Channel
Mastodon
Twitter
The Internet Storm Center is a community for everyone, so
join the conversation