Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Diaries by Keyword Diaries by Keyword

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Date Author Title

UN PEACKEEEPING

2021-08-04Yee Ching TokPivoting and Hunting for Shenanigans from a Reported Phishing Domain

UN

2021-08-04/a>Yee Ching TokPivoting and Hunting for Shenanigans from a Reported Phishing Domain
2021-05-18/a>Xavier MertensFrom RunDLL32 to JavaScript then PowerShell
2021-03-17/a>Xavier MertensDefenders, Know Your Operating System Like Attackers Do!
2021-03-05/a>Xavier MertensSpam Farm Spotted in the Wild
2021-01-21/a>Xavier MertensPowershell Dropping a REvil Ransomware
2021-01-19/a>Russ McReeGordon for fast cyber reputation checks
2020-08-24/a>Xavier MertensTracking A Malware Campaign Through VT
2020-07-23/a>Xavier MertensSimple Blocklisting with MISP & pfSense
2020-06-25/a>Johannes UllrichTech Tuesday Recap / Recordings: Part 2 (Installing the Honeypot) release.
2020-03-13/a>Rob VandenBrinkNot all Ethernet NICs are Created Equal - Trying to Capture Invalid Ethernet Frames
2020-01-25/a>Guy BruneauIs Threat Hunting the new Fad?
2020-01-21/a>Russ McReeDeepBlueCLI: Powershell Threat Hunting
2019-10-10/a>Rob VandenBrinkMining Live Networks for OUI Data Oddness
2019-07-17/a>Xavier MertensAnalyzis of DNS TXT Records
2019-05-06/a>Didier StevensText and Text
2019-05-01/a>Xavier MertensAnother Day, Another Suspicious UDF File
2019-04-26/a>Rob VandenBrinkPillaging Passwords from Service Accounts
2019-04-25/a>Rob VandenBrinkService Accounts Redux - Collecting Service Accounts with PowerShell
2019-03-27/a>Xavier MertensRunning your Own Passive DNS Service
2019-02-19/a>Didier StevensIdentifying Files: Failure Happens
2019-01-27/a>Russell EubanksResolve to Be More Involved In Your Local Community - REVISITED
2018-11-20/a>Xavier MertensQuerying DShield from Cortex
2018-11-07/a>Bojan ZdrnjaTunneling scanners (or really anything) over SSH
2018-10-17/a>Russ McReeRedHunt Linux - Adversary Emulation, Threat Hunting & Intelligence
2018-09-20/a>Xavier MertensHunting for Suspicious Processes with OSSEC
2018-08-10/a>Remco VerhoefHunting SSL/TLS clients using JA3
2018-06-21/a>Xavier MertensAre Your Hunting Rules Still Working?
2018-04-27/a>Tom WebbMore Threat Hunting with User Agent and Drupal Exploits
2018-03-05/a>Xavier MertensMalicious Bash Script with Multiple Features
2017-12-02/a>Xavier MertensUsing Bad Material for the Good
2017-11-23/a>Xavier MertensProactive Malicious Domain Search
2017-10-18/a>Renato MarinhoBaselining Servers to Detect Outliers
2017-09-02/a>Xavier MertensAutoIT based malware back in the wild
2017-07-09/a>Russ McReeAdversary hunting with SOF-ELK
2017-05-08/a>Renato MarinhoExploring a P2P Transient Botnet - From Discovery to Enumeration
2017-04-16/a>Johannes UllrichTool to Detect Active Phishing Attacks Using Unicode Look-Alike Domains
2017-03-15/a>Xavier MertensRetro Hunting!
2017-01-28/a>Guy BruneauRequest for Packets and Logs - TCP 5358
2016-11-24/a>Didier StevensExtracting Shellcode From JavaScript
2016-07-12/a>Xavier MertensHunting for Malicious Files with MISP + OSSEC
2016-05-26/a>Xavier MertensKeeping an Eye on Tor Traffic
2016-03-30/a>Xavier MertensWhat to watch with your FIM?
2016-02-26/a>Xavier MertensQuick Audit of *NIX Systems
2015-12-22/a>Rick WannerThe other Juniper vulnerability - CVE-2015-7756
2015-12-10/a>Rob VandenBrinkUninstalling Problem Applications using Powershell
2015-11-09/a>John BambenekICYMI: Widespread Unserialize Vulnerability in Java
2015-08-16/a>Guy BruneauAre you a "Hunter"?
2015-08-12/a>Rob VandenBrinkWindows Service Accounts - Why They're Evil and Why Pentesters Love them!
2015-07-17/a>Didier StevensAutoruns and VirusTotal
2015-05-23/a>Guy BruneauBusiness Value in "Big Data"
2015-04-29/a>Daniel WesemannUDP/3478 to Amazon 54.84.9.242 -- got packets? (solved)
2015-02-10/a>Mark BaggettDetecting Mimikatz Use On Your Network
2015-01-23/a>Adrien de BeaupreInfocon change to yellow for Adobe Flash issues
2014-11-24/a>Richard PorterSomeone is using this? PoS: Compressor
2014-10-14/a>Johannes UllrichUpdates for Firefox and Thunderbird. http://www.mozilla.org/firefox/new/
2014-04-29/a>Russ McReeFirefox 29.0 & Thunderbird 24.5 released: http://www.mozilla.org/security/known-vulnerabilities/
2014-04-28/a>Russ McReeUbuntu 14.04 lockscreen bypass
2014-04-21/a>Daniel WesemannAllow us to leave!
2014-03-22/a>Guy BruneauHow the Compromise of a User Account Lead to a Spam Incident
2014-02-18/a>Johannes UllrichMore Details About "TheMoon" Linksys Worm
2014-01-22/a>Chris MohaniTunes 11.1.4 is now available - addressing numerous CVEs
2014-01-10/a>Basil Alawi S.TaherWindows Autorun-3
2014-01-01/a>Russ McReeSix degrees of celebration: Juniper, ANT, Shodan, Maltego, Cisco, and Tails
2013-11-02/a>Rick WannerProtecting Your Family's Computers
2013-11-01/a>Russ McReeSecunia's PSI Country Report - Q3 2013
2013-09-18/a>Rob VandenBrinkiTunes 11.1 released, fixes CVE-2013-1035 remote code execution vulnerability. (Look for specifics at http://support.apple.com/kb/HT1222 sometime soon)
2013-09-07/a>Guy BruneauMicrosoft September Patch Pre-Announcement
2013-07-21/a>Guy BruneauUbuntu Forums Security Breach
2013-07-12/a>Johannes UllrichMicrosoft Teredo Server "Sunset"
2013-06-21/a>Guy BruneauSysinternals Updates for Autoruns, Strings & ZoomIt http://blogs.technet.com/b/sysinternals/archive/2013/06/20/updates-autoruns-v11-61-strings-v2-52-zoomit-v4-5.aspx
2013-06-20/a>Guy BruneauHP iLO3/iLO4 Remote Unauthorized Access with Single-Sign-On
2013-05-20/a>Johannes UllrichUbuntu Package available to submit firewall logs to DShield
2013-05-14/a>Swa FrantzenFirefox & Thunderbird released
2013-04-03/a>Mark HofmanFirefox 20 and Thunderbird 17.0.5 updates
2013-03-28/a>John BambenekWhere Were You During the Great DDoS Cybergeddon of 2013?
2013-02-25/a>Johannes UllrichPunkspider enumerates web application vulnerabilities
2013-02-20/a>Johannes UllrichUpdate Palooza
2013-01-30/a>Richard PorterGetting Involved with the Local Community
2013-01-10/a>Rob VandenBrinkWhat Else runs Telnets? Or, Pentesters Love Video Conferencing Units Too!
2013-01-09/a>Rob VandenBrinkFirefox and Thunderbird Updates
2012-12-10/a>Johannes UllrichYour CPA License has not been revoked
2012-10-30/a>Richard PorterSplunk 5.0 SP-CAAAHB4 http://www.splunk.com/view/SP-CAAAHB4
2012-10-11/a>Rob VandenBrinkFirefox 16 / Thunderbird 16 updates
2012-07-25/a>Johannes UllrichApple OS X 10.8 (Mountain Lion) released
2012-06-29/a>Bojan ZdrnjaDShield for Splunk
2012-06-12/a>Scott FendleyApple iTunes Security Update
2012-06-06/a>Jim ClausingFirefox, Thunderbird, and Seamonkey Security Updates
2012-03-07/a>Guy BruneauReflected XSS in Splunk Web Affecting Version 4.0 to 4.3
2012-01-13/a>Guy BruneauSysinternals Updates - http://blogs.technet.com/b/sysinternals/archive/2012/01/13/updates-autoruns-v11-21-coreinfo-v3-03-portmon-v-3-03-process-explorer-v15-12-mark-s-blog-and-mark-at-rsa-2012.aspx
2011-12-29/a>Richard PorterASP.Net Vulnerability
2011-11-08/a>Swa FrantzenFirefox 8.0 released
2011-11-07/a>Rob VandenBrinkJuniper BGP issues causing locallized Internet Problems
2011-10-17/a>Rob VandenBrinkCritical Control 11: Account Monitoring and Control
2011-10-11/a>Swa FrantzenApple iTunes 10.5
2011-10-01/a>Mark HofmanHot on the heels fo FF, Thunderbird v 7.0.1 and SeaMonkey v 2.4.1 have been updated.
2011-09-27/a>donald smithNew feature in JUNOS to drop or ignore path attributes.
2011-08-31/a>Johannes UllrichFirefox/Thunderbird 6.0.1 released to blocklist bad DigiNotar SSL certificates
2011-08-15/a>Mark HofmanHow to find unwanted files on workstations
2011-06-28/a>Johannes UllrichUpdate: Thunderbird 5.0 released. https://www.mozilla.org/en-US/thunderbird/
2011-06-21/a>Guy BruneauFirefox 5.0 is out with support Do Not Track on Multiple Platform - http://www.mozilla.com/en-US/firefox/new/
2011-04-29/a>Guy BruneauFirefox, Thunderbird and SeaMonkey Security Updates
2011-03-12/a>Chris MohanApple releases iTunes 10.2.1 - http://support.apple.com/kb/DL1103
2011-03-05/a>Mark HofmanNot surprisingly Thunderbird was also updated. Details here --> http://www.mozillamessaging.com/en-US/thunderbird/3.1.9/releasenotes/
2011-03-02/a>Chris MohaniTunes 10.2 now out
2011-02-25/a>Johannes UllrichThunderbolt Security Speculations
2011-02-21/a>Adrien de BeaupreKaspersky update servers unreachable
2011-01-15/a>Jim ClausingWhat's up with port 8881?
2010-11-25/a>Bojan ZdrnjaSecunia's DNS/domain hijacked?
2010-11-17/a>Guy BruneauCisco Unified Videoconferencing Affected by Multiple Vulnerabilities
2010-11-12/a>Guy BruneauScripting with Unix Date
2010-11-01/a>Manuel Humberto Santander PelaezCheckpoint UTM-1 edge VPN boxes worldwide did an unscheduled reboot
2010-10-20/a>Jim ClausingThunderbird 3.1.4 and 3.0.9 released, includes security patches ( http://www.mozillamessaging.com/thunderbird/3.1.5/releasenotes/ )
2010-10-19/a>Rob VandenBrinkCyber Security Awareness Month - Day 19 - Remote User VPN Tunnels - to Split or not to Split?
2010-08-03/a>Johannes UllrichSolar activity may cause problems this week
2010-07-24/a>Manuel Humberto Santander PelaezTransmiting logon information unsecured in the network
2010-07-20/a>Manuel Humberto Santander PelaeziTunes buffer overflow vulnerability
2010-07-14/a>Deborah HaleSecunia Half Year Report for 2010 shows interesting trends
2010-07-08/a>Kyle HaugsnessUbuntu privilege escalation via PAM
2010-07-06/a>Rob VandenBrinkBogus Support Organizations use Live Operators to Install Malware
2010-07-05/a>Manuel Humberto Santander PelaezApple ITunes account security compromised
2010-06-18/a>Adrien de BeaupreThunderbird 3.05 released
2010-06-13/a>Rick WannerUnRealCD compromised by Trojan
2010-05-19/a>Jason LamEFF paper about browser tracking
2010-04-09/a>Mark HofmanAdobe launch issue response/work around.
2010-04-02/a>Guy BruneauApple QuickTime and iTunes Security Update
2010-03-27/a>Guy BruneauCreate a Summary of IP Addresses from PCAP Files using Unix Tools
2010-01-27/a>Raul SilesEuropean Union Security Challenge (Campus Party 2010)
2009-12-19/a>Deborah HaleEducationing Our Communities
2009-10-02/a>Stephen HallNew SysInternal fun for the weekend
2009-09-08/a>Guy BruneauBug Fixes in Sun SDK 5 and Java SE 6
2009-08-21/a>Rick WannerTime to update...New Thunderbird version!
2009-07-09/a>John BambenekLatest Updates on Ongoing DDoS on Governmental/Commercial Websites in USA and S. Korea
2009-06-23/a>Bojan ZdrnjaNew Thunderbird out, patches couple of vulnerabilities
2009-06-16/a>John BambenekIran Internet Blackout: Using Twitter for Operational Intelligence
2009-06-10/a>Swa FrantzenJava 6 update 14 released
2009-05-11/a>Mari NicholsSysinternals Updates 3 Applications
2009-04-10/a>Stephen HallHosted javascript leading to .cn PDF malware
2009-03-20/a>Stephen HallMaking the most of your runbooks
2009-03-13/a>Mark HofmanUbuntu users, today is a good day to patch
2009-02-25/a>donald smithAutoRun disabling patch released
2009-01-15/a>Bojan ZdrnjaConficker's autorun and social engineering
2009-01-12/a>William SaluskyDownadup / Conficker - MS08-067 exploit and Windows domain account lockout
2008-12-31/a>David GoldsmithThunderbird 2.0.0.19 Released
2008-12-25/a>Maarten Van HorenbeeckMerry Christmas, and beware of digital hitchhikers!
2008-12-01/a>Jason LamCall for volunteers - Web Honeypot Project
2008-11-29/a>Pedro BuenoUbuntu users: Time to update!
2008-11-05/a>donald smithBot net hunters get an improved tool from SRI bothunters
2008-10-01/a>Rick WannerHandler Mailbag
2008-09-26/a>Patrick NolanFirefox v2.0.0.17 and Thunderbird v2.0.0.17 release fixes vulnerabilities
2008-09-09/a>Swa FrantzenApple updates iTunes+QuickTime
2008-07-24/a>Bojan ZdrnjaMozilla releases Thunderbrid 2.0.0.16, fixes security vulnerabilities
2008-07-11/a>Jim ClausingHandling the load
2008-07-07/a>Jason LamWe need academic volunteers - Web security research
2008-05-23/a>Mike PoorCisco IOS Rootkit thoughts
2008-05-09/a>Joel EslerThunderbird 2.0.0.14 is out!
2008-04-08/a>Swa FrantzenSymantec's Global Internet Security Threat Report

PEACKEEEPING

2021-08-04/a>Yee Ching TokPivoting and Hunting for Shenanigans from a Reported Phishing Domain