Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: Diaries by Keyword Diaries by Keyword

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Date Author Title

WAF WEBAPPSEC BOTS SPIDERS CRAWLERS HTTP APACHE

2010-01-25William Salusky"Bots and Spiders and Crawlers, be gone!" - or - "New Open Source WebAppSec tools, Huzzah!"

WAF

2010-01-25/a>William Salusky"Bots and Spiders and Crawlers, be gone!" - or - "New Open Source WebAppSec tools, Huzzah!"
2009-01-12/a>William SaluskyWeb Application Firewalls (WAF) - Have you deployed WAF technology?

WEBAPPSEC

2010-01-25/a>William Salusky"Bots and Spiders and Crawlers, be gone!" - or - "New Open Source WebAppSec tools, Huzzah!"

BOTS

2020-03-21/a>Guy BruneauHoneypot - Scanning and Targeting Devices & Services
2019-10-30/a>Xavier MertensKeep an Eye on Remote Access to Mailboxes
2019-08-08/a>Johannes Ullrich[Guest Diary] The good, the bad and the non-functional, or "how not to do an attack campaign"
2017-07-19/a>Xavier MertensBots Searching for Keys & Config Files
2016-12-31/a>Xavier MertensOngoing Scans Below the Radar
2010-11-18/a>Chris CarboniAll of your pages are belonging to us
2010-08-19/a>Daniel WesemannCasper the unfriendly ghost
2010-05-07/a>Johannes UllrichStock market "wipe out" may be due to computer error
2010-01-25/a>William Salusky"Bots and Spiders and Crawlers, be gone!" - or - "New Open Source WebAppSec tools, Huzzah!"

SPIDERS

2010-01-25/a>William Salusky"Bots and Spiders and Crawlers, be gone!" - or - "New Open Source WebAppSec tools, Huzzah!"

CRAWLERS

2010-01-25/a>William Salusky"Bots and Spiders and Crawlers, be gone!" - or - "New Open Source WebAppSec tools, Huzzah!"

HTTP

2020-08-01/a>Jan KoprivaWhat pages do bad bots look for?
2020-03-02/a>Jan KoprivaSecure vs. cleartext protocols - couple of interesting stats
2019-08-14/a>Brad DuncanRecent example of MedusaHTTP malware
2019-01-21/a>Didier StevensSuspicious GET Request: Do You Know What This Is?
2017-12-03/a>Xavier MertensStartSSL: Termination of Services is Now Scheduled
2017-08-18/a>Guy Bruneautshark 2.4 New Feature - Command Line Export Objects
2017-05-05/a>Xavier MertensHTTP Headers... the Achilles' heel of many applications
2016-07-18/a>Johannes UllrichHTTP Proxy Header Vulnerability ("httpoxy")
2016-07-05/a>Johannes UllrichApache Update: TLS Certificate Authentication Bypass with HTTP/2 (CVE-2016-4979)
2016-06-15/a>Richard PorterWarp Speed Ahead, L7 Open Source Packet Generator: Warp17
2016-01-19/a>Rob VandenBrinkPowershell and HTTPS ? It Ain?t All Rainbows And Lollipops! (or is it?)
2015-06-23/a>Kevin ShorttXOR DDOS Mitigation and Analysis
2015-04-15/a>Johannes UllrichMS15-034: HTTP.sys (IIS) DoS And Possible Remote Code Execution. PATCH NOW
2014-04-07/a>Johannes UllrichAttack or Bad Link? Your Guess?
2013-12-11/a>Johannes UllrichBrowser Fingerprinting via SSL Client Hello Messages
2013-11-15/a>Johannes UllrichThe Security Impact of HTTP Caching Headers
2013-07-16/a>Johannes UllrichWhy don't we see more examples of web app attacks via POST?
2013-02-22/a>Chris MohanPHP 5.4.12 and PHP 5.3.22 released http://www.php.net/ChangeLog-5.php
2013-02-06/a>Johannes UllrichHTTP Range Header and Partial Downloads
2012-05-29/a>Johannes UllrichSpeeding up the Web and your IDS / Firewall
2012-02-08/a>Jim ClausingChrome to stop checking Certificate Revocation List (CRL)?
2011-07-13/a>Guy BruneauNew Sguil HTTPRY Agent
2011-07-10/a>Raul SilesSecurity Testing SSL/TLS (HTTPS) Implementations
2011-06-29/a>Johannes UllrichRandom SSL Tips and Tricks
2011-03-16/a>Johannes UllrichAnalyzing HTTP Packet Captures
2011-02-15/a>Jason LamHTTP headers fun
2010-07-30/a>Guy BruneauWeb Traffic Analysis with httpry
2010-01-25/a>William Salusky"Bots and Spiders and Crawlers, be gone!" - or - "New Open Source WebAppSec tools, Huzzah!"

APACHE

2018-06-06/a>Xavier MertensConverting PCAP Web Traffic to Apache Log
2016-07-05/a>Johannes UllrichApache Update: TLS Certificate Authentication Bypass with HTTP/2 (CVE-2016-4979)
2015-10-12/a>Guy BruneauCritical Vulnerability in Multiple Cisco Products - Apache Struts 2 Command Execution http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2
2014-07-28/a>Johannes UllrichInteresting HTTP User Agent "chroot-apach0day"
2014-03-17/a>Jim ClausingNew Apache web server release
2014-03-13/a>Daniel WesemannWeb server logs containing RS=^ ?
2013-11-27/a>Rob VandenBrinkApache 2.4.7 is released 11/25. Download: http://httpd.apache.org/download.cgi#apache24 and Readme: http://apache.mirror.iweb.ca//httpd/CHANGES_2.4.7
2013-04-30/a>Russ McReeApache binary backdoor adds malicious redirect to Blackhole
2012-02-22/a>Johannes UllrichApache 2.4 Features
2011-10-06/a>Rob VandenBrinkApache HTTP Server mod_proxy reverse proxy issue
2011-08-30/a>Johannes UllrichApache patch out for "byte range" DoS vulnerability http://www.apache.org/dist/httpd/Announcement2.2.html
2011-08-25/a>Kevin ShorttRevival of an Unpatched Apache HTTPD DoS
2010-04-13/a>Johannes UllrichApache.org Bugtracker Breach
2010-03-07/a>Mari NicholsApache releases version 2.2.15 with 5 security fixes including OpenSSL issue.
2010-01-25/a>William Salusky"Bots and Spiders and Crawlers, be gone!" - or - "New Open Source WebAppSec tools, Huzzah!"
2009-10-14/a>Johannes UllrichOdd Apache/MSIE issue with downloads from ISC
2009-08-28/a>Adrien de Beaupreapache.org compromised
2009-06-23/a>Bojan ZdrnjaSlowloris and Iranian DDoS attacks
2009-06-21/a>Bojan ZdrnjaApache HTTP DoS tool mitigation
2009-06-18/a>Bojan ZdrnjaApache HTTP DoS tool released
2009-04-07/a>Johannes UllrichCommon Apache Misconception
2009-01-12/a>William SaluskyWeb Application Firewalls (WAF) - Have you deployed WAF technology?
2008-10-09/a>Bojan ZdrnjaWatch that .htaccess file on your web site