Diaries by Keyword - SANS Internet Storm Center

Handler on Duty: Didier Stevens

Threat Level: green

Date	Author	Title
WAF WEBAPPSEC BOTS SPIDERS CRAWLERS HTTP APACHE
2010-01-25	William Salusky	"Bots and Spiders and Crawlers, be gone!" - or - "New Open Source WebAppSec tools, Huzzah!"
WAF
2022-08-01/a>	Johannes Ullrich	A Little DDoS In the Morning
2010-01-25/a>	William Salusky	"Bots and Spiders and Crawlers, be gone!" - or - "New Open Source WebAppSec tools, Huzzah!"
2009-01-12/a>	William Salusky	Web Application Firewalls (WAF) - Have you deployed WAF technology?
WEBAPPSEC
2010-01-25/a>	William Salusky	"Bots and Spiders and Crawlers, be gone!" - or - "New Open Source WebAppSec tools, Huzzah!"
BOTS
2020-03-21/a>	Guy Bruneau	Honeypot - Scanning and Targeting Devices & Services
2019-10-30/a>	Xavier Mertens	Keep an Eye on Remote Access to Mailboxes
2019-08-08/a>	Johannes Ullrich	[Guest Diary] The good, the bad and the non-functional, or "how not to do an attack campaign"
2017-07-19/a>	Xavier Mertens	Bots Searching for Keys & Config Files
2016-12-31/a>	Xavier Mertens	Ongoing Scans Below the Radar
2010-11-18/a>	Chris Carboni	All of your pages are belonging to us
2010-08-19/a>	Daniel Wesemann	Casper the unfriendly ghost
2010-05-07/a>	Johannes Ullrich	Stock market "wipe out" may be due to computer error
2010-01-25/a>	William Salusky	"Bots and Spiders and Crawlers, be gone!" - or - "New Open Source WebAppSec tools, Huzzah!"
SPIDERS
2010-01-25/a>	William Salusky	"Bots and Spiders and Crawlers, be gone!" - or - "New Open Source WebAppSec tools, Huzzah!"
CRAWLERS
2010-01-25/a>	William Salusky	"Bots and Spiders and Crawlers, be gone!" - or - "New Open Source WebAppSec tools, Huzzah!"
HTTP
2023-11-07/a>	Johannes Ullrich	What's Normal: New uses of DNS, Discovery of Designated Resolvers (DDR)
2023-08-01/a>	Johannes Ullrich	Summary of DNS over HTTPS requests against our honeypots.
2023-03-31/a>	Jan Kopriva	Use of X-Frame-Options and CSP frame-ancestors security headers on 1 million most popular domains
2023-03-15/a>	Jan Kopriva	IPFS phishing and the need for correctly set HTTP security headers
2022-11-14/a>	Jesse La Grew	Extracting 'HTTP CONNECT' Requests with Python
2022-08-26/a>	Guy Bruneau	HTTP/2 Packet Analysis with Wireshark
2022-08-01/a>	Johannes Ullrich	A Little DDoS In the Morning
2022-07-19/a>	Johannes Ullrich	Requests For beacon.http-get. Help Us Figure Out What They Are Looking For
2022-01-12/a>	Johannes Ullrich	A Quick CVE-2022-21907 FAQ
2021-10-11/a>	Johannes Ullrich	Things that go "Bump" in the Night: Non HTTP Requests Hitting Web Servers
2021-09-28/a>	Jan Kopriva	TLS 1.3 and SSL - the current state of affairs
2021-04-19/a>	Jan Kopriva	Hunting phishing websites with favicon hashes
2021-04-16/a>	Xavier Mertens	HTTPS Support for All Internal Services
2021-03-30/a>	Jan Kopriva	Old TLS versions - gone, but not forgotten... well, not really "gone" either
2021-01-25/a>	Rob VandenBrink	Fun with NMAP NSE Scripts and DOH (DNS over HTTPS)
2021-01-15/a>	Guy Bruneau	Obfuscated DNS Queries
2020-12-30/a>	Jan Kopriva	TLS 1.3 is now supported by about 1 in every 5 HTTPS servers
2020-08-01/a>	Jan Kopriva	What pages do bad bots look for?
2020-03-02/a>	Jan Kopriva	Secure vs. cleartext protocols - couple of interesting stats
2019-08-14/a>	Brad Duncan	Recent example of MedusaHTTP malware
2019-01-21/a>	Didier Stevens	Suspicious GET Request: Do You Know What This Is?
2017-12-03/a>	Xavier Mertens	StartSSL: Termination of Services is Now Scheduled
2017-08-18/a>	Guy Bruneau	tshark 2.4 New Feature - Command Line Export Objects
2017-05-05/a>	Xavier Mertens	HTTP Headers... the Achilles' heel of many applications
2016-07-18/a>	Johannes Ullrich	HTTP Proxy Header Vulnerability ("httpoxy")
2016-07-05/a>	Johannes Ullrich	Apache Update: TLS Certificate Authentication Bypass with HTTP/2 (CVE-2016-4979)
2016-06-15/a>	Richard Porter	Warp Speed Ahead, L7 Open Source Packet Generator: Warp17
2016-01-19/a>	Rob VandenBrink	Powershell and HTTPS ? It Ain?t All Rainbows And Lollipops! (or is it?)
2015-06-23/a>	Kevin Shortt	XOR DDOS Mitigation and Analysis
2015-04-15/a>	Johannes Ullrich	MS15-034: HTTP.sys (IIS) DoS And Possible Remote Code Execution. PATCH NOW
2014-04-07/a>	Johannes Ullrich	Attack or Bad Link? Your Guess?
2013-12-11/a>	Johannes Ullrich	Browser Fingerprinting via SSL Client Hello Messages
2013-11-15/a>	Johannes Ullrich	The Security Impact of HTTP Caching Headers
2013-07-16/a>	Johannes Ullrich	Why don't we see more examples of web app attacks via POST?
2013-02-22/a>	Chris Mohan	PHP 5.4.12 and PHP 5.3.22 released http://www.php.net/ChangeLog-5.php
2013-02-06/a>	Johannes Ullrich	HTTP Range Header and Partial Downloads
2012-05-29/a>	Johannes Ullrich	Speeding up the Web and your IDS / Firewall
2012-02-08/a>	Jim Clausing	Chrome to stop checking Certificate Revocation List (CRL)?
2011-07-13/a>	Guy Bruneau	New Sguil HTTPRY Agent
2011-07-10/a>	Raul Siles	Security Testing SSL/TLS (HTTPS) Implementations
2011-06-29/a>	Johannes Ullrich	Random SSL Tips and Tricks
2011-03-16/a>	Johannes Ullrich	Analyzing HTTP Packet Captures
2011-02-15/a>	Jason Lam	HTTP headers fun
2010-07-30/a>	Guy Bruneau	Web Traffic Analysis with httpry
2010-01-25/a>	William Salusky	"Bots and Spiders and Crawlers, be gone!" - or - "New Open Source WebAppSec tools, Huzzah!"
APACHE
2024-03-29/a>	Xavier Mertens	Quick Forensics Analysis of Apache logs
2023-12-20/a>	Guy Bruneau	How to Protect your Webserver from Directory Enumeration Attack ? Apache2 [Guest Diary]
2023-05-30/a>	Johannes Ullrich	Your Business Data and Machine Learning at Risk: Attacks Against Apache NiFi
2023-05-03/a>	Xavier Mertens	Increased Number of Configuration File Scans
2022-09-01/a>	Johannes Ullrich	Jolokia Scans: Possible Hunt for Vulnerable Apache Geode Servers (CVE-2022-37021)
2021-10-16/a>	Guy Bruneau	Apache is Actively Scan for CVE-2021-41773 & CVE-2021-42013
2021-10-06/a>	Johannes Ullrich	Apache 2.4.49 Directory Traversal Vulnerability (CVE-2021-41773)
2021-08-24/a>	Johannes Ullrich	Attackers Hunting For Twilio Credentials
2018-06-06/a>	Xavier Mertens	Converting PCAP Web Traffic to Apache Log
2016-07-05/a>	Johannes Ullrich	Apache Update: TLS Certificate Authentication Bypass with HTTP/2 (CVE-2016-4979)
2015-10-12/a>	Guy Bruneau	Critical Vulnerability in Multiple Cisco Products - Apache Struts 2 Command Execution http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2
2014-07-28/a>	Johannes Ullrich	Interesting HTTP User Agent "chroot-apach0day"
2014-03-17/a>	Jim Clausing	New Apache web server release
2014-03-13/a>	Daniel Wesemann	Web server logs containing RS=^ ?
2013-11-27/a>	Rob VandenBrink	Apache 2.4.7 is released 11/25. Download: http://httpd.apache.org/download.cgi#apache24 and Readme: http://apache.mirror.iweb.ca//httpd/CHANGES_2.4.7
2013-04-30/a>	Russ McRee	Apache binary backdoor adds malicious redirect to Blackhole
2012-02-22/a>	Johannes Ullrich	Apache 2.4 Features
2011-10-06/a>	Rob VandenBrink	Apache HTTP Server mod_proxy reverse proxy issue
2011-08-30/a>	Johannes Ullrich	Apache patch out for "byte range" DoS vulnerability http://www.apache.org/dist/httpd/Announcement2.2.html
2011-08-25/a>	Kevin Shortt	Revival of an Unpatched Apache HTTPD DoS
2010-04-13/a>	Johannes Ullrich	Apache.org Bugtracker Breach
2010-03-07/a>	Mari Nichols	Apache releases version 2.2.15 with 5 security fixes including OpenSSL issue.
2010-01-25/a>	William Salusky	"Bots and Spiders and Crawlers, be gone!" - or - "New Open Source WebAppSec tools, Huzzah!"
2009-10-14/a>	Johannes Ullrich	Odd Apache/MSIE issue with downloads from ISC
2009-08-28/a>	Adrien de Beaupre	apache.org compromised
2009-06-23/a>	Bojan Zdrnja	Slowloris and Iranian DDoS attacks
2009-06-21/a>	Bojan Zdrnja	Apache HTTP DoS tool mitigation
2009-06-18/a>	Bojan Zdrnja	Apache HTTP DoS tool released
2009-04-07/a>	Johannes Ullrich	Common Apache Misconception
2009-01-12/a>	William Salusky	Web Application Firewalls (WAF) - Have you deployed WAF technology?
2008-10-09/a>	Bojan Zdrnja	Watch that .htaccess file on your web site

WAF WEBAPPSEC BOTS SPIDERS CRAWLERS HTTP APACHE

WAF

WEBAPPSEC

BOTS

SPIDERS

CRAWLERS

HTTP

APACHE