Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: Diaries by Keyword - SANS Internet Storm Center Diaries by Keyword


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Date Author Title

WINDOWS XP SP3

2013-10-30Russ McReeSIR v15: Five good reasons to leave Windows XP behind
2008-04-16William StearnsWindows XP Service Pack 3 - unofficial schedule: Apr 21-28

WINDOWS

2019-05-22/a>Johannes UllrichAn Update on the Microsoft Windows RDP "Bluekeep" Vulnerability (CVE-2019-0708) [now with pcaps]
2019-03-05/a>Rob VandenBrinkPowershell, Active Directory and the Windows Host Firewall
2019-01-14/a>Rob VandenBrinkStill Running Windows 7? Time to think about that upgrade project!
2018-12-19/a>Xavier MertensRestricting PowerShell Capabilities with NetSh
2018-12-19/a>Xavier MertensMicrosoft OOB Patch for Internet Explorer: Scripting Engine Memory Corruption Vulnerability
2018-06-05/a>Xavier MertensMalicious Post-Exploitation Batch File
2018-05-07/a>Xavier MertensAdding Persistence Via Scheduled Tasks
2018-05-02/a>Russ McReeWindows Commands Reference - An InfoSec Must Have
2018-02-17/a>Xavier MertensMalware Delivered via Windows Installer Files
2017-11-15/a>Xavier MertensIf you want something done right, do it yourself!
2017-11-11/a>Xavier MertensKeep An Eye on your Root Certificates
2017-01-18/a>Rob VandenBrinkMaking Windows 10 a bit less "Creepy" - Common Privacy Settings
2017-01-12/a>Mark BaggettSystem Resource Utilization Monitor
2016-11-18/a>Didier StevensVBA Shellcode and Windows 10
2016-08-29/a>Russ McReeRecommended Reading: Intrusion Detection Using Indicators of Compromise Based on Best Practices and Windows Event Logs
2016-08-02/a>Tom WebbWindows 10 Anniversary Update Available
2016-07-12/a>Xavier MertensHunting for Malicious Files with MISP + OSSEC
2016-05-22/a>Pasquale StirparoThe strange case of WinZip MRU Registry key
2016-05-18/a>Russ McReeResources: Windows Auditing & Monitoring, Linux 2FA
2016-04-15/a>Xavier MertensWindows Command Line Persistence?
2016-03-30/a>Xavier MertensWhat to watch with your FIM?
2016-02-18/a>Xavier MertensHunting for Executable Code in Windows Environments
2016-01-31/a>Guy BruneauWindows 10 and System Protection for DATA Default is OFF
2015-12-09/a>Xavier MertensEnforcing USB Storage Policy with PowerShell
2015-08-12/a>Rob VandenBrinkWindows Service Accounts - Why They're Evil and Why Pentesters Love them!
2014-08-15/a>Tom WebbAppLocker Event Logs with OSSEC 2.8
2014-07-05/a>Guy BruneauJava Support ends for Windows XP
2014-04-06/a>Basil Alawi S.Taher"Power Worm" PowerShell based Malware
2014-04-04/a>Rob VandenBrinkWindows 8.1 Released
2014-03-24/a>Johannes UllrichNew Microsoft Advisory: Unpatched Word Flaw used in Targeted Attacks
2014-03-04/a>Daniel WesemannXPired!
2014-01-10/a>Basil Alawi S.TaherWindows Autorun-3
2014-01-04/a>Tom WebbMonitoring Windows Networks Using Syslog (Part One)
2013-10-30/a>Russ McReeSIR v15: Five good reasons to leave Windows XP behind
2013-03-19/a>Johannes UllrichWindows 7 SP1 and Windows Server 2008 R2 SP1 Being "pushed" today
2013-02-28/a>Daniel WesemannParsing Windows Eventlogs in Powershell
2012-10-24/a>Rob VandenBrinkTime to run Windows Update - - Microsoft Updates KB2755801 for Windows RT / IE10 / Flash Player - http://technet.microsoft.com/en-us/security/advisory/2755801
2012-07-19/a>Mark BaggettDiagnosing Malware with Resource Monitor
2012-06-25/a>Guy BruneauIssues with Windows Update Agent
2012-05-08/a>Bojan ZdrnjaWindows Firewall Bypass Vulnerability and NetBIOS NS
2012-05-06/a>Jim ClausingTool updates and Win 8
2012-04-10/a>Swa FrantzenWindows Vista RIP
2011-12-21/a>Johannes UllrichNew Vulnerability in Windows 7 64 bit
2011-07-09/a>Chris MohanSafer Windows Incident Response
2011-06-30/a>Rob VandenBrinkUpdate for RSA Authentication Manager
2011-06-01/a>Johannes UllrichEnabling Privacy Enhanced Addresses for IPv6
2011-03-27/a>Guy BruneauStrange Shockwave File with Surprising Attachments
2011-03-15/a>Lenny ZeltserLimiting Exploit Capabilities by Using Windows Integrity Levels
2011-02-24/a>Johannes UllrichWindows 7 / 2008 R2 Service Pack 1 Problems
2011-02-23/a>Johannes UllrichWindows 7 Service Pack 1 out
2011-02-16/a>Jason LamWindows 0-day SMB mrxsmb.dll vulnerability
2011-02-10/a>Chris MohanBefriending Windows Security Log Events
2011-01-24/a>Rob VandenBrinkWhere have all the COM Ports Gone? - How enumerating COM ports led to me finding a “misplaced” Microsoft tool
2011-01-04/a>Johannes UllrichMicrosoft Advisory: Vulnerability in Graphics Rendering Engine
2010-11-24/a>Bojan ZdrnjaPrivilege escalation 0-day in almost all Windows versions
2010-08-02/a>Manuel Humberto Santander PelaezSecuring Windows Internet Kiosk
2010-06-15/a>Manuel Humberto Santander PelaezMicrosoft Windows Help and Support Center vulnerability (CVE 2010-1885) exploit in the wild
2010-02-11/a>Deborah HaleThe Mysterious Blue Screen
2009-11-14/a>Adrien de BeaupreMicrosoft advisory for Windows 7 / Windows Server 2008 R2 Remote SMB DoS Exploit released
2009-11-12/a>Rob VandenBrinkWindows 7 / Windows Server 2008 Remote SMB Exploit
2009-10-24/a>Marcus SachsWindows 7 - How is it doing?
2009-09-08/a>Guy BruneauVista/2008/Windows 7 SMB2 BSOD 0Day
2009-08-26/a>Johannes UllrichWSUS 3.0 SP2 released
2009-07-16/a>Guy BruneauChanges in Windows Security Center
2009-07-02/a>Daniel WesemannTime to update updating on PCs for 3rd party apps
2009-04-16/a>Adrien de BeaupreStrange Windows Event Log entry
2009-01-31/a>Swa FrantzenWindows 7 - not so secure ?
2008-08-15/a>Jim ClausingOMFW 2008 reflections
2008-06-12/a>Bojan ZdrnjaSafari on Windows - not looking good
2008-05-17/a>Lorna HutchesonXP SP3 Issues
2008-05-06/a>John BambenekWindows XP Service Pack 3 Released
2008-05-01/a>Adrien de BeaupreWindows XP SteadyState
2008-04-29/a>Bojan ZdrnjaWindows Service Pack blocker tool
2008-04-16/a>William StearnsWindows XP Service Pack 3 - unofficial schedule: Apr 21-28
2007-01-03/a>Toby KohlenbergVLC Media Player udp URL handler Format String Vulnerability

XP

2019-04-27/a>Didier StevensQuick Tip for Dissecting CVE-2017-11882 Exploits
2019-04-22/a>Didier Stevens.rar Files and ACE Exploit CVE-2018-20250
2019-02-02/a>Guy BruneauScanning for WebDAV PROPFIND Exploiting CVE-2017-7269
2018-12-23/a>Guy BruneauScanning Activity, end Goal is to add Hosts to Mirai Botnet
2018-12-19/a>Xavier MertensMicrosoft OOB Patch for Internet Explorer: Scripting Engine Memory Corruption Vulnerability
2018-11-23/a>Didier StevensVideo: Dissecting a CVE-2017-11882 Exploit
2018-09-24/a>Didier StevensAnalyzing Encoded Shellcode with scdbg
2018-07-04/a>Didier StevensXPS Metadata
2018-07-03/a>Didier StevensProgress indication for scripts on Windows
2018-07-01/a>Didier StevensVideo: Analyzing XPS Files
2018-06-30/a>Didier StevensXPS samples
2018-06-26/a>Didier StevensAnalyzing XPS files
2018-06-22/a>Lorna HutchesonXPS Attachment Used for Phishing
2018-06-05/a>Xavier MertensMalicious Post-Exploitation Batch File
2018-05-20/a>Didier StevensDASAN GPON home routers exploits in-the-wild
2018-05-03/a>Renato MarinhoWebLogic Exploited in the Wild (Again)
2017-09-30/a>Lorna HutchesonWho's Borrowing your Resources?
2017-09-25/a>Renato MarinhoXPCTRA Malware Steals Banking and Digital Wallet User's Credentials
2017-09-10/a>Didier StevensAnalyzing JPEG files
2017-08-18/a>Guy Bruneautshark 2.4 New Feature - Command Line Export Objects
2017-02-25/a>Guy BruneauUnpatched Microsoft Edge and IE Bug
2017-01-07/a>Xavier MertensUsing Security Tools to Compromize a Network
2016-12-11/a>Russ McReeSteganography in Action: Image Steganography & StegExpose
2016-04-21/a>Daniel WesemannDecoding Pseudo-Darkleech (#1)
2016-03-13/a>Guy BruneauA Look at the Mandiant M-Trends 2016 Report
2015-08-18/a>Russ McReeMicrosoft Security Bulletin MS15-093 - Critical OOB - Internet Explorer RCE
2015-07-27/a>Daniel WesemannAngler's best friends
2015-07-17/a>Didier StevensProcess Explorer and VirusTotal
2015-06-27/a>Guy BruneauIs Windows XP still around in your Network a year after Support Ended?
2015-03-10/a>Brad DuncanThreatglass has pcap files with exploit kit activity
2015-02-04/a>Alex StanfordExploit Kit Evolution - Neutrino
2014-08-16/a>Lenny ZeltserWeb Server Attack Investigation - Installing a Bot and Reverse Shell via a PHP Vulnerability
2014-07-22/a>Daniel WesemannIvan's Order of Magnitude
2014-07-05/a>Guy BruneauJava Support ends for Windows XP
2014-03-04/a>Daniel WesemannXPired!
2014-02-28/a>Daniel WesemannFiesta!
2014-02-13/a>Johannes UllrichLinksys Worm ("TheMoon") Captured
2014-02-12/a>Johannes UllrichSuspected Mass Exploit Against Linksys E1000 / E1200 Routers
2014-02-09/a>Basil Alawi S.TaherMandiant Highlighter 2
2014-02-07/a>Rob VandenBrinkHello Virustotal? It's Microsoft Calling.
2014-01-04/a>Tom WebbMonitoring Windows Networks Using Syslog (Part One)
2013-11-28/a>Rob VandenBrinkMicrosoft Security Advisory (2914486): Vulnerability in Microsoft Windows Kernel 0 day exploit in wild
2013-10-30/a>Russ McReeSIR v15: Five good reasons to leave Windows XP behind
2013-10-01/a>John Bambenek*Metaspoit Releases Module to Exploit Unpatched IE Vuln CVE-2013-3893
2013-09-20/a>Russ McReeThreat Level Yellow: Protection recommendations regarding Internet Explorer exploits in the wild
2013-09-17/a>John BambenekMicrosoft Releases Out-of-Band Advisory for all Versions of Internet Explorer
2013-08-02/a>Johannes UllrichFake American Express Alerts
2013-07-21/a>Guy BruneauWhy use Regular Expressions?
2013-05-22/a>Adrien de BeauprePrivilege escalation, why should I care?
2013-05-09/a>Johannes UllrichMicrosoft released a Fix-it for the Internet Explorer 8 Vulnerability http://support.microsoft.com/kb/2847140
2013-04-17/a>John BambenekUPDATEDx1: Boston-Related Malware Campaigns Have Begun - Now with Waco Plant Explosion Fun
2013-02-21/a>Pedro BuenoNBC site redirecting to Exploit kit
2013-02-17/a>Guy BruneauAdobe Acrobat and Reader Security Update Planned this Week
2013-02-13/a>Swa FrantzenMore adobe reader and acrobat (PDF) trouble
2013-02-06/a>Adam SwangerSysinternals in particular Process Explorer update https://blogs.technet.com/b/sysinternals/?Redirected=true
2013-01-05/a>Guy BruneauAdobe ColdFusion Security Advisory
2013-01-04/a>Guy Bruneau"FixIt" Patch for CVE-2012-4792 Bypassed
2013-01-02/a>Russ McReeEMET 3.5: The Value of Looking Through an Attacker's Eyes
2013-01-01/a>Johannes UllrichFixIt Available for Internet Explorer Vulnerability
2012-12-10/a>Johannes UllrichYour CPA License has not been revoked
2012-12-02/a>Guy BruneauZero Day MySQL Buffer Overflow
2012-08-05/a>Daniel WesemannPhishing for Payroll with unpatched Java
2012-07-19/a>Mark BaggettA Heap of Overflows?
2012-06-18/a>Guy BruneauCVE-2012-1875 exploit is now available
2012-05-05/a>Tony CarothersVulnerability Exploit for Snow Leopard
2012-04-26/a>Richard PorterPacketstorm Security and Metasploit have Exploit code for MS12-027
2012-03-11/a>Johannes UllrichAn Analysis of Jester's QR Code Attack. (Guest Diary)
2012-01-13/a>Guy BruneauSysinternals Updates - http://blogs.technet.com/b/sysinternals/archive/2012/01/13/updates-autoruns-v11-21-coreinfo-v3-03-portmon-v-3-03-process-explorer-v15-12-mark-s-blog-and-mark-at-rsa-2012.aspx
2011-12-19/a>Guy BruneauProcess Explorer Update 15.11 with bugfixes - http://technet.microsoft.com/en-us/sysinternals/bb896653
2011-12-08/a>Adrien de BeaupreNewest Adobe Flash 11.1.102.55 and Previous 0 Day Exploit
2011-12-06/a>Pedro BuenoThe RedRet connection...
2011-11-22/a>Pedro BuenoUpdates on ZeroAccess and BlackHole front...
2011-10-13/a>Johannes UllrichCritical OS X Vulnerability Patched
2011-05-06/a>Richard PorterUpdated Exploit Index for Microsoft
2011-03-29/a>Daniel WesemannMalware emails with fake cellphone invoice
2011-03-15/a>Lenny ZeltserLimiting Exploit Capabilities by Using Windows Integrity Levels
2011-03-09/a>Kevin ShorttAVG Anti-Virus 2011 False Positives - Luhe.Exploit.PDF.B
2011-02-21/a>Adrien de BeaupreWinamp forums compromised
2011-02-16/a>Jason LamWindows 0-day SMB mrxsmb.dll vulnerability
2011-01-27/a>Robert DanfordMicrosoft Security Advisory for MHTML via Internet Explorer (MS2501696/CVE-2011-0096)
2011-01-05/a>Johannes UllrichCurrently Unpatched Windows / Internet Explorer Vulnerabilities
2010-12-27/a>Johannes UllrichVarious sites "Owned and Exposed"
2010-12-13/a>Deborah HaleThe Week to Top All Weeks
2010-12-02/a>Kevin JohnsonProFTPD distribution servers compromised
2010-11-01/a>Manuel Humberto Santander PelaezCVE-2010-3654 exploit in the wild
2010-09-26/a>Daniel WesemannPDF analysis paper
2010-09-14/a>Adrien de BeaupreAdobe Flash v10.1.82.76 and earlier vulnerability in-the-wild
2010-09-13/a>Manuel Humberto Santander Pelaez Enhanced Mitigation Experience Toolkit can block Adobe 0-day exploit
2010-09-13/a>Manuel Humberto Santander PelaezAdobe SING table parsing exploit (CVE-2010-2883) in the wild
2010-09-02/a>Daniel WesemannSDF, please!
2010-08-22/a>Manuel Humberto Santander PelaezAnatomy of a PDF exploit
2010-08-15/a>Manuel Humberto Santander PelaezOpensolaris project cancelled, replaced by Solaris 11 express
2010-06-15/a>Manuel Humberto Santander PelaezMicrosoft Windows Help and Support Center vulnerability (CVE 2010-1885) exploit in the wild
2010-06-15/a>Manuel Humberto Santander PelaeziPhone 4 Order Security Breach Exposes Private Information
2010-06-06/a>Manuel Humberto Santander PelaezNice OS X exploit tutorial
2010-05-23/a>Manuel Humberto Santander PelaezOracle Java SE and Java for Business 'MixerSequencer' Remote Code Execution Vulnerability
2010-04-10/a>Andre LudwigNew bug/exploit for javaws
2010-03-10/a>Rob VandenBrinkMicrosoft re-release of KB973811 - attacks on Extended Protection for Authentication
2010-03-01/a>Mark HofmanMicrosoft will drop support for Vista (without any Service Packs) on April 13 and support for XP SP2 ends July 13. (i.e. no more security updates). If you are still running these, it it time to update.
2010-02-08/a>Adrien de BeaupreWhen is a 0day not a 0day? Fake OpenSSh exploit, again.
2010-02-03/a>Johannes UllrichInformation Disclosure Vulnerability in Internet Explorer
2010-01-24/a>Pedro BuenoOutdated client applications
2010-01-19/a>Johannes UllrichUnpatched Microsoft Windows (all versions) Privilege Escalation Vulnerability Released
2010-01-14/a>Bojan Zdrnja0-day vulnerability in Internet Explorer 6, 7 and 8
2010-01-12/a>Adrien de BeauprePoC for CVE-2009-0689 MacOS X 10.5/10.6 vulnerability
2009-12-05/a>Guy BruneauJava JRE Buffer and Integer Overflow
2009-11-25/a>Jim ClausingTool updates
2009-11-24/a>Rick WannerMicrosoft Security Advisory 977981 - IE 6 and IE 7
2009-11-16/a>G. N. WhiteReports of a successful exploit of the SSL Renegotiation Vulnerability?
2009-11-14/a>Adrien de BeaupreMicrosoft advisory for Windows 7 / Windows Server 2008 R2 Remote SMB DoS Exploit released
2009-11-12/a>Rob VandenBrinkWindows 7 / Windows Server 2008 Remote SMB Exploit
2009-10-21/a>Pedro BuenoWordPress Hardening
2009-09-16/a>Bojan ZdrnjaSMB2 remote exploit released
2009-08-31/a>Pedro BuenoMicrosoft IIS 5/6 FTP 0Day released
2009-08-18/a>Bojan ZdrnjaMS09-039 exploit in the wild?
2009-07-16/a>Bojan ZdrnjaOWC exploits used in SQL injection attacks
2009-07-15/a>Bojan ZdrnjaMake sure you update that Java
2009-07-13/a>Adrien de Beaupre* Infocon raised to yellow for Excel Web Components ActiveX vulnerability
2009-07-10/a>Guy BruneauWordPress Fixes Multiple vulnerabilities
2009-07-09/a>Bojan ZdrnjaOpenSSH 0day FUD
2009-06-12/a>Adrien de BeaupreGreen Dam
2009-06-08/a>Chris CarboniKloxo (formerly Lxadmin) Vulnerability Exploited
2009-05-06/a>Tom ListonFollow The Bouncing Malware: Gone With the WINS
2009-04-24/a>Pedro BuenoDid you check your conference goodies?
2009-04-14/a>Swa FrantzenVMware exploits - just how bad is it ?
2009-03-19/a>Mark HofmanBrowsers Tumble at CanSecWest
2009-03-18/a>Adrien de BeaupreAdobe Security Bulletin Adobe Reader and Acrobat
2009-02-25/a>Andre LudwigAdobe Acrobat pdf 0-day exploit, No JavaScript needed!
2009-02-25/a>Andre LudwigPreview/Iphone/Linux pdf issues
2008-12-17/a>donald smithInternet Explorer 960714 is released
2008-12-10/a>Bojan Zdrnja0-day exploit for Internet Explorer in the wild
2008-08-26/a>John BambenekActive attacks using stolen SSH keys (UPDATED)
2008-05-17/a>Lorna HutchesonXP SP3 Issues
2008-05-07/a>Jim ClausingMore on automated exploit generation
2008-05-06/a>John BambenekWindows XP Service Pack 3 Released
2008-05-05/a>John BambenekDefenses Against Automated Patch-Based Exploit Generation
2008-05-01/a>Adrien de BeaupreWindows XP SteadyState
2008-04-29/a>Bojan ZdrnjaWindows Service Pack blocker tool
2008-04-24/a>Maarten Van HorenbeeckTargeted attacks using malicious PDF files
2008-04-22/a>donald smithXP SP3 RC2 Available
2008-04-18/a>John BambenekThe Patch Window is Gone: Automated Patch-Based Exploit Generation
2008-04-16/a>William StearnsWindows XP Service Pack 3 - unofficial schedule: Apr 21-28
2008-04-10/a>Deborah HaleSymantec Threatcon Level 2
2006-11-20/a>Joel EslerMS06-070 Remote Exploit

SP3

2013-10-30/a>Russ McReeSIR v15: Five good reasons to leave Windows XP behind
2008-05-17/a>Lorna HutchesonXP SP3 Issues
2008-05-06/a>John BambenekWindows XP Service Pack 3 Released
2008-04-29/a>Bojan ZdrnjaWindows Service Pack blocker tool
2008-04-22/a>donald smithXP SP3 RC2 Available
2008-04-16/a>William StearnsWindows XP Service Pack 3 - unofficial schedule: Apr 21-28