Internet Storm Center
Sign In
Sign Up
Watch ISC TV. Great for NOCs, SOCs and Living Rooms:
https://isctv.sans.edu
Handler on Duty:
Guy Bruneau
Threat Level:
green
Date
Author
Title
COMMAND AND CONTROL CHANNEL
2016-07-26
Johannes Ullrich
Command and Control Channels Using "AAAA" DNS Records
COMMAND
2021-02-13/a>
Guy Bruneau
vSphere Replication updates address a command injection vulnerability (CVE-2021-21976) - https://www.vmware.com/security/advisories/VMSA-2021-0001.html
2021-02-05/a>
Xavier Mertens
VBA Macro Trying to Alter the Application Menus
2020-02-14/a>
Xavier Mertens
Keep an Eye on Command-Line Browsers
2019-07-16/a>
Russ McRee
Commando VM: The Complete Mandiant Offensive VM
2018-07-30/a>
Xavier Mertens
Exploiting the Power of Curl
2018-05-02/a>
Russ McRee
Windows Commands Reference - An InfoSec Must Have
2016-07-26/a>
Johannes Ullrich
Command and Control Channels Using "AAAA" DNS Records
2016-04-15/a>
Xavier Mertens
Windows Command Line Persistence?
2015-10-12/a>
Guy Bruneau
Critical Vulnerability in Multiple Cisco Products - Apache Struts 2 Command Execution http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2
2013-02-17/a>
Guy Bruneau
HP ArcSight Connector Appliance and Logger Vulnerabilities
2010-02-06/a>
Guy Bruneau
LANDesk Management Gateway Vulnerability
2010-01-27/a>
Raul Siles
Command Line Kung Fu
AND
2022-09-26/a>
Xavier Mertens
Easy Python Sandbox Detection
2022-08-22/a>
Xavier Mertens
32 or 64 bits Malware?
2022-06-03/a>
Xavier Mertens
Sandbox Evasion... With Just a Filename!
2021-12-06/a>
Xavier Mertens
The Importance of Out-of-Band Networks
2021-04-02/a>
Xavier Mertens
C2 Activity: Sandboxes or Real Victims?
2021-02-13/a>
Guy Bruneau
vSphere Replication updates address a command injection vulnerability (CVE-2021-21976) - https://www.vmware.com/security/advisories/VMSA-2021-0001.html
2021-02-05/a>
Xavier Mertens
VBA Macro Trying to Alter the Application Menus
2020-09-16/a>
Johannes Ullrich
Do Vulnerabilities Ever Get Old? Recent "Mirai" Variant Scanning for 20 Year Old Amanda Version?
2020-09-03/a>
Xavier Mertens
Sandbox Evasion Using NTP
2020-04-16/a>
Johannes Ullrich
Using AppLocker to Prevent Living off the Land Attacks
2020-02-14/a>
Xavier Mertens
Keep an Eye on Command-Line Browsers
2020-02-07/a>
Xavier Mertens
Sandbox Detection Tricks & Nice Obfuscation in a Single VBScript
2019-07-16/a>
Russ McRee
Commando VM: The Complete Mandiant Offensive VM
2019-01-10/a>
Brad Duncan
Heartbreaking Emails: "Love You" Malspam
2018-08-01/a>
Johannes Ullrich
When Cameras and Routers attack Phones. Spike in CVE-2014-8361 Exploits Against Port 52869
2018-07-30/a>
Xavier Mertens
Exploiting the Power of Curl
2018-07-24/a>
Brad Duncan
Recent Emotet activity
2018-05-02/a>
Russ McRee
Windows Commands Reference - An InfoSec Must Have
2017-01-06/a>
John Bambenek
Great Misadventures of Security Vendors: Absurd Sandboxing Edition
2017-01-05/a>
John Bambenek
New Year's Resolution: Build Your Own Malware Lab?
2016-12-10/a>
Didier Stevens
Sleeping VBS Really Wants To Sleep
2016-07-26/a>
Johannes Ullrich
Command and Control Channels Using "AAAA" DNS Records
2016-06-22/a>
Bojan Zdrnja
Security through obscurity never works
2016-05-02/a>
Rick Wanner
Fake Chrome update for Android
2016-04-15/a>
Xavier Mertens
Windows Command Line Persistence?
2015-12-16/a>
Xavier Mertens
Playing With Sandboxes Like a Boss
2015-12-05/a>
Guy Bruneau
Are you looking to setup your own Malware Sandbox?
2015-12-04/a>
Tom Webb
Automating Phishing Analysis using BRO
2015-10-12/a>
Guy Bruneau
Critical Vulnerability in Multiple Cisco Products - Apache Struts 2 Command Execution http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2
2015-07-28/a>
Rick Wanner
Android Stagefright multimedia viewer prone to remote exploitation
2015-04-27/a>
Richard Porter
When Prevention Fails, Incident Response Begins
2014-09-12/a>
Chris Mohan
Are credential dumps worth reviewing?
2014-08-12/a>
Adrien de Beaupre
Host discovery with nmap
2014-08-04/a>
Russ McRee
Threats & Indicators: A Security Intelligence Lifecycle
2014-05-01/a>
Johannes Ullrich
Microsoft Announces Special Patch for IE 0-day (Win XP included!)
2014-04-26/a>
Guy Bruneau
Android Users - Beware of Bitcoin Mining Malware
2014-04-05/a>
Jim Clausing
Those strange e-mails with URLs in them can lead to Android malware
2014-04-01/a>
Basil Alawi S.Taher
Upgrading Your Android, Elevating My Malware
2014-03-11/a>
Basil Alawi S.Taher
Introduction to Memory Analysis with Mandiant Redline
2014-02-10/a>
Rob VandenBrink
Isn't it About Time to Get Moving on Chip and PIN?
2014-02-07/a>
Rob VandenBrink
New ISO Standards on Vulnerability Handling and Disclosure
2014-01-23/a>
Chris Mohan
Learning from the breaches that happens to others Part 2
2013-12-05/a>
Mark Hofman
Updated Standards Part 1 - ISO 27001
2013-09-23/a>
Rob VandenBrink
How do you spell "PSK"?
2013-02-22/a>
Chris Mohan
PHP 5.4.12 and PHP 5.3.22 released http://www.php.net/ChangeLog-5.php
2013-02-17/a>
Guy Bruneau
HP ArcSight Connector Appliance and Logger Vulnerabilities
2013-01-30/a>
Richard Porter
Getting Involved with the Local Community
2013-01-14/a>
Richard Porter
January 2013 Microsoft Out of Cycle Patch
2013-01-08/a>
Jim Clausing
Cuckoo 0.5 is out and the world didn't end
2012-12-13/a>
Johannes Ullrich
What if Tomorrow Was the Day?
2012-10-24/a>
Russ McRee
Cyber Security Awareness Month - Day 24 - A Standard for Information Security Incident Management - ISO 27035
2012-10-23/a>
Rob VandenBrink
Cyber Security Awareness Month - Day 23: Character Encoding Standards - ASCII and Successors
2012-10-17/a>
Rob VandenBrink
Cyber Security Awareness Month - Day 17 - A Standard for Risk Management - ISO 27005
2012-10-12/a>
Mark Hofman
Cyber Security Awareness Month - Day 12 PCI DSS
2012-10-11/a>
Rob VandenBrink
Cyber Security Awareness Month - Day 11 - Vendor Agnostic Standards (Center for Internet Security)
2012-10-09/a>
Johannes Ullrich
Cyber Security Awreness Month - Day 9 - Request for Comment (RFC)
2012-05-18/a>
Johannes Ullrich
ZTE Score M Android Phone backdoor
2012-04-23/a>
Russ McRee
Emergency Operations Centers & Security Incident Management: A Correlation
2012-03-03/a>
Jim Clausing
New automated sandbox for Android malware
2011-11-03/a>
Richard Porter
An Apple, Inc. Sandbox to play in.
2011-11-01/a>
Russ McRee
Honeynet Project: Android Reverse Engineering (A.R.E.) Virtual Machine released
2011-10-29/a>
Richard Porter
The Sub Critical Control? Evidence Collection
2011-09-15/a>
Johannes Ullrich
SSH Vandals?
2011-09-07/a>
Lenny Zeltser
Analyzing Mobile Device Malware - Honeynet Forensic Challenge 9 and Some Tools
2011-05-18/a>
Bojan Zdrnja
Android, HTTP and authentication tokens
2011-03-22/a>
Chris Mohan
Read only USB stick trick
2011-03-03/a>
Manuel Humberto Santander Pelaez
Rogue apps inside Android Marketplace
2011-01-08/a>
Guy Bruneau
PandaLabs 2010 Annual Report
2010-12-31/a>
Bojan Zdrnja
Android malware enters 2011
2010-11-19/a>
Jason Lam
Adobe Reader X - Sandbox
2010-10-19/a>
Rob VandenBrink
Cyber Security Awareness Month - Day 19 - VPN and Remote Access Tools
2010-08-04/a>
Tom Liston
Incident Reporting - Liston's "How-To" Guide
2010-07-25/a>
Rick Wanner
Updated version of Mandiant's Web Historian
2010-07-21/a>
Adrien de Beaupre
Adobe Reader Protected Mode
2010-02-07/a>
Rick Wanner
Mandiant Mtrends Report
2010-02-06/a>
Guy Bruneau
LANDesk Management Gateway Vulnerability
2010-01-27/a>
Raul Siles
Command Line Kung Fu
2010-01-21/a>
Chris Carboni
* Microsoft Out Of Band Patch Release
2010-01-11/a>
Johannes Ullrich
Fake Android Application
2009-07-24/a>
Rick Wanner
Microsoft Out of Band Patch
2009-06-11/a>
Rick Wanner
WHO Declares Flu A(H1N1) a Pandemic
2009-05-19/a>
Rick Wanner
New Version of Mandiant Highlighter
2009-05-01/a>
Adrien de Beaupre
Incident Management
2009-04-26/a>
Johannes Ullrich
Pandemic Preparation - Swine Flu
2009-04-16/a>
Adrien de Beaupre
Incident Response vs. Incident Handling
2009-04-07/a>
Johannes Ullrich
Common Apache Misconception
2009-02-05/a>
Rick Wanner
Mandiant Memoryze review, Hilighter, other Mandiant tools!
2008-11-25/a>
Andre Ludwig
Tmobile G1 handsets having DNS problems?
2008-10-29/a>
Deborah Hale
Day 29 - Should I Switch Software Vendors?
2008-10-23/a>
Mark Hofman
Microsoft out-of-band patch - Severity Critical
2008-09-09/a>
Swa Frantzen
wordpress upgrade
2008-08-09/a>
Deborah Hale
Cleveland Outage
CONTROL
2022-05-03/a>
Rob VandenBrink
Finding the Real "Last Patched" Day (Interim Version)
2021-07-08/a>
Xavier Mertens
Using Sudo with Python For More Security Controls
2021-05-12/a>
Jan Kopriva
Number of industrial control systems on the internet is lower then in 2020...but still far from zero
2019-10-19/a>
Russell Eubanks
What Assumptions Are You Making?
2019-07-25/a>
Rob VandenBrink
When Users Attack! Users (and Admins) Thwarting Security Controls
2019-07-18/a>
Rob VandenBrink
The Other Side of Critical Control 1: 802.1x Wired Network Access Controls
2017-07-24/a>
Russell Eubanks
Trends Over Time
2017-06-10/a>
Russell Eubanks
An Occasional Look in the Rear View Mirror
2016-11-23/a>
Tom Webb
Mapping Attack Methodology to Controls
2016-10-08/a>
Russell Eubanks
Unauthorized Change Detected!
2016-07-26/a>
Johannes Ullrich
Command and Control Channels Using "AAAA" DNS Records
2015-12-21/a>
Daniel Wesemann
Critical Security Controls: Getting to know the unknown
2015-11-04/a>
Richard Porter
Application Aware and Critical Control 2
2015-05-29/a>
Russell Eubanks
Trust But Verify
2014-10-13/a>
Lorna Hutcheson
For or Against: Port Security for Network Access Control
2014-08-17/a>
Rick Wanner
Part 2: Is your home network unwittingly contributing to NTP DDOS attacks?
2014-07-28/a>
Guy Bruneau
Management and Control of Mobile Device Security
2014-06-11/a>
Daniel Wesemann
Help your pilot fly!
2014-02-10/a>
Rob VandenBrink
A Tale of Two Admins (and no Change Control)
2013-09-02/a>
Guy Bruneau
Multiple Cisco Security Notice
2013-03-13/a>
Mark Baggett
Wipe the drive! Stealthy Malware Persistence Mechanism - Part 1
2012-12-31/a>
Manuel Humberto Santander Pelaez
How to determine which NAC solutions fits best to your needs
2012-11-23/a>
Rob VandenBrink
What's in Your Change Control Form?
2011-11-03/a>
Richard Porter
An Apple, Inc. Sandbox to play in.
2011-10-29/a>
Richard Porter
The Sub Critical Control? Evidence Collection
2011-10-28/a>
Daniel Wesemann
Critical Control 20: Security Skills Assessment and Training to fill Gaps
2011-10-27/a>
Mark Baggett
Critical Control 18: Incident Response Capabilities
2011-10-26/a>
Rick Wanner
Critical Control 17:Penetration Tests and Red Team Exercises
2011-10-17/a>
Rob VandenBrink
Critical Control 11: Account Monitoring and Control
2010-08-22/a>
Rick Wanner
Failure of controls...Spanair crash caused by a Trojan
2010-08-19/a>
Rob VandenBrink
Change is Good. Change is Bad. Change is Life.
2010-08-05/a>
Rob VandenBrink
Access Controls for Network Infrastructure
2010-06-14/a>
Manuel Humberto Santander Pelaez
Python on a microcontroller?
2010-06-07/a>
Manuel Humberto Santander Pelaez
Software Restriction Policy to keep malware away
2009-10-22/a>
Adrien de Beaupre
Cyber Security Awareness Month - Day 22 port 502 TCP - Modbus
CHANNEL
2016-07-26/a>
Johannes Ullrich
Command and Control Channels Using "AAAA" DNS Records
2013-08-21/a>
Rob VandenBrink
Fibre Channel Reconnaissance - Reloaded
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Forums
Auditing
Diary Discussions
Forensics
General Discussions
Industry News
Network Security
Penetration Testing
Software Security
Contact Us
Contact Us
About Us
Handlers
Slack Channel
Mastodon
Twitter
Keep yourself informed with our
aggregate InfoSec news