Diaries by Keyword - SANS Internet Storm Center

Date	Author	Title
2022-04-13	Jan Kopriva	How is Ukrainian internet holding up during the Russian invasion?
2022-01-05	Xavier Mertens	Code Reuse In the Malware Landscape
2021-11-19	Xavier Mertens	Downloader Disguised as Excel Add-In (XLL)
2021-07-31	Guy Bruneau	Unsolicited DNS Queries
2021-05-10	Johannes Ullrich	Correctly Validating IP Addresses: Why encoding matters for input validation.
2021-04-23	Xavier Mertens	Malicious PowerPoint Add-On: "Small Is Beautiful"
2021-02-21	Didier Stevens	DDE and oledump
2021-02-19	Xavier Mertens	Dynamic Data Exchange (DDE) is Back in the Wild?
2020-09-18	Xavier Mertens	A Mix of Python & VBA in a Malicious Word Document
2020-09-01	Johannes Ullrich	Exposed Windows Domain Controllers Used in CLDAP DDoS Attacks
2020-08-07	Brad Duncan	TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-05-23	Xavier Mertens	AgentTesla Delivered via a Malicious PowerPoint Add-In
2019-12-05	Jan Kopriva	E-mail from Agent Tesla
2019-09-26	Rob VandenBrink	Mining MAC Address and OUI Information
2019-08-14	Brad Duncan	Recent example of MedusaHTTP malware
2018-09-28	Xavier Mertens	More Excel DDE Code Injection
2018-07-07	Didier Stevens	dd progress indicator on Linux
2018-07-07	Didier Stevens	dd progress indicator on OSX
2018-04-25	Johannes Ullrich	Yet Another Drupal RCE Vulnerability
2017-10-20	Rick Wanner	One year Anniversary of Dyn DDOS
2017-10-17	Brad Duncan	Hancitor malspam uses DDE attack
2017-07-07	Renato Marinho	DDoS Extortion E-mail: Yet Another Bluff?
2016-12-29	Rick Wanner	More on Protocol 47 denys
2016-12-19	John Bambenek	UPDATED x1: Mirai Scanning for Port 6789 Looking for New Victims / Now hitting tcp/23231
2016-12-09	Rick Wanner	Mirai - now with DGA
2016-05-29	Guy Bruneau	Analysis of a Distributed Denial of Service (DDoS)
2016-02-07	Rick Wanner	DDOS is down, but still a concern for ISPs
2015-06-23	Kevin Shortt	XOR DDOS Mitigation and Analysis
2015-04-06	Guy Bruneau	'Dead Drops' Hidden USB Sticks Around the World
2015-02-27	Rick Wanner	DDOS are way down? Why?
2015-02-19	Daniel Wesemann	DNS-based DDoS
2014-08-31	Rick Wanner	1900/UDP (SSDP) Scanning and DDOS
2014-08-17	Rick Wanner	Part 1: Is your home network unwittingly contributing to NTP DDOS attacks?
2014-08-17	Rick Wanner	Part 2: Is your home network unwittingly contributing to NTP DDOS attacks?
2014-06-24	Kevin Shortt	NTP DDoS Counts Have Dropped
2014-06-02	Rick Wanner	Using nmap to scan for DDOS reflectors
2014-04-30	Russ McRee	UltraDNS DDOS
2014-03-14	Richard Porter	Word Press Shenanigans? Anyone seeing strange activity today?
2014-03-12	Johannes Ullrich	Wordpress "Pingback" DDoS Attacks
2014-02-17	Chris Mohan	NTP reflection attacks continue
2014-01-17	Russ McRee	Massive RFI scans likely a free web app vuln scanner rather than bots
2013-11-22	Rick Wanner	Port 0 DDOS
2013-09-09	Johannes Ullrich	SSL is broken. So what?
2013-06-05	Richard Porter	BIND 9 Update fixing CVE-2013-3919
2013-04-21	John Bambenek	A Chargen-based DDoS? Chargen is still a thing?
2013-03-28	John Bambenek	Where Were You During the Great DDoS Cybergeddon of 2013?
2013-03-18	Kevin Shortt	Spamhaus DDOS
2013-03-04	Johannes Ullrich	IPv6 Focus Month: Addresses
2013-02-25	Rob VandenBrink	Silent Traitors - Embedded Devices in your Datacenter
2013-01-05	Guy Bruneau	D-link Wireless-G Router Year Issue (Y2K-plus-13)
2012-09-20	Russ McRee	Financial sector advisory: attacks and threats against financial institutions
2012-03-30	Daniel Wesemann	Tomorrow, the world will end
2012-01-22	Johannes Ullrich	Javascript DDoS Tool Analysis
2011-06-09	Richard Porter	One Browser to Rule them All?
2011-06-01	Johannes Ullrich	Enabling Privacy Enhanced Addresses for IPv6
2011-05-20	Guy Bruneau	Distributed Denial of Service Cheat Sheet
2011-04-25	Rob VandenBrink	What's Your (IP) Address Worth?
2011-04-05	Mark Hofman	Sony DDOS
2011-04-05	Mark Hofman	DNS.be DDOS
2011-03-07	Bojan Zdrnja	Oracle padding attacks (Codegate crypto 400 writeup)
2011-03-04	Mark Hofman	DDOS, the new black?
2011-02-12	Kevin Liston	DDoS Analysis Process
2011-01-29	Mark Hofman	Sourceforge attack
2010-12-21	Rob VandenBrink	Network Reliability, Part 2 - HSRP Attacks and Defenses
2010-12-09	Mark Hofman	Having a look at the DDOS tool used in the attacks today
2010-12-08	Rob VandenBrink	Interesting DDOS activity around Wikileaks
2010-09-14	Adrien de Beaupre	BlackEnergy DDoS
2010-08-16	Raul Siles	DDOS: State of the Art
2010-08-07	Stephen Hall	DnsMadeEasy under a "quite large and unique" ddos.
2010-07-24	Manuel Humberto Santander Pelaez	Transmiting logon information unsecured in the network
2010-06-21	Adrien de Beaupre	GoDaddy Scam/Phish/Spam
2010-02-02	Johannes Ullrich	Pushdo Update
2010-01-19	Jim Clausing	49Gbps DDoS, IPv4 exhaustion, and DNSSEC, oh my!
2010-01-06	Johannes Ullrich	Denial of Service Attack Aftermath (and what did Iran have to do with it?)
2009-11-11	Rob VandenBrink	Layer 2 Network Protections against Man in the Middle Attacks
2009-09-09	Mark Hofman	Possible DDOS on gov.au sites starting tonight?
2009-08-18	Daniel Wesemann	Forensics: Mounting partitions from full-disk 'dd' images
2009-07-09	John Bambenek	Latest Updates on Ongoing DDoS on Governmental/Commercial Websites in USA and S. Korea
2009-07-08	Marcus Sachs	RFI: DDoS Against Government and Civilian Web Sites
2009-06-23	Bojan Zdrnja	Slowloris and Iranian DDoS attacks
2009-05-30	John Bambenek	Embedded Devices: An Avenue for Cyberterrorism?
2009-04-07	Johannes Ullrich	Common Apache Misconception
2009-03-08	Marcus Sachs	Behind the Estonia Cyber Attacks
2009-01-31	Swa Frantzen	DNS DDoS - let's use a long term solution
2009-01-28	Robert Danford	Embedded device security assessment
2008-12-03	Andre Ludwig	New ISC Poll! Has your organization suffered a DDoS (Distributed Denial of Service) attack in the last year?
2008-10-12	Mari Nichols	Day 12 Containment: Gathering Evidence That Can be Used in Court
2008-10-08	Johannes Ullrich	Domaincontrol (GoDaddy) Nameservers DNS Poisoning
2008-07-20	Kevin Liston	Denial of Service Attack Against Georgia-- Are You Participating?
2008-04-10	Deborah Hale	DSLReports Being Attacked Again
2006-10-05	John Bambenek	There are no more Passive Exploits