Diaries by Keyword - SANS Internet Storm Center

Handler on Duty: Didier Stevens

Threat Level: green

Date	Author	Title
HASH LENGTH EXTENSION ATTACK
2017-09-06	Adrien de Beaupre	Modern Web Application Penetration Testing , Hash Length Extension Attacks
HASH
2021-06-19/a>	Xavier Mertens	Easy Access to the NIST RDS Database
2021-04-24/a>	Guy Bruneau	Base64 Hashes Used in Web Scanning
2021-04-19/a>	Jan Kopriva	Hunting phishing websites with favicon hashes
2020-08-22/a>	Guy Bruneau	Remote Desktop (TCP/3389) and Telnet (TCP/23), What might they have in Common?
2020-05-15/a>	Rob VandenBrink	Hashes in PowerShell
2018-06-27/a>	Renato Marinho	Silently Profiling Unknown Malware Samples
2017-09-19/a>	Jim Clausing	New tool: mac-robber.py
2017-09-06/a>	Adrien de Beaupre	Modern Web Application Penetration Testing , Hash Length Extension Attacks
2016-08-22/a>	Russ McRee	Red Team Tools Updates: hashcat and SpiderFoot
2015-08-31/a>	Xavier Mertens	Detecting file changes on Microsoft systems with FCIV
2015-03-18/a>	Daniel Wesemann	Pass the hash!
2015-02-17/a>	Rob VandenBrink	oclHashcat 1.33 Released
2015-02-10/a>	Mark Baggett	Detecting Mimikatz Use On Your Network
2014-09-19/a>	Guy Bruneau	Added today in oclhashcat 131 Django [Default Auth] (PBKDF2 SHA256 Rounds Salt) Support - http://hashcat.net/hashcat/
2014-08-22/a>	Richard Porter	OCLHashCat 1.30 Released
2013-12-10/a>	Rob VandenBrink	Those Look Just Like Hashes!
2013-09-05/a>	Rob VandenBrink	Building Your Own GPU Enabled Private Cloud
2013-08-22/a>	Russ McRee	Read of the Week: A Fuzzy Future in Malware Research
2013-06-11/a>	Swa Frantzen	Store passwords the right way in your application
2012-10-04/a>	Johannes Ullrich	Cyber Security Awareness Month - Day 4: Crypto Standards
2012-04-02/a>	Johannes Ullrich	SHA 1-2-3
2011-06-28/a>	Johannes Ullrich	Hashing Passwords
2010-02-25/a>	Chris Carboni	Pass The Hash
2010-02-15/a>	Johannes Ullrich	New ISC Tool: Whitelist Hash Database
2009-10-23/a>	Johannes Ullrich	Little new tool: reversing md5/sha1 hashes http://isc.sans.org/tools/reversehash.html
LENGTH
2017-09-06/a>	Adrien de Beaupre	Modern Web Application Penetration Testing , Hash Length Extension Attacks
EXTENSION
2022-06-22/a>	Xavier Mertens	Malicious PowerShell Targeting Cryptocurrency Browser Extensions
2021-02-04/a>	Bojan Zdrnja	Abusing Google Chrome extension syncing for data exfiltration and C&C
2021-01-22/a>	Xavier Mertens	Another File Extension to Block in your MTA: .jnlp
2017-10-27/a>	Renato Marinho	"Catch-All" Google Chrome Malicious Extension Steals All Posted Data
2017-10-24/a>	Xavier Mertens	Stop relying on file extensions
2017-09-06/a>	Adrien de Beaupre	Modern Web Application Penetration Testing , Hash Length Extension Attacks
2017-08-29/a>	Renato Marinho	Second Google Chrome Extension Banker Malware in Two Weeks
2017-08-15/a>	Renato Marinho	(Banker(GoogleChromeExtension)).targeting("Brazil")
2012-02-23/a>	donald smith	DNS-Changer "clean DNS" extension requested
2011-08-14/a>	Guy Bruneau	FireCAT 2.0 Released
ATTACK
2024-01-08/a>	Jesse La Grew	What is that User Agent?
2022-08-10/a>	Johannes Ullrich	And Here They Come Again: DNS Reflection Attacks
2022-03-26/a>	Guy Bruneau	Is buying Cyber Insurance a Must Now?
2022-02-03/a>	Johannes Ullrich	Keeping Track of Your Attack Surface for Cheap
2021-02-01/a>	Rob VandenBrink	Taking a Shot at Reverse Shell Attacks, CNC Phone Home and Data Exfil from Servers
2019-08-25/a>	Guy Bruneau	Are there any Advantages of Buying Cyber Security Insurance?
2019-07-20/a>	Guy Bruneau	Re-evaluating Network Security - It is Increasingly More Complex
2017-09-06/a>	Adrien de Beaupre	Modern Web Application Penetration Testing , Hash Length Extension Attacks
2016-11-02/a>	Rob VandenBrink	What Does a Pentest Look Like?
2016-06-03/a>	Tom Liston	MySQL is YourSQL
2015-03-18/a>	Daniel Wesemann	Pass the hash!
2015-02-19/a>	Daniel Wesemann	DNS-based DDoS
2014-02-26/a>	Russ McRee	Ongoing NTP Amplification Attacks
2014-02-17/a>	Chris Mohan	NTP reflection attacks continue
2013-12-02/a>	Richard Porter	Reports of higher than normal SSH Attacks
2013-08-19/a>	Guy Bruneau	Business Risks and Cyber Attacks
2013-07-27/a>	Scott Fendley	Defending Against Web Server Denial of Service Attacks
2013-07-13/a>	Lenny Zeltser	Decoy Personas for Safeguarding Online Identity Using Deception
2012-10-05/a>	Richard Porter	Reports of a Distributed Injection Scan
2011-12-28/a>	Daniel Wesemann	Hash collisions vulnerability in web servers
2011-12-01/a>	Mark Hofman	SQL Injection Attack happening ATM
2011-09-28/a>	Richard Porter	All Along the ARP Tower!
2011-01-23/a>	Richard Porter	Crime is still Crime!
2010-12-23/a>	Mark Hofman	White house greeting cards
2010-08-16/a>	Raul Siles	DDOS: State of the Art
2010-08-15/a>	Manuel Humberto Santander Pelaez	Obfuscated SQL Injection attacks
2010-08-13/a>	Tom Liston	The Strange Case of Doctor Jekyll and Mr. ED
2010-03-15/a>	Adrien de Beaupre	Spamassassin Milter Plugin Remote Root Attack
2010-01-29/a>	Johannes Ullrich	Analyzing isc.sans.org weblogs, part 2, RFI attacks
2009-11-11/a>	Rob VandenBrink	Layer 2 Network Protections against Man in the Middle Attacks
2009-08-28/a>	Adrien de Beaupre	WPA with TKIP done
2009-06-04/a>	Raul Siles	Targeted e-mail attacks asking to verify wire transfer details
2009-04-20/a>	Jason Lam	Digital Content on TV
2009-04-02/a>	Bojan Zdrnja	JavaScript insertion and log deletion attack tools
2009-03-20/a>	donald smith	Stealthier then a MBR rootkit, more powerful then ring 0 control, it’s the soon to be developed SMM root kit.
2009-02-25/a>	Swa Frantzen	Targeted link diversion attempts
2009-01-30/a>	Mark Hofman	Request for info - Scan and webmail
2009-01-18/a>	Maarten Van Horenbeeck	Targeted social engineering
2008-12-03/a>	Andre Ludwig	New ISC Poll! Has your organization suffered a DDoS (Distributed Denial of Service) attack in the last year?
2008-07-09/a>	Johannes Ullrich	Unpatched Word Vulnerability
2008-05-26/a>	Marcus Sachs	Predictable Response
2008-03-27/a>	Maarten Van Horenbeeck	Guarding the guardians: a story of PGP key ring theft

HASH LENGTH EXTENSION ATTACK

HASH

LENGTH

EXTENSION

ATTACK