Internet Storm Center
Sign In
Sign Up
Participate: Learn more about our honeypot network
https://isc.sans.edu/tools/honeypot/
Handler on Duty:
Didier Stevens
Threat Level:
green
Date
Author
Title
INTRUSION DETECTION
2016-08-29
Russ McRee
Recommended Reading: Intrusion Detection Using Indicators of Compromise Based on Best Practices and Windows Event Logs
2013-12-16
Tom Webb
The case of Minerd
2013-08-19
Johannes Ullrich
Running Snort on ESXi using the Distributed Switch
2012-09-02
Lorna Hutcheson
Demonstrating the value of your Intrusion Detection Program and Analysts
INTRUSION
2016-08-29/a>
Russ McRee
Recommended Reading: Intrusion Detection Using Indicators of Compromise Based on Best Practices and Windows Event Logs
2013-12-16/a>
Tom Webb
The case of Minerd
2013-08-19/a>
Johannes Ullrich
Running Snort on ESXi using the Distributed Switch
2012-09-02/a>
Lorna Hutcheson
Demonstrating the value of your Intrusion Detection Program and Analysts
2010-02-22/a>
Rob VandenBrink
New Risks in Penetration Testing
DETECTION
2023-02-04/a>
Guy Bruneau
Assemblyline as a Malware Analysis Sandbox
2023-01-21/a>
Guy Bruneau
DShield Sensor JSON Log to Elasticsearch
2023-01-08/a>
Guy Bruneau
DShield Sensor JSON Log Analysis
2022-12-21/a>
Guy Bruneau
DShield Sensor Setup in Azure
2022-09-26/a>
Xavier Mertens
Easy Python Sandbox Detection
2021-12-28/a>
Russ McRee
LotL Classifier tests for shells, exfil, and miners
2021-04-02/a>
Xavier Mertens
C2 Activity: Sandboxes or Real Victims?
2020-11-20/a>
Xavier Mertens
Malicious Python Code and LittleSnitch Detection
2017-12-14/a>
Russ McRee
Detection Lab: Visibility & Introspection for Defenders
2017-06-17/a>
Guy Bruneau
Mapping Use Cases to Logs. Which Logs are the Most Important to Collect?
2016-08-29/a>
Russ McRee
Recommended Reading: Intrusion Detection Using Indicators of Compromise Based on Best Practices and Windows Event Logs
2015-02-10/a>
Mark Baggett
Detecting Mimikatz Use On Your Network
2014-09-27/a>
Guy Bruneau
What has Bash and Heartbleed Taught Us?
2013-12-16/a>
Tom Webb
The case of Minerd
2013-08-19/a>
Johannes Ullrich
Running Snort on ESXi using the Distributed Switch
2012-09-02/a>
Lorna Hutcheson
Demonstrating the value of your Intrusion Detection Program and Analysts
2012-08-16/a>
Johannes Ullrich
A Poor Man's DNS Anomaly Detection Script
2008-11-16/a>
Maarten Van Horenbeeck
Detection of Trojan control channels
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Forums
Auditing
Diary Discussions
Forensics
General Discussions
Industry News
Network Security
Penetration Testing
Software Security
Contact Us
Contact Us
About Us
Handlers
Slack Channel
Mastodon
Twitter
Make the web a better place by
sharing the SANS Internet Storm Center
with others
