Diaries by Keyword - SANS Internet Storm Center

Handler on Duty: Jesse La Grew

Threat Level: green

Date	Author	Title
2025-05-08	Xavier Mertens	No Internet Access? SSH to the Rescue!
2025-01-18	Jim Clausing	New tool: immutable.py
2024-11-19	Xavier Mertens	Detecting the Presence of a Debugger in Linux
2024-10-09	Xavier Mertens	From Perfctl to InfoStealer
2024-07-08	Xavier Mertens	Kunai: Keep an Eye on your Linux Hosts Activity
2024-06-20	Guy Bruneau	No Excuses, Free Tools to Help Secure Authentication in Ubuntu Linux [Guest Diary]
2024-04-29	Guy Bruneau	Linux Trojan - Xorddos with Filename eyshcjdmzg
2023-07-24	Rob VandenBrink	JQ: Another Tool We Thought We Knew
2023-07-01	Russ McRee	Sandfly Security
2023-03-11	Xavier Mertens	Overview of a Mirai Payload Generator
2023-01-26	Tom Webb	Live Linux IR with UAC
2023-01-23	Xavier Mertens	Who's Resolving This Domain?
2022-12-20	Xavier Mertens	Linux File System Monitoring & Actions
2021-11-21	Didier Stevens	Backdooring PAM
2021-09-20	Johannes Ullrich	#OMIGOD Exploits Captured in the Wild. Researchers responsible for half of scans for related ports.
2020-07-19	Guy Bruneau	Scanning Activity for ZeroShell Unauthenticated Access
2020-07-11	Guy Bruneau	Scanning Home Internet Facing Devices to Exploit
2019-06-18	Johannes Ullrich	What You Need To Know About TCP "SACK Panic"
2018-10-26	Xavier Mertens	Dissecting Malicious Office Documents with Linux
2018-10-17	Russ McRee	RedHunt Linux - Adversary Emulation, Threat Hunting & Intelligence
2018-08-05	Didier Stevens	Video: Maldoc analysis with standard Linux tools
2017-10-18	Renato Marinho	Baselining Servers to Detect Outliers
2017-06-14	Xavier Mertens	Systemd Could Fallback to Google DNS?
2016-07-27	Xavier Mertens	Analyze of a Linux botnet client source code
2016-05-18	Russ McRee	Resources: Windows Auditing & Monitoring, Linux 2FA
2016-05-08	Jim Clausing	Guest Diary: Linux Capabilities - A friend and foe
2016-03-28	Xavier Mertens	Improving Bash Forensics Capabilities
2014-11-25	Adrien de Beaupre	Less is, umm, less?
2014-08-16	Lenny Zeltser	Web Server Attack Investigation - Installing a Bot and Reverse Shell via a PHP Vulnerability
2014-03-07	Tom Webb	Linux Memory Dump with Rekall
2013-12-24	Daniel Wesemann	Unfriendly crontab additions
2013-05-14	Swa Frantzen	CVE-2013-2094: Linux privilege escalation
2011-08-31	Johannes Ullrich	Kernel.org Compromise
2011-07-31	Daniel Wesemann	Anatomy of a Unix breach
2011-06-01	Johannes Ullrich	Enabling Privacy Enhanced Addresses for IPv6
2011-05-01	Deborah Hale	Droid MarketPlace Has a New App
2010-09-17	Robert Danford	Circa 2007 Linux Kernel Vulnerability Resurfaces (Was CVE-2007-4573, Now CVE-2010-3301)
2009-07-17	Bojan Zdrnja	A new fascinating Linux kernel vulnerability
2008-07-31	Swa Frantzen	Linus - Linux and Security - follow-up
2008-07-29	Swa Frantzen	Linus - Linux and Security
2008-06-10	Swa Frantzen	Linux ASN.1 BER kernel buffer overflow
2008-05-13	Swa Frantzen	OpenSSH: Predictable PRNG in debian and ubuntu Linux