Diaries by Keyword - SANS Internet Storm Center

Participate: Learn more about our honeypot network
https://isc.sans.edu/tools/honeypot/

Handler on Duty: Brad Duncan

Threat Level: green

Date	Author	Title
2023-03-11	Xavier Mertens	Overview of a Mirai Payload Generator
2023-01-26	Tom Webb	Live Linux IR with UAC
2023-01-23	Xavier Mertens	Who's Resolving This Domain?
2022-12-20	Xavier Mertens	Linux File System Monitoring & Actions
2021-11-21	Didier Stevens	Backdooring PAM
2021-09-20	Johannes Ullrich	#OMIGOD Exploits Captured in the Wild. Researchers responsible for half of scans for related ports.
2020-07-19	Guy Bruneau	Scanning Activity for ZeroShell Unauthenticated Access
2020-07-11	Guy Bruneau	Scanning Home Internet Facing Devices to Exploit
2019-06-18	Johannes Ullrich	What You Need To Know About TCP "SACK Panic"
2018-10-26	Xavier Mertens	Dissecting Malicious Office Documents with Linux
2018-10-17	Russ McRee	RedHunt Linux - Adversary Emulation, Threat Hunting & Intelligence
2018-08-05	Didier Stevens	Video: Maldoc analysis with standard Linux tools
2017-10-18	Renato Marinho	Baselining Servers to Detect Outliers
2017-06-14	Xavier Mertens	Systemd Could Fallback to Google DNS?
2016-07-27	Xavier Mertens	Analyze of a Linux botnet client source code
2016-05-18	Russ McRee	Resources: Windows Auditing & Monitoring, Linux 2FA
2016-05-08	Jim Clausing	Guest Diary: Linux Capabilities - A friend and foe
2016-03-28	Xavier Mertens	Improving Bash Forensics Capabilities
2014-11-25	Adrien de Beaupre	Less is, umm, less?
2014-08-16	Lenny Zeltser	Web Server Attack Investigation - Installing a Bot and Reverse Shell via a PHP Vulnerability
2014-03-07	Tom Webb	Linux Memory Dump with Rekall
2013-12-24	Daniel Wesemann	Unfriendly crontab additions
2013-05-14	Swa Frantzen	CVE-2013-2094: Linux privilege escalation
2011-08-31	Johannes Ullrich	Kernel.org Compromise
2011-07-31	Daniel Wesemann	Anatomy of a Unix breach
2011-06-01	Johannes Ullrich	Enabling Privacy Enhanced Addresses for IPv6
2011-05-01	Deborah Hale	Droid MarketPlace Has a New App
2010-09-17	Robert Danford	Circa 2007 Linux Kernel Vulnerability Resurfaces (Was CVE-2007-4573, Now CVE-2010-3301)
2009-07-17	Bojan Zdrnja	A new fascinating Linux kernel vulnerability
2008-07-31	Swa Frantzen	Linus - Linux and Security - follow-up
2008-07-29	Swa Frantzen	Linus - Linux and Security
2008-06-10	Swa Frantzen	Linux ASN.1 BER kernel buffer overflow
2008-05-13	Swa Frantzen	OpenSSH: Predictable PRNG in debian and ubuntu Linux