Diaries by Keyword - SANS Internet Storm Center

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Handler on Duty: Didier Stevens

Threat Level: green

Date	Author	Title
MIMIKATZ DETECTION
2015-02-10	Mark Baggett	Detecting Mimikatz Use On Your Network
MIMIKATZ
2019-08-22/a>	Xavier Mertens	Simple Mimikatz & RDPWrapper Dropper
2017-05-03/a>	Bojan Zdrnja	Powershelling with exploits
2015-12-14/a>	Russ McRee	AD Security's Unofficial Guide to Mimikatz & Command Reference
2015-02-10/a>	Mark Baggett	Detecting Mimikatz Use On Your Network
DETECTION
2022-09-26/a>	Xavier Mertens	Easy Python Sandbox Detection
2021-12-28/a>	Russ McRee	LotL Classifier tests for shells, exfil, and miners
2021-04-02/a>	Xavier Mertens	C2 Activity: Sandboxes or Real Victims?
2020-11-20/a>	Xavier Mertens	Malicious Python Code and LittleSnitch Detection
2017-12-14/a>	Russ McRee	Detection Lab: Visibility & Introspection for Defenders
2017-06-17/a>	Guy Bruneau	Mapping Use Cases to Logs. Which Logs are the Most Important to Collect?
2016-08-29/a>	Russ McRee	Recommended Reading: Intrusion Detection Using Indicators of Compromise Based on Best Practices and Windows Event Logs
2015-02-10/a>	Mark Baggett	Detecting Mimikatz Use On Your Network
2014-09-27/a>	Guy Bruneau	What has Bash and Heartbleed Taught Us?
2013-12-16/a>	Tom Webb	The case of Minerd
2013-08-19/a>	Johannes Ullrich	Running Snort on ESXi using the Distributed Switch
2012-09-02/a>	Lorna Hutcheson	Demonstrating the value of your Intrusion Detection Program and Analysts
2012-08-16/a>	Johannes Ullrich	A Poor Man's DNS Anomaly Detection Script
2008-11-16/a>	Maarten Van Horenbeeck	Detection of Trojan control channels