Diaries by Keyword - SANS Internet Storm Center

Handler on Duty: Didier Stevens

Threat Level: green

Date	Author	Title
NETWORK TRAFFIC
2022-01-25	Brad Duncan	Emotet Stops Using 0.0.0.0 in Spambot Traffic
2015-03-16	Johannes Ullrich	Automatically Documenting Network Connections From New Devices Connected to Home Networks
2013-02-03	Lorna Hutcheson	Is it Really an Attack?
NETWORK
2025-03-26/a>	Jesse La Grew	[Guest Diary] Leveraging CNNs and Entropy-Based Feature Selection to Identify Potential Malware Artifacts of Interest
2023-08-26/a>	Xavier Mertens	macOS: Who?s Behind This Network Connection?
2023-01-02/a>	Xavier Mertens	NetworkMiner 2.8 Released
2022-01-25/a>	Brad Duncan	Emotet Stops Using 0.0.0.0 in Spambot Traffic
2021-12-06/a>	Xavier Mertens	The Importance of Out-of-Band Networks
2021-06-18/a>	Daniel Wesemann	Network Forensics on Azure VMs (Part #2)
2021-06-17/a>	Daniel Wesemann	Network Forensics on Azure VMs (Part #1)
2021-01-30/a>	Guy Bruneau	PacketSifter as Network Parsing and Telemetry Tool
2019-10-16/a>	Xavier Mertens	Security Monitoring: At Network or Host Level?
2019-10-06/a>	Russ McRee	visNetwork for Network Data
2019-07-20/a>	Guy Bruneau	Re-evaluating Network Security - It is Increasingly More Complex
2019-03-27/a>	Xavier Mertens	Running your Own Passive DNS Service
2018-06-06/a>	Xavier Mertens	Converting PCAP Web Traffic to Apache Log
2017-12-02/a>	Xavier Mertens	Using Bad Material for the Good
2017-09-28/a>	Xavier Mertens	The easy way to analyze huge amounts of PCAP data
2017-02-17/a>	Rob VandenBrink	RTRBK - Router / Switch / Firewall Backups in PowerShell (tool drop)
2017-01-13/a>	Xavier Mertens	Who's Attacking Me?
2017-01-12/a>	Mark Baggett	Some tools updates
2016-05-26/a>	Xavier Mertens	Keeping an Eye on Tor Traffic
2015-04-17/a>	Didier Stevens	Memory Forensics Of Network Devices
2015-03-16/a>	Johannes Ullrich	Automatically Documenting Network Connections From New Devices Connected to Home Networks
2014-10-13/a>	Lorna Hutcheson	For or Against: Port Security for Network Access Control
2014-06-03/a>	Basil Alawi S.Taher	An Introduction to RSA Netwitness Investigator
2014-01-24/a>	Chris Mohan	Phishing via Social Media
2013-11-30/a>	Russ McRee	A review of Tubes, A Journey to the Center of the Internet
2013-07-17/a>	Johannes Ullrich	Network Solutions Outage
2013-07-13/a>	Lenny Zeltser	Decoy Personas for Safeguarding Online Identity Using Deception
2013-02-03/a>	Lorna Hutcheson	Is it Really an Attack?
2012-12-31/a>	Manuel Humberto Santander Pelaez	How to determine which NAC solutions fits best to your needs
2012-08-30/a>	Bojan Zdrnja	Analyzing outgoing network traffic (part 2)
2012-08-23/a>	Bojan Zdrnja	Analyzing outgoing network traffic
2012-04-06/a>	Johannes Ullrich	Social Share Privacy
2011-08-05/a>	Johannes Ullrich	Microsoft Patch Tuesday Advance Notification: 13 Bulletins coming http://www.microsoft.com/technet/security/Bulletin/MS11-aug.mspx
2011-05-25/a>	Lenny Zeltser	Monitoring Social Media for Security References to Your Organization
2011-02-14/a>	Lorna Hutcheson	Network Visualization
2011-01-23/a>	Richard Porter	Crime is still Crime!
2010-12-21/a>	Rob VandenBrink	Network Reliability, Part 2 - HSRP Attacks and Defenses
2010-11-22/a>	Lenny Zeltser	Brand Impersonations On-Line: Brandjacking and Social Networks
2010-11-08/a>	Manuel Humberto Santander Pelaez	Network Security Perimeter: How to choose the correct firewall and IPS for your environment?
2010-09-16/a>	Johannes Ullrich	Facebook "Like Pages"
2010-08-05/a>	Rob VandenBrink	Access Controls for Network Infrastructure
2010-07-07/a>	Kevin Shortt	Facebook, Facebook, What Do YOU See?
2010-06-10/a>	Deborah Hale	Top 5 Social Networking Media Risks
2010-04-18/a>	Guy Bruneau	Some NetSol hosted sites breached
2009-12-07/a>	Rob VandenBrink	Layer 2 Network Protections – reloaded!
2009-11-25/a>	Jim Clausing	Tool updates
2009-11-11/a>	Rob VandenBrink	Layer 2 Network Protections against Man in the Middle Attacks
2009-08-13/a>	Jim Clausing	New and updated cheat sheets
2009-08-03/a>	Mark Hofman	Switch hardening on your network
2009-07-28/a>	Adrien de Beaupre	YYAMCCBA
2009-05-28/a>	Jim Clausing	Stego in TCP retransmissions
2009-05-18/a>	Rick Wanner	Cisco SAFE Security Reference Guide Updated
2008-04-07/a>	John Bambenek	Network Solutions Technical Difficulties? Enom too
TRAFFIC
2025-03-12/a>	Guy Bruneau	File Hashes Analysis with Power BI from Data Stored in DShield SIEM
2025-03-06/a>	Guy Bruneau	DShield Traffic Analysis using ELK
2024-10-17/a>	Guy Bruneau	Scanning Activity from Subnet 15.184.0.0/16
2024-09-11/a>	Guy Bruneau	Hygiene, Hygiene, Hygiene! [Guest Diary]
2024-08-30/a>	Jesse La Grew	Simulating Traffic With Scapy
2024-02-03/a>	Guy Bruneau	DShield Sensor Log Collection with Elasticsearch
2023-01-02/a>	Xavier Mertens	NetworkMiner 2.8 Released
2022-01-25/a>	Brad Duncan	Emotet Stops Using 0.0.0.0 in Spambot Traffic
2021-11-07/a>	Didier Stevens	Video: Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory
2021-11-06/a>	Didier Stevens	Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory
2021-10-25/a>	Didier Stevens	Decrypting Cobalt Strike Traffic With a "Leaked" Private Key
2021-04-10/a>	Guy Bruneau	Building an IDS Sensor with Suricata & Zeek with Logs to ELK
2020-12-03/a>	Brad Duncan	Traffic Analysis Quiz: Mr Natural
2020-11-11/a>	Brad Duncan	Traffic Analysis Quiz: DESKTOP-FX23IK5
2018-11-18/a>	Guy Bruneau	Multipurpose PCAP Analysis Tool
2016-05-14/a>	Guy Bruneau	INetSim as a Basic Honeypot
2015-03-16/a>	Johannes Ullrich	Automatically Documenting Network Connections From New Devices Connected to Home Networks
2013-12-02/a>	Richard Porter	Reports of higher than normal SSH Attacks
2013-03-09/a>	Guy Bruneau	IPv6 Focus Month: IPv6 Encapsulation - Protocol 41
2013-02-03/a>	Lorna Hutcheson	Is it Really an Attack?
2012-08-30/a>	Bojan Zdrnja	Analyzing outgoing network traffic (part 2)
2012-08-23/a>	Bojan Zdrnja	Analyzing outgoing network traffic
2011-01-15/a>	Jim Clausing	What's up with port 8881?
2009-01-21/a>	Raul Siles	Traffic increase for port UDP/8247

NETWORK TRAFFIC

NETWORK

TRAFFIC