Internet Storm Center
Sign In
Sign Up
Participate: Learn more about our honeypot network
https://isc.sans.edu/tools/honeypot/
Handler on Duty:
Jesse La Grew
Threat Level:
green
Date
Author
Title
PAC FILE
2016-08-24
Xavier Mertens
Example of Targeted Attack Through a Proxy PAC File
PAC
2023-02-01/a>
Jesse La Grew
Rotating Packet Captures with pfSense
2023-01-15/a>
Johannes Ullrich
Elon Musk Themed Crypto Scams Flooding YouTube Today
2022-11-29/a>
Johannes Ullrich
Packet Tuesday Episode 3: TCP Urgent Flag. https://packettuesday.com
2022-09-01/a>
Johannes Ullrich
Jolokia Scans: Possible Hunt for Vulnerable Apache Geode Servers (CVE-2022-37021)
2022-02-26/a>
Guy Bruneau
Using Snort IDS Rules with NetWitness PacketDecoder
2022-01-27/a>
Johannes Ullrich
Apple Patches Everything
2021-12-18/a>
Guy Bruneau
VMware Security Update - https://www.vmware.com/security/advisories/VMSA-2021-0030.html
2021-12-03/a>
Xavier Mertens
The UPX Packer Will Never Die!
2021-10-16/a>
Guy Bruneau
Apache is Actively Scan for CVE-2021-41773 & CVE-2021-42013
2021-10-06/a>
Johannes Ullrich
Apache 2.4.49 Directory Traversal Vulnerability (CVE-2021-41773)
2021-08-24/a>
Johannes Ullrich
Attackers Hunting For Twilio Credentials
2021-06-17/a>
Daniel Wesemann
Network Forensics on Azure VMs (Part #1)
2021-04-10/a>
Guy Bruneau
Building an IDS Sensor with Suricata & Zeek with Logs to ELK
2021-01-30/a>
Guy Bruneau
PacketSifter as Network Parsing and Telemetry Tool
2021-01-21/a>
Xavier Mertens
Powershell Dropping a REvil Ransomware
2021-01-05/a>
Johannes Ullrich
Netfox Detective: An Alternative Open-Source Packet Analysis Tool
2020-05-31/a>
Guy Bruneau
Windows 10 Built-in Packet Sniffer - PktMon
2019-06-20/a>
Xavier Mertens
Using a Travel Packing App for Infosec Purpose
2019-05-19/a>
Guy Bruneau
Is Metadata Only Approach, Good Enough for Network Traffic Analysis?
2019-02-24/a>
Guy Bruneau
Packet Editor and Builder by Colasoft
2018-06-06/a>
Xavier Mertens
Converting PCAP Web Traffic to Apache Log
2017-09-29/a>
Lorna Hutcheson
Good Analysis = Understanding(tools + logs + normal)
2017-09-17/a>
Guy Bruneau
rockNSM as a Incident Response Package
2017-04-28/a>
Russell Eubanks
KNOW before NO
2017-04-13/a>
Rob VandenBrink
Packet Captures Filtered by Process
2017-03-25/a>
Russell Eubanks
Distraction as a Service
2017-03-11/a>
Russell Eubanks
What's On Your Not To Do List?
2017-03-03/a>
Lorna Hutcheson
BitTorrent or Something Else?
2017-01-28/a>
Lorna Hutcheson
Packet Analysis - Where do you start?
2016-12-27/a>
Guy Bruneau
Using daemonlogger as a Software Tap
2016-11-05/a>
Xavier Mertens
Full Packet Capture for Dummies
2016-08-24/a>
Xavier Mertens
Example of Targeted Attack Through a Proxy PAC File
2016-07-05/a>
Johannes Ullrich
Apache Update: TLS Certificate Authentication Bypass with HTTP/2 (CVE-2016-4979)
2016-06-15/a>
Richard Porter
Warp Speed Ahead, L7 Open Source Packet Generator: Warp17
2015-10-12/a>
Guy Bruneau
Critical Vulnerability in Multiple Cisco Products - Apache Struts 2 Command Execution http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2
2014-09-19/a>
Guy Bruneau
Web Scan looking for /info/whitelist.pac
2014-08-17/a>
Rick Wanner
Part 2: Is your home network unwittingly contributing to NTP DDOS attacks?
2014-07-28/a>
Johannes Ullrich
Interesting HTTP User Agent "chroot-apach0day"
2014-07-05/a>
Guy Bruneau
Malware Analysis with pedump
2014-06-04/a>
Richard Porter
p0f, Got Packets?
2014-04-12/a>
Guy Bruneau
Critical Security Update for JetPack WordPress Plugin. Bug has existed since Jetpack 1.9, released in October 2012. - http://jetpack.me/2014/04/10/jetpack-security-update/
2014-03-18/a>
Mark Hofman
Call for packets dest 5000 or source 6000
2014-03-17/a>
Jim Clausing
New Apache web server release
2014-03-13/a>
Daniel Wesemann
Web server logs containing RS=^ ?
2014-02-04/a>
Johannes Ullrich
Odd ICMP Echo Request Payload
2014-01-31/a>
Chris Mohan
Looking for packets from three particular subnets
2013-12-01/a>
Richard Porter
BPF, PCAP, Binary, hex, why they matter?
2013-11-27/a>
Rob VandenBrink
Apache 2.4.7 is released 11/25. Download: http://httpd.apache.org/download.cgi#apache24 and Readme: http://apache.mirror.iweb.ca//httpd/CHANGES_2.4.7
2013-11-13/a>
Johannes Ullrich
Packet Challenge for the Hivemind: What's happening with this Ethernet header?
2013-06-05/a>
Richard Porter
Wireshark 1.10.0 Stable Released http://www.wireshark.org/download.html
2013-05-19/a>
Kevin Shortt
Port 51616 - Got Packets?
2013-04-30/a>
Russ McRee
Apache binary backdoor adds malicious redirect to Blackhole
2013-04-13/a>
Johannes Ullrich
Protocol 61: Anybody got packets?
2013-03-19/a>
Johannes Ullrich
Windows 7 SP1 and Windows Server 2008 R2 SP1 Being "pushed" today
2012-12-22/a>
Guy Bruneau
New Poll - Which of the following issues impacted the most your business in 2012? - https://isc.sans.edu/poll.html
2012-09-13/a>
Mark Baggett
TCP Fuzzing with Scapy
2012-05-23/a>
Mark Baggett
IP Fragmentation Attacks
2012-05-14/a>
Mark Hofman
Got packets? Interested in TCP/8909, TCP/6666, TCP/9415, TCP/27977 and UDP/7
2012-02-22/a>
Johannes Ullrich
Apache 2.4 Features
2012-02-07/a>
Jim Clausing
Book Review: Practical Packet Analysis, 2nd ed
2011-10-06/a>
Rob VandenBrink
Apache HTTP Server mod_proxy reverse proxy issue
2011-08-30/a>
Johannes Ullrich
A Packet Challenge: Help us identify this traffic
2011-08-30/a>
Johannes Ullrich
Apache patch out for "byte range" DoS vulnerability http://www.apache.org/dist/httpd/Announcement2.2.html
2011-08-25/a>
Kevin Shortt
Revival of an Unpatched Apache HTTPD DoS
2011-03-07/a>
Lorna Hutcheson
Call for Packets - Unassigned TCP Options
2011-02-24/a>
Johannes Ullrich
Windows 7 / 2008 R2 Service Pack 1 Problems
2011-02-23/a>
Johannes Ullrich
Windows 7 Service Pack 1 out
2011-01-25/a>
Johannes Ullrich
Packet Tricks with xxd
2011-01-15/a>
Jim Clausing
What's up with port 8881?
2010-09-28/a>
Daniel Wesemann
Strange packet: "daylight rekick", anyone?
2010-09-16/a>
Johannes Ullrich
A Packet a Day
2010-08-22/a>
Manuel Humberto Santander Pelaez
SCADA: A big challenge for information security professionals
2010-04-13/a>
Johannes Ullrich
Apache.org Bugtracker Breach
2010-03-07/a>
Mari Nichols
Apache releases version 2.2.15 with 5 security fixes including OpenSSL issue.
2010-02-16/a>
Johannes Ullrich
Teredo "stray packet" analysis
2010-01-25/a>
William Salusky
"Bots and Spiders and Crawlers, be gone!" - or - "New Open Source WebAppSec tools, Huzzah!"
2009-11-18/a>
Rob VandenBrink
Using a Cisco Router as a “Remote Collector” for tcpdump or Wireshark
2009-11-03/a>
Bojan Zdrnja
Opachki, from (and to) Russia with love
2009-10-14/a>
Johannes Ullrich
Odd Apache/MSIE issue with downloads from ISC
2009-08-28/a>
Adrien de Beaupre
apache.org compromised
2009-06-23/a>
Bojan Zdrnja
Slowloris and Iranian DDoS attacks
2009-06-21/a>
Bojan Zdrnja
Apache HTTP DoS tool mitigation
2009-06-18/a>
Bojan Zdrnja
Apache HTTP DoS tool released
2009-05-07/a>
Jim Clausing
A packet challenge and how I solved it
2009-05-01/a>
Adrien de Beaupre
Odd packets
2009-04-07/a>
Johannes Ullrich
Common Apache Misconception
2009-01-12/a>
William Salusky
Web Application Firewalls (WAF) - Have you deployed WAF technology?
2009-01-03/a>
Rick Wanner
RAID != Backup
2008-11-17/a>
Jim Clausing
A new cheat sheet and a contest
2008-10-09/a>
Bojan Zdrnja
Watch that .htaccess file on your web site
2008-09-22/a>
Jim Clausing
More on tools/resources/blogs
2008-07-15/a>
Maarten Van Horenbeeck
BlackBerry PDF parsing vulnerability
2008-06-07/a>
Jim Clausing
What's going on with these ports? Got packets?
2008-05-26/a>
Marcus Sachs
Port 1533 on the Rise
2008-04-27/a>
Marcus Sachs
What's With Port 20329?
2008-04-25/a>
Joel Esler
Some packets perhaps?
2008-04-22/a>
donald smith
Maximus root kit downloads via MySpace social engineering trick.
2008-04-16/a>
William Stearns
Passer, a aassive machine and service sniffer
2008-03-23/a>
Johannes Ullrich
Finding hidden gems (easter eggs) in your logs (packet challenge!)
2006-10-17/a>
Arrigo Triulzi
Hacking Tor, the anonymity onion routing network
FILE
2023-01-21/a>
Guy Bruneau
DShield Sensor JSON Log to Elasticsearch
2023-01-04/a>
Rob VandenBrink
Update to RTRBK - Diff and File Dates in PowerShell
2022-12-20/a>
Xavier Mertens
Linux File System Monitoring & Actions
2022-07-25/a>
Xavier Mertens
PowerShell Script with Fileless Capability
2022-07-17/a>
Didier Stevens
Python: Files In Use By Another Process
2022-06-25/a>
Xavier Mertens
Malicious Code Passed to PowerShell via the Clipboard
2022-06-04/a>
Guy Bruneau
Spam Email Contains a Very Large ISO file
2022-06-03/a>
Xavier Mertens
Sandbox Evasion... With Just a Filename!
2022-05-29/a>
Didier Stevens
Extracting The Overlay Of A PE File
2022-05-28/a>
Didier Stevens
Huge Signed PE File: Keeping The Signature
2022-05-26/a>
Didier Stevens
Huge Signed PE File
2022-05-23/a>
Johannes Ullrich
Attacker Scanning for jQuery-File-Upload
2022-05-20/a>
Xavier Mertens
A 'Zip Bomb' to Bypass Security Controls & Sandboxes
2022-03-24/a>
Xavier Mertens
Malware Delivered Through Free Sharing Tool
2021-09-11/a>
Guy Bruneau
Shipping to Elasticsearch Microsoft DNS Logs
2021-05-02/a>
Didier Stevens
PuTTY And FileZilla Use The Same Fingerprint Registry Keys
2021-04-10/a>
Guy Bruneau
Building an IDS Sensor with Suricata & Zeek with Logs to ELK
2021-03-12/a>
Guy Bruneau
Microsoft DHCP Logs Shipped to ELK
2021-02-12/a>
Xavier Mertens
AgentTesla Dropped Through Automatic Click in Microsoft Help File
2020-06-12/a>
Xavier Mertens
Malicious Excel Delivering Fileless Payload
2020-05-22/a>
Didier Stevens
Some Strings to Remember
2020-05-04/a>
Didier Stevens
Sysmon and File Deletion
2020-03-21/a>
Guy Bruneau
Honeypot - Scanning and Targeting Devices & Services
2019-10-03/a>
Xavier Mertens
"Lost_Files" Ransomware
2019-08-04/a>
Didier Stevens
Detecting ZLIB Compression
2019-02-19/a>
Didier Stevens
Identifying Files: Failure Happens
2018-11-05/a>
Johannes Ullrich
Struts 2.3 Vulnerable to Two Year old File Upload Flaw
2017-11-29/a>
Xavier Mertens
Fileless Malicious PowerShell Sample
2017-10-30/a>
Didier Stevens
PE files and debug info
2017-10-24/a>
Xavier Mertens
Stop relying on file extensions
2017-07-19/a>
Xavier Mertens
Bots Searching for Keys & Config Files
2017-07-02/a>
Didier Stevens
PE Section Name Descriptions
2017-05-26/a>
Lorna Hutcheson
File2pcap - A new tool for your toolkit!
2016-08-24/a>
Xavier Mertens
Example of Targeted Attack Through a Proxy PAC File
2016-05-21/a>
Didier Stevens
Python Malware - Part 2
2016-03-30/a>
Xavier Mertens
What to watch with your FIM?
2016-01-20/a>
Xavier Mertens
/tmp, %TEMP%, ~/Desktop, T:\, ... A goldmine for pentesters!
2015-07-12/a>
Didier Stevens
Jump List Files Are OLE Files
2014-03-17/a>
Johannes Ullrich
Scans for FCKEditor File Manager
2014-02-28/a>
Daniel Wesemann
Oversharing
2014-01-11/a>
Guy Bruneau
tcpflow 1.4.4 and some of its most Interesting Features
2013-08-26/a>
Alex Stanford
Stop, Drop and File Carve
2013-08-21/a>
Alex Stanford
Psst. Your Browser Knows All Your Secrets.
2011-11-28/a>
Tom Liston
A Puzzlement...
2011-08-15/a>
Mark Hofman
How to find unwanted files on workstations
2009-12-28/a>
Johannes Ullrich
8 Basic Rules to Implement Secure File Uploads http://jbu.me/48 (inspired by IIS ; bug)
2009-08-13/a>
Jim Clausing
Tools for extracting files from pcaps
2009-06-27/a>
Tony Carothers
New NIAP Strategy on the Horizon
2009-05-27/a>
donald smith
Host file black lists
2009-05-25/a>
Jim Clausing
More tools for (US) Memorial Day
2008-03-13/a>
Jason Lam
Remote File Include spoof!?
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Forums
Auditing
Diary Discussions
Forensics
General Discussions
Industry News
Network Security
Penetration Testing
Software Security
Contact Us
Contact Us
About Us
Handlers
Slack Channel
Mastodon
Twitter
Have you seen our swag?
Buy SANS ISC Gear