Threat Level: green Handler on Duty: Brad Duncan

SANS ISC Diaries by Keyword


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
DateAuthorTitle

PACKET ANALYSIS

2012-05-23Mark BaggettIP Fragmentation Attacks
2012-02-07Jim ClausingBook Review: Practical Packet Analysis, 2nd ed

PACKET

2014-06-04/a>Richard Porterp0f, Got Packets?
2014-03-18/a>Mark HofmanCall for packets dest 5000 or source 6000
2014-02-04/a>Johannes UllrichOdd ICMP Echo Request Payload
2014-01-31/a>Chris MohanLooking for packets from three particular subnets
2013-12-01/a>Richard PorterBPF, PCAP, Binary, hex, why they matter?
2013-11-13/a>Johannes UllrichPacket Challenge for the Hivemind: What's happening with this Ethernet header?
2013-06-05/a>Richard PorterWireshark 1.10.0 Stable Released http://www.wireshark.org/download.html
2013-05-19/a>Kevin ShorttPort 51616 - Got Packets?
2013-04-13/a>Johannes UllrichProtocol 61: Anybody got packets?
2012-09-13/a>Mark BaggettTCP Fuzzing with Scapy
2012-05-23/a>Mark BaggettIP Fragmentation Attacks
2012-05-14/a>Mark HofmanGot packets? Interested in TCP/8909, TCP/6666, TCP/9415, TCP/27977 and UDP/7
2012-02-07/a>Jim ClausingBook Review: Practical Packet Analysis, 2nd ed
2011-08-30/a>Johannes UllrichA Packet Challenge: Help us identify this traffic
2011-03-07/a>Lorna HutchesonCall for Packets - Unassigned TCP Options
2011-01-25/a>Johannes UllrichPacket Tricks with xxd
2011-01-15/a>Jim ClausingWhat's up with port 8881?
2010-09-28/a>Daniel WesemannStrange packet: "daylight rekick", anyone?
2010-09-16/a>Johannes UllrichA Packet a Day
2010-02-16/a>Johannes UllrichTeredo "stray packet" analysis
2009-11-18/a>Rob VandenBrinkUsing a Cisco Router as a “Remote Collector” for tcpdump or Wireshark
2009-05-07/a>Jim ClausingA packet challenge and how I solved it
2009-05-01/a>Adrien de BeaupreOdd packets
2008-11-17/a>Jim ClausingA new cheat sheet and a contest
2008-09-22/a>Jim ClausingMore on tools/resources/blogs
2008-06-07/a>Jim ClausingWhat's going on with these ports? Got packets?
2008-05-26/a>Marcus SachsPort 1533 on the Rise
2008-04-27/a>Marcus SachsWhat's With Port 20329?
2008-04-25/a>Joel EslerSome packets perhaps?
2008-04-16/a>William StearnsPasser, a aassive machine and service sniffer
2008-03-23/a>Johannes UllrichFinding hidden gems (easter eggs) in your logs (packet challenge!)
2006-10-17/a>Arrigo TriulziHacking Tor, the anonymity onion routing network

ANALYSIS

2015-05-03/a>Russ McReeVolDiff, for memory image differential analysis
2014-07-05/a>Guy BruneauMalware Analysis with pedump
2014-04-21/a>Daniel WesemannFinding the bleeders
2014-03-13/a>Daniel WesemannWeb server logs containing RS=^ ?
2014-01-14/a>Chris MohanSpamming and scanning botnets - is there something I can do to block them from my site?
2013-10-28/a>Daniel WesemannExploit cocktail (Struts, Java, Windows) going after 3-month old vulnerabilities
2013-06-18/a>Russ McReeVolatility rules...any questions?
2013-05-11/a>Lenny ZeltserExtracting Digital Signatures from Signed Malware
2013-03-09/a>Guy BruneauIPv6 Focus Month: IPv6 Encapsulation - Protocol 41
2013-02-03/a>Lorna HutchesonIs it Really an Attack?
2013-01-08/a>Jim ClausingCuckoo 0.5 is out and the world didn't end
2012-12-02/a>Guy BruneauCollecting Logs from Security Devices at Home
2012-09-19/a>Kevin ListonVolatility: 2.2 is Coming Soon
2012-09-14/a>Lenny ZeltserAnalyzing Malicious RTF Files Using OfficeMalScanner's RTFScan
2012-06-21/a>Russ McReeAnalysis of drive-by attack sample set
2012-06-04/a>Lenny ZeltserDecoding Common XOR Obfuscation in Malicious Code
2012-05-23/a>Mark BaggettIP Fragmentation Attacks
2012-03-03/a>Jim ClausingNew automated sandbox for Android malware
2012-02-07/a>Jim ClausingBook Review: Practical Packet Analysis, 2nd ed
2011-05-20/a>Guy BruneauSysinternals Updates, Analyzing Stuxnet Infection with Sysinternals Tools Part 3
2011-04-14/a>Adrien de BeaupreSysinternals updates, a new blog post, and webcast
2011-02-01/a>Lenny ZeltserThe Importance of HTTP Headers When Investigating Malicious Sites
2010-08-09/a>Jim ClausingFree/inexpensive tools for monitoring systems/networks
2010-07-21/a>Adrien de Beaupreautorun.inf and .lnk Malware (NOT 'Vulnerability in Windows Shell Could Allow Remote Code Execution' 2286198)
2010-05-26/a>Bojan ZdrnjaMalware modularization and AV detection evasion
2010-04-11/a>Marcus SachsNetwork and process forensics toolset
2010-03-26/a>Daniel WesemannGetting the EXE out of the RTF again
2010-02-13/a>Lorna HutchesonNetwork Traffic Analysis in Reverse
2010-01-14/a>Bojan ZdrnjaPDF Babushka
2010-01-07/a>Daniel WesemannStatic analysis of malicious PDFs
2010-01-07/a>Daniel WesemannStatic analysis of malicous PDFs (Part #2)
2009-11-25/a>Jim ClausingUpdates to my GREM Gold scripts and a new script
2009-11-03/a>Bojan ZdrnjaOpachki, from (and to) Russia with love
2009-09-25/a>Lenny ZeltserCategories of Common Malware Traits
2009-07-26/a>Jim ClausingNew Volatility plugins
2009-07-02/a>Daniel WesemannGetting the EXE out of the RTF
2009-04-15/a>Marcus Sachs2009 Data Breach Investigation Report
2009-03-13/a>Bojan ZdrnjaWhen web application security, Microsoft and the AV vendors all fail
2009-02-10/a>Bojan ZdrnjaMore tricks from Conficker and VM detection
2009-02-09/a>Bojan ZdrnjaSome tricks from Conficker's bag
2009-01-18/a>Daniel Wesemann3322. org
2009-01-15/a>Bojan ZdrnjaConficker's autorun and social engineering
2009-01-07/a>Bojan ZdrnjaAn Israeli patriot program or a trojan
2009-01-02/a>Rick WannerTools on my Christmas list.
2008-12-13/a>Jim ClausingFollowup from last shift and some research to do.
2008-11-17/a>Marcus SachsNew Tool: NetWitness Investigator
2008-11-17/a>Jim ClausingFinding stealth injected DLLs
2008-09-03/a>Daniel WesemannStatic analysis of Shellcode - Part 2
2008-07-07/a>Pedro BuenoBad url classification
2006-10-02/a>Jim ClausingReader's tip of the day: ratios vs. raw counts
2006-09-18/a>Jim ClausingLog analysis follow up
2006-09-09/a>Jim ClausingLog Analysis tips?
2006-09-09/a>Jim ClausingA few preliminary log analysis thoughts