Diaries by Keyword - SANS Internet Storm Center

Participate: Learn more about our honeypot network
https://isc.sans.edu/tools/honeypot/

Handler on Duty: Didier Stevens

Threat Level: green

Date	Author	Title
2023-02-12	Jesse La Grew	PCAP Data Analysis with Zeek
2023-01-02	Xavier Mertens	NetworkMiner 2.8 Released
2022-11-14	Jesse La Grew	Extracting 'HTTP CONNECT' Requests with Python
2022-11-02	Brad Duncan	Who put the "Dark" in DarkVNC?
2021-12-22	Brad Duncan	December 2021 Forensic Contest: Answers and Analysis
2021-12-08	Brad Duncan	December 2021 Forensic Challenge
2021-11-04	Brad Duncan	October 2021 Forensic Contest: Answers and Analysis
2021-10-22	Brad Duncan	October 2021 Contest: Forensic Challenge
2021-06-30	Brad Duncan	June 2021 Forensic Contest: Answers and Analysis
2021-06-17	Daniel Wesemann	Network Forensics on Azure VMs (Part #1)
2021-05-23	Didier Stevens	Video: Making Sense Of Encrypted Cobalt Strike Traffic
2021-05-19	Brad Duncan	May 2021 Forensic Contest: Answers and Analysis
2021-05-05	Brad Duncan	May 2021 Forensic Contest
2021-04-18	Didier Stevens	Decoding Cobalt Strike Traffic
2021-04-12	Didier Stevens	Example of Cleartext Cobalt Strike Traffic (Thanks Brad)
2021-04-01	Brad Duncan	April 2021 Forensic Quiz
2021-03-07	Didier Stevens	PCAPs and Beacons
2021-01-30	Guy Bruneau	PacketSifter as Network Parsing and Telemetry Tool
2021-01-05	Johannes Ullrich	Netfox Detective: An Alternative Open-Source Packet Analysis Tool
2020-12-03	Brad Duncan	Traffic Analysis Quiz: Mr Natural
2020-11-11	Brad Duncan	Traffic Analysis Quiz: DESKTOP-FX23IK5
2020-09-15	Brad Duncan	Traffic Analysis Quiz: Oh No... Another Infection!
2020-08-05	Brad Duncan	Traffic Analysis Quiz: What's the Malware From This Infection?
2020-07-15	Brad Duncan	Word docs with macros for IcedID (Bokbot)
2020-05-20	Brad Duncan	Microsoft Word document with malicious macro pushes IcedID (Bokbot)
2020-04-08	Brad Duncan	German malspam pushes ZLoader malware
2020-04-01	Brad Duncan	Qakbot malspam sent from an infected Windows host
2020-01-05	Didier Stevens	etl2pcapng: Convert .etl Capture Files To .pcapng Format
2019-12-24	Brad Duncan	Malspam with links to Word docs pushes IcedID (Bokbot)
2019-12-03	Brad Duncan	Ursnif infection with Dridex
2019-11-27	Brad Duncan	Finding an Agent Tesla malware sample
2019-10-29	Xavier Mertens	Generating PCAP Files from YAML
2019-10-09	Brad Duncan	What data does Vidar malware steal from an infected host?
2019-10-03	Jim Clausing	Buffer overflows found in libpcap and tcpdump
2019-05-22	Johannes Ullrich	An Update on the Microsoft Windows RDP "Bluekeep" Vulnerability (CVE-2019-0708) [now with pcaps]
2019-03-18	Didier Stevens	Wireshark 3.0.0 and Npcap: Some Remarks
2019-03-11	Didier Stevens	Wireshark 3.0.0 and Npcap
2018-11-18	Guy Bruneau	Multipurpose PCAP Analysis Tool
2018-08-15	Xavier Mertens	Truncating Payloads and Anonymizing PCAP files
2018-06-06	Xavier Mertens	Converting PCAP Web Traffic to Apache Log
2018-01-18	Xavier Mertens	Comment your Packet Captures!
2017-09-28	Xavier Mertens	The easy way to analyze huge amounts of PCAP data
2017-05-26	Lorna Hutcheson	File2pcap - A new tool for your toolkit!
2017-01-28	Lorna Hutcheson	Packet Analysis - Where do you start?
2014-06-04	Richard Porter	p0f, Got Packets?
2013-12-01	Richard Porter	BPF, PCAP, Binary, hex, why they matter?
2013-06-05	Richard Porter	Wireshark 1.10.0 Stable Released http://www.wireshark.org/download.html
2011-10-23	Guy Bruneau	tcpdump and IPv6
2010-07-04	Manuel Humberto Santander Pelaez	New Winpcap Version
2010-03-27	Guy Bruneau	Create a Summary of IP Addresses from PCAP Files using Unix Tools
2009-11-25	Jim Clausing	Updates to my GREM Gold scripts and a new script
2009-08-13	Jim Clausing	Tools for extracting files from pcaps
2009-06-28	Guy Bruneau	IP Address Range Search with libpcap