Diaries by Keyword - SANS Internet Storm Center

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Handler on Duty: Jesse La Grew

Threat Level: green

Date	Author	Title
2022-11-02	Rob VandenBrink	Breakpoints in Burp
2022-10-17	Xavier Mertens	Fileless Powershell Dropper
2022-09-22	Xavier Mertens	RAT Delivered Through FODHelper
2022-09-03	Didier Stevens	Video: James Webb JPEG With Malware
2022-09-02	Didier Stevens	James Webb JPEG With Malware
2022-08-22	Xavier Mertens	32 or 64 bits Malware?
2022-07-05	Jan Kopriva	EternalBlue 5 years after WannaCry and NotPetya
2022-06-20	Johannes Ullrich	Odd TCP Fast Open Packets. Anybody understands why?
2022-05-29	Didier Stevens	Extracting The Overlay Of A PE File
2022-05-28	Didier Stevens	Huge Signed PE File: Keeping The Signature
2022-05-26	Didier Stevens	Huge Signed PE File
2022-04-11	Johannes Ullrich	Spring: It isn't just about Spring4Shell. Spring Cloud Function Vulnerabilities are being probed too.
2022-03-30	Johannes Ullrich	Java Springtime Confusion: What Vulnerability are We Talking About
2022-03-18	Johannes Ullrich	Scans for Movable Type Vulnerability (CVE-2021-20837)
2022-03-04	Johannes Ullrich	Scam E-Mail Impersonating Red Cross
2022-03-03	Johannes Ullrich	Attackers Search For Exposed "LuCI" Folders: Help me understand this attack
2022-02-11	Xavier Mertens	CinaRAT Delivered Through HTML ID Attributes
2022-01-31	Xavier Mertens	Be careful with RPMSG files
2021-12-31	Jan Kopriva	Do you want your Agent Tesla in the 300 MB or 8 kB package?
2021-12-21	Xavier Mertens	More Undetected PowerShell Dropper
2021-10-30	Guy Bruneau	Remote Desktop Protocol (RDP) Discovery
2021-08-04	Yee Ching Tok	Pivoting and Hunting for Shenanigans from a Reported Phishing Domain
2021-07-24	Bojan Zdrnja	Active Directory Certificate Services (ADCS - PKI) domain admin vulnerability
2021-07-20	Bojan Zdrnja	Summer of SAM - incorrect permissions on Windows 10/11 hives
2021-06-18	Daniel Wesemann	Open redirects ... and why Phishers love them
2021-05-29	Guy Bruneau	Spear-phishing Email Targeting Outlook Mail Clients
2021-05-14	Xavier Mertens	"Open" Access to Industrial Systems Interface is Also Far From Zero
2021-04-22	Xavier Mertens	How Safe Are Your Docker Images?
2021-03-16	Jan Kopriva	50 years of malware? Not really. 50 years of computer worms? That's a different story...
2021-03-04	Xavier Mertens	From VBS, PowerShell, C Sharp, Process Hollowing to RAT
2021-01-11	Rob VandenBrink	Using the NVD Database and API to Keep Up with Vulnerabilities and Patches - Tool Drop: CVEScan (Part 3 of 3)
2021-01-07	Rob VandenBrink	Using the NIST Database and API to Keep Up with Vulnerabilities and Patches (Part 1 of 3)
2020-12-29	Jan Kopriva	Want to know what's in a folder you don't have a permission to access? Try asking your AV solution...
2020-11-19	Xavier Mertens	PowerShell Dropper Delivering Formbook
2020-08-25	Xavier Mertens	Keep An Eye on LOLBins
2020-08-10	Bojan Zdrnja	Scoping web application and web service penetration tests
2020-06-30	Russ McRee	ISC Snapshot: SpectX IP Hitcount Query
2020-06-11	Xavier Mertens	Anti-Debugging JavaScript Techniques
2020-05-15	Rob VandenBrink	SHA3 Hashes (on Windows) - Where Art Thou?
2020-04-21	Russ McRee	SpectX: Log Parser for DFIR
2020-03-26	Xavier Mertens	Very Large Sample as Evasion Technique?
2020-03-15	Guy Bruneau	VPN Access and Activity Monitoring
2019-12-04	Jan Kopriva	Analysis of a strangely poetic malware
2019-11-29	Russ McRee	ISC Snapshot: Search with SauronEye
2019-10-22	Bojan Zdrnja	Testing TLSv1.3 and supported ciphers
2019-08-28	Johannes Ullrich	[Guest Diary] Open Redirect: A Small But Very Common Vulnerability
2019-08-22	Xavier Mertens	Simple Mimikatz & RDPWrapper Dropper
2019-08-21	Russ McRee	KAPE: Kroll Artifact Parser and Extractor
2019-08-15	Didier Stevens	Analysis of a Spearphishing Maldoc
2019-07-24	Xavier Mertens	May People Be Considered as IOC?
2019-05-16	Xavier Mertens	The Risk of Authenticated Vulnerability Scans
2019-04-26	Rob VandenBrink	Pillaging Passwords from Service Accounts
2019-04-01	Didier Stevens	Analysis of PDFs Created with OpenOffice/LibreOffice
2019-03-15	Remco Verhoef	Binary Analysis with Jupyter and Radare2
2019-02-17	Didier Stevens	Video: Finding Property Values in Office Documents
2019-02-16	Didier Stevens	Finding Property Values in Office Documents
2019-01-05	Didier Stevens	A Malicious JPEG? Second Example
2019-01-04	Didier Stevens	A Malicious JPEG?
2018-11-27	Xavier Mertens	More obfuscated shell scripts: Fake MacOS Flash update
2018-11-26	Russ McRee	ViperMonkey: VBA maldoc deobfuscation
2018-11-04	Pasquale Stirparo	Beyond good ol' LaunchAgent - part 1
2018-10-26	Xavier Mertens	Dissecting Malicious Office Documents with Linux
2018-10-21	Pasquale Stirparo	Beyond good ol’ LaunchAgent - part 0
2018-10-08	Guy Bruneau	Latest Release of rockNSM 2.1
2018-08-20	Didier Stevens	OpenSSH user enumeration (CVE-2018-15473)
2018-07-11	Remco Verhoef	Well, Hello Again Peppa!
2018-06-07	Remco Verhoef	Automated twitter loot collection
2018-05-24	Xavier Mertens	"Blocked" Does Not Mean "Forget It"
2018-05-07	Xavier Mertens	Adding Persistence Via Scheduled Tasks
2018-04-28	Rick Wanner	Microsoft Security Update for Spectre V2
2018-01-28	Didier Stevens	Is this a pentest?
2018-01-10	Russ McRee	GitHub InfoSec Threepeat: HELK, ptf, and VulnWhisperer
2018-01-08	Bojan Zdrnja	Meltdown and Spectre: clearing up the confusion
2017-11-25	Guy Bruneau	Benefits associated with the use of Open Source Software
2017-11-07	Xavier Mertens	Interesting VBA Dropper
2017-10-30	Didier Stevens	PE files and debug info
2017-10-08	Didier Stevens	A strange JPEG file
2017-09-10	Didier Stevens	Analyzing JPEG files
2017-09-06	Adrien de Beaupre	Modern Web Application Penetration Testing , Hash Length Extension Attacks
2017-08-10	Didier Stevens	Maldoc Analysis with ViperMonkey
2017-07-02	Didier Stevens	PE Section Name Descriptions
2017-06-28	Brad Duncan	Petya? I hardly know ya! - an ISC update on the 2017-06-27 ransomware outbreak
2017-05-18	Xavier Mertens	My Little CVE Bot
2017-05-05	Xavier Mertens	HTTP Headers... the Achilles' heel of many applications
2017-04-02	Guy Bruneau	IPFire - A Household Multipurpose Security Gateway
2016-11-25	Xavier Mertens	Free Software Quick Security Checklist
2016-11-02	Rob VandenBrink	What Does a Pentest Look Like?
2016-09-28	Xavier Mertens	SNMP Pwn3ge
2016-09-04	Russ McRee	Kali Linux 2016.2 Release: https://www.kali.org/news/kali-linux-20162-release/
2016-07-28	Bojan Zdrnja	Verifying SSL/TLS certificates manually
2016-07-27	Xavier Mertens	Critical Xen PV guests vulnerabilities
2016-06-15	Richard Porter	Warp Speed Ahead, L7 Open Source Packet Generator: Warp17
2016-05-21	Didier Stevens	Python Malware - Part 2
2016-05-03	Rick Wanner	OpenSSL Updates
2016-04-25	Guy Bruneau	Highlights from the 2016 HPE Annual Cyber Threat Report
2016-02-27	Guy Bruneau	OpenSSL Security Update Planned for 1 March Release
2016-02-22	Xavier Mertens	Reducing False Positives with Open Data Sources
2016-02-18	Xavier Mertens	Hunting for Executable Code in Windows Environments
2016-02-03	Xavier Mertens	Automating Vulnerability Scans
2016-01-31	Guy Bruneau	OpenSSL 1.0.2 Advisory and Update
2016-01-30	Xavier Mertens	All CVE Details at Your Fingertips
2016-01-20	Xavier Mertens	/tmp, %TEMP%, ~/Desktop, T:\, ... A goldmine for pentesters!
2015-12-23	Rob VandenBrink	Libraries and Dependencies - It Really is Turtles All The Way Down!
2015-12-22	Rick Wanner	The other Juniper vulnerability - CVE-2015-7756
2015-11-22	Guy Bruneau	OpenDNS Research Used to Predict Threat
2015-11-09	John Bambenek	ICYMI: Widespread Unserialize Vulnerability in Java
2015-10-27	Xavier Mertens	The "Yes, but..." syndrome
2015-03-17	Didier Stevens	From PEiD To YARA
2015-02-17	Rob VandenBrink	A Different Kind of Equation
2014-08-23	Guy Bruneau	NSS Labs Cyber Resilience Report
2014-08-12	Adrien de Beaupre	Host discovery with nmap
2014-08-09	Adrien de Beaupre	Complete application ownage via Multi-POST XSRF
2014-08-06	Chris Mohan	OpenSSL Security Advisories http://www.openssl.org/news/secadv_20140806.txt
2014-08-04	Russ McRee	Threats & Indicators: A Security Intelligence Lifecycle
2014-07-05	Guy Bruneau	Malware Analysis with pedump
2014-06-12	Johannes Ullrich	Metasploit now includes module to exploit CVE-2014-0195 (OpenSSL DTLS Fragment Vuln.)
2014-06-05	Johannes Ullrich	Critical OpenSSL Patch Available. Patch Now!
2014-06-05	Johannes Ullrich	Internet Storm Center Briefing on OpenSSL Vulnerabilities today at 12pm ET (8am PT/4pm UTC) https://www.sans.org/webcasts/98445
2014-06-05	Johannes Ullrich	More Details Regarding CVE-2014-0195 (DTLS arbitrary code execution)
2014-06-05	Johannes Ullrich	Updated OpenSSL Patch Presentation
2014-04-26	Guy Bruneau	New Project by Linux Foundation - Core Infrastructure Initiative
2014-04-21	Daniel Wesemann	OpenSSL Rampage
2014-04-21	Daniel Wesemann	Finding the bleeders
2014-04-15	Richard Porter	VMWare Advisory VMSA-2014-0004 - Updates on OpenSSL HeartBleed http://www.vmware.com/security/advisories/VMSA-2014-0004.html
2014-04-14	Kevin Shortt	INFOCon Green: Heartbleed - on the mend
2014-04-11	Johannes Ullrich	Tonight OpenSSL Webcast #4: Client Side Issues / What to tell your kids & managers about it https://www.sans.org/webcasts/side-heartbleed-client-vulnerabilities-98135
2014-04-08	Guy Bruneau	OpenSSL CVE-2014-0160 Fixed
2014-04-08	Johannes Ullrich	* Patch Now: OpenSSL "Heartbleed" Vulnerability
2014-04-01	Basil Alawi S.Taher	Upgrading Your Android, Elevating My Malware
2014-01-02	John Bambenek	OpenSSL.org Defaced by Attackers Gaining Access to Hypervisor
2014-01-01	Russ McRee	Six degrees of celebration: Juniper, ANT, Shodan, Maltego, Cisco, and Tails
2014-01-01	Russ McRee	Happy New Year from the Syrian Electronic Army - Skypeâ€™s Social Media Accounts Hacked
2013-12-29	Russ McRee	OpenSSL suffers apparent defacement
2013-12-21	Guy Bruneau	Strange DNS Queries - Request for Packets
2013-12-19	Rob VandenBrink	Target US - Credit Card Data Breach
2013-12-16	Tom Webb	The case of Minerd
2013-12-01	Richard Porter	BPF, PCAP, Binary, hex, why they matter?
2013-11-13	Johannes Ullrich	Packet Challenge for the Hivemind: What's happening with this Ethernet header?
2013-10-26	Guy Bruneau	Active Perl/Shellbot Trojan
2013-10-25	Rob VandenBrink	Kaspersky flags TCPIP.SYS as Malware
2013-10-22	Richard Porter	Greenbone and OpenVAS Scanner
2013-09-05	Rob VandenBrink	Building Your Own GPU Enabled Private Cloud
2013-08-21	Rob VandenBrink	Fibre Channel Reconnaissance - Reloaded
2013-05-20	Guy Bruneau	Safe - Tools, Tactics and Techniques
2013-04-25	Adam Swanger	Guest Diary: Dylan Johnson - A week in the life of some Perimeter Firewalls
2013-03-18	Kevin Shortt	Cisco IOS Type 4 Password Issue: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4
2013-03-13	Johannes Ullrich	IPv6 Focus Month: Kaspersky Firewall IPv6 Vulnerability
2013-02-25	Johannes Ullrich	Trustwave Trustkeeper Phish
2013-02-25	Johannes Ullrich	Punkspider enumerates web application vulnerabilities
2013-02-11	John Bambenek	OpenSSL 1.0.1e Released with Corrected fix for CVE-2013-1069, more here: http://www.openssl.org/
2013-02-04	Adam Swanger	SAN Securing The Human Monthly Awareness Video - Advanced Persistent Threat (APT) http://www.securingthehuman.org/resources/ncsam
2013-01-15	Rob VandenBrink	When Disabling IE6 (or Java, or whatever) is not an Option...
2012-12-06	Johannes Ullrich	How to identify if you are behind a "Transparent Proxy"
2012-12-04	Johannes Ullrich	Where do your backup tapes go to die?
2012-11-14	Jim Clausing	Skype account hijack vulnerability fixed
2012-09-19	Russ McRee	Script kiddie scavenging with Shellbot.S
2012-08-17	Guy Bruneau	Suspicious eFax Spear Phishing Messages
2012-08-02	Guy Bruneau	Opera Security Update
2012-07-21	Rick Wanner	OpenDNS is looking for a few good malware people!
2012-05-06	Jim Clausing	Tool updates and Win 8
2012-05-01	Rob VandenBrink	Are Open SSIDs in decline?
2012-04-24	Russ McRee	OpenSSL reissues fix for ASN1 BIO vulnerability
2012-04-19	Kevin Shortt	OpenSSL Security Advisory - CVE-2012-2110
2012-03-27	Guy Bruneau	Opera 11.62 for Windows patch several bugs and vulnerabilities - http://www.opera.com/docs/changelogs/windows/1162/
2012-03-12	Guy Bruneau	OpenSSL Security Update
2012-01-13	Guy Bruneau	Strange DNS Queries - Request Packets/Logs
2012-01-07	Scott Fendley	Updated OpenDLP
2011-11-07	Rob VandenBrink	Stuff I Learned Scripting - Evaluating a Remote SSL Certificate
2011-11-07	Rob VandenBrink	Juniper BGP issues causing locallized Internet Problems
2011-11-04	Guy Bruneau	Duqu Mitigation
2011-10-26	Rick Wanner	Critical Control 17:Penetration Tests and Red Team Exercises
2011-08-26	Daniel Wesemann	User Agent 007
2011-07-19	Richard Porter	SMS Phishing at the SANSFire 2011 Handler Dinner
2011-06-28	Johannes Ullrich	Update: Opera 11.50 is now available http://www.opera.com/
2011-06-04	Rick Wanner	Do you have a personal disaster recovery plan?
2011-05-31	Johannes Ullrich	Skype EasyBits Add-on
2011-05-09	Rick Wanner	Serious flaw in OpenID
2011-05-09	Rick Wanner	VUPEN Security pwns Google Chrome
2011-05-06	Richard Porter	Unpatched Exploit: Skype for MAC
2011-04-18	John Bambenek	Wordpress.com Security Breach
2011-03-16	Johannes Ullrich	Analyzing HTTP Packet Captures
2011-02-21	Adrien de Beaupre	Kaspersky update servers unreachable
2011-02-19	Guy Bruneau	Snort Data Acquisition Library
2011-02-05	Guy Bruneau	OpenSSH Legacy Certificate Information Disclosure Vulnerability
2011-01-28	Guy Bruneau	OpenOffice Security Fixes
2011-01-27	Chris Carboni	Opera Updates
2011-01-12	Richard Porter	How Many Loyalty Cards do you Carry?
2010-12-30	Rick Wanner	Obvious Lessons from the Skype outage
2010-12-15	Johannes Ullrich	OpenBSD IPSec "Backdoor"
2010-11-19	Jason Lam	Exchanging and sharing of assessment results
2010-11-16	Guy Bruneau	OpenSSL TLS Extension Parsing Race Condition
2010-11-08	Manuel Humberto Santander Pelaez	Network Security Perimeter: How to choose the correct firewall and IPS for your environment?
2010-10-22	Manuel Humberto Santander Pelaez	Intypedia project
2010-10-12	Adrien de Beaupre	New version of Opera- Opera 10.63 is a recommended upgrade offering security and stability enhancements: http://www.opera.com/browser/download/
2010-09-16	Johannes Ullrich	OpenX Ad-Server Vulnerability
2010-09-09	Jim Clausing	Opera 10.62 - security (the DLL path issue) and stability upate see http://www.opera.com/docs/changelogs/windows/1062/
2010-08-23	Manuel Humberto Santander Pelaez	Firefox plugins to perform penetration testing activities
2010-08-19	Daniel Wesemann	Casper the unfriendly ghost
2010-08-16	Raul Siles	Blind Elephant: A New Web Application Fingerprinting Tool
2010-08-15	Manuel Humberto Santander Pelaez	Opensolaris project cancelled, replaced by Solaris 11 express
2010-08-05	Manuel Humberto Santander Pelaez	Adobe Acrobat Font Parsing Integer Overflow Vulnerability
2010-07-24	Manuel Humberto Santander Pelaez	Types of diary: One liners vs full diary
2010-06-23	Scott Fendley	Opera Browser Update
2010-06-06	Manuel Humberto Santander Pelaez	Nice OS X exploit tutorial
2010-06-05	Guy Bruneau	OpenOffice.org 3.2.1 Fixes Bugs and Vulnerabilities
2010-06-02	Mark Hofman	OpenSSL version 1.0.0a released. This fixes a number of security issues. Don't forget a number of commercial appliances will be using this, so look for vendor updates soon.
2010-05-22	Rick Wanner	SANS 2010 Digital Forensics Summit - APT Based Forensic Challenge
2010-04-25	Raul Siles	Manual Verification of SSL/TLS Certificate Trust Chains using Openssl
2010-04-13	Adrien de Beaupre	Web App Testing Tools
2010-03-29	Adrien de Beaupre	OpenSSL V 1.0.0 released!
2010-03-24	Kyle Haugsness	Wikipedia outage
2010-03-22	Guy Bruneau	New Opera 10.51 available with security fixes. More information available at: http://www.opera.com/docs/changelogs/windows/1051/
2010-03-11	donald smith	Cert write up on Skype IMBot Logic and Functionality.
2010-03-05	Kyle Haugsness	Unpatched Opera 10.50 and below code execution vulnerability
2010-02-26	Rick Wanner	OpenSSL 0.9.8m released.
2010-02-22	Rob VandenBrink	Multiple Security Updates for OpenOffice ==> http://www.openoffice.org/security/bulletin.html
2010-02-22	Rob VandenBrink	New Risks in Penetration Testing
2010-02-01	Rob VandenBrink	NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?
2010-01-27	Raul Siles	European Union Security Challenge (Campus Party 2010)
2010-01-19	Jim Clausing	Apple Security Update 2010-001
2009-11-17	Guy Bruneau	OpenVPN Fixed OpenSSL Session Renegotiation Issue
2009-11-06	Andre Ludwig	New version of OpenSSL released - OpenSSL 0.9.8l
2009-10-26	Johannes Ullrich	Today: ISC Login bugfix day. If you have issues logging in using OpenID, please email a copy of your OpenID URL to jullrich\at\sans.edu
2009-10-02	Stephen Hall	New version of OpenSSH released
2009-09-01	Guy Bruneau	Opera 10 with Security Fixes
2009-07-27	Raul Siles	New Hacker Challenge: Prison Break - Breaking, Entering & Decoding
2009-07-09	Bojan Zdrnja	OpenSSH 0day FUD
2009-07-07	Marcus Sachs	OpenSSH Rumors
2009-07-03	Adrien de Beaupre	Happy 4th of July!
2009-05-31	Tony Carothers	L0phtcrack is Back!
2009-05-25	Jim Clausing	More tools for (US) Memorial Day
2009-05-01	Adrien de Beaupre	OpenBSD 4.5
2009-04-26	Johannes Ullrich	Odd DNS Resolution for Google via OpenDNS
2009-04-21	Bojan Zdrnja	Web application vulnerabilities
2009-04-07	Johannes Ullrich	Common Apache Misconception
2009-03-03	Kyle Haugsness	Opera browser security updates
2009-03-01	Jim Clausing	Cool combination of tools
2009-01-08	Kyle Haugsness	BIND OpenSSL follow-up
2008-12-17	donald smith	Opera 9.6.3 released with security fixes
2008-11-05	donald smith	If you missed President Elect Obamas speech have some malware instead
2008-10-31	Rick Wanner	Sprint-Cogent Peering Issue
2008-10-30	Kevin Liston	Opera 9.62 available - security update
2008-10-22	Mari Nichols	Opera 9.6.1 Released
2008-10-07	Kyle Haugsness	Cogent peering problems
2008-09-20	Rick Wanner	New (to me) nmap Features
2008-08-20	Adrien de Beaupre	From the mailbag, Opera 9.52...
2008-07-11	Jim Clausing	Handling the load
2008-07-03	Bojan Zdrnja	New Opera v9.51 fixes couple of security issues
2008-07-02	Jim Clausing	Another little script I threw together
2008-06-16	Kevin Liston	Opera 9.5 is Available
2008-06-10	Swa Frantzen	Ransomware keybreaking
2008-06-09	Scott Fendley	So Where Are Those OpenSSH Key-based Attacks?
2008-05-16	Daniel Wesemann	INFOcon back to green
2008-05-15	Bojan Zdrnja	Debian and Ubuntu users: fix your keys/certificates NOW
2008-05-15	Bojan Zdrnja	INFOCon yellow: update your Debian generated keys/certs ASAP
2008-05-13	Swa Frantzen	OpenSSH: Predictable PRNG in debian and ubuntu Linux
2008-04-23	Mari Nichols	What's New, Old and Morphing?
2008-04-14	John Bambenek	A Federal Subpoena or Just Some More Spam & Malware?
2008-04-03	Bojan Zdrnja	Opera fixes vulnerabilities and Microsoft announces April's fixes
2006-12-18	Toby Kohlenberg	Skype worm
2006-11-29	Toby Kohlenberg	New Vulnerability Announcement and patches from Apple
2006-09-13	Swa Frantzen	PHP - shared hosters, take note.