Internet Storm Center
Sign In
Sign Up
Handler on Duty:
Didier Stevens
Threat Level:
green
Date
Author
Title
RUN BOOK
2009-03-20
Stephen Hall
Making the most of your runbooks
RUN
2024-02-25/a>
Guy Bruneau
Utilizing the VirusTotal API to Query Files Uploaded to DShield Honeypot [Guest Diary]
2023-06-09/a>
Xavier Mertens
Undetected PowerShell Backdoor Disguised as a Profile File
2021-05-18/a>
Xavier Mertens
From RunDLL32 to JavaScript then PowerShell
2021-01-21/a>
Xavier Mertens
Powershell Dropping a REvil Ransomware
2020-03-13/a>
Rob VandenBrink
Not all Ethernet NICs are Created Equal - Trying to Capture Invalid Ethernet Frames
2015-07-17/a>
Didier Stevens
Autoruns and VirusTotal
2015-02-10/a>
Mark Baggett
Detecting Mimikatz Use On Your Network
2014-01-10/a>
Basil Alawi S.Taher
Windows Autorun-3
2013-06-21/a>
Guy Bruneau
Sysinternals Updates for Autoruns, Strings & ZoomIt http://blogs.technet.com/b/sysinternals/archive/2013/06/20/updates-autoruns-v11-61-strings-v2-52-zoomit-v4-5.aspx
2012-01-13/a>
Guy Bruneau
Sysinternals Updates - http://blogs.technet.com/b/sysinternals/archive/2012/01/13/updates-autoruns-v11-21-coreinfo-v3-03-portmon-v-3-03-process-explorer-v15-12-mark-s-blog-and-mark-at-rsa-2012.aspx
2009-10-02/a>
Stephen Hall
New SysInternal fun for the weekend
2009-05-11/a>
Mari Nichols
Sysinternals Updates 3 Applications
2009-03-20/a>
Stephen Hall
Making the most of your runbooks
2009-02-25/a>
donald smith
AutoRun disabling patch released
2009-01-15/a>
Bojan Zdrnja
Conficker's autorun and social engineering
2008-12-25/a>
Maarten Van Horenbeeck
Merry Christmas, and beware of digital hitchhikers!
BOOK
2024-05-27/a>
Jan Kopriva
Files with TXZ extension used as malspam attachments
2024-01-25/a>
Xavier Mertens
Facebook AdsManager Targeted by a Python Infostealer
2024-01-16/a>
Johannes Ullrich
Scans for Ivanti Connect "Secure" VPN Vulnerability (CVE-2023-46805, CVE-2024-21887)
2023-07-12/a>
Brad Duncan
Loader activity for Formbook "QM18"
2023-06-17/a>
Brad Duncan
Formbook from Possible ModiLoader (DBatLoader)
2023-05-15/a>
Jan Kopriva
Ongoing Facebook phishing campaign without a sender and (almost) without links
2022-10-22/a>
Didier Stevens
rtfdump's Find Option
2022-07-28/a>
Johannes Ullrich
Exfiltrating Data With Bookmarks
2021-11-19/a>
Xavier Mertens
Downloader Disguised as Excel Add-In (XLL)
2021-10-04/a>
Johannes Ullrich
Facebook Outage: Yes, its DNS (sort of). A super quick analysis of what is going on.
2020-11-19/a>
Xavier Mertens
PowerShell Dropper Delivering Formbook
2020-07-10/a>
Brad Duncan
Excel spreasheet macro kicks off Formbook infection
2019-11-06/a>
Brad Duncan
More malspam pushing Formbook
2018-06-16/a>
Russ McRee
Anomaly Detection & Threat Hunting with Anomalize
2017-10-03/a>
Brad Duncan
Malspam pushing Formbook info stealer
2014-08-20/a>
Kevin Shortt
Social Engineering Alive and Well
2014-05-22/a>
Rob VandenBrink
Another Site Breached - Time to Change your Passwords! (If you can that is)
2014-01-24/a>
Chris Mohan
Phishing via Social Media
2013-12-11/a>
Johannes Ullrich
Facebook Phishing and Malware via Tumblr Redirects
2013-11-10/a>
Rick Wanner
Microsoft and Facebook announce bug bounty
2013-06-22/a>
Guy Bruneau
Facebook Reports a Potential Leak of User Data
2013-02-25/a>
Johannes Ullrich
Mass-Customized Malware Lures: Don't trust your cat!
2012-10-10/a>
Kevin Shortt
Facebook Scam Spam
2012-02-07/a>
Jim Clausing
Book Review: Practical Packet Analysis, 2nd ed
2011-07-30/a>
Deborah Hale
Links on your Facebook Wall
2011-06-30/a>
Guy Bruneau
Symantec Report - Spam Surge against Social Networks
2011-06-27/a>
Kevin Shortt
Phishy Spam
2011-05-22/a>
Kevin Shortt
Facebook goes two-factor
2011-05-12/a>
Chris Mohan
Reports of another javascript-based spam scam doing the rounds in Facebook
2011-05-10/a>
Swa Frantzen
Time to change your facebook password?
2011-05-03/a>
Johannes Ullrich
Update on Osama Bin Laden themed Malware
2011-01-16/a>
Tony Carothers
Facebook User Data Call for 3rd Party Apps
2011-01-10/a>
Manuel Humberto Santander Pelaez
Facebook virus spreads via photo album chat messages
2010-12-07/a>
Kevin Shortt
You got a sec?
2010-11-22/a>
Lenny Zeltser
Brand Impersonations On-Line: Brandjacking and Social Networks
2010-09-16/a>
Johannes Ullrich
Facebook "Like Pages"
2010-09-04/a>
Kevin Liston
What's not to Like about "Like?"
2010-06-14/a>
Manuel Humberto Santander Pelaez
Rogue facebook application acting like a worm
2010-06-02/a>
Bojan Zdrnja
Clickjacking attacks on Facebook's Like plugin
2010-05-25/a>
donald smith
Face book “joke” leads to firing.
2010-04-29/a>
Bojan Zdrnja
Who needs exploits when you have social engineering?
2010-01-27/a>
Raul Siles
Active SEO poisoning attacks for hot topics
2009-12-09/a>
Swa Frantzen
Facebook announces privacy improvements
2009-06-16/a>
John Bambenek
URL Shortening Service Cligs Hacked
2009-05-24/a>
Raul Siles
Facebook phising using Belgium (.be) domains
2009-05-04/a>
Tom Liston
Facebook phishing malware
2009-03-20/a>
Stephen Hall
Making the most of your runbooks
2009-01-04/a>
Rick Wanner
Twitter/Facebook Phishing Attempt
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Contact Us
Contact Us
About Us
Handlers
About Us
Slack Channel
Mastodon
Bluesky
X
Learn
about the Internet Storm Center
and our
volunteer InfoSec handlers