Internet Storm Center
Sign In
Sign Up
Participate: Learn more about our honeypot network
https://isc.sans.edu/tools/honeypot/
Handler on Duty:
Didier Stevens
Threat Level:
green
Date
Author
Title
2022-11-04
Xavier Mertens
Remcos Downloader with Unicode Obfuscation
2022-08-11
Xavier Mertens
InfoStealer Script Based on Curl and NSudo
2022-06-16
Xavier Mertens
Houdini is Back Delivered Through a JavaScript Dropper
2022-06-01
Jan Kopriva
HTML phishing attachments - now with anti-analysis features
2022-05-09
Xavier Mertens
Octopus Backdoor is Back with a New Embedded Obfuscated Bat File
2022-01-18
Jan Kopriva
Phishing e-mail with...an advertisement?
2022-01-04
Xavier Mertens
A Simple Batch File That Blocks People
2021-11-18
Xavier Mertens
JavaScript Downloader Delivers Agent Tesla Trojan
2021-10-21
Brad Duncan
"Stolen Images Evidence" campaign pushes Sliver-based malware
2021-09-17
Xavier Mertens
Malicious Calendar Subscriptions Are Back?
2021-05-28
Xavier Mertens
Malicious PowerShell Hosted on script.google.com
2021-05-22
Xavier Mertens
"Serverless" Phishing Campaign
2021-05-18
Xavier Mertens
From RunDLL32 to JavaScript then PowerShell
2021-04-28
Xavier Mertens
Deeper Analyzis of my Last Malicious PowerPoint Add-On
2021-03-19
Xavier Mertens
Pastebin.com Used As a Simple C2 Channel
2020-11-13
Xavier Mertens
Old Worm But New Obfuscation Technique
2020-11-09
Xavier Mertens
How Attackers Brush Up Their Malicious Scripts
2020-07-24
Xavier Mertens
Compromized Desktop Applications by Web Technologies
2020-06-11
Xavier Mertens
Anti-Debugging JavaScript Techniques
2020-06-08
Didier Stevens
Translating BASE64 Obfuscated Scripts
2020-05-08
Xavier Mertens
Using Nmap As a Lightweight Vulnerability Scanner
2020-03-27
Xavier Mertens
Malicious JavaScript Dropping Payload in the Registry
2020-02-22
Xavier Mertens
Simple but Efficient VBScript Obfuscation
2020-02-07
Xavier Mertens
Sandbox Detection Tricks & Nice Obfuscation in a Single VBScript
2019-09-26
Rob VandenBrink
Mining MAC Address and OUI Information
2019-08-30
Xavier Mertens
Malware Dropping a Local Node.js Instance
2019-08-22
Xavier Mertens
Simple Mimikatz & RDPWrapper Dropper
2019-08-09
Xavier Mertens
100% JavaScript Phishing Page
2019-06-10
Xavier Mertens
Interesting JavaScript Obfuscation Example
2019-02-21
Xavier Mertens
Simple Powershell Keyloggers are Back
2019-02-07
Xavier Mertens
Phishing Kit with JavaScript Keylogger
2018-07-13
Xavier Mertens
Cryptominer Delivered Though Compromized JavaScript File
2018-06-19
Xavier Mertens
PowerShell: ScriptBlock Logging... Or Not?
2018-06-18
Xavier Mertens
Malicious JavaScript Targeting Mobile Browsers
2018-05-01
Xavier Mertens
Diving into a Simple Maldoc Generator
2017-07-08
Xavier Mertens
A VBScript with Obfuscated Base64 Data
2017-06-22
Xavier Mertens
Obfuscating without XOR
2017-03-24
Xavier Mertens
Nicely Obfuscated JavaScript Sample
2017-03-04
Xavier Mertens
How your pictures may affect your website reputation
2017-02-12
Xavier Mertens
Analysis of a Suspicious Piece of JavaScript
2017-02-02
Rick Wanner
Multiple vulnerabilities discovered in popular printer models
2016-12-13
Xavier Mertens
UAC Bypass in JScript Dropper
2016-08-28
Guy Bruneau
Spam with Obfuscated Javascript
2016-06-18
Rob VandenBrink
Controlling JavaScript Malware Before it Runs
2016-02-20
Didier Stevens
Locky: JavaScript Deobfuscation
2016-02-07
Xavier Mertens
More Malicious JavaScript Obfuscation
2016-01-15
Xavier Mertens
JavaScript Deobfuscation Tool
2015-08-07
Tony Carothers
Critical Firefox Update Today
2015-03-12
Johannes Ullrich
Who got the bad SSL Certificate? Using tshark to analyze the SSL handshake.
2014-08-29
Johannes Ullrich
False Positive or Not? Difficult to Analyze Javascript
2014-08-12
Adrien de Beaupre
Host discovery with nmap
2014-07-02
Johannes Ullrich
Simple Javascript Extortion Scheme Advertised via Bing
2014-01-17
Russ McRee
Massive RFI scans likely a free web app vuln scanner rather than bots
2013-11-04
Manuel Humberto Santander Pelaez
When attackers use your DNS to check for the sites you are visiting
2013-08-07
Johannes Ullrich
Firefox 23 and Mixed Active Content
2013-07-20
Manuel Humberto Santander Pelaez
Do you have rogue Internet gateways in your network? Check it with nmap
2013-07-01
Manuel Humberto Santander Pelaez
Using nmap scripts to enhance vulnerability asessment results
2013-04-23
Russ McRee
Microsoft's Security Intelligence Report (SIRv14) released
2013-02-11
John Bambenek
Is This Chinese Registrar Really Trying to XSS Me?
2013-02-08
Kevin Shortt
Is it Spam or Is it Malware?
2013-02-04
Russ McRee
An expose of a recent SANS GIAC XSS vulnerability
2013-01-30
Richard Porter
Getting Involved with the Local Community
2013-01-25
Johannes Ullrich
Vulnerability Scans via Search Engines (Request for Logs)
2012-08-16
Johannes Ullrich
A Poor Man's DNS Anomaly Detection Script
2012-06-25
Guy Bruneau
Using JSDetox to Analyze and Deobfuscate Javascript
2012-05-22
Johannes Ullrich
nmap 6 released
2012-04-25
Daniel Wesemann
Blacole's obfuscated JavaScript
2012-01-22
Johannes Ullrich
Javascript DDoS Tool Analysis
2012-01-12
Rob VandenBrink
Stuff I Learned Scripting - Fun with STDERR
2012-01-03
Bojan Zdrnja
The tale of obfuscated JavaScript continues
2011-12-07
Lenny Zeltser
V8 as an Alternative to SpiderMonkey for JavaScript Deobfuscation
2011-11-10
Rob VandenBrink
Stuff I Learned Scripting - - Parsing XML in a One-Liner
2011-11-07
Rob VandenBrink
Stuff I Learned Scripting - Evaluating a Remote SSL Certificate
2011-08-24
Rob VandenBrink
Citrix Access Gateway Cross Site Scripting vulnerability and fix ==> http://support.citrix.com/article/CTX129971
2011-06-06
Manuel Humberto Santander Pelaez
Phishing: Same goal, same techniques and people still falling for such scams
2011-04-23
Manuel Humberto Santander Pelaez
Image search can lead to malware download
2011-01-24
Rob VandenBrink
Where have all the COM Ports Gone? - How enumerating COM ports led to me finding a “misplaced” Microsoft tool
2010-12-02
Kevin Johnson
Robert Hansen and our happiness
2010-07-29
Rob VandenBrink
NoScript 2.0 released
2010-07-04
Manuel Humberto Santander Pelaez
Malware inside PDF Files
2010-03-05
Kyle Haugsness
Javascript obfuscators used in the wild
2009-05-04
Tom Liston
Adobe Reader/Acrobat Critical Vulnerability
2009-04-07
Bojan Zdrnja
Advanced JavaScript obfuscation (or why signature scanning is a failure)
2009-04-02
Bojan Zdrnja
JavaScript insertion and log deletion attack tools
2009-02-25
Andre Ludwig
Adobe Acrobat pdf 0-day exploit, No JavaScript needed!
2008-07-14
Daniel Wesemann
Obfuscated JavaScript Redux
2008-06-30
Marcus Sachs
More SQL Injection with Fast Flux hosting
2008-05-20
Raul Siles
List of malicious domains inserted through SQL injection
2008-04-29
Bojan Zdrnja
Scripts in ASF files
2008-04-06
Daniel Wesemann
Advanced obfuscated JavaScript analysis
2008-04-03
Bojan Zdrnja
Mixed (VBScript and JavaScript) obfuscation
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Forums
Auditing
Diary Discussions
Forensics
General Discussions
Industry News
Network Security
Penetration Testing
Software Security
Contact Us
Contact Us
About Us
Handlers
Slack Channel
Mastodon
Twitter
Subscribe to the daily podcast via
RSS
or
iTunes