Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC Diaries by Keyword


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
DateAuthorTitle

TRAFFIC ANALYSIS

2013-03-09Guy BruneauIPv6 Focus Month: IPv6 Encapsulation - Protocol 41

TRAFFIC

2015-03-16/a>Johannes UllrichAutomatically Documenting Network Connections From New Devices Connected to Home Networks
2013-12-02/a>Richard PorterReports of higher than normal SSH Attacks
2013-03-09/a>Guy BruneauIPv6 Focus Month: IPv6 Encapsulation - Protocol 41
2013-02-03/a>Lorna HutchesonIs it Really an Attack?
2012-08-30/a>Bojan ZdrnjaAnalyzing outgoing network traffic (part 2)
2012-08-23/a>Bojan ZdrnjaAnalyzing outgoing network traffic
2011-01-15/a>Jim ClausingWhat's up with port 8881?
2009-01-21/a>Raul SilesTraffic increase for port UDP/8247

ANALYSIS

2015-05-03/a>Russ McReeVolDiff, for memory image differential analysis
2014-07-05/a>Guy BruneauMalware Analysis with pedump
2014-04-21/a>Daniel WesemannFinding the bleeders
2014-03-13/a>Daniel WesemannWeb server logs containing RS=^ ?
2014-01-14/a>Chris MohanSpamming and scanning botnets - is there something I can do to block them from my site?
2013-10-28/a>Daniel WesemannExploit cocktail (Struts, Java, Windows) going after 3-month old vulnerabilities
2013-06-18/a>Russ McReeVolatility rules...any questions?
2013-05-11/a>Lenny ZeltserExtracting Digital Signatures from Signed Malware
2013-03-09/a>Guy BruneauIPv6 Focus Month: IPv6 Encapsulation - Protocol 41
2013-02-03/a>Lorna HutchesonIs it Really an Attack?
2013-01-08/a>Jim ClausingCuckoo 0.5 is out and the world didn't end
2012-12-02/a>Guy BruneauCollecting Logs from Security Devices at Home
2012-09-19/a>Kevin ListonVolatility: 2.2 is Coming Soon
2012-09-14/a>Lenny ZeltserAnalyzing Malicious RTF Files Using OfficeMalScanner's RTFScan
2012-06-21/a>Russ McReeAnalysis of drive-by attack sample set
2012-06-04/a>Lenny ZeltserDecoding Common XOR Obfuscation in Malicious Code
2012-05-23/a>Mark BaggettIP Fragmentation Attacks
2012-03-03/a>Jim ClausingNew automated sandbox for Android malware
2012-02-07/a>Jim ClausingBook Review: Practical Packet Analysis, 2nd ed
2011-05-20/a>Guy BruneauSysinternals Updates, Analyzing Stuxnet Infection with Sysinternals Tools Part 3
2011-04-14/a>Adrien de BeaupreSysinternals updates, a new blog post, and webcast
2011-02-01/a>Lenny ZeltserThe Importance of HTTP Headers When Investigating Malicious Sites
2010-08-09/a>Jim ClausingFree/inexpensive tools for monitoring systems/networks
2010-07-21/a>Adrien de Beaupreautorun.inf and .lnk Malware (NOT 'Vulnerability in Windows Shell Could Allow Remote Code Execution' 2286198)
2010-05-26/a>Bojan ZdrnjaMalware modularization and AV detection evasion
2010-04-11/a>Marcus SachsNetwork and process forensics toolset
2010-03-26/a>Daniel WesemannGetting the EXE out of the RTF again
2010-02-13/a>Lorna HutchesonNetwork Traffic Analysis in Reverse
2010-01-14/a>Bojan ZdrnjaPDF Babushka
2010-01-07/a>Daniel WesemannStatic analysis of malicious PDFs
2010-01-07/a>Daniel WesemannStatic analysis of malicous PDFs (Part #2)
2009-11-25/a>Jim ClausingUpdates to my GREM Gold scripts and a new script
2009-11-03/a>Bojan ZdrnjaOpachki, from (and to) Russia with love
2009-09-25/a>Lenny ZeltserCategories of Common Malware Traits
2009-07-26/a>Jim ClausingNew Volatility plugins
2009-07-02/a>Daniel WesemannGetting the EXE out of the RTF
2009-04-15/a>Marcus Sachs2009 Data Breach Investigation Report
2009-03-13/a>Bojan ZdrnjaWhen web application security, Microsoft and the AV vendors all fail
2009-02-10/a>Bojan ZdrnjaMore tricks from Conficker and VM detection
2009-02-09/a>Bojan ZdrnjaSome tricks from Conficker's bag
2009-01-18/a>Daniel Wesemann3322. org
2009-01-15/a>Bojan ZdrnjaConficker's autorun and social engineering
2009-01-07/a>Bojan ZdrnjaAn Israeli patriot program or a trojan
2009-01-02/a>Rick WannerTools on my Christmas list.
2008-12-13/a>Jim ClausingFollowup from last shift and some research to do.
2008-11-17/a>Marcus SachsNew Tool: NetWitness Investigator
2008-11-17/a>Jim ClausingFinding stealth injected DLLs
2008-09-03/a>Daniel WesemannStatic analysis of Shellcode - Part 2
2008-07-07/a>Pedro BuenoBad url classification
2006-10-02/a>Jim ClausingReader's tip of the day: ratios vs. raw counts
2006-09-18/a>Jim ClausingLog analysis follow up
2006-09-09/a>Jim ClausingLog Analysis tips?
2006-09-09/a>Jim ClausingA few preliminary log analysis thoughts