Internet Storm Center
Sign In
Sign Up
Participate: Learn more about our honeypot network
https://isc.sans.edu/tools/honeypot/
Handler on Duty:
Guy Bruneau
Threat Level:
green
Date
Author
Title
WEB SHELL
2013-06-25
Bojan Zdrnja
The race for resources
2009-07-05
Bojan Zdrnja
More on ColdFusion hacks
WEB
2023-02-25/a>
Didier Stevens
Crypto Inside a Browser
2023-02-24/a>
Brad Duncan
URL files and WebDAV used for IcedID (Bokbot) infection
2022-09-21/a>
Xavier Mertens
Phishing Campaigns Use Free Online Resources
2022-08-23/a>
Xavier Mertens
Who's Looking at Your security.txt File?
2022-08-17/a>
Johannes Ullrich
Apple Patches Two Exploited Vulnerabilities
2022-08-01/a>
Johannes Ullrich
A Little DDoS In the Morning
2022-04-05/a>
Johannes Ullrich
WebLogic Crypto Miner Malware Disabling Alibaba Cloud Monitoring Tools
2022-03-11/a>
Xavier Mertens
Keep an Eye on WebSockets
2022-02-07/a>
Johannes Ullrich
web3 phishing via self-customizing landing pages
2021-12-07/a>
Johannes Ullrich
Webshells, Webshells everywhere!
2021-12-01/a>
Xavier Mertens
Info-Stealer Using webhook.site to Exfiltrate Data
2021-10-11/a>
Johannes Ullrich
Things that go "Bump" in the Night: Non HTTP Requests Hitting Web Servers
2021-10-09/a>
Guy Bruneau
Scanning for Previous Oracle WebLogic Vulnerabilities
2021-06-24/a>
Xavier Mertens
Do you Like Cookies? Some are for sale!
2021-04-24/a>
Guy Bruneau
Base64 Hashes Used in Web Scanning
2020-11-07/a>
Guy Bruneau
Cryptojacking Targeting WebLogic TCP/7001
2020-10-29/a>
Johannes Ullrich
PATCH NOW: CVE-2020-14882 Weblogic Actively Exploited Against Honeypots
2020-08-10/a>
Bojan Zdrnja
Scoping web application and web service penetration tests
2020-07-24/a>
Xavier Mertens
Compromized Desktop Applications by Web Technologies
2019-11-22/a>
Xavier Mertens
Abusing Web Filters Misconfiguration for Reconnaissance
2019-09-24/a>
Xavier Mertens
Huge Amount of remotewebaccess.com Sites Found in Certificate Transparency Logs
2019-08-28/a>
Johannes Ullrich
[Guest Diary] Open Redirect: A Small But Very Common Vulnerability
2019-08-01/a>
Johannes Ullrich
What is Listening On Port 9527/TCP?
2019-06-19/a>
Johannes Ullrich
Critical Actively Exploited WebLogic Flaw Patched CVE-2019-2729
2019-04-28/a>
Johannes Ullrich
Update about Weblogic CVE-2019-2725 (Exploits Used in the Wild, Patch Status)
2019-04-25/a>
Rob VandenBrink
Unpatched Vulnerability Alert - WebLogic Zero Day
2019-02-02/a>
Guy Bruneau
Scanning for WebDAV PROPFIND Exploiting CVE-2017-7269
2018-11-17/a>
Xavier Mertens
Quickly Investigating Websites with Lookyloo
2018-07-20/a>
Kevin Liston
Weblogic Exploit Code Made Public (CVE-2018-2893)
2018-05-03/a>
Renato Marinho
WebLogic Exploited in the Wild (Again)
2018-04-30/a>
Remco Verhoef
Another approach to webapplication fingerprinting
2017-09-14/a>
Xavier Mertens
Another webshell, another backdoor!
2017-07-19/a>
Xavier Mertens
Bots Searching for Keys & Config Files
2017-06-01/a>
Xavier Mertens
Sharing Private Data with Webcast Invitations
2017-05-12/a>
Xavier Mertens
When Bad Guys are Pwning Bad Guys...
2017-04-07/a>
Xavier Mertens
Tracking Website Defacers with HTTP Referers
2017-04-02/a>
Guy Bruneau
IPFire - A Household Multipurpose Security Gateway
2017-02-28/a>
Xavier Mertens
Analysis of a Simple PHP Backdoor
2017-01-24/a>
Johannes Ullrich
Critical Vulnerability in Cisco WebEx Chrome Plugin
2017-01-14/a>
Xavier Mertens
Backup Files Are Good but Can Be Evil
2016-07-13/a>
Xavier Mertens
The Power of Web Shells
2016-01-29/a>
Xavier Mertens
Scripting Web Categorization
2015-06-25/a>
Bojan Zdrnja
Web security subtleties and exploitation of combined vulnerabilities
2015-04-23/a>
Bojan Zdrnja
When automation does not help
2015-04-14/a>
Johannes Ullrich
Odd POST Request To Web Honeypot
2014-08-16/a>
Lenny Zeltser
Web Server Attack Investigation - Installing a Bot and Reverse Shell via a PHP Vulnerability
2014-08-09/a>
Adrien de Beaupre
Complete application ownage via Multi-POST XSRF
2014-06-11/a>
Daniel Wesemann
Gimme your keys!
2014-06-10/a>
Daniel Wesemann
Sampling Bias
2014-04-24/a>
Rob VandenBrink
Apple IOS updates to 7.1.1, OSX Security update 2014-002, Airport Updates - http://support.apple.com/kb/HT1222, http://support.apple.com/kb/HT6208, http://support.apple.com/kb/HT6207, http://support.apple.com/kb/HT6203
2014-04-11/a>
Guy Bruneau
Heartbleed Fix Available for Download for Cisco Products
2014-04-07/a>
Johannes Ullrich
Attack or Bad Link? Your Guess?
2014-01-17/a>
Russ McRee
Massive RFI scans likely a free web app vuln scanner rather than bots
2014-01-13/a>
Johannes Ullrich
Special Webcast today: HTML5, Risky Business or Hidden Security Toolchest? https://www.sans.org/webcasts/html5-risky-business-hidden-security-tool-chest-mobile-web-app-authentication-97650
2014-01-11/a>
Guy Bruneau
tcpflow 1.4.4 and some of its most Interesting Features
2013-12-24/a>
Daniel Wesemann
Unfriendly crontab additions
2013-11-02/a>
Rick Wanner
Protecting Your Family's Computers
2013-10-04/a>
Pedro Bueno
CSAM: WebHosting BruteForce logs
2013-09-05/a>
Rob VandenBrink
What's Next for IPS?
2013-07-27/a>
Scott Fendley
Defending Against Web Server Denial of Service Attacks
2013-06-25/a>
Bojan Zdrnja
The race for resources
2013-06-10/a>
Johannes Ullrich
When Google isn't Google
2013-04-08/a>
Johannes Ullrich
Cleaning Up After the Leak: Hiding exposed web content
2013-03-26/a>
Daniel Wesemann
How your Webhosting Account is Getting Abused
2013-02-25/a>
Johannes Ullrich
Punkspider enumerates web application vulnerabilities
2013-02-22/a>
Johannes Ullrich
When web sites go bad: bible . org compromise
2013-01-25/a>
Johannes Ullrich
Vulnerability Scans via Search Engines (Request for Logs)
2012-10-26/a>
Adam Swanger
Securing the Human Special Webcast - October 30, 2012
2012-09-08/a>
Guy Bruneau
Webmin Input Validation Vulnerabilities
2012-08-13/a>
Rick Wanner
Interesting scan for medical certification information...
2012-07-23/a>
Johannes Ullrich
Most Anti-Privacy Web Browsing Tool Ever?
2012-03-11/a>
Johannes Ullrich
An Analysis of Jester's QR Code Attack. (Guest Diary)
2011-12-28/a>
Daniel Wesemann
Hash collisions vulnerability in web servers
2011-11-01/a>
Russ McRee
Secure languages & frameworks
2011-10-12/a>
Adam Swanger
We are experiencing technical issues with the webcast. The webcast will start as soon as these issues are resolved.
2011-08-16/a>
Johannes Ullrich
What are the most dangerous web applications and how to secure them?
2011-07-28/a>
Johannes Ullrich
Announcing: The "404 Project"
2011-07-05/a>
Raul Siles
Helping Developers Understand Security - Spot the Vuln
2011-05-17/a>
Johannes Ullrich
A Couple Days of Logs: Looking for the Russian Business Network
2011-05-14/a>
Guy Bruneau
Websense Study Claims Canada Next Hotbed for Cybercrime Web Hosting Activity
2011-05-11/a>
Swa Frantzen
Time to disable WebGL ?
2011-04-10/a>
Raul Siles
Recent security enhancements in web browsers (e.g. Google Chrome)
2011-04-01/a>
John Bambenek
LizaMoon Mass SQL-Injection Attack Infected at least 500k Websites
2011-02-28/a>
Deborah Hale
Possible Botnet Scanning
2011-02-01/a>
Lenny Zeltser
The Importance of HTTP Headers When Investigating Malicious Sites
2010-12-18/a>
Raul Siles
Google Chrome (Stable and Beta) have been updated to 8.0.552.224 for all platforms (Chrome OS too). http://bit.ly/fW04cr
2010-12-12/a>
Raul Siles
New trend regarding web application vulnerabilities?
2010-12-02/a>
Kevin Johnson
Robert Hansen and our happiness
2010-11-18/a>
Chris Carboni
All of your pages are belonging to us
2010-08-16/a>
Raul Siles
Blind Elephant: A New Web Application Fingerprinting Tool
2010-08-15/a>
Manuel Humberto Santander Pelaez
Python to test web application security
2010-08-13/a>
Tom Liston
The Strange Case of Doctor Jekyll and Mr. ED
2010-07-25/a>
Rick Wanner
Updated version of Mandiant's Web Historian
2010-07-21/a>
Adrien de Beaupre
Update on .LNK vulnerability
2010-07-20/a>
Manuel Humberto Santander Pelaez
LNK vulnerability now with Metasploit module implementing the WebDAV method
2010-06-23/a>
Scott Fendley
Opera Browser Update
2010-06-15/a>
Manuel Humberto Santander Pelaez
iPhone 4 Order Security Breach Exposes Private Information
2010-04-26/a>
Raul Siles
Vulnerable Sites Database
2010-04-13/a>
Adrien de Beaupre
Web App Testing Tools
2010-03-24/a>
Johannes Ullrich
".sys" Directories Delivering Driveby Downloads
2010-03-21/a>
Scott Fendley
Skipfish - Web Application Security Tool
2010-03-08/a>
Raul Siles
Samurai WTF 0.8
2010-02-06/a>
Guy Bruneau
Oracle WebLogic Server Security Alert
2010-02-03/a>
Johannes Ullrich
Anatomy of a Form Spam Campaign (in progress against isc.sans.org right now) https://blogs.sans.org/appsecstreetfighter/
2010-01-29/a>
Johannes Ullrich
Analyzing isc.sans.org weblogs, part 2, RFI attacks
2010-01-25/a>
William Salusky
"Bots and Spiders and Crawlers, be gone!" - or - "New Open Source WebAppSec tools, Huzzah!"
2010-01-20/a>
Johannes Ullrich
Weathering the Storm Part 1: An analysis of our SANS ISC weblogs http://appsecstreetfighter.com
2010-01-08/a>
Rob VandenBrink
Microsoft OfficeOnline, Searching for Trust and Malware
2009-12-28/a>
Johannes Ullrich
8 Basic Rules to Implement Secure File Uploads http://jbu.me/48 (inspired by IIS ; bug)
2009-10-26/a>
Johannes Ullrich
Web honeypot Update
2009-10-20/a>
Raul Siles
WASC 2008 Statistics
2009-10-09/a>
Rob VandenBrink
THAWTE to discontinue free Email Certificate Services and Web of Trust Service
2009-09-18/a>
Jason Lam
Results from Webhoneypot project
2009-09-16/a>
Raul Siles
Review the security controls of your Web Applications... all them!
2009-08-18/a>
Deborah Hale
Website compromises - what's happening?
2009-08-18/a>
Deborah Hale
Domain tcpdump.org unavailable
2009-08-17/a>
Adrien de Beaupre
YAMWD: Yet Another Mass Web Defacement
2009-08-01/a>
Deborah Hale
Website Warnings
2009-07-13/a>
Adrien de Beaupre
Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution
2009-07-05/a>
Bojan Zdrnja
More on ColdFusion hacks
2009-06-11/a>
Jason Lam
Dshield Web Honeypot going beta
2009-05-27/a>
donald smith
WebDAV write-up
2009-05-26/a>
Jason Lam
A new Web application security blog
2009-05-24/a>
Raul Siles
IIS admins, help finding WebDAV remotely using nmap
2009-05-21/a>
Adrien de Beaupre
IIS admins, help finding WebDAV
2009-05-20/a>
Tom Liston
Web Toolz
2009-05-05/a>
Bojan Zdrnja
Every dot matters
2009-04-21/a>
Bojan Zdrnja
Web application vulnerabilities
2009-03-26/a>
Mark Hofman
Webhoneypot fun
2009-02-17/a>
Jason Lam
DShield Web Honeypot - Alpha Preview Release
2009-01-12/a>
William Salusky
Web Application Firewalls (WAF) - Have you deployed WAF technology?
2008-12-01/a>
Jason Lam
Call for volunteers - Web Honeypot Project
2008-11-20/a>
Jason Lam
Large quantity SQL Injection mitigation
2008-09-08/a>
Raul Siles
Quick Analysis of the 2007 Web Application Security Statistics
2008-08-19/a>
Johannes Ullrich
A morning stroll through my web logs
2008-08-15/a>
Jim Clausing
WebEx ActiveX buffer overflow
2008-06-07/a>
Jim Clausing
Followup to 'How do you monitor your website?'
2008-04-24/a>
donald smith
Hundreds of thousands of SQL injections
2006-09-30/a>
Swa Frantzen
Yellow: WebViewFolderIcon setslice exploit spreading
SHELL
2023-03-21/a>
Didier Stevens
String Obfuscation: Character Pair Reversal
2023-03-16/a>
Xavier Mertens
Simple Shellcode Dissection
2023-02-10/a>
Xavier Mertens
Obfuscated Deactivation of Script Block Logging
2023-01-17/a>
Rob VandenBrink
Finding that one GPO Setting in a Pool of Hundreds of GPOs
2023-01-04/a>
Rob VandenBrink
Update to RTRBK - Diff and File Dates in PowerShell
2022-12-28/a>
Rob VandenBrink
Playing with Powershell and JSON (and Amazon and Firewalls)
2022-11-09/a>
Xavier Mertens
Another Script-Based Ransomware
2022-10-31/a>
Rob VandenBrink
NMAP without NMAP - Port Testing and Scanning with PowerShell
2022-10-17/a>
Xavier Mertens
Fileless Powershell Dropper
2022-10-07/a>
Xavier Mertens
Powershell Backdoor with DGA Capability
2022-09-14/a>
Xavier Mertens
Easy Process Injection within Python
2022-07-25/a>
Xavier Mertens
PowerShell Script with Fileless Capability
2022-06-25/a>
Xavier Mertens
Malicious Code Passed to PowerShell via the Clipboard
2022-06-22/a>
Xavier Mertens
Malicious PowerShell Targeting Cryptocurrency Browser Extensions
2022-06-03/a>
Xavier Mertens
Sandbox Evasion... With Just a Filename!
2022-05-12/a>
Rob VandenBrink
When Get-WebRequest Fails You
2022-04-25/a>
Xavier Mertens
Simple PDF Linking to Malicious Content
2022-03-31/a>
Johannes Ullrich
Spring Vulnerability Update - Exploitation Attempts CVE-2022-22965
2022-03-30/a>
Johannes Ullrich
Possible new Java Spring Framework Vulnerability (Updated: not a Spring problem)
2022-03-30/a>
Johannes Ullrich
Java Springtime Confusion: What Vulnerability are We Talking About
2022-03-11/a>
Xavier Mertens
Keep an Eye on WebSockets
2022-02-23/a>
Johannes Ullrich
The Rise and Fall of log4shell
2022-01-22/a>
Xavier Mertens
Mixed VBA & Excel4 Macro In a Targeted Excel Sheet
2022-01-20/a>
Xavier Mertens
RedLine Stealer Delivered Through FTP
2022-01-17/a>
Johannes Ullrich
Log4Shell Attacks Getting "Smarter"
2022-01-06/a>
Xavier Mertens
Malicious Python Script Targeting Chinese People
2021-12-23/a>
Johannes Ullrich
log4shell and cloud provider internal meta data services (IMDS)
2021-12-23/a>
Johannes Ullrich
Defending Cloud IMDS Against log4shell (and more)
2021-12-21/a>
Xavier Mertens
More Undetected PowerShell Dropper
2021-12-15/a>
Xavier Mertens
Simple but Undetected PowerShell Backdoor
2021-12-14/a>
Johannes Ullrich
Log4j: Getting ready for the long haul (CVE-2021-44228)
2021-12-11/a>
Johannes Ullrich
Log4j / Log4Shell Followup: What we see and how to defend (and how to access our data)
2021-12-10/a>
Xavier Mertens
Python Shellcode Injection From JSON Data
2021-12-10/a>
Bojan Zdrnja
RCE in log4j, Log4Shell, or how things can get bad quickly
2021-12-07/a>
Johannes Ullrich
Webshells, Webshells everywhere!
2021-11-15/a>
Rob VandenBrink
Changing your AD Password Using the Clipboard - Not as Easy as You'd Think!
2021-10-18/a>
Xavier Mertens
Malicious PowerShell Using Client Certificate Authentication
2021-10-01/a>
Xavier Mertens
New Tool to Add to Your LOLBAS List: cvtres.exe
2021-08-20/a>
Xavier Mertens
Waiting for the C2 to Show Up
2021-08-09/a>
Jan Kopriva
ProxyShell - how many Exchange servers are affected and where are they?
2021-05-28/a>
Xavier Mertens
Malicious PowerShell Hosted on script.google.com
2021-05-18/a>
Xavier Mertens
From RunDLL32 to JavaScript then PowerShell
2021-05-06/a>
Xavier Mertens
Alternative Ways To Perform Basic Tasks
2021-04-08/a>
Xavier Mertens
Simple Powershell Ransomware Creating a 7Z Archive of your Files
2021-02-12/a>
Xavier Mertens
AgentTesla Dropped Through Automatic Click in Microsoft Help File
2021-02-01/a>
Rob VandenBrink
Taking a Shot at Reverse Shell Attacks, CNC Phone Home and Data Exfil from Servers
2021-01-21/a>
Xavier Mertens
Powershell Dropping a REvil Ransomware
2021-01-18/a>
Didier Stevens
Doc & RTF Malicious Document
2021-01-10/a>
Didier Stevens
Maldoc Analysis With CyberChef
2021-01-09/a>
Didier Stevens
Maldoc Strings Analysis
2020-12-24/a>
Xavier Mertens
Malicious Word Document Delivering an Octopus Backdoor
2020-11-30/a>
Didier Stevens
Decrypting PowerShell Payloads (video)
2020-11-25/a>
Xavier Mertens
Live Patching Windows API Calls Using PowerShell
2020-11-19/a>
Xavier Mertens
PowerShell Dropper Delivering Formbook
2020-11-05/a>
Xavier Mertens
Did You Spot "Invoke-Expression"?
2020-09-24/a>
Xavier Mertens
Party in Ibiza with PowerShell
2020-09-23/a>
Xavier Mertens
Malicious Word Document with Dynamic Content
2020-09-11/a>
Rob VandenBrink
What's in Your Clipboard? Pillaging and Protecting the Clipboard
2020-09-02/a>
Xavier Mertens
Python and Risky Windows API Calls
2020-08-28/a>
Xavier Mertens
Example of Malicious DLL Injected in PowerShell
2020-08-20/a>
Rob VandenBrink
Office 365 Mail Forwarding Rules (and other Mail Rules too)
2020-08-06/a>
Xavier Mertens
A Fork of the FTCode Powershell Ransomware
2020-08-03/a>
Xavier Mertens
Powershell Bot with Multiple C2 Protocols
2020-07-27/a>
Didier Stevens
Analyzing Metasploit ASP .NET Payloads
2020-07-19/a>
Guy Bruneau
Scanning Activity for ZeroShell Unauthenticated Access
2020-06-12/a>
Xavier Mertens
Malicious Excel Delivering Fileless Payload
2020-05-15/a>
Rob VandenBrink
Hashes in PowerShell
2020-05-15/a>
Rob VandenBrink
SHA3 Hashes (on Windows) - Where Art Thou?
2020-04-27/a>
Xavier Mertens
Powershell Payload Stored in a PSCredential Object
2020-04-24/a>
Xavier Mertens
Malicious Excel With a Strong Obfuscation and Sandbox Evasion
2020-04-17/a>
Xavier Mertens
Weaponized RTF Document Generator & Mailer in PowerShell
2020-04-10/a>
Xavier Mertens
PowerShell Sample Extracting Payload From SSL
2020-02-28/a>
Xavier Mertens
Show me Your Clipboard Data!
2020-01-23/a>
Xavier Mertens
Complex Obfuscation VS Simple Trick
2019-12-26/a>
Xavier Mertens
Bypassing UAC to Install a Cryptominer
2019-12-09/a>
Didier Stevens
(Lazy) Sunday Maldoc Analysis
2019-10-27/a>
Didier Stevens
Using scdbg to Find Shellcode
2019-10-25/a>
Rob VandenBrink
More on DNS Archeology (with PowerShell)
2019-09-17/a>
Rob VandenBrink
Investigating Gaps in your Windows Event Logs
2019-07-28/a>
Didier Stevens
Video: Analyzing Compressed PowerShell Scripts
2019-07-11/a>
Xavier Mertens
Russian Dolls Malicious Script Delivering Ursnif
2019-07-10/a>
Rob VandenBrink
Dumping File Contents in Hex (in PowerShell)
2019-06-28/a>
Rob VandenBrink
Verifying Running Processes against VirusTotal - Domain-Wide
2019-06-27/a>
Rob VandenBrink
Finding the Gold in a Pile of Pennies - Long Tail Analysis in PowerShell
2019-06-21/a>
Rob VandenBrink
Netstat Local and Remote -new and improved, now with more PowerShell!
2019-06-03/a>
Didier Stevens
Tip: BASE64 Encoded PowerShell Scripts are Recognizable by the Amount of Letter As
2019-05-31/a>
Didier Stevens
Retrieving Second Stage Payload with Ncat
2019-05-30/a>
Didier Stevens
Analyzing First Stage Shellcode
2019-05-28/a>
Didier Stevens
Office Document & BASE64? PowerShell!
2019-04-25/a>
Rob VandenBrink
Service Accounts Redux - Collecting Service Accounts with PowerShell
2019-04-24/a>
Rob VandenBrink
Where have all the Domain Admins gone? Rooting out Unwanted Domain Administrators
2019-04-04/a>
Xavier Mertens
New Waves of Scans Detected by an Old Rule
2019-03-30/a>
Didier Stevens
"404" is not Malware
2019-03-20/a>
Rob VandenBrink
Using AD to find hosts that aren't in AD - fun with the [IPAddress] construct!
2019-03-10/a>
Didier Stevens
Malicious HTA Analysis by a Reader
2019-03-10/a>
Didier Stevens
Quick and Dirty Malicious HTA Analysis
2019-03-05/a>
Rob VandenBrink
Powershell, Active Directory and the Windows Host Firewall
2019-02-21/a>
Xavier Mertens
Simple Powershell Keyloggers are Back
2019-02-17/a>
Didier Stevens
Video: Finding Property Values in Office Documents
2019-02-16/a>
Didier Stevens
Finding Property Values in Office Documents
2019-02-10/a>
Didier Stevens
Video: Maldoc Analysis of the Weekend
2019-02-09/a>
Didier Stevens
Maldoc Analysis of the Weekend
2019-01-24/a>
Brad Duncan
Malspam with Word docs uses macro to run Powershell script and steal system data
2019-01-14/a>
Rob VandenBrink
Microsoft LAPS - Blue Team / Red Team
2019-01-02/a>
Didier Stevens
Maldoc with Nonfunctional Shellcode
2019-01-02/a>
Xavier Mertens
Malicious Script Leaking Data via FTP
2018-12-19/a>
Xavier Mertens
Restricting PowerShell Capabilities with NetSh
2018-12-15/a>
Didier Stevens
De-DOSfuscation Example
2018-12-12/a>
Didier Stevens
Yet Another DOSfuscation Sample
2018-12-03/a>
Didier Stevens
Word maldoc: yet another place to hide a command
2018-11-27/a>
Xavier Mertens
More obfuscated shell scripts: Fake MacOS Flash update
2018-11-26/a>
Xavier Mertens
Obfuscated bash script targeting QNap boxes
2018-11-22/a>
Xavier Mertens
Divided Payload in Multiple Pasties
2018-11-16/a>
Xavier Mertens
Basic Obfuscation With Permissive Languages
2018-11-06/a>
Xavier Mertens
Malicious Powershell Script Dissection
2018-10-26/a>
Xavier Mertens
Dissecting Malicious Office Documents with Linux
2018-10-22/a>
Xavier Mertens
Malicious Powershell using a Decoy Picture
2018-09-30/a>
Didier Stevens
When DOSfuscation Helps...
2018-09-24/a>
Didier Stevens
Analyzing Encoded Shellcode with scdbg
2018-09-08/a>
Didier Stevens
Video: Using scdbg to analyze shellcode
2018-09-05/a>
Xavier Mertens
Malicious PowerShell Compiling C# Code on the Fly
2018-09-03/a>
Didier Stevens
Another quickie: Using scdbg to analyze shellcode
2018-08-31/a>
Jim Clausing
Quickie: Using radare2 to disassemble shellcode
2018-07-30/a>
Didier Stevens
Malicious Word documents using DOSfuscation
2018-07-26/a>
Xavier Mertens
Windows Batch File Deobfuscation
2018-06-19/a>
Xavier Mertens
PowerShell: ScriptBlock Logging... Or Not?
2018-06-04/a>
Rob VandenBrink
Digging into Authenticode Certificates
2018-05-19/a>
Xavier Mertens
Malicious Powershell Targeting UK Bank Customers
2018-05-09/a>
Xavier Mertens
Nice Phishing Sample Delivering Trickbot
2018-05-06/a>
Guy Bruneau
Scans Attempting to use PowerShell to Download PHP Script
2018-03-04/a>
Xavier Mertens
The Crypto Miners Fight For CPU Cycles
2017-11-29/a>
Xavier Mertens
Fileless Malicious PowerShell Sample
2017-11-15/a>
Xavier Mertens
If you want something done right, do it yourself!
2017-11-11/a>
Xavier Mertens
Keep An Eye on your Root Certificates
2017-10-31/a>
Xavier Mertens
Some Powershell Malicious Code
2017-09-14/a>
Xavier Mertens
Another webshell, another backdoor!
2017-09-11/a>
Russ McRee
Windows Auditing with WINspect
2017-08-23/a>
Xavier Mertens
Malicious script dropping an executable signed by Avast?
2017-08-20/a>
Didier Stevens
It's Not An Invoice ...
2017-08-01/a>
Rob VandenBrink
Rooting Out Hosts that Support Older Samba Versions
2017-05-12/a>
Xavier Mertens
When Bad Guys are Pwning Bad Guys...
2017-05-03/a>
Bojan Zdrnja
Powershelling with exploits
2017-03-30/a>
Xavier Mertens
Diverting built-in features for the bad
2017-02-28/a>
Xavier Mertens
Analysis of a Simple PHP Backdoor
2017-02-17/a>
Rob VandenBrink
RTRBK - Router / Switch / Firewall Backups in PowerShell (tool drop)
2016-12-02/a>
Rob VandenBrink
Protecting Powershell Credentials (NOT)
2016-11-24/a>
Didier Stevens
Extracting Shellcode From JavaScript
2016-11-23/a>
Tom Webb
Mapping Attack Methodology to Controls
2016-11-18/a>
Didier Stevens
VBA Shellcode and Windows 10
2016-10-31/a>
Russ McRee
SEC505 DFIR capture script: snapshot.ps1
2016-07-13/a>
Xavier Mertens
The Power of Web Shells
2016-06-03/a>
Tom Liston
MySQL is YourSQL
2016-04-28/a>
Rob VandenBrink
DNS and DHCP Recon using Powershell
2016-04-15/a>
Xavier Mertens
Windows Command Line Persistence?
2016-01-26/a>
Rob VandenBrink
Pentest Time Machine: NMAP + Powershell + whatever tool is next
2016-01-25/a>
Rob VandenBrink
Assessing Remote Certificates with Powershell
2016-01-19/a>
Rob VandenBrink
Powershell and HTTPS ? It Ain?t All Rainbows And Lollipops! (or is it?)
2016-01-06/a>
Russ McRee
toolsmith #112: Red vs Blue - PowerSploit vs PowerForensics
2015-12-14/a>
Russ McRee
AD Security's Unofficial Guide to Mimikatz & Command Reference
2015-12-10/a>
Rob VandenBrink
Uninstalling Problem Applications using Powershell
2015-12-09/a>
Xavier Mertens
Enforcing USB Storage Policy with PowerShell
2015-12-02/a>
Rob VandenBrink
Nessus and Powershell is like Chocolate and Peanut Butter!
2015-08-12/a>
Rob VandenBrink
Windows Service Accounts - Why They're Evil and Why Pentesters Love them!
2015-06-29/a>
Rob VandenBrink
The Powershell Diaries 2 - Software Inventory
2015-06-24/a>
Rob VandenBrink
The Powershell Diaries - Finding Problem User Accounts in AD
2015-03-30/a>
Didier Stevens
YARA Rules For Shellcode
2015-02-03/a>
Johannes Ullrich
Another Network Forensic Tool for the Toolbox - Dshell
2014-10-24/a>
Kevin Liston
Shellshock via SMTP
2014-10-23/a>
Russ McRee
Digest: 23 OCT 2014
2014-10-06/a>
Johannes Ullrich
Shellshock: More details released about CVE-2014-6277 and CVE-2014-6278. Also: Does Windows have a shellshock problem?
2014-10-01/a>
Russ McRee
Security Onion news: Updated ShellShock detection scripts for Bro
2014-09-29/a>
Johannes Ullrich
Apple Released Update to Fix Shellshock Vulnerability http://support.apple.com/kb/DL1769
2014-09-25/a>
Johannes Ullrich
Update on CVE-2014-6271: Vulnerability in bash (shellshock)
2014-04-06/a>
Basil Alawi S.Taher
"Power Worm" PowerShell based Malware
2013-10-26/a>
Guy Bruneau
Active Perl/Shellbot Trojan
2013-06-25/a>
Bojan Zdrnja
The race for resources
2013-02-28/a>
Daniel Wesemann
Parsing Windows Eventlogs in Powershell
2012-04-25/a>
Daniel Wesemann
Blacole's shell code
2011-11-10/a>
Rob VandenBrink
Stuff I Learned Scripting - - Parsing XML in a One-Liner
2009-10-17/a>
Rick Wanner
Cyber Security Awareness Month - Day 17 - Port 22/SSH
2009-07-05/a>
Bojan Zdrnja
More on ColdFusion hacks
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Forums
Auditing
Diary Discussions
Forensics
General Discussions
Industry News
Network Security
Penetration Testing
Software Security
Contact Us
Contact Us
About Us
Handlers
Slack Channel
Mastodon
Twitter
The Internet Storm Center is a community for everyone, so
join the conversation