Diaries by Keyword - SANS Internet Storm Center

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Handler on Duty: Didier Stevens

Threat Level: green

Date	Author	Title
GIVING BACK
2013-01-30	Richard Porter	Getting Involved with the Local Community
GIVING
2013-01-30/a>	Richard Porter	Getting Involved with the Local Community
2010-10-11/a>	Adrien de Beaupre	OT: Happy Thanksgiving Day Canada
BACK
2023-06-09/a>	Xavier Mertens	Undetected PowerShell Backdoor Disguised as a Profile File
2023-03-18/a>	Xavier Mertens	Old Backdoor, New Obfuscation
2023-02-21/a>	Xavier Mertens	Phishing Page Branded with Your Corporate Website
2023-02-09/a>	Xavier Mertens	A Backdoor with Smart Screenshot Capability
2022-10-07/a>	Xavier Mertens	Powershell Backdoor with DGA Capability
2022-05-09/a>	Xavier Mertens	Octopus Backdoor is Back with a New Embedded Obfuscated Bat File
2022-03-18/a>	Johannes Ullrich	Scans for Movable Type Vulnerability (CVE-2021-20837)
2022-02-01/a>	Xavier Mertens	Automation is Nice But Don't Replace Your Knowledge
2021-12-15/a>	Xavier Mertens	Simple but Undetected PowerShell Backdoor
2021-11-21/a>	Didier Stevens	Backdooring PAM
2021-11-08/a>	Xavier Mertens	(Ab)Using Security Tools & Controls for the Bad
2021-07-02/a>	Xavier Mertens	"inception.py"... Multiple Base64 Encodings
2021-05-28/a>	Xavier Mertens	Malicious PowerShell Hosted on script.google.com
2020-12-24/a>	Xavier Mertens	Malicious Word Document Delivering an Octopus Backdoor
2020-12-10/a>	Xavier Mertens	Python Backdoor Talking to a C2 Through Ngrok
2020-11-25/a>	Xavier Mertens	Live Patching Windows API Calls Using PowerShell
2020-09-16/a>	Johannes Ullrich	Do Vulnerabilities Ever Get Old? Recent "Mirai" Variant Scanning for 20 Year Old Amanda Version?
2020-07-11/a>	Guy Bruneau	Scanning Home Internet Facing Devices to Exploit
2018-12-16/a>	Guy Bruneau	Random Port Scan for Open RDP Backdoor
2018-09-04/a>	Rob VandenBrink	Let's Trade: You Read My Email, I'll Read Your Password!
2018-06-13/a>	Xavier Mertens	A Bunch of Compromized Wordpress Sites
2018-03-05/a>	Xavier Mertens	Malicious Bash Script with Multiple Features
2018-03-03/a>	Xavier Mertens	Reminder: Beware of the "Cloud"
2017-09-18/a>	Xavier Mertens	CCleaner 5.33 compromised - http://www.piriform.com/news/release-announcements/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users
2017-09-14/a>	Xavier Mertens	Another webshell, another backdoor!
2017-07-12/a>	Xavier Mertens	Backup Scripts, the FIM of the Poor
2017-05-12/a>	Xavier Mertens	When Bad Guys are Pwning Bad Guys...
2017-02-28/a>	Xavier Mertens	Analysis of a Simple PHP Backdoor
2017-02-17/a>	Rob VandenBrink	RTRBK - Router / Switch / Firewall Backups in PowerShell (tool drop)
2017-01-14/a>	Xavier Mertens	Backup Files Are Good but Can Be Evil
2016-01-21/a>	Jim Clausing	Scanning for Fortinet ssh backdoor
2015-12-13/a>	Didier Stevens	Use The Privilege
2015-06-26/a>	Daniel Wesemann	Cisco default credentials - again!
2015-02-09/a>	Chris Mohan	Backups are part of the overall business continuity and disaster recovery plan
2014-07-08/a>	Johannes Ullrich	Hardcoded Netgear Prosafe Switch Password
2014-07-02/a>	Johannes Ullrich	Cisco Unified Communications Domain Manager Update
2014-03-12/a>	Johannes Ullrich	Wordpress "Pingback" DDoS Attacks
2014-01-10/a>	Basil Alawi S.Taher	Cisco Small Business Devices backdoor fix
2014-01-02/a>	Johannes Ullrich	Scans Increase for New Linksys Backdoor (32764/TCP)
2013-12-24/a>	Daniel Wesemann	Unfriendly crontab additions
2013-12-16/a>	Tom Webb	The case of Minerd
2013-11-05/a>	Daniel Wesemann	Is your vacuum cleaner sending spam?
2013-09-10/a>	Swa Frantzen	Microsoft September 2013 Black Tuesday Overview
2013-09-03/a>	Rob VandenBrink	Is "Reputation Backscatter" a Thing?
2013-07-09/a>	Swa Frantzen	Microsoft July 2013 Black Tuesday Overview
2013-06-11/a>	Swa Frantzen	Microsoft June 2013 Black Tuesday Overview
2013-06-11/a>	Swa Frantzen	Other Microsoft Black Tuesday News
2013-05-14/a>	Swa Frantzen	Microsoft May 2013 Black Tuesday Overview
2013-05-14/a>	Swa Frantzen	Firefox & Thunderbird released
2013-03-12/a>	Swa Frantzen	Microsoft March 2013 Black Tuesday Overview
2013-01-30/a>	Richard Porter	Getting Involved with the Local Community
2012-12-04/a>	Johannes Ullrich	Where do your backup tapes go to die?
2012-08-14/a>	Rick Wanner	Backtrack 5 r3 released - http://www.backtrack-linux.org/downloads/
2012-05-18/a>	Johannes Ullrich	ZTE Score M Android Phone backdoor
2012-04-14/a>	Rick Wanner	Flashback Trojan Removal Tool Released
2012-04-12/a>	Guy Bruneau	wicd Privilege Escalation 0day exploit for Backtrack 5 R2
2012-04-12/a>	Guy Bruneau	Apple Java Updates for Mac OS X
2012-03-05/a>	Johannes Ullrich	Flashback Malware now with Twitter C&C
2012-02-24/a>	Guy Bruneau	Flashback Trojan in the Wild
2011-10-28/a>	Russ McRee	Critical Control 19: Data Recovery Capability
2011-07-04/a>	Deborah Hale	VSFTP Backdoor in Source Code
2011-05-10/a>	Swa Frantzen	Backtrack 5 released
2011-01-14/a>	Chris Mohan	How does your family backup their memories?
2010-12-27/a>	Johannes Ullrich	Various sites "Owned and Exposed"
2010-12-15/a>	Johannes Ullrich	OpenBSD IPSec "Backdoor"
2010-12-02/a>	Kevin Johnson	ProFTPD distribution servers compromised
2010-08-30/a>	Adrien de Beaupre	Apple QuickTime potential vulnerability/backdoor
2010-01-11/a>	Adrien de Beaupre	BackTrack 4 final released http://www.remote-exploit.org/news.html http://www.backtrack-linux.org/downloads/
2009-10-19/a>	Daniel Wesemann	Backed up, lately ?
2009-10-17/a>	Rick Wanner	Unusual traffic from Loopback to Unused ARIN address
2009-10-05/a>	Adrien de Beaupre	Cyber Security Awareness Month - Day 5 port 31337
2009-08-30/a>	Tony Carothers	How do I recover from.....?
2009-05-12/a>	Swa Frantzen	May Black Tuesday Overview
2009-01-03/a>	Rick Wanner	RAID != Backup
2008-10-25/a>	Rick Wanner	Day 26 - Restoring Systems from Backup

GIVING BACK

GIVING

BACK