Threat Level: green Handler on Duty: Russ McRee

SANS ISC: Diaries by Keyword Diaries by Keyword

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Date Author Title
2020-10-07Johannes UllrichToday, Nobody is Going to Attack You.
2020-08-12Russ McReeTo the Brim at the Gates of Mordor Pt. 1
2020-04-30Xavier MertensCollecting IOCs from IMAP Folder
2019-12-12Xavier MertensCode & Data Reuse in the Malware Ecosystem
2019-11-02Didier StevensRemark on EML Attachments
2019-10-30Xavier MertensKeep an Eye on Remote Access to Mailboxes
2019-08-22Xavier MertensSimple Mimikatz & RDPWrapper Dropper
2019-05-01Xavier MertensAnother Day, Another Suspicious UDF File
2019-04-17Xavier MertensMalware Sample Delivered Through UDF Image
2019-02-05Rob VandenBrinkMitigations against Mimikatz Style Attacks
2019-01-09Russ McReegganimate: Animate YouR Security Analysis
2018-10-31Brad DuncanMore malspam using password-protected Word docs
2018-06-27Renato MarinhoSilently Profiling Unknown Malware Samples
2018-05-16Mark HofmanEFAIL, a weakness in openPGP and S\MIME
2017-11-25Guy BruneauExim Remote Code Exploit
2017-09-19Jim ClausingNew tool: mac-robber.py
2017-07-12Xavier MertensBackup Scripts, the FIM of the Poor
2017-06-28Brad DuncanCatching up with Blank Slate: a malspam campaign still going strong
2017-06-17Guy BruneauMapping Use Cases to Logs. Which Logs are the Most Important to Collect?
2017-05-10Johannes UllrichRead This If You Are Using a Script to Pull Data From This Site
2017-05-03Bojan ZdrnjaPowershelling with exploits
2017-04-28Russell EubanksKNOW before NO
2017-03-25Russell EubanksDistraction as a Service
2017-03-11Russell EubanksWhat's On Your Not To Do List?
2017-01-24Xavier MertensMalicious SVG Files in the Wild
2016-12-11Russ McReeSteganography in Action: Image Steganography & StegExpose
2016-11-20Pasquale StirparoHow many “Epoch” times? Epocalypse.py timestamp converter
2016-11-13Guy BruneauBitcoin Miner File Upload via FTP
2016-09-10Xavier MertensOngoing IMAP Scan, Anyone Else?
2016-05-14Guy BruneauINetSim as a Basic Honeypot
2016-03-30Xavier MertensWhat to watch with your FIM?
2016-01-24Didier StevensObfuscated MIME Files
2016-01-05Guy BruneauWhat are you Concerned the Most in 2016?
2015-12-14Russ McReeAD Security's Unofficial Guide to Mimikatz & Command Reference
2015-05-15Didier StevensAnother Maldoc? I'm Afraid So...
2015-05-09Didier StevensMalicious Word Document: This Time The Maldoc Is A MIME File
2015-02-10Mark BaggettDetecting Mimikatz Use On Your Network
2014-01-24Johannes UllrichHow to send mass e-mail the right way
2013-11-05Daniel WesemannTIFF images in MS-Office documents used in targeted attacks
2013-08-14Johannes UllrichImaging LUKS Encrypted Drives
2013-05-22Adrien de BeaupreApple QuickTime 7.7.4 for Windows updated, MANY security vulnerabilities: http://support.apple.com/kb/HT1222
2013-04-25Adam SwangerGuest Diary: Dylan Johnson - A week in the life of some Perimeter Firewalls
2013-02-06Johannes UllrichAre you losing system logging information (and don't know it)?
2012-12-22Guy BruneauNew Poll - Which of the following issues impacted the most your business in 2012? - https://isc.sans.edu/poll.html
2012-06-22Kevin ListonInvestigator's Tool-kit: Timeline
2012-06-15Johannes UllrichAuthenticating E-Mail
2012-02-07Johannes UllrichSecure E-Mail Access
2011-11-11Rick WannerAPPLE-SA-2011-11-10-2 Time Capsule and AirPort Base Station (802.11n) Firmware 7.6 update
2011-08-04Jim ClausingApple release Quicktime 7.7 fixes 14 CVEs, see http://support.apple.com/kb/HT1222
2011-08-03Johannes UllrichMalicious Images: What's a QR Code
2011-05-14Guy BruneauWebsense Study Claims Canada Next Hotbed for Cybercrime Web Hosting Activity
2011-05-06Richard PorterUnpatched Exploit: Skype for MAC
2011-04-23Manuel Humberto Santander PelaezImage search can lead to malware download
2010-12-17Johannes UllrichReports of Attacks against EXIM vulnerability
2010-12-12Raul SilesApple Quickime 7.6.9 was released a few days ago (just in case you missed it): http://support.apple.com/kb/HT1222. Update all your web browser plugins!
2010-12-10Mark HofmanEXIM MTA vulnerability
2010-11-08Manuel Humberto Santander PelaezNetwork Security Perimeter: How to choose the correct firewall and IPS for your environment?
2010-11-07Adrien de BeaupreChange your clocks?
2010-09-25Rick WannerGuest Diary: Andrew Hunt - Visualizing the Hosting Patterns of Modern Cybercriminals
2010-08-30Adrien de BeaupreApple QuickTime potential vulnerability/backdoor
2010-08-22Manuel Humberto Santander PelaezSCADA: A big challenge for information security professionals
2010-08-14Tony CarothersFreedom of Information
2010-08-13Guy BruneauQuickTime Security Updates
2010-04-02Guy BruneauApple QuickTime and iTunes Security Update
2010-03-23John BambenekThe Top 10 Riskiest US Cities for Cybercrime
2010-03-11donald smithCert write up on Skype IMBot Logic and Functionality.
2010-01-17Rick WannerBuffer overflow in Quicktime
2009-11-05Swa FrantzenRIM fixes random code execution vulnerability
2009-09-12Jim ClausingApple Updates
2009-09-04Adrien de BeaupreFake anti-virus
2009-07-11Marcus SachsImageshack
2009-06-02Deborah HaleAnother Quicktime Update
2009-02-14Deborah HaleMicrosoft Time Sync Appears to Down
2009-02-06Adrien de BeaupreFake stimulus payments
2008-11-02Adrien de BeaupreDaylight saving time
2008-09-09Swa FrantzenApple updates iTunes+QuickTime
2008-07-15Maarten Van HorenbeeckBlackBerry PDF parsing vulnerability
2008-07-15Maarten Van HorenbeeckBot controller mimicry
2008-06-10Swa FrantzenUpgrade to QuickTime 7.5
2008-04-22donald smithMaximus root kit downloads via MySpace social engineering trick.
2008-04-03Bojan ZdrnjaA bag of vulnerabilities (and fixes) in QuickTime
2006-12-18Toby KohlenbergSkype worm
2006-09-12Swa FrantzenApple Quicktime 7.1.3 released