Diaries by Keyword - SANS Internet Storm Center

Participate: Learn more about our honeypot network
https://isc.sans.edu/tools/honeypot/

Handler on Duty: Didier Stevens

Threat Level: green

Date	Author	Title
2022-07-17	Didier Stevens	Python: Files In Use By Another Process
2022-01-04	Xavier Mertens	A Simple Batch File That Blocks People
2021-05-21	Xavier Mertens	Locking Kernel32.dll As Anti-Debugging Technique
2020-08-18	Rick Wanner	ISC Blocked
2020-07-23	Xavier Mertens	Simple Blocklisting with MISP & pfSense
2020-04-16	Johannes Ullrich	Using AppLocker to Prevent Living off the Land Attacks
2019-09-19	Xavier Mertens	Blocklisting or Whitelisting in the Right Way
2018-12-26	Didier Stevens	Bitcoin "Blocklists"
2018-11-13	Johannes Ullrich	November 2018 Microsoft Patch Tuesday
2018-11-12	Rick Wanner	Using the Neutrino ip-blocklist API to test general badness of an IP
2018-06-19	Xavier Mertens	PowerShell: ScriptBlock Logging... Or Not?
2018-05-30	Bojan Zdrnja	The end of the lock icon
2018-05-24	Xavier Mertens	"Blocked" Does Not Mean "Forget It"
2018-02-25	Guy Bruneau	Blackhole Advertising Sites with Pi-hole
2017-09-20	Renato Marinho	Ongoing Ykcol (Locky) campaign
2017-09-01	Brad Duncan	Malspam pushing Locky ransomware tries HoeflerText notifications for Chrome and FireFox
2017-06-02	Xavier Mertens	Phishing Campaigns Follow Trends
2017-04-05	Xavier Mertens	Whitelists: The Holy Grail of Attackers
2016-03-06	Jim Clausing	Novel method for slowing down Locky on Samba server using fail2ban
2016-02-20	Didier Stevens	Locky: JavaScript Deobfuscation
2016-01-09	Xavier Mertens	Virtual Bitlocker Containers
2015-04-30	Brad Duncan	Dalexis/CTB-Locker malspam campaign
2015-02-23	Richard Porter	Subscribing to the DShield Top 20 on a Palo Alto Networks Firewall
2014-08-15	Tom Webb	AppLocker Event Logs with OSSEC 2.8
2014-08-05	Johannes Ullrich	Synolocker: Why OFFLINE Backups are important
2014-06-02	John Bambenek	Gameover Zeus and Cryptolocker Takedowns
2014-05-30	Johannes Ullrich	Fake Australian Electric Bill Leads to Cryptolocker
2014-02-18	Johannes Ullrich	More Details About "TheMoon" Linksys Worm
2014-01-04	Tom Webb	Monitoring Windows Networks Using Syslog (Part One)
2013-11-02	Rick Wanner	Protecting Your Family's Computers
2013-10-22	John Bambenek	Cryptolocker Update, Request for Info
2013-10-16	Adrien de Beaupre	Access denied and blockliss
2013-09-03	Rob VandenBrink	Is "Reputation Backscatter" a Thing?
2013-04-30	Russ McRee	Apache binary backdoor adds malicious redirect to Blackhole
2013-04-23	Russ McRee	Microsoft's Security Intelligence Report (SIRv14) released
2013-03-07	Guy Bruneau	Apple Blocking Java Web plug-in
2012-09-01	Russ McRee	Blackhole targeting Java vulnerability via fake Microsoft Services Agreement email phish
2012-06-26	Daniel Wesemann	Run, Forest! (Update)
2012-04-25	Daniel Wesemann	Blacole's obfuscated JavaScript
2012-04-25	Daniel Wesemann	Blacole's shell code
2011-12-06	Pedro Bueno	The RedRet connection...
2011-11-22	Pedro Bueno	Updates on ZeroAccess and BlackHole front...
2011-11-03	Richard Porter	An Apple, Inc. Sandbox to play in.
2011-05-30	Johannes Ullrich	Lockheed Martin and RSA Tokens
2009-01-12	William Salusky	Downadup / Conficker - MS08-067 exploit and Windows domain account lockout
2008-05-28	Johannes Ullrich	Reminder: Proper use of DShield data
2006-12-18	Toby Kohlenberg	ORDB Shutting down