Internet Storm Center
Sign In
Sign Up
SANS Network Security: Las Vegas Sept 4-9.
Handler on Duty:
Johannes Ullrich
Threat Level:
green
Date
Author
Title
CROSS SITE SCRIPTING
2013-02-04
Russ McRee
An expose of a recent SANS GIAC XSS vulnerability
2013-01-25
Johannes Ullrich
Vulnerability Scans via Search Engines (Request for Logs)
2011-08-24
Rob VandenBrink
Citrix Access Gateway Cross Site Scripting vulnerability and fix ==> http://support.citrix.com/article/CTX129971
CROSS
2022-03-07/a>
Johannes Ullrich
No Bitcoin - No Problem: Follow Up to Last Weeks Donation Scam
2022-03-04/a>
Johannes Ullrich
Scam E-Mail Impersonating Red Cross
2014-08-09/a>
Adrien de Beaupre
Complete application ownage via Multi-POST XSRF
2013-02-11/a>
John Bambenek
Is This Chinese Registrar Really Trying to XSS Me?
2013-02-04/a>
Russ McRee
An expose of a recent SANS GIAC XSS vulnerability
2013-01-25/a>
Johannes Ullrich
Vulnerability Scans via Search Engines (Request for Logs)
2011-08-24/a>
Rob VandenBrink
Citrix Access Gateway Cross Site Scripting vulnerability and fix ==> http://support.citrix.com/article/CTX129971
2009-07-17/a>
John Bambenek
Cross-Platform, Cross-Browser DoS Vulnerability
SITE
2023-12-11/a>
Rob VandenBrink
What is sitemap.xml, and Why a Pentester Should Care
2021-08-04/a>
Yee Ching Tok
Pivoting and Hunting for Shenanigans from a Reported Phishing Domain
2021-06-24/a>
Xavier Mertens
Do you Like Cookies? Some are for sale!
2018-11-17/a>
Xavier Mertens
Quickly Investigating Websites with Lookyloo
2017-07-19/a>
Xavier Mertens
Bots Searching for Keys & Config Files
2017-04-07/a>
Xavier Mertens
Tracking Website Defacers with HTTP Referers
2017-01-14/a>
Xavier Mertens
Backup Files Are Good but Can Be Evil
2016-01-29/a>
Xavier Mertens
Scripting Web Categorization
2014-08-09/a>
Adrien de Beaupre
Complete application ownage via Multi-POST XSRF
2014-06-11/a>
Daniel Wesemann
Gimme your keys!
2013-02-22/a>
Johannes Ullrich
When web sites go bad: bible . org compromise
2013-02-11/a>
John Bambenek
Is This Chinese Registrar Really Trying to XSS Me?
2013-02-04/a>
Russ McRee
An expose of a recent SANS GIAC XSS vulnerability
2013-01-25/a>
Johannes Ullrich
Vulnerability Scans via Search Engines (Request for Logs)
2011-08-24/a>
Rob VandenBrink
Citrix Access Gateway Cross Site Scripting vulnerability and fix ==> http://support.citrix.com/article/CTX129971
2010-08-13/a>
Tom Liston
The Strange Case of Doctor Jekyll and Mr. ED
2010-04-26/a>
Raul Siles
Vulnerable Sites Database
2009-08-18/a>
Deborah Hale
Domain tcpdump.org unavailable
2009-08-18/a>
Deborah Hale
Website compromises - what's happening?
2009-05-27/a>
donald smith
Host file black lists
2009-05-05/a>
Bojan Zdrnja
Every dot matters
2008-08-02/a>
Maarten Van Horenbeeck
Issues affecting sites using Sitemeter [resolved]
2008-06-07/a>
Jim Clausing
Followup to 'How do you monitor your website?'
2008-04-24/a>
donald smith
Hundreds of thousands of SQL injections
SCRIPTING
2013-07-01/a>
Manuel Humberto Santander Pelaez
Using nmap scripts to enhance vulnerability asessment results
2013-02-11/a>
John Bambenek
Is This Chinese Registrar Really Trying to XSS Me?
2013-02-04/a>
Russ McRee
An expose of a recent SANS GIAC XSS vulnerability
2013-01-25/a>
Johannes Ullrich
Vulnerability Scans via Search Engines (Request for Logs)
2012-01-12/a>
Rob VandenBrink
Stuff I Learned Scripting - Fun with STDERR
2011-11-10/a>
Rob VandenBrink
Stuff I Learned Scripting - - Parsing XML in a One-Liner
2011-08-24/a>
Rob VandenBrink
Citrix Access Gateway Cross Site Scripting vulnerability and fix ==> http://support.citrix.com/article/CTX129971
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Contact Us
Contact Us
About Us
Handlers
About Us
Slack Channel
Mastodon
Bluesky
X
Follow updates by subscribing to the handler's
diary RSS feed