Internet Storm Center
Sign In
Sign Up
SANS Network Security: Las Vegas Sept 4-9.
Handler on Duty:
Guy Bruneau
Threat Level:
green
Date
Author
Title
FEDCOURTS AU
2016-07-08
Mark Hofman
Malware being distributed pretending to be from AU Fedcourts
FEDCOURTS
2016-07-08/a>
Mark Hofman
Malware being distributed pretending to be from AU Fedcourts
AU
2024-09-06/a>
Jesse La Grew
Enrichment Data: Keeping it Fresh
2024-08-22/a>
Johannes Ullrich
OpenAI Scans for Honeypots. Artificially Malicious? Action Abuse?
2024-06-20/a>
Guy Bruneau
No Excuses, Free Tools to Help Secure Authentication in Ubuntu Linux [Guest Diary]
2023-09-09/a>
Guy Bruneau
?Anyone get the ASN of the Truck that Hit Me?!?: Creating a PowerShell Function to Make 3rd Party API Calls for Extending Honeypot Information [Guest Diary]
2023-08-21/a>
Xavier Mertens
Quick Malware Triage With Inotify Tools
2023-01-06/a>
Xavier Mertens
AutoIT Remains Popular in the Malware Landscape
2023-01-05/a>
Brad Duncan
More Brazil malspam pushing Astaroth (Guildma) in January 2023
2022-11-02/a>
Rob VandenBrink
Breakpoints in Burp
2022-07-06/a>
Johannes Ullrich
How Many SANs are Insane?
2022-05-17/a>
Xavier Mertens
Use Your Browser Internal Password Vault... or Not?
2022-02-01/a>
Xavier Mertens
Automation is Nice But Don't Replace Your Knowledge
2021-11-08/a>
Xavier Mertens
(Ab)Using Security Tools & Controls for the Bad
2021-10-18/a>
Xavier Mertens
Malicious PowerShell Using Client Certificate Authentication
2021-06-24/a>
Xavier Mertens
Do you Like Cookies? Some are for sale!
2021-04-16/a>
Rick Wanner
Querying Spamhaus for IP reputation
2021-01-06/a>
Johannes Ullrich
Scans for Zyxel Backdoors are Commencing.
2021-01-02/a>
Guy Bruneau
Protecting Home Office and Enterprise in 2021
2020-12-04/a>
Guy Bruneau
Detecting Actors Activity with Threat Intel
2020-10-30/a>
Xavier Mertens
Quick Status of the CAA DNS Record Adoption
2020-04-20/a>
Didier Stevens
KPOT AutoIt Script: Analysis
2020-03-23/a>
Didier Stevens
KPOT Deployed via AutoIt Script
2020-02-16/a>
Guy Bruneau
SOAR or not to SOAR?
2019-12-22/a>
Didier Stevens
Extracting VBA Macros From .DWG Files
2019-12-16/a>
Didier Stevens
Malicious .DWG Files?
2019-11-29/a>
Russ McRee
ISC Snapshot: Search with SauronEye
2019-11-09/a>
Guy Bruneau
Fake Netflix Update Request by Text
2019-09-27/a>
Xavier Mertens
New Scans for Polycom Autoconfiguration Files
2019-09-17/a>
Rob VandenBrink
Investigating Gaps in your Windows Event Logs
2019-05-01/a>
Xavier Mertens
Another Day, Another Suspicious UDF File
2019-01-30/a>
Russ McRee
CR19-010: The United States vs. Huawei
2018-10-23/a>
Xavier Mertens
Diving into Malicious AutoIT Code
2018-10-22/a>
Xavier Mertens
Malicious Powershell using a Decoy Picture
2018-08-21/a>
Xavier Mertens
Malicious DLL Loaded Through AutoIT
2018-06-04/a>
Rob VandenBrink
Digging into Authenticode Certificates
2018-01-03/a>
John Bambenek
Phishing to Rural America Leads to Six-figure Wire Fraud Losses
2017-09-11/a>
Russ McRee
Windows Auditing with WINspect
2017-09-02/a>
Xavier Mertens
AutoIT based malware back in the wild
2017-08-25/a>
Xavier Mertens
Malicious AutoIT script delivered in a self-extracting RAR file
2017-07-30/a>
Guy Bruneau
Text Banking Scams
2017-07-08/a>
Xavier Mertens
A VBScript with Obfuscated Base64 Data
2017-05-03/a>
Bojan Zdrnja
OAUTH phishing against Google Docs ? beware!
2017-03-04/a>
Xavier Mertens
How your pictures may affect your website reputation
2016-11-25/a>
Xavier Mertens
Free Software Quick Security Checklist
2016-09-15/a>
Xavier Mertens
In Need of a OTP Manager Soon?
2016-07-08/a>
Mark Hofman
Malware being distributed pretending to be from AU Fedcourts
2016-05-18/a>
Russ McRee
Resources: Windows Auditing & Monitoring, Linux 2FA
2016-02-26/a>
Xavier Mertens
Quick Audit of *NIX Systems
2016-02-03/a>
Xavier Mertens
Automating Vulnerability Scans
2015-09-08/a>
Lenny Zeltser
A Close Look at PayPal Overpayment Scams That Target Craigslist Sellers
2015-09-01/a>
Daniel Wesemann
How to hack
2015-07-17/a>
Didier Stevens
Autoruns and VirusTotal
2015-06-26/a>
Daniel Wesemann
Cisco default credentials - again!
2015-03-07/a>
Guy Bruneau
Should it be Mandatory to have an Independent Security Audit after a Breach?
2014-11-04/a>
Daniel Wesemann
20$ is 999999 Euro
2014-09-27/a>
Guy Bruneau
What has Bash and Heartbleed Taught Us?
2014-05-30/a>
Johannes Ullrich
Fake Australian Electric Bill Leads to Cryptolocker
2014-03-13/a>
Daniel Wesemann
Identification and authentication are hard ... finding out intention is even harder
2014-01-10/a>
Basil Alawi S.Taher
Windows Autorun-3
2014-01-08/a>
Kevin Shortt
Intercepted Email Attempts to Steal Payments
2013-12-20/a>
Daniel Wesemann
authorized key lime pie
2013-09-18/a>
Rob VandenBrink
Cisco DCNM Update Released
2013-08-21/a>
Rob VandenBrink
Fibre Channel Reconnaissance - Reloaded
2013-06-21/a>
Guy Bruneau
Sysinternals Updates for Autoruns, Strings & ZoomIt http://blogs.technet.com/b/sysinternals/archive/2013/06/20/updates-autoruns-v11-61-strings-v2-52-zoomit-v4-5.aspx
2013-06-20/a>
Guy Bruneau
HP iLO3/iLO4 Remote Unauthorized Access with Single-Sign-On
2013-04-15/a>
Rob VandenBrink
Oops - You Mean That Deleted Server was a Certificate Authority?
2013-03-28/a>
John Bambenek
Where Were You During the Great DDoS Cybergeddon of 2013?
2013-03-23/a>
Guy Bruneau
Apple ID Two-step Verification Now Available in some Countries
2013-03-18/a>
Kevin Shortt
Spamhaus DDOS
2013-03-05/a>
Mark Hofman
IPv6 Focus Month: Device Defaults
2013-02-19/a>
Johannes Ullrich
EDUCAUSE Breach
2013-02-14/a>
Bojan Zdrnja
Auditd is your friend
2012-09-05/a>
Rob VandenBrink
Auditing a Network for VOIP Call Quality Metrics
2012-08-14/a>
Rick Wanner
Microsoft August 2012 Black Tuesday Update - Overview
2012-07-12/a>
Rob VandenBrink
Today at SANSFIRE - Dude Your Car is PWND !
2012-03-03/a>
Jim Clausing
New automated sandbox for Android malware
2012-01-13/a>
Guy Bruneau
Sysinternals Updates - http://blogs.technet.com/b/sysinternals/archive/2012/01/13/updates-autoruns-v11-21-coreinfo-v3-03-portmon-v-3-03-process-explorer-v15-12-mark-s-blog-and-mark-at-rsa-2012.aspx
2011-09-19/a>
Guy Bruneau
MS Security Advisory Update - Fraudulent DigiNotar Certificates
2011-09-08/a>
Rob VandenBrink
When Good CA's go Bad: Other Things to Check in Your Datacenter
2011-05-30/a>
Johannes Ullrich
Allied Telesis Passwords Leaked
2011-05-18/a>
Bojan Zdrnja
Android, HTTP and authentication tokens
2010-12-15/a>
Manuel Humberto Santander Pelaez
HP StorageWorks P2000 G3 MSA hardcoded user
2010-09-28/a>
Daniel Wesemann
Supporting the economy (in Russia and Ukraine)
2010-09-21/a>
Johannes Ullrich
Implementing two Factor Authentication on the Cheap
2010-06-17/a>
Deborah Hale
Internet Fraud Alert Kicks Off Today
2010-06-15/a>
Manuel Humberto Santander Pelaez
Mastercard delivering cards with OTP device included
2010-05-15/a>
Deborah Hale
Onboard Computers Subject to Attack?
2010-05-03/a>
Daniel Wesemann
Social engineering via paper mail
2010-04-09/a>
Mark Hofman
Adobe launch issue response/work around.
2010-04-06/a>
Daniel Wesemann
Application Logs
2010-03-10/a>
Rob VandenBrink
Microsoft re-release of KB973811 - attacks on Extended Protection for Authentication
2009-11-25/a>
Jim Clausing
Updates to my GREM Gold scripts and a new script
2009-11-05/a>
Swa Frantzen
Insider threat: The snapnames case
2009-10-02/a>
Stephen Hall
New SysInternal fun for the weekend
2009-08-19/a>
Daniel Wesemann
Checking your protection
2009-08-16/a>
Mari Nichols
Surviving a third party onsite audit
2009-05-31/a>
Tony Carothers
L0phtcrack is Back!
2009-05-25/a>
Jim Clausing
NTPD autokey vulnerability
2009-05-11/a>
Mari Nichols
Sysinternals Updates 3 Applications
2009-04-22/a>
Jason Lam
OAuth vulnerability
2009-03-20/a>
Stephen Hall
Making the most of your runbooks
2009-02-25/a>
donald smith
AutoRun disabling patch released
2009-01-20/a>
Adrien de Beaupre
Obamamania
2009-01-15/a>
Bojan Zdrnja
Conficker's autorun and social engineering
2008-12-25/a>
Maarten Van Horenbeeck
Merry Christmas, and beware of digital hitchhikers!
2008-11-05/a>
donald smith
hacking the election
2008-10-20/a>
Johannes Ullrich
Fraudulent ATM Reactivation Phone Calls.
2008-05-07/a>
Jim Clausing
More on automated exploit generation
2008-04-18/a>
John Bambenek
The Patch Window is Gone: Automated Patch-Based Exploit Generation
2008-03-30/a>
Mark Hofman
Mail Anyone?
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Contact Us
Contact Us
About Us
Handlers
About Us
Slack Channel
Mastodon
Bluesky
X
The Internet Storm Center is a community for everyone, so
join the conversation