Diaries by Keyword - SANS Internet Storm Center

Handler on Duty: Xavier Mertens

Threat Level: green

Date	Author	Title
2025-03-12	Guy Bruneau	File Hashes Analysis with Power BI from Data Stored in DShield SIEM
2025-03-06	Guy Bruneau	DShield Traffic Analysis using ELK
2025-01-17	Guy Bruneau	Leveraging Honeypot Data for Offensive Security Operations [Guest Diary]
2024-10-17	Guy Bruneau	Scanning Activity from Subnet 15.184.0.0/16
2024-09-11	Guy Bruneau	Hygiene, Hygiene, Hygiene! [Guest Diary]
2024-08-30	Jesse La Grew	Simulating Traffic With Scapy
2024-08-29	Xavier Mertens	Live Patching DLLs with Python
2024-05-15	Rob VandenBrink	Got MFA? If not, Now is the Time!
2024-02-03	Guy Bruneau	DShield Sensor Log Collection with Elasticsearch
2023-01-04	Rob VandenBrink	Update to RTRBK - Diff and File Dates in PowerShell
2023-01-02	Xavier Mertens	NetworkMiner 2.8 Released
2022-10-27	Tom Webb	Supersizing your DUO and 365 Integration
2022-05-30	Xavier Mertens	New Microsoft Office Attack Vector via "ms-msdt" Protocol Scheme (CVE-2022-30190)
2022-04-17	Didier Stevens	Video: Office Protects You From Malicious ISO Files
2022-04-16	Didier Stevens	Office Protects You From Malicious ISO Files
2022-01-25	Brad Duncan	Emotet Stops Using 0.0.0.0 in Spambot Traffic
2021-12-19	Didier Stevens	Office 2021: VBA Project Version
2021-11-28	Didier Stevens	Video: YARA Rules for Office Maldocs
2021-11-23	Didier Stevens	YARA Rule for OOXML Maldocs: Less False Positives
2021-11-07	Didier Stevens	Video: Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory
2021-11-06	Didier Stevens	Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory
2021-10-25	Didier Stevens	Decrypting Cobalt Strike Traffic With a "Leaked" Private Key
2021-09-08	Johannes Ullrich	Microsoft Offers Workaround for 0-Day Office Vulnerability (CVE-2021-40444)
2021-06-23	Johannes Ullrich	Standing With Security Researchers Against Misuse of the DMCA
2021-04-10	Guy Bruneau	Building an IDS Sensor with Suricata & Zeek with Logs to ELK
2021-02-15	Johannes Ullrich	Securing and Optimizing Networks: Using pfSense Traffic Shaper Limiters to Combat Bufferbloat
2020-12-12	Didier Stevens	Office 95 Excel 4 Macros
2020-12-03	Brad Duncan	Traffic Analysis Quiz: Mr Natural
2020-11-11	Brad Duncan	Traffic Analysis Quiz: DESKTOP-FX23IK5
2020-11-08	Didier Stevens	Quick Tip: Extracting all VBA Code from a Maldoc
2020-09-23	Xavier Mertens	Malicious Word Document with Dynamic Content
2020-08-20	Rob VandenBrink	Office 365 Mail Forwarding Rules (and other Mail Rules too)
2020-05-31	Guy Bruneau	Windows 10 Built-in Packet Sniffer - PktMon
2020-04-16	Johannes Ullrich	Using AppLocker to Prevent Living off the Land Attacks
2020-02-21	Xavier Mertens	Quick Analysis of an Encrypted Compound Document Format
2019-12-28	Didier Stevens	Corrupt Office Documents
2019-12-09	Didier Stevens	(Lazy) Sunday Maldoc Analysis
2019-07-16	Russ McRee	Commando VM: The Complete Mandiant Offensive VM
2019-04-07	Guy Bruneau	Fake Office 365 Payment Information Update
2019-04-01	Didier Stevens	Analysis of PDFs Created with OpenOffice/LibreOffice
2018-12-13	Xavier Mertens	Phishing Attack Through Non-Delivery Notification
2018-11-18	Guy Bruneau	Multipurpose PCAP Analysis Tool
2018-10-10	Xavier Mertens	New Campaign Using Old Equation Editor Vulnerability
2018-09-04	Rob VandenBrink	Let's Trade: You Read My Email, I'll Read Your Password!
2018-06-27	Renato Marinho	Silently Profiling Unknown Malware Samples
2018-05-25	Xavier Mertens	Antivirus Evasion? Easy as 1,2,3
2018-05-01	Xavier Mertens	Diving into a Simple Maldoc Generator
2017-12-16	Xavier Mertens	Microsoft Office VBA Macro Obfuscation via Metadata
2017-11-15	Xavier Mertens	If you want something done right, do it yourself!
2017-05-24	Brad Duncan	Jaff ransomware gets a makeover
2017-04-28	Xavier Mertens	Another Day, Another Obfuscation Technique
2017-02-24	Rick Wanner	Cloudflare data leak...what does it mean to me?
2017-01-31	Johannes Ullrich	Malicious Office files using fileless UAC bypass to drop KEYBASE malware
2016-09-30	Xavier Mertens	Another Day, Another Malicious Behaviour
2016-07-19	Didier Stevens	Office Maldoc: Let's Focus on the VBA Macros Later...
2016-06-09	Xavier Mertens	Offensive or Defensive Security? Both!
2016-05-14	Guy Bruneau	INetSim as a Basic Honeypot
2016-01-24	Didier Stevens	Obfuscated MIME Files
2015-12-15	Russ McRee	Security Management vs Chaos: Understanding the Butterfly Effect to Manage Outcomes & Reduce Chaos
2015-05-03	Russ McRee	VolDiff, for memory image differential analysis
2015-03-16	Johannes Ullrich	Automatically Documenting Network Connections From New Devices Connected to Home Networks
2015-02-20	Tom Webb	Fast analysis of a Tax Scam
2015-02-19	Daniel Wesemann	Macros? Really?!
2014-07-10	Rob VandenBrink	Certificate Errors in Office 365 Today
2014-06-22	Russ McRee	OfficeMalScanner helps identify the source of a compromise
2013-12-02	Richard Porter	Reports of higher than normal SSH Attacks
2013-11-05	Daniel Wesemann	TIFF images in MS-Office documents used in targeted attacks
2013-10-02	John Bambenek	Obamacare related domain registration spike, Government shutdown domain registration beginning
2013-06-05	Richard Porter	Wireshark 1.10.0 Stable Released http://www.wireshark.org/download.html
2013-05-07	Jim Clausing	NGINX updates address buffer overflow (CVE-2013-2028) see http://nginx.org/en/CHANGES-1.4
2013-03-09	Guy Bruneau	IPv6 Focus Month: IPv6 Encapsulation - Protocol 41
2013-02-03	Lorna Hutcheson	Is it Really an Attack?
2013-01-18	Russ McRee	Sourcefire VRT rules update addresses remote stack buffer overflow in rule 3:20275
2012-12-02	Guy Bruneau	Zero Day MySQL Buffer Overflow
2012-09-14	Lenny Zeltser	Analyzing Malicious RTF Files Using OfficeMalScanner's RTFScan
2012-08-30	Bojan Zdrnja	Analyzing outgoing network traffic (part 2)
2012-08-23	Bojan Zdrnja	Analyzing outgoing network traffic
2012-06-04	Lenny Zeltser	Decoding Common XOR Obfuscation in Malicious Code
2011-11-10	Rob VandenBrink	Stuff I Learned Scripting - - Parsing XML in a One-Liner
2011-11-08	Swa Frantzen	Firefox 8.0 released
2011-10-01	Mark Hofman	Hot on the heels fo FF, Thunderbird v 7.0.1 and SeaMonkey v 2.4.1 have been updated.
2011-01-28	Guy Bruneau	OpenOffice Security Fixes
2011-01-15	Jim Clausing	What's up with port 8881?
2010-10-26	Pedro Bueno	Cyber Security Awareness Month - Day 26 - Sharing Office Files
2010-06-06	Manuel Humberto Santander Pelaez	Nice OS X exploit tutorial
2010-06-05	Guy Bruneau	OpenOffice.org 3.2.1 Fixes Bugs and Vulnerabilities
2010-05-19	Jason Lam	EFF paper about browser tracking
2010-02-22	Rob VandenBrink	Multiple Security Updates for OpenOffice ==> http://www.openoffice.org/security/bulletin.html
2010-02-17	Rob VandenBrink	Multiple Security Updates for ESX 3.x and ESXi 3.x
2010-01-08	Rob VandenBrink	Microsoft OfficeOnline, Searching for Trust and Malware
2009-12-24	Guy Bruneau	F5 BIG-IP ASM and PSM Remote Buffer Overflow
2009-07-16	Bojan Zdrnja	OWC exploits used in SQL injection attacks
2009-07-13	Adrien de Beaupre	Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution
2009-01-21	Raul Siles	Traffic increase for port UDP/8247
2008-11-17	Marcus Sachs	New Tool: NetWitness Investigator
2008-06-10	Swa Frantzen	Linux ASN.1 BER kernel buffer overflow
2008-04-16	William Stearns	Passer, a aassive machine and service sniffer