Diaries by Keyword - SANS Internet Storm Center

Handler on Duty: Xavier Mertens

Threat Level: green

Date	Author	Title
RED CROSS
2022-03-07	Johannes Ullrich	No Bitcoin - No Problem: Follow Up to Last Weeks Donation Scam
2022-03-04	Johannes Ullrich	Scam E-Mail Impersonating Red Cross
RED
2025-04-16/a>	Guy Bruneau	RedTail, Remnux and Malware Management [Guest Diary]
2025-01-09/a>	Guy Bruneau	Examining Redtail Analyzing a Sophisticated Cryptomining Malware and its Advanced Tactics [Guest Diary]
2024-12-27/a>	Guy Bruneau	Phishing for Banking Information
2024-08-26/a>	Xavier Mertens	From Highly Obfuscated Batch File to XWorm and Redline
2024-08-14/a>	Xavier Mertens	Multiple Malware Dropped Through MSI Package
2024-05-22/a>	Guy Bruneau	Analysis of ?redtail? File Uploads to ICS Honeypot, a Multi-Architecture Coin Miner [Guest Diary]
2024-05-15/a>	Rob VandenBrink	Got MFA? If not, Now is the Time!
2024-03-10/a>	Guy Bruneau	What happens when you accidentally leak your AWS API keys? [Guest Diary]
2024-03-07/a>	Jesse La Grew	[Guest Diary] AWS Deployment Risks - Configuration and Credential File Targeting
2023-11-15/a>	Xavier Mertens	Redline Dropped Through MSIX Package
2023-10-29/a>	Guy Bruneau	Spam or Phishing? Looking for Credentials & Passwords
2023-08-04/a>	Xavier Mertens	Are Leaked Credentials Dumps Used by Attackers?
2022-10-04/a>	Johannes Ullrich	Credential Harvesting with Telegram API
2022-09-15/a>	Xavier Mertens	Malicious Word Document with a Frameset
2022-07-08/a>	Johannes Ullrich	ISC Website Redesign
2022-03-10/a>	Xavier Mertens	Credentials Leaks on VirusTotal
2022-03-07/a>	Johannes Ullrich	No Bitcoin - No Problem: Follow Up to Last Weeks Donation Scam
2022-03-04/a>	Johannes Ullrich	Scam E-Mail Impersonating Red Cross
2022-01-20/a>	Xavier Mertens	RedLine Stealer Delivered Through FTP
2022-01-16/a>	Guy Bruneau	10 Most Popular Targeted Ports in the Past 3 Weeks
2021-11-08/a>	Xavier Mertens	(Ab)Using Security Tools & Controls for the Bad
2021-06-18/a>	Daniel Wesemann	Open redirects ... and why Phishers love them
2021-05-29/a>	Guy Bruneau	Spear-phishing Email Targeting Outlook Mail Clients
2021-03-06/a>	Xavier Mertens	Spotting the Red Team on VirusTotal!
2020-11-18/a>	Xavier Mertens	When Security Controls Lead to Security Issues
2020-07-16/a>	John Bambenek	Hunting for SigRed Exploitation
2020-07-15/a>	Johannes Ullrich	PATCH NOW - SIGRed - CVE-2020-1350 - Microsoft DNS Server Vulnerability
2020-04-27/a>	Xavier Mertens	Powershell Payload Stored in a PSCredential Object
2020-02-27/a>	Xavier Mertens	Offensive Tools Are For Blue Teams Too
2020-02-25/a>	Jan Kopriva	Quick look at a couple of current online scam campaigns
2019-11-29/a>	Russ McRee	ISC Snapshot: Search with SauronEye
2019-11-09/a>	Guy Bruneau	Fake Netflix Update Request by Text
2019-11-08/a>	Xavier Mertens	Microsoft Apps Diverted from Their Main Use
2019-08-28/a>	Johannes Ullrich	[Guest Diary] Open Redirect: A Small But Very Common Vulnerability
2019-08-21/a>	Russ McRee	KAPE: Kroll Artifact Parser and Extractor
2019-07-16/a>	Russ McRee	Commando VM: The Complete Mandiant Offensive VM
2019-04-05/a>	Russ McRee	Beagle: Graph transforms for DFIR data & logs
2018-10-17/a>	Russ McRee	RedHunt Linux - Adversary Emulation, Threat Hunting & Intelligence
2018-03-08/a>	Xavier Mertens	CRIMEB4NK IRC Bot
2017-12-27/a>	Guy Bruneau	What are your Security Challenges for 2018?
2016-09-09/a>	Xavier Mertens	Collecting Users Credentials from Locked Devices
2016-06-29/a>	Xavier Mertens	Phishing Campaign with Blurred Images
2016-01-05/a>	Guy Bruneau	What are you Concerned the Most in 2016?
2015-05-23/a>	Guy Bruneau	Business Value in "Big Data"
2015-03-18/a>	Daniel Wesemann	Pass the hash!
2015-01-31/a>	Guy Bruneau	Beware of Phishing and Spam Super Bowl Fans!
2014-11-24/a>	Richard Porter	Someone is using this? PoS: Compressor
2014-09-12/a>	Chris Mohan	Are credential dumps worth reviewing?
2014-07-03/a>	Johannes Ullrich	Credit Card Processing in 700 Words or Less
2014-06-13/a>	Richard Porter	A welcomed response, PF Chang's
2013-12-19/a>	Rob VandenBrink	Target US - Credit Card Data Breach
2013-09-23/a>	Rob VandenBrink	How do you spell "PSK"?
2013-07-12/a>	Johannes Ullrich	DNS resolution is failing for Microsofts Teredo server (teredo.ipv6.microsoft.com)
2013-07-12/a>	Johannes Ullrich	Microsoft Teredo Server "Sunset"
2013-03-09/a>	Guy Bruneau	IPv6 Focus Month: IPv6 Encapsulation - Protocol 41
2013-02-21/a>	Pedro Bueno	NBC site redirecting to Exploit kit
2011-05-03/a>	Johannes Ullrich	Analyzing Teredo with tshark and Wireshark
2011-01-03/a>	Johannes Ullrich	What Will Matter in 2011
2010-07-24/a>	Manuel Humberto Santander Pelaez	Transmiting logon information unsecured in the network
2010-06-15/a>	Manuel Humberto Santander Pelaez	Mastercard delivering cards with OTP device included
2010-04-22/a>	John Bambenek	Data Redaction: You're Doing it Wrong
2010-02-16/a>	Jim Clausing	Teredo request for packets
2010-02-16/a>	Johannes Ullrich	Teredo "stray packet" analysis
2009-07-28/a>	Adrien de Beaupre	YYAMCCBA
2009-05-18/a>	Rick Wanner	JSRedir-R/Gumblar badness
CROSS
2022-03-07/a>	Johannes Ullrich	No Bitcoin - No Problem: Follow Up to Last Weeks Donation Scam
2022-03-04/a>	Johannes Ullrich	Scam E-Mail Impersonating Red Cross
2014-08-09/a>	Adrien de Beaupre	Complete application ownage via Multi-POST XSRF
2013-02-11/a>	John Bambenek	Is This Chinese Registrar Really Trying to XSS Me?
2013-02-04/a>	Russ McRee	An expose of a recent SANS GIAC XSS vulnerability
2013-01-25/a>	Johannes Ullrich	Vulnerability Scans via Search Engines (Request for Logs)
2011-08-24/a>	Rob VandenBrink	Citrix Access Gateway Cross Site Scripting vulnerability and fix ==> http://support.citrix.com/article/CTX129971
2009-07-17/a>	John Bambenek	Cross-Platform, Cross-Browser DoS Vulnerability

RED CROSS

RED

CROSS