Diaries by Keyword - SANS Internet Storm Center

Handler on Duty: Mark Baggett

Threat Level: green

Date	Author	Title
IOS FORENSICS
2016-08-11	Pasquale Stirparo	Looking for the insider: Forensic Artifacts on iOS Messaging App
IOS
2025-03-31/a>	Johannes Ullrich	Apple Patches Everything: March 31st 2025 Edition
2025-03-11/a>	Johannes Ullrich	Apple Fixes Exploited WebKit Vulnerability in iOS, MacOS, visionOS and Safari
2024-12-11/a>	Johannes Ullrich	Apple Updates Everything (iOS, iPadOS, macOS, watchOS, tvOS, visionOS)
2024-10-28/a>	Johannes Ullrich	Apple Updates Everything
2024-07-30/a>	Johannes Ullrich	Apple Patches Everything. July 2024 Edition
2024-03-05/a>	Johannes Ullrich	Apple Releases iOS/iPadOS Updates with Zero Day Fixes.
2024-01-22/a>	Johannes Ullrich	Apple Updates Everything - New 0 Day in WebKit
2023-12-11/a>	Johannes Ullrich	Apple Patches Everything
2023-10-25/a>	Johannes Ullrich	Apple Patches Everything. Releases iOS 17.1, MacOS 14.1 and updates for older versions fixing exploited vulnerability
2023-09-11/a>	Johannes Ullrich	Apple fixes 0-Day Vulnerability in Older Operating Systems
2023-09-07/a>	Johannes Ullrich	Apple Releases iOS/iPadOS 16.6.1, macOS 13.5.2, watchOS 9.6.2 fixing two zeroday vulnerabilities
2023-06-22/a>	Johannes Ullrich	Apple Patches Exploited Vulnerabilities in iOS/iPadOS, macOS, watchOS and Safari
2023-04-07/a>	Johannes Ullrich	Apple Patching Two 0-Day Vulnerabilities in iOS and macOS
2023-03-27/a>	Johannes Ullrich	Apple Updates Everything (including Studio Display)
2023-01-24/a>	Johannes Ullrich	Apple Updates (almost) Everything: Patch Overview
2022-11-28/a>	Johannes Ullrich	Ukraine Themed Twitter Spam Pushing iOS Scareware
2022-07-20/a>	Johannes Ullrich	Apple Patches Everything Day
2022-03-31/a>	Johannes Ullrich	Apple Patches Actively Exploited Vulnerability in macOS, iOS and iPadOS,
2022-03-14/a>	Johannes Ullrich	Apple Updates Everything: MacOS 12.3, XCode 13.3, tvOS 15.4, watchOS 8.5, iPadOS 15.4 and more
2022-02-10/a>	Johannes Ullrich	iOS/iPadOS and MacOS Update: Single WebKit 0-Day Vulnerability Patched
2022-01-27/a>	Johannes Ullrich	Apple Patches Everything
2021-09-21/a>	Johannes Ullrich	A First Look at Apple's iOS 15 "Private Relay" feature.
2018-10-08/a>	Guy Bruneau	Apple Security Updates
2018-01-23/a>	Johannes Ullrich	Apple Updates Everything, Again
2017-08-15/a>	Renato Marinho	(Banker(GoogleChromeExtension)).targeting("Brazil")
2017-03-18/a>	Rick Wanner	Cisco IOS Remote Code Execution Vulnerability -> https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp
2016-09-17/a>	Guy Bruneau	Multiple Cisco Products affected by IKEv1 Vulnerability
2016-08-25/a>	Xavier Mertens	Out-of-Band iOS Patch Fixes 0-Day Vulnerabilities
2016-08-11/a>	Pasquale Stirparo	Looking for the insider: Forensic Artifacts on iOS Messaging App
2015-09-21/a>	Xavier Mertens	Detecting XCodeGhost Activity
2015-06-18/a>	Johannes Ullrich	OS X and iOS Unauthorized Cross Application Resource Access (XARA)
2014-07-01/a>	Johannes Ullrich	Apple Releases Patches for All Products
2014-04-24/a>	Rob VandenBrink	Apple IOS updates to 7.1.1, OSX Security update 2014-002, Airport Updates - http://support.apple.com/kb/HT1222, http://support.apple.com/kb/HT6208, http://support.apple.com/kb/HT6207, http://support.apple.com/kb/HT6203
2014-03-26/a>	Johannes Ullrich	Cisco Semiannual IOS Security Advisory http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar14.html
2014-03-10/a>	Basil Alawi S.Taher	Apple iOS 7.1
2014-02-21/a>	Jim Clausing	Apple updates iOS and Apple TV
2013-11-14/a>	Johannes Ullrich	iOS 7.0.4 released. Fixes issue with unauthorized in App purchases http://lists.apple.com/archives/security-announce/2013/Nov/msg00000.html
2013-10-31/a>	Russ McRee	Happy Halloween: The Ghost Really May Be In The Machine
2013-10-01/a>	Johannes Ullrich	iOS 7 Adds Multipath TCP
2013-09-27/a>	Rick Wanner	IOS 7.0.2 released
2013-09-18/a>	Rob VandenBrink	Apple IOS 7 - Brace for Impact!
2013-03-27/a>	Rob VandenBrink	Several Cisco IOS DOS Issues Resolved
2013-01-28/a>	Johannes Ullrich	iOS 6.1 Released
2012-09-27/a>	Kevin Shortt	Cisco IOS Security Advisory Bundle - http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep12.html
2012-08-15/a>	Guy Bruneau	Cisco IOS XR Software Route Processor DoS Vulnerability - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120530-iosxr
2012-06-01/a>	Johannes Ullrich	Apple Releases iOS Security Specs
2012-05-07/a>	Guy Bruneau	iOS 5.1.1 Software Update for iPod, iPhone, iPad
2012-01-24/a>	Bojan Zdrnja	Is it time to get rid of NetBIOS?
2011-07-25/a>	Johannes Ullrich	iOS 4.3.5 released fixing an SSL certificate verification flaw. http://support.apple.com/kb/HT1222
2011-06-26/a>	Rick Wanner	Nagios script for ISC threat level http://www.aj-services.com/?p=275
2011-04-14/a>	Johannes Ullrich	Apple Security Patches for OS X and iOS
2010-08-13/a>	Guy Bruneau	Cisco IOS Software 15.1(2)T TCP DoS
2010-08-02/a>	Manuel Humberto Santander Pelaez	Securing Windows Internet Kiosk
2010-06-23/a>	Johannes Ullrich	IPv6 Support in iOS 4
2009-11-18/a>	Rob VandenBrink	Using a Cisco Router as a “Remote Collector” for tcpdump or Wireshark
2009-03-25/a>	Mari Nichols	Cisco Releases IOS Bundle of Vulnerabilities
2008-05-23/a>	Mike Poor	Cisco IOS Rootkit thoughts
FORENSICS
2024-05-08/a>	Xavier Mertens	Analyzing Synology Disks on Linux
2024-03-29/a>	Xavier Mertens	Quick Forensics Analysis of Apache logs
2023-01-26/a>	Tom Webb	Live Linux IR with UAC
2021-11-04/a>	Tom Webb	Xmount for Disk Images
2021-06-18/a>	Daniel Wesemann	Network Forensics on Azure VMs (Part #2)
2021-06-17/a>	Daniel Wesemann	Network Forensics on Azure VMs (Part #1)
2021-02-25/a>	Daniel Wesemann	Forensicating Azure VMs
2020-12-16/a>	Daniel Wesemann	DNS Logs in Public Clouds
2019-10-25/a>	Rob VandenBrink	More on DNS Archeology (with PowerShell)
2019-08-21/a>	Russ McRee	KAPE: Kroll Artifact Parser and Extractor
2018-01-26/a>	Xavier Mertens	Investigating Microsoft BITS Activity
2017-10-02/a>	Xavier Mertens	Investigating Security Incidents with Passive DNS
2017-09-24/a>	Jim Clausing	Forensic use of mount --bind
2017-09-19/a>	Jim Clausing	New tool: mac-robber.py
2017-07-09/a>	Russ McRee	Adversary hunting with SOF-ELK
2017-01-12/a>	Mark Baggett	System Resource Utilization Monitor
2016-10-31/a>	Russ McRee	SEC505 DFIR capture script: snapshot.ps1
2016-08-11/a>	Pasquale Stirparo	Looking for the insider: Forensic Artifacts on iOS Messaging App
2016-05-22/a>	Pasquale Stirparo	The strange case of WinZip MRU Registry key
2016-03-28/a>	Xavier Mertens	Improving Bash Forensics Capabilities
2016-03-11/a>	Jim Clausing	Forensicating Docker, Part 1
2016-02-18/a>	Xavier Mertens	Hunting for Executable Code in Windows Environments
2016-01-06/a>	Russ McRee	toolsmith #112: Red vs Blue - PowerSploit vs PowerForensics
2015-04-24/a>	Basil Alawi S.Taher	Fileless Malware
2015-04-17/a>	Didier Stevens	Memory Forensics Of Network Devices
2015-03-18/a>	Daniel Wesemann	New SANS memory forensics poster
2015-02-03/a>	Johannes Ullrich	Another Network Forensic Tool for the Toolbox - Dshell
2014-08-10/a>	Basil Alawi S.Taher	Incident Response with Triage-ir
2014-06-22/a>	Russ McRee	OfficeMalScanner helps identify the source of a compromise
2014-06-03/a>	Basil Alawi S.Taher	An Introduction to RSA Netwitness Investigator
2014-05-18/a>	Russ McRee	sed and awk will always rock
2014-03-11/a>	Basil Alawi S.Taher	Introduction to Memory Analysis with Mandiant Redline
2014-03-07/a>	Tom Webb	Linux Memory Dump with Rekall
2014-02-09/a>	Basil Alawi S.Taher	Mandiant Highlighter 2
2014-01-10/a>	Basil Alawi S.Taher	Windows Autorun-3
2013-12-12/a>	Basil Alawi S.Taher	Acquiring Memory Images with Dumpit
2013-11-21/a>	Mark Baggett	"In the end it is all PEEKS and POKES."
2013-11-20/a>	Mark Baggett	Searching live memory on a running machine with winpmem
2013-11-19/a>	Mark Baggett	Winpmem - Mild mannered memory aquisition tool??
2013-08-26/a>	Alex Stanford	Stop, Drop and File Carve
2013-08-14/a>	Johannes Ullrich	Imaging LUKS Encrypted Drives
2013-07-12/a>	Rob VandenBrink	Hmm - where did I save those files?
2013-05-23/a>	Adrien de Beaupre	MoVP II
2013-04-25/a>	Adam Swanger	SANS 2013 Forensics Survey - https://www.surveymonkey.com/s/2013SANSForensicsSurvey
2012-11-02/a>	Daniel Wesemann	The shortcomings of anti-virus software
2012-09-14/a>	Lenny Zeltser	Analyzing Malicious RTF Files Using OfficeMalScanner's RTFScan
2012-06-04/a>	Lenny Zeltser	Decoding Common XOR Obfuscation in Malicious Code
2011-09-29/a>	Daniel Wesemann	The SSD dilemma
2011-08-05/a>	Johannes Ullrich	Forensics: SIFT Kit 2.1 now available for download http://computer-forensics.sans.org/community/downloads
2011-03-01/a>	Daniel Wesemann	AV software and "sharing samples"
2010-11-17/a>	Guy Bruneau	Reference on Open Source Digital Forensics
2010-05-22/a>	Rick Wanner	SANS 2010 Digital Forensics Summit - APT Based Forensic Challenge
2010-05-21/a>	Rick Wanner	2010 Digital Forensics and Incident Response Summit
2010-04-30/a>	Kevin Liston	The Importance of Small Files
2010-04-11/a>	Marcus Sachs	Network and process forensics toolset
2010-03-26/a>	Daniel Wesemann	SIFT2.0 SANS Investigative Forensics Toolkit released
2009-12-14/a>	Adrien de Beaupre	Anti-forensics, COFEE vs. DECAF
2009-11-25/a>	Jim Clausing	Updates to my GREM Gold scripts and a new script
2009-08-18/a>	Daniel Wesemann	Forensics: Mounting partitions from full-disk 'dd' images
2009-08-13/a>	Jim Clausing	New and updated cheat sheets
2009-07-02/a>	Daniel Wesemann	Getting the EXE out of the RTF
2009-02-02/a>	Stephen Hall	How do you audit your production code?
2009-01-02/a>	Rick Wanner	Tools on my Christmas list.
2008-11-17/a>	Marcus Sachs	New Tool: NetWitness Investigator
2008-08-17/a>	Kevin Liston	Volatility 1.3 Released
2008-08-15/a>	Jim Clausing	OMFW 2008 reflections

IOS FORENSICS

IOS

FORENSICS