Internet Storm Center
Sign In
Sign Up
Handler on Duty:
Xavier Mertens
Threat Level:
green
Date
Author
Title
RED TEAM
2019-11-29
Russ McRee
ISC Snapshot: Search with SauronEye
2019-08-21
Russ McRee
KAPE: Kroll Artifact Parser and Extractor
2019-07-16
Russ McRee
Commando VM: The Complete Mandiant Offensive VM
2019-04-05
Russ McRee
Beagle: Graph transforms for DFIR data & logs
2018-10-17
Russ McRee
RedHunt Linux - Adversary Emulation, Threat Hunting & Intelligence
RED
2024-08-26/a>
Xavier Mertens
From Highly Obfuscated Batch File to XWorm and Redline
2024-08-14/a>
Xavier Mertens
Multiple Malware Dropped Through MSI Package
2024-05-22/a>
Guy Bruneau
Analysis of ?redtail? File Uploads to ICS Honeypot, a Multi-Architecture Coin Miner [Guest Diary]
2024-05-15/a>
Rob VandenBrink
Got MFA? If not, Now is the Time!
2024-03-10/a>
Guy Bruneau
What happens when you accidentally leak your AWS API keys? [Guest Diary]
2024-03-07/a>
Jesse La Grew
[Guest Diary] AWS Deployment Risks - Configuration and Credential File Targeting
2023-11-15/a>
Xavier Mertens
Redline Dropped Through MSIX Package
2023-10-29/a>
Guy Bruneau
Spam or Phishing? Looking for Credentials & Passwords
2023-08-04/a>
Xavier Mertens
Are Leaked Credentials Dumps Used by Attackers?
2022-10-04/a>
Johannes Ullrich
Credential Harvesting with Telegram API
2022-09-15/a>
Xavier Mertens
Malicious Word Document with a Frameset
2022-07-08/a>
Johannes Ullrich
ISC Website Redesign
2022-03-10/a>
Xavier Mertens
Credentials Leaks on VirusTotal
2022-03-07/a>
Johannes Ullrich
No Bitcoin - No Problem: Follow Up to Last Weeks Donation Scam
2022-03-04/a>
Johannes Ullrich
Scam E-Mail Impersonating Red Cross
2022-01-20/a>
Xavier Mertens
RedLine Stealer Delivered Through FTP
2022-01-16/a>
Guy Bruneau
10 Most Popular Targeted Ports in the Past 3 Weeks
2021-11-08/a>
Xavier Mertens
(Ab)Using Security Tools & Controls for the Bad
2021-06-18/a>
Daniel Wesemann
Open redirects ... and why Phishers love them
2021-05-29/a>
Guy Bruneau
Spear-phishing Email Targeting Outlook Mail Clients
2021-03-06/a>
Xavier Mertens
Spotting the Red Team on VirusTotal!
2020-11-18/a>
Xavier Mertens
When Security Controls Lead to Security Issues
2020-07-16/a>
John Bambenek
Hunting for SigRed Exploitation
2020-07-15/a>
Johannes Ullrich
PATCH NOW - SIGRed - CVE-2020-1350 - Microsoft DNS Server Vulnerability
2020-04-27/a>
Xavier Mertens
Powershell Payload Stored in a PSCredential Object
2020-02-27/a>
Xavier Mertens
Offensive Tools Are For Blue Teams Too
2020-02-25/a>
Jan Kopriva
Quick look at a couple of current online scam campaigns
2019-11-29/a>
Russ McRee
ISC Snapshot: Search with SauronEye
2019-11-09/a>
Guy Bruneau
Fake Netflix Update Request by Text
2019-11-08/a>
Xavier Mertens
Microsoft Apps Diverted from Their Main Use
2019-08-28/a>
Johannes Ullrich
[Guest Diary] Open Redirect: A Small But Very Common Vulnerability
2019-08-21/a>
Russ McRee
KAPE: Kroll Artifact Parser and Extractor
2019-07-16/a>
Russ McRee
Commando VM: The Complete Mandiant Offensive VM
2019-04-05/a>
Russ McRee
Beagle: Graph transforms for DFIR data & logs
2018-10-17/a>
Russ McRee
RedHunt Linux - Adversary Emulation, Threat Hunting & Intelligence
2018-03-08/a>
Xavier Mertens
CRIMEB4NK IRC Bot
2017-12-27/a>
Guy Bruneau
What are your Security Challenges for 2018?
2016-09-09/a>
Xavier Mertens
Collecting Users Credentials from Locked Devices
2016-06-29/a>
Xavier Mertens
Phishing Campaign with Blurred Images
2016-01-05/a>
Guy Bruneau
What are you Concerned the Most in 2016?
2015-05-23/a>
Guy Bruneau
Business Value in "Big Data"
2015-03-18/a>
Daniel Wesemann
Pass the hash!
2015-01-31/a>
Guy Bruneau
Beware of Phishing and Spam Super Bowl Fans!
2014-11-24/a>
Richard Porter
Someone is using this? PoS: Compressor
2014-09-12/a>
Chris Mohan
Are credential dumps worth reviewing?
2014-07-03/a>
Johannes Ullrich
Credit Card Processing in 700 Words or Less
2014-06-13/a>
Richard Porter
A welcomed response, PF Chang's
2013-12-19/a>
Rob VandenBrink
Target US - Credit Card Data Breach
2013-09-23/a>
Rob VandenBrink
How do you spell "PSK"?
2013-07-12/a>
Johannes Ullrich
Microsoft Teredo Server "Sunset"
2013-07-12/a>
Johannes Ullrich
DNS resolution is failing for Microsofts Teredo server (teredo.ipv6.microsoft.com)
2013-03-09/a>
Guy Bruneau
IPv6 Focus Month: IPv6 Encapsulation - Protocol 41
2013-02-21/a>
Pedro Bueno
NBC site redirecting to Exploit kit
2011-05-03/a>
Johannes Ullrich
Analyzing Teredo with tshark and Wireshark
2011-01-03/a>
Johannes Ullrich
What Will Matter in 2011
2010-07-24/a>
Manuel Humberto Santander Pelaez
Transmiting logon information unsecured in the network
2010-06-15/a>
Manuel Humberto Santander Pelaez
Mastercard delivering cards with OTP device included
2010-04-22/a>
John Bambenek
Data Redaction: You're Doing it Wrong
2010-02-16/a>
Jim Clausing
Teredo request for packets
2010-02-16/a>
Johannes Ullrich
Teredo "stray packet" analysis
2009-07-28/a>
Adrien de Beaupre
YYAMCCBA
2009-05-18/a>
Rick Wanner
JSRedir-R/Gumblar badness
TEAM
2024-11-07/a>
Xavier Mertens
Steam Account Checker Poisoned with Infostealer
2023-07-01/a>
Russ McRee
Sandfly Security
2023-05-09/a>
Russ McRee
Exploratory Data Analysis with CISSM Cyber Attacks Database - Part 2
2022-09-23/a>
Xavier Mertens
Kids Like Cookies, Malware Too!
2022-09-19/a>
Russ McRee
Chainsaw: Hunt, search, and extract event log records
2022-06-10/a>
Russ McRee
EPSScall: An Exploit Prediction Scoring System App
2021-12-28/a>
Russ McRee
LotL Classifier tests for shells, exfil, and miners
2021-03-06/a>
Xavier Mertens
Spotting the Red Team on VirusTotal!
2021-03-02/a>
Russ McRee
Adversary Simulation with Sim
2021-01-19/a>
Russ McRee
Gordon for fast cyber reputation checks
2020-10-23/a>
Russ McRee
Sooty: SOC Analyst's All-in-One Tool
2020-08-12/a>
Russ McRee
To the Brim at the Gates of Mordor Pt. 1
2020-06-30/a>
Russ McRee
ISC Snapshot: SpectX IP Hitcount Query
2020-04-21/a>
Russ McRee
SpectX: Log Parser for DFIR
2020-02-27/a>
Xavier Mertens
Offensive Tools Are For Blue Teams Too
2020-01-21/a>
Russ McRee
DeepBlueCLI: Powershell Threat Hunting
2019-11-29/a>
Russ McRee
ISC Snapshot: Search with SauronEye
2019-11-08/a>
Xavier Mertens
Microsoft Apps Diverted from Their Main Use
2019-10-06/a>
Russ McRee
visNetwork for Network Data
2019-08-21/a>
Russ McRee
KAPE: Kroll Artifact Parser and Extractor
2019-07-16/a>
Russ McRee
Commando VM: The Complete Mandiant Offensive VM
2019-04-05/a>
Russ McRee
Beagle: Graph transforms for DFIR data & logs
2019-02-05/a>
Rob VandenBrink
Mitigations against Mimikatz Style Attacks
2018-10-17/a>
Russ McRee
RedHunt Linux - Adversary Emulation, Threat Hunting & Intelligence
2018-06-16/a>
Russ McRee
Anomaly Detection & Threat Hunting with Anomalize
2012-04-23/a>
Russ McRee
Emergency Operations Centers & Security Incident Management: A Correlation
2011-03-25/a>
Kevin Liston
APT Tabletop Exercise
2010-01-22/a>
Mari Nichols
Pass-down for a Successful Incident Response
2010-01-14/a>
Bojan Zdrnja
DRG (Dragon Research Group) Distro available for general release
2009-03-22/a>
Mari Nichols
Dealing with Security Challenges
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Contact Us
Contact Us
About Us
Handlers
About Us
Slack Channel
Mastodon
Bluesky
X
Make the web a better place by
sharing the SANS Internet Storm Center
with others