Diaries by Keyword - SANS Internet Storm Center

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Handler on Duty: Jesse La Grew

Threat Level: green

Date	Author	Title
100 IPS PER DOMAIN NAME
2013-12-21	Guy Bruneau	Strange DNS Queries - Request for Packets
100
2013-12-21/a>	Guy Bruneau	Strange DNS Queries - Request for Packets
2011-04-28/a>	Chris Mohan	Gathering and use of location information fears - or is it all a bit too late
2010-06-02/a>	Mark Hofman	OpenSSL version 1.0.0a released. This fixes a number of security issues. Don't forget a number of commercial appliances will be using this, so look for vendor updates soon.
2010-04-22/a>	Guy Bruneau	MS10-025 Security Update has been Pulled
2010-04-16/a>	G. N. White	MS10-021: Encountering A Failed WinXP Update
2010-03-03/a>	Mark Hofman	MS10-015 re-released
2010-02-19/a>	Mark Hofman	MS10-015 may cause Windows XP to blue screen (but only if you have malware on it)
2010-01-19/a>	Jim Clausing	The IE saga continues, out-of-cycle patch coming soon
2010-01-15/a>	Kevin Liston	Exploit code available for CVE-2010-0249
2006-10-10/a>	Johannes Ullrich	MS06-056: ASP.NET XSS Information Disclosure Vulnerability (moderate)
2006-10-10/a>	Johannes Ullrich	MS06-061: XSLT/MSXML Buffer Overflow Code Execution Vulnerability (moderate)
2006-10-10/a>	Kyle Haugsness	MS06-063: Mailslot DoS (Server service)
IPS
2020-11-06/a>	Johannes Ullrich	Rediscovering Limitations of Stateful Firewalls: "NAT Slipstreaming" ? Implications, Detections and Mitigations
2020-07-28/a>	Johannes Ullrich	All I want this Tuesday: More Data
2017-10-25/a>	Mark Hofman	DUHK attack, continuing a week of named issues
2017-04-02/a>	Guy Bruneau	IPFire - A Household Multipurpose Security Gateway
2014-04-03/a>	Bojan Zdrnja	Watching the watchers
2013-12-21/a>	Guy Bruneau	Strange DNS Queries - Request for Packets
2013-10-25/a>	Rob VandenBrink	Kaspersky flags TCPIP.SYS as Malware
2013-09-05/a>	Rob VandenBrink	What's Next for IPS?
2012-12-06/a>	Johannes Ullrich	How to identify if you are behind a "Transparent Proxy"
2012-10-04/a>	Johannes Ullrich	Cyber Security Awareness Month - Day 4: Crypto Standards
2012-07-18/a>	Rob VandenBrink	Snort Updated today
2011-12-21/a>	Chris Mohan	The off switch
2010-11-08/a>	Manuel Humberto Santander Pelaez	Network Security Perimeter: How to choose the correct firewall and IPS for your environment?
2010-08-01/a>	Manuel Humberto Santander Pelaez	Evation because IPS fails to validate TCP checksums?
2010-06-15/a>	Manuel Humberto Santander Pelaez	TCP evasions for IDS/IPS
2009-03-24/a>	G. N. White	PSYB0T: A MIPS-device (mipsel) IRC Bot
2009-03-22/a>	Mari Nichols	Dealing with Security Challenges
2008-06-18/a>	Chris Carboni	Cisco Security Advisory
PER
2024-02-29/a>	Jesse La Grew	[Guest Diary] Dissecting DarkGate: Modular Malware Delivery and Persistence as a Service.
2023-06-24/a>	Guy Bruneau	Email Spam with Attachment Modiloader
2023-05-16/a>	Jesse La Grew	Signals Defense With Faraday Bags & Flipper Zero
2023-05-14/a>	Guy Bruneau	VMware Aria Operations addresses multiple Local Privilege Escalations and a Deserialization issue
2022-10-17/a>	Xavier Mertens	Fileless Powershell Dropper
2022-09-22/a>	Xavier Mertens	RAT Delivered Through FODHelper
2022-03-04/a>	Johannes Ullrich	Scam E-Mail Impersonating Red Cross
2022-02-11/a>	Xavier Mertens	CinaRAT Delivered Through HTML ID Attributes
2022-01-31/a>	Xavier Mertens	Be careful with RPMSG files
2021-12-21/a>	Xavier Mertens	More Undetected PowerShell Dropper
2021-10-30/a>	Guy Bruneau	Remote Desktop Protocol (RDP) Discovery
2021-07-20/a>	Bojan Zdrnja	Summer of SAM - incorrect permissions on Windows 10/11 hives
2021-03-16/a>	Jan Kopriva	50 years of malware? Not really. 50 years of computer worms? That's a different story...
2021-03-04/a>	Xavier Mertens	From VBS, PowerShell, C Sharp, Process Hollowing to RAT
2020-12-29/a>	Jan Kopriva	Want to know what's in a folder you don't have a permission to access? Try asking your AV solution...
2020-11-19/a>	Xavier Mertens	PowerShell Dropper Delivering Formbook
2020-08-25/a>	Xavier Mertens	Keep An Eye on LOLBins
2020-06-11/a>	Xavier Mertens	Anti-Debugging JavaScript Techniques
2020-03-15/a>	Guy Bruneau	VPN Access and Activity Monitoring
2019-12-04/a>	Jan Kopriva	Analysis of a strangely poetic malware
2019-08-22/a>	Xavier Mertens	Simple Mimikatz & RDPWrapper Dropper
2019-02-17/a>	Didier Stevens	Video: Finding Property Values in Office Documents
2019-02-16/a>	Didier Stevens	Finding Property Values in Office Documents
2018-11-26/a>	Russ McRee	ViperMonkey: VBA maldoc deobfuscation
2018-11-04/a>	Pasquale Stirparo	Beyond good ol' LaunchAgent - part 1
2018-10-21/a>	Pasquale Stirparo	Beyond good ol’ LaunchAgent - part 0
2018-05-07/a>	Xavier Mertens	Adding Persistence Via Scheduled Tasks
2018-01-10/a>	Russ McRee	GitHub InfoSec Threepeat: HELK, ptf, and VulnWhisperer
2017-11-07/a>	Xavier Mertens	Interesting VBA Dropper
2017-08-10/a>	Didier Stevens	Maldoc Analysis with ViperMonkey
2016-07-27/a>	Xavier Mertens	Critical Xen PV guests vulnerabilities
2015-12-22/a>	Rick Wanner	The other Juniper vulnerability - CVE-2015-7756
2015-02-17/a>	Rob VandenBrink	A Different Kind of Equation
2014-08-23/a>	Guy Bruneau	NSS Labs Cyber Resilience Report
2014-01-01/a>	Russ McRee	Six degrees of celebration: Juniper, ANT, Shodan, Maltego, Cisco, and Tails
2013-12-21/a>	Guy Bruneau	Strange DNS Queries - Request for Packets
2013-12-16/a>	Tom Webb	The case of Minerd
2013-10-26/a>	Guy Bruneau	Active Perl/Shellbot Trojan
2013-10-25/a>	Rob VandenBrink	Kaspersky flags TCPIP.SYS as Malware
2013-09-05/a>	Rob VandenBrink	Building Your Own GPU Enabled Private Cloud
2013-04-25/a>	Adam Swanger	Guest Diary: Dylan Johnson - A week in the life of some Perimeter Firewalls
2013-03-13/a>	Johannes Ullrich	IPv6 Focus Month: Kaspersky Firewall IPv6 Vulnerability
2013-02-25/a>	Johannes Ullrich	Trustwave Trustkeeper Phish
2013-02-25/a>	Johannes Ullrich	Punkspider enumerates web application vulnerabilities
2013-02-04/a>	Adam Swanger	SAN Securing The Human Monthly Awareness Video - Advanced Persistent Threat (APT) http://www.securingthehuman.org/resources/ncsam
2013-01-15/a>	Rob VandenBrink	When Disabling IE6 (or Java, or whatever) is not an Option...
2012-09-19/a>	Russ McRee	Script kiddie scavenging with Shellbot.S
2012-08-02/a>	Guy Bruneau	Opera Security Update
2012-05-06/a>	Jim Clausing	Tool updates and Win 8
2012-03-27/a>	Guy Bruneau	Opera 11.62 for Windows patch several bugs and vulnerabilities - http://www.opera.com/docs/changelogs/windows/1162/
2011-11-07/a>	Rob VandenBrink	Juniper BGP issues causing locallized Internet Problems
2011-06-28/a>	Johannes Ullrich	Update: Opera 11.50 is now available http://www.opera.com/
2011-06-04/a>	Rick Wanner	Do you have a personal disaster recovery plan?
2011-03-16/a>	Johannes Ullrich	Analyzing HTTP Packet Captures
2011-02-21/a>	Adrien de Beaupre	Kaspersky update servers unreachable
2011-02-19/a>	Guy Bruneau	Snort Data Acquisition Library
2011-01-27/a>	Chris Carboni	Opera Updates
2011-01-12/a>	Richard Porter	How Many Loyalty Cards do you Carry?
2010-11-08/a>	Manuel Humberto Santander Pelaez	Network Security Perimeter: How to choose the correct firewall and IPS for your environment?
2010-10-12/a>	Adrien de Beaupre	New version of Opera- Opera 10.63 is a recommended upgrade offering security and stability enhancements: http://www.opera.com/browser/download/
2010-09-09/a>	Jim Clausing	Opera 10.62 - security (the DLL path issue) and stability upate see http://www.opera.com/docs/changelogs/windows/1062/
2010-08-19/a>	Daniel Wesemann	Casper the unfriendly ghost
2010-06-23/a>	Scott Fendley	Opera Browser Update
2010-05-22/a>	Rick Wanner	SANS 2010 Digital Forensics Summit - APT Based Forensic Challenge
2010-03-22/a>	Guy Bruneau	New Opera 10.51 available with security fixes. More information available at: http://www.opera.com/docs/changelogs/windows/1051/
2010-03-05/a>	Kyle Haugsness	Unpatched Opera 10.50 and below code execution vulnerability
2009-09-01/a>	Guy Bruneau	Opera 10 with Security Fixes
2009-03-03/a>	Kyle Haugsness	Opera browser security updates
2009-03-01/a>	Jim Clausing	Cool combination of tools
2008-12-17/a>	donald smith	Opera 9.6.3 released with security fixes
2008-10-30/a>	Kevin Liston	Opera 9.62 available - security update
2008-10-22/a>	Mari Nichols	Opera 9.6.1 Released
2008-08-20/a>	Adrien de Beaupre	From the mailbag, Opera 9.52...
2008-07-03/a>	Bojan Zdrnja	New Opera v9.51 fixes couple of security issues
2008-07-02/a>	Jim Clausing	Another little script I threw together
2008-06-16/a>	Kevin Liston	Opera 9.5 is Available
2008-06-10/a>	Swa Frantzen	Ransomware keybreaking
2008-04-03/a>	Bojan Zdrnja	Opera fixes vulnerabilities and Microsoft announces April's fixes
2006-11-29/a>	Toby Kohlenberg	New Vulnerability Announcement and patches from Apple
DOMAIN
2023-12-31/a>	Tom Webb	Pi-Hole Pi4 Docker Deployment
2023-10-15/a>	Guy Bruneau	Domain Name Used as Password Captured by DShield Sensor
2022-10-07/a>	Xavier Mertens	Powershell Backdoor with DGA Capability
2022-06-21/a>	Johannes Ullrich	Experimental New Domain / Domain Age API
2022-02-24/a>	Xavier Mertens	Ukraine & Russia Situation From a Domain Names Perspective
2021-09-02/a>	Xavier Mertens	Attackers Will Always Abuse Major Events in our Lifes
2021-07-24/a>	Bojan Zdrnja	Active Directory Certificate Services (ADCS - PKI) domain admin vulnerability
2020-03-28/a>	Didier Stevens	Covid19 Domain Classifier
2020-03-27/a>	Johannes Ullrich	Help us classify Covid19 related domains https://isc.sans.edu/covidclassifier.html (login required)
2019-07-17/a>	Xavier Mertens	Analyzis of DNS TXT Records
2019-04-24/a>	Rob VandenBrink	Where have all the Domain Admins gone? Rooting out Unwanted Domain Administrators
2019-03-27/a>	Xavier Mertens	Running your Own Passive DNS Service
2017-12-13/a>	Xavier Mertens	Tracking Newly Registered Domains
2017-11-16/a>	Xavier Mertens	Suspicious Domains Tracking Dashboard
2017-07-05/a>	Didier Stevens	Selecting domains with random names
2017-05-20/a>	Xavier Mertens	Typosquatting: Awareness and Hunting
2014-07-09/a>	Daniel Wesemann	Who owns your typo?
2014-01-30/a>	Johannes Ullrich	New gTLDs appearing in the root zone
2013-12-21/a>	Guy Bruneau	Strange DNS Queries - Request for Packets
2012-03-13/a>	Lenny Zeltser	Please transfer this email to your CEO or appropriate person, thanks
2009-05-02/a>	Rick Wanner	More Swine/Mexican/H1N1 related domains
2009-04-27/a>	Johannes Ullrich	Swine Flu (Mexican Flu) related domains
NAME
2023-12-31/a>	Tom Webb	Pi-Hole Pi4 Docker Deployment
2023-10-15/a>	Guy Bruneau	Domain Name Used as Password Captured by DShield Sensor
2023-09-05/a>	Jesse La Grew	Common usernames submitted to honeypots
2022-06-03/a>	Xavier Mertens	Sandbox Evasion... With Just a Filename!
2022-02-24/a>	Xavier Mertens	Ukraine & Russia Situation From a Domain Names Perspective
2021-04-24/a>	Guy Bruneau	Base64 Hashes Used in Web Scanning
2020-12-05/a>	Guy Bruneau	Is IP 91.199.118.137 testing Access to aahwwx.52host.xyz?
2020-03-21/a>	Guy Bruneau	Honeypot - Scanning and Targeting Devices & Services
2015-01-27/a>	Johannes Ullrich	New Critical GLibc Vulnerability CVE-2015-0235 (aka GHOST)
2014-07-09/a>	Daniel Wesemann	Who owns your typo?
2013-12-21/a>	Guy Bruneau	Strange DNS Queries - Request for Packets
2012-03-13/a>	Lenny Zeltser	Please transfer this email to your CEO or appropriate person, thanks
2011-09-04/a>	Lorna Hutcheson	Several Sites Defaced
2008-05-19/a>	Maarten Van Horenbeeck	Route filtering and its impact on the DNS fabric

100 IPS PER DOMAIN NAME

100

IPS

PER

DOMAIN

NAME