Diaries by Keyword - SANS Internet Storm Center

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Handler on Duty: Jesse La Grew

Threat Level: green

Date	Author	Title
FEDCOURTS AU
2016-07-08	Mark Hofman	Malware being distributed pretending to be from AU Fedcourts
FEDCOURTS
2016-07-08/a>	Mark Hofman	Malware being distributed pretending to be from AU Fedcourts
AU
2023-09-09/a>	Guy Bruneau	?Anyone get the ASN of the Truck that Hit Me?!?: Creating a PowerShell Function to Make 3rd Party API Calls for Extending Honeypot Information [Guest Diary]
2023-08-21/a>	Xavier Mertens	Quick Malware Triage With Inotify Tools
2023-01-06/a>	Xavier Mertens	AutoIT Remains Popular in the Malware Landscape
2023-01-05/a>	Brad Duncan	More Brazil malspam pushing Astaroth (Guildma) in January 2023
2022-11-02/a>	Rob VandenBrink	Breakpoints in Burp
2022-07-06/a>	Johannes Ullrich	How Many SANs are Insane?
2022-05-17/a>	Xavier Mertens	Use Your Browser Internal Password Vault... or Not?
2022-02-01/a>	Xavier Mertens	Automation is Nice But Don't Replace Your Knowledge
2021-11-08/a>	Xavier Mertens	(Ab)Using Security Tools & Controls for the Bad
2021-10-18/a>	Xavier Mertens	Malicious PowerShell Using Client Certificate Authentication
2021-06-24/a>	Xavier Mertens	Do you Like Cookies? Some are for sale!
2021-04-16/a>	Rick Wanner	Querying Spamhaus for IP reputation
2021-01-06/a>	Johannes Ullrich	Scans for Zyxel Backdoors are Commencing.
2021-01-02/a>	Guy Bruneau	Protecting Home Office and Enterprise in 2021
2020-12-04/a>	Guy Bruneau	Detecting Actors Activity with Threat Intel
2020-10-30/a>	Xavier Mertens	Quick Status of the CAA DNS Record Adoption
2020-04-20/a>	Didier Stevens	KPOT AutoIt Script: Analysis
2020-03-23/a>	Didier Stevens	KPOT Deployed via AutoIt Script
2020-02-16/a>	Guy Bruneau	SOAR or not to SOAR?
2019-12-22/a>	Didier Stevens	Extracting VBA Macros From .DWG Files
2019-12-16/a>	Didier Stevens	Malicious .DWG Files?
2019-11-29/a>	Russ McRee	ISC Snapshot: Search with SauronEye
2019-11-09/a>	Guy Bruneau	Fake Netflix Update Request by Text
2019-09-27/a>	Xavier Mertens	New Scans for Polycom Autoconfiguration Files
2019-09-17/a>	Rob VandenBrink	Investigating Gaps in your Windows Event Logs
2019-05-01/a>	Xavier Mertens	Another Day, Another Suspicious UDF File
2019-01-30/a>	Russ McRee	CR19-010: The United States vs. Huawei
2018-10-23/a>	Xavier Mertens	Diving into Malicious AutoIT Code
2018-10-22/a>	Xavier Mertens	Malicious Powershell using a Decoy Picture
2018-08-21/a>	Xavier Mertens	Malicious DLL Loaded Through AutoIT
2018-06-04/a>	Rob VandenBrink	Digging into Authenticode Certificates
2018-01-03/a>	John Bambenek	Phishing to Rural America Leads to Six-figure Wire Fraud Losses
2017-09-11/a>	Russ McRee	Windows Auditing with WINspect
2017-09-02/a>	Xavier Mertens	AutoIT based malware back in the wild
2017-08-25/a>	Xavier Mertens	Malicious AutoIT script delivered in a self-extracting RAR file
2017-07-30/a>	Guy Bruneau	Text Banking Scams
2017-07-08/a>	Xavier Mertens	A VBScript with Obfuscated Base64 Data
2017-05-03/a>	Bojan Zdrnja	OAUTH phishing against Google Docs ? beware!
2017-03-04/a>	Xavier Mertens	How your pictures may affect your website reputation
2016-11-25/a>	Xavier Mertens	Free Software Quick Security Checklist
2016-09-15/a>	Xavier Mertens	In Need of a OTP Manager Soon?
2016-07-08/a>	Mark Hofman	Malware being distributed pretending to be from AU Fedcourts
2016-05-18/a>	Russ McRee	Resources: Windows Auditing & Monitoring, Linux 2FA
2016-02-26/a>	Xavier Mertens	Quick Audit of *NIX Systems
2016-02-03/a>	Xavier Mertens	Automating Vulnerability Scans
2015-09-08/a>	Lenny Zeltser	A Close Look at PayPal Overpayment Scams That Target Craigslist Sellers
2015-09-01/a>	Daniel Wesemann	How to hack
2015-07-17/a>	Didier Stevens	Autoruns and VirusTotal
2015-06-26/a>	Daniel Wesemann	Cisco default credentials - again!
2015-03-07/a>	Guy Bruneau	Should it be Mandatory to have an Independent Security Audit after a Breach?
2014-11-04/a>	Daniel Wesemann	20$ is 999999 Euro
2014-09-27/a>	Guy Bruneau	What has Bash and Heartbleed Taught Us?
2014-05-30/a>	Johannes Ullrich	Fake Australian Electric Bill Leads to Cryptolocker
2014-03-13/a>	Daniel Wesemann	Identification and authentication are hard ... finding out intention is even harder
2014-01-10/a>	Basil Alawi S.Taher	Windows Autorun-3
2014-01-08/a>	Kevin Shortt	Intercepted Email Attempts to Steal Payments
2013-12-20/a>	Daniel Wesemann	authorized key lime pie
2013-09-18/a>	Rob VandenBrink	Cisco DCNM Update Released
2013-08-21/a>	Rob VandenBrink	Fibre Channel Reconnaissance - Reloaded
2013-06-21/a>	Guy Bruneau	Sysinternals Updates for Autoruns, Strings & ZoomIt http://blogs.technet.com/b/sysinternals/archive/2013/06/20/updates-autoruns-v11-61-strings-v2-52-zoomit-v4-5.aspx
2013-06-20/a>	Guy Bruneau	HP iLO3/iLO4 Remote Unauthorized Access with Single-Sign-On
2013-04-15/a>	Rob VandenBrink	Oops - You Mean That Deleted Server was a Certificate Authority?
2013-03-28/a>	John Bambenek	Where Were You During the Great DDoS Cybergeddon of 2013?
2013-03-23/a>	Guy Bruneau	Apple ID Two-step Verification Now Available in some Countries
2013-03-18/a>	Kevin Shortt	Spamhaus DDOS
2013-03-05/a>	Mark Hofman	IPv6 Focus Month: Device Defaults
2013-02-19/a>	Johannes Ullrich	EDUCAUSE Breach
2013-02-14/a>	Bojan Zdrnja	Auditd is your friend
2012-09-05/a>	Rob VandenBrink	Auditing a Network for VOIP Call Quality Metrics
2012-08-14/a>	Rick Wanner	Microsoft August 2012 Black Tuesday Update - Overview
2012-07-12/a>	Rob VandenBrink	Today at SANSFIRE - Dude Your Car is PWND !
2012-03-03/a>	Jim Clausing	New automated sandbox for Android malware
2012-01-13/a>	Guy Bruneau	Sysinternals Updates - http://blogs.technet.com/b/sysinternals/archive/2012/01/13/updates-autoruns-v11-21-coreinfo-v3-03-portmon-v-3-03-process-explorer-v15-12-mark-s-blog-and-mark-at-rsa-2012.aspx
2011-09-19/a>	Guy Bruneau	MS Security Advisory Update - Fraudulent DigiNotar Certificates
2011-09-08/a>	Rob VandenBrink	When Good CA's go Bad: Other Things to Check in Your Datacenter
2011-05-30/a>	Johannes Ullrich	Allied Telesis Passwords Leaked
2011-05-18/a>	Bojan Zdrnja	Android, HTTP and authentication tokens
2010-12-15/a>	Manuel Humberto Santander Pelaez	HP StorageWorks P2000 G3 MSA hardcoded user
2010-09-28/a>	Daniel Wesemann	Supporting the economy (in Russia and Ukraine)
2010-09-21/a>	Johannes Ullrich	Implementing two Factor Authentication on the Cheap
2010-06-17/a>	Deborah Hale	Internet Fraud Alert Kicks Off Today
2010-06-15/a>	Manuel Humberto Santander Pelaez	Mastercard delivering cards with OTP device included
2010-05-15/a>	Deborah Hale	Onboard Computers Subject to Attack?
2010-05-03/a>	Daniel Wesemann	Social engineering via paper mail
2010-04-09/a>	Mark Hofman	Adobe launch issue response/work around.
2010-04-06/a>	Daniel Wesemann	Application Logs
2010-03-10/a>	Rob VandenBrink	Microsoft re-release of KB973811 - attacks on Extended Protection for Authentication
2009-11-25/a>	Jim Clausing	Updates to my GREM Gold scripts and a new script
2009-11-05/a>	Swa Frantzen	Insider threat: The snapnames case
2009-10-02/a>	Stephen Hall	New SysInternal fun for the weekend
2009-08-19/a>	Daniel Wesemann	Checking your protection
2009-08-16/a>	Mari Nichols	Surviving a third party onsite audit
2009-05-31/a>	Tony Carothers	L0phtcrack is Back!
2009-05-25/a>	Jim Clausing	NTPD autokey vulnerability
2009-05-11/a>	Mari Nichols	Sysinternals Updates 3 Applications
2009-04-22/a>	Jason Lam	OAuth vulnerability
2009-03-20/a>	Stephen Hall	Making the most of your runbooks
2009-02-25/a>	donald smith	AutoRun disabling patch released
2009-01-20/a>	Adrien de Beaupre	Obamamania
2009-01-15/a>	Bojan Zdrnja	Conficker's autorun and social engineering
2008-12-25/a>	Maarten Van Horenbeeck	Merry Christmas, and beware of digital hitchhikers!
2008-11-05/a>	donald smith	hacking the election
2008-10-20/a>	Johannes Ullrich	Fraudulent ATM Reactivation Phone Calls.
2008-05-07/a>	Jim Clausing	More on automated exploit generation
2008-04-18/a>	John Bambenek	The Patch Window is Gone: Automated Patch-Based Exploit Generation
2008-03-30/a>	Mark Hofman	Mail Anyone?

FEDCOURTS AU

FEDCOURTS

AU