Diaries by Keyword - SANS Internet Storm Center

Handler on Duty: Didier Stevens

Threat Level: green

Date	Author	Title
2024-11-19	Xavier Mertens	Detecting the Presence of a Debugger in Linux
2024-08-22	Johannes Ullrich	OpenAI Scans for Honeypots. Artificially Malicious? Action Abuse?
2024-06-06	Xavier Mertens	Malicious Python Script with a "Best Before" Date
2024-03-19	Johannes Ullrich	Attacker Hunting Firewalls
2024-01-24	Johannes Ullrich	How Bad User Interfaces Make Security Tools Harmful
2024-01-18	Johannes Ullrich	More Scans for Ivanti Connect "Secure" VPN. Exploits Public
2024-01-16	Johannes Ullrich	Scans for Ivanti Connect "Secure" VPN Vulnerability (CVE-2023-46805, CVE-2024-21887)
2023-11-17	Jan Kopriva	Phishing page with trivial anti-analysis features
2022-06-01	Jan Kopriva	HTML phishing attachments - now with anti-analysis features
2022-03-27	Didier Stevens	Video: Maldoc Cleaned by Anti-Virus
2021-07-06	Xavier Mertens	Python DLL Injection Check
2021-05-21	Xavier Mertens	Locking Kernel32.dll As Anti-Debugging Technique
2020-12-29	Jan Kopriva	Want to know what's in a folder you don't have a permission to access? Try asking your AV solution...
2020-11-25	Xavier Mertens	Live Patching Windows API Calls Using PowerShell
2020-11-19	Xavier Mertens	PowerShell Dropper Delivering Formbook
2020-08-31	Didier Stevens	Finding The Original Maldoc
2020-08-29	Didier Stevens	Malicious Excel Sheet with a NULL VT Score: More Info
2020-06-16	Johannes Ullrich	Odd "Protest" Spam (Scam?) Targeting Atlanta Police Foundation
2020-06-04	Xavier Mertens	Anti-Debugging Technique based on Memory Protection
2020-01-23	Xavier Mertens	Complex Obfuscation VS Simple Trick
2019-07-16	Russ McRee	Commando VM: The Complete Mandiant Offensive VM
2019-07-11	Johannes Ullrich	Remembering Mike Assante
2018-06-25	Didier Stevens	Guilty by association
2016-12-24	Didier Stevens	Pinging All The Way
2016-10-17	Didier Stevens	Maldoc VBA Anti-Analysis: Video
2016-10-15	Didier Stevens	Maldoc VBA Anti-Analysis
2015-12-05	Guy Bruneau	Are you looking to setup your own Malware Sandbox?
2015-07-03	Didier Stevens	Analyzing Quarantine Files
2015-06-28	Didier Stevens	The EICAR Test File
2015-02-06	Johannes Ullrich	Anthem, TurboTax and How Things "Fit Together" Sometimes
2014-08-06	Johannes Ullrich	Exploit Available for Symantec End Point Protection
2014-08-04	Russ McRee	Threats & Indicators: A Security Intelligence Lifecycle
2014-07-30	Rick Wanner	Symantec Endpoint Protection Privilege Escalation Zero Day
2014-05-27	Kevin Shortt	Avast forums hacked
2014-03-11	Basil Alawi S.Taher	Introduction to Memory Analysis with Mandiant Redline
2014-03-02	Stephen Hall	Symantec goes yellow
2014-02-14	Chris Mohan	SYM14-004 Symantec Endpoint Protection Management Vulnerabilities - http://www.symantec.com/business/support/index?page=content&id=TECH214866
2014-01-01	Russ McRee	Six degrees of celebration: Juniper, ANT, Shodan, Maltego, Cisco, and Tails
2013-12-28	Russ McRee	Weekend Reading List 27 DEC
2013-08-03	Deborah Hale	What Anti-virus Program Is Right For You?
2013-06-07	Daniel Wesemann	100% Compliant (for 65% of the systems)
2013-05-20	Guy Bruneau	Safe - Tools, Tactics and Techniques
2013-04-26	Russ McRee	What is "up to date anti-virus software"?
2013-04-17	John Bambenek	UPDATEDx1: Boston-Related Malware Campaigns Have Begun - Now with Waco Plant Explosion Fun
2012-12-10	Johannes Ullrich	Your CPA License has not been revoked
2012-11-02	Daniel Wesemann	The shortcomings of anti-virus software
2012-06-19	Daniel Wesemann	Vulnerabilityqueerprocessbrittleness
2012-05-16	Johannes Ullrich	Avira Antivirus false positives http://forum.avira.com/wbb/index.php?page=Thread&threadID=144875
2012-04-26	Richard Porter	Define Irony: A medical device with a Virus?
2012-04-13	Daniel Wesemann	Anti-virus scanning exclusions
2012-01-25	Bojan Zdrnja	pcAnywhere users – patch now!
2011-08-15	Mark Hofman	How to find unwanted files on workstations
2011-07-11	John Bambenek	Another Defense Contractor Hacked in AntiSec Hacktivism Spree
2011-06-02	Johannes Ullrich	Some Insight into Apple's Anti-Virus Signatures
2011-05-31	Johannes Ullrich	Apple Improving OS X Anti-Malware Feature
2011-05-19	Daniel Wesemann	Fake AV Bingo
2011-03-17	Kevin Liston	So You Got an AV Alert. Now What?
2011-03-09	Kevin Shortt	AVG Anti-Virus 2011 False Positives - Luhe.Exploit.PDF.B
2011-03-01	Daniel Wesemann	AV software and "sharing samples"
2011-01-18	Daniel Wesemann	Yet another rogue anti-virus
2011-01-12	Richard Porter	Yet Another Data Broker? AOL Lifestream.
2010-11-11	Daniel Wesemann	Fake AV scams via Skype Chat
2010-07-25	Rick Wanner	Updated version of Mandiant's Web Historian
2010-05-26	Bojan Zdrnja	Malware modularization and AV detection evasion
2010-05-16	Rick Wanner	Symantec triggers on World of Warcraft update
2010-02-15	Johannes Ullrich	Various Olympics Related Dangerous Google Searches
2010-02-07	Rick Wanner	Mandiant Mtrends Report
2009-12-29	Rick Wanner	What's up with port 12174? Possible Symantec server compromise?
2009-12-14	Adrien de Beaupre	Anti-forensics, COFEE vs. DECAF
2009-12-03	Mark Hofman	Avast false positives
2009-09-25	Lenny Zeltser	Categories of Common Malware Traits
2009-09-17	Bojan Zdrnja	Why is Rogue/Fake AV so successful?
2009-09-04	Adrien de Beaupre	Fake anti-virus
2009-08-29	Guy Bruneau	Immunet Protect - Cloud and Community Malware Protection
2009-08-19	Daniel Wesemann	Checking your protection
2009-08-13	Johannes Ullrich	CA eTrust update crashes systems
2009-07-11	Marcus Sachs	Imageshack
2009-05-19	Rick Wanner	New Version of Mandiant Highlighter
2009-03-10	Swa Frantzen	conspiracy fodder: pifts.exe
2009-02-05	Rick Wanner	Mandiant Memoryze review, Hilighter, other Mandiant tools!
2008-09-15	donald smith	Fake antivirus 2009 and search engine results
2008-04-22	donald smith	Symantec decomposer rar bypass allowed malicious content.
2008-04-07	John Bambenek	HP USB Keys Shipped with Malware for your Proliant Server
2006-10-30	William Salusky	ToD - Configuration Management - maintaining security awareness