Diaries by Keyword - SANS Internet Storm Center

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Handler on Duty: Didier Stevens

Threat Level: green

Date	Author	Title
CHANGE CONTROL MANAGEMENT
2010-08-19	Rob VandenBrink	Change is Good. Change is Bad. Change is Life.
CHANGE
2022-12-22/a>	Guy Bruneau	Exchange OWASSRF Exploited for Remote Code Execution
2022-01-02/a>	Guy Bruneau	Exchange Server - Email Trapped in Transport Queues
2021-11-15/a>	Rob VandenBrink	Changing your AD Password Using the Clipboard - Not as Easy as You'd Think!
2021-09-24/a>	Xavier Mertens	Keep an Eye on Your Users Mobile Devices (Simple Inventory)
2021-08-13/a>	Guy Bruneau	Scanning for Microsoft Exchange eDiscovery
2021-03-03/a>	Johannes Ullrich	Microsoft Releases Exchange Emergency Patch to Fix Actively Exploited Vulnerability
2020-12-08/a>	Johannes Ullrich	December 2020 Microsoft Patch Tuesday: Exchange, Sharepoint, Dynamics and DNS Spoofing
2019-01-28/a>	Bojan Zdrnja	Relaying Exchange?s NTLM authentication to domain admin (and more)
2017-05-17/a>	Richard Porter	Wait What? We don?t have to change passwords every 90 days?
2016-10-08/a>	Russell Eubanks	Unauthorized Change Detected!
2014-09-26/a>	Richard Porter	Why We Have Moved to InfoCon:Yellow
2014-05-22/a>	Rob VandenBrink	Another Site Breached - Time to Change your Passwords! (If you can that is)
2014-04-27/a>	Tony Carothers	The Dreaded "D" Word of IT
2014-02-10/a>	Rob VandenBrink	A Tale of Two Admins (and no Change Control)
2013-11-29/a>	Russ McRee	MS Exchange update, includes failed backup fix: http://support.microsoft.com/kb/2892464
2013-08-15/a>	Johannes Ullrich	Microsoft Pulls MS013-061 due to problems with Exchange Server 2013 http://blogs.technet.com/b/exchange/archive/2013/08/14/exchange-2013-security-update-ms13-061-status-update.aspx
2013-02-22/a>	Chris Mohan	PHP 5.4.12 and PHP 5.3.22 released http://www.php.net/ChangeLog-5.php
2012-12-18/a>	Dan Goldberg	Mitigating the impact of organizational change: a risk assessment
2012-11-23/a>	Rob VandenBrink	What's in Your Change Control Form?
2012-07-25/a>	Johannes Ullrich	Microsoft Exchange/Sharepoint and others: Oracle Outside In Vulnerability
2012-05-30/a>	Rob VandenBrink	Too Big to Fail / Too Big to Learn?
2012-02-23/a>	donald smith	DNS-Changer "clean DNS" extension requested
2012-02-20/a>	Rick Wanner	DNSChanger resolver shutdown deadline is March 8th
2011-11-09/a>	Russ McRee	Operation Ghost Click: FBI bags crime ring responsible for $14 million in losses
2011-08-05/a>	donald smith	New Mac Trojan: BASH/QHost.WB
2010-08-19/a>	Rob VandenBrink	Change is Good. Change is Bad. Change is Life.
2008-11-25/a>	Andre Ludwig	OS X Dns Changers part three
2008-11-25/a>	Andre Ludwig	Tmobile G1 handsets having DNS problems?
CONTROL
2022-05-03/a>	Rob VandenBrink	Finding the Real "Last Patched" Day (Interim Version)
2021-07-08/a>	Xavier Mertens	Using Sudo with Python For More Security Controls
2021-05-12/a>	Jan Kopriva	Number of industrial control systems on the internet is lower then in 2020...but still far from zero
2019-10-19/a>	Russell Eubanks	What Assumptions Are You Making?
2019-07-25/a>	Rob VandenBrink	When Users Attack! Users (and Admins) Thwarting Security Controls
2019-07-18/a>	Rob VandenBrink	The Other Side of Critical Control 1: 802.1x Wired Network Access Controls
2017-07-24/a>	Russell Eubanks	Trends Over Time
2017-06-10/a>	Russell Eubanks	An Occasional Look in the Rear View Mirror
2016-11-23/a>	Tom Webb	Mapping Attack Methodology to Controls
2016-10-08/a>	Russell Eubanks	Unauthorized Change Detected!
2016-07-26/a>	Johannes Ullrich	Command and Control Channels Using "AAAA" DNS Records
2015-12-21/a>	Daniel Wesemann	Critical Security Controls: Getting to know the unknown
2015-11-04/a>	Richard Porter	Application Aware and Critical Control 2
2015-05-29/a>	Russell Eubanks	Trust But Verify
2014-10-13/a>	Lorna Hutcheson	For or Against: Port Security for Network Access Control
2014-08-17/a>	Rick Wanner	Part 2: Is your home network unwittingly contributing to NTP DDOS attacks?
2014-07-28/a>	Guy Bruneau	Management and Control of Mobile Device Security
2014-06-11/a>	Daniel Wesemann	Help your pilot fly!
2014-02-10/a>	Rob VandenBrink	A Tale of Two Admins (and no Change Control)
2013-09-02/a>	Guy Bruneau	Multiple Cisco Security Notice
2013-03-13/a>	Mark Baggett	Wipe the drive! Stealthy Malware Persistence Mechanism - Part 1
2012-12-31/a>	Manuel Humberto Santander Pelaez	How to determine which NAC solutions fits best to your needs
2012-11-23/a>	Rob VandenBrink	What's in Your Change Control Form?
2011-11-03/a>	Richard Porter	An Apple, Inc. Sandbox to play in.
2011-10-29/a>	Richard Porter	The Sub Critical Control? Evidence Collection
2011-10-28/a>	Daniel Wesemann	Critical Control 20: Security Skills Assessment and Training to fill Gaps
2011-10-27/a>	Mark Baggett	Critical Control 18: Incident Response Capabilities
2011-10-26/a>	Rick Wanner	Critical Control 17:Penetration Tests and Red Team Exercises
2011-10-17/a>	Rob VandenBrink	Critical Control 11: Account Monitoring and Control
2010-08-22/a>	Rick Wanner	Failure of controls...Spanair crash caused by a Trojan
2010-08-19/a>	Rob VandenBrink	Change is Good. Change is Bad. Change is Life.
2010-08-05/a>	Rob VandenBrink	Access Controls for Network Infrastructure
2010-06-14/a>	Manuel Humberto Santander Pelaez	Python on a microcontroller?
2010-06-07/a>	Manuel Humberto Santander Pelaez	Software Restriction Policy to keep malware away
2009-10-22/a>	Adrien de Beaupre	Cyber Security Awareness Month - Day 22 port 502 TCP - Modbus
MANAGEMENT
2023-05-24/a>	Tom Webb	IR Case/Alert Management
2021-12-06/a>	Xavier Mertens	The Importance of Out-of-Band Networks
2019-09-19/a>	Xavier Mertens	Blocklisting or Whitelisting in the Right Way
2015-07-18/a>	Russell Eubanks	The Value a "Fresh Set Of Eyes" (FSOE)
2014-01-23/a>	Chris Mohan	Learning from the breaches that happens to others Part 2
2014-01-14/a>	Chris Mohan	Spamming and scanning botnets - is there something I can do to block them from my site?
2013-09-24/a>	Tom Webb	IDS, NSM, and Log Management with Security Onion 12.04.3
2013-02-25/a>	Rob VandenBrink	Silent Traitors - Embedded Devices in your Datacenter
2012-12-27/a>	John Bambenek	It's 3pm 2 days after Christmas, do you know where your unmanaged SSH keys are?
2012-08-21/a>	Adrien de Beaupre	RuggedCom fails key management 101 on Rugged Operating System (ROS)
2012-04-23/a>	Russ McRee	Emergency Operations Centers & Security Incident Management: A Correlation
2011-10-28/a>	Russ McRee	Critical Control 19: Data Recovery Capability
2010-08-19/a>	Rob VandenBrink	Change is Good. Change is Bad. Change is Life.
2009-05-01/a>	Adrien de Beaupre	Incident Management
2009-03-20/a>	donald smith	Stealthier then a MBR rootkit, more powerful then ring 0 control, it’s the soon to be developed SMM root kit.

CHANGE CONTROL MANAGEMENT

CHANGE

CONTROL

MANAGEMENT