Internet Storm Center
Sign In
Sign Up
Handler on Duty:
Xavier Mertens
Threat Level:
green
Date
Author
Title
2024-07-16
Guy Bruneau
Who You Gonna Call? AndroxGh0st Busters! [Guest Diary]
2024-07-08
Xavier Mertens
Kunai: Keep an Eye on your Linux Hosts Activity
2024-05-28
Guy Bruneau
Is that It? Finding the Unknown: Correlations Between Honeypot Logs & PCAPs [Guest Diary]
2024-04-07
Guy Bruneau
A Use Case for Adding Threat Hunting to Your Security Operations Team. Detecting Adversaries Abusing Legitimate Tools in A Customer Environment. [Guest Diary]
2023-11-07
Johannes Ullrich
What's Normal: New uses of DNS, Discovery of Designated Resolvers (DDR)
2023-07-26
Xavier Mertens
Suspicious IP Addresses Avoided by Malware Samples
2023-06-24
Guy Bruneau
Email Spam with Attachment Modiloader
2023-05-20
Xavier Mertens
Phishing Kit Collecting Victim's IP Address
2023-02-06
Johannes Ullrich
APIs Used by Bots to Detect Public IP address
2022-10-17
Xavier Mertens
Fileless Powershell Dropper
2022-02-11
Xavier Mertens
CinaRAT Delivered Through HTML ID Attributes
2021-12-21
Xavier Mertens
More Undetected PowerShell Dropper
2021-09-15
Brad Duncan
Hancitor campaign abusing Microsoft's OneDrive
2021-05-10
Johannes Ullrich
Correctly Validating IP Addresses: Why encoding matters for input validation.
2021-03-05
Xavier Mertens
Spam Farm Spotted in the Wild
2021-03-04
Xavier Mertens
From VBS, PowerShell, C Sharp, Process Hollowing to RAT
2021-01-15
Brad Duncan
Throwback Friday: An Example of Rig Exploit Kit
2020-12-23
Jim Clausing
Analysis Dridex Dropper, IoC extraction (guest diary)
2020-11-19
Xavier Mertens
PowerShell Dropper Delivering Formbook
2020-09-10
Brad Duncan
Recent Dridex activity
2020-08-18
Xavier Mertens
Using API's to Track Attackers
2020-05-13
Brad Duncan
Malspam with links to zip archives pushes Dridex malware
2020-03-25
Brad Duncan
Recent Dridex activity
2019-12-22
Didier Stevens
Extracting VBA Macros From .DWG Files
2019-12-16
Didier Stevens
Malicious .DWG Files?
2019-12-04
Jan Kopriva
Analysis of a strangely poetic malware
2019-12-03
Brad Duncan
Ursnif infection with Dridex
2019-09-26
Rob VandenBrink
Mining MAC Address and OUI Information
2019-08-22
Xavier Mertens
Simple Mimikatz & RDPWrapper Dropper
2019-06-18
Brad Duncan
Malspam with password-protected Word docs pushing Dridex
2019-06-14
Jim Clausing
A few Ghidra tips for IDA users, part 4 - function call graphs
2019-05-19
Guy Bruneau
Is Metadata Only Approach, Good Enough for Network Traffic Analysis?
2019-05-03
Jim Clausing
A few Ghidra tips for IDA users, part 3 - conversion, labels, and comments
2019-04-17
Jim Clausing
A few Ghidra tips for IDA users, part 2 - strings and parameters
2019-04-08
Jim Clausing
A few Ghidra tips for IDA users, part 1 - the decompiler/unreachable code
2019-04-03
Jim Clausing
A few Ghidra tips for IDA users, part 0 - automatic comments for API call parameters
2019-03-14
Didier Stevens
Tip: Ghidra & ZIP Files
2019-03-08
Remco Verhoef
Analysing meterpreter payload with Ghidra
2018-12-13
Xavier Mertens
Phishing Attack Through Non-Delivery Notification
2018-08-01
Johannes Ullrich
When Cameras and Routers attack Phones. Spike in CVE-2014-8361 Exploits Against Port 52869
2018-06-16
Russ McRee
Anomaly Detection & Threat Hunting with Anomalize
2018-04-27
Tom Webb
More Threat Hunting with User Agent and Drupal Exploits
2018-04-25
Johannes Ullrich
Yet Another Drupal RCE Vulnerability
2017-11-07
Xavier Mertens
Interesting VBA Dropper
2017-10-24
Xavier Mertens
BadRabbit: New ransomware wave hitting RU & UA
2017-10-06
Johannes Ullrich
What's in a cable? The dangers of unauthorized cables
2017-04-11
Brad Duncan
Dridex malspam seen on Monday 2017-04-10
2016-08-31
Deborah Hale
Dropbox Breach
2016-07-13
Xavier Mertens
Drupal: Patch released today to fix a highly critical RCE in contributed modules
2016-07-03
Guy Bruneau
Is Data Privacy part of your Company's Culture?
2016-06-22
Bojan Zdrnja
Security through obscurity never works
2016-05-02
Rick Wanner
Fake Chrome update for Android
2015-07-28
Rick Wanner
Android Stagefright multimedia viewer prone to remote exploitation
2015-04-06
Guy Bruneau
'Dead Drops' Hidden USB Sticks Around the World
2014-04-26
Guy Bruneau
Android Users - Beware of Bitcoin Mining Malware
2014-04-05
Jim Clausing
Those strange e-mails with URLs in them can lead to Android malware
2014-04-01
Basil Alawi S.Taher
Upgrading Your Android, Elevating My Malware
2014-02-05
Johannes Ullrich
To Merrillville or Sochi: How Dangerous is it to travel?
2014-01-16
Kevin Shortt
Port 4028 - Interesting Activity
2013-12-28
Russ McRee
Weekend Reading List 27 DEC
2013-12-28
Bojan Zdrnja
DRG online challenge(s)
2013-08-14
Johannes Ullrich
Imaging LUKS Encrypted Drives
2013-03-04
Johannes Ullrich
IPv6 Focus Month: Addresses
2012-05-18
Johannes Ullrich
ZTE Score M Android Phone backdoor
2012-04-30
Rob VandenBrink
FCC posts Enquiry Documents on Google Wardriving
2012-03-03
Jim Clausing
New automated sandbox for Android malware
2011-11-01
Russ McRee
Honeynet Project: Android Reverse Engineering (A.R.E.) Virtual Machine released
2011-09-07
Lenny Zeltser
Analyzing Mobile Device Malware - Honeynet Forensic Challenge 9 and Some Tools
2011-08-24
Rob VandenBrink
Disaster Preparedness - Are We Shaken or Stirred?
2011-08-15
Rob VandenBrink
8 Years since the Eastern Seaboard Blackout - Has it Been that Long?
2011-06-01
Johannes Ullrich
Enabling Privacy Enhanced Addresses for IPv6
2011-05-18
Bojan Zdrnja
Android, HTTP and authentication tokens
2011-05-01
Deborah Hale
Droid MarketPlace Has a New App
2011-04-25
Rob VandenBrink
What's Your (IP) Address Worth?
2011-03-03
Manuel Humberto Santander Pelaez
Rogue apps inside Android Marketplace
2010-12-31
Bojan Zdrnja
Android malware enters 2011
2010-09-07
Bojan Zdrnja
SSH password authentication insight and analysis by DRG
2010-08-13
Tom Liston
The Strange Case of Doctor Jekyll and Mr. ED
2010-03-24
Johannes Ullrich
".sys" Directories Delivering Driveby Downloads
2010-02-28
Mari Nichols
Disasters take practice
2010-01-26
Rob VandenBrink
VMware vSphere Hardening Guide Draft posted for public review
2010-01-14
Bojan Zdrnja
DRG (Dragon Research Group) Distro available for general release
2010-01-11
Johannes Ullrich
Fake Android Application
2010-01-06
Guy Bruneau
Secure USB Flaw Exposed
2009-11-13
Deborah Hale
It's Never Too Early To Start Teaching Them
2009-11-05
Swa Frantzen
Legacy systems
2009-08-26
Johannes Ullrich
Malicious CD ROMs mailed to banks
2009-07-03
Adrien de Beaupre
BCP/DRP
2008-11-25
Andre Ludwig
Tmobile G1 handsets having DNS problems?
2008-07-19
William Salusky
A twist in fluxnet operations. Enter Hydraflux
2008-06-01
Swa Frantzen
The Planet outage - what can we all learn from it?
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Contact Us
Contact Us
About Us
Handlers
About Us
Slack Channel
Mastodon
Bluesky
X
Subscribe to the Internet Storm Center
YouTube Channel