Internet Storm Center
Sign In
Sign Up
SANS Network Security: Las Vegas Sept 4-9.
Handler on Duty:
Xavier Mertens
Threat Level:
green
Date
Author
Title
FORENSIC CHALLENGE 6
2010-11-12
Guy Bruneau
Honeynet Forensic Challenge - Analyzing Malicious Portable Destructive Files
FORENSIC
2024-05-08/a>
Xavier Mertens
Analyzing Synology Disks on Linux
2024-03-29/a>
Xavier Mertens
Quick Forensics Analysis of Apache logs
2023-01-26/a>
Tom Webb
Live Linux IR with UAC
2023-01-02/a>
Xavier Mertens
NetworkMiner 2.8 Released
2021-12-22/a>
Brad Duncan
December 2021 Forensic Contest: Answers and Analysis
2021-12-08/a>
Brad Duncan
December 2021 Forensic Challenge
2021-11-04/a>
Tom Webb
Xmount for Disk Images
2021-10-22/a>
Brad Duncan
October 2021 Contest: Forensic Challenge
2021-06-30/a>
Brad Duncan
June 2021 Forensic Contest: Answers and Analysis
2021-06-18/a>
Daniel Wesemann
Network Forensics on Azure VMs (Part #2)
2021-06-17/a>
Daniel Wesemann
Network Forensics on Azure VMs (Part #1)
2021-05-19/a>
Brad Duncan
May 2021 Forensic Contest: Answers and Analysis
2021-05-05/a>
Brad Duncan
May 2021 Forensic Contest
2021-04-01/a>
Brad Duncan
April 2021 Forensic Quiz
2021-02-25/a>
Daniel Wesemann
Forensicating Azure VMs
2020-12-16/a>
Daniel Wesemann
DNS Logs in Public Clouds
2019-10-25/a>
Rob VandenBrink
More on DNS Archeology (with PowerShell)
2019-08-21/a>
Russ McRee
KAPE: Kroll Artifact Parser and Extractor
2018-01-26/a>
Xavier Mertens
Investigating Microsoft BITS Activity
2017-10-02/a>
Xavier Mertens
Investigating Security Incidents with Passive DNS
2017-09-28/a>
Xavier Mertens
The easy way to analyze huge amounts of PCAP data
2017-09-24/a>
Jim Clausing
Forensic use of mount --bind
2017-09-19/a>
Jim Clausing
New tool: mac-robber.py
2017-07-09/a>
Russ McRee
Adversary hunting with SOF-ELK
2017-01-12/a>
Mark Baggett
System Resource Utilization Monitor
2016-10-31/a>
Russ McRee
SEC505 DFIR capture script: snapshot.ps1
2016-08-11/a>
Pasquale Stirparo
Looking for the insider: Forensic Artifacts on iOS Messaging App
2016-06-01/a>
Xavier Mertens
Docker Containers Logging
2016-05-22/a>
Pasquale Stirparo
The strange case of WinZip MRU Registry key
2016-03-28/a>
Xavier Mertens
Improving Bash Forensics Capabilities
2016-03-11/a>
Jim Clausing
Forensicating Docker, Part 1
2016-02-18/a>
Xavier Mertens
Hunting for Executable Code in Windows Environments
2016-01-06/a>
Russ McRee
toolsmith #112: Red vs Blue - PowerSploit vs PowerForensics
2015-04-24/a>
Basil Alawi S.Taher
Fileless Malware
2015-04-17/a>
Didier Stevens
Memory Forensics Of Network Devices
2015-03-18/a>
Daniel Wesemann
New SANS memory forensics poster
2015-02-03/a>
Johannes Ullrich
Another Network Forensic Tool for the Toolbox - Dshell
2014-08-10/a>
Basil Alawi S.Taher
Incident Response with Triage-ir
2014-06-22/a>
Russ McRee
OfficeMalScanner helps identify the source of a compromise
2014-06-03/a>
Basil Alawi S.Taher
An Introduction to RSA Netwitness Investigator
2014-05-18/a>
Russ McRee
sed and awk will always rock
2014-03-11/a>
Basil Alawi S.Taher
Introduction to Memory Analysis with Mandiant Redline
2014-03-07/a>
Tom Webb
Linux Memory Dump with Rekall
2014-02-09/a>
Basil Alawi S.Taher
Mandiant Highlighter 2
2014-01-10/a>
Basil Alawi S.Taher
Windows Autorun-3
2013-12-12/a>
Basil Alawi S.Taher
Acquiring Memory Images with Dumpit
2013-11-21/a>
Mark Baggett
"In the end it is all PEEKS and POKES."
2013-11-20/a>
Mark Baggett
Searching live memory on a running machine with winpmem
2013-11-19/a>
Mark Baggett
Winpmem - Mild mannered memory aquisition tool??
2013-08-26/a>
Alex Stanford
Stop, Drop and File Carve
2013-08-14/a>
Johannes Ullrich
Imaging LUKS Encrypted Drives
2013-07-12/a>
Rob VandenBrink
Hmm - where did I save those files?
2013-05-23/a>
Adrien de Beaupre
MoVP II
2013-04-25/a>
Adam Swanger
SANS 2013 Forensics Survey - https://www.surveymonkey.com/s/2013SANSForensicsSurvey
2012-11-02/a>
Daniel Wesemann
The shortcomings of anti-virus software
2012-09-14/a>
Lenny Zeltser
Analyzing Malicious RTF Files Using OfficeMalScanner's RTFScan
2012-06-04/a>
Lenny Zeltser
Decoding Common XOR Obfuscation in Malicious Code
2011-09-29/a>
Daniel Wesemann
The SSD dilemma
2011-08-05/a>
Johannes Ullrich
Forensics: SIFT Kit 2.1 now available for download http://computer-forensics.sans.org/community/downloads
2011-03-01/a>
Daniel Wesemann
AV software and "sharing samples"
2010-11-17/a>
Guy Bruneau
Reference on Open Source Digital Forensics
2010-11-12/a>
Guy Bruneau
Honeynet Forensic Challenge - Analyzing Malicious Portable Destructive Files
2010-07-13/a>
Jim Clausing
Forensic challenge results
2010-06-04/a>
Rick Wanner
New Honeynet Project Forensic Challenge
2010-05-22/a>
Rick Wanner
SANS 2010 Digital Forensics Summit - APT Based Forensic Challenge
2010-05-21/a>
Rick Wanner
2010 Digital Forensics and Incident Response Summit
2010-05-04/a>
Rick Wanner
SIFT review in the ISSA Toolsmith
2010-04-30/a>
Kevin Liston
The Importance of Small Files
2010-04-11/a>
Marcus Sachs
Network and process forensics toolset
2010-03-28/a>
Rick Wanner
Honeynet Project: 2010 Forensic Challenge #3
2010-03-26/a>
Daniel Wesemann
SIFT2.0 SANS Investigative Forensics Toolkit released
2010-01-19/a>
Jim Clausing
Forensic challenges
2009-12-14/a>
Adrien de Beaupre
Anti-forensics, COFEE vs. DECAF
2009-11-25/a>
Jim Clausing
Updates to my GREM Gold scripts and a new script
2009-08-18/a>
Daniel Wesemann
Forensics: Mounting partitions from full-disk 'dd' images
2009-08-13/a>
Jim Clausing
New and updated cheat sheets
2009-07-02/a>
Daniel Wesemann
Getting the EXE out of the RTF
2009-02-02/a>
Stephen Hall
How do you audit your production code?
2009-01-02/a>
Rick Wanner
Tools on my Christmas list.
2008-11-17/a>
Marcus Sachs
New Tool: NetWitness Investigator
2008-08-17/a>
Kevin Liston
Volatility 1.3 Released
2008-08-15/a>
Jim Clausing
OMFW 2008 reflections
CHALLENGE
2024-03-17/a>
Guy Bruneau
Gamified Learning: Using Capture the Flag Challenges to Supplement Cybersecurity Training [Guest Diary]
2022-12-10/a>
Didier Stevens
Open Now: 2022 SANS Holiday Hack Challenge & KringleCon
2021-12-22/a>
Brad Duncan
December 2021 Forensic Contest: Answers and Analysis
2021-12-08/a>
Brad Duncan
December 2021 Forensic Challenge
2020-08-02/a>
Didier Stevens
Small Challenge: A Simple Word Maldoc
2017-12-27/a>
Guy Bruneau
What are your Security Challenges for 2018?
2014-04-12/a>
Guy Bruneau
Interested in a Heartbleed Challenge?
2013-12-28/a>
Bojan Zdrnja
DRG online challenge(s)
2013-01-02/a>
Chris Mohan
Starting the New Year on the right foot
2012-04-16/a>
Mark Baggett
Challenge: What can you do with Funky Directory Names (Part 2)
2012-04-11/a>
Mark Baggett
Challenge: What can you do with funky directory names?
2011-09-07/a>
Lenny Zeltser
Analyzing Mobile Device Malware - Honeynet Forensic Challenge 9 and Some Tools
2010-12-23/a>
Mark Hofman
Skoudis' Annual Xmas Hacking Challenge - The Nightmare Before Charlie Brown's Christmas
2010-11-12/a>
Guy Bruneau
Honeynet Forensic Challenge - Analyzing Malicious Portable Destructive Files
2010-07-13/a>
Jim Clausing
Forensic challenge results
2010-06-04/a>
Rick Wanner
New Honeynet Project Forensic Challenge
2010-03-28/a>
Rick Wanner
Honeynet Project: 2010 Forensic Challenge #3
2010-01-27/a>
Raul Siles
European Union Security Challenge (Campus Party 2010)
2010-01-19/a>
Jim Clausing
Forensic challenges
2009-07-27/a>
Raul Siles
New Hacker Challenge: Prison Break - Breaking, Entering & Decoding
2008-03-25/a>
Raul Siles
New Security Challenge - It Happened One Friday
2008-03-23/a>
Johannes Ullrich
Finding hidden gems (easter eggs) in your logs (packet challenge!)
6
2024-08-20/a>
Johannes Ullrich
Where are we with CVE-2024-38063: Microsoft IPv6 Vulnerability
2023-12-09/a>
Didier Stevens
IPv4-mapped IPv6 Address Used For Obfuscation
2023-10-23/a>
Johannes Ullrich
How an AppleTV may take down your (#IPv6) network
2023-10-07/a>
Didier Stevens
Binary IPv6 Addresses
2023-10-05/a>
Jim Clausing
New tool: le-hex-to-ip.py
2023-07-29/a>
Xavier Mertens
Do Attackers Pay More Attention to IPv6?
2023-05-07/a>
Didier Stevens
Quickly Finding Encoded Payloads in Office Documents
2023-02-22/a>
Johannes Ullrich
Internet Wide Scan Fingerprinting Confluence Servers
2023-02-19/a>
Didier Stevens
"Unsupported 16-bit Application" or HTML?
2023-01-17/a>
Johannes Ullrich
Packet Tuesday: IPv6 Router Advertisements https://www.youtube.com/watch?v=uRWpB_lYIZ8
2022-11-17/a>
Johannes Ullrich
Lessons Learned from Automatic Failover: When 8.8.8.8 "disappears". IPv6 to the Rescue?
2022-10-27/a>
Tom Webb
Supersizing your DUO and 365 Integration
2022-10-16/a>
Didier Stevens
Video: Analysis of a Malicious HTML File (QBot)
2022-10-13/a>
Didier Stevens
Analysis of a Malicious HTML File (QBot)
2022-09-09/a>
Didier Stevens
Maldoc With Decoy BASE64
2022-09-06/a>
Didier Stevens
Analysis of an Encoded Cobalt Strike Beacon
2022-08-28/a>
Didier Stevens
Dealing With False Positives when Scanning Memory Dumps for Cobalt Strike Beacons
2022-08-22/a>
Xavier Mertens
32 or 64 bits Malware?
2022-06-27/a>
Johannes Ullrich
Encrypted Client Hello: Anybody Using it Yet?
2022-06-19/a>
Didier Stevens
Video: Decoding Obfuscated BASE64 Statistically
2022-06-18/a>
Didier Stevens
Decoding Obfuscated BASE64 Statistically
2022-04-28/a>
Johannes Ullrich
A Day of SMB: What does our SMB/RPC Honeypot see? CVE-2022-26809
2022-04-14/a>
Johannes Ullrich
An Update on CVE-2022-26809 - MSRPC Vulnerabliity - PATCH NOW
2022-01-02/a>
Guy Bruneau
Exchange Server - Email Trapped in Transport Queues
2021-12-18/a>
Guy Bruneau
VMware Security Update - https://www.vmware.com/security/advisories/VMSA-2021-0030.html
2021-11-20/a>
Guy Bruneau
Hikvision Security Cameras Potentially Exposed to Remote Code Execution
2021-09-07/a>
Johannes Ullrich
Why I Gave Up on IPv6. And no, it is not because of security issues.
2021-07-16/a>
Xavier Mertens
Multiple BaseXX Obfuscations
2021-07-02/a>
Xavier Mertens
"inception.py"... Multiple Base64 Encodings
2021-06-30/a>
Johannes Ullrich
CVE-2021-1675: Incomplete Patch and Leaked RCE Exploit
2021-06-26/a>
Guy Bruneau
CVE-2019-9670: Zimbra Collaboration Suite XXE vulnerability
2021-06-11/a>
Xavier Mertens
Sonicwall SRA 4600 Targeted By an Old Vulnerability
2021-04-24/a>
Guy Bruneau
Base64 Hashes Used in Web Scanning
2021-02-25/a>
Jim Clausing
So where did those Satori attacks come from?
2021-02-16/a>
Jim Clausing
More weirdness on TCP port 26
2020-12-26/a>
Didier Stevens
base64dump.py Supported Encodings
2020-12-07/a>
Didier Stevens
Corrupt BASE64 Strings: Detection and Decoding
2020-10-28/a>
Jan Kopriva
SMBGhost - the critical vulnerability many seem to have forgotten to patch
2020-09-27/a>
Didier Stevens
Decoding Corrupt BASE64 Strings
2020-08-20/a>
Rob VandenBrink
Office 365 Mail Forwarding Rules (and other Mail Rules too)
2020-06-27/a>
Didier Stevens
Video: YARA's BASE64 Strings
2020-06-14/a>
Didier Stevens
YARA's BASE64 Strings
2020-06-08/a>
Didier Stevens
Translating BASE64 Obfuscated Scripts
2020-05-30/a>
Didier Stevens
YARA v4.0.1
2020-05-19/a>
Rick Wanner
What is up on Port 62234?
2020-05-10/a>
Didier Stevens
YARA v4.0.0: BASE64 Strings
2020-05-01/a>
Jim Clausing
Attack traffic on TCP port 9673
2020-01-16/a>
Bojan Zdrnja
Summing up CVE-2020-0601, or the Let?s Decrypt vulnerability
2020-01-15/a>
Johannes Ullrich
CVE-2020-0601 Followup
2019-12-02/a>
Jim Clausing
Next up, what's up with TCP port 26?
2019-11-19/a>
Johannes Ullrich
Cheap Chinese JAWS of DVR Exploitability on Port 60001
2019-10-27/a>
Guy Bruneau
Unusual Activity with Double Base64 Encoding
2019-08-01/a>
Johannes Ullrich
What is Listening On Port 9527/TCP?
2019-07-26/a>
Kevin Shortt
DVRIP Port 34567 - Uptick
2019-06-03/a>
Didier Stevens
Tip: BASE64 Encoded PowerShell Scripts are Recognizable by the Amount of Letter As
2019-04-07/a>
Guy Bruneau
Fake Office 365 Payment Information Update
2019-02-02/a>
Guy Bruneau
Scanning for WebDAV PROPFIND Exploiting CVE-2017-7269
2019-01-29/a>
Johannes Ullrich
A Not So Well Done Phish (Why Attackers need to Implement IPv6 Now! ;-) )
2018-05-22/a>
Guy Bruneau
VMware updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue - https://www.vmware.com/security/advisories/VMSA-2018-0012.html
2018-02-02/a>
Xavier Mertens
Simple but Effective Malicious XLS Sheet
2018-01-19/a>
Jim Clausing
Followup to IPv6 brute force and IPv6 blocking
2018-01-09/a>
Jim Clausing
Are you watching for brute force attacks on IPv6?
2017-09-13/a>
Rob VandenBrink
No IPv6? Challenge Accepted! (Part 1)
2017-07-08/a>
Xavier Mertens
A VBScript with Obfuscated Base64 Data
2017-03-19/a>
Xavier Mertens
Searching for Base64-encoded PE Files
2017-03-03/a>
Lorna Hutcheson
BitTorrent or Something Else?
2016-11-24/a>
Didier Stevens
Extracting Shellcode From JavaScript
2016-10-22/a>
Guy Bruneau
Request for Packets TCP 4786 - CVE-2016-6385
2016-07-26/a>
Johannes Ullrich
Command and Control Channels Using "AAAA" DNS Records
2016-07-17/a>
Guy Bruneau
Juniper -> Junos: Self-signed certificate with spoofed trusted Issuer CN accepted as valid - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10755&actp=search
2016-03-13/a>
Guy Bruneau
A Look at the Mandiant M-Trends 2016 Report
2016-02-28/a>
Guy Bruneau
RFC 6598 - Carrier Grade NAT
2016-02-13/a>
Guy Bruneau
VMware VMSA-2015-0007.3 has been Re-released
2016-02-02/a>
Johannes Ullrich
Targeted IPv6 Scans Using pool.ntp.org .
2016-01-31/a>
Guy Bruneau
OpenSSL 1.0.2 Advisory and Update
2016-01-05/a>
Guy Bruneau
What are you Concerned the Most in 2016?
2015-07-05/a>
Didier Stevens
Working with base64
2015-04-15/a>
Johannes Ullrich
MS15-034: HTTP.sys (IIS) DoS And Possible Remote Code Execution. PATCH NOW
2015-02-08/a>
Rob VandenBrink
BURP 1.6.10 Released
2014-09-25/a>
Johannes Ullrich
Update on CVE-2014-6271: Vulnerability in bash (shellshock)
2014-09-24/a>
Pedro Bueno
Attention *NIX admins, time to patch!
2014-09-15/a>
Johannes Ullrich
Google DNS Server IP Address Spoofed for SNMP reflective Attacks
2014-07-10/a>
Rob VandenBrink
Certificate Errors in Office 365 Today
2014-07-07/a>
Johannes Ullrich
Multi Platform *Coin Miner Attacking Routers on Port 32764
2014-04-23/a>
Johannes Ullrich
DHCPv6 and DUID Confusion
2014-04-08/a>
Guy Bruneau
OpenSSL CVE-2014-0160 Fixed
2014-03-24/a>
Johannes Ullrich
New Microsoft Advisory: Unpatched Word Flaw used in Targeted Attacks
2014-03-20/a>
Johannes Ullrich
Normalizing IPv6 Addresses
2014-02-27/a>
Richard Porter
DDoS and BCP 38
2014-01-30/a>
Johannes Ullrich
IPv6 and isc.sans.edu (Update)
2014-01-13/a>
Johannes Ullrich
Got an IPv6 Firewall?
2013-11-19/a>
Jim Clausing
Updated dumpdns.pl
2013-08-28/a>
Bojan Zdrnja
MS13-056 (false positive)? alerts
2013-08-15/a>
Johannes Ullrich
Microsoft Pulls MS013-061 due to problems with Exchange Server 2013 http://blogs.technet.com/b/exchange/archive/2013/08/14/exchange-2013-security-update-ms13-061-status-update.aspx
2013-07-12/a>
Johannes Ullrich
Microsoft Teredo Server "Sunset"
2013-06-12/a>
Johannes Ullrich
Stupid Little IPv6 Tricks
2013-05-20/a>
Johannes Ullrich
Ubuntu Package available to submit firewall logs to DShield
2013-05-19/a>
Kevin Shortt
Port 51616 - Got Packets?
2013-05-17/a>
Johannes Ullrich
SSL: Another reason not to ignore IPv6
2013-04-14/a>
Johannes Ullrich
Protocol 61 Packets Follow Up
2013-04-13/a>
Johannes Ullrich
Protocol 61: Anybody got packets?
2013-03-27/a>
Adam Swanger
IPv6 Focus Month: Guest Diary: Stephen Groat - IPv6 moving target defense
2013-03-25/a>
Johannes Ullrich
IPv6 Focus Month: IPv6 over IPv4 Preference
2013-03-21/a>
Jim Clausing
IPv6 Focus Month: Guest Diary: Matthew Newton - IPv6 Cat Feeder - Turning those extra bits into bytes, literally
2013-03-19/a>
Johannes Ullrich
IPv6 Focus Month: The warm and fuzzy side of IPv6
2013-03-18/a>
Johannes Ullrich
IPv6 Focus Month: What is changing with DHCP
2013-03-13/a>
Johannes Ullrich
IPv6 Focus Month: Kaspersky Firewall IPv6 Vulnerability
2013-03-12/a>
Swa Frantzen
IPv6 Focus Month: How to say no!
2013-03-11/a>
Richard Porter
IPv6 Focus Month: Traffic Testing, Firewalls, ACLs, pt 1
2013-03-09/a>
Guy Bruneau
IPv6 Focus Month: IPv6 Encapsulation - Protocol 41
2013-03-08/a>
Johannes Ullrich
IPv6 Focus Month: Filtering ICMPv6 at the Border
2013-03-07/a>
Rob VandenBrink
IPv6 Focus Month: Barriers to Implementing IPv6
2013-03-06/a>
Adam Swanger
IPv6 Focus Month: Guest Diary: Stephen Groat - Geolocation Using IPv6 Addresses
2013-03-05/a>
Mark Hofman
IPv6 Focus Month: Device Defaults
2013-03-04/a>
Johannes Ullrich
IPv6 Focus Month: Addresses
2013-03-01/a>
Jim Clausing
IPv6 Focus Month at the Internet Storm Center
2013-02-19/a>
Johannes Ullrich
APT1, Unit 61398 and are state sponsored attacks real
2013-02-11/a>
John Bambenek
OpenSSL 1.0.1e Released with Corrected fix for CVE-2013-1069, more here: http://www.openssl.org/
2013-01-31/a>
Johannes Ullrich
IPv6 Focus Month
2012-06-01/a>
Johannes Ullrich
What Does "IPv6 Day" mean to you?
2012-05-17/a>
Johannes Ullrich
New IPv6 Video: IPv6 Router Advertisements https://isc.sans.edu/ipv6videos
2012-03-09/a>
Guy Bruneau
Nmap 5.61TEST5 released with 43 new scripts,improved OS & version detection, and more available for download - http://nmap.org/download.html
2012-02-24/a>
Guy Bruneau
Flashback Trojan in the Wild
2012-01-12/a>
Rob VandenBrink
PHP 5.39 was release on the 10th, amongst other things, it addresses CVE-2011-4885 (prevents attacks based on hash collisions) and CVE-2011-4566 (integer overflow when parsing invalid exif header)
2011-11-04/a>
Guy Bruneau
New Poll: In the coming 12 months, what is your deployment plan or status with IPv6?
2011-10-23/a>
Guy Bruneau
tcpdump and IPv6
2011-10-06/a>
Rob VandenBrink
Apache HTTP Server mod_proxy reverse proxy issue
2011-09-09/a>
Guy Bruneau
IPv6 and DNS Sinkhole
2011-08-22/a>
Jim Clausing
Are your tools ready for IPv6? (part 2)
2011-08-04/a>
Jim Clausing
Are your tools ready for IPv6? (part 1)
2011-06-09/a>
Johannes Ullrich
IPv6 Day Summary
2011-06-08/a>
Johannes Ullrich
IPv6 Day Started
2011-06-02/a>
Johannes Ullrich
IPv6 RA-Guard: How it works and how to defeat it
2011-06-01/a>
Johannes Ullrich
Enabling Privacy Enhanced Addresses for IPv6
2011-05-03/a>
Johannes Ullrich
Analyzing Teredo with tshark and Wireshark
2011-04-21/a>
Guy Bruneau
Silverlight Update Available
2011-04-11/a>
Johannes Ullrich
Layer 2 DoS and other IPv6 Tricks
2011-04-05/a>
Johannes Ullrich
IPv6 MITM via fake router advertisements
2011-02-01/a>
Johannes Ullrich
The End Of IP As We Know It
2011-01-27/a>
Guy Bruneau
ISC DHCP DHCPv6 Vulnerability
2011-01-05/a>
Johannes Ullrich
ipv6finder : How ready are you for IPv6?
2010-11-16/a>
Guy Bruneau
OpenSSL TLS Extension Parsing Race Condition
2010-11-12/a>
Guy Bruneau
Honeynet Forensic Challenge - Analyzing Malicious Portable Destructive Files
2010-10-30/a>
Guy Bruneau
Security Update for Shockwave Player
2010-10-28/a>
Manuel Humberto Santander Pelaez
CVE-2010-3654 - New dangerous 0-day authplay library adobe products vulnerability
2010-07-29/a>
Rob VandenBrink
Snort 2.8.6.1 and Snort 2.9 Beta Released
2010-07-26/a>
Guy Bruneau
SophosLabs Released Free Tool to Validate Microsoft Shortcut
2010-07-20/a>
Manuel Humberto Santander Pelaez
LNK vulnerability now with Metasploit module implementing the WebDAV method
2010-06-23/a>
Johannes Ullrich
IPv6 Support in iOS 4
2010-03-24/a>
Kyle Haugsness
Wax nostalgic - commodore64 updated to present time
2010-03-10/a>
Rob VandenBrink
Microsoft Security Advisory 981374 - Remote Code Execution Vulnerability for IE6 and IE7
2010-02-26/a>
Rick Wanner
NIST Guidelines for Secure Deployment of IPv6 - http://csrc.nist.gov/publications/drafts/800-119/draft-sp800-119_feb2010.pdf
2010-02-16/a>
Jim Clausing
Teredo request for packets
2010-02-16/a>
Johannes Ullrich
Teredo "stray packet" analysis
2010-02-02/a>
Johannes Ullrich
New IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux)
2010-01-19/a>
Jim Clausing
49Gbps DDoS, IPv4 exhaustion, and DNSSEC, oh my!
2010-01-13/a>
Guy Bruneau
Sun Java JRE 6 Update 18 Released
2010-01-12/a>
Adrien de Beaupre
PoC for CVE-2009-0689 MacOS X 10.5/10.6 vulnerability
2010-01-12/a>
Johannes Ullrich
IPv6 and isc.sans.org
2010-01-09/a>
G. N. White
What's Up With All The Port Scanning Using TCP/6000 As A Source Port?
2010-01-06/a>
Johannes Ullrich
Denial of Service Attack Aftermath (and what did Iran have to do with it?)
2010-01-06/a>
Johannes Ullrich
New Tool: IPv6 conversions http://isc.sans.org/tools/ipv6.html
2009-11-22/a>
Marcus Sachs
IE6 and IE7 0-Day Reported
2009-11-07/a>
Marcus Sachs
More Thoughts on Legacy Systems
2009-10-28/a>
Johannes Ullrich
Sniffing SSL: RFC 4366 and TLS Extensions
2009-10-15/a>
Deborah Hale
Cyber Security Awareness Month - Day 15 - Ports 995, 465, and 993 - Secure Email
2009-10-11/a>
Mark Hofman
Cyber Security Awareness Month - Day 12 Ports 161/162 Simple Network Management Protocol (SNMP)
2009-10-06/a>
Adrien de Beaupre
Cyber Security Awareness Month - Day 6 ports 67&68 udp - bootp and dhcp
2009-09-07/a>
Jim Clausing
Request for packets
2009-05-02/a>
Rick Wanner
Significant increase in port 2967 traffic
2009-04-30/a>
Marcus Sachs
ARIN Notification Concerning IPv6
2009-04-18/a>
Johannes Ullrich
Twitter Packet Challenge Solution
2009-03-25/a>
David Goldsmith
Java Runtime Environment 6.0 Update 13 Released
2009-02-13/a>
Andre Ludwig
Third party information on conficker
2009-01-12/a>
William Salusky
Downadup / Conficker - MS08-067 exploit and Windows domain account lockout
2008-12-13/a>
Jim Clausing
Followup from last shift and some research to do.
2008-11-17/a>
Jim Clausing
How are you coming with that IPv6 migration?
2006-11-20/a>
Joel Esler
MS06-070 Remote Exploit
2006-10-10/a>
Johannes Ullrich
MS06-056: ASP.NET XSS Information Disclosure Vulnerability (moderate)
2006-10-10/a>
Johannes Ullrich
MS06-061: XSLT/MSXML Buffer Overflow Code Execution Vulnerability (moderate)
2006-10-10/a>
Kyle Haugsness
MS06-063: Mailslot DoS (Server service)
2006-09-19/a>
Swa Frantzen
Yet another MSIE 0-day: VML
2006-09-12/a>
Swa Frantzen
Microsoft security patches for September 2006
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Contact Us
Contact Us
About Us
Handlers
About Us
Slack Channel
Mastodon
Bluesky
X
Make the web a better place by
sharing the SANS Internet Storm Center
with others