Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Diaries by Keyword Diaries by Keyword

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Date Author Title

DNS OVER TLS

2019-10-21Jim ClausingWhat's up with TCP 853 (DNS over TLS)?

DNS

2019-10-25/a>Rob VandenBrinkMore on DNS Archeology (with PowerShell)
2019-10-21/a>Jim ClausingWhat's up with TCP 853 (DNS over TLS)?
2019-09-12/a>Xavier MertensBlocking Firefox DoH with Bind
2019-07-17/a>Xavier MertensAnalyzis of DNS TXT Records
2019-07-13/a>Guy BruneauGuidance to Protect DNS Against Hijacking & Scanning for Version.BIND Still a Thing
2019-07-09/a>John BambenekSolving the WHOIS and Privacy Problem: A Draft of Implementing WHOIS in DNS
2019-06-16/a>Didier StevensSysmon Version 10: DNS Logging
2019-03-27/a>Xavier MertensRunning your Own Passive DNS Service
2019-01-31/a>Xavier MertensTracking Unexpected DNS Changes
2019-01-22/a>Xavier MertensDNS Firewalling with MISP
2018-09-22/a>Didier StevensSuspicious DNS Requests ... Issued by a Firewall
2017-12-13/a>Xavier MertensTracking Newly Registered Domains
2017-11-16/a>Xavier MertensSuspicious Domains Tracking Dashboard
2017-10-20/a>Rick WannerOne year Anniversary of Dyn DDOS
2017-10-02/a>Xavier MertensInvestigating Security Incidents with Passive DNS
2017-06-14/a>Xavier MertensSystemd Could Fallback to Google DNS?
2017-04-20/a>Xavier MertensDNS Query Length... Because Size Does Matter
2016-10-23/a>Johannes UllrichISC Briefing: Large DDoS Attack Against Dyn
2016-07-26/a>Johannes UllrichCommand and Control Channels Using "AAAA" DNS Records
2016-06-12/a>Guy BruneauDNS Sinkhole ISO Version 2.0
2016-04-28/a>Rob VandenBrinkDNS and DHCP Recon using Powershell
2015-11-22/a>Guy BruneauOpenDNS Research Used to Predict Threat
2015-11-08/a>Rick WannerDNS Reconnaissance using nmap
2015-08-19/a>Bojan ZdrnjaOutsourcing critical infrastructure (such as DNS)
2015-02-19/a>Daniel WesemannDNS-based DDoS
2014-06-02/a>Rick WannerUsing nmap to scan for DDOS reflectors
2014-05-20/a>Johannes UllrichDetecting Queries to "odd" DNS Servers
2014-04-30/a>Johannes UllrichBe on the Lookout: Odd DNS Traffic, Possible C&C Traffic
2014-04-30/a>Russ McReeUltraDNS DDOS
2014-02-04/a>Johannes UllrichDo you block "new" domain names?
2014-01-30/a>Johannes UllrichNew gTLDs appearing in the root zone
2013-12-21/a>Guy BruneauStrange DNS Queries - Request for Packets
2013-11-19/a>Jim ClausingUpdated dumpdns.pl
2013-11-04/a>Manuel Humberto Santander PelaezWhen attackers use your DNS to check for the sites you are visiting
2013-10-21/a>Johannes UllrichNew tricks that may bring DNS spoofing back or: "Why you should enable DNSSEC even if it is a pain to do"
2013-10-17/a>Adrien de BeaupreInternet wide DNS scanning
2013-10-10/a>Johannes Ullrichgoogle.com.my DNS hijack
2013-10-08/a>Johannes UllrichCSAM: ANY queries used in reflective DoS attack
2013-10-02/a>Johannes UllrichCSAM: Misc. DNS Logs
2013-09-26/a>Johannes UllrichHow do you monitor DNS?
2013-09-02/a>Guy BruneauSnort IDS Sensor with Sguil New ISO Released
2013-08-14/a>Johannes Ullrich.GOV zones may not resolve due to DNSSEC problems.
2013-08-07/a>Mark HofmanDNS servers hijacked in the Netherlands
2013-07-17/a>Johannes UllrichNetwork Solutions Outage
2013-07-12/a>Johannes UllrichDNS resolution is failing for Microsofts Teredo server (teredo.ipv6.microsoft.com)
2013-07-10/a>Johannes Ullrich.NL Registrar Compromisse
2013-06-22/a>Guy Bruneau.biz DNSSEC DNSKEY is Invalid
2013-06-20/a>Johannes UllrichLinkedin DNS Hijack
2013-06-05/a>Richard PorterBIND 9 Update fixing CVE-2013-3919
2012-12-14/a>Johannes UllrichThe "D-root" DNS server (terp.umd.edu) is changing its IP address in January http://seclists.org/nanog/2012/Dec/330
2012-12-06/a>Daniel WesemannComodo DNS hiccup on usertrust.com
2012-08-16/a>Johannes UllrichA Poor Man's DNS Anomaly Detection Script
2012-07-24/a>Richard PorterReport of spike in DNS Queries gd21.net
2012-07-21/a>Rick WannerTippingPoint DNS Version Request increase
2012-07-21/a>Rick WannerOpenDNS is looking for a few good malware people!
2012-05-21/a>Kevin ShorttDNS ANY Request Cannon - Need More Packets
2012-05-16/a>Johannes UllrichGot Packets? Odd duplicate DNS replies from 10.x IP Addresses
2012-03-30/a>Daniel WesemannTomorrow, the world will end
2012-02-23/a>donald smithDNS-Changer "clean DNS" extension requested
2012-02-20/a>Rick WannerDNSChanger resolver shutdown deadline is March 8th
2012-02-09/a>Richard PorterDNS Ghost Domains, How I loath you so!
2012-01-21/a>Guy BruneauDNS Sinkhole Scripts Fixes/Update
2012-01-18/a>Johannes UllrichUse of Mixed Case DNS Queries
2012-01-13/a>Guy BruneauStrange DNS Queries - Request Packets/Logs
2011-12-13/a>Johannes UllrichPossible Widespread DNS Attack (info wanted)
2011-12-05/a>Stephen HallISC describe DNS crash bug analysis
2011-11-28/a>Tom ListonA Puzzlement...
2011-11-16/a>Jason LamPotential 0-day on Bind 9
2011-11-11/a>Rick WannerWhat's up with fbi.gov DNS?
2011-11-11/a>Johannes UllrichDetails About the fbi.gov DNSSEC Configuration Issue.
2011-11-09/a>Russ McReeOperation Ghost Click: FBI bags crime ring responsible for $14 million in losses
2011-10-15/a>Guy BruneauDNS Sinkhole Parser Script Update
2011-10-10/a>Tom ListonWhat's In A Name?
2011-09-09/a>Guy BruneauIPv6 and DNS Sinkhole
2011-09-04/a>Lorna HutchesonSeveral Sites Defaced
2011-08-17/a>Rob VandenBrinkWhen Good Patches go Bad - a DNS tale that didn't start out that way
2011-08-05/a>donald smithNew Mac Trojan: BASH/QHost.WB
2011-08-05/a>Johannes UllrichMicrosoft Patch Tuesday Advance Notification: 13 Bulletins coming http://www.microsoft.com/technet/security/Bulletin/MS11-aug.mspx
2011-07-05/a>Raul SilesTwo DoS remotely exploitable vulnerabilities affect BIND 9: http://www.isc.org/advisories/bind Updgrade to 9.8.0-P4.
2011-06-28/a>Johannes UllrichDNSSEC Tips
2011-06-03/a>Guy BruneauNew Poll: How are you dealing with Malicious Domains?
2011-05-09/a>Johannes UllrichPatch for BIND 9.8.0 DoS Vulnerability
2011-04-14/a>Johannes Ullrichdshield.org now DNSSEC signed via .org
2011-04-05/a>Mark HofmanDNS.be DDOS
2011-01-26/a>Bojan ZdrnjaGoogle Chrome and (weird) DNS requests
2010-11-25/a>Bojan ZdrnjaSecunia's DNS/domain hijacked?
2010-11-13/a>Guy BruneauRegister.com DNS Issues
2010-11-04/a>Johannes UllrichDNSSEC Progress for .com and .net
2010-10-03/a>Adrien de BeaupreH went down.
2010-09-25/a>Rick WannerGuest Diary: Andrew Hunt - Visualizing the Hosting Patterns of Modern Cybercriminals
2010-08-07/a>Stephen HallDnsMadeEasy under a "quite large and unique" ddos.
2010-07-29/a>Rob VandenBrinkNoScript 2.0 released
2010-06-19/a>Guy BruneauDNS Sinkhole ISO Available for Download
2010-05-12/a>Johannes Ullrich.de TLD Outage
2010-05-04/a>Rick WannerDNSSEC...not a bang but a whimper?
2010-02-26/a>Rick WannerNew version of dnsmap
2010-01-19/a>Jim Clausing49Gbps DDoS, IPv4 exhaustion, and DNSSEC, oh my!
2010-01-12/a>Johannes UllrichBaidu defaced - Domain Registrar Tampering
2010-01-11/a>Johannes Ullrichthe (large) domain registrar "eNom" appears to have problems with its DNS servers according to some user reports.
2010-01-10/a>Guy BruneauEasy DNS BIND Sinkhole Setup
2009-12-15/a>Johannes UllrichImportant BIND name server updates - DNSSEC
2009-11-25/a>Jim ClausingUpdates to my GREM Gold scripts and a new script
2009-11-24/a>John BambenekBIND Security Advisory (DNSSEC only)
2009-11-02/a>Daniel WesemannIDN ccTLDs
2009-10-29/a>Kyle HaugsnessCyber Security Awareness Month - Day 29 - dns port 53
2009-07-29/a>Bojan ZdrnjaBIND 9 DoS attacks in the wild
2009-04-26/a>Johannes UllrichOdd DNS Resolution for Google via OpenDNS
2009-03-21/a>Stephen HallUpdates to ISC BIND
2009-01-31/a>Swa FrantzenDNS DDoS - let's use a long term solution
2009-01-18/a>Daniel WesemannDNS queries for "."
2009-01-08/a>Kyle HaugsnessBIND OpenSSL follow-up
2009-01-07/a>William SaluskyBIND 9.x security patch - resolves potentially new DNS poisoning vector
2008-12-04/a>Bojan ZdrnjaRogue DHCP servers
2008-11-25/a>Andre LudwigOS X Dns Changers part three
2008-11-25/a>Andre LudwigTmobile G1 handsets having DNS problems?
2008-10-17/a>Patrick NolanDay 17 - Containing a DNS Hijacking
2008-10-08/a>Johannes UllrichDomaincontrol (GoDaddy) Nameservers DNS Poisoning
2008-08-14/a>Johannes UllrichDNSSEC for DShield.org
2008-08-05/a>Daniel WesemannWatching those DNS logs
2008-08-02/a>Swa FrantzenBIND: -P2 patches are released
2008-07-25/a>Swa FrantzenDNS bug - observations
2008-07-24/a>Kyle HaugsnessDNS cache poisoning vulnerability details confirmed
2008-07-22/a>Swa FrantzenDan Kaminsky's DNS bug: revealed? - Patch!
2008-07-09/a>Marcus SachsDNS Vulnerability Found by a GSEC Student Three Years Ago!
2008-07-08/a>Johannes UllrichMulitple Vendors DNS Spoofing Vulnerability
2008-05-19/a>Maarten Van HorenbeeckRoute filtering and its impact on the DNS fabric
2008-04-30/a>Bojan Zdrnja(Minor) evolution in Mac DNS changer malware
2008-03-23/a>Johannes UllrichFinding hidden gems (easter eggs) in your logs (packet challenge!)

OVER

2019-10-21/a>Jim ClausingWhat's up with TCP 853 (DNS over TLS)?
2019-09-07/a>Guy BruneauUnidentified Scanning Activity
2017-12-19/a>Xavier MertensExample of 'MouseOver' Link in a Powerpoint File
2017-02-24/a>Rick WannerCloudflare data leak...what does it mean to me?
2016-07-26/a>Johannes UllrichCommand and Control Channels Using "AAAA" DNS Records
2015-02-09/a>Chris MohanBackups are part of the overall business continuity and disaster recovery plan
2014-09-19/a>Guy BruneauAdded today in oclhashcat 131 Django [Default Auth] (PBKDF2 SHA256 Rounds Salt) Support - http://hashcat.net/hashcat/
2014-07-18/a>Russ McReeGameover Zeus reported as "returned from the dead"
2014-06-02/a>John BambenekGameover Zeus and Cryptolocker Takedowns
2013-10-02/a>John BambenekObamacare related domain registration spike, Government shutdown domain registration beginning
2013-09-10/a>Swa FrantzenAdobe September 2013 Black Tuesday Overview
2013-09-10/a>Swa FrantzenMicrosoft September 2013 Black Tuesday Overview
2013-08-13/a>Swa FrantzenMicrosoft August 2013 Black Tuesday Overview
2013-07-09/a>Swa FrantzenMicrosoft July 2013 Black Tuesday Overview
2013-06-11/a>Swa FrantzenMicrosoft June 2013 Black Tuesday Overview
2013-05-14/a>Swa FrantzenMicrosoft May 2013 Black Tuesday Overview
2013-05-14/a>Swa FrantzenFirefox & Thunderbird released
2013-05-14/a>Swa FrantzenAdobe May 2013 Black Tuesday Overview
2013-05-07/a>Jim ClausingNGINX updates address buffer overflow (CVE-2013-2028) see http://nginx.org/en/CHANGES-1.4
2013-04-09/a>Swa FrantzenMicrosoft April 2013 Black Tuesday Overview
2013-03-12/a>Swa FrantzenMicrosoft March 2013 Black Tuesday Overview
2013-01-18/a>Russ McReeSourcefire VRT rules update addresses remote stack buffer overflow in rule 3:20275
2012-12-02/a>Guy BruneauZero Day MySQL Buffer Overflow
2011-10-28/a>Russ McReeCritical Control 19: Data Recovery Capability
2011-08-16/a>Scott FendleyPhishing Scam Victim Response
2011-06-04/a>Rick WannerDo you have a personal disaster recovery plan?
2010-08-03/a>Johannes UllrichWhen Lightning Strikes
2010-06-06/a>Manuel Humberto Santander PelaezNice OS X exploit tutorial
2010-04-27/a>Rob VandenBrinkLayer 2 Security - L2TPv3 for Disaster Recovery Sites
2010-03-30/a>Pedro BuenoSharing the Tools
2010-02-17/a>Rob VandenBrinkMultiple Security Updates for ESX 3.x and ESXi 3.x
2009-12-24/a>Guy BruneauF5 BIG-IP ASM and PSM Remote Buffer Overflow
2009-10-19/a>Daniel WesemannBacked up, lately ?
2009-08-30/a>Tony CarothersHow do I recover from.....?
2009-04-14/a>Swa FrantzenApril Black Tuesday Overview
2009-03-10/a>Swa FrantzenMarch black Tuesday overview
2009-02-10/a>Swa FrantzenFebruary Black Tuesday Overview
2008-11-11/a>Swa FrantzenNovember Black Tuesday Overview
2008-10-31/a>Rick WannerDay 31 - Legal Awareness
2008-10-29/a>Deborah HaleDay 29 - Should I Switch Software Vendors?
2008-10-25/a>Rick WannerDay 26 - Restoring Systems from Backup
2008-07-18/a>Adrien de BeaupreExit process?
2008-06-10/a>Swa FrantzenLinux ASN.1 BER kernel buffer overflow
2008-03-30/a>Mark HofmanMail Anyone?

TLS

2019-10-22/a>Bojan ZdrnjaTesting TLSv1.3 and supported ciphers
2019-10-21/a>Jim ClausingWhat's up with TCP 853 (DNS over TLS)?
2019-08-07/a>Bojan ZdrnjaVerifying SSL/TLS configuration (part 2)
2019-07-23/a>Bojan ZdrnjaVerifying SSL/TLS configuration (part 1)
2019-04-13/a>Johannes UllrichConfiguring MTA-STS and TLS Reporting For Your Domain
2018-08-10/a>Remco VerhoefHunting SSL/TLS clients using JA3
2018-01-22/a>Didier StevensHTTPS on every port?
2017-05-30/a>Johannes UllrichFreeRadius Authentication Bypass
2017-03-08/a>Richard PorterWhat is really being proxied?
2017-03-01/a>Bojan ZdrnjaSSL/TLS on port 389. Say what?
2016-07-05/a>Johannes UllrichApache Update: TLS Certificate Authentication Bypass with HTTP/2 (CVE-2016-4979)
2016-01-08/a>Mark HofmanSLOTH, attack on TLS using MD5
2015-05-20/a>Brad DuncanLogjam - vulnerabilities in Diffie-Hellman key exchange affect browsers and servers using TLS
2015-02-11/a>Johannes UllrichDid PCI Just Kill E-Commerce By Saying SSL is Not Sufficient For Payment Info ? (spoiler: TLS!=SSL)
2014-08-11/a>Bojan ZdrnjaVerifying preferred SSL/TLS ciphers with Nmap
2014-06-12/a>Johannes UllrichMetasploit now includes module to exploit CVE-2014-0195 (OpenSSL DTLS Fragment Vuln.)
2014-03-04/a>Daniel WesemannTriple Handshake Cookie Cutter
2011-09-22/a>Rob VandenBrinkTLS 1.2 - Look before you Leap !
2011-09-20/a>Kevin ListonSSL/TLS Vulnerability Details to be Released Friday
2011-07-10/a>Raul SilesSecurity Testing SSL/TLS (HTTPS) Implementations
2010-07-23/a>Mark HofmanA bit old, however CISCO has updated the November 2009 TLS renegotiation vulnerability with additional vulnerable products and patch information. More details here http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml
2010-04-25/a>Raul SilesManual Verification of SSL/TLS Certificate Trust Chains using Openssl
2010-02-10/a>Marcus SachsVulnerability in TLS/SSL Could Allow Spoofing
2009-11-13/a>Adrien de BeaupreTLS & SSLv3 renegotiation vulnerability explained
2009-11-06/a>Andre LudwigNew version of OpenSSL released - OpenSSL 0.9.8l
2009-11-05/a>Swa FrantzenTLS Man-in-the-middle on renegotiation vulnerability made public
2009-10-16/a>Adrien de BeaupreCyber Security Awareness Month - Day 16 - Port 1521 - Oracle TNS Listener
2009-05-09/a>Patrick NolanUnusable, Unreadable, or Indecipherable? No Breach reporting required