Diaries by Keyword - SANS Internet Storm Center

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Handler on Duty: Rob VandenBrink

Threat Level: green

Date	Author	Title
2023-10-03	Tom Webb	Are Local LLMs Useful in Incident Response?
2023-05-24	Tom Webb	IR Case/Alert Management
2023-01-26	Tom Webb	Live Linux IR with UAC
2022-06-02	Johannes Ullrich	Quick Answers in Incident Response: RECmd.exe
2021-12-06	Xavier Mertens	The Importance of Out-of-Band Networks
2020-09-17	Xavier Mertens	Suspicious Endpoint Containment with OSSEC
2019-08-25	Guy Bruneau	Are there any Advantages of Buying Cyber Security Insurance?
2017-12-05	Tom Webb	IR using the Hive Project.
2017-09-17	Guy Bruneau	rockNSM as a Incident Response Package
2017-06-17	Guy Bruneau	Mapping Use Cases to Logs. Which Logs are the Most Important to Collect?
2016-08-24	Tom Webb	Stay on Track During IR
2015-12-04	Tom Webb	Automating Phishing Analysis using BRO
2015-04-27	Richard Porter	When Prevention Fails, Incident Response Begins
2015-03-07	Guy Bruneau	Should it be Mandatory to have an Independent Security Audit after a Breach?
2014-12-24	Rick Wanner	Incident Response at Sony
2014-09-12	Chris Mohan	Are credential dumps worth reviewing?
2014-08-16	Lenny Zeltser	Web Server Attack Investigation - Installing a Bot and Reverse Shell via a PHP Vulnerability
2014-08-10	Basil Alawi S.Taher	Incident Response with Triage-ir
2014-04-04	Rob VandenBrink	Dealing with Disaster - A Short Malware Incident Response
2014-03-22	Guy Bruneau	How the Compromise of a User Account Lead to a Spam Incident
2014-01-23	Chris Mohan	Learning from the breaches that happens to others Part 2
2014-01-22	Chris Mohan	Learning from the breaches that happens to others
2013-05-08	Chris Mohan	Syria drops from Internet 7th May 2013
2013-03-02	Scott Fendley	Evernote Security Issue
2012-12-13	Johannes Ullrich	What if Tomorrow Was the Day?
2012-11-16	Manuel Humberto Santander Pelaez	Information Security Incidents are now a concern for colombian government
2012-04-23	Russ McRee	Emergency Operations Centers & Security Incident Management: A Correlation
2011-10-29	Richard Porter	The Sub Critical Control? Evidence Collection
2011-10-28	Russ McRee	Critical Control 19: Data Recovery Capability
2011-10-27	Mark Baggett	Critical Control 18: Incident Response Capabilities
2011-09-13	Swa Frantzen	GlobalSign back in operation
2011-07-25	Chris Mohan	Monday morning incident handler practice
2011-07-09	Chris Mohan	Safer Windows Incident Response
2011-06-03	Guy Bruneau	SonyPictures Site Compromised
2011-04-25	Rob VandenBrink	Sony PlayStation Network Outage - Day 5
2011-03-25	Kevin Liston	APT Tabletop Exercise
2011-03-22	Chris Mohan	Read only USB stick trick
2010-10-18	Manuel Humberto Santander Pelaez	Cyber Security Awareness Month - Day 18 - What you should tell your boss when there's a crisis
2010-09-04	Kevin Liston	Investigating Malicious Website Reports
2010-08-04	Tom Liston	Incident Reporting - Liston's "How-To" Guide
2010-03-21	Chris Carboni	Responding To The Unexpected
2010-01-22	Mari Nichols	Pass-down for a Successful Incident Response
2009-06-11	Rick Wanner	MIR-ROR Motile Incident Response - Respond Objectively Remediate
2009-05-01	Adrien de Beaupre	Incident Management
2009-04-16	Adrien de Beaupre	Incident Response vs. Incident Handling
2008-10-29	Deborah Hale	Day 29 - Should I Switch Software Vendors?