Internet Storm Center
Sign In
Sign Up
SANS Network Security: Las Vegas Sept 4-9.
Handler on Duty:
Johannes Ullrich
Threat Level:
green
Date
Author
Title
2024-08-14
Xavier Mertens
Multiple Malware Dropped Through MSI Package
2024-06-17
Xavier Mertens
New NetSupport Campaign Delivered Through MSIX Packages
2024-05-31
Xavier Mertens
"K1w1" InfoStealer Uses gofile.io for Exfiltration
2024-03-28
Xavier Mertens
From JavaScript to AsyncRAT
2023-12-23
Xavier Mertens
Python Keylogger Using Mailtrap.io
2023-12-20
Guy Bruneau
How to Protect your Webserver from Directory Enumeration Attack ? Apache2 [Guest Diary]
2023-11-18
Xavier Mertens
Quasar RAT Delivered Through Updated SharpLoader
2023-08-20
Guy Bruneau
SystemBC Malware Activity
2023-08-18
Xavier Mertens
From a Zalando Phishing to a RAT
2023-08-11
Xavier Mertens
Show me All Your Windows!
2023-06-29
Brad Duncan
GuLoader- or DBatLoader/ModiLoader-style infection for Remcos RAT
2023-06-16
Xavier Mertens
Another RAT Delivered Through VBS
2023-05-30
Brad Duncan
Malspam pushes ModiLoader (DBatLoader) infection for Remcos RAT
2023-05-20
Xavier Mertens
Phishing Kit Collecting Victim's IP Address
2023-05-19
Xavier Mertens
When the Phisher Messes Up With Encoding
2023-05-14
Guy Bruneau
VMware Aria Operations addresses multiple Local Privilege Escalations and a Deserialization issue
2023-05-07
Didier Stevens
Quickly Finding Encoded Payloads in Office Documents
2023-05-03
Xavier Mertens
Increased Number of Configuration File Scans
2023-03-12
Guy Bruneau
AsynRAT Trojan - Bill Payment (Pago de la factura)
2023-03-11
Xavier Mertens
Overview of a Mirai Payload Generator
2022-10-21
Brad Duncan
sczriptzzbn inject pushes malware for NetSupport RAT
2022-09-22
Xavier Mertens
RAT Delivered Through FODHelper
2022-07-28
Johannes Ullrich
Exfiltrating Data With Bookmarks
2022-06-16
Xavier Mertens
Houdini is Back Delivered Through a JavaScript Dropper
2022-06-04
Guy Bruneau
Spam Email Contains a Very Large ISO file
2022-05-20
Xavier Mertens
A 'Zip Bomb' to Bypass Security Controls & Sandboxes
2022-05-05
Brad Duncan
Password-protected Excel spreadsheet pushes Remcos RAT
2022-05-03
Rob VandenBrink
Finding the Real "Last Patched" Day (Interim Version)
2022-03-11
Xavier Mertens
Keep an Eye on WebSockets
2022-03-09
Xavier Mertens
Infostealer in a Batch File
2022-02-18
Xavier Mertens
Remcos RAT Delivered Through Double Compressed Archive
2022-02-11
Xavier Mertens
CinaRAT Delivered Through HTML ID Attributes
2022-01-07
Xavier Mertens
Custom Python RAT Builder
2021-12-01
Xavier Mertens
Info-Stealer Using webhook.site to Exfiltrate Data
2021-11-04
Brad Duncan
October 2021 Forensic Contest: Answers and Analysis
2021-09-01
Brad Duncan
STRRAT: a Java-based RAT that doesn't care if you have Java
2021-06-21
Rick Wanner
Mitre CWE - Common Weakness Enumeration
2021-04-09
Xavier Mertens
No Python Interpreter? This Simple RAT Installs Its Own Copy
2021-03-31
Xavier Mertens
Quick Analysis of a Modular InfoStealer
2021-03-04
Xavier Mertens
From VBS, PowerShell, C Sharp, Process Hollowing to RAT
2021-02-24
Brad Duncan
Malspam pushes GuLoader for Remcos RAT
2021-02-04
Bojan Zdrnja
Abusing Google Chrome extension syncing for data exfiltration and C&C
2020-10-14
Xavier Mertens
Nicely Obfuscated Python RAT
2020-09-30
Johannes Ullrich
Scans for FPURL.xml: Reconnaissance or Not?
2020-09-28
Xavier Mertens
Some Tyler Technologies Customers Targeted with The Installation of a Bomgar Client
2020-08-25
Xavier Mertens
Keep An Eye on LOLBins
2020-08-18
Xavier Mertens
Using API's to Track Attackers
2020-08-10
Bojan Zdrnja
Scoping web application and web service penetration tests
2020-08-04
Johannes Ullrich
Internet Choke Points: Concentration of Authoritative Name Servers
2020-05-14
Rob VandenBrink
Patch Tuesday Revisited - CVE-2020-1048 isn't as "Medium" as MS Would Have You Believe
2020-04-17
Xavier Mertens
Weaponized RTF Document Generator & Mailer in PowerShell
2020-02-05
Brad Duncan
Fake browser update pages are "still a thing"
2020-01-10
Xavier Mertens
More Data Exfiltration
2019-10-29
Xavier Mertens
Generating PCAP Files from YAML
2019-09-27
Xavier Mertens
New Scans for Polycom Autoconfiguration Files
2019-09-25
Brad Duncan
Malspam pushing Quasar RAT
2019-09-19
Xavier Mertens
Agent Tesla Trojan Abusing Corporate Email Accounts
2019-09-19
Xavier Mertens
Blocklisting or Whitelisting in the Right Way
2019-04-26
Rob VandenBrink
Pillaging Passwords from Service Accounts
2019-04-24
Rob VandenBrink
Where have all the Domain Admins gone? Rooting out Unwanted Domain Administrators
2019-03-06
Xavier Mertens
Keep an Eye on Disposable Email Addresses
2018-11-27
Rob VandenBrink
Data Exfiltration in Penetration Tests
2018-09-19
Rob VandenBrink
Certificates Revisited - SSL VPN Certificates 2 Ways
2018-09-05
Rob VandenBrink
Where have all my Certificates gone? (And when do they expire?)
2018-08-24
Xavier Mertens
Microsoft Publisher Files Delivering Malware
2018-06-15
Lorna Hutcheson
SMTP Strangeness - Possible C2
2018-05-19
Xavier Mertens
Malicious Powershell Targeting UK Bank Customers
2018-05-10
Bojan Zdrnja
Exfiltrating data from (very) isolated environments
2017-12-13
Xavier Mertens
Tracking Newly Registered Domains
2017-11-03
Xavier Mertens
Simple Analysis of an Obfuscated JAR File
2017-08-17
Xavier Mertens
Maldoc with auto-updated link
2017-06-08
Tom Webb
Summer STEM for Kids
2017-05-10
Johannes Ullrich
Read This If You Are Using a Script to Pull Data From This Site
2017-04-20
Xavier Mertens
DNS Query Length... Because Size Does Matter
2016-09-04
Russ McRee
Kali Linux 2016.2 Release: https://www.kali.org/news/kali-linux-20162-release/
2016-07-26
Johannes Ullrich
Command and Control Channels Using "AAAA" DNS Records
2016-06-15
Richard Porter
Warp Speed Ahead, L7 Open Source Packet Generator: Warp17
2016-04-02
Russell Eubanks
Why Can't We Be Friends?
2015-12-24
Xavier Mertens
Unity Makes Strength
2015-11-09
John Bambenek
Protecting Users and Enterprises from the Mobile Malware Threat
2015-09-03
Xavier Mertens
Querying the DShield API from RTIR
2014-08-22
Richard Porter
OCLHashCat 1.30 Released
2014-08-09
Adrien de Beaupre
Complete application ownage via Multi-POST XSRF
2014-07-19
Russ McRee
Keeping the RATs out: the trap is sprung - Part 3
2014-07-18
Russ McRee
Keeping the RATs out: **it happens - Part 2
2014-07-16
Russ McRee
Keeping the RATs out: an exercise in building IOCs - Part 1
2014-03-13
Daniel Wesemann
Identification and authentication are hard ... finding out intention is even harder
2013-06-18
Russ McRee
Volatility rules...any questions?
2013-04-25
Adam Swanger
Guest Diary: Dylan Johnson - A week in the life of some Perimeter Firewalls
2013-04-17
John Bambenek
UPDATEDx1: Boston-Related Malware Campaigns Have Begun - Now with Waco Plant Explosion Fun
2013-04-16
John Bambenek
Fake Boston Marathon Scams Update
2013-04-15
John Bambenek
Please send any spam (full headers), URLs or other suspicious content scamming off Boston Marathon explosions to handlers@sans.org
2013-03-03
Richard Porter
Uptick in MSSQL Activity
2013-02-06
Johannes Ullrich
Are you losing system logging information (and don't know it)?
2012-10-30
Mark Hofman
Cyber Security Awareness Month - Day 30 - DSD 35 mitigating controls
2012-05-22
Johannes Ullrich
nmap 6 released
2012-01-03
Rick Wanner
Analysis of the Stratfor Password List
2011-12-25
Deborah Hale
Another Company Falls Victim
2011-10-26
Rick Wanner
Critical Control 17:Penetration Tests and Red Team Exercises
2010-10-03
Adrien de Beaupre
Canada's Cyber Security Strategy released today
2010-08-23
Manuel Humberto Santander Pelaez
Firefox plugins to perform penetration testing activities
2010-08-16
Raul Siles
Blind Elephant: A New Web Application Fingerprinting Tool
2010-07-08
Kyle Haugsness
Pirate Bay account database compromised
2010-06-06
Manuel Humberto Santander Pelaez
Nice OS X exploit tutorial
2010-04-13
Adrien de Beaupre
Web App Testing Tools
2010-03-06
Tony Carothers
Integration and the Security of New Technologies
2010-02-22
Rob VandenBrink
New Risks in Penetration Testing
2009-07-27
Raul Siles
New Hacker Challenge: Prison Break - Breaking, Entering & Decoding
2009-04-21
Bojan Zdrnja
Web application vulnerabilities
2009-01-20
Adrien de Beaupre
Obamamania
2008-11-25
Andre Ludwig
The beginnings of a collaborative approach to IDS
2008-09-20
Rick Wanner
New (to me) nmap Features
2008-07-18
Adrien de Beaupre
Exit process?
2008-03-30
Mark Hofman
Mail Anyone?
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Contact Us
Contact Us
About Us
Handlers
About Us
Slack Channel
Mastodon
Bluesky
X
Follow updates by subscribing to the handler's
diary RSS feed