Internet Storm Center
Sign In
Sign Up
Watch ISC TV. Great for NOCs, SOCs and Living Rooms:
https://isctv.sans.edu
Handler on Duty:
Jesse La Grew
Threat Level:
green
Date
Author
Title
SSE SPAMBOT
2018-12-05
Brad Duncan
Campaign evolution: Hancitor changes its Word macros
SSE
2023-09-06/a>
Johannes Ullrich
Security Relevant DNS Records
2023-07-26/a>
Xavier Mertens
Suspicious IP Addresses Avoided by Malware Samples
2023-02-25/a>
Didier Stevens
Crypto Inside a Browser
2022-02-01/a>
Xavier Mertens
Automation is Nice But Don't Replace Your Knowledge
2021-05-10/a>
Johannes Ullrich
Correctly Validating IP Addresses: Why encoding matters for input validation.
2021-01-02/a>
Guy Bruneau
Protecting Home Office and Enterprise in 2021
2020-09-17/a>
Xavier Mertens
Suspicious Endpoint Containment with OSSEC
2020-02-16/a>
Guy Bruneau
SOAR or not to SOAR?
2019-01-31/a>
Xavier Mertens
Tracking Unexpected DNS Changes
2018-12-19/a>
Xavier Mertens
Using OSSEC Active-Response as a DFIR Framework
2018-12-05/a>
Brad Duncan
Campaign evolution: Hancitor changes its Word macros
2018-09-20/a>
Xavier Mertens
Hunting for Suspicious Processes with OSSEC
2016-07-12/a>
Xavier Mertens
Hunting for Malicious Files with MISP + OSSEC
2015-06-02/a>
Alex Stanford
Guest Diary: Xavier Mertens - Playing with IP Reputation with Dshield & OSSEC
2015-05-10/a>
Didier Stevens
Wireshark TCP Flags: How To Install On Windows Video
2015-04-05/a>
Didier Stevens
Wireshark TCP Flags
2015-03-21/a>
Russell Eubanks
Have you seen my personal information? It has been lost. Again.
2014-08-15/a>
Tom Webb
AppLocker Event Logs with OSSEC 2.8
2014-05-28/a>
Rob VandenBrink
Assessing SOAP APIs with Burp
2013-10-21/a>
Johannes Ullrich
New tricks that may bring DNS spoofing back or: "Why you should enable DNSSEC even if it is a pain to do"
2013-08-14/a>
Johannes Ullrich
.GOV zones may not resolve due to DNSSEC problems.
2013-06-22/a>
Guy Bruneau
.biz DNSSEC DNSKEY is Invalid
2013-03-04/a>
Johannes Ullrich
IPv6 Focus Month: Addresses
2013-02-22/a>
Johannes Ullrich
When web sites go bad: bible . org compromise
2012-11-23/a>
Rob VandenBrink
Risk Assessment Reloaded (thanks PCI ! )
2012-11-23/a>
Rob VandenBrink
What's in Your Change Control Form?
2012-05-05/a>
Tony Carothers
Vulnerability Assessment Program - Discussions
2012-01-18/a>
Johannes Ullrich
Use of Mixed Case DNS Queries
2011-11-11/a>
Johannes Ullrich
Details About the fbi.gov DNSSEC Configuration Issue.
2011-08-05/a>
Johannes Ullrich
Microsoft Patch Tuesday Advance Notification: 13 Bulletins coming http://www.microsoft.com/technet/security/Bulletin/MS11-aug.mspx
2011-06-28/a>
Johannes Ullrich
DNSSEC Tips
2011-06-01/a>
Johannes Ullrich
Enabling Privacy Enhanced Addresses for IPv6
2011-04-14/a>
Johannes Ullrich
dshield.org now DNSSEC signed via .org
2010-11-04/a>
Johannes Ullrich
DNSSEC Progress for .com and .net
2010-10-20/a>
Jim Clausing
Tools updates - Oct 2010
2010-10-17/a>
Stephen Hall
Cyber Security Awareness Month - Day 17 - What a boss should and should not have access to
2010-05-04/a>
Rick Wanner
DNSSEC...not a bang but a whimper?
2010-04-01/a>
Jim Clausing
OSSEC v2.4 released. http://www.ossec.net/main/ossec-v24-released
2010-01-19/a>
Jim Clausing
49Gbps DDoS, IPv4 exhaustion, and DNSSEC, oh my!
2009-12-15/a>
Johannes Ullrich
Important BIND name server updates - DNSSEC
2009-12-09/a>
Swa Frantzen
OSSEC 2.3 released
2009-11-29/a>
Patrick Nolan
A Cloudy Weekend
2009-11-24/a>
John Bambenek
BIND Security Advisory (DNSSEC only)
2009-09-12/a>
Jim Clausing
OSSEC version 2.2 available
2009-08-30/a>
Tony Carothers
How do I recover from.....?
2009-04-19/a>
Mari Nichols
Providing Accurate Risk Assessments
2009-03-21/a>
Stephen Hall
Updates to ISC BIND
2009-02-28/a>
Rick Wanner
OSSEC Version 2 available!
2009-01-08/a>
Kyle Haugsness
BIND OpenSSL follow-up
2009-01-07/a>
William Salusky
BIND 9.x security patch - resolves potentially new DNS poisoning vector
2008-09-10/a>
Adrien de Beaupre
Mailbag: OSSEC 1.6 released, NMAP 4.75 released
2008-08-14/a>
Johannes Ullrich
DNSSEC for DShield.org
2008-07-08/a>
Swa Frantzen
Security implications in HVAC equipment
2008-05-07/a>
Jim Clausing
OSSEC 1.5 released
SPAMBOT
2022-02-09/a>
Brad Duncan
Example of Cobalt Strike from Emotet infection
2022-01-25/a>
Brad Duncan
Emotet Stops Using 0.0.0.0 in Spambot Traffic
2021-12-22/a>
Brad Duncan
December 2021 Forensic Contest: Answers and Analysis
2021-11-16/a>
Brad Duncan
Emotet Returns
2020-04-01/a>
Brad Duncan
Qakbot malspam sent from an infected Windows host
2019-12-18/a>
Brad Duncan
Emotet infection with spambot activity
2019-01-10/a>
Brad Duncan
Heartbreaking Emails: "Love You" Malspam
2018-12-05/a>
Brad Duncan
Campaign evolution: Hancitor changes its Word macros
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Contact Us
Contact Us
About Us
Handlers
About Us
Slack Channel
Mastodon
Bluesky
X
Make the web a better place by
sharing the SANS Internet Storm Center
with others
