Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Diaries by Keyword Diaries by Keyword

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Date Author Title

100 IPS PER DOMAIN NAME

2013-12-21Guy BruneauStrange DNS Queries - Request for Packets

100

2013-12-21/a>Guy BruneauStrange DNS Queries - Request for Packets
2011-04-28/a>Chris MohanGathering and use of location information fears - or is it all a bit too late
2010-06-02/a>Mark HofmanOpenSSL version 1.0.0a released. This fixes a number of security issues. Don't forget a number of commercial appliances will be using this, so look for vendor updates soon.
2010-04-22/a>Guy BruneauMS10-025 Security Update has been Pulled
2010-04-16/a>G. N. WhiteMS10-021: Encountering A Failed WinXP Update
2010-03-03/a>Mark HofmanMS10-015 re-released
2010-02-19/a>Mark HofmanMS10-015 may cause Windows XP to blue screen (but only if you have malware on it)
2010-01-19/a>Jim ClausingThe IE saga continues, out-of-cycle patch coming soon
2010-01-15/a>Kevin ListonExploit code available for CVE-2010-0249
2006-10-10/a>Johannes UllrichMS06-056: ASP.NET XSS Information Disclosure Vulnerability (moderate)
2006-10-10/a>Johannes UllrichMS06-061: XSLT/MSXML Buffer Overflow Code Execution Vulnerability (moderate)
2006-10-10/a>Kyle HaugsnessMS06-063: Mailslot DoS (Server service)

IPS

2017-10-25/a>Mark HofmanDUHK attack, continuing a week of named issues
2017-04-02/a>Guy BruneauIPFire - A Household Multipurpose Security Gateway
2014-04-03/a>Bojan ZdrnjaWatching the watchers
2013-12-21/a>Guy BruneauStrange DNS Queries - Request for Packets
2013-10-25/a>Rob VandenBrinkKaspersky flags TCPIP.SYS as Malware
2013-09-05/a>Rob VandenBrinkWhat's Next for IPS?
2012-12-06/a>Johannes UllrichHow to identify if you are behind a "Transparent Proxy"
2012-10-04/a>Johannes UllrichCyber Security Awareness Month - Day 4: Crypto Standards
2012-07-18/a>Rob VandenBrinkSnort Updated today
2011-12-21/a>Chris MohanThe off switch
2010-11-08/a>Manuel Humberto Santander PelaezNetwork Security Perimeter: How to choose the correct firewall and IPS for your environment?
2010-08-01/a>Manuel Humberto Santander PelaezEvation because IPS fails to validate TCP checksums?
2010-06-15/a>Manuel Humberto Santander PelaezTCP evasions for IDS/IPS
2009-03-24/a>G. N. WhitePSYB0T: A MIPS-device (mipsel) IRC Bot
2009-03-22/a>Mari NicholsDealing with Security Challenges
2008-06-18/a>Chris CarboniCisco Security Advisory

PER

2019-08-22/a>Xavier MertensSimple Mimikatz & RDPWrapper Dropper
2019-02-17/a>Didier StevensVideo: Finding Property Values in Office Documents
2019-02-16/a>Didier StevensFinding Property Values in Office Documents
2018-11-26/a>Russ McReeViperMonkey: VBA maldoc deobfuscation
2018-11-04/a>Pasquale StirparoBeyond good ol' LaunchAgent - part 1
2018-10-21/a>Pasquale StirparoBeyond good ol’ LaunchAgent - part 0
2018-05-07/a>Xavier MertensAdding Persistence Via Scheduled Tasks
2018-01-10/a>Russ McReeGitHub InfoSec Threepeat: HELK, ptf, and VulnWhisperer
2017-11-07/a>Xavier MertensInteresting VBA Dropper
2017-08-10/a>Didier StevensMaldoc Analysis with ViperMonkey
2016-07-27/a>Xavier MertensCritical Xen PV guests vulnerabilities
2015-12-22/a>Rick WannerThe other Juniper vulnerability - CVE-2015-7756
2015-02-17/a>Rob VandenBrinkA Different Kind of Equation
2014-08-23/a>Guy BruneauNSS Labs Cyber Resilience Report
2014-01-01/a>Russ McReeSix degrees of celebration: Juniper, ANT, Shodan, Maltego, Cisco, and Tails
2013-12-21/a>Guy BruneauStrange DNS Queries - Request for Packets
2013-12-16/a>Tom WebbThe case of Minerd
2013-10-26/a>Guy BruneauActive Perl/Shellbot Trojan
2013-10-25/a>Rob VandenBrinkKaspersky flags TCPIP.SYS as Malware
2013-09-05/a>Rob VandenBrinkBuilding Your Own GPU Enabled Private Cloud
2013-04-25/a>Adam SwangerGuest Diary: Dylan Johnson - A week in the life of some Perimeter Firewalls
2013-03-13/a>Johannes UllrichIPv6 Focus Month: Kaspersky Firewall IPv6 Vulnerability
2013-02-25/a>Johannes UllrichTrustwave Trustkeeper Phish
2013-02-25/a>Johannes UllrichPunkspider enumerates web application vulnerabilities
2013-02-04/a>Adam SwangerSAN Securing The Human Monthly Awareness Video - Advanced Persistent Threat (APT) http://www.securingthehuman.org/resources/ncsam
2013-01-15/a>Rob VandenBrinkWhen Disabling IE6 (or Java, or whatever) is not an Option...
2012-09-19/a>Russ McReeScript kiddie scavenging with Shellbot.S
2012-08-02/a>Guy BruneauOpera Security Update
2012-05-06/a>Jim ClausingTool updates and Win 8
2012-03-27/a>Guy BruneauOpera 11.62 for Windows patch several bugs and vulnerabilities - http://www.opera.com/docs/changelogs/windows/1162/
2011-11-07/a>Rob VandenBrinkJuniper BGP issues causing locallized Internet Problems
2011-06-28/a>Johannes UllrichUpdate: Opera 11.50 is now available http://www.opera.com/
2011-06-04/a>Rick WannerDo you have a personal disaster recovery plan?
2011-03-16/a>Johannes UllrichAnalyzing HTTP Packet Captures
2011-02-21/a>Adrien de BeaupreKaspersky update servers unreachable
2011-02-19/a>Guy BruneauSnort Data Acquisition Library
2011-01-27/a>Chris CarboniOpera Updates
2011-01-12/a>Richard PorterHow Many Loyalty Cards do you Carry?
2010-11-08/a>Manuel Humberto Santander PelaezNetwork Security Perimeter: How to choose the correct firewall and IPS for your environment?
2010-10-12/a>Adrien de BeaupreNew version of Opera- Opera 10.63 is a recommended upgrade offering security and stability enhancements: http://www.opera.com/browser/download/
2010-09-09/a>Jim ClausingOpera 10.62 - security (the DLL path issue) and stability upate see http://www.opera.com/docs/changelogs/windows/1062/
2010-08-19/a>Daniel WesemannCasper the unfriendly ghost
2010-06-23/a>Scott FendleyOpera Browser Update
2010-05-22/a>Rick WannerSANS 2010 Digital Forensics Summit - APT Based Forensic Challenge
2010-03-22/a>Guy BruneauNew Opera 10.51 available with security fixes. More information available at: http://www.opera.com/docs/changelogs/windows/1051/
2010-03-05/a>Kyle HaugsnessUnpatched Opera 10.50 and below code execution vulnerability
2009-09-01/a>Guy BruneauOpera 10 with Security Fixes
2009-03-03/a>Kyle HaugsnessOpera browser security updates
2009-03-01/a>Jim ClausingCool combination of tools
2008-12-17/a>donald smithOpera 9.6.3 released with security fixes
2008-10-30/a>Kevin ListonOpera 9.62 available - security update
2008-10-22/a>Mari NicholsOpera 9.6.1 Released
2008-08-20/a>Adrien de BeaupreFrom the mailbag, Opera 9.52...
2008-07-03/a>Bojan ZdrnjaNew Opera v9.51 fixes couple of security issues
2008-07-02/a>Jim ClausingAnother little script I threw together
2008-06-16/a>Kevin ListonOpera 9.5 is Available
2008-06-10/a>Swa FrantzenRansomware keybreaking
2008-04-03/a>Bojan ZdrnjaOpera fixes vulnerabilities and Microsoft announces April's fixes
2006-11-29/a>Toby KohlenbergNew Vulnerability Announcement and patches from Apple

DOMAIN

2019-07-17/a>Xavier MertensAnalyzis of DNS TXT Records
2019-04-24/a>Rob VandenBrinkWhere have all the Domain Admins gone? Rooting out Unwanted Domain Administrators
2019-03-27/a>Xavier MertensRunning your Own Passive DNS Service
2017-12-13/a>Xavier MertensTracking Newly Registered Domains
2017-11-16/a>Xavier MertensSuspicious Domains Tracking Dashboard
2017-07-05/a>Didier StevensSelecting domains with random names
2017-05-20/a>Xavier MertensTyposquatting: Awareness and Hunting
2014-07-09/a>Daniel WesemannWho owns your typo?
2014-01-30/a>Johannes UllrichNew gTLDs appearing in the root zone
2013-12-21/a>Guy BruneauStrange DNS Queries - Request for Packets
2012-03-13/a>Lenny ZeltserPlease transfer this email to your CEO or appropriate person, thanks
2009-05-02/a>Rick WannerMore Swine/Mexican/H1N1 related domains
2009-04-27/a>Johannes UllrichSwine Flu (Mexican Flu) related domains

NAME

2015-01-27/a>Johannes UllrichNew Critical GLibc Vulnerability CVE-2015-0235 (aka GHOST)
2014-07-09/a>Daniel WesemannWho owns your typo?
2013-12-21/a>Guy BruneauStrange DNS Queries - Request for Packets
2012-03-13/a>Lenny ZeltserPlease transfer this email to your CEO or appropriate person, thanks
2011-09-04/a>Lorna HutchesonSeveral Sites Defaced
2008-05-19/a>Maarten Van HorenbeeckRoute filtering and its impact on the DNS fabric