Internet Storm Center
Sign In
Sign Up
Participate: Learn more about our honeypot network
https://isc.sans.edu/tools/honeypot/
Handler on Duty:
Jesse La Grew
Threat Level:
green
Date
Author
Title
BACKTRACK 5 R2
2012-04-12
Guy Bruneau
wicd Privilege Escalation 0day exploit for Backtrack 5 R2
BACKTRACK
2012-08-14/a>
Rick Wanner
Backtrack 5 r3 released - http://www.backtrack-linux.org/downloads/
2012-04-12/a>
Guy Bruneau
wicd Privilege Escalation 0day exploit for Backtrack 5 R2
2011-05-10/a>
Swa Frantzen
Backtrack 5 released
2010-12-27/a>
Johannes Ullrich
Various sites "Owned and Exposed"
2010-01-11/a>
Adrien de Beaupre
BackTrack 4 final released http://www.remote-exploit.org/news.html http://www.backtrack-linux.org/downloads/
5
2024-03-15/a>
Yee Ching Tok
5Ghoul Revisited: Three Months Later
2023-12-07/a>
Yee Ching Tok
5Ghoul: Impacts, Implications and Next Steps
2023-11-06/a>
Johannes Ullrich
Exploit Activity for CVE-2023-22518, Atlassian Confluence Data Center and Server
2023-08-25/a>
Xavier Mertens
Python Malware Using Postgresql for C2 Communications
2022-12-16/a>
Guy Bruneau
VMware Security Updates
2022-10-27/a>
Tom Webb
Supersizing your DUO and 365 Integration
2022-08-26/a>
Guy Bruneau
HTTP/2 Packet Analysis with Wireshark
2022-08-24/a>
Brad Duncan
Monster Libra (TA551/Shathak) --> IcedID (Bokbot) --> Cobalt Strike & DarkVNC
2022-08-14/a>
Johannes Ullrich
Realtek SDK SIP ALG Vulnerability: A Big Deal, but not much you can do about it. CVE 2022-27255
2022-06-09/a>
Brad Duncan
TA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt)
2022-05-13/a>
Johannes Ullrich
From 0-Day to Mirai: 7 days of BIG-IP Exploits
2022-05-11/a>
Brad Duncan
TA578 using thread-hijacked emails to push ISO files for Bumblebee malware
2022-05-08/a>
Johannes Ullrich
F5 BIG-IP Unauthenticated RCE Vulnerability (CVE-2022-1388)
2021-12-18/a>
Guy Bruneau
VMware Security Update - https://www.vmware.com/security/advisories/VMSA-2021-0030.html
2021-12-02/a>
Brad Duncan
TA551 (Shathak) pushes IcedID (Bokbot)
2021-10-30/a>
Guy Bruneau
Remote Desktop Protocol (RDP) Discovery
2021-09-21/a>
Johannes Ullrich
A First Look at Apple's iOS 15 "Private Relay" feature.
2021-08-11/a>
Brad Duncan
TA551 (Shathak) continues pushing BazarLoader, infections lead to Cobalt Strike
2021-07-18/a>
Didier Stevens
Video: CyberChef BASE85 Decoding
2021-07-17/a>
Didier Stevens
BASE85 Decoding With base64dump.py
2021-07-16/a>
Xavier Mertens
Multiple BaseXX Obfuscations
2021-07-09/a>
Brad Duncan
Hancitor tries XLL as initial malware file
2021-06-30/a>
Johannes Ullrich
CVE-2021-1675: Incomplete Patch and Leaked RCE Exploit
2021-06-19/a>
Xavier Mertens
Easy Access to the NIST RDS Database
2021-02-02/a>
Xavier Mertens
New Example of XSL Script Processing aka "Mitre T1220"
2021-01-26/a>
Brad Duncan
TA551 (Shathak) Word docs push Qakbot (Qbot)
2020-12-12/a>
Didier Stevens
Office 95 Excel 4 Macros
2020-11-21/a>
Guy Bruneau
VMware privilege escalation vulnerabilities (CVE-2020-4004, CVE-2020-4005) - https://www.vmware.com/security/advisories/VMSA-2020-0026.html
2020-10-14/a>
Brad Duncan
More TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-08-20/a>
Rob VandenBrink
Office 365 Mail Forwarding Rules (and other Mail Rules too)
2020-08-07/a>
Brad Duncan
TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-08-04/a>
Johannes Ullrich
Reminder: Patch Cisco ASA / FTD Devices (CVE-2020-3452). Exploitation Continues
2020-07-22/a>
Rick Wanner
A few IoCs related to CVE-2020-5902
2020-07-15/a>
Johannes Ullrich
PATCH NOW - SIGRed - CVE-2020-1350 - Microsoft DNS Server Vulnerability
2020-07-06/a>
Johannes Ullrich
Summary of CVE-2020-5902 F5 BIG-IP RCE Vulnerability Exploits
2020-07-05/a>
Didier Stevens
CVE-2020-5902 F5 BIG-IP Exploitation Attempt
2019-08-01/a>
Johannes Ullrich
What is Listening On Port 9527/TCP?
2019-07-26/a>
Kevin Shortt
DVRIP Port 34567 - Uptick
2019-06-19/a>
Johannes Ullrich
Critical Actively Exploited WebLogic Flaw Patched CVE-2019-2729
2019-04-28/a>
Johannes Ullrich
Update about Weblogic CVE-2019-2725 (Exploits Used in the Wild, Patch Status)
2019-04-07/a>
Guy Bruneau
Fake Office 365 Payment Information Update
2018-08-20/a>
Didier Stevens
OpenSSH user enumeration (CVE-2018-15473)
2018-07-18/a>
Kevin Liston
Request for Packets: Port 15454
2017-01-28/a>
Guy Bruneau
Request for Packets and Logs - TCP 5358
2016-10-22/a>
Guy Bruneau
Request for Packets TCP 4786 - CVE-2016-6385
2016-02-28/a>
Guy Bruneau
RFC 6598 - Carrier Grade NAT
2016-02-13/a>
Guy Bruneau
VMware VMSA-2015-0007.3 has been Re-released
2016-01-25/a>
Rob VandenBrink
Assessing Remote Certificates with Powershell
2016-01-08/a>
Mark Hofman
SLOTH, attack on TLS using MD5
2015-07-12/a>
Guy Bruneau
PHP 5.x Security Updates
2015-04-15/a>
Johannes Ullrich
MS15-034: HTTP.sys (IIS) DoS And Possible Remote Code Execution. PATCH NOW
2015-02-05/a>
Johannes Ullrich
Adobe Flash Player Update Released, Fixing CVE 2015-0313
2015-01-27/a>
Johannes Ullrich
New Critical GLibc Vulnerability CVE-2015-0235 (aka GHOST)
2014-09-03/a>
Johannes Ullrich
F5 BigIP Unauthenticated rsync Vulnerability
2014-07-10/a>
Rob VandenBrink
Certificate Errors in Office 365 Today
2014-06-12/a>
Johannes Ullrich
Metasploit now includes module to exploit CVE-2014-0195 (OpenSSL DTLS Fragment Vuln.)
2014-05-26/a>
Tony Carothers
NIST 800 Series Publications - New and Improved
2014-03-26/a>
Johannes Ullrich
Let's Finally "Nail" This Port 5000 Traffic - Synology owners needed.
2014-03-06/a>
Mark Baggett
Port 5000 traffic and snort signature
2014-01-13/a>
Johannes Ullrich
Special Webcast today: HTML5, Risky Business or Hidden Security Toolchest? https://www.sans.org/webcasts/html5-risky-business-hidden-security-tool-chest-mobile-web-app-authentication-97650
2013-10-30/a>
Russ McRee
SIR v15: Five good reasons to leave Windows XP behind
2013-09-17/a>
John Bambenek
Microsoft Releases Out-of-Band Advisory for all Versions of Internet Explorer
2013-08-28/a>
Bojan Zdrnja
MS13-056 (false positive)? alerts
2013-08-16/a>
Kevin Liston
CVE-2013-2251 Apache Struts 2.X OGNL Vulnerability
2013-08-13/a>
Swa Frantzen
Microsoft security advisories: RDP and MD5 deprecation in Microsoft root certificates
2013-06-01/a>
Guy Bruneau
Exploit Sample for Win32/CVE-2012-0158
2013-05-20/a>
Guy Bruneau
Safe - Tools, Tactics and Techniques
2013-05-19/a>
Kevin Shortt
Port 51616 - Got Packets?
2013-04-18/a>
John Bambenek
ISC Handler Lenny Zeltser's REMnux v4 Reviewed on Hak5
2013-03-25/a>
Johannes Ullrich
IPv6 Focus Month: IPv6 over IPv4 Preference
2013-02-22/a>
Chris Mohan
PHP 5.4.12 and PHP 5.3.22 released http://www.php.net/ChangeLog-5.php
2013-01-09/a>
Richard Porter
The 80's called - They Want Their Mainframe Back!
2012-10-30/a>
Mark Hofman
Cyber Security Awareness Month - Day 30 - DSD 35 mitigating controls
2012-10-17/a>
Rob VandenBrink
Cyber Security Awareness Month - Day 17 - A Standard for Risk Management - ISO 27005
2012-09-21/a>
Guy Bruneau
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10 (2755801)
2012-08-28/a>
Johannes Ullrich
Firefox 15 Released (includes silent future updates) http://www.mozilla.org/en-US/firefox/15.0/releasenotes/buglist.html
2012-06-18/a>
Guy Bruneau
CVE-2012-1875 exploit is now available
2012-06-12/a>
Swa Frantzen
F5 ssh configuration goof
2012-05-16/a>
Johannes Ullrich
Got Packets? Odd duplicate DNS replies from 10.x IP Addresses
2012-05-07/a>
Guy Bruneau
iOS 5.1.1 Software Update for iPod, iPhone, iPad
2012-04-12/a>
Guy Bruneau
HP ProCurve 5400 zl Switch, Flash Cards Infected with Malware
2012-04-12/a>
Guy Bruneau
wicd Privilege Escalation 0day exploit for Backtrack 5 R2
2012-04-02/a>
Johannes Ullrich
SHA 1-2-3
2012-03-09/a>
Guy Bruneau
Nmap 5.61TEST5 released with 43 new scripts,improved OS & version detection, and more available for download - http://nmap.org/download.html
2012-02-24/a>
Guy Bruneau
Cisco Small Business SRP 500 Series Multiple Vulnerabilities - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120223-srp500
2012-02-03/a>
Guy Bruneau
PHP 5.3.10 Released, Fixes CVE-2012-0830 available for download http://www.php.net/archive/2012.php#id2012-02-02-1
2012-01-12/a>
Rob VandenBrink
PHP 5.39 was release on the 10th, amongst other things, it addresses CVE-2011-4885 (prevents attacks based on hash collisions) and CVE-2011-4566 (integer overflow when parsing invalid exif header)
2011-12-22/a>
Johannes Ullrich
Firefox 9 Security Fixes
2011-04-28/a>
Guy Bruneau
VMware ESXi 4.1 Security and Firmware Updates
2011-04-21/a>
Guy Bruneau
Silverlight Update Available
2010-10-30/a>
Guy Bruneau
Security Update for Shockwave Player
2010-10-28/a>
Manuel Humberto Santander Pelaez
CVE-2010-3654 - New dangerous 0-day authplay library adobe products vulnerability
2010-09-17/a>
Robert Danford
Circa 2007 Linux Kernel Vulnerability Resurfaces (Was CVE-2007-4573, Now CVE-2010-3301)
2010-08-13/a>
Guy Bruneau
Shadowserver Binary Whitelisting Service
2010-07-24/a>
Manuel Humberto Santander Pelaez
GnuPG gpgsm bug
2010-06-15/a>
Manuel Humberto Santander Pelaez
Microsoft Windows Help and Support Center vulnerability (CVE 2010-1885) exploit in the wild
2010-04-22/a>
Guy Bruneau
MS10-025 Security Update has been Pulled
2010-03-03/a>
Mark Hofman
MS10-015 re-released
2010-02-19/a>
Mark Hofman
MS10-015 may cause Windows XP to blue screen (but only if you have malware on it)
2010-02-17/a>
Rob VandenBrink
Cisco ASA5500 Security Updates - cisco-sa-20100217-asa
2010-02-01/a>
Rob VandenBrink
NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?
2009-12-24/a>
Guy Bruneau
F5 BIG-IP ASM and PSM Remote Buffer Overflow
2009-10-23/a>
Johannes Ullrich
Little new tool: reversing md5/sha1 hashes http://isc.sans.org/tools/reversehash.html
2009-10-21/a>
Pedro Bueno
Cyber Security Awareness Month - Day 21 - Port 135
2009-10-16/a>
Adrien de Beaupre
Cyber Security Awareness Month - Day 16 - Port 1521 - Oracle TNS Listener
2009-10-15/a>
Deborah Hale
Cyber Security Awareness Month - Day 15 - Ports 995, 465, and 993 - Secure Email
2009-10-08/a>
Johannes Ullrich
Cyber Security Awareness Month - Day 8 - Port 25 - SMTP
2009-09-07/a>
Jim Clausing
Request for packets
2009-07-17/a>
Stephen Hall
Firefox 3.5.1 has been released
2009-05-28/a>
Stephen Hall
Microsoft DirectShow vulnerability
2009-03-28/a>
Rick Wanner
New Beta release of Nmap
2009-03-05/a>
Mark Hofman
What's up with port 445?
2009-01-02/a>
Mark Hofman
Blocking access to MD5 signed certs
2008-12-30/a>
Johannes Ullrich
MD5 SSL Summary
2008-12-17/a>
donald smith
Team CYMRU's Malware Hash Registry
2008-08-22/a>
Patrick Nolan
MS08-051 V2.0 Patch issued August 20, 2008
2008-05-26/a>
Marcus Sachs
Port 1533 on the Rise
2006-09-19/a>
Swa Frantzen
Yet another MSIE 0-day: VML
2006-09-15/a>
Swa Frantzen
MSIE DirectAnimation ActiveX 0-day update
R2
2024-03-14/a>
Jan Kopriva
Increase in the number of phishing messages pointing to IPFS and to R2 buckets
2019-03-15/a>
Remco Verhoef
Binary Analysis with Jupyter and Radare2
2016-10-10/a>
Didier Stevens
Radare2: rahash2
2012-04-12/a>
Guy Bruneau
wicd Privilege Escalation 0day exploit for Backtrack 5 R2
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Contact Us
Contact Us
About Us
Handlers
About Us
Slack Channel
Mastodon
Bluesky
X
Follow updates by subscribing to the handler's
diary RSS feed
