Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Internet Security | DShield Diaries by Keyword

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Date Author Title
2021-12-22Brad DuncanDecember 2021 Forensic Contest: Answers and Analysis
2021-12-08Brad DuncanDecember 2021 Forensic Challenge
2021-11-04Brad DuncanOctober 2021 Forensic Contest: Answers and Analysis
2021-10-22Brad DuncanOctober 2021 Contest: Forensic Challenge
2021-06-30Brad DuncanJune 2021 Forensic Contest: Answers and Analysis
2021-06-17Daniel Wesemann Network Forensics on Azure VMs (Part #1)
2021-05-23Didier StevensVideo: Making Sense Of Encrypted Cobalt Strike Traffic
2021-05-19Brad DuncanMay 2021 Forensic Contest: Answers and Analysis
2021-05-05Brad DuncanMay 2021 Forensic Contest
2021-04-18Didier StevensDecoding Cobalt Strike Traffic
2021-04-12Didier StevensExample of Cleartext Cobalt Strike Traffic (Thanks Brad)
2021-04-01Brad DuncanApril 2021 Forensic Quiz
2021-03-07Didier StevensPCAPs and Beacons
2021-01-30Guy BruneauPacketSifter as Network Parsing and Telemetry Tool
2021-01-05Johannes UllrichNetfox Detective: An Alternative Open-Source Packet Analysis Tool
2020-12-03Brad DuncanTraffic Analysis Quiz: Mr Natural
2020-11-11Brad DuncanTraffic Analysis Quiz: DESKTOP-FX23IK5
2020-10-10Didier StevensOpen Packaging Conventions
2020-09-15Brad DuncanTraffic Analysis Quiz: Oh No... Another Infection!
2020-08-05Brad DuncanTraffic Analysis Quiz: What's the Malware From This Infection?
2020-07-15Brad DuncanWord docs with macros for IcedID (Bokbot)
2020-05-20Brad DuncanMicrosoft Word document with malicious macro pushes IcedID (Bokbot)
2020-04-08Brad DuncanGerman malspam pushes ZLoader malware
2020-04-01Brad DuncanQakbot malspam sent from an infected Windows host
2020-01-05Didier Stevensetl2pcapng: Convert .etl Capture Files To .pcapng Format
2019-12-24Brad DuncanMalspam with links to Word docs pushes IcedID (Bokbot)
2019-12-03Brad DuncanUrsnif infection with Dridex
2019-11-27Brad DuncanFinding an Agent Tesla malware sample
2019-10-29Xavier MertensGenerating PCAP Files from YAML
2019-10-09Brad DuncanWhat data does Vidar malware steal from an infected host?
2019-10-03Jim ClausingBuffer overflows found in libpcap and tcpdump
2019-05-22Johannes UllrichAn Update on the Microsoft Windows RDP "Bluekeep" Vulnerability (CVE-2019-0708) [now with pcaps]
2019-04-23Didier StevensMalicious VBA Office Document Without Source Code
2019-04-04Xavier MertensNew Waves of Scans Detected by an Old Rule
2019-03-18Didier StevensWireshark 3.0.0 and Npcap: Some Remarks
2019-03-11Didier StevensWireshark 3.0.0 and Npcap
2018-11-18Guy BruneauMultipurpose PCAP Analysis Tool
2018-08-15Xavier MertensTruncating Payloads and Anonymizing PCAP files
2018-06-06Xavier MertensConverting PCAP Web Traffic to Apache Log
2018-01-18Xavier MertensComment your Packet Captures!
2017-11-13Guy Bruneaujsonrpc Scanning for root account
2017-09-28Xavier MertensThe easy way to analyze huge amounts of PCAP data
2017-09-25Renato MarinhoXPCTRA Malware Steals Banking and Digital Wallet User's Credentials
2017-05-26Lorna HutchesonFile2pcap - A new tool for your toolkit!
2017-01-28Lorna HutchesonPacket Analysis - Where do you start?
2016-11-05Xavier MertensFull Packet Capture for Dummies
2016-09-26Didier StevensVBA and P-code
2016-04-29Mark HofmanNew release of PCI DSS (version 3.2) is available
2015-02-11Johannes UllrichDid PCI Just Kill E-Commerce By Saying SSL is Not Sufficient For Payment Info ? (spoiler: TLS!=SSL)
2014-07-03Johannes UllrichCredit Card Processing in 700 Words or Less
2014-06-04Richard Porterp0f, Got Packets?
2014-03-12Johannes UllrichWordpress "Pingback" DDoS Attacks
2013-12-01Richard PorterBPF, PCAP, Binary, hex, why they matter?
2013-11-27Rob VandenBrinkATM Traffic + TCPDump + Video = Good or Evil?
2013-06-05Richard PorterWireshark 1.10.0 Stable Released http://www.wireshark.org/download.html
2012-11-23Rob VandenBrinkRisk Assessment Reloaded (thanks PCI ! )
2012-10-12Mark HofmanCyber Security Awareness Month - Day 12 PCI DSS
2012-02-22Johannes UllrichHow to test OS X Mountain Lion's Gatekeeper in Lion
2012-01-25Bojan ZdrnjapcAnywhere users – patch now!
2011-10-23Guy Bruneautcpdump and IPv6
2011-08-13Rick Wanner30th Anniversary of the IBM PC - What was your first?
2010-07-20Manuel Humberto Santander PelaeziTunes buffer overflow vulnerability
2010-07-04Manuel Humberto Santander PelaezNew Winpcap Version
2010-03-27Guy BruneauCreate a Summary of IP Addresses from PCAP Files using Unix Tools
2009-11-25Jim ClausingUpdates to my GREM Gold scripts and a new script
2009-08-13Jim ClausingTools for extracting files from pcaps
2009-06-28Guy BruneauIP Address Range Search with libpcap
2008-06-10Swa FrantzenRansomware keybreaking