Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Diaries by Keyword Diaries by Keyword

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Date Author Title

PRIVATE IP

2019-09-05Xavier MertensPrivate IP Addresses in Malware Samples?

PRIVATE

2019-09-05/a>Xavier MertensPrivate IP Addresses in Malware Samples?
2016-09-28/a>Xavier MertensSNMP Pwn3ge
2012-03-20/a>Johannes UllrichA Reminder: Private Key Security
2010-05-12/a>Rob VandenBrinkLayer 2 Security - Private VLANs (the Story Continues ...)

IP

2019-09-27/a>Xavier MertensNew Scans for Polycom Autoconfiguration Files
2019-09-26/a>Rob VandenBrinkMining MAC Address and OUI Information
2019-09-12/a>Xavier MertensRig Exploit Kit Delivering VBScript
2019-09-05/a>Xavier MertensPrivate IP Addresses in Malware Samples?
2019-08-30/a>Xavier MertensMalware Dropping a Local Node.js Instance
2019-08-22/a>Xavier MertensSimple Mimikatz & RDPWrapper Dropper
2019-08-09/a>Xavier Mertens100% JavaScript Phishing Page
2019-06-20/a>Xavier MertensUsing a Travel Packing App for Infosec Purpose
2019-06-10/a>Xavier MertensInteresting JavaScript Obfuscation Example
2019-03-15/a>Remco VerhoefBinary Analysis with Jupyter and Radare2
2019-03-14/a>Didier StevensTip: Ghidra & ZIP Files
2019-02-24/a>Guy BruneauPacket Editor and Builder by Colasoft
2019-02-21/a>Xavier MertensSimple Powershell Keyloggers are Back
2019-02-07/a>Xavier Mertens Phishing Kit with JavaScript Keylogger
2019-01-29/a>Johannes UllrichA Not So Well Done Phish (Why Attackers need to Implement IPv6 Now! ;-) )
2018-12-17/a>Didier StevensPassword Protected ZIP with Maldoc
2018-11-26/a>Russ McReeViperMonkey: VBA maldoc deobfuscation
2018-07-17/a>Xavier MertensSearching for Geographically Improbable Login Attempts
2018-07-13/a>Xavier MertensCryptominer Delivered Though Compromized JavaScript File
2018-06-19/a>Xavier MertensPowerShell: ScriptBlock Logging... Or Not?
2018-06-18/a>Xavier MertensMalicious JavaScript Targeting Mobile Browsers
2018-05-01/a>Xavier MertensDiving into a Simple Maldoc Generator
2018-01-19/a>Jim ClausingFollowup to IPv6 brute force and IPv6 blocking
2018-01-09/a>Jim ClausingAre you watching for brute force attacks on IPv6?
2017-11-17/a>Xavier MertensTop-100 Malicious IP STIX Feed
2017-10-25/a>Mark HofmanDUHK attack, continuing a week of named issues
2017-09-13/a>Rob VandenBrinkNo IPv6? Challenge Accepted! (Part 1)
2017-08-26/a>Didier StevensMalware analysis: searching for dots
2017-08-10/a>Didier StevensMaldoc Analysis with ViperMonkey
2017-07-08/a>Xavier MertensA VBScript with Obfuscated Base64 Data
2017-06-22/a>Xavier MertensObfuscating without XOR
2017-04-02/a>Guy BruneauIPFire - A Household Multipurpose Security Gateway
2017-03-24/a>Xavier MertensNicely Obfuscated JavaScript Sample
2017-03-10/a>Xavier MertensThe Side Effect of GeoIP Filters
2017-03-04/a>Xavier MertensHow your pictures may affect your website reputation
2017-02-28/a>Johannes UllrichMy Catch Of 4 Months In The Amazon IP Address Space
2017-02-12/a>Xavier MertensAnalysis of a Suspicious Piece of JavaScript
2017-02-02/a>Rick WannerMultiple vulnerabilities discovered in popular printer models
2016-12-13/a>Xavier MertensUAC Bypass in JScript Dropper
2016-11-22/a>Didier StevensUpdate:ZIP With Comment
2016-11-21/a>Didier StevensZIP With Comment
2016-09-01/a>Xavier MertensMaxmind.com (Ab)used As Anti-Analysis Technique
2016-08-28/a>Guy BruneauSpam with Obfuscated Javascript
2016-07-26/a>Johannes UllrichCommand and Control Channels Using "AAAA" DNS Records
2016-06-18/a>Rob VandenBrinkControlling JavaScript Malware Before it Runs
2016-04-27/a>Tom WebbKippos Cousin Cowrie
2016-02-20/a>Didier StevensLocky: JavaScript Deobfuscation
2016-02-07/a>Xavier MertensMore Malicious JavaScript Obfuscation
2016-02-06/a>Jim ClausingMore updates to kippo-log2db
2016-02-02/a>Johannes UllrichTargeted IPv6 Scans Using pool.ntp.org .
2016-01-15/a>Xavier MertensJavaScript Deobfuscation Tool
2015-12-22/a>Rick WannerThe other Juniper vulnerability - CVE-2015-7756
2015-08-07/a>Tony CarothersCritical Firefox Update Today
2015-06-02/a>Alex StanfordGuest Diary: Xavier Mertens - Playing with IP Reputation with Dshield & OSSEC
2015-03-12/a>Johannes UllrichWho got the bad SSL Certificate? Using tshark to analyze the SSL handshake.
2015-02-07/a>Jim ClausingUpdate to kippo-log2db.pl
2014-11-10/a>Chris MohanLessons Learn from attacks on Kippo honeypots
2014-09-19/a>Guy BruneauCipherShed Fork from TrueCrypt Project, Support Windows, Mac OS and Linux - https://ciphershed.org
2014-09-03/a>Johannes UllrichF5 BigIP Unauthenticated rsync Vulnerability
2014-08-29/a>Johannes UllrichFalse Positive or Not? Difficult to Analyze Javascript
2014-08-12/a>Adrien de BeaupreHost discovery with nmap
2014-07-23/a>Johannes UllrichNew Feature: "Live" SSH Brute Force Logs and New Kippo Client
2014-07-22/a>Daniel WesemannApp "telemetry"
2014-07-02/a>Johannes UllrichSimple Javascript Extortion Scheme Advertised via Bing
2014-07-01/a>Johannes UllrichMicrosoft No-IP Takedown
2014-06-19/a>Tony CarothersNew Supermicro IPMI/BMC Vulnerability
2014-04-03/a>Bojan ZdrnjaWatching the watchers
2014-03-20/a>Johannes UllrichNormalizing IPv6 Addresses
2014-02-10/a>Rob VandenBrinkIsn't it About Time to Get Moving on Chip and PIN?
2014-01-30/a>Johannes UllrichIPv6 and isc.sans.edu (Update)
2014-01-17/a>Russ McReeMassive RFI scans likely a free web app vuln scanner rather than bots
2014-01-13/a>Johannes UllrichGot an IPv6 Firewall?
2014-01-01/a>Russ McReeSix degrees of celebration: Juniper, ANT, Shodan, Maltego, Cisco, and Tails
2013-12-21/a>Guy BruneauStrange DNS Queries - Request for Packets
2013-12-19/a>Rob VandenBrinkTarget US - Credit Card Data Breach
2013-11-19/a>Jim ClausingUpdated dumpdns.pl
2013-11-06/a>Johannes UllrichRapid7 Discloses IPMI Vulnerabilities
2013-11-04/a>Manuel Humberto Santander PelaezWhen attackers use your DNS to check for the sites you are visiting
2013-10-25/a>Rob VandenBrinkKaspersky flags TCPIP.SYS as Malware
2013-09-05/a>Rob VandenBrinkBuilding Your Own GPU Enabled Private Cloud
2013-09-05/a>Rob VandenBrinkWhat's Next for IPS?
2013-09-02/a>Guy BruneauMultiple Cisco Security Notice
2013-08-07/a>Johannes UllrichFirefox 23 and Mixed Active Content
2013-07-25/a>Johannes UllrichA Couple of SSH Brute Force Compromises
2013-07-20/a>Manuel Humberto Santander PelaezDo you have rogue Internet gateways in your network? Check it with nmap
2013-07-12/a>Johannes UllrichMicrosoft Teredo Server "Sunset"
2013-07-01/a>Manuel Humberto Santander PelaezUsing nmap scripts to enhance vulnerability asessment results
2013-06-12/a>Johannes UllrichStupid Little IPv6 Tricks
2013-05-20/a>Johannes UllrichUbuntu Package available to submit firewall logs to DShield
2013-05-17/a>Johannes UllrichSSL: Another reason not to ignore IPv6
2013-04-23/a>Russ McReeMicrosoft's Security Intelligence Report (SIRv14) released
2013-03-27/a>Adam SwangerIPv6 Focus Month: Guest Diary: Stephen Groat - IPv6 moving target defense
2013-03-25/a>Johannes UllrichIPv6 Focus Month: IPv6 over IPv4 Preference
2013-03-21/a>Jim ClausingIPv6 Focus Month: Guest Diary: Matthew Newton - IPv6 Cat Feeder - Turning those extra bits into bytes, literally
2013-03-19/a>Johannes UllrichIPv6 Focus Month: The warm and fuzzy side of IPv6
2013-03-18/a>Johannes UllrichIPv6 Focus Month: What is changing with DHCP
2013-03-13/a>Johannes UllrichIPv6 Focus Month: Kaspersky Firewall IPv6 Vulnerability
2013-03-12/a>Swa FrantzenIPv6 Focus Month: How to say no!
2013-03-11/a>Richard PorterIPv6 Focus Month: Traffic Testing, Firewalls, ACLs, pt 1
2013-03-09/a>Guy BruneauIPv6 Focus Month: IPv6 Encapsulation - Protocol 41
2013-03-08/a>Johannes UllrichIPv6 Focus Month: Filtering ICMPv6 at the Border
2013-03-07/a>Rob VandenBrinkIPv6 Focus Month: Barriers to Implementing IPv6
2013-03-06/a>Adam SwangerIPv6 Focus Month: Guest Diary: Stephen Groat - Geolocation Using IPv6 Addresses
2013-03-05/a>Mark HofmanIPv6 Focus Month: Device Defaults
2013-03-04/a>Johannes UllrichIPv6 Focus Month: Addresses
2013-03-01/a>Jim ClausingIPv6 Focus Month at the Internet Storm Center
2013-02-11/a>John BambenekIs This Chinese Registrar Really Trying to XSS Me?
2013-02-08/a>Kevin ShorttIs it Spam or Is it Malware?
2013-02-04/a>Russ McReeAn expose of a recent SANS GIAC XSS vulnerability
2013-01-31/a>Johannes UllrichIPv6 Focus Month
2013-01-30/a>Richard PorterGetting Involved with the Local Community
2013-01-25/a>Johannes UllrichVulnerability Scans via Search Engines (Request for Logs)
2013-01-10/a>Rob VandenBrinkWhat Else runs Telnets? Or, Pentesters Love Video Conferencing Units Too!
2012-12-06/a>Johannes UllrichHow to identify if you are behind a "Transparent Proxy"
2012-10-06/a>Manuel Humberto Santander PelaezCyber Security Awareness Month - Day 6 - NERC: The standard that enforces security on power SCADA
2012-10-04/a>Johannes UllrichCyber Security Awareness Month - Day 4: Crypto Standards
2012-09-05/a>Rob VandenBrinkAuditing a Network for VOIP Call Quality Metrics
2012-08-16/a>Johannes UllrichA Poor Man's DNS Anomaly Detection Script
2012-07-21/a>Rick WannerTippingPoint DNS Version Request increase
2012-07-18/a>Rob VandenBrinkSnort Updated today
2012-06-25/a>Guy BruneauUsing JSDetox to Analyze and Deobfuscate Javascript
2012-06-07/a>Johannes UllrichIPMI: Hacking servers that are turned "off"
2012-06-01/a>Johannes UllrichWhat Does "IPv6 Day" mean to you?
2012-05-31/a>Johannes UllrichSCADA@Home: Your health is no secret no more!
2012-05-22/a>Johannes Ullrichnmap 6 released
2012-05-17/a>Johannes UllrichNew IPv6 Video: IPv6 Router Advertisements https://isc.sans.edu/ipv6videos
2012-05-07/a>Guy BruneauiOS 5.1.1 Software Update for iPod, iPhone, iPad
2012-05-06/a>Jim ClausingTool updates and Win 8
2012-04-25/a>Daniel WesemannBlacole's obfuscated JavaScript
2012-01-22/a>Johannes UllrichJavascript DDoS Tool Analysis
2012-01-12/a>Rob VandenBrinkStuff I Learned Scripting - Fun with STDERR
2012-01-03/a>Bojan ZdrnjaThe tale of obfuscated JavaScript continues
2011-12-21/a>Chris MohanThe off switch
2011-12-07/a>Lenny ZeltserV8 as an Alternative to SpiderMonkey for JavaScript Deobfuscation
2011-11-10/a>Rob VandenBrinkStuff I Learned Scripting - - Parsing XML in a One-Liner
2011-11-07/a>Rob VandenBrinkStuff I Learned Scripting - Evaluating a Remote SSL Certificate
2011-11-07/a>Rob VandenBrinkJuniper BGP issues causing locallized Internet Problems
2011-11-04/a>Guy BruneauNew Poll: In the coming 12 months, what is your deployment plan or status with IPv6?
2011-10-23/a>Guy Bruneautcpdump and IPv6
2011-09-29/a>Daniel WesemannThe SSD dilemma
2011-09-09/a>Guy BruneauIPv6 and DNS Sinkhole
2011-08-24/a>Rob VandenBrinkCitrix Access Gateway Cross Site Scripting vulnerability and fix ==> http://support.citrix.com/article/CTX129971
2011-08-22/a>Jim ClausingAre your tools ready for IPv6? (part 2)
2011-08-04/a>Jim ClausingAre your tools ready for IPv6? (part 1)
2011-07-27/a>Johannes UllrichInternet Storm Center iPhone App now available. Feedback/Feature Requests welcome. Search App Store for "ISC Reader"
2011-07-09/a>Tony CarothersCopyright Alert System - What say you?
2011-06-17/a>Richard PorterWhen do you stop owning Technology?
2011-06-09/a>Johannes UllrichIPv6 Day Summary
2011-06-08/a>Johannes UllrichIPv6 Day Started
2011-06-06/a>Manuel Humberto Santander PelaezPhishing: Same goal, same techniques and people still falling for such scams
2011-06-02/a>Johannes UllrichIPv6 RA-Guard: How it works and how to defeat it
2011-06-01/a>Johannes UllrichEnabling Privacy Enhanced Addresses for IPv6
2011-05-03/a>Johannes UllrichAnalyzing Teredo with tshark and Wireshark
2011-04-25/a>Rob VandenBrinkWhat's Your (IP) Address Worth?
2011-04-23/a>Manuel Humberto Santander PelaezImage search can lead to malware download
2011-04-22/a>Manuel Humberto Santander PelaeziPhoneMap: iPhoneTracker port to Linux
2011-04-20/a>Johannes UllrichiPhone GPS Data Storage
2011-04-11/a>Johannes UllrichLayer 2 DoS and other IPv6 Tricks
2011-04-05/a>Johannes UllrichIPv6 MITM via fake router advertisements
2011-02-08/a>Johannes UllrichTippingpoint Releases Details on Unpatched Bugs
2011-02-01/a>Johannes UllrichThe End Of IP As We Know It
2011-01-24/a>Rob VandenBrinkWhere have all the COM Ports Gone? - How enumerating COM ports led to me finding a “misplaced” Microsoft tool
2011-01-05/a>Johannes Ullrichipv6finder : How ready are you for IPv6?
2010-12-02/a>Kevin JohnsonRobert Hansen and our happiness
2010-11-29/a>Stephen HalliPhone phishing - What you see, isn't what you get
2010-11-08/a>Manuel Humberto Santander PelaezNetwork Security Perimeter: How to choose the correct firewall and IPS for your environment?
2010-08-06/a>Rob VandenBrinkFOXIT PDF Reader update to resolve iPhone/iPad Jailbreak issue ==> http://www.foxitsoftware.com/announcements/2010861227.html
2010-08-01/a>Manuel Humberto Santander PelaezEvation because IPS fails to validate TCP checksums?
2010-07-29/a>Rob VandenBrinkNoScript 2.0 released
2010-07-29/a>Rob VandenBrinkFBI, Slovenian and Spanish Police announce more arrests of Mariposa Botnet Creator, Operators
2010-07-04/a>Manuel Humberto Santander PelaezMalware inside PDF Files
2010-06-23/a>Johannes UllrichIPv6 Support in iOS 4
2010-06-15/a>Manuel Humberto Santander PelaezTCP evasions for IDS/IPS
2010-06-15/a>Manuel Humberto Santander PelaeziPhone 4 Order Security Breach Exposes Private Information
2010-06-10/a>Deborah HaleiPad Owners Exposed
2010-04-15/a>Mark HofmanSIP Attacks on internet connected port5060 targeting Asterix servers
2010-03-24/a>Kyle HaugsnessWikipedia outage
2010-03-21/a>Scott FendleySkipfish - Web Application Security Tool
2010-03-05/a>Kyle HaugsnessJavascript obfuscators used in the wild
2010-02-26/a>Rick WannerNIST Guidelines for Secure Deployment of IPv6 - http://csrc.nist.gov/publications/drafts/800-119/draft-sp800-119_feb2010.pdf
2010-02-16/a>Jim ClausingTeredo request for packets
2010-02-16/a>Johannes UllrichTeredo "stray packet" analysis
2010-02-03/a>Rob VandenBrinkAPPLE-SA-2010-02-02-1 iPhone OS 3.1.3 and iPhone OS 3.1.3 for iPod touch
2010-02-02/a>Johannes UllrichNew IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux)
2010-01-19/a>Jim Clausing49Gbps DDoS, IPv4 exhaustion, and DNSSEC, oh my!
2010-01-12/a>Johannes UllrichIPv6 and isc.sans.org
2010-01-06/a>Johannes UllrichDenial of Service Attack Aftermath (and what did Iran have to do with it?)
2010-01-06/a>Johannes UllrichNew Tool: IPv6 conversions http://isc.sans.org/tools/ipv6.html
2009-12-21/a>Marcus SachsiPhone Botnet Analysis
2009-11-09/a>Chris Carboni80's Flashback on Jailbroken iPhones
2009-11-08/a>Bojan ZdrnjaiPhone worm in the wild
2009-10-20/a>Raul SilesCyber Security Awareness Month - Day 20 - Ports 5060 & 5061 - SIP (VoIP)
2009-09-12/a>Jim ClausingApple Updates
2009-09-07/a>Jim ClausingRequest for packets
2009-08-28/a>Adrien de BeaupreWPA with TKIP done
2009-07-31/a>Deborah HaleThe iPhone patch is out
2009-07-30/a>Deborah HaleiPhone Hijack
2009-06-06/a>Patrick NolanARRA/HIPAA Breach Reporting Dates Approaching
2009-05-09/a>Patrick NolanUnusable, Unreadable, or Indecipherable? No Breach reporting required
2009-05-04/a>Tom ListonAdobe Reader/Acrobat Critical Vulnerability
2009-04-30/a>Marcus SachsARIN Notification Concerning IPv6
2009-04-18/a>Johannes UllrichTwitter Packet Challenge Solution
2009-04-07/a>Bojan ZdrnjaAdvanced JavaScript obfuscation (or why signature scanning is a failure)
2009-04-02/a>Bojan ZdrnjaJavaScript insertion and log deletion attack tools
2009-03-24/a>G. N. WhitePSYB0T: A MIPS-device (mipsel) IRC Bot
2009-03-22/a>Mari NicholsDealing with Security Challenges
2009-03-01/a>Jim ClausingCool combination of tools
2009-02-25/a>Andre LudwigAdobe Acrobat pdf 0-day exploit, No JavaScript needed!
2009-02-25/a>Andre LudwigPreview/Iphone/Linux pdf issues
2009-02-13/a>Kevin ListonCanada Calling
2008-12-13/a>Jim ClausingFollowup from last shift and some research to do.
2008-11-17/a>Jim ClausingHow are you coming with that IPv6 migration?
2008-10-20/a>Johannes UllrichFraudulent ATM Reactivation Phone Calls.
2008-10-01/a>Rick WannerHandler Mailbag
2008-09-10/a>Adrien de BeaupreApple updates iPod Touch + Bonjour for Windows
2008-09-08/a>Raul SilesVoIP Attacks: Reverse Vhising, SEO and Phone Number Authentication
2008-07-14/a>Daniel WesemannObfuscated JavaScript Redux
2008-07-11/a>Jim ClausingHandling the load
2008-06-30/a>Marcus SachsMore SQL Injection with Fast Flux hosting
2008-06-18/a>Chris CarboniCisco Security Advisory
2008-05-20/a>Raul SilesList of malicious domains inserted through SQL injection
2008-04-29/a>Bojan ZdrnjaScripts in ASF files
2008-04-06/a>Daniel WesemannAdvanced obfuscated JavaScript analysis
2008-04-03/a>Bojan ZdrnjaMixed (VBScript and JavaScript) obfuscation