Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Diaries by Keyword Diaries by Keyword

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Date Author Title

QUASAR RAT

2019-09-25Brad DuncanMalspam pushing Quasar RAT

QUASAR

2019-09-25/a>Brad DuncanMalspam pushing Quasar RAT

RAT

2020-10-14/a>Xavier MertensNicely Obfuscated Python RAT
2020-09-30/a>Johannes UllrichScans for FPURL.xml: Reconnaissance or Not?
2020-09-28/a>Xavier MertensSome Tyler Technologies Customers Targeted with The Installation of a Bomgar Client
2020-08-25/a>Xavier MertensKeep An Eye on LOLBins
2020-08-18/a>Xavier MertensUsing API's to Track Attackers
2020-08-10/a>Bojan ZdrnjaScoping web application and web service penetration tests
2020-08-04/a>Johannes UllrichInternet Choke Points: Concentration of Authoritative Name Servers
2020-05-14/a>Rob VandenBrinkPatch Tuesday Revisited - CVE-2020-1048 isn't as "Medium" as MS Would Have You Believe
2020-04-17/a>Xavier MertensWeaponized RTF Document Generator & Mailer in PowerShell
2020-02-05/a>Brad DuncanFake browser update pages are "still a thing"
2020-01-10/a>Xavier MertensMore Data Exfiltration
2019-10-29/a>Xavier MertensGenerating PCAP Files from YAML
2019-09-27/a>Xavier MertensNew Scans for Polycom Autoconfiguration Files
2019-09-25/a>Brad DuncanMalspam pushing Quasar RAT
2019-09-19/a>Xavier MertensAgent Tesla Trojan Abusing Corporate Email Accounts
2019-09-19/a>Xavier MertensBlocklisting or Whitelisting in the Right Way
2019-04-26/a>Rob VandenBrinkPillaging Passwords from Service Accounts
2019-04-24/a>Rob VandenBrinkWhere have all the Domain Admins gone? Rooting out Unwanted Domain Administrators
2019-03-06/a>Xavier MertensKeep an Eye on Disposable Email Addresses
2018-11-27/a>Rob VandenBrinkData Exfiltration in Penetration Tests
2018-09-19/a>Rob VandenBrinkCertificates Revisited - SSL VPN Certificates 2 Ways
2018-09-05/a>Rob VandenBrinkWhere have all my Certificates gone? (And when do they expire?)
2018-08-24/a>Xavier MertensMicrosoft Publisher Files Delivering Malware
2018-06-15/a>Lorna HutchesonSMTP Strangeness - Possible C2
2018-05-19/a>Xavier MertensMalicious Powershell Targeting UK Bank Customers
2018-05-10/a>Bojan ZdrnjaExfiltrating data from (very) isolated environments
2017-12-13/a>Xavier MertensTracking Newly Registered Domains
2017-11-03/a>Xavier MertensSimple Analysis of an Obfuscated JAR File
2017-08-17/a>Xavier MertensMaldoc with auto-updated link
2017-06-08/a>Tom WebbSummer STEM for Kids
2017-05-10/a>Johannes UllrichRead This If You Are Using a Script to Pull Data From This Site
2017-04-20/a>Xavier MertensDNS Query Length... Because Size Does Matter
2016-09-04/a>Russ McReeKali Linux 2016.2 Release: https://www.kali.org/news/kali-linux-20162-release/
2016-07-26/a>Johannes UllrichCommand and Control Channels Using "AAAA" DNS Records
2016-06-15/a>Richard PorterWarp Speed Ahead, L7 Open Source Packet Generator: Warp17
2016-04-02/a>Russell EubanksWhy Can't We Be Friends?
2015-12-24/a>Xavier MertensUnity Makes Strength
2015-11-09/a>John BambenekProtecting Users and Enterprises from the Mobile Malware Threat
2015-09-03/a>Xavier MertensQuerying the DShield API from RTIR
2014-08-22/a>Richard PorterOCLHashCat 1.30 Released
2014-08-09/a>Adrien de BeaupreComplete application ownage via Multi-POST XSRF
2014-07-19/a>Russ McReeKeeping the RATs out: the trap is sprung - Part 3
2014-07-18/a>Russ McReeKeeping the RATs out: **it happens - Part 2
2014-07-16/a>Russ McReeKeeping the RATs out: an exercise in building IOCs - Part 1
2014-03-13/a>Daniel WesemannIdentification and authentication are hard ... finding out intention is even harder
2013-06-18/a>Russ McReeVolatility rules...any questions?
2013-04-25/a>Adam SwangerGuest Diary: Dylan Johnson - A week in the life of some Perimeter Firewalls
2013-04-17/a>John BambenekUPDATEDx1: Boston-Related Malware Campaigns Have Begun - Now with Waco Plant Explosion Fun
2013-04-16/a>John BambenekFake Boston Marathon Scams Update
2013-04-15/a>John BambenekPlease send any spam (full headers), URLs or other suspicious content scamming off Boston Marathon explosions to handlers@sans.org
2013-03-03/a>Richard PorterUptick in MSSQL Activity
2013-02-06/a>Johannes UllrichAre you losing system logging information (and don't know it)?
2012-10-30/a>Mark HofmanCyber Security Awareness Month - Day 30 - DSD 35 mitigating controls
2012-05-22/a>Johannes Ullrichnmap 6 released
2012-01-03/a>Rick WannerAnalysis of the Stratfor Password List
2011-12-25/a>Deborah HaleAnother Company Falls Victim
2011-10-26/a>Rick WannerCritical Control 17:Penetration Tests and Red Team Exercises
2010-10-03/a>Adrien de BeaupreCanada's Cyber Security Strategy released today
2010-08-23/a>Manuel Humberto Santander PelaezFirefox plugins to perform penetration testing activities
2010-08-16/a>Raul SilesBlind Elephant: A New Web Application Fingerprinting Tool
2010-07-08/a>Kyle HaugsnessPirate Bay account database compromised
2010-06-06/a>Manuel Humberto Santander PelaezNice OS X exploit tutorial
2010-04-13/a>Adrien de BeaupreWeb App Testing Tools
2010-03-06/a>Tony CarothersIntegration and the Security of New Technologies
2010-02-22/a>Rob VandenBrinkNew Risks in Penetration Testing
2009-07-27/a>Raul SilesNew Hacker Challenge: Prison Break - Breaking, Entering & Decoding
2009-04-21/a>Bojan ZdrnjaWeb application vulnerabilities
2009-01-20/a>Adrien de BeaupreObamamania
2008-11-25/a>Andre LudwigThe beginnings of a collaborative approach to IDS
2008-09-20/a>Rick WannerNew (to me) nmap Features
2008-07-18/a>Adrien de BeaupreExit process?
2008-03-30/a>Mark HofmanMail Anyone?