Internet Storm Center
Sign In
Sign Up
SANS Network Security: Las Vegas Sept 4-9.
Handler on Duty:
Xavier Mertens
Threat Level:
green
Date
Author
Title
RED CROSS
2022-03-07
Johannes Ullrich
No Bitcoin - No Problem: Follow Up to Last Weeks Donation Scam
2022-03-04
Johannes Ullrich
Scam E-Mail Impersonating Red Cross
RED
2024-08-26/a>
Xavier Mertens
From Highly Obfuscated Batch File to XWorm and Redline
2024-08-14/a>
Xavier Mertens
Multiple Malware Dropped Through MSI Package
2024-05-22/a>
Guy Bruneau
Analysis of ?redtail? File Uploads to ICS Honeypot, a Multi-Architecture Coin Miner [Guest Diary]
2024-05-15/a>
Rob VandenBrink
Got MFA? If not, Now is the Time!
2024-03-10/a>
Guy Bruneau
What happens when you accidentally leak your AWS API keys? [Guest Diary]
2024-03-07/a>
Jesse La Grew
[Guest Diary] AWS Deployment Risks - Configuration and Credential File Targeting
2023-11-15/a>
Xavier Mertens
Redline Dropped Through MSIX Package
2023-10-29/a>
Guy Bruneau
Spam or Phishing? Looking for Credentials & Passwords
2023-08-04/a>
Xavier Mertens
Are Leaked Credentials Dumps Used by Attackers?
2022-10-04/a>
Johannes Ullrich
Credential Harvesting with Telegram API
2022-09-15/a>
Xavier Mertens
Malicious Word Document with a Frameset
2022-07-08/a>
Johannes Ullrich
ISC Website Redesign
2022-03-10/a>
Xavier Mertens
Credentials Leaks on VirusTotal
2022-03-07/a>
Johannes Ullrich
No Bitcoin - No Problem: Follow Up to Last Weeks Donation Scam
2022-03-04/a>
Johannes Ullrich
Scam E-Mail Impersonating Red Cross
2022-01-20/a>
Xavier Mertens
RedLine Stealer Delivered Through FTP
2022-01-16/a>
Guy Bruneau
10 Most Popular Targeted Ports in the Past 3 Weeks
2021-11-08/a>
Xavier Mertens
(Ab)Using Security Tools & Controls for the Bad
2021-06-18/a>
Daniel Wesemann
Open redirects ... and why Phishers love them
2021-05-29/a>
Guy Bruneau
Spear-phishing Email Targeting Outlook Mail Clients
2021-03-06/a>
Xavier Mertens
Spotting the Red Team on VirusTotal!
2020-11-18/a>
Xavier Mertens
When Security Controls Lead to Security Issues
2020-07-16/a>
John Bambenek
Hunting for SigRed Exploitation
2020-07-15/a>
Johannes Ullrich
PATCH NOW - SIGRed - CVE-2020-1350 - Microsoft DNS Server Vulnerability
2020-04-27/a>
Xavier Mertens
Powershell Payload Stored in a PSCredential Object
2020-02-27/a>
Xavier Mertens
Offensive Tools Are For Blue Teams Too
2020-02-25/a>
Jan Kopriva
Quick look at a couple of current online scam campaigns
2019-11-29/a>
Russ McRee
ISC Snapshot: Search with SauronEye
2019-11-09/a>
Guy Bruneau
Fake Netflix Update Request by Text
2019-11-08/a>
Xavier Mertens
Microsoft Apps Diverted from Their Main Use
2019-08-28/a>
Johannes Ullrich
[Guest Diary] Open Redirect: A Small But Very Common Vulnerability
2019-08-21/a>
Russ McRee
KAPE: Kroll Artifact Parser and Extractor
2019-07-16/a>
Russ McRee
Commando VM: The Complete Mandiant Offensive VM
2019-04-05/a>
Russ McRee
Beagle: Graph transforms for DFIR data & logs
2018-10-17/a>
Russ McRee
RedHunt Linux - Adversary Emulation, Threat Hunting & Intelligence
2018-03-08/a>
Xavier Mertens
CRIMEB4NK IRC Bot
2017-12-27/a>
Guy Bruneau
What are your Security Challenges for 2018?
2016-09-09/a>
Xavier Mertens
Collecting Users Credentials from Locked Devices
2016-06-29/a>
Xavier Mertens
Phishing Campaign with Blurred Images
2016-01-05/a>
Guy Bruneau
What are you Concerned the Most in 2016?
2015-05-23/a>
Guy Bruneau
Business Value in "Big Data"
2015-03-18/a>
Daniel Wesemann
Pass the hash!
2015-01-31/a>
Guy Bruneau
Beware of Phishing and Spam Super Bowl Fans!
2014-11-24/a>
Richard Porter
Someone is using this? PoS: Compressor
2014-09-12/a>
Chris Mohan
Are credential dumps worth reviewing?
2014-07-03/a>
Johannes Ullrich
Credit Card Processing in 700 Words or Less
2014-06-13/a>
Richard Porter
A welcomed response, PF Chang's
2013-12-19/a>
Rob VandenBrink
Target US - Credit Card Data Breach
2013-09-23/a>
Rob VandenBrink
How do you spell "PSK"?
2013-07-12/a>
Johannes Ullrich
DNS resolution is failing for Microsofts Teredo server (teredo.ipv6.microsoft.com)
2013-07-12/a>
Johannes Ullrich
Microsoft Teredo Server "Sunset"
2013-03-09/a>
Guy Bruneau
IPv6 Focus Month: IPv6 Encapsulation - Protocol 41
2013-02-21/a>
Pedro Bueno
NBC site redirecting to Exploit kit
2011-05-03/a>
Johannes Ullrich
Analyzing Teredo with tshark and Wireshark
2011-01-03/a>
Johannes Ullrich
What Will Matter in 2011
2010-07-24/a>
Manuel Humberto Santander Pelaez
Transmiting logon information unsecured in the network
2010-06-15/a>
Manuel Humberto Santander Pelaez
Mastercard delivering cards with OTP device included
2010-04-22/a>
John Bambenek
Data Redaction: You're Doing it Wrong
2010-02-16/a>
Jim Clausing
Teredo request for packets
2010-02-16/a>
Johannes Ullrich
Teredo "stray packet" analysis
2009-07-28/a>
Adrien de Beaupre
YYAMCCBA
2009-05-18/a>
Rick Wanner
JSRedir-R/Gumblar badness
CROSS
2022-03-07/a>
Johannes Ullrich
No Bitcoin - No Problem: Follow Up to Last Weeks Donation Scam
2022-03-04/a>
Johannes Ullrich
Scam E-Mail Impersonating Red Cross
2014-08-09/a>
Adrien de Beaupre
Complete application ownage via Multi-POST XSRF
2013-02-11/a>
John Bambenek
Is This Chinese Registrar Really Trying to XSS Me?
2013-02-04/a>
Russ McRee
An expose of a recent SANS GIAC XSS vulnerability
2013-01-25/a>
Johannes Ullrich
Vulnerability Scans via Search Engines (Request for Logs)
2011-08-24/a>
Rob VandenBrink
Citrix Access Gateway Cross Site Scripting vulnerability and fix ==> http://support.citrix.com/article/CTX129971
2009-07-17/a>
John Bambenek
Cross-Platform, Cross-Browser DoS Vulnerability
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Contact Us
Contact Us
About Us
Handlers
About Us
Slack Channel
Mastodon
Bluesky
X
Keep yourself informed with our
aggregate InfoSec news