Internet Storm Center
Sign In
Sign Up
SANS Network Security: Las Vegas Sept 4-9.
Handler on Duty:
Xavier Mertens
Threat Level:
green
Date
Author
Title
2024-10-07
Xavier Mertens
macOS Sequoia: System/Network Admins, Hold On!
2024-04-22
Jan Kopriva
It appears that the number of industrial devices accessible from the internet has risen by 30 thousand over the past three years
2024-01-29
Johannes Ullrich
Exploit Flare Up Against Older Altassian Confluence Vulnerability
2023-05-03
Xavier Mertens
Increased Number of Configuration File Scans
2023-02-22
Johannes Ullrich
Internet Wide Scan Fingerprinting Confluence Servers
2023-02-15
Rob VandenBrink
DNS Recon Redux - Zone Transfers (plus a time machine) for When You Can't do a Zone Transfer
2022-11-14
Jesse La Grew
Extracting 'HTTP CONNECT' Requests with Python
2022-07-19
Johannes Ullrich
Requests For beacon.http-get. Help Us Figure Out What They Are Looking For
2022-05-03
Rob VandenBrink
Finding the Real "Last Patched" Day (Interim Version)
2022-04-29
Rob VandenBrink
Using Passive DNS sources for Reconnaissance and Enumeration
2022-03-13
Didier Stevens
YARA 4.2.0 Released
2022-02-20
Didier Stevens
Video: YARA's Console Module
2022-01-30
Didier Stevens
YARA's Console Module
2021-12-16
Brad Duncan
How the "Contact Forms" campaign tricks people
2021-12-14
Johannes Ullrich
Log4j: Getting ready for the long haul (CVE-2021-44228)
2021-08-19
Johannes Ullrich
When Lightning Strikes. What works and doesn't work.
2021-08-13
Guy Bruneau
Scanning for Microsoft Exchange eDiscovery
2021-07-08
Xavier Mertens
Using Sudo with Python For More Security Controls
2021-05-23
Didier Stevens
Video: Making Sense Of Encrypted Cobalt Strike Traffic
2021-05-12
Jan Kopriva
Number of industrial control systems on the internet is lower then in 2020...but still far from zero
2021-04-22
Xavier Mertens
How Safe Are Your Docker Images?
2021-04-19
Jan Kopriva
Hunting phishing websites with favicon hashes
2021-04-18
Didier Stevens
Decoding Cobalt Strike Traffic
2021-04-12
Didier Stevens
Example of Cleartext Cobalt Strike Traffic (Thanks Brad)
2021-03-07
Didier Stevens
PCAPs and Beacons
2020-12-13
Didier Stevens
KringleCon 2020
2020-09-29
Xavier Mertens
Managing Remote Access for Partners & Contractors
2020-09-17
Xavier Mertens
Suspicious Endpoint Containment with OSSEC
2020-08-04
Johannes Ullrich
Internet Choke Points: Concentration of Authoritative Name Servers
2020-02-27
Xavier Mertens
Offensive Tools Are For Blue Teams Too
2020-01-27
Johannes Ullrich
Network Security Perspective on Coronavirus Preparedness
2020-01-04
Didier Stevens
KringleCon 2019
2019-11-22
Xavier Mertens
Abusing Web Filters Misconfiguration for Reconnaissance
2019-10-19
Russell Eubanks
What Assumptions Are You Making?
2019-09-27
Xavier Mertens
New Scans for Polycom Autoconfiguration Files
2019-09-19
Xavier Mertens
Blocklisting or Whitelisting in the Right Way
2019-07-25
Rob VandenBrink
When Users Attack! Users (and Admins) Thwarting Security Controls
2019-07-18
Rob VandenBrink
The Other Side of Critical Control 1: 802.1x Wired Network Access Controls
2019-03-20
Rob VandenBrink
Using AD to find hosts that aren't in AD - fun with the [IPAddress] construct!
2018-12-22
Didier Stevens
KringleCon 2018
2018-05-30
Bojan Zdrnja
The end of the lock icon
2018-03-12
Xavier Mertens
Payload delivery via SMB
2017-07-24
Russell Eubanks
Trends Over Time
2017-06-10
Russell Eubanks
An Occasional Look in the Rear View Mirror
2017-05-06
Xavier Mertens
The story of the CFO and CEO...
2017-01-13
Xavier Mertens
Who's Attacking Me?
2016-11-23
Tom Webb
Mapping Attack Methodology to Controls
2016-10-08
Russell Eubanks
Unauthorized Change Detected!
2016-09-13
Rob VandenBrink
If it's Free, YOU are the Product
2016-07-26
Johannes Ullrich
Command and Control Channels Using "AAAA" DNS Records
2016-07-15
Xavier Mertens
Name All the Things!
2016-06-01
Xavier Mertens
Docker Containers Logging
2016-04-28
Rob VandenBrink
DNS and DHCP Recon using Powershell
2016-01-09
Xavier Mertens
Virtual Bitlocker Containers
2016-01-01
Didier Stevens
Failure Is An Option
2015-12-21
Daniel Wesemann
Critical Security Controls: Getting to know the unknown
2015-11-04
Richard Porter
Application Aware and Critical Control 2
2015-05-29
Russell Eubanks
Trust But Verify
2015-01-23
Adrien de Beaupre
Infocon change to yellow for Adobe Flash issues
2014-10-13
Lorna Hutcheson
For or Against: Port Security for Network Access Control
2014-09-26
Richard Porter
Why We Have Moved to InfoCon:Yellow
2014-08-17
Rick Wanner
Part 2: Is your home network unwittingly contributing to NTP DDOS attacks?
2014-07-28
Guy Bruneau
Management and Control of Mobile Device Security
2014-06-11
Daniel Wesemann
Help your pilot fly!
2014-05-22
Johannes Ullrich
Discontinuing Support for ISC Alert Task Bar Icon
2014-04-26
Guy Bruneau
Android Users - Beware of Bitcoin Mining Malware
2014-04-14
Kevin Shortt
INFOCon Green: Heartbleed - on the mend
2014-04-11
Guy Bruneau
Heartbleed Fix Available for Download for Cisco Products
2014-02-10
Rob VandenBrink
A Tale of Two Admins (and no Change Control)
2014-01-11
Guy Bruneau
tcpflow 1.4.4 and some of its most Interesting Features
2013-09-02
Guy Bruneau
Multiple Cisco Security Notice
2013-05-01
Daniel Wesemann
The cost of cleaning up
2013-04-25
Adam Swanger
Guest Diary: Dylan Johnson - A week in the life of some Perimeter Firewalls
2013-03-13
Mark Baggett
Wipe the drive! Stealthy Malware Persistence Mechanism - Part 1
2013-02-17
Guy Bruneau
HP ArcSight Connector Appliance and Logger Vulnerabilities
2013-02-16
Lorna Hutcheson
Fedora RedHat Vulnerabilty Released
2013-01-10
Rob VandenBrink
What Else runs Telnets? Or, Pentesters Love Video Conferencing Units Too!
2012-12-31
Manuel Humberto Santander Pelaez
How to determine which NAC solutions fits best to your needs
2012-11-23
Rob VandenBrink
What's in Your Change Control Form?
2012-11-16
Guy Bruneau
VMware security updates for vSphere API and ESX Service Console - http://www.vmware.com/security/advisories/VMSA-2012-0016.html
2012-07-02
Dan Goldberg
Storms of June 29th 2012 in Mid Atlantic region of the USA
2012-03-16
Swa Frantzen
INFOCON Yellow - Microsoft RDP - MS12-020
2011-11-03
Richard Porter
An Apple, Inc. Sandbox to play in.
2011-10-29
Richard Porter
The Sub Critical Control? Evidence Collection
2011-10-28
Daniel Wesemann
Critical Control 20: Security Skills Assessment and Training to fill Gaps
2011-10-28
Russ McRee
Critical Control 19: Data Recovery Capability
2011-10-27
Mark Baggett
Critical Control 18: Incident Response Capabilities
2011-10-26
Rick Wanner
Critical Control 17:Penetration Tests and Red Team Exercises
2011-10-17
Rob VandenBrink
Critical Control 11: Account Monitoring and Control
2011-08-26
Johannes Ullrich
SANS Virginia Beach Conference Canceled. Details: http://www.sans.org/virginia-beach-2011/
2011-08-26
Johannes Ullrich
Some Hurricane Technology Tips
2011-07-03
Deborah Hale
Business Continuation in the Face of Disaster
2011-06-12
Mark Hofman
Cloud thoughts
2010-12-26
Manuel Humberto Santander Pelaez
ISC infocon monitor app for OS X
2010-11-17
Guy Bruneau
Conficker B++ Activated on Nov 15
2010-11-17
Guy Bruneau
Cisco Unified Videoconferencing Affected by Multiple Vulnerabilities
2010-08-22
Rick Wanner
Failure of controls...Spanair crash caused by a Trojan
2010-08-19
Rob VandenBrink
Change is Good. Change is Bad. Change is Life.
2010-08-05
Rob VandenBrink
Access Controls for Network Infrastructure
2010-08-03
Johannes Ullrich
When Lightning Strikes
2010-07-20
Manuel Humberto Santander Pelaez
Lowering infocon back to green
2010-06-14
Manuel Humberto Santander Pelaez
Python on a microcontroller?
2010-06-07
Manuel Humberto Santander Pelaez
Software Restriction Policy to keep malware away
2010-05-22
Rick Wanner
SANS 2010 Digital Forensics Summit - APT Based Forensic Challenge
2010-04-20
Raul Siles
Are You Ready for a Transportation Collapse...?
2010-01-17
Mark Hofman
Why not Yellow?
2009-11-25
Jim Clausing
Updates to my GREM Gold scripts and a new script
2009-11-13
Adrien de Beaupre
Conficker patch via email?
2009-10-22
Adrien de Beaupre
Cyber Security Awareness Month - Day 22 port 502 TCP - Modbus
2009-10-15
Deborah Hale
Yet another round of Viral Spam
2009-09-26
Kyle Haugsness
Conficker detection hints
2009-09-25
Deborah Hale
Conficker Continues to Impact Networks
2009-09-23
Marcus Sachs
Addendum to SRI's Conficker C Analysis Published
2009-07-18
Patrick Nolan
Chrome update contains Security fixes
2009-07-13
Adrien de Beaupre
* Infocon raised to yellow for Excel Web Components ActiveX vulnerability
2009-07-07
Marcus Sachs
* INFOCON Status - staying green
2009-04-20
Jason Lam
Digital Content on TV
2009-04-16
Adrien de Beaupre
Some conficker lessons learned
2009-04-09
Johannes Ullrich
Conficker update with payload
2009-04-09
Jim Clausing
Conficker Working Group site down
2009-04-05
Marcus Sachs
Open Source Conficker-C Scanner/Detector Released
2009-04-02
Handlers
A view from the CWG Trenches
2009-03-30
Daniel Wesemann
Locate Conficker infected hosts with a network scan!
2009-03-29
Chris Carboni
April 1st - What Will Really Happen?
2009-02-13
Andre Ludwig
Third party information on conficker
2009-02-10
Bojan Zdrnja
More tricks from Conficker and VM detection
2009-02-09
Bojan Zdrnja
Some tricks from Conficker's bag
2009-01-16
G. N. White
Conficker.B/Downadup.B/Kido: F-Secure publishes details pertaining to their counting methodology of compromised machines
2009-01-15
Bojan Zdrnja
Conficker's autorun and social engineering
2009-01-12
William Salusky
Downadup / Conficker - MS08-067 exploit and Windows domain account lockout
2008-12-09
Swa Frantzen
Contacting us might be hard today
2008-11-17
Jim Clausing
A new cheat sheet and a contest
2008-10-17
Rick Wanner
Day 18 - Containing Other Incidents
2008-10-15
Rick Wanner
Day 15 - Containing the Damage From a Lost or Stolen Laptop
2008-10-12
Mari Nichols
Day 12 Containment: Gathering Evidence That Can be Used in Court
2008-09-09
Swa Frantzen
Evil side economy: $1 for breaking 1000 CAPTCHAs
2008-09-03
donald smith
New bgp hijack isn't very new.
2008-08-12
Johannes Ullrich
Upcoming Infocon Test and new Color
2008-07-17
Mari Nichols
Adobe Reader 9 Released
2008-03-30
Mark Hofman
Mail Anyone?
2006-10-02
Jim Clausing
Back to green, but the exploits are still running wild
2006-09-30
Swa Frantzen
Yellow: WebViewFolderIcon setslice exploit spreading
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Contact Us
Contact Us
About Us
Handlers
About Us
Slack Channel
Mastodon
Bluesky
X
Follow updates by subscribing to the handler's
diary RSS feed