Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Diaries by Keyword Diaries by Keyword

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Date Author Title

LIVING OFF THE LAND

2020-04-16Johannes UllrichUsing AppLocker to Prevent Living off the Land Attacks

LIVING

2020-04-16/a>Johannes UllrichUsing AppLocker to Prevent Living off the Land Attacks

OFF

2021-11-28/a>Didier StevensVideo: YARA Rules for Office Maldocs
2021-11-23/a>Didier StevensYARA Rule for OOXML Maldocs: Less False Positives
2021-09-08/a>Johannes UllrichMicrosoft Offers Workaround for 0-Day Office Vulnerability (CVE-2021-40444)
2020-12-12/a>Didier StevensOffice 95 Excel 4 Macros
2020-11-08/a>Didier StevensQuick Tip: Extracting all VBA Code from a Maldoc
2020-09-23/a>Xavier MertensMalicious Word Document with Dynamic Content
2020-08-20/a>Rob VandenBrinkOffice 365 Mail Forwarding Rules (and other Mail Rules too)
2020-04-16/a>Johannes UllrichUsing AppLocker to Prevent Living off the Land Attacks
2020-02-21/a>Xavier MertensQuick Analysis of an Encrypted Compound Document Format
2019-12-28/a>Didier StevensCorrupt Office Documents
2019-12-09/a>Didier Stevens(Lazy) Sunday Maldoc Analysis
2019-07-16/a>Russ McReeCommando VM: The Complete Mandiant Offensive VM
2019-04-07/a>Guy BruneauFake Office 365 Payment Information Update
2019-04-01/a>Didier StevensAnalysis of PDFs Created with OpenOffice/LibreOffice
2018-12-13/a>Xavier MertensPhishing Attack Through Non-Delivery Notification
2018-10-10/a>Xavier MertensNew Campaign Using Old Equation Editor Vulnerability
2018-09-04/a>Rob VandenBrinkLet's Trade: You Read My Email, I'll Read Your Password!
2018-05-25/a>Xavier MertensAntivirus Evasion? Easy as 1,2,3
2018-05-01/a>Xavier MertensDiving into a Simple Maldoc Generator
2017-12-16/a>Xavier MertensMicrosoft Office VBA Macro Obfuscation via Metadata
2017-11-15/a>Xavier MertensIf you want something done right, do it yourself!
2017-04-28/a>Xavier MertensAnother Day, Another Obfuscation Technique
2017-01-31/a>Johannes UllrichMalicious Office files using fileless UAC bypass to drop KEYBASE malware
2016-09-30/a>Xavier MertensAnother Day, Another Malicious Behaviour
2016-07-19/a>Didier StevensOffice Maldoc: Let's Focus on the VBA Macros Later...
2016-06-09/a>Xavier MertensOffensive or Defensive Security? Both!
2016-01-24/a>Didier StevensObfuscated MIME Files
2015-02-20/a>Tom WebbFast analysis of a Tax Scam
2015-02-19/a>Daniel WesemannMacros? Really?!
2014-07-10/a>Rob VandenBrinkCertificate Errors in Office 365 Today
2014-06-22/a>Russ McReeOfficeMalScanner helps identify the source of a compromise
2013-11-05/a>Daniel WesemannTIFF images in MS-Office documents used in targeted attacks
2012-09-14/a>Lenny ZeltserAnalyzing Malicious RTF Files Using OfficeMalScanner's RTFScan
2012-06-04/a>Lenny ZeltserDecoding Common XOR Obfuscation in Malicious Code
2011-01-28/a>Guy BruneauOpenOffice Security Fixes
2010-10-26/a>Pedro BuenoCyber Security Awareness Month - Day 26 - Sharing Office Files
2010-06-05/a>Guy BruneauOpenOffice.org 3.2.1 Fixes Bugs and Vulnerabilities
2010-02-22/a>Rob VandenBrinkMultiple Security Updates for OpenOffice ==> http://www.openoffice.org/security/bulletin.html
2010-01-08/a>Rob VandenBrinkMicrosoft OfficeOnline, Searching for Trust and Malware
2009-07-16/a>Bojan ZdrnjaOWC exploits used in SQL injection attacks
2009-07-13/a>Adrien de BeaupreVulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution

THE

2021-11-08/a>Xavier Mertens(Ab)Using Security Tools & Controls for the Bad
2021-10-18/a>Xavier MertensMalicious PowerShell Using Client Certificate Authentication
2021-06-24/a>Xavier MertensDo you Like Cookies? Some are for sale!
2021-05-29/a>Guy BruneauSpear-phishing Email Targeting Outlook Mail Clients
2020-04-16/a>Johannes UllrichUsing AppLocker to Prevent Living off the Land Attacks
2019-11-11/a>Johannes UllrichAre We Going Back to TheMoon (and How is Liquor Involved)?
2019-07-10/a>Rob VandenBrinkDumping File Contents in Hex (in PowerShell)
2019-01-30/a>Russ McReeCR19-010: The United States vs. Huawei
2018-11-20/a>Xavier MertensQuerying DShield from Cortex
2018-11-11/a>Pasquale StirparoCommunity contribution: joining forces or multiply solutions?
2018-06-04/a>Rob VandenBrinkDigging into Authenticode Certificates
2017-12-05/a>Tom WebbIR using the Hive Project.
2017-09-18/a>Johannes UllrichSANS Securingthehuman posted a follow up to their Equifax breach webcast: https://securingthehuman.sans.org/blog/2017/09/15/equifax-webcast-follow-up
2017-01-11/a>Johannes UllrichJanuary 2017 Edition of Ouch! Security Awareness Newsletter Released: https://securingthehuman.sans.org/ouch
2016-11-02/a>Rob VandenBrinkWhat Does a Pentest Look Like?
2016-10-07/a>Rick WannerFirst Hurricane Matthew related Phish
2016-09-15/a>Xavier MertensIn Need of a OTP Manager Soon?
2016-05-02/a>Rick WannerLean Threat Intelligence
2015-12-15/a>Russ McReeSecurity Management vs Chaos: Understanding the Butterfly Effect to Manage Outcomes & Reduce Chaos
2015-09-23/a>Daniel WesemannMaking our users unlearn what we taught them
2015-08-16/a>Guy BruneauAre you a "Hunter"?
2015-02-06/a>Johannes UllrichAnthem, TurboTax and How Things "Fit Together" Sometimes
2014-07-02/a>Johannes UllrichJuly Ouch! Security Awareness Newsletter Released. E-mail Do's and Don'ts http://www.securingthehuman.org/resources/newsletters/ouch/2014#july2014
2014-03-13/a>Daniel WesemannIdentification and authentication are hard ... finding out intention is even harder
2014-02-18/a>Johannes UllrichMore Details About "TheMoon" Linksys Worm
2014-02-05/a>Johannes UllrichSANS Ouch Security Awareness Newsletter What is Malware http://www.securingthehuman.org/ouch
2013-12-20/a>Daniel Wesemannauthorized key lime pie
2013-11-13/a>Johannes UllrichPacket Challenge for the Hivemind: What's happening with this Ethernet header?
2013-09-18/a>Rob VandenBrinkCisco DCNM Update Released
2013-09-09/a>Johannes UllrichSSL is broken. So what?
2013-09-05/a>Rob VandenBrinkBuilding Your Own GPU Enabled Private Cloud
2013-08-09/a>Kevin ShorttCopy Machines - Changing Scanned Content
2013-03-23/a>Guy BruneauApple ID Two-step Verification Now Available in some Countries
2013-02-06/a>Johannes UllrichIntel Network Card (82574L) Packet of Death
2013-02-04/a>Adam SwangerSAN Securing The Human Monthly Awareness Video - Advanced Persistent Threat (APT) http://www.securingthehuman.org/resources/ncsam
2012-10-26/a>Adam SwangerSecuring the Human Special Webcast - October 30, 2012
2012-07-10/a>Rob VandenBrinkToday at SANSFIRE (09 July 2012) - ISC Panel Discussion on the State of the Internet
2012-07-02/a>Dan GoldbergStorms of June 29th 2012 in Mid Atlantic region of the USA
2011-05-18/a>Bojan ZdrnjaAndroid, HTTP and authentication tokens
2011-04-28/a>Chris MohanGathering and use of location information fears - or is it all a bit too late
2011-04-11/a>Johannes UllrichLayer 2 DoS and other IPv6 Tricks
2011-01-12/a>Richard PorterHas Big Brother gone Global?
2010-12-21/a>Rob VandenBrinkNetwork Reliability, Part 2 - HSRP Attacks and Defenses
2010-09-21/a>Johannes UllrichImplementing two Factor Authentication on the Cheap
2010-07-24/a>Manuel Humberto Santander PelaezTransmiting logon information unsecured in the network
2010-07-21/a>Adrien de BeaupreDell PowerEdge R410 replacement motherboard firmware contains malware
2010-03-10/a>Rob VandenBrinkMicrosoft re-release of KB973811 - attacks on Extended Protection for Authentication
2010-02-09/a>Adrien de BeaupreWhen is a 0day not a 0day? Samba symlink bad default config
2009-11-11/a>Rob VandenBrinkLayer 2 Network Protections against Man in the Middle Attacks
2008-10-15/a>Rick WannerDay 15 - Containing the Damage From a Lost or Stolen Laptop
2006-10-05/a>John BambenekThere are no more Passive Exploits
2006-09-29/a>Kevin ListonA Report from the Field

LAND

2020-04-16/a>Johannes UllrichUsing AppLocker to Prevent Living off the Land Attacks
2010-02-06/a>Guy BruneauLANDesk Management Gateway Vulnerability
2008-08-09/a>Deborah HaleCleveland Outage