Internet Storm Center
Sign In
Sign Up
Handler on Duty:
Johannes Ullrich
Threat Level:
green
Date
Author
Title
NSE SCRIPT
2024-05-22
Rob VandenBrink
NMAP Scanning without Scanning (Part 2) - The ipinfo API
NSE
2024-05-22/a>
Rob VandenBrink
NMAP Scanning without Scanning (Part 2) - The ipinfo API
2023-10-03/a>
Tom Webb
Are Local LLMs Useful in Incident Response?
2023-06-30/a>
Yee Ching Tok
DShield pfSense Client Update
2023-04-27/a>
Johannes Ullrich
SANS.edu Research Journal: Volume 3
2023-03-07/a>
Johannes Ullrich
Hackers Love This VSCode Extension: What You Can Do to Stay Safe
2023-02-01/a>
Jesse La Grew
Rotating Packet Captures with pfSense
2023-01-31/a>
Jesse La Grew
DShield Honeypot Setup with pfSense
2023-01-26/a>
Tom Webb
Live Linux IR with UAC
2022-06-15/a>
Johannes Ullrich
Terraforming Honeypots. Installing DShield Sensors in the Cloud
2022-06-02/a>
Johannes Ullrich
Quick Answers in Incident Response: RECmd.exe
2021-12-06/a>
Xavier Mertens
The Importance of Out-of-Band Networks
2021-02-15/a>
Johannes Ullrich
Securing and Optimizing Networks: Using pfSense Traffic Shaper Limiters to Combat Bufferbloat
2021-01-25/a>
Rob VandenBrink
Fun with NMAP NSE Scripts and DOH (DNS over HTTPS)
2020-09-17/a>
Xavier Mertens
Suspicious Endpoint Containment with OSSEC
2020-07-23/a>
Xavier Mertens
Simple Blocklisting with MISP & pfSense
2020-05-08/a>
Xavier Mertens
Using Nmap As a Lightweight Vulnerability Scanner
2020-05-07/a>
Bojan Zdrnja
Scanning with nmap?s NSE scripts
2020-02-16/a>
Guy Bruneau
SOAR or not to SOAR?
2019-08-25/a>
Guy Bruneau
Are there any Advantages of Buying Cyber Security Insurance?
2018-12-19/a>
Xavier Mertens
Using OSSEC Active-Response as a DFIR Framework
2017-12-05/a>
Tom Webb
IR using the Hive Project.
2017-09-17/a>
Guy Bruneau
rockNSM as a Incident Response Package
2017-06-17/a>
Guy Bruneau
Mapping Use Cases to Logs. Which Logs are the Most Important to Collect?
2017-01-05/a>
John Bambenek
New Year's Resolution: Build Your Own Malware Lab?
2016-08-24/a>
Tom Webb
Stay on Track During IR
2016-02-11/a>
Tom Webb
Tomcat IR with XOR.DDoS
2015-11-09/a>
John Bambenek
ICYMI: Widespread Unserialize Vulnerability in Java
2015-03-07/a>
Guy Bruneau
Should it be Mandatory to have an Independent Security Audit after a Breach?
2014-12-24/a>
Rick Wanner
Incident Response at Sony
2014-12-01/a>
Guy Bruneau
Do you have a Data Breach Response Plan?
2014-04-04/a>
Rob VandenBrink
Dealing with Disaster - A Short Malware Incident Response
2014-01-23/a>
Chris Mohan
Learning from the breaches that happens to others Part 2
2014-01-22/a>
Chris Mohan
Learning from the breaches that happens to others
2013-11-22/a>
Rick Wanner
Port 0 DDOS
2013-10-05/a>
Richard Porter
Adobe Breach Notification, Notifications?
2013-07-12/a>
Johannes Ullrich
Microsoft Teredo Server "Sunset"
2013-03-18/a>
Kevin Shortt
Cisco IOS Type 4 Password Issue: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4
2013-03-02/a>
Scott Fendley
Evernote Security Issue
2012-11-16/a>
Manuel Humberto Santander Pelaez
Information Security Incidents are now a concern for colombian government
2012-04-23/a>
Russ McRee
Emergency Operations Centers & Security Incident Management: A Correlation
2011-10-28/a>
Russ McRee
Critical Control 19: Data Recovery Capability
2011-10-27/a>
Mark Baggett
Critical Control 18: Incident Response Capabilities
2011-07-25/a>
Chris Mohan
Monday morning incident handler practice
2011-07-09/a>
Chris Mohan
Safer Windows Incident Response
2011-05-14/a>
Guy Bruneau
Websense Study Claims Canada Next Hotbed for Cybercrime Web Hosting Activity
2011-04-25/a>
Rob VandenBrink
Sony PlayStation Network Outage - Day 5
2011-04-01/a>
John Bambenek
LizaMoon Mass SQL-Injection Attack Infected at least 500k Websites
2011-03-25/a>
Kevin Liston
APT Tabletop Exercise
2010-10-18/a>
Manuel Humberto Santander Pelaez
Cyber Security Awareness Month - Day 18 - What you should tell your boss when there's a crisis
2010-09-04/a>
Kevin Liston
Investigating Malicious Website Reports
2010-07-24/a>
Manuel Humberto Santander Pelaez
Transmiting logon information unsecured in the network
2010-05-07/a>
Rob VandenBrink
Security Awareness – Many Audiences, Many Messages (Part 2)
2010-03-25/a>
Kevin Liston
Responding to "Copyright Lawsuit filed against you"
2010-03-21/a>
Chris Carboni
Responding To The Unexpected
2010-01-22/a>
Mari Nichols
Pass-down for a Successful Incident Response
2010-01-08/a>
Rob VandenBrink
Microsoft OfficeOnline, Searching for Trust and Malware
2009-06-11/a>
Rick Wanner
MIR-ROR Motile Incident Response - Respond Objectively Remediate
2009-05-01/a>
Adrien de Beaupre
Incident Management
2009-04-16/a>
Adrien de Beaupre
Incident Response vs. Incident Handling
2009-04-02/a>
Bojan Zdrnja
JavaScript insertion and log deletion attack tools
2009-03-24/a>
G. N. White
CanSecWest Pwn2Own: Would IE8 have been exploitable had the event waited one more day?
2009-03-19/a>
Mark Hofman
Browsers Tumble at CanSecWest
SCRIPT
2024-08-26/a>
Xavier Mertens
From Highly Obfuscated Batch File to XWorm and Redline
2024-05-22/a>
Rob VandenBrink
NMAP Scanning without Scanning (Part 2) - The ipinfo API
2024-03-28/a>
Xavier Mertens
From JavaScript to AsyncRAT
2024-02-21/a>
Jan Kopriva
Phishing pages hosted on archive.org
2024-01-12/a>
Xavier Mertens
One File, Two Payloads
2023-11-17/a>
Jan Kopriva
Phishing page with trivial anti-analysis features
2023-08-23/a>
Xavier Mertens
More Exotic Excel Files Dropping AgentTesla
2023-05-20/a>
Xavier Mertens
Phishing Kit Collecting Victim's IP Address
2022-11-04/a>
Xavier Mertens
Remcos Downloader with Unicode Obfuscation
2022-08-11/a>
Xavier Mertens
InfoStealer Script Based on Curl and NSudo
2022-06-16/a>
Xavier Mertens
Houdini is Back Delivered Through a JavaScript Dropper
2022-06-01/a>
Jan Kopriva
HTML phishing attachments - now with anti-analysis features
2022-05-09/a>
Xavier Mertens
Octopus Backdoor is Back with a New Embedded Obfuscated Bat File
2022-01-18/a>
Jan Kopriva
Phishing e-mail with...an advertisement?
2022-01-04/a>
Xavier Mertens
A Simple Batch File That Blocks People
2021-11-18/a>
Xavier Mertens
JavaScript Downloader Delivers Agent Tesla Trojan
2021-10-21/a>
Brad Duncan
"Stolen Images Evidence" campaign pushes Sliver-based malware
2021-09-17/a>
Xavier Mertens
Malicious Calendar Subscriptions Are Back?
2021-05-28/a>
Xavier Mertens
Malicious PowerShell Hosted on script.google.com
2021-05-22/a>
Xavier Mertens
"Serverless" Phishing Campaign
2021-05-18/a>
Xavier Mertens
From RunDLL32 to JavaScript then PowerShell
2021-04-28/a>
Xavier Mertens
Deeper Analyzis of my Last Malicious PowerPoint Add-On
2021-03-19/a>
Xavier Mertens
Pastebin.com Used As a Simple C2 Channel
2020-11-13/a>
Xavier Mertens
Old Worm But New Obfuscation Technique
2020-11-09/a>
Xavier Mertens
How Attackers Brush Up Their Malicious Scripts
2020-07-24/a>
Xavier Mertens
Compromized Desktop Applications by Web Technologies
2020-06-11/a>
Xavier Mertens
Anti-Debugging JavaScript Techniques
2020-06-08/a>
Didier Stevens
Translating BASE64 Obfuscated Scripts
2020-05-08/a>
Xavier Mertens
Using Nmap As a Lightweight Vulnerability Scanner
2020-03-27/a>
Xavier Mertens
Malicious JavaScript Dropping Payload in the Registry
2020-02-22/a>
Xavier Mertens
Simple but Efficient VBScript Obfuscation
2020-02-07/a>
Xavier Mertens
Sandbox Detection Tricks & Nice Obfuscation in a Single VBScript
2019-09-26/a>
Rob VandenBrink
Mining MAC Address and OUI Information
2019-08-30/a>
Xavier Mertens
Malware Dropping a Local Node.js Instance
2019-08-22/a>
Xavier Mertens
Simple Mimikatz & RDPWrapper Dropper
2019-08-09/a>
Xavier Mertens
100% JavaScript Phishing Page
2019-06-10/a>
Xavier Mertens
Interesting JavaScript Obfuscation Example
2019-02-21/a>
Xavier Mertens
Simple Powershell Keyloggers are Back
2019-02-07/a>
Xavier Mertens
Phishing Kit with JavaScript Keylogger
2018-07-13/a>
Xavier Mertens
Cryptominer Delivered Though Compromized JavaScript File
2018-06-19/a>
Xavier Mertens
PowerShell: ScriptBlock Logging... Or Not?
2018-06-18/a>
Xavier Mertens
Malicious JavaScript Targeting Mobile Browsers
2018-05-01/a>
Xavier Mertens
Diving into a Simple Maldoc Generator
2017-07-08/a>
Xavier Mertens
A VBScript with Obfuscated Base64 Data
2017-06-22/a>
Xavier Mertens
Obfuscating without XOR
2017-03-24/a>
Xavier Mertens
Nicely Obfuscated JavaScript Sample
2017-03-04/a>
Xavier Mertens
How your pictures may affect your website reputation
2017-02-12/a>
Xavier Mertens
Analysis of a Suspicious Piece of JavaScript
2017-02-02/a>
Rick Wanner
Multiple vulnerabilities discovered in popular printer models
2016-12-13/a>
Xavier Mertens
UAC Bypass in JScript Dropper
2016-08-28/a>
Guy Bruneau
Spam with Obfuscated Javascript
2016-06-18/a>
Rob VandenBrink
Controlling JavaScript Malware Before it Runs
2016-02-20/a>
Didier Stevens
Locky: JavaScript Deobfuscation
2016-02-07/a>
Xavier Mertens
More Malicious JavaScript Obfuscation
2016-01-15/a>
Xavier Mertens
JavaScript Deobfuscation Tool
2015-08-07/a>
Tony Carothers
Critical Firefox Update Today
2015-03-12/a>
Johannes Ullrich
Who got the bad SSL Certificate? Using tshark to analyze the SSL handshake.
2014-08-29/a>
Johannes Ullrich
False Positive or Not? Difficult to Analyze Javascript
2014-08-12/a>
Adrien de Beaupre
Host discovery with nmap
2014-07-02/a>
Johannes Ullrich
Simple Javascript Extortion Scheme Advertised via Bing
2014-01-17/a>
Russ McRee
Massive RFI scans likely a free web app vuln scanner rather than bots
2013-11-04/a>
Manuel Humberto Santander Pelaez
When attackers use your DNS to check for the sites you are visiting
2013-08-07/a>
Johannes Ullrich
Firefox 23 and Mixed Active Content
2013-07-20/a>
Manuel Humberto Santander Pelaez
Do you have rogue Internet gateways in your network? Check it with nmap
2013-07-01/a>
Manuel Humberto Santander Pelaez
Using nmap scripts to enhance vulnerability asessment results
2013-04-23/a>
Russ McRee
Microsoft's Security Intelligence Report (SIRv14) released
2013-02-11/a>
John Bambenek
Is This Chinese Registrar Really Trying to XSS Me?
2013-02-08/a>
Kevin Shortt
Is it Spam or Is it Malware?
2013-02-04/a>
Russ McRee
An expose of a recent SANS GIAC XSS vulnerability
2013-01-30/a>
Richard Porter
Getting Involved with the Local Community
2013-01-25/a>
Johannes Ullrich
Vulnerability Scans via Search Engines (Request for Logs)
2012-08-16/a>
Johannes Ullrich
A Poor Man's DNS Anomaly Detection Script
2012-06-25/a>
Guy Bruneau
Using JSDetox to Analyze and Deobfuscate Javascript
2012-05-22/a>
Johannes Ullrich
nmap 6 released
2012-04-25/a>
Daniel Wesemann
Blacole's obfuscated JavaScript
2012-01-22/a>
Johannes Ullrich
Javascript DDoS Tool Analysis
2012-01-12/a>
Rob VandenBrink
Stuff I Learned Scripting - Fun with STDERR
2012-01-03/a>
Bojan Zdrnja
The tale of obfuscated JavaScript continues
2011-12-07/a>
Lenny Zeltser
V8 as an Alternative to SpiderMonkey for JavaScript Deobfuscation
2011-11-10/a>
Rob VandenBrink
Stuff I Learned Scripting - - Parsing XML in a One-Liner
2011-11-07/a>
Rob VandenBrink
Stuff I Learned Scripting - Evaluating a Remote SSL Certificate
2011-08-24/a>
Rob VandenBrink
Citrix Access Gateway Cross Site Scripting vulnerability and fix ==> http://support.citrix.com/article/CTX129971
2011-06-06/a>
Manuel Humberto Santander Pelaez
Phishing: Same goal, same techniques and people still falling for such scams
2011-04-23/a>
Manuel Humberto Santander Pelaez
Image search can lead to malware download
2011-01-24/a>
Rob VandenBrink
Where have all the COM Ports Gone? - How enumerating COM ports led to me finding a “misplaced” Microsoft tool
2010-12-02/a>
Kevin Johnson
Robert Hansen and our happiness
2010-07-29/a>
Rob VandenBrink
NoScript 2.0 released
2010-07-04/a>
Manuel Humberto Santander Pelaez
Malware inside PDF Files
2010-03-05/a>
Kyle Haugsness
Javascript obfuscators used in the wild
2009-05-04/a>
Tom Liston
Adobe Reader/Acrobat Critical Vulnerability
2009-04-07/a>
Bojan Zdrnja
Advanced JavaScript obfuscation (or why signature scanning is a failure)
2009-04-02/a>
Bojan Zdrnja
JavaScript insertion and log deletion attack tools
2009-02-25/a>
Andre Ludwig
Adobe Acrobat pdf 0-day exploit, No JavaScript needed!
2008-07-14/a>
Daniel Wesemann
Obfuscated JavaScript Redux
2008-06-30/a>
Marcus Sachs
More SQL Injection with Fast Flux hosting
2008-05-20/a>
Raul Siles
List of malicious domains inserted through SQL injection
2008-04-29/a>
Bojan Zdrnja
Scripts in ASF files
2008-04-06/a>
Daniel Wesemann
Advanced obfuscated JavaScript analysis
2008-04-03/a>
Bojan Zdrnja
Mixed (VBScript and JavaScript) obfuscation
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Contact Us
Contact Us
About Us
Handlers
About Us
Slack Channel
Mastodon
Bluesky
X
Subscribe to the daily podcast via
RSS
or
iTunes