Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Diaries by Keyword Diaries by Keyword

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Date Author Title

REPUTATION FILTERING INTRUSION PREVENTION PENETRATION TEST PENTEST

2010-02-22Rob VandenBrinkNew Risks in Penetration Testing

REPUTATION

2017-03-04/a>Xavier MertensHow your pictures may affect your website reputation
2015-06-02/a>Alex StanfordGuest Diary: Xavier Mertens - Playing with IP Reputation with Dshield & OSSEC
2010-02-22/a>Rob VandenBrinkNew Risks in Penetration Testing

FILTERING

2019-09-19/a>Xavier MertensBlacklisting or Whitelisting in the Right Way
2010-02-22/a>Rob VandenBrinkNew Risks in Penetration Testing

INTRUSION

2016-08-29/a>Russ McReeRecommended Reading: Intrusion Detection Using Indicators of Compromise Based on Best Practices and Windows Event Logs
2013-12-16/a>Tom WebbThe case of Minerd
2013-08-19/a>Johannes UllrichRunning Snort on ESXi using the Distributed Switch
2012-09-02/a>Lorna HutchesonDemonstrating the value of your Intrusion Detection Program and Analysts
2010-02-22/a>Rob VandenBrinkNew Risks in Penetration Testing

PREVENTION

2010-09-26/a>Daniel WesemannEgosurfing, the corporate way
2010-02-22/a>Rob VandenBrinkNew Risks in Penetration Testing
2009-04-24/a>John BambenekData Leak Prevention: Proactive Security Requirements of Breach Notification Laws

PENETRATION

2019-04-26/a>Rob VandenBrinkPillaging Passwords from Service Accounts
2016-09-04/a>Russ McReeKali Linux 2016.2 Release: https://www.kali.org/news/kali-linux-20162-release/
2014-08-09/a>Adrien de BeaupreComplete application ownage via Multi-POST XSRF
2011-10-26/a>Rick WannerCritical Control 17:Penetration Tests and Red Team Exercises
2010-08-23/a>Manuel Humberto Santander PelaezFirefox plugins to perform penetration testing activities
2010-08-16/a>Raul SilesBlind Elephant: A New Web Application Fingerprinting Tool
2010-06-06/a>Manuel Humberto Santander PelaezNice OS X exploit tutorial
2010-04-13/a>Adrien de BeaupreWeb App Testing Tools
2010-02-22/a>Rob VandenBrinkNew Risks in Penetration Testing
2009-07-27/a>Raul SilesNew Hacker Challenge: Prison Break - Breaking, Entering & Decoding
2009-04-21/a>Bojan ZdrnjaWeb application vulnerabilities
2008-09-20/a>Rick WannerNew (to me) nmap Features

TEST

2019-11-29/a>Russ McReeISC Snapshot: Search with SauronEye
2019-10-22/a>Bojan ZdrnjaTesting TLSv1.3 and supported ciphers
2019-07-23/a>Bojan ZdrnjaVerifying SSL/TLS configuration (part 1)
2019-04-26/a>Rob VandenBrinkPillaging Passwords from Service Accounts
2018-12-16/a>Guy BruneauRandom Port Scan for Open RDP Backdoor
2018-07-02/a>Guy BruneauHello Peppa! - PHP Scans
2018-01-28/a>Didier StevensIs this a pentest?
2017-09-06/a>Adrien de BeaupreModern Web Application Penetration Testing , Hash Length Extension Attacks
2017-05-13/a>Guy BruneauHas anyone Tested WannaCry Killswitch? - https://blog.didierstevens.com/2017/05/13/quickpost-wcry-killswitch-check-is-not-proxy-aware/
2017-05-05/a>Xavier MertensHTTP Headers... the Achilles' heel of many applications
2016-11-02/a>Rob VandenBrinkWhat Does a Pentest Look Like?
2016-09-28/a>Xavier MertensSNMP Pwn3ge
2016-09-04/a>Russ McReeKali Linux 2016.2 Release: https://www.kali.org/news/kali-linux-20162-release/
2016-01-20/a>Xavier Mertens/tmp, %TEMP%, ~/Desktop, T:\, ... A goldmine for pentesters!
2015-11-09/a>John BambenekICYMI: Widespread Unserialize Vulnerability in Java
2015-10-27/a>Xavier MertensThe "Yes, but..." syndrome
2014-08-12/a>Adrien de BeaupreHost discovery with nmap
2014-08-09/a>Adrien de BeaupreComplete application ownage via Multi-POST XSRF
2014-04-03/a>Bojan ZdrnjaWatching the watchers
2013-08-21/a>Rob VandenBrinkFibre Channel Reconnaissance - Reloaded
2012-03-09/a>Guy BruneauNmap 5.61TEST5 released with 43 new scripts,improved OS & version detection, and more available for download - http://nmap.org/download.html
2011-10-26/a>Rick WannerCritical Control 17:Penetration Tests and Red Team Exercises
2011-08-26/a>Daniel WesemannUser Agent 007
2011-01-24/a>Rob VandenBrinkWhere have all the COM Ports Gone? - How enumerating COM ports led to me finding a “misplaced” Microsoft tool
2010-11-19/a>Jason LamExchanging and sharing of assessment results
2010-08-23/a>Manuel Humberto Santander PelaezFirefox plugins to perform penetration testing activities
2010-08-16/a>Raul SilesBlind Elephant: A New Web Application Fingerprinting Tool
2010-06-06/a>Manuel Humberto Santander PelaezNice OS X exploit tutorial
2010-05-22/a>Rick WannerSANS 2010 Digital Forensics Summit - APT Based Forensic Challenge
2010-04-13/a>Adrien de BeaupreWeb App Testing Tools
2010-02-22/a>Rob VandenBrinkNew Risks in Penetration Testing
2009-11-25/a>Jim ClausingUpdates to my GREM Gold scripts and a new script
2009-07-27/a>Raul SilesNew Hacker Challenge: Prison Break - Breaking, Entering & Decoding
2009-05-31/a>Tony CarothersL0phtcrack is Back!
2009-04-21/a>Bojan ZdrnjaWeb application vulnerabilities
2008-11-17/a>Jim ClausingA new cheat sheet and a contest
2008-09-20/a>Rick WannerNew (to me) nmap Features

PENTEST

2019-11-29/a>Russ McReeISC Snapshot: Search with SauronEye
2018-01-28/a>Didier StevensIs this a pentest?
2017-09-06/a>Adrien de BeaupreModern Web Application Penetration Testing , Hash Length Extension Attacks
2017-05-05/a>Xavier MertensHTTP Headers... the Achilles' heel of many applications
2016-11-02/a>Rob VandenBrinkWhat Does a Pentest Look Like?
2016-09-28/a>Xavier MertensSNMP Pwn3ge
2016-01-20/a>Xavier Mertens/tmp, %TEMP%, ~/Desktop, T:\, ... A goldmine for pentesters!
2015-11-09/a>John BambenekICYMI: Widespread Unserialize Vulnerability in Java
2015-10-27/a>Xavier MertensThe "Yes, but..." syndrome
2014-08-12/a>Adrien de BeaupreHost discovery with nmap
2013-08-21/a>Rob VandenBrinkFibre Channel Reconnaissance - Reloaded
2011-08-26/a>Daniel WesemannUser Agent 007
2010-11-19/a>Jason LamExchanging and sharing of assessment results
2010-06-06/a>Manuel Humberto Santander PelaezNice OS X exploit tutorial
2010-02-22/a>Rob VandenBrinkNew Risks in Penetration Testing
2009-05-31/a>Tony CarothersL0phtcrack is Back!