Diaries by Keyword - SANS Internet Storm Center

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Handler on Duty: Didier Stevens

Threat Level: green

Date	Author	Title
2022-09-25	Didier Stevens	Downloading Samples From Takendown Domains
2021-08-15	Didier Stevens	Simple Tips For Triage Of MALWARE Bazaar's Daily Malware Batches
2021-08-07	Didier Stevens	MALWARE Bazaar "Download daily malware batches"
2021-07-21	Johannes Ullrich	"Summer of SAM": Microsoft Releases Guidance for CVE-2021-36934
2021-07-20	Bojan Zdrnja	Summer of SAM - incorrect permissions on Windows 10/11 hives
2021-05-21	Xavier Mertens	Locking Kernel32.dll As Anti-Debugging Technique
2020-05-06	Xavier Mertens	Keeping an Eye on Malicious Files Life Time
2019-07-10	Rob VandenBrink	Samba Project tells us "What's New" - SMBv1 Disabled by Default (finally)
2017-08-01	Rob VandenBrink	Rooting Out Hosts that Support Older Samba Versions
2017-05-25	Xavier Mertens	Critical Vulnerability in Samba from 3.5.0 onwards
2017-03-18	Xavier Mertens	Example of Multiple Stages Dropper
2017-02-05	Xavier Mertens	Many Malware Samples Found on Pastebin
2016-04-10	Didier Stevens	Handling Malware Samples
2016-03-06	Jim Clausing	Novel method for slowing down Locky on Samba server using fail2ban
2014-10-09	Johannes Ullrich	CSAM: My servers started speaking IRC, and that is when I started to listen!
2014-10-06	Johannes Ullrich	CSAM: Patch and get pw0ned (not OR).
2014-10-03	Johannes Ullrich	CSAM: The Power of Virustotal to Turn Harmless Binaries Malicious
2014-10-02	Johannes Ullrich	CSAM: My Storage Array SSHs Outbound!
2014-09-22	Johannes Ullrich	Cyber Security Awareness Month: What's your favorite/most scary false positive
2014-08-02	Chris Mohan	All Samba 4.x.x are vulnerable to a remote code execution vulnerability in the nmbd NetBIOS name services daemon
2013-10-18	Rob VandenBrink	CSAM - Why am I seeing DNS Requests to IANA.ORG in my Firewall Logs?
2013-10-15	Rob VandenBrink	CSAM: Microsoft Logs - NPS and IAS (RADIUS)
2013-10-10	Mark Hofman	CSAM Some more unusual scans
2013-10-09	Johannes Ullrich	CSAM: SSL Request Logs
2013-10-08	Johannes Ullrich	CSAM: ANY queries used in reflective DoS attack
2013-10-02	Johannes Ullrich	CSAM: Misc. DNS Logs
2012-10-30	Mark Hofman	Cyber Security Awareness Month - Day 30 - DSD 35 mitigating controls
2012-10-23	Rob VandenBrink	Cyber Security Awareness Month - Day 23: Character Encoding Standards - ASCII and Successors
2012-10-11	Rob VandenBrink	Cyber Security Awareness Month - Day 11 - Vendor Agnostic Standards (Center for Internet Security)
2012-10-09	Johannes Ullrich	Cyber Security Awreness Month - Day 9 - Request for Comment (RFC)
2012-10-06	Manuel Humberto Santander Pelaez	Cyber Security Awareness Month - Day 6 - NERC: The standard that enforces security on power SCADA
2012-10-04	Johannes Ullrich	Cyber Security Awareness Month - Day 4: Crypto Standards
2012-10-03	Kevin Shortt	Cyber Security Awareness Month - Day 3 - Standard Sudo - Part One
2012-09-21	Guy Bruneau	Storing your Collection of Malware Samples with Malwarehouse
2012-04-10	Swa Frantzen	SAMBA "root" credential remote code execution.
2012-02-24	Guy Bruneau	BlackBerry PlayBook tablet Samba file sharing Vulnerability - http://www.blackberry.com/btsc/KB29565
2011-11-15	Adrien de Beaupre	www.disa.mil down?
2011-10-26	Rick Wanner	Critical Control 17:Penetration Tests and Red Team Exercises
2011-08-10	Guy Bruneau	Samba 3.6.0 Released
2010-12-30	Rick Wanner	SamuraiWTF Review over at ISSA Toolsmith
2010-10-31	Marcus Sachs	Cyber Security Awareness Month - Day 31 - Tying it all together
2010-10-28	Rick Wanner	Cyber Security Awareness Month - Day 27 - Social Media use in the office
2010-10-28	Tony Carothers	Cyber Security Awareness Month - Day 28 - Role of the employee
2010-10-26	Pedro Bueno	Cyber Security Awareness Month - Day 26 - Sharing Office Files
2010-10-24	Swa Frantzen	Cyber Security Awarenes Month - Day 24 - Using work computers at home
2010-10-23	Mark Hofman	Cyber Security Awareness Month - Day 23 - The Importance of compliance
2010-10-22	Daniel Wesemann	Cyber Security Awareness Month - Day 22 - Security of removable media
2010-10-21	Chris Carboni	Cyber Security Awareness Month - Day 21 - Impossible Requests from the Boss
2010-10-20	Jim Clausing	Cyber Security Awareness Month - Day 20 - Securing Mobile Devices
2010-10-19	Rob VandenBrink	Cyber Security Awareness Month - Day 19 - VPN and Remote Access Tools
2010-10-19	Rob VandenBrink	Cyber Security Awareness Month - Day 19 - Remote Access Tools
2010-10-19	Rob VandenBrink	Cyber Security Awareness Month - Day 19 - Remote User VPN Tunnels - to Split or not to Split?
2010-10-19	Rob VandenBrink	Cyber Security Awareness Month - Day 19 - VPN Architectures – SSL or IPSec?
2010-10-19	Rob VandenBrink	Cyber Security Awareness Month - Day 19 - Remote User VPN Access – Are things getting too easy, or too hard?
2010-10-18	Manuel Humberto Santander Pelaez	Cyber Security Awareness Month - Day 18 - What you should tell your boss when there's a crisis
2010-10-17	Stephen Hall	Cyber Security Awareness Month - Day 17 - What a boss should and should not have access to
2010-10-13	Deborah Hale	Cyber Security Awareness Month - Day 13 - Online Bullying
2010-10-12	Scott Fendley	Cyber Security Awareness Month - Day 12 - Protecting and Managing Your Digital Identity On Social Media Sites
2010-10-11	Rick Wanner	Cyber Security Awareness Month - Day 11 - Safe Browsing for Teens
2010-10-09	Kevin Shortt	Cyber Security Awareness Month - Day 9 - Disposal of an Old Computer
2010-10-08	Rick Wanner	Cyber Security Awareness Month - Day 8 - Patch Management and System Updates
2010-10-06	Rob VandenBrink	Cyber Security Awareness Month - Day 7 - Remote Access and Monitoring Tools
2010-10-06	Marcus Sachs	Cyber Security Awareness Month - Day 6 - Computer Monitoring Tools
2010-10-05	Rick Wanner	Cyber Security Awareness Month - Day 5 - Sites you should stay away from
2010-10-04	Daniel Wesemann	Cyber Security Awareness Month - Day 4 - Managing EMail
2010-10-03	Adrien de Beaupre	Cyber Security Awareness Month - Day 3 - Recognizing phishing and online scams
2010-10-02	Mark Hofman	Cyber Security Awareness Month - Day 2 - Securing the Family Network
2010-10-01	Marcus Sachs	Cyber Security Awareness Month - Day 1 - Securing the Family PC
2010-03-08	Raul Siles	Samurai WTF 0.8
2009-10-31	Rick Wanner	Cyber Security Awareness Month - Day 31, ident
2009-10-30	Rob VandenBrink	Cyber Security Awareness Month - Day 30 - The "Common" IPSEC VPN Protocols - IKE / ISAKMP (500/udp), ESP (IP Protocol 50), NAT-T-IKE (500/udp, 4500/udp), PPTP (tcp/1723), GRE (IP Protocol 47)
2009-10-28	Johannes Ullrich	Cyber Security Awareness Month - Day 28 - ntp (123/udp)
2009-10-25	Lorna Hutcheson	Cyber Security Awareness Month - Day 25 - Port 80 and 443
2009-10-22	Adrien de Beaupre	Cyber Security Awareness Month - Day 22 port 502 TCP - Modbus
2009-10-17	Rick Wanner	Cyber Security Awareness Month - Day 17 - Port 22/SSH
2009-10-04	Guy Bruneau	Samba Security Information Disclosure and DoS
2009-03-10	Swa Frantzen	Browser plug-ins, transparent proxies and same origin policies