Internet Storm Center
Sign In
Sign Up
Handler on Duty:
Didier Stevens
Threat Level:
green
Date
Author
Title
2024-10-17
Guy Bruneau
Scanning Activity from Subnet 15.184.0.0/16
2024-09-11
Guy Bruneau
Hygiene, Hygiene, Hygiene! [Guest Diary]
2024-08-30
Jesse La Grew
Simulating Traffic With Scapy
2024-08-29
Xavier Mertens
Live Patching DLLs with Python
2024-05-15
Rob VandenBrink
Got MFA? If not, Now is the Time!
2024-02-03
Guy Bruneau
DShield Sensor Log Collection with Elasticsearch
2023-01-04
Rob VandenBrink
Update to RTRBK - Diff and File Dates in PowerShell
2023-01-02
Xavier Mertens
NetworkMiner 2.8 Released
2022-10-27
Tom Webb
Supersizing your DUO and 365 Integration
2022-05-30
Xavier Mertens
New Microsoft Office Attack Vector via "ms-msdt" Protocol Scheme (CVE-2022-30190)
2022-04-17
Didier Stevens
Video: Office Protects You From Malicious ISO Files
2022-04-16
Didier Stevens
Office Protects You From Malicious ISO Files
2022-01-25
Brad Duncan
Emotet Stops Using 0.0.0.0 in Spambot Traffic
2021-12-19
Didier Stevens
Office 2021: VBA Project Version
2021-11-28
Didier Stevens
Video: YARA Rules for Office Maldocs
2021-11-23
Didier Stevens
YARA Rule for OOXML Maldocs: Less False Positives
2021-11-07
Didier Stevens
Video: Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory
2021-11-06
Didier Stevens
Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory
2021-10-25
Didier Stevens
Decrypting Cobalt Strike Traffic With a "Leaked" Private Key
2021-09-08
Johannes Ullrich
Microsoft Offers Workaround for 0-Day Office Vulnerability (CVE-2021-40444)
2021-06-23
Johannes Ullrich
Standing With Security Researchers Against Misuse of the DMCA
2021-04-10
Guy Bruneau
Building an IDS Sensor with Suricata & Zeek with Logs to ELK
2021-02-15
Johannes Ullrich
Securing and Optimizing Networks: Using pfSense Traffic Shaper Limiters to Combat Bufferbloat
2020-12-12
Didier Stevens
Office 95 Excel 4 Macros
2020-12-03
Brad Duncan
Traffic Analysis Quiz: Mr Natural
2020-11-11
Brad Duncan
Traffic Analysis Quiz: DESKTOP-FX23IK5
2020-11-08
Didier Stevens
Quick Tip: Extracting all VBA Code from a Maldoc
2020-09-23
Xavier Mertens
Malicious Word Document with Dynamic Content
2020-08-20
Rob VandenBrink
Office 365 Mail Forwarding Rules (and other Mail Rules too)
2020-05-31
Guy Bruneau
Windows 10 Built-in Packet Sniffer - PktMon
2020-04-16
Johannes Ullrich
Using AppLocker to Prevent Living off the Land Attacks
2020-02-21
Xavier Mertens
Quick Analysis of an Encrypted Compound Document Format
2019-12-28
Didier Stevens
Corrupt Office Documents
2019-12-09
Didier Stevens
(Lazy) Sunday Maldoc Analysis
2019-07-16
Russ McRee
Commando VM: The Complete Mandiant Offensive VM
2019-04-07
Guy Bruneau
Fake Office 365 Payment Information Update
2019-04-01
Didier Stevens
Analysis of PDFs Created with OpenOffice/LibreOffice
2018-12-13
Xavier Mertens
Phishing Attack Through Non-Delivery Notification
2018-11-18
Guy Bruneau
Multipurpose PCAP Analysis Tool
2018-10-10
Xavier Mertens
New Campaign Using Old Equation Editor Vulnerability
2018-09-04
Rob VandenBrink
Let's Trade: You Read My Email, I'll Read Your Password!
2018-06-27
Renato Marinho
Silently Profiling Unknown Malware Samples
2018-05-25
Xavier Mertens
Antivirus Evasion? Easy as 1,2,3
2018-05-01
Xavier Mertens
Diving into a Simple Maldoc Generator
2017-12-16
Xavier Mertens
Microsoft Office VBA Macro Obfuscation via Metadata
2017-11-15
Xavier Mertens
If you want something done right, do it yourself!
2017-05-24
Brad Duncan
Jaff ransomware gets a makeover
2017-04-28
Xavier Mertens
Another Day, Another Obfuscation Technique
2017-02-24
Rick Wanner
Cloudflare data leak...what does it mean to me?
2017-01-31
Johannes Ullrich
Malicious Office files using fileless UAC bypass to drop KEYBASE malware
2016-09-30
Xavier Mertens
Another Day, Another Malicious Behaviour
2016-07-19
Didier Stevens
Office Maldoc: Let's Focus on the VBA Macros Later...
2016-06-09
Xavier Mertens
Offensive or Defensive Security? Both!
2016-05-14
Guy Bruneau
INetSim as a Basic Honeypot
2016-01-24
Didier Stevens
Obfuscated MIME Files
2015-12-15
Russ McRee
Security Management vs Chaos: Understanding the Butterfly Effect to Manage Outcomes & Reduce Chaos
2015-05-03
Russ McRee
VolDiff, for memory image differential analysis
2015-03-16
Johannes Ullrich
Automatically Documenting Network Connections From New Devices Connected to Home Networks
2015-02-20
Tom Webb
Fast analysis of a Tax Scam
2015-02-19
Daniel Wesemann
Macros? Really?!
2014-07-10
Rob VandenBrink
Certificate Errors in Office 365 Today
2014-06-22
Russ McRee
OfficeMalScanner helps identify the source of a compromise
2013-12-02
Richard Porter
Reports of higher than normal SSH Attacks
2013-11-05
Daniel Wesemann
TIFF images in MS-Office documents used in targeted attacks
2013-10-02
John Bambenek
Obamacare related domain registration spike, Government shutdown domain registration beginning
2013-06-05
Richard Porter
Wireshark 1.10.0 Stable Released http://www.wireshark.org/download.html
2013-05-07
Jim Clausing
NGINX updates address buffer overflow (CVE-2013-2028) see http://nginx.org/en/CHANGES-1.4
2013-03-09
Guy Bruneau
IPv6 Focus Month: IPv6 Encapsulation - Protocol 41
2013-02-03
Lorna Hutcheson
Is it Really an Attack?
2013-01-18
Russ McRee
Sourcefire VRT rules update addresses remote stack buffer overflow in rule 3:20275
2012-12-02
Guy Bruneau
Zero Day MySQL Buffer Overflow
2012-09-14
Lenny Zeltser
Analyzing Malicious RTF Files Using OfficeMalScanner's RTFScan
2012-08-30
Bojan Zdrnja
Analyzing outgoing network traffic (part 2)
2012-08-23
Bojan Zdrnja
Analyzing outgoing network traffic
2012-06-04
Lenny Zeltser
Decoding Common XOR Obfuscation in Malicious Code
2011-11-10
Rob VandenBrink
Stuff I Learned Scripting - - Parsing XML in a One-Liner
2011-11-08
Swa Frantzen
Firefox 8.0 released
2011-10-01
Mark Hofman
Hot on the heels fo FF, Thunderbird v 7.0.1 and SeaMonkey v 2.4.1 have been updated.
2011-01-28
Guy Bruneau
OpenOffice Security Fixes
2011-01-15
Jim Clausing
What's up with port 8881?
2010-10-26
Pedro Bueno
Cyber Security Awareness Month - Day 26 - Sharing Office Files
2010-06-06
Manuel Humberto Santander Pelaez
Nice OS X exploit tutorial
2010-06-05
Guy Bruneau
OpenOffice.org 3.2.1 Fixes Bugs and Vulnerabilities
2010-05-19
Jason Lam
EFF paper about browser tracking
2010-02-22
Rob VandenBrink
Multiple Security Updates for OpenOffice ==> http://www.openoffice.org/security/bulletin.html
2010-02-17
Rob VandenBrink
Multiple Security Updates for ESX 3.x and ESXi 3.x
2010-01-08
Rob VandenBrink
Microsoft OfficeOnline, Searching for Trust and Malware
2009-12-24
Guy Bruneau
F5 BIG-IP ASM and PSM Remote Buffer Overflow
2009-07-16
Bojan Zdrnja
OWC exploits used in SQL injection attacks
2009-07-13
Adrien de Beaupre
Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution
2009-01-21
Raul Siles
Traffic increase for port UDP/8247
2008-11-17
Marcus Sachs
New Tool: NetWitness Investigator
2008-06-10
Swa Frantzen
Linux ASN.1 BER kernel buffer overflow
2008-04-16
William Stearns
Passer, a aassive machine and service sniffer
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Contact Us
Contact Us
About Us
Handlers
About Us
Slack Channel
Mastodon
Bluesky
X
Subscribe to the daily podcast via
RSS
or
iTunes