Diaries by Keyword - SANS Internet Storm Center

Handler on Duty: Xavier Mertens

Threat Level: green

Date	Author	Title
INCIDENT REPORT
2026-02-17	Xavier Mertens	Fake Incident Report Used in Phishing Campaign
INCIDENT
2026-02-17/a>	Xavier Mertens	Fake Incident Report Used in Phishing Campaign
2023-10-03/a>	Tom Webb	Are Local LLMs Useful in Incident Response?
2023-05-24/a>	Tom Webb	IR Case/Alert Management
2023-01-26/a>	Tom Webb	Live Linux IR with UAC
2022-06-02/a>	Johannes Ullrich	Quick Answers in Incident Response: RECmd.exe
2021-12-06/a>	Xavier Mertens	The Importance of Out-of-Band Networks
2020-09-17/a>	Xavier Mertens	Suspicious Endpoint Containment with OSSEC
2019-08-25/a>	Guy Bruneau	Are there any Advantages of Buying Cyber Security Insurance?
2017-12-05/a>	Tom Webb	IR using the Hive Project.
2017-09-17/a>	Guy Bruneau	rockNSM as a Incident Response Package
2017-06-17/a>	Guy Bruneau	Mapping Use Cases to Logs. Which Logs are the Most Important to Collect?
2016-08-24/a>	Tom Webb	Stay on Track During IR
2015-12-04/a>	Tom Webb	Automating Phishing Analysis using BRO
2015-04-27/a>	Richard Porter	When Prevention Fails, Incident Response Begins
2015-03-07/a>	Guy Bruneau	Should it be Mandatory to have an Independent Security Audit after a Breach?
2014-12-24/a>	Rick Wanner	Incident Response at Sony
2014-09-12/a>	Chris Mohan	Are credential dumps worth reviewing?
2014-08-16/a>	Lenny Zeltser	Web Server Attack Investigation - Installing a Bot and Reverse Shell via a PHP Vulnerability
2014-08-10/a>	Basil Alawi S.Taher	Incident Response with Triage-ir
2014-04-04/a>	Rob VandenBrink	Dealing with Disaster - A Short Malware Incident Response
2014-03-22/a>	Guy Bruneau	How the Compromise of a User Account Lead to a Spam Incident
2014-01-23/a>	Chris Mohan	Learning from the breaches that happens to others Part 2
2014-01-22/a>	Chris Mohan	Learning from the breaches that happens to others
2013-05-08/a>	Chris Mohan	Syria drops from Internet 7th May 2013
2013-03-02/a>	Scott Fendley	Evernote Security Issue
2012-12-13/a>	Johannes Ullrich	What if Tomorrow Was the Day?
2012-11-16/a>	Manuel Humberto Santander Pelaez	Information Security Incidents are now a concern for colombian government
2012-04-23/a>	Russ McRee	Emergency Operations Centers & Security Incident Management: A Correlation
2011-10-29/a>	Richard Porter	The Sub Critical Control? Evidence Collection
2011-10-28/a>	Russ McRee	Critical Control 19: Data Recovery Capability
2011-10-27/a>	Mark Baggett	Critical Control 18: Incident Response Capabilities
2011-09-13/a>	Swa Frantzen	GlobalSign back in operation
2011-07-25/a>	Chris Mohan	Monday morning incident handler practice
2011-07-09/a>	Chris Mohan	Safer Windows Incident Response
2011-06-03/a>	Guy Bruneau	SonyPictures Site Compromised
2011-04-25/a>	Rob VandenBrink	Sony PlayStation Network Outage - Day 5
2011-03-25/a>	Kevin Liston	APT Tabletop Exercise
2011-03-22/a>	Chris Mohan	Read only USB stick trick
2010-10-18/a>	Manuel Humberto Santander Pelaez	Cyber Security Awareness Month - Day 18 - What you should tell your boss when there's a crisis
2010-09-04/a>	Kevin Liston	Investigating Malicious Website Reports
2010-08-04/a>	Tom Liston	Incident Reporting - Liston's "How-To" Guide
2010-03-21/a>	Chris Carboni	Responding To The Unexpected
2010-01-22/a>	Mari Nichols	Pass-down for a Successful Incident Response
2009-06-11/a>	Rick Wanner	MIR-ROR Motile Incident Response - Respond Objectively Remediate
2009-05-01/a>	Adrien de Beaupre	Incident Management
2009-04-16/a>	Adrien de Beaupre	Incident Response vs. Incident Handling
2008-10-29/a>	Deborah Hale	Day 29 - Should I Switch Software Vendors?
REPORT
2026-02-17/a>	Xavier Mertens	Fake Incident Report Used in Phishing Campaign
2025-08-04/a>	Johannes Ullrich	New Feature: Daily Trends Report
2025-04-06/a>	Johannes Ullrich	New SSH Username Report
2025-01-23/a>	Johannes Ullrich	XSS Attempts via E-Mail
2017-09-22/a>	Russell Eubanks	What is the State of Your Union?
2016-04-25/a>	Guy Bruneau	Highlights from the 2016 HPE Annual Cyber Threat Report
2015-04-08/a>	Tom Webb	Is it a breach or not?
2014-05-23/a>	Richard Porter	Highlights from Cisco Live 2014 - The Internet of Everything
2014-01-22/a>	Chris Mohan	Learning from the breaches that happens to others
2014-01-11/a>	Guy Bruneau	tcpflow 1.4.4 and some of its most Interesting Features
2013-10-30/a>	Russ McRee	SIR v15: Five good reasons to leave Windows XP behind
2013-01-08/a>	Richard Porter	Yahoo Web Interface Report: Compose and Send
2011-10-25/a>	Chris Mohan	Recurring reporting made easy?
2011-06-21/a>	Chris Mohan	Australian government security audit report shows tough love to agencies
2011-04-20/a>	Daniel Wesemann	Data Breach Investigations Report published by Verizon
2011-01-25/a>	Chris Mohan	Reviewing our preconceptions
2011-01-08/a>	Guy Bruneau	PandaLabs 2010 Annual Report
2010-08-16/a>	Raul Siles	The Seven Deadly Sins of Security Vulnerability Reporting
2010-07-29/a>	Rob VandenBrink	The 2010 Verizon Data Breach Report is Out
2009-04-15/a>	Marcus Sachs	2009 Data Breach Investigation Report
2008-12-16/a>	donald smith	Cisco's Annual Security report has been released.
2008-08-02/a>	Maarten Van Horenbeeck	A little of that human touch
2008-04-10/a>	Deborah Hale	DSLReports Being Attacked Again
2008-04-08/a>	Swa Frantzen	Symantec's Global Internet Security Threat Report

INCIDENT REPORT

INCIDENT

REPORT