Diaries by Keyword - SANS Internet Storm Center

Handler on Duty: Didier Stevens

Threat Level: green

Date	Author	Title
BLUE SCREEN
2010-02-11	Johannes Ullrich	MS10-015 may cause Windows XP to blue screen
BLUE
2023-07-01/a>	Russ McRee	Sandfly Security
2023-05-09/a>	Russ McRee	Exploratory Data Analysis with CISSM Cyber Attacks Database - Part 2
2023-02-07/a>	Yee Ching Tok	A Survey of Bluetooth Vulnerabilities Trends (2023 Edition)
2022-09-19/a>	Russ McRee	Chainsaw: Hunt, search, and extract event log records
2022-07-05/a>	Jan Kopriva	EternalBlue 5 years after WannaCry and NotPetya
2022-06-10/a>	Russ McRee	EPSScall: An Exploit Prediction Scoring System App
2021-12-28/a>	Russ McRee	LotL Classifier tests for shells, exfil, and miners
2021-11-01/a>	Yee Ching Tok	Revisiting BrakTooth: Two Months Later
2021-08-31/a>	Yee Ching Tok	BrakTooth: Impacts, Implications and Next Steps
2021-03-06/a>	Xavier Mertens	Spotting the Red Team on VirusTotal!
2021-03-02/a>	Russ McRee	Adversary Simulation with Sim
2021-01-19/a>	Russ McRee	Gordon for fast cyber reputation checks
2020-11-16/a>	Jan Kopriva	Heartbleed, BlueKeep and other vulnerabilities that didn't disappear just because we don't talk about them anymore
2020-10-23/a>	Russ McRee	Sooty: SOC Analyst's All-in-One Tool
2020-08-12/a>	Russ McRee	To the Brim at the Gates of Mordor Pt. 1
2020-06-30/a>	Russ McRee	ISC Snapshot: SpectX IP Hitcount Query
2020-04-21/a>	Russ McRee	SpectX: Log Parser for DFIR
2020-02-27/a>	Xavier Mertens	Offensive Tools Are For Blue Teams Too
2020-01-21/a>	Russ McRee	DeepBlueCLI: Powershell Threat Hunting
2019-11-10/a>	Jan Kopriva	Did the recent malicious BlueKeep campaign have any positive impact when it comes to patching?
2019-11-08/a>	Xavier Mertens	Microsoft Apps Diverted from Their Main Use
2019-11-05/a>	Rick Wanner	Bluekeep exploitation causing Bluekeep vulnerability scan to fail
2019-10-06/a>	Russ McRee	visNetwork for Network Data
2019-08-21/a>	Russ McRee	KAPE: Kroll Artifact Parser and Extractor
2019-08-05/a>	Rick Wanner	Scanning for Bluekeep vulnerable RDP instances
2019-05-22/a>	Johannes Ullrich	An Update on the Microsoft Windows RDP "Bluekeep" Vulnerability (CVE-2019-0708) [now with pcaps]
2019-04-05/a>	Russ McRee	Beagle: Graph transforms for DFIR data & logs
2019-02-05/a>	Rob VandenBrink	Mitigations against Mimikatz Style Attacks
2018-10-17/a>	Russ McRee	RedHunt Linux - Adversary Emulation, Threat Hunting & Intelligence
2018-06-16/a>	Russ McRee	Anomaly Detection & Threat Hunting with Anomalize
2017-07-01/a>	Rick Wanner	Using nmap to scan for MS17-010 (CVE-2017-0143 EternalBlue)
2010-02-11/a>	Johannes Ullrich	MS10-015 may cause Windows XP to blue screen
SCREEN
2024-11-05/a>	Xavier Mertens	Python RAT with a Nice Screensharing Feature
2023-02-09/a>	Xavier Mertens	A Backdoor with Smart Screenshot Capability
2021-04-02/a>	Xavier Mertens	C2 Activity: Sandboxes or Real Victims?
2018-05-19/a>	Xavier Mertens	Malicious Powershell Targeting UK Bank Customers
2010-11-04/a>	Johannes Ullrich	Microsoft Smart Screen False Positivies
2010-02-11/a>	Johannes Ullrich	MS10-015 may cause Windows XP to blue screen
2010-02-02/a>	Johannes Ullrich	New IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux)
2009-12-02/a>	Rob VandenBrink	Microsoft Black Screen of Death - Fact of Fiction?

BLUE SCREEN

BLUE

SCREEN