Diaries by Keyword - SANS Internet Storm Center

Handler on Duty: Didier Stevens

Threat Level: green

Date	Author	Title
SEARCH ENGINE POISONING
2010-02-15	Johannes Ullrich	Various Olympics Related Dangerous Google Searches
SEARCH
2024-03-10/a>	Guy Bruneau	What happens when you accidentally leak your AWS API keys? [Guest Diary]
2024-02-03/a>	Guy Bruneau	DShield Sensor Log Collection with Elasticsearch
2023-07-23/a>	Guy Bruneau	Install & Configure Filebeat on Raspberry Pi ARM64 to Parse DShield Sensor Logs
2023-04-27/a>	Johannes Ullrich	SANS.edu Research Journal: Volume 3
2023-03-16/a>	Xavier Mertens	Simple Shellcode Dissection
2023-01-21/a>	Guy Bruneau	DShield Sensor JSON Log to Elasticsearch
2021-09-11/a>	Guy Bruneau	Shipping to Elasticsearch Microsoft DNS Logs
2021-09-09/a>	Johannes Ullrich	Updates to Our Datafeeds/API
2021-05-08/a>	Guy Bruneau	Who is Probing the Internet for Research Purposes?
2021-02-13/a>	Guy Bruneau	Using Logstash to Parse IPtables Firewall Logs
2020-12-19/a>	Guy Bruneau	Secure Communication using TLS in Elasticsearch
2020-05-29/a>	Johannes Ullrich	The Impact of Researchers on Our Data
2019-11-29/a>	Russ McRee	ISC Snapshot: Search with SauronEye
2018-11-30/a>	Remco Verhoef	CoinMiners searching for hosts
2018-11-14/a>	Brad Duncan	Day in the life of a researcher: Finding a wave of Trickbot malspam
2017-05-18/a>	Xavier Mertens	My Little CVE Bot
2015-11-22/a>	Guy Bruneau	OpenDNS Research Used to Predict Threat
2015-11-04/a>	Johannes Ullrich	Internet Wide Scanners Wanted
2015-08-16/a>	Guy Bruneau	Are you a "Hunter"?
2015-07-21/a>	Didier Stevens	Searching Through the VirusTotal Database
2010-02-15/a>	Johannes Ullrich	Various Olympics Related Dangerous Google Searches
2010-01-08/a>	Rob VandenBrink	Microsoft OfficeOnline, Searching for Trust and Malware
ENGINE
2019-11-23/a>	Guy Bruneau	Local Malware Analysis with Malice
2017-08-18/a>	Renato Marinho	EngineBox Malware Supports 10+ Brazilian Banks
2017-07-16/a>	Renato Marinho	SMS Phishing induces victims to photograph its own token card
2015-11-21/a>	Didier Stevens	Maldoc Social Engineering Trick
2014-08-20/a>	Kevin Shortt	Social Engineering Alive and Well
2013-07-08/a>	Richard Porter	Why do we Click?
2012-09-14/a>	Lenny Zeltser	Analyzing Malicious RTF Files Using OfficeMalScanner's RTFScan
2012-06-04/a>	Lenny Zeltser	Decoding Common XOR Obfuscation in Malicious Code
2011-05-10/a>	Swa Frantzen	Changing MO in scamming our users ?
2010-12-29/a>	Daniel Wesemann	Beware of strange web sites bearing gifts ...
2010-11-18/a>	Chris Carboni	Stopping the ZeroAccess Rootkit
2010-06-14/a>	Manuel Humberto Santander Pelaez	New way of social engineering on IRC
2010-05-02/a>	Mari Nichols	Zbot Social Engineering
2010-04-29/a>	Bojan Zdrnja	Who needs exploits when you have social engineering?
2010-04-13/a>	Johannes Ullrich	More Legal Threat Malware E-Mail
2010-02-15/a>	Johannes Ullrich	Various Olympics Related Dangerous Google Searches
2009-06-01/a>	G. N. White	Yet another "Digital Certificate" malware campaign
2009-04-24/a>	Pedro Bueno	Did you check your conference goodies?
2009-01-18/a>	Maarten Van Horenbeeck	Targeted social engineering
POISONING
2013-10-21/a>	Johannes Ullrich	New tricks that may bring DNS spoofing back or: "Why you should enable DNSSEC even if it is a pain to do"
2010-02-15/a>	Johannes Ullrich	Various Olympics Related Dangerous Google Searches
2009-11-24/a>	John Bambenek	BIND Security Advisory (DNSSEC only)
2009-01-07/a>	William Salusky	BIND 9.x security patch - resolves potentially new DNS poisoning vector

SEARCH ENGINE POISONING

SEARCH

ENGINE

POISONING