Diaries by Keyword - SANS Internet Storm Center

Handler on Duty: Didier Stevens

Threat Level: green

Date	Author	Title
WINDOWS VISTA
2012-04-10	Swa Frantzen	Windows Vista RIP
2009-07-16	Guy Bruneau	Changes in Windows Security Center
WINDOWS
2023-06-29/a>	Brad Duncan	GuLoader- or DBatLoader/ModiLoader-style infection for Remcos RAT
2023-03-22/a>	Didier Stevens	Windows 11 Snipping Tool Privacy Bug: Inspecting PNG Files
2023-02-19/a>	Didier Stevens	"Unsupported 16-bit Application" or HTML?
2023-02-09/a>	Xavier Mertens	A Backdoor with Smart Screenshot Capability
2022-11-05/a>	Guy Bruneau	Windows Malware with VHD Extension
2022-06-26/a>	Didier Stevens	My Paste Command
2022-06-24/a>	Xavier Mertens	Python (ab)using The Windows GUI
2022-04-28/a>	Johannes Ullrich	A Day of SMB: What does our SMB/RPC Honeypot see? CVE-2022-26809
2022-04-14/a>	Johannes Ullrich	An Update on CVE-2022-26809 - MSRPC Vulnerabliity - PATCH NOW
2022-04-06/a>	Brad Duncan	Windows MetaStealer Malware
2022-02-25/a>	Didier Stevens	Windows, Fixed IPv4 Addresses and APIPA
2021-10-14/a>	Xavier Mertens	Port-Forwarding with Windows for the Win
2021-07-21/a>	Johannes Ullrich	"Summer of SAM": Microsoft Releases Guidance for CVE-2021-36934
2021-07-19/a>	Rick Wanner	New Windows Print Spooler Vulnerability - CVE-2021-34481
2021-05-02/a>	Didier Stevens	PuTTY And FileZilla Use The Same Fingerprint Registry Keys
2020-09-30/a>	Johannes Ullrich	Scans for FPURL.xml: Reconnaissance or Not?
2020-09-02/a>	Xavier Mertens	Python and Risky Windows API Calls
2020-09-01/a>	Johannes Ullrich	Exposed Windows Domain Controllers Used in CLDAP DDoS Attacks
2020-08-25/a>	Xavier Mertens	Keep An Eye on LOLBins
2020-06-24/a>	Jan Kopriva	Using Shell Links as zero-touch downloaders and to initiate network connections
2020-03-30/a>	Jan Kopriva	Crashing explorer.exe with(out) a click
2020-03-23/a>	Didier Stevens	Windows Zeroday Actively Exploited: Type 1 Font Parsing Remote Code Execution Vulnerability
2020-03-16/a>	Jan Kopriva	Desktop.ini as a post-exploitation tool
2020-02-18/a>	Jan Kopriva	Discovering contents of folders in Windows without permissions
2020-02-17/a>	Didier Stevens	curl and SSPI
2020-02-15/a>	Didier Stevens	bsdtar on Windows 10
2020-01-09/a>	Kevin Shortt	Windows 7 - End of Life
2019-06-27/a>	Rob VandenBrink	Finding the Gold in a Pile of Pennies - Long Tail Analysis in PowerShell
2019-06-06/a>	Xavier Mertens	Keep an Eye on Your WMI Logs
2019-05-22/a>	Johannes Ullrich	An Update on the Microsoft Windows RDP "Bluekeep" Vulnerability (CVE-2019-0708) [now with pcaps]
2019-03-05/a>	Rob VandenBrink	Powershell, Active Directory and the Windows Host Firewall
2019-01-14/a>	Rob VandenBrink	Still Running Windows 7? Time to think about that upgrade project!
2018-12-19/a>	Xavier Mertens	Restricting PowerShell Capabilities with NetSh
2018-12-19/a>	Xavier Mertens	Microsoft OOB Patch for Internet Explorer: Scripting Engine Memory Corruption Vulnerability
2018-06-05/a>	Xavier Mertens	Malicious Post-Exploitation Batch File
2018-05-07/a>	Xavier Mertens	Adding Persistence Via Scheduled Tasks
2018-05-02/a>	Russ McRee	Windows Commands Reference - An InfoSec Must Have
2017-11-15/a>	Xavier Mertens	If you want something done right, do it yourself!
2017-11-11/a>	Xavier Mertens	Keep An Eye on your Root Certificates
2017-01-18/a>	Rob VandenBrink	Making Windows 10 a bit less "Creepy" - Common Privacy Settings
2017-01-12/a>	Mark Baggett	System Resource Utilization Monitor
2016-11-18/a>	Didier Stevens	VBA Shellcode and Windows 10
2016-08-29/a>	Russ McRee	Recommended Reading: Intrusion Detection Using Indicators of Compromise Based on Best Practices and Windows Event Logs
2016-08-02/a>	Tom Webb	Windows 10 Anniversary Update Available
2016-07-12/a>	Xavier Mertens	Hunting for Malicious Files with MISP + OSSEC
2016-05-22/a>	Pasquale Stirparo	The strange case of WinZip MRU Registry key
2016-05-18/a>	Russ McRee	Resources: Windows Auditing & Monitoring, Linux 2FA
2016-04-15/a>	Xavier Mertens	Windows Command Line Persistence?
2016-03-30/a>	Xavier Mertens	What to watch with your FIM?
2016-02-18/a>	Xavier Mertens	Hunting for Executable Code in Windows Environments
2016-01-31/a>	Guy Bruneau	Windows 10 and System Protection for DATA Default is OFF
2015-12-09/a>	Xavier Mertens	Enforcing USB Storage Policy with PowerShell
2015-08-12/a>	Rob VandenBrink	Windows Service Accounts - Why They're Evil and Why Pentesters Love them!
2014-08-15/a>	Tom Webb	AppLocker Event Logs with OSSEC 2.8
2014-07-05/a>	Guy Bruneau	Java Support ends for Windows XP
2014-04-06/a>	Basil Alawi S.Taher	"Power Worm" PowerShell based Malware
2014-04-04/a>	Rob VandenBrink	Windows 8.1 Released
2014-03-24/a>	Johannes Ullrich	New Microsoft Advisory: Unpatched Word Flaw used in Targeted Attacks
2014-03-04/a>	Daniel Wesemann	XPired!
2014-01-10/a>	Basil Alawi S.Taher	Windows Autorun-3
2014-01-04/a>	Tom Webb	Monitoring Windows Networks Using Syslog (Part One)
2013-10-30/a>	Russ McRee	SIR v15: Five good reasons to leave Windows XP behind
2013-03-19/a>	Johannes Ullrich	Windows 7 SP1 and Windows Server 2008 R2 SP1 Being "pushed" today
2013-02-28/a>	Daniel Wesemann	Parsing Windows Eventlogs in Powershell
2012-10-24/a>	Rob VandenBrink	Time to run Windows Update - - Microsoft Updates KB2755801 for Windows RT / IE10 / Flash Player - http://technet.microsoft.com/en-us/security/advisory/2755801
2012-07-19/a>	Mark Baggett	Diagnosing Malware with Resource Monitor
2012-06-25/a>	Guy Bruneau	Issues with Windows Update Agent
2012-05-08/a>	Bojan Zdrnja	Windows Firewall Bypass Vulnerability and NetBIOS NS
2012-05-06/a>	Jim Clausing	Tool updates and Win 8
2012-04-10/a>	Swa Frantzen	Windows Vista RIP
2011-12-21/a>	Johannes Ullrich	New Vulnerability in Windows 7 64 bit
2011-07-09/a>	Chris Mohan	Safer Windows Incident Response
2011-06-30/a>	Rob VandenBrink	Update for RSA Authentication Manager
2011-06-01/a>	Johannes Ullrich	Enabling Privacy Enhanced Addresses for IPv6
2011-03-27/a>	Guy Bruneau	Strange Shockwave File with Surprising Attachments
2011-03-15/a>	Lenny Zeltser	Limiting Exploit Capabilities by Using Windows Integrity Levels
2011-02-24/a>	Johannes Ullrich	Windows 7 / 2008 R2 Service Pack 1 Problems
2011-02-23/a>	Johannes Ullrich	Windows 7 Service Pack 1 out
2011-02-16/a>	Jason Lam	Windows 0-day SMB mrxsmb.dll vulnerability
2011-02-10/a>	Chris Mohan	Befriending Windows Security Log Events
2011-01-24/a>	Rob VandenBrink	Where have all the COM Ports Gone? - How enumerating COM ports led to me finding a “misplaced” Microsoft tool
2011-01-04/a>	Johannes Ullrich	Microsoft Advisory: Vulnerability in Graphics Rendering Engine
2010-11-24/a>	Bojan Zdrnja	Privilege escalation 0-day in almost all Windows versions
2010-08-02/a>	Manuel Humberto Santander Pelaez	Securing Windows Internet Kiosk
2010-06-15/a>	Manuel Humberto Santander Pelaez	Microsoft Windows Help and Support Center vulnerability (CVE 2010-1885) exploit in the wild
2010-02-11/a>	Deborah Hale	The Mysterious Blue Screen
2009-11-14/a>	Adrien de Beaupre	Microsoft advisory for Windows 7 / Windows Server 2008 R2 Remote SMB DoS Exploit released
2009-11-12/a>	Rob VandenBrink	Windows 7 / Windows Server 2008 Remote SMB Exploit
2009-10-24/a>	Marcus Sachs	Windows 7 - How is it doing?
2009-09-08/a>	Guy Bruneau	Vista/2008/Windows 7 SMB2 BSOD 0Day
2009-08-26/a>	Johannes Ullrich	WSUS 3.0 SP2 released
2009-07-16/a>	Guy Bruneau	Changes in Windows Security Center
2009-07-02/a>	Daniel Wesemann	Time to update updating on PCs for 3rd party apps
2009-04-16/a>	Adrien de Beaupre	Strange Windows Event Log entry
2009-01-31/a>	Swa Frantzen	Windows 7 - not so secure ?
2008-08-15/a>	Jim Clausing	OMFW 2008 reflections
2008-06-12/a>	Bojan Zdrnja	Safari on Windows - not looking good
2008-05-17/a>	Lorna Hutcheson	XP SP3 Issues
2008-05-06/a>	John Bambenek	Windows XP Service Pack 3 Released
2008-05-01/a>	Adrien de Beaupre	Windows XP SteadyState
2008-04-29/a>	Bojan Zdrnja	Windows Service Pack blocker tool
2008-04-16/a>	William Stearns	Windows XP Service Pack 3 - unofficial schedule: Apr 21-28
2007-01-03/a>	Toby Kohlenberg	VLC Media Player udp URL handler Format String Vulnerability
VISTA
2012-04-10/a>	Swa Frantzen	Windows Vista RIP
2010-03-10/a>	Rob VandenBrink	Microsoft re-release of KB973811 - attacks on Extended Protection for Authentication
2010-03-01/a>	Mark Hofman	Microsoft will drop support for Vista (without any Service Packs) on April 13 and support for XP SP2 ends July 13. (i.e. no more security updates). If you are still running these, it it time to update.
2009-07-16/a>	Guy Bruneau	Changes in Windows Security Center
2009-05-26/a>	Jason Lam	Vista & Win2K8 SP2 available
2008-05-03/a>	Deborah Hale	Windows Vista Update Causing Loss of Audio on Some Systems
2006-12-26/a>	Swa Frantzen	Vista: better security [Y/N] ?

WINDOWS VISTA

WINDOWS

VISTA