Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Diaries by Keyword Diaries by Keyword

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Date Author Title
2021-05-21Xavier MertensLocking Kernel32.dll As Anti-Debugging Technique
2020-08-18Rick WannerISC Blocked
2020-07-23Xavier MertensSimple Blocklisting with MISP & pfSense
2020-04-16Johannes UllrichUsing AppLocker to Prevent Living off the Land Attacks
2019-09-19Xavier MertensBlocklisting or Whitelisting in the Right Way
2018-12-26Didier StevensBitcoin "Blocklists"
2018-11-13Johannes UllrichNovember 2018 Microsoft Patch Tuesday
2018-11-12Rick WannerUsing the Neutrino ip-blocklist API to test general badness of an IP
2018-06-19Xavier MertensPowerShell: ScriptBlock Logging... Or Not?
2018-05-30Bojan ZdrnjaThe end of the lock icon
2018-05-24Xavier Mertens"Blocked" Does Not Mean "Forget It"
2017-09-20Renato MarinhoOngoing Ykcol (Locky) campaign
2017-09-01Brad DuncanMalspam pushing Locky ransomware tries HoeflerText notifications for Chrome and FireFox
2017-06-02Xavier MertensPhishing Campaigns Follow Trends
2017-04-05Xavier MertensWhitelists: The Holy Grail of Attackers
2016-03-06Jim ClausingNovel method for slowing down Locky on Samba server using fail2ban
2016-02-20Didier StevensLocky: JavaScript Deobfuscation
2016-01-09Xavier MertensVirtual Bitlocker Containers
2015-04-30Brad DuncanDalexis/CTB-Locker malspam campaign
2015-02-23Richard PorterSubscribing to the DShield Top 20 on a Palo Alto Networks Firewall
2014-08-15Tom WebbAppLocker Event Logs with OSSEC 2.8
2014-08-05Johannes UllrichSynolocker: Why OFFLINE Backups are important
2014-06-02John BambenekGameover Zeus and Cryptolocker Takedowns
2014-05-30Johannes UllrichFake Australian Electric Bill Leads to Cryptolocker
2014-02-18Johannes UllrichMore Details About "TheMoon" Linksys Worm
2014-01-04Tom WebbMonitoring Windows Networks Using Syslog (Part One)
2013-11-02Rick WannerProtecting Your Family's Computers
2013-10-22John BambenekCryptolocker Update, Request for Info
2013-10-16Adrien de BeaupreAccess denied and blockliss
2013-09-03Rob VandenBrinkIs "Reputation Backscatter" a Thing?
2013-04-30Russ McReeApache binary backdoor adds malicious redirect to Blackhole
2013-04-23Russ McReeMicrosoft's Security Intelligence Report (SIRv14) released
2013-03-07Guy BruneauApple Blocking Java Web plug-in
2012-09-01Russ McReeBlackhole targeting Java vulnerability via fake Microsoft Services Agreement email phish
2012-06-26Daniel WesemannRun, Forest! (Update)
2012-04-25Daniel WesemannBlacole's obfuscated JavaScript
2012-04-25Daniel WesemannBlacole's shell code
2011-12-06Pedro BuenoThe RedRet connection...
2011-11-22Pedro BuenoUpdates on ZeroAccess and BlackHole front...
2011-11-03Richard PorterAn Apple, Inc. Sandbox to play in.
2011-05-30Johannes UllrichLockheed Martin and RSA Tokens
2009-01-12William SaluskyDownadup / Conficker - MS08-067 exploit and Windows domain account lockout
2008-05-28Johannes UllrichReminder: Proper use of DShield data
2006-12-18Toby KohlenbergORDB Shutting down