Internet Storm Center
Sign In
Sign Up
Handler on Duty:
Didier Stevens
Threat Level:
green
Date
Author
Title
2023-04-08
Xavier Mertens
Microsoft Netlogon: Potential Upcoming Impacts of CVE-2022-38023
2023-03-28
Jesse La Grew
Network Data Collector Placement Makes a Difference
2023-02-12
Jesse La Grew
PCAP Data Analysis with Zeek
2023-01-02
Xavier Mertens
NetworkMiner 2.8 Released
2022-11-14
Jesse La Grew
Extracting 'HTTP CONNECT' Requests with Python
2022-11-02
Brad Duncan
Who put the "Dark" in DarkVNC?
2022-04-28
Johannes Ullrich
A Day of SMB: What does our SMB/RPC Honeypot see? CVE-2022-26809
2022-04-14
Johannes Ullrich
An Update on CVE-2022-26809 - MSRPC Vulnerabliity - PATCH NOW
2021-12-22
Brad Duncan
December 2021 Forensic Contest: Answers and Analysis
2021-12-08
Brad Duncan
December 2021 Forensic Challenge
2021-11-04
Brad Duncan
October 2021 Forensic Contest: Answers and Analysis
2021-10-22
Brad Duncan
October 2021 Contest: Forensic Challenge
2021-06-30
Brad Duncan
June 2021 Forensic Contest: Answers and Analysis
2021-06-17
Daniel Wesemann
Network Forensics on Azure VMs (Part #1)
2021-05-23
Didier Stevens
Video: Making Sense Of Encrypted Cobalt Strike Traffic
2021-05-19
Brad Duncan
May 2021 Forensic Contest: Answers and Analysis
2021-05-05
Brad Duncan
May 2021 Forensic Contest
2021-04-18
Didier Stevens
Decoding Cobalt Strike Traffic
2021-04-12
Didier Stevens
Example of Cleartext Cobalt Strike Traffic (Thanks Brad)
2021-04-01
Brad Duncan
April 2021 Forensic Quiz
2021-03-07
Didier Stevens
PCAPs and Beacons
2021-01-30
Guy Bruneau
PacketSifter as Network Parsing and Telemetry Tool
2021-01-05
Johannes Ullrich
Netfox Detective: An Alternative Open-Source Packet Analysis Tool
2020-12-03
Brad Duncan
Traffic Analysis Quiz: Mr Natural
2020-11-11
Brad Duncan
Traffic Analysis Quiz: DESKTOP-FX23IK5
2020-10-10
Didier Stevens
Open Packaging Conventions
2020-09-15
Brad Duncan
Traffic Analysis Quiz: Oh No... Another Infection!
2020-08-05
Brad Duncan
Traffic Analysis Quiz: What's the Malware From This Infection?
2020-07-15
Brad Duncan
Word docs with macros for IcedID (Bokbot)
2020-05-20
Brad Duncan
Microsoft Word document with malicious macro pushes IcedID (Bokbot)
2020-04-08
Brad Duncan
German malspam pushes ZLoader malware
2020-04-01
Brad Duncan
Qakbot malspam sent from an infected Windows host
2020-01-05
Didier Stevens
etl2pcapng: Convert .etl Capture Files To .pcapng Format
2019-12-24
Brad Duncan
Malspam with links to Word docs pushes IcedID (Bokbot)
2019-12-03
Brad Duncan
Ursnif infection with Dridex
2019-11-27
Brad Duncan
Finding an Agent Tesla malware sample
2019-10-29
Xavier Mertens
Generating PCAP Files from YAML
2019-10-09
Brad Duncan
What data does Vidar malware steal from an infected host?
2019-10-03
Jim Clausing
Buffer overflows found in libpcap and tcpdump
2019-05-22
Johannes Ullrich
An Update on the Microsoft Windows RDP "Bluekeep" Vulnerability (CVE-2019-0708) [now with pcaps]
2019-04-23
Didier Stevens
Malicious VBA Office Document Without Source Code
2019-04-04
Xavier Mertens
New Waves of Scans Detected by an Old Rule
2019-03-18
Didier Stevens
Wireshark 3.0.0 and Npcap: Some Remarks
2019-03-11
Didier Stevens
Wireshark 3.0.0 and Npcap
2018-11-18
Guy Bruneau
Multipurpose PCAP Analysis Tool
2018-08-15
Xavier Mertens
Truncating Payloads and Anonymizing PCAP files
2018-06-06
Xavier Mertens
Converting PCAP Web Traffic to Apache Log
2018-01-18
Xavier Mertens
Comment your Packet Captures!
2017-11-13
Guy Bruneau
jsonrpc Scanning for root account
2017-09-28
Xavier Mertens
The easy way to analyze huge amounts of PCAP data
2017-09-25
Renato Marinho
XPCTRA Malware Steals Banking and Digital Wallet User's Credentials
2017-05-26
Lorna Hutcheson
File2pcap - A new tool for your toolkit!
2017-01-28
Lorna Hutcheson
Packet Analysis - Where do you start?
2016-11-05
Xavier Mertens
Full Packet Capture for Dummies
2016-09-26
Didier Stevens
VBA and P-code
2016-04-29
Mark Hofman
New release of PCI DSS (version 3.2) is available
2015-02-11
Johannes Ullrich
Did PCI Just Kill E-Commerce By Saying SSL is Not Sufficient For Payment Info ? (spoiler: TLS!=SSL)
2014-07-03
Johannes Ullrich
Credit Card Processing in 700 Words or Less
2014-06-04
Richard Porter
p0f, Got Packets?
2014-03-12
Johannes Ullrich
Wordpress "Pingback" DDoS Attacks
2013-12-01
Richard Porter
BPF, PCAP, Binary, hex, why they matter?
2013-11-27
Rob VandenBrink
ATM Traffic + TCPDump + Video = Good or Evil?
2013-06-05
Richard Porter
Wireshark 1.10.0 Stable Released http://www.wireshark.org/download.html
2012-11-23
Rob VandenBrink
Risk Assessment Reloaded (thanks PCI ! )
2012-10-12
Mark Hofman
Cyber Security Awareness Month - Day 12 PCI DSS
2012-02-22
Johannes Ullrich
How to test OS X Mountain Lion's Gatekeeper in Lion
2012-01-25
Bojan Zdrnja
pcAnywhere users – patch now!
2011-10-23
Guy Bruneau
tcpdump and IPv6
2011-08-13
Rick Wanner
30th Anniversary of the IBM PC - What was your first?
2010-07-20
Manuel Humberto Santander Pelaez
iTunes buffer overflow vulnerability
2010-07-04
Manuel Humberto Santander Pelaez
New Winpcap Version
2010-03-27
Guy Bruneau
Create a Summary of IP Addresses from PCAP Files using Unix Tools
2009-11-25
Jim Clausing
Updates to my GREM Gold scripts and a new script
2009-08-13
Jim Clausing
Tools for extracting files from pcaps
2009-06-28
Guy Bruneau
IP Address Range Search with libpcap
2008-06-10
Swa Frantzen
Ransomware keybreaking
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Contact Us
Contact Us
About Us
Handlers
About Us
Slack Channel
Mastodon
Bluesky
X
Make the web a better place by
sharing the SANS Internet Storm Center
with others