Diaries by Keyword - SANS Internet Storm Center

Handler on Duty: Didier Stevens

Threat Level: green

Date	Author	Title
2024-09-24	Johannes Ullrich	Exploitation of RAISECOM Gateway Devices Vulnerability CVE-2024-7120
2024-07-16	Guy Bruneau	Who You Gonna Call? AndroxGh0st Busters! [Guest Diary]
2023-12-20	Guy Bruneau	How to Protect your Webserver from Directory Enumeration Attack ? Apache2 [Guest Diary]
2023-12-16	Xavier Mertens	An Example of RocketMQ Exploit Scanner
2023-04-18	Johannes Ullrich	UDDIs are back? Attackers rediscovering old exploits.
2023-03-16	Xavier Mertens	Simple Shellcode Dissection
2022-12-22	Guy Bruneau	Exchange OWASSRF Exploited for Remote Code Execution
2022-06-10	Russ McRee	EPSScall: An Exploit Prediction Scoring System App
2022-05-31	Xavier Mertens	First Exploitation of Follina Seen in the Wild
2022-05-07	Guy Bruneau	Phishing PDF Received in my ISC Mailbox
2022-03-31	Johannes Ullrich	Spring Vulnerability Update - Exploitation Attempts CVE-2022-22965
2022-02-22	Xavier Mertens	A Good Old Equation Editor Vulnerability Delivering Malware
2022-02-01	Xavier Mertens	Automation is Nice But Don't Replace Your Knowledge
2022-01-25	Bojan Zdrnja	Local privilege escalation vulnerability in polkit's pkexec (CVE-2021-4034)
2021-11-26	Guy Bruneau	Searching for Exposed ASUS Routers Vulnerable to CVE-2021-20090
2021-11-20	Guy Bruneau	Hikvision Security Cameras Potentially Exposed to Remote Code Execution
2021-10-30	Guy Bruneau	Remote Desktop Protocol (RDP) Discovery
2021-10-16	Guy Bruneau	Apache is Actively Scan for CVE-2021-41773 & CVE-2021-42013
2021-10-09	Guy Bruneau	Scanning for Previous Oracle WebLogic Vulnerabilities
2021-06-26	Guy Bruneau	CVE-2019-9670: Zimbra Collaboration Suite XXE vulnerability
2021-06-12	Guy Bruneau	Fortinet Targeted for Unpatched SSL VPN Discovery Activity
2021-06-11	Xavier Mertens	Sonicwall SRA 4600 Targeted By an Old Vulnerability
2021-03-10	Rob VandenBrink	SharpRDP - PSExec without PSExec, PSRemoting without PowerShell
2021-01-15	Brad Duncan	Throwback Friday: An Example of Rig Exploit Kit
2021-01-02	Guy Bruneau	Protecting Home Office and Enterprise in 2021
2020-08-22	Guy Bruneau	Remote Desktop (TCP/3389) and Telnet (TCP/23), What might they have in Common?
2020-08-08	Guy Bruneau	Scanning Activity Include Netcat Listener
2020-07-19	Guy Bruneau	Scanning Activity for ZeroShell Unauthenticated Access
2020-07-11	Guy Bruneau	VMware XPC Client validation privilege escalation vulnerability - https://www.vmware.com/security/advisories/VMSA-2020-0017.html
2020-07-11	Guy Bruneau	Scanning Home Internet Facing Devices to Exploit
2020-05-16	Guy Bruneau	Scanning for Outlook Web Access (OWA) & Microsoft Exchange Control Panel (ECP)
2019-10-20	Guy Bruneau	Scanning Activity for NVMS-9000 Digital Video Recorder
2019-09-07	Guy Bruneau	Unidentified Scanning Activity
2019-06-25	Brad Duncan	Rig Exploit Kit sends Pitou.B Trojan
2019-06-17	Brad Duncan	An infection from Rig exploit kit
2019-04-27	Didier Stevens	Quick Tip for Dissecting CVE-2017-11882 Exploits
2019-04-22	Didier Stevens	.rar Files and ACE Exploit CVE-2018-20250
2018-12-23	Guy Bruneau	Scanning Activity, end Goal is to add Hosts to Mirai Botnet
2018-11-23	Didier Stevens	Video: Dissecting a CVE-2017-11882 Exploit
2018-09-24	Didier Stevens	Analyzing Encoded Shellcode with scdbg
2018-06-05	Xavier Mertens	Malicious Post-Exploitation Batch File
2018-05-20	Didier Stevens	DASAN GPON home routers exploits in-the-wild
2018-05-03	Renato Marinho	WebLogic Exploited in the Wild (Again)
2017-09-30	Lorna Hutcheson	Who's Borrowing your Resources?
2017-09-10	Didier Stevens	Analyzing JPEG files
2017-02-25	Guy Bruneau	Unpatched Microsoft Edge and IE Bug
2017-01-07	Xavier Mertens	Using Security Tools to Compromize a Network
2016-04-21	Daniel Wesemann	Decoding Pseudo-Darkleech (#1)
2016-03-13	Guy Bruneau	A Look at the Mandiant M-Trends 2016 Report
2015-07-27	Daniel Wesemann	Angler's best friends
2015-03-10	Brad Duncan	Threatglass has pcap files with exploit kit activity
2015-02-04	Alex Stanford	Exploit Kit Evolution - Neutrino
2014-08-16	Lenny Zeltser	Web Server Attack Investigation - Installing a Bot and Reverse Shell via a PHP Vulnerability
2014-07-22	Daniel Wesemann	Ivan's Order of Magnitude
2014-02-28	Daniel Wesemann	Fiesta!
2014-02-13	Johannes Ullrich	Linksys Worm ("TheMoon") Captured
2014-02-12	Johannes Ullrich	Suspected Mass Exploit Against Linksys E1000 / E1200 Routers
2013-10-01	John Bambenek	*Metaspoit Releases Module to Exploit Unpatched IE Vuln CVE-2013-3893
2013-09-20	Russ McRee	Threat Level Yellow: Protection recommendations regarding Internet Explorer exploits in the wild
2013-05-22	Adrien de Beaupre	Privilege escalation, why should I care?
2013-02-21	Pedro Bueno	NBC site redirecting to Exploit kit
2013-02-17	Guy Bruneau	Adobe Acrobat and Reader Security Update Planned this Week
2013-02-13	Swa Frantzen	More adobe reader and acrobat (PDF) trouble
2013-01-05	Guy Bruneau	Adobe ColdFusion Security Advisory
2013-01-04	Guy Bruneau	"FixIt" Patch for CVE-2012-4792 Bypassed
2012-12-10	Johannes Ullrich	Your CPA License has not been revoked
2012-12-02	Guy Bruneau	Zero Day MySQL Buffer Overflow
2012-08-05	Daniel Wesemann	Phishing for Payroll with unpatched Java
2012-07-19	Mark Baggett	A Heap of Overflows?
2012-06-18	Guy Bruneau	CVE-2012-1875 exploit is now available
2012-05-05	Tony Carothers	Vulnerability Exploit for Snow Leopard
2012-04-26	Richard Porter	Packetstorm Security and Metasploit have Exploit code for MS12-027
2012-03-11	Johannes Ullrich	An Analysis of Jester's QR Code Attack. (Guest Diary)
2011-12-08	Adrien de Beaupre	Newest Adobe Flash 11.1.102.55 and Previous 0 Day Exploit
2011-12-06	Pedro Bueno	The RedRet connection...
2011-11-22	Pedro Bueno	Updates on ZeroAccess and BlackHole front...
2011-10-13	Johannes Ullrich	Critical OS X Vulnerability Patched
2011-05-06	Richard Porter	Updated Exploit Index for Microsoft
2011-03-29	Daniel Wesemann	Malware emails with fake cellphone invoice
2011-03-15	Lenny Zeltser	Limiting Exploit Capabilities by Using Windows Integrity Levels
2011-03-09	Kevin Shortt	AVG Anti-Virus 2011 False Positives - Luhe.Exploit.PDF.B
2011-02-16	Jason Lam	Windows 0-day SMB mrxsmb.dll vulnerability
2010-12-27	Johannes Ullrich	Various sites "Owned and Exposed"
2010-12-13	Deborah Hale	The Week to Top All Weeks
2010-12-02	Kevin Johnson	ProFTPD distribution servers compromised
2010-11-01	Manuel Humberto Santander Pelaez	CVE-2010-3654 exploit in the wild
2010-09-26	Daniel Wesemann	PDF analysis paper
2010-09-14	Adrien de Beaupre	Adobe Flash v10.1.82.76 and earlier vulnerability in-the-wild
2010-09-13	Manuel Humberto Santander Pelaez	Enhanced Mitigation Experience Toolkit can block Adobe 0-day exploit
2010-09-13	Manuel Humberto Santander Pelaez	Adobe SING table parsing exploit (CVE-2010-2883) in the wild
2010-09-02	Daniel Wesemann	SDF, please!
2010-08-22	Manuel Humberto Santander Pelaez	Anatomy of a PDF exploit
2010-06-15	Manuel Humberto Santander Pelaez	Microsoft Windows Help and Support Center vulnerability (CVE 2010-1885) exploit in the wild
2010-06-06	Manuel Humberto Santander Pelaez	Nice OS X exploit tutorial
2010-05-23	Manuel Humberto Santander Pelaez	Oracle Java SE and Java for Business 'MixerSequencer' Remote Code Execution Vulnerability
2010-04-10	Andre Ludwig	New bug/exploit for javaws
2010-02-08	Adrien de Beaupre	When is a 0day not a 0day? Fake OpenSSh exploit, again.
2010-01-24	Pedro Bueno	Outdated client applications
2010-01-19	Johannes Ullrich	Unpatched Microsoft Windows (all versions) Privilege Escalation Vulnerability Released
2010-01-12	Adrien de Beaupre	PoC for CVE-2009-0689 MacOS X 10.5/10.6 vulnerability
2009-12-05	Guy Bruneau	Java JRE Buffer and Integer Overflow
2009-11-16	G. N. White	Reports of a successful exploit of the SSL Renegotiation Vulnerability?
2009-11-14	Adrien de Beaupre	Microsoft advisory for Windows 7 / Windows Server 2008 R2 Remote SMB DoS Exploit released
2009-11-12	Rob VandenBrink	Windows 7 / Windows Server 2008 Remote SMB Exploit
2009-10-21	Pedro Bueno	WordPress Hardening
2009-09-16	Bojan Zdrnja	SMB2 remote exploit released
2009-08-31	Pedro Bueno	Microsoft IIS 5/6 FTP 0Day released
2009-08-18	Bojan Zdrnja	MS09-039 exploit in the wild?
2009-07-16	Bojan Zdrnja	OWC exploits used in SQL injection attacks
2009-07-15	Bojan Zdrnja	Make sure you update that Java
2009-07-13	Adrien de Beaupre	* Infocon raised to yellow for Excel Web Components ActiveX vulnerability
2009-07-10	Guy Bruneau	WordPress Fixes Multiple vulnerabilities
2009-07-09	Bojan Zdrnja	OpenSSH 0day FUD
2009-06-12	Adrien de Beaupre	Green Dam
2009-06-08	Chris Carboni	Kloxo (formerly Lxadmin) Vulnerability Exploited
2009-05-06	Tom Liston	Follow The Bouncing Malware: Gone With the WINS
2009-04-24	Pedro Bueno	Did you check your conference goodies?
2009-04-14	Swa Frantzen	VMware exploits - just how bad is it ?
2009-03-19	Mark Hofman	Browsers Tumble at CanSecWest
2009-03-18	Adrien de Beaupre	Adobe Security Bulletin Adobe Reader and Acrobat
2009-02-25	Andre Ludwig	Adobe Acrobat pdf 0-day exploit, No JavaScript needed!
2009-02-25	Andre Ludwig	Preview/Iphone/Linux pdf issues
2008-08-26	John Bambenek	Active attacks using stolen SSH keys (UPDATED)
2008-05-07	Jim Clausing	More on automated exploit generation
2008-05-05	John Bambenek	Defenses Against Automated Patch-Based Exploit Generation
2008-04-24	Maarten Van Horenbeeck	Targeted attacks using malicious PDF files
2008-04-18	John Bambenek	The Patch Window is Gone: Automated Patch-Based Exploit Generation
2008-04-10	Deborah Hale	Symantec Threatcon Level 2
2006-11-20	Joel Esler	MS06-070 Remote Exploit