Diaries by Keyword - SANS Internet Storm Center

Handler on Duty: Didier Stevens

Threat Level: green

Date	Author	Title
2024-08-26	Xavier Mertens	From Highly Obfuscated Batch File to XWorm and Redline
2024-05-22	Rob VandenBrink	NMAP Scanning without Scanning (Part 2) - The ipinfo API
2024-03-28	Xavier Mertens	From JavaScript to AsyncRAT
2024-02-21	Jan Kopriva	Phishing pages hosted on archive.org
2024-01-12	Xavier Mertens	One File, Two Payloads
2023-11-17	Jan Kopriva	Phishing page with trivial anti-analysis features
2023-08-23	Xavier Mertens	More Exotic Excel Files Dropping AgentTesla
2023-05-20	Xavier Mertens	Phishing Kit Collecting Victim's IP Address
2022-11-04	Xavier Mertens	Remcos Downloader with Unicode Obfuscation
2022-08-11	Xavier Mertens	InfoStealer Script Based on Curl and NSudo
2022-06-16	Xavier Mertens	Houdini is Back Delivered Through a JavaScript Dropper
2022-06-01	Jan Kopriva	HTML phishing attachments - now with anti-analysis features
2022-05-09	Xavier Mertens	Octopus Backdoor is Back with a New Embedded Obfuscated Bat File
2022-01-18	Jan Kopriva	Phishing e-mail with...an advertisement?
2022-01-04	Xavier Mertens	A Simple Batch File That Blocks People
2021-11-18	Xavier Mertens	JavaScript Downloader Delivers Agent Tesla Trojan
2021-10-21	Brad Duncan	"Stolen Images Evidence" campaign pushes Sliver-based malware
2021-09-17	Xavier Mertens	Malicious Calendar Subscriptions Are Back?
2021-05-28	Xavier Mertens	Malicious PowerShell Hosted on script.google.com
2021-05-22	Xavier Mertens	"Serverless" Phishing Campaign
2021-05-18	Xavier Mertens	From RunDLL32 to JavaScript then PowerShell
2021-04-28	Xavier Mertens	Deeper Analyzis of my Last Malicious PowerPoint Add-On
2021-03-19	Xavier Mertens	Pastebin.com Used As a Simple C2 Channel
2020-11-13	Xavier Mertens	Old Worm But New Obfuscation Technique
2020-11-09	Xavier Mertens	How Attackers Brush Up Their Malicious Scripts
2020-07-24	Xavier Mertens	Compromized Desktop Applications by Web Technologies
2020-06-11	Xavier Mertens	Anti-Debugging JavaScript Techniques
2020-06-08	Didier Stevens	Translating BASE64 Obfuscated Scripts
2020-05-08	Xavier Mertens	Using Nmap As a Lightweight Vulnerability Scanner
2020-03-27	Xavier Mertens	Malicious JavaScript Dropping Payload in the Registry
2020-02-22	Xavier Mertens	Simple but Efficient VBScript Obfuscation
2020-02-07	Xavier Mertens	Sandbox Detection Tricks & Nice Obfuscation in a Single VBScript
2019-09-26	Rob VandenBrink	Mining MAC Address and OUI Information
2019-08-30	Xavier Mertens	Malware Dropping a Local Node.js Instance
2019-08-22	Xavier Mertens	Simple Mimikatz & RDPWrapper Dropper
2019-08-09	Xavier Mertens	100% JavaScript Phishing Page
2019-06-10	Xavier Mertens	Interesting JavaScript Obfuscation Example
2019-02-21	Xavier Mertens	Simple Powershell Keyloggers are Back
2019-02-07	Xavier Mertens	Phishing Kit with JavaScript Keylogger
2018-07-13	Xavier Mertens	Cryptominer Delivered Though Compromized JavaScript File
2018-06-19	Xavier Mertens	PowerShell: ScriptBlock Logging... Or Not?
2018-06-18	Xavier Mertens	Malicious JavaScript Targeting Mobile Browsers
2018-05-01	Xavier Mertens	Diving into a Simple Maldoc Generator
2017-07-08	Xavier Mertens	A VBScript with Obfuscated Base64 Data
2017-06-22	Xavier Mertens	Obfuscating without XOR
2017-03-24	Xavier Mertens	Nicely Obfuscated JavaScript Sample
2017-03-04	Xavier Mertens	How your pictures may affect your website reputation
2017-02-12	Xavier Mertens	Analysis of a Suspicious Piece of JavaScript
2017-02-02	Rick Wanner	Multiple vulnerabilities discovered in popular printer models
2016-12-13	Xavier Mertens	UAC Bypass in JScript Dropper
2016-08-28	Guy Bruneau	Spam with Obfuscated Javascript
2016-06-18	Rob VandenBrink	Controlling JavaScript Malware Before it Runs
2016-02-20	Didier Stevens	Locky: JavaScript Deobfuscation
2016-02-07	Xavier Mertens	More Malicious JavaScript Obfuscation
2016-01-15	Xavier Mertens	JavaScript Deobfuscation Tool
2015-08-07	Tony Carothers	Critical Firefox Update Today
2015-03-12	Johannes Ullrich	Who got the bad SSL Certificate? Using tshark to analyze the SSL handshake.
2014-08-29	Johannes Ullrich	False Positive or Not? Difficult to Analyze Javascript
2014-08-12	Adrien de Beaupre	Host discovery with nmap
2014-07-02	Johannes Ullrich	Simple Javascript Extortion Scheme Advertised via Bing
2014-01-17	Russ McRee	Massive RFI scans likely a free web app vuln scanner rather than bots
2013-11-04	Manuel Humberto Santander Pelaez	When attackers use your DNS to check for the sites you are visiting
2013-08-07	Johannes Ullrich	Firefox 23 and Mixed Active Content
2013-07-20	Manuel Humberto Santander Pelaez	Do you have rogue Internet gateways in your network? Check it with nmap
2013-07-01	Manuel Humberto Santander Pelaez	Using nmap scripts to enhance vulnerability asessment results
2013-04-23	Russ McRee	Microsoft's Security Intelligence Report (SIRv14) released
2013-02-11	John Bambenek	Is This Chinese Registrar Really Trying to XSS Me?
2013-02-08	Kevin Shortt	Is it Spam or Is it Malware?
2013-02-04	Russ McRee	An expose of a recent SANS GIAC XSS vulnerability
2013-01-30	Richard Porter	Getting Involved with the Local Community
2013-01-25	Johannes Ullrich	Vulnerability Scans via Search Engines (Request for Logs)
2012-08-16	Johannes Ullrich	A Poor Man's DNS Anomaly Detection Script
2012-06-25	Guy Bruneau	Using JSDetox to Analyze and Deobfuscate Javascript
2012-05-22	Johannes Ullrich	nmap 6 released
2012-04-25	Daniel Wesemann	Blacole's obfuscated JavaScript
2012-01-22	Johannes Ullrich	Javascript DDoS Tool Analysis
2012-01-12	Rob VandenBrink	Stuff I Learned Scripting - Fun with STDERR
2012-01-03	Bojan Zdrnja	The tale of obfuscated JavaScript continues
2011-12-07	Lenny Zeltser	V8 as an Alternative to SpiderMonkey for JavaScript Deobfuscation
2011-11-10	Rob VandenBrink	Stuff I Learned Scripting - - Parsing XML in a One-Liner
2011-11-07	Rob VandenBrink	Stuff I Learned Scripting - Evaluating a Remote SSL Certificate
2011-08-24	Rob VandenBrink	Citrix Access Gateway Cross Site Scripting vulnerability and fix ==> http://support.citrix.com/article/CTX129971
2011-06-06	Manuel Humberto Santander Pelaez	Phishing: Same goal, same techniques and people still falling for such scams
2011-04-23	Manuel Humberto Santander Pelaez	Image search can lead to malware download
2011-01-24	Rob VandenBrink	Where have all the COM Ports Gone? - How enumerating COM ports led to me finding a “misplaced” Microsoft tool
2010-12-02	Kevin Johnson	Robert Hansen and our happiness
2010-07-29	Rob VandenBrink	NoScript 2.0 released
2010-07-04	Manuel Humberto Santander Pelaez	Malware inside PDF Files
2010-03-05	Kyle Haugsness	Javascript obfuscators used in the wild
2009-05-04	Tom Liston	Adobe Reader/Acrobat Critical Vulnerability
2009-04-07	Bojan Zdrnja	Advanced JavaScript obfuscation (or why signature scanning is a failure)
2009-04-02	Bojan Zdrnja	JavaScript insertion and log deletion attack tools
2009-02-25	Andre Ludwig	Adobe Acrobat pdf 0-day exploit, No JavaScript needed!
2008-07-14	Daniel Wesemann	Obfuscated JavaScript Redux
2008-06-30	Marcus Sachs	More SQL Injection with Fast Flux hosting
2008-05-20	Raul Siles	List of malicious domains inserted through SQL injection
2008-04-29	Bojan Zdrnja	Scripts in ASF files
2008-04-06	Daniel Wesemann	Advanced obfuscated JavaScript analysis
2008-04-03	Bojan Zdrnja	Mixed (VBScript and JavaScript) obfuscation