Internet Storm Center
Sign In
Sign Up
Participate: Learn more about our honeypot network
https://isc.sans.edu/tools/honeypot/
Handler on Duty:
Guy Bruneau
Threat Level:
green
Date
Author
Title
2023-03-21
Didier Stevens
String Obfuscation: Character Pair Reversal
2023-02-10
Xavier Mertens
Obfuscated Deactivation of Script Block Logging
2023-01-17
Rob VandenBrink
Finding that one GPO Setting in a Pool of Hundreds of GPOs
2023-01-04
Rob VandenBrink
Update to RTRBK - Diff and File Dates in PowerShell
2022-12-28
Rob VandenBrink
Playing with Powershell and JSON (and Amazon and Firewalls)
2022-11-09
Xavier Mertens
Another Script-Based Ransomware
2022-10-31
Rob VandenBrink
NMAP without NMAP - Port Testing and Scanning with PowerShell
2022-10-17
Xavier Mertens
Fileless Powershell Dropper
2022-10-07
Xavier Mertens
Powershell Backdoor with DGA Capability
2022-07-25
Xavier Mertens
PowerShell Script with Fileless Capability
2022-06-25
Xavier Mertens
Malicious Code Passed to PowerShell via the Clipboard
2022-06-22
Xavier Mertens
Malicious PowerShell Targeting Cryptocurrency Browser Extensions
2022-06-03
Xavier Mertens
Sandbox Evasion... With Just a Filename!
2022-05-12
Rob VandenBrink
When Get-WebRequest Fails You
2022-04-25
Xavier Mertens
Simple PDF Linking to Malicious Content
2022-03-11
Xavier Mertens
Keep an Eye on WebSockets
2021-12-21
Xavier Mertens
More Undetected PowerShell Dropper
2021-12-15
Xavier Mertens
Simple but Undetected PowerShell Backdoor
2021-11-15
Rob VandenBrink
Changing your AD Password Using the Clipboard - Not as Easy as You'd Think!
2021-10-18
Xavier Mertens
Malicious PowerShell Using Client Certificate Authentication
2021-10-01
Xavier Mertens
New Tool to Add to Your LOLBAS List: cvtres.exe
2021-05-28
Xavier Mertens
Malicious PowerShell Hosted on script.google.com
2021-05-18
Xavier Mertens
From RunDLL32 to JavaScript then PowerShell
2021-05-06
Xavier Mertens
Alternative Ways To Perform Basic Tasks
2021-04-08
Xavier Mertens
Simple Powershell Ransomware Creating a 7Z Archive of your Files
2021-02-12
Xavier Mertens
AgentTesla Dropped Through Automatic Click in Microsoft Help File
2021-01-21
Xavier Mertens
Powershell Dropping a REvil Ransomware
2021-01-10
Didier Stevens
Maldoc Analysis With CyberChef
2021-01-09
Didier Stevens
Maldoc Strings Analysis
2020-12-24
Xavier Mertens
Malicious Word Document Delivering an Octopus Backdoor
2020-11-30
Didier Stevens
Decrypting PowerShell Payloads (video)
2020-11-25
Xavier Mertens
Live Patching Windows API Calls Using PowerShell
2020-11-19
Xavier Mertens
PowerShell Dropper Delivering Formbook
2020-11-05
Xavier Mertens
Did You Spot "Invoke-Expression"?
2020-09-24
Xavier Mertens
Party in Ibiza with PowerShell
2020-09-23
Xavier Mertens
Malicious Word Document with Dynamic Content
2020-09-11
Rob VandenBrink
What's in Your Clipboard? Pillaging and Protecting the Clipboard
2020-08-28
Xavier Mertens
Example of Malicious DLL Injected in PowerShell
2020-08-20
Rob VandenBrink
Office 365 Mail Forwarding Rules (and other Mail Rules too)
2020-08-06
Xavier Mertens
A Fork of the FTCode Powershell Ransomware
2020-08-03
Xavier Mertens
Powershell Bot with Multiple C2 Protocols
2020-06-12
Xavier Mertens
Malicious Excel Delivering Fileless Payload
2020-05-15
Rob VandenBrink
Hashes in PowerShell
2020-05-15
Rob VandenBrink
SHA3 Hashes (on Windows) - Where Art Thou?
2020-04-27
Xavier Mertens
Powershell Payload Stored in a PSCredential Object
2020-04-24
Xavier Mertens
Malicious Excel With a Strong Obfuscation and Sandbox Evasion
2020-04-17
Xavier Mertens
Weaponized RTF Document Generator & Mailer in PowerShell
2020-04-10
Xavier Mertens
PowerShell Sample Extracting Payload From SSL
2020-02-28
Xavier Mertens
Show me Your Clipboard Data!
2020-01-23
Xavier Mertens
Complex Obfuscation VS Simple Trick
2019-12-26
Xavier Mertens
Bypassing UAC to Install a Cryptominer
2019-12-09
Didier Stevens
(Lazy) Sunday Maldoc Analysis
2019-09-17
Rob VandenBrink
Investigating Gaps in your Windows Event Logs
2019-07-28
Didier Stevens
Video: Analyzing Compressed PowerShell Scripts
2019-07-11
Xavier Mertens
Russian Dolls Malicious Script Delivering Ursnif
2019-07-10
Rob VandenBrink
Dumping File Contents in Hex (in PowerShell)
2019-06-28
Rob VandenBrink
Verifying Running Processes against VirusTotal - Domain-Wide
2019-06-27
Rob VandenBrink
Finding the Gold in a Pile of Pennies - Long Tail Analysis in PowerShell
2019-06-21
Rob VandenBrink
Netstat Local and Remote -new and improved, now with more PowerShell!
2019-06-03
Didier Stevens
Tip: BASE64 Encoded PowerShell Scripts are Recognizable by the Amount of Letter As
2019-05-28
Didier Stevens
Office Document & BASE64? PowerShell!
2019-04-25
Rob VandenBrink
Service Accounts Redux - Collecting Service Accounts with PowerShell
2019-04-24
Rob VandenBrink
Where have all the Domain Admins gone? Rooting out Unwanted Domain Administrators
2019-03-30
Didier Stevens
"404" is not Malware
2019-03-20
Rob VandenBrink
Using AD to find hosts that aren't in AD - fun with the [IPAddress] construct!
2019-03-10
Didier Stevens
Malicious HTA Analysis by a Reader
2019-03-10
Didier Stevens
Quick and Dirty Malicious HTA Analysis
2019-03-05
Rob VandenBrink
Powershell, Active Directory and the Windows Host Firewall
2019-02-21
Xavier Mertens
Simple Powershell Keyloggers are Back
2019-02-17
Didier Stevens
Video: Finding Property Values in Office Documents
2019-02-16
Didier Stevens
Finding Property Values in Office Documents
2019-02-10
Didier Stevens
Video: Maldoc Analysis of the Weekend
2019-02-09
Didier Stevens
Maldoc Analysis of the Weekend
2019-01-24
Brad Duncan
Malspam with Word docs uses macro to run Powershell script and steal system data
2019-01-14
Rob VandenBrink
Microsoft LAPS - Blue Team / Red Team
2019-01-02
Xavier Mertens
Malicious Script Leaking Data via FTP
2018-12-19
Xavier Mertens
Restricting PowerShell Capabilities with NetSh
2018-12-15
Didier Stevens
De-DOSfuscation Example
2018-12-12
Didier Stevens
Yet Another DOSfuscation Sample
2018-12-03
Didier Stevens
Word maldoc: yet another place to hide a command
2018-11-22
Xavier Mertens
Divided Payload in Multiple Pasties
2018-11-16
Xavier Mertens
Basic Obfuscation With Permissive Languages
2018-11-06
Xavier Mertens
Malicious Powershell Script Dissection
2018-10-26
Xavier Mertens
Dissecting Malicious Office Documents with Linux
2018-10-22
Xavier Mertens
Malicious Powershell using a Decoy Picture
2018-09-30
Didier Stevens
When DOSfuscation Helps...
2018-09-05
Xavier Mertens
Malicious PowerShell Compiling C# Code on the Fly
2018-07-30
Didier Stevens
Malicious Word documents using DOSfuscation
2018-07-26
Xavier Mertens
Windows Batch File Deobfuscation
2018-06-19
Xavier Mertens
PowerShell: ScriptBlock Logging... Or Not?
2018-06-04
Rob VandenBrink
Digging into Authenticode Certificates
2018-05-19
Xavier Mertens
Malicious Powershell Targeting UK Bank Customers
2018-05-09
Xavier Mertens
Nice Phishing Sample Delivering Trickbot
2018-05-06
Guy Bruneau
Scans Attempting to use PowerShell to Download PHP Script
2018-03-04
Xavier Mertens
The Crypto Miners Fight For CPU Cycles
2017-11-29
Xavier Mertens
Fileless Malicious PowerShell Sample
2017-11-15
Xavier Mertens
If you want something done right, do it yourself!
2017-11-11
Xavier Mertens
Keep An Eye on your Root Certificates
2017-10-31
Xavier Mertens
Some Powershell Malicious Code
2017-09-11
Russ McRee
Windows Auditing with WINspect
2017-08-23
Xavier Mertens
Malicious script dropping an executable signed by Avast?
2017-08-20
Didier Stevens
It's Not An Invoice ...
2017-08-01
Rob VandenBrink
Rooting Out Hosts that Support Older Samba Versions
2017-05-03
Bojan Zdrnja
Powershelling with exploits
2017-03-30
Xavier Mertens
Diverting built-in features for the bad
2017-02-17
Rob VandenBrink
RTRBK - Router / Switch / Firewall Backups in PowerShell (tool drop)
2016-12-02
Rob VandenBrink
Protecting Powershell Credentials (NOT)
2016-11-23
Tom Webb
Mapping Attack Methodology to Controls
2016-10-31
Russ McRee
SEC505 DFIR capture script: snapshot.ps1
2016-06-03
Tom Liston
MySQL is YourSQL
2016-04-28
Rob VandenBrink
DNS and DHCP Recon using Powershell
2016-04-15
Xavier Mertens
Windows Command Line Persistence?
2016-01-26
Rob VandenBrink
Pentest Time Machine: NMAP + Powershell + whatever tool is next
2016-01-25
Rob VandenBrink
Assessing Remote Certificates with Powershell
2016-01-19
Rob VandenBrink
Powershell and HTTPS ? It Ain?t All Rainbows And Lollipops! (or is it?)
2016-01-06
Russ McRee
toolsmith #112: Red vs Blue - PowerSploit vs PowerForensics
2015-12-14
Russ McRee
AD Security's Unofficial Guide to Mimikatz & Command Reference
2015-12-10
Rob VandenBrink
Uninstalling Problem Applications using Powershell
2015-12-09
Xavier Mertens
Enforcing USB Storage Policy with PowerShell
2015-12-02
Rob VandenBrink
Nessus and Powershell is like Chocolate and Peanut Butter!
2015-08-12
Rob VandenBrink
Windows Service Accounts - Why They're Evil and Why Pentesters Love them!
2015-06-29
Rob VandenBrink
The Powershell Diaries 2 - Software Inventory
2015-06-24
Rob VandenBrink
The Powershell Diaries - Finding Problem User Accounts in AD
2014-10-23
Russ McRee
Digest: 23 OCT 2014
2014-04-06
Basil Alawi S.Taher
"Power Worm" PowerShell based Malware
2013-02-28
Daniel Wesemann
Parsing Windows Eventlogs in Powershell
2011-11-10
Rob VandenBrink
Stuff I Learned Scripting - - Parsing XML in a One-Liner
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Forums
Auditing
Diary Discussions
Forensics
General Discussions
Industry News
Network Security
Penetration Testing
Software Security
Contact Us
Contact Us
About Us
Handlers
Slack Channel
Mastodon
Twitter
Make the web a better place by
sharing the SANS Internet Storm Center
with others