Diaries by Keyword - SANS Internet Storm Center

Handler on Duty: Xavier Mertens

Threat Level: green

Date	Author	Title
2025-03-04	Jim Clausing	Tool update: mac-robber.py
2025-02-24	Jim Clausing	Unfurl v2025.02 released
2025-02-17	Russ McRee	ModelScan - Protection Against Model Serialization Attacks
2025-01-18	Jim Clausing	New tool: immutable.py
2024-11-30	Xavier Mertens	From a Regular Infostealer to its Obfuscated Version
2024-10-24	Johannes Ullrich	Development Features Enabled in Prodcution
2024-09-30	Jim Clausing	Tool update: mac-robber.py and le-hex-to-ip.py
2024-06-15	Didier Stevens	Overview of My Tools That Handle JSON Data
2024-03-24	Jim Clausing	Tool updates: le-hex-to-ip.py and sigs.py
2023-10-05	Jim Clausing	New tool: le-hex-to-ip.py
2023-07-24	Rob VandenBrink	JQ: Another Tool We Thought We Knew
2023-07-01	Russ McRee	Sandfly Security
2023-03-25	Guy Bruneau	Microsoft Released an Update for Windows Snipping Tool Vulnerability
2023-03-22	Didier Stevens	Windows 11 Snipping Tool Privacy Bug: Inspecting PNG Files
2023-01-02	Xavier Mertens	NetworkMiner 2.8 Released
2022-10-18	Xavier Mertens	Python Obfuscation for Dummies
2022-06-23	Xavier Mertens	FLOSS 2.0 Has Been Released
2022-03-24	Xavier Mertens	Malware Delivered Through Free Sharing Tool
2021-10-08	Rob VandenBrink	Sorting Things Out - Sorting Data by IP Address
2021-06-13	Jim Clausing	Update: mac-robber.py
2021-04-22	Xavier Mertens	How Safe Are Your Docker Images?
2021-01-27	Jan Kopriva	TriOp - tool for gathering (not just) security-related data from Shodan.io (tool drop)
2020-08-25	Xavier Mertens	Keep An Eye on LOLBins
2020-06-11	Xavier Mertens	Anti-Debugging JavaScript Techniques
2020-03-13	Rob VandenBrink	Not all Ethernet NICs are Created Equal - Trying to Capture Invalid Ethernet Frames
2020-02-27	Xavier Mertens	Offensive Tools Are For Blue Teams Too
2019-10-29	Xavier Mertens	Generating PCAP Files from YAML
2019-05-10	Xavier Mertens	DSSuite - A Docker Container with Didier's Tools
2018-11-17	Xavier Mertens	Quickly Investigating Websites with Lookyloo
2018-11-11	Pasquale Stirparo	Community contribution: joining forces or multiply solutions?
2018-10-10	Xavier Mertens	"OG" Tools Remain Valuable
2018-08-15	Xavier Mertens	Truncating Payloads and Anonymizing PCAP files
2018-08-05	Didier Stevens	Video: Maldoc analysis with standard Linux tools
2018-07-30	Xavier Mertens	Exploiting the Power of Curl
2018-01-26	Xavier Mertens	Investigating Microsoft BITS Activity
2017-09-19	Jim Clausing	New tool: mac-robber.py
2017-05-26	Lorna Hutcheson	File2pcap - A new tool for your toolkit!
2017-04-19	Xavier Mertens	Hunting for Malicious Excel Sheets
2017-01-13	Xavier Mertens	Who's Attacking Me?
2017-01-12	Mark Baggett	System Resource Utilization Monitor
2017-01-12	Mark Baggett	Some tools updates
2017-01-07	Xavier Mertens	Using Security Tools to Compromize a Network
2016-02-06	Jim Clausing	More updates to kippo-log2db
2015-08-31	Xavier Mertens	Detecting file changes on Microsoft systems with FCIV
2015-02-19	Daniel Wesemann	Macros? Really?!
2015-02-07	Jim Clausing	Update to kippo-log2db.pl
2014-11-05	Russ McRee	Tool Tip: vFeed
2014-09-14	Jim Clausing	SSDEEP update
2014-08-12	Adrien de Beaupre	Host discovery with nmap
2014-08-06	Chris Mohan	Free Service to Help CryptoLocker Victims by FireEye and Fox-IT
2013-11-19	Jim Clausing	Updated dumpdns.pl
2013-10-22	Richard Porter	Greenbone and OpenVAS Scanner
2013-09-02	Guy Bruneau	Snort IDS Sensor with Sguil New ISO Released
2013-06-18	Russ McRee	EMET 4.0 is now available for download
2013-06-05	Richard Porter	Windows Sysinternals Updated http://technet.microsoft.com/en-us/sysinternals/default.aspx
2013-05-11	Lenny Zeltser	Extracting Digital Signatures from Signed Malware
2013-02-03	Lorna Hutcheson	Is it Really an Attack?
2012-12-03	John Bambenek	John McAfee Exposes His Location in Photo About His Being on Run
2012-05-06	Jim Clausing	Tool updates and Win 8
2011-08-25	Kevin Shortt	Revival of an Unpatched Apache HTTPD DoS
2011-08-22	Jim Clausing	Are your tools ready for IPv6? (part 2)
2011-08-04	Jim Clausing	Are your tools ready for IPv6? (part 1)
2010-12-30	Rick Wanner	SamuraiWTF Review over at ISSA Toolsmith
2010-12-09	Mark Hofman	Having a look at the DDOS tool used in the attacks today
2010-12-05	Jim Clausing	Updates to a couple of Sysinternals tools
2010-10-20	Jim Clausing	Tools updates - Oct 2010
2010-10-19	Rob VandenBrink	Cyber Security Awareness Month - Day 19 - Remote Access Tools
2010-10-19	Rob VandenBrink	Cyber Security Awareness Month - Day 19 - VPN and Remote Access Tools
2010-08-09	Jim Clausing	Free/inexpensive tools for monitoring systems/networks
2010-07-13	Jim Clausing	Forensic challenge results
2010-05-28	Jim Clausing	Wireshark SMB file extraction plug-in
2010-05-04	Rick Wanner	SIFT review in the ISSA Toolsmith
2010-03-30	Marcus Sachs	Zigbee Analysis Tools
2010-03-30	Pedro Bueno	Sharing the Tools
2010-01-19	Jim Clausing	Forensic challenges
2010-01-06	Johannes Ullrich	New Tool: IPv6 conversions http://isc.sans.org/tools/ipv6.html
2009-11-26	Tony Carothers	What Are You Thankful For?
2009-11-25	Jim Clausing	Tool updates
2009-11-02	Rob VandenBrink	Microsoft releases v1.02 of Enhanced Mitigation Evaluation Toolkit (EMET)
2009-09-24	Jim Clausing	A couple more tools
2009-08-13	Jim Clausing	Tools for extracting files from pcaps
2009-05-25	Jim Clausing	More tools for (US) Memorial Day
2009-04-02	Bojan Zdrnja	JavaScript insertion and log deletion attack tools
2009-03-01	Jim Clausing	Cool combination of tools
2008-12-13	Jim Clausing	Followup from last shift and some research to do.
2008-11-17	Jim Clausing	How are you coming with that IPv6 migration?
2008-11-13	Jim Clausing	Some recently updated tools
2008-09-22	Jim Clausing	More on tools/resources/blogs
2008-09-07	Lorna Hutcheson	Malware Analysis: Tools are only so good
2008-07-11	Jim Clausing	Updates to some of our favorite tools