Diaries by Keyword - SANS Internet Storm Center

Handler on Duty: Xavier Mertens

Threat Level: green

Date	Author	Title
LOCK ICON
2018-05-30	Bojan Zdrnja	The end of the lock icon
LOCK
2023-07-26/a>	Xavier Mertens	Suspicious IP Addresses Avoided by Malware Samples
2022-07-17/a>	Didier Stevens	Python: Files In Use By Another Process
2022-01-04/a>	Xavier Mertens	A Simple Batch File That Blocks People
2021-05-21/a>	Xavier Mertens	Locking Kernel32.dll As Anti-Debugging Technique
2020-08-18/a>	Rick Wanner	ISC Blocked
2020-07-23/a>	Xavier Mertens	Simple Blocklisting with MISP & pfSense
2020-04-16/a>	Johannes Ullrich	Using AppLocker to Prevent Living off the Land Attacks
2019-09-19/a>	Xavier Mertens	Blocklisting or Whitelisting in the Right Way
2018-12-26/a>	Didier Stevens	Bitcoin "Blocklists"
2018-11-13/a>	Johannes Ullrich	November 2018 Microsoft Patch Tuesday
2018-11-12/a>	Rick Wanner	Using the Neutrino ip-blocklist API to test general badness of an IP
2018-06-19/a>	Xavier Mertens	PowerShell: ScriptBlock Logging... Or Not?
2018-05-30/a>	Bojan Zdrnja	The end of the lock icon
2018-05-24/a>	Xavier Mertens	"Blocked" Does Not Mean "Forget It"
2018-02-25/a>	Guy Bruneau	Blackhole Advertising Sites with Pi-hole
2017-09-20/a>	Renato Marinho	Ongoing Ykcol (Locky) campaign
2017-09-01/a>	Brad Duncan	Malspam pushing Locky ransomware tries HoeflerText notifications for Chrome and FireFox
2017-06-02/a>	Xavier Mertens	Phishing Campaigns Follow Trends
2017-04-05/a>	Xavier Mertens	Whitelists: The Holy Grail of Attackers
2016-03-06/a>	Jim Clausing	Novel method for slowing down Locky on Samba server using fail2ban
2016-02-20/a>	Didier Stevens	Locky: JavaScript Deobfuscation
2016-01-09/a>	Xavier Mertens	Virtual Bitlocker Containers
2015-04-30/a>	Brad Duncan	Dalexis/CTB-Locker malspam campaign
2015-02-23/a>	Richard Porter	Subscribing to the DShield Top 20 on a Palo Alto Networks Firewall
2014-08-15/a>	Tom Webb	AppLocker Event Logs with OSSEC 2.8
2014-08-05/a>	Johannes Ullrich	Synolocker: Why OFFLINE Backups are important
2014-06-02/a>	John Bambenek	Gameover Zeus and Cryptolocker Takedowns
2014-05-30/a>	Johannes Ullrich	Fake Australian Electric Bill Leads to Cryptolocker
2014-02-18/a>	Johannes Ullrich	More Details About "TheMoon" Linksys Worm
2014-01-04/a>	Tom Webb	Monitoring Windows Networks Using Syslog (Part One)
2013-11-02/a>	Rick Wanner	Protecting Your Family's Computers
2013-10-22/a>	John Bambenek	Cryptolocker Update, Request for Info
2013-10-16/a>	Adrien de Beaupre	Access denied and blockliss
2013-09-03/a>	Rob VandenBrink	Is "Reputation Backscatter" a Thing?
2013-04-30/a>	Russ McRee	Apache binary backdoor adds malicious redirect to Blackhole
2013-04-23/a>	Russ McRee	Microsoft's Security Intelligence Report (SIRv14) released
2013-03-07/a>	Guy Bruneau	Apple Blocking Java Web plug-in
2012-09-01/a>	Russ McRee	Blackhole targeting Java vulnerability via fake Microsoft Services Agreement email phish
2012-06-26/a>	Daniel Wesemann	Run, Forest! (Update)
2012-04-25/a>	Daniel Wesemann	Blacole's obfuscated JavaScript
2012-04-25/a>	Daniel Wesemann	Blacole's shell code
2011-12-06/a>	Pedro Bueno	The RedRet connection...
2011-11-22/a>	Pedro Bueno	Updates on ZeroAccess and BlackHole front...
2011-11-03/a>	Richard Porter	An Apple, Inc. Sandbox to play in.
2011-05-30/a>	Johannes Ullrich	Lockheed Martin and RSA Tokens
2009-01-12/a>	William Salusky	Downadup / Conficker - MS08-067 exploit and Windows domain account lockout
2008-05-28/a>	Johannes Ullrich	Reminder: Proper use of DShield data
2006-12-18/a>	Toby Kohlenberg	ORDB Shutting down
ICON
2021-04-19/a>	Jan Kopriva	Hunting phishing websites with favicon hashes
2018-05-30/a>	Bojan Zdrnja	The end of the lock icon
2018-03-12/a>	Xavier Mertens	Payload delivery via SMB
2016-01-01/a>	Didier Stevens	Failure Is An Option
2014-04-26/a>	Guy Bruneau	Android Users - Beware of Bitcoin Mining Malware
2006-09-30/a>	Swa Frantzen	Yellow: WebViewFolderIcon setslice exploit spreading

LOCK ICON

LOCK

ICON