ISC Handlers - SANS Internet Storm Center

<!doctype html><html lang="en"><head><title>ISC Handlers - SANS Internet Storm Center</title> <meta charset="utf-8"> <meta name="viewport" content="" /> <meta property="og:site_name" content="SANS Internet Storm Center" /> <meta property="og:locale" content="en_US" /> <meta property="og:type" content="website" /> <meta property="og:url" content="http://www.dshield.org/handler_list.html" /> <meta property="og:title" content="ISC Handlers - SANS Internet Storm Center" /> <meta property="og:image" content="https://isc.sans.edu/images/logos/isc/large.png" /> <meta property="twitter:site" content="@sans_isc" /> <meta property="twitter:creator" content="@sans_isc" /> <meta property="twitter:card" content="summary_large_image" /> <meta property="twitter:image" content="https://isc.sans.edu/images/logos/isc/large.png" > <meta property="twitter:image:alt" content="SANS Internet Storm Center" /> <meta property="twitter:title" content="ISC Handlers - SANS Internet Storm Center" /> <meta name="description" content="Get to know the Internet Storm Center's volunteer incident handlers who identify, analyze, and report on emerging cyber threats&period;"> <meta property="og:description" content="Get to know the Internet Storm Center's volunteer incident handlers who identify, analyze, and report on emerging cyber threats."> <meta name="AUTHOR" content="SANS Internet Storm Center"/> <meta name="KEYWORDS" content="isc, sans, internet, security, threat, worm, virus, phishing, hacking, vulnerability, podcast"/> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="shortcut icon" href="/dshieldfavicon.ico" /> <link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png"> <link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png"> <link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png"> <link rel="manifest" href="/site.webmanifest"> <link rel="canonical" href="http://www.dshield.org/handler_list.html" /> <link type="text/css" rel="stylesheet" href="/css/screen.css" /> <link type="text/css" rel="stylesheet" href="/css/msft.css" /> <link type="text/css" rel="stylesheet" href="/css/fontawesome.css" />  <link type="text/css" rel="stylesheet" href="/css/v3.css" /> <link rel="stylesheet" type="text/css" href="/css/bootstrap-modal/bootstrap-modal.min.css"/> <script type="text/javascript" src="/js/jquery-3.7.0.min.js"></script> <script language="javascript" type="text/javascript" src="https://isc.sans.edu/js/count.js"></script> <script src="/js/bootstrap-modal/bootstrap.min.js"></script> <script type="application/ld+json"> { "@context": "https://schema.org", "@type": "Organization", "name": "SANS Internet Storm Center", "url": "https://isc.sans.edu/", "logo": "https://isc.sans.edu/images/logos/isc/large.png", "email": "handlers@isc.sans.edu", "address": { "streetAddress": "8120 Woodmont Avenue, Suite 310", "addressLocality": "Bethesda", "addressRegion": "Maryland", "addressCountry": "USA", "postalCode": "20814" }, "sameAs": [ "https://twitter.com/sans_isc" ] } </script> <style> .handlerGrid { list-style:none; } .handlerGrid li { display:inline-block; width:128px; height:192px; float:left; text-align:center; } .handlerGrid li img { margin:0 auto; } </style> </head> <body class="dshield"> <div id="container" class="isc-container"> <header id="isc-header"> <div class="eupopup eupopup-top"></div> <h1> <a href="/"> <svg width="80" height="70" viewBox="0 45 125 125" fill="none" xmlns="http://www.w3.org/2000/svg" baseProfile="tiny" overflow="visible"> <path fill="#7A1502" d="M81.5 105.6h1.4v16.1h-1.4zm-8.2-15.2h31.8v1H73.3z"/><path fill="#FFF" d="M0 0h125v125H0z"/><path fill="#7A1502" d="M18.9 78.6h12.8v1.3H26v14.8h-1.5V79.9h-5.6z"/><path fill="none" d="M32.4 83.9c-2.3 0-3.6 2-3.8 4.2h7.5c-.1-2.2-1.4-4.2-3.7-4.2zm43.3 0c-2.7 0-4.1 2.5-4.1 5s1.4 5 4.1 5 4.1-2.5 4.1-5-1.3-5-4.1-5z"/><path fill="#7A1502" d="M32.4 82.7c-3.7 0-5.3 3.1-5.3 6.2 0 3.3 1.6 6.2 5.3 6.2 2.9 0 4.5-1.5 5.1-4.2H36c-.5 1.8-1.6 3-3.7 3-2.7 0-3.8-2.5-3.8-4.6h9c.1-3.3-1.4-6.6-5.1-6.6zm-3.9 5.4c.2-2.1 1.5-4.2 3.8-4.2s3.6 2 3.7 4.2h-7.5zm15.4-4.2c1.9 0 2.9 1.1 3.3 2.8h1.4c-.3-2.7-2.2-4-4.7-4-3.6 0-5.5 2.8-5.5 6.2 0 3.3 1.9 6.2 5.5 6.2 2.6 0 4.4-1.7 4.8-4.5h-1.4c-.2 1.9-1.6 3.3-3.4 3.3-2.7 0-4.1-2.5-4.1-5s1.3-5 4.1-5zm5.4-5.3v16.1h1.4v-6.8c0-2.3 1.4-4 3.7-4 2.3 0 3 1.5 3 3.5v7.3h1.4v-7.5c0-2.8-1-4.5-4.3-4.5-1.6 0-3.2.9-3.7 2.3v-6.5h-1.5zM60 83.1v11.6h1.4v-6.8c0-2.3 1.4-4 3.7-4 2.3 0 3 1.5 3 3.5v7.3h1.4v-7.5c0-2.8-1-4.5-4.3-4.5-1.6 0-3.2.9-3.7 2.3v-2H60zm15.7-.4c-3.6 0-5.5 2.8-5.5 6.2 0 3.3 1.9 6.2 5.5 6.2s5.5-2.8 5.5-6.2c0-3.3-1.9-6.2-5.5-6.2zm0 11.2c-2.7 0-4.1-2.5-4.1-5s1.4-5 4.1-5 4.1 2.5 4.1 5-1.3 5-4.1 5zM82 78.6h1.4v16.1H82z"/><path fill="none" d="M101.1 83.9c-2.7 0-3.8 2.4-3.8 4.8 0 2.3 1.2 4.6 3.8 4.6 2.5 0 3.7-2.3 3.7-4.6.1-2.2-1-4.8-3.7-4.8zm-7.3 5c0-2.5-1.4-5-4.1-5-2.7 0-4.1 2.5-4.1 5s1.4 5 4.1 5c2.8 0 4.1-2.5 4.1-5z"/><path fill="#7A1502" d="M95.2 88.9c0-3.3-1.9-6.2-5.5-6.2s-5.5 2.8-5.5 6.2c0 3.3 1.9 6.2 5.5 6.2s5.5-2.9 5.5-6.2zm-9.6 0c0-2.5 1.4-5 4.1-5 2.7 0 4.1 2.5 4.1 5s-1.4 5-4.1 5c-2.7 0-4.1-2.5-4.1-5zm15.5 9.3c-1.6 0-3.1-.6-3.4-2.3h-1.4c.2 2.5 2.5 3.5 4.8 3.5 3.8 0 5.1-2.1 5.2-5.6V83.1h-1.4v2c-.6-1.3-2-2.3-3.7-2.3-3.4 0-5.3 2.7-5.3 5.9 0 3.3 1.5 6 5.3 6 1.7 0 3-1 3.7-2.4v1.6c0 2.7-1.2 4.3-3.8 4.3zm0-4.8c-2.6 0-3.8-2.3-3.8-4.6 0-2.4 1.1-4.8 3.8-4.8 2.7 0 3.7 2.5 3.7 4.8.1 2.3-1.2 4.6-3.7 4.6zm11-.4-3.8-9.9h-1.5l4.6 11.6-.5 1.3c-.5 1.1-.8 1.8-2 1.8-.3 0-.6 0-1-.1v1.2c.2.1.5.1 1.1.1 1.8 0 2.3-.6 3.1-2.5l5.1-13.4h-1.4l-3.7 9.9zm-80.6 3.8H33v16.1h-1.5zm3.3 4.4v11.6h1.4V106c0-2.3 1.4-4 3.7-4 2.3 0 3 1.5 3 3.5v7.3h1.4v-7.5c0-2.8-1-4.5-4.3-4.5-1.6 0-3.2.9-3.7 2.3v-2h-1.5zM49.7 112c-1.9 0-3.3-1-3.4-2.9h-1.4c.2 2.8 2.1 4.1 4.8 4.1 2.2 0 4.7-1 4.7-3.5 0-2-1.7-3-3.3-3.2l-1.9-.4c-1-.2-2.4-.7-2.4-2 0-1.5 1.5-2 2.8-2 1.6 0 3 .8 3 2.5H54c-.1-2.5-1.9-3.7-4.3-3.7-2.1 0-4.4.9-4.4 3.3 0 2 1.4 2.6 3.2 3.1l1.8.4c1.3.3 2.5.8 2.5 2.1.1 1.6-1.7 2.2-3.1 2.2zm7.6-14.2h-1.4v3.5h-2v1.2h2v8c0 2 .6 2.6 2.5 2.6h1.3v-1.2c-.4 0-.8.1-1.2.1-1-.1-1.2-.6-1.2-1.5v-7.8h2.4v-1.2h-2.4v-3.7zm3.5 15.1h1.4v-11.6h-1.4v11.6zm0-13.8h1.4v-2.3h-1.4v2.3z"/><path fill="none" d="M69 63.4h4.5l-2.2-13.7zm23 38.7c-2.3 0-3.6 2-3.8 4.2h7.5c-.1-2.2-1.4-4.2-3.7-4.2z"/><path fill="#7A1502" d="M69.2 102.4v-1.2h-2.4v-3.5h-1.4v3.5h-2v1.2h2v8c0 2 .6 2.6 2.5 2.6h1.3v-1.2c-.4 0-.8.1-1.2.1-1-.1-1.1-.6-1.1-1.5v-7.8h2.3zm10.5 10.5v-11.6h-1.4v6.1c0 2.4-1.1 4.7-3.5 4.7-2.3 0-3-1.1-3.1-3.2v-7.6h-1.4v7.6c0 2.7 1.1 4.4 4.1 4.4 1.7 0 3.3-.9 4-2.4v2.1h1.3zm6.4-10.5v-1.2h-2.4v-3.5h-1.4v3.5h-2v1.2h2v8c0 2 .6 2.6 2.5 2.6h1.3v-1.2c-.4 0-.8.1-1.2.1-1-.1-1.2-.6-1.2-1.5v-7.8h2.4zm5.9-1.5c-3.7 0-5.3 3.1-5.3 6.2 0 3.3 1.6 6.2 5.3 6.2 2.9 0 4.5-1.5 5.1-4.2h-1.4c-.5 1.8-1.6 3-3.7 3-2.7 0-3.8-2.5-3.8-4.6h9c0-3.3-1.5-6.6-5.2-6.6zm-3.9 5.4c.2-2.1 1.5-4.2 3.8-4.2s3.6 2 3.7 4.2h-7.5zM60.2 71.7c-1.3 0-2.4-.9-3.3-2.6-.9-1.7-1.4-4-1.5-6.8h-.7v10h.7l1-1.9c.6.7 1.3 1.3 1.9 1.6.6.3 1.3.5 2.1.5 1.3 0 2.4-.6 3.3-1.9.8-1.3 1.2-2.9 1.2-5 0-1.4-.3-2.8-.8-4.3-.6-1.5-1.6-3.3-3.1-5.6-.4-.5-.9-1.3-1.5-2.2-1.8-2.5-2.6-4.3-2.6-5.5 0-.8.2-1.5.6-2 .4-.5.9-.7 1.6-.7 1 0 1.9.7 2.6 2.2.7 1.5 1.2 3.5 1.4 6.1h.7v-9h-.7l-.8 1.8c-.4-.6-.9-1-1.5-1.4s-1.1-.5-1.7-.5c-1.2 0-2.1.6-2.9 1.7-.8 1.1-1.1 2.6-1.1 4.5 0 1.5.2 3 .7 4.4.5 1.4 1.6 3.3 3.2 5.8 1.3 2 2.3 3.6 2.8 4.9.6 1.3.8 2.4.8 3.3 0 .8-.2 1.5-.6 2-.6.3-1.1.6-1.8.6zm19.7-.5h-1l-4.6-26.4h-3.2l-4.2 22.6c0 .1 0 .2-.1.3-.4 2.1-1.2 3.3-2.3 3.5v.8h5.6v-.8c-.8 0-1.3-.2-1.6-.4-.3-.2-.5-.7-.5-1.2V69c0-.2 0-.4.1-.7l.6-3.9h4.9l1.1 6.9h-1.9v.7h7l.1-.8zM69 63.4l2.3-13.7 2.2 13.7H69zm12.5 6.9c-.3.5-.8.8-1.6.9v.8H86v-.8c-1.1-.1-1.8-.4-2.3-1-.4-.6-.6-1.6-.6-3.1V49.5L92.4 72h.8V48.8c0-1.3.1-2.1.4-2.5.3-.4.8-.6 1.5-.6h.1v-.8h-5.7v.8c.9 0 1.5.3 1.9.8.4.6.6 1.4.6 2.7v12.1l-6.6-16.4h-5.2v.8H82v21.7c0 1.5-.2 2.5-.5 2.9zm21.3-14.7c-.4-.5-.9-1.3-1.5-2.2-1.8-2.5-2.6-4.3-2.6-5.5 0-.8.2-1.5.6-2 .4-.5.9-.7 1.6-.7 1 0 1.9.7 2.6 2.2.7 1.5 1.2 3.5 1.4 6.1h.7v-9h-.7l-.8 1.8c-.4-.6-.9-1-1.5-1.4-.6-.3-1.1-.5-1.7-.5-1.2 0-2.1.6-2.9 1.7-.8 1.1-1.1 2.6-1.1 4.5 0 1.5.2 3 .7 4.4.5 1.4 1.6 3.3 3.2 5.8 1.3 2 2.3 3.6 2.8 4.9.6 1.3.8 2.4.8 3.3 0 .8-.2 1.5-.6 2-.4.5-1 .8-1.7.8-1.3 0-2.4-.9-3.3-2.6-.9-1.7-1.4-4-1.5-6.8h-.7v10h.7l1-1.9c.6.7 1.3 1.3 1.9 1.6.6.3 1.3.5 2.1.5 1.3 0 2.4-.6 3.3-1.9.8-1.3 1.2-2.9 1.2-5 0-1.4-.3-2.8-.8-4.3-.6-1.7-1.7-3.5-3.2-5.8z"/><path fill="#7A1502" d="M73.8 63.4h31.9v.9H73.8z"/> </svg> </a> <span id="pagetitle"> <a href="/">Internet Storm Center</a></span> </h1> <div class="isc-signin"> <form id="headerSearch" name="searchform" action="/search.html" method="get"> <input type="text" name="q" placeholder="Search...(IP, Port..)" /> <input type="hidden" id="token" name="token" value="9139be8231ecd74fad232f242bb6ab01328257ab" /> <input class="btn btn-primary" type="submit" name="Search" value="Search"> </form> <div id="smallHeaderLogin"> <a class="btn btn-primary" href="/login.html">Sign In</a> <a class="btn" href="/register.html">Sign Up</a> <a href="#navigation"></a> </div> </header> <div id="content"> <div class="wrapper"> <div class="isc-alerts"> <div> <svg style="width:20px;height:20px" viewBox="0 0 24 24"> <path fill="currentColor" d="M12,2A10,10 0 0,0 2,12A10,10 0 0,0 12,22A10,10 0 0,0 22,12A10,10 0 0,0 12,2M7.07,18.28C7.5,17.38 10.12,16.5 12,16.5C13.88,16.5 16.5,17.38 16.93,18.28C15.57,19.36 13.86,20 12,20C10.14,20 8.43,19.36 7.07,18.28M18.36,16.83C16.93,15.09 13.46,14.5 12,14.5C10.54,14.5 7.07,15.09 5.64,16.83C4.62,15.5 4,13.82 4,12C4,7.59 7.59,4 12,4C16.41,4 20,7.59 20,12C20,13.82 19.38,15.5 18.36,16.83M12,6C10.06,6 8.5,7.56 8.5,9.5C8.5,11.44 10.06,13 12,13C13.94,13 15.5,11.44 15.5,9.5C15.5,7.56 13.94,6 12,6M12,11A1.5,1.5 0 0,1 10.5,9.5A1.5,1.5 0 0,1 12,8A1.5,1.5 0 0,1 13.5,9.5A1.5,1.5 0 0,1 12,11Z" /> </svg> Handler on Duty: <a title="Johannes Ullrich" href="/handler_list.html#johannes-ullrich">Johannes Ullrich</a> </div> <div>Threat Level: <a href="/infocon.html" style="text-transform: capitalize; color: green">green</a></div> </div> <div class="main-content"><div class="isc-card-main"> <div class="card-body"> <h1>Current Handlers</h1> <p>Volunteer incident handlers donate their valuable time to analyze detects and anomalies, and post a daily diary of their analysis and thoughts on the Storm Center website. Below you will find Handler details including personal pages, additional scripts or papers, or whatever the respective handler is interested in offering. All content is owned by the respective handler. <br/><br/> Interested in becoming a handler? A roadmap is available to <a href="/handlerroadmap.html">learn how</a>. </p> <ul class="handlerGrid"> <li><a href="#mark-baggett"><img src="/images/design/custom/headshots/mark-baggett.jpg" alt="Baggett, Mark" class="headshot"><br/>Mark Baggett</a></li><li><a href="#john-bambenek"><img src="/images/design/custom/headshots/john-bambenek.jpg" alt="Bambenek, John" class="headshot"><br/>John Bambenek</a></li><li><a href="#guy-bruneau"><img src="/images/design/custom/headshots/guy-bruneau.jpg" alt="Bruneau, Guy" class="headshot"><br/>Guy Bruneau</a></li><li><a href="#tony-carothers"><img src="/images/design/custom/headshots/tony-carothers.jpg" alt="Carothers, Tony" class="headshot"><br/>Tony Carothers</a></li><li><a href="#jim-clausing"><img src="/images/design/custom/headshots/jim-clausing.jpg" alt="Clausing, Jim" class="headshot"><br/>Jim Clausing</a></li><li><a href="#scott-fendley"><img src="/images/design/custom/headshots/scott-fendley.jpg" alt="Fendley, Scott" class="headshot"><br/>Scott Fendley</a></li><li><a href="#jan-kopriva"><img src="/images/design/custom/headshots/jan-kopriva.jpg" alt="Kopriva, Jan" class="headshot"><br/>Jan Kopriva</a></li><li><a href="#jesse-lagrew"><img src="/images/design/custom/headshots/jesse-lagrew.jpg" alt="La Grew, Jesse" class="headshot"><br/>Jesse La Grew</a></li><li><a href="#renato-marinho"><img src="/images/design/custom/headshots/renato-marinho.jpg" alt="Marinho, Renato" class="headshot"><br/>Renato Marinho</a></li><li><a href="#russ-mcree"><img src="/images/design/custom/headshots/russ-mcree.jpg" alt="McRee, Russ" class="headshot"><br/>Russ McRee</a></li><li><a href="#xavier-mertens"><img src="/images/design/custom/headshots/xavier-mertens.jpg" alt="Mertens, Xavier" class="headshot"><br/>Xavier Mertens</a></li><li><a href="#richard-porter"><img src="/images/design/custom/headshots/richard-porter.jpg" alt="Porter, Richard" class="headshot"><br/>Richard Porter</a></li><li><a href="#manuelhumberto-santanderpelaez"><img src="/images/design/custom/headshots/manuelhumberto-santanderpelaez.jpg" alt="Santander Pelaez, Manuel Humberto" class="headshot"><br/>Manuel Humberto Santander Pelaez</a></li><li><a href="#didier-stevens"><img src="/images/design/custom/headshots/didier-stevens.jpg" alt="Stevens, Didier" class="headshot"><br/>Didier Stevens</a></li><li><a href="#yeeching-tok"><img src="/images/design/custom/headshots/yeeching-tok.jpg" alt="Tok, Yee Ching" class="headshot"><br/>Yee Ching Tok</a></li><li><a href="#johannes-ullrich"><img src="/images/design/custom/headshots/johannes-ullrich.jpg" alt="Ullrich, Johannes" class="headshot"><br/>Johannes Ullrich</a></li><li><a href="#rob-vandenbrink"><img src="/images/design/custom/headshots/rob-vandenbrink.jpg" alt="VandenBrink, Rob" class="headshot"><br/>Rob VandenBrink</a></li><li><a href="#tom-webb"><img src="/images/design/custom/headshots/tom-webb.jpg" alt="Webb, Tom" class="headshot"><br/>Tom Webb</a></li><li><a href="#bojan-zdrnja"><img src="/images/design/custom/headshots/bojan-zdrnja.jpg" alt="Zdrnja, Bojan" class="headshot"><br/>Bojan Zdrnja</a></li> </ul> <div class="top-link"><a href="#">Top of page</a></div> <div class='accordion'> <h2 id="director"><span id="mark-baggett">Mark Baggett</span></h2><div class="bio"><img src="/images/design/custom/headshots/mark-baggett.jpg" alt="Baggett, Mark" class="headshot"> <table style="width:300px;"> <tr> <th style="text-align:left">Twitter:</th> <td><a target="_blank" href="http://www.twitter.com/@markbaggett">@markbaggett</a></td></tr> </table> <h3 class='title'>Recent Diaries:</h3> <ul> <li><a href="/forums/diary/domainstatspy+a+web+api+for+SEIM+phishing+hunts/21943/">domain_stats.py a web api for SEIM phishing hunts </a> </li> <li><a href="/forums/diary/System+Resource+Utilization+Monitor/21927/">System Resource Utilization Monitor</a> </li> <li><a href="/forums/diary/Some+tools+updates/21925/">Some tools updates</a> </li> <li><a href="/forums/diary/Powershell+Malware+No+Hard+drive+Just+hard+times/20823/">Powershell Malware - No Hard drive, Just hard times</a> </li> <li><a href="/forums/diary/Offensive+Countermeasures+against+stolen+passswords/20455/">Offensive Countermeasures against stolen passswords</a> </li> </ul><a href="/handler_list.html?author=948564781&fname=Mark&lname=Baggett">View all diaries by this handler</a> </div> <div class="top-link"><a href="#">Top of page</a></div><h2 id="director"><span id="john-bambenek">John Bambenek</span></h2><div class="bio"><img src="/images/design/custom/headshots/john-bambenek.jpg" alt="Bambenek, John" class="headshot"> <p>John Bambenek is President of Bambenek Labs, a threat intelligence and digital investigations firm. He has spent 20 years in the industry helping research emerging threats and leading large-scale intelligence sharing communities to engage in targeted disruption of criminal activities online. He has developed a variety of techniques to conduct digital surveillance that is used to monitor domain generation algorithms and malware configurations which are used by thousands of organizations world-wide. In addition, he tracks financial transactions of various neonazi and supremacist individuals and organizations. He has spoken at conferences around the world, has published two books in addition to several book chapters and articles, and he once appears on the Daily Show with Jon Stewart.</p> <table style="width:300px;"> <tr> <th style="text-align:left">Twitter:</th> <td><a target="_blank" href="http://www.twitter.com/bambenek">@bambenek</a></td></tr> </table> <h3 class='title'>Recent Diaries:</h3> <ul> <li><a href="/forums/diary/Prophetic+Post+by+Intern+on+CVE20231389+Foreshadows+Mirai+Botnet+Expansion+Today/30442/">Prophetic Post by Intern on CVE-2023-1389 Foreshadows Mirai Botnet Expansion Today</a> </li> <li><a href="/forums/diary/Writing+Yara+Rules+for+Fun+and+Profit+Notes+from+the+FireEye+Breach+Countermeasures/26870/">Writing Yara Rules for Fun and Profit: Notes from the FireEye Breach Countermeasures</a> </li> <li><a href="/forums/diary/Hunting+for+SigRed+Exploitation/26362/">Hunting for SigRed Exploitation</a> </li> <li><a href="/forums/diary/VMWare+Security+Advisory+on+DoS+Vulnerability+in+ESXi/25112/">VMWare Security Advisory on DoS Vulnerability in ESXi</a> </li> <li><a href="/forums/diary/MSFT+July+2019+Patch+Tuesday/25110/">MSFT July 2019 Patch Tuesday</a> </li> </ul><a href="/handler_list.html?author=466645&fname=John&lname=Bambenek">View all diaries by this handler</a> </div> <div class="top-link"><a href="#">Top of page</a></div><h2 id="director"><span id="guy-bruneau">Guy Bruneau</span></h2><div class="bio"><img src="/images/design/custom/headshots/guy-bruneau.jpg" alt="Bruneau, Guy" class="headshot"> <p>Guy has a B.A. (IT) from University of Quebec and holds the prestigious GIAC Security Expert (GSE) certification as well as the GIAC GSEC(G), GCIA(G), GCIH(G), GCUX(G), GCFA, GPEN certifications.</p> <table style="width:300px;"> <tr> <th style="text-align:left">Twitter:</th> <td><a target="_blank" href="http://www.twitter.com/guybruneau">@guybruneau</a></td></tr> </table> <p>Click to  <a href="/tools/handler_created#guybruneau">View Handler Created Tools</a></p><h3 class='title'>Recent Diaries:</h3> <ul> <li><a href="/forums/diary/File+Hashes+Analysis+with+Power+BI+from+Data+Stored+in+DShield+SIEM/31764/">File Hashes Analysis with Power BI from Data Stored in DShield SIEM</a> </li> <li><a href="/forums/diary/DShield+Traffic+Analysis+using+ELK/31742/">DShield Traffic Analysis using ELK</a> </li> <li><a href="/forums/diary/Using+ESQL+in+Kibana+to+Queries+DShield+Honeypot+Logs/31704/">Using ES|QL in Kibana to Queries DShield Honeypot Logs</a> </li> <li><a href="/forums/diary/DShield+SIEM+Docker+Updates/31680/">DShield SIEM Docker Updates</a> </li> <li><a href="/forums/diary/PCAPs+or+It+Didnt+Happen+Exposing+an+Old+Netgear+Vulnerability+Still+Active+in+2025+Guest+Diary/31638/">PCAPs or It Didn't Happen: Exposing an Old Netgear Vulnerability Still Active in 2025 [Guest Diary]</a> </li> </ul><a href="/handler_list.html?author=948544741&fname=Guy&lname=Bruneau">View all diaries by this handler</a> </div> <div class="top-link"><a href="#">Top of page</a></div><h2 id="director"><span id="tony-carothers">Tony Carothers</span></h2><div class="bio"><img src="/images/design/custom/headshots/tony-carothers.jpg" alt="Carothers, Tony" class="headshot"><h3 class='title'>Recent Diaries:</h3> <ul> <li><a href="/forums/diary/Zero+Trust+and+Entra+ID+Conditional+Access/31602/">Zero Trust and Entra ID Conditional Access</a> </li> <li><a href="/forums/diary/Cisco+Security+Advisory+Default+Credentials/20795/">Cisco Security Advisory: Default Credentials </a> </li> <li><a href="/forums/diary/Exploit+o+the+day+DROWN/20789/">Exploit o' the day: DROWN</a> </li> <li><a href="/forums/diary/Disaster+Recovery+Starts+with+a+Plan/20325/">Disaster Recovery Starts with a Plan</a> </li> <li><a href="/forums/diary/GnuPG+GPG+219+release+announced/20235/">GnuPG (GPG) 2.1.9 release announced</a> </li> </ul><a href="/handler_list.html?author=649745&fname=Tony&lname=Carothers">View all diaries by this handler</a> </div> <div class="top-link"><a href="#">Top of page</a></div><h2 id="director"><span id="jim-clausing">Jim Clausing</span></h2><div class="bio"><img src="/images/design/custom/headshots/jim-clausing.jpg" alt="Clausing, Jim" class="headshot"> <table style="width:300px;"> <tr> <th style="text-align:left">Twitter:</th> <td><a target="_blank" href="http://www.twitter.com/jclausing">@jclausing</a></td></tr> </table> <table style="width:300px;"> <tr> <th style="text-align:left">Mastodon:</th> <td><a target="_blank" rel="me" href="https://infosec.exchange/@clausing">@clausing@infosec.exchange</a> </td> </table> <h3 class='title'>Recent Diaries:</h3> <ul> <li><a href="/forums/diary/Tool+update+macrobberpy/31738/">Tool update: mac-robber.py</a> </li> <li><a href="/forums/diary/Unfurl+v202502+released/31716/">Unfurl v2025.02 released</a> </li> <li><a href="/forums/diary/Tool+update+sigspy+added+check+mode/31706/">Tool update: sigs.py - added check mode</a> </li> <li><a href="/forums/diary/New+tool+immutablepy/31598/">New tool: immutable.py</a> </li> <li><a href="/forums/diary/Security+related+Docker+containers/31318/">Security related Docker containers</a> </li> </ul><a href="/handler_list.html?author=660187&fname=Jim&lname=Clausing">View all diaries by this handler</a> </div> <br/> <div><h3 class='title'>Upcoming Courses:</h3><p><strong>SANS Security West 2025, San Diego<br/></strong>May 05, 2025 - May 10, 2025<br/><a href='https://www.sans.org/event/sans-security-west-2025/course/linux-threat-hunting-incident-response'>LINUX Incident Response and Threat Hunting</a></p><p><strong>SANS Baltimore Spring 2025 - Live Online, Online | US Eastern<br/></strong>June 02, 2025 - June 07, 2025<br/><a href='https://www.sans.org/event/baltimore-spring-2025/course/reverse-engineering-malware-malware-analysis-tools-techniques'>Reverse-Engineering Malware: Malware Analysis Tools and Techniques</a></p><p><strong>SANS Cyber Defence Japan 2025 - Live Online, Online | Japan Standard Time<br/></strong>June 23, 2025 - June 28, 2025<br/><a href='https://www.sans.org/event/cyber-defence-japan-2025/course/reverse-engineering-malware-malware-analysis-tools-techniques'>Reverse-Engineering Malware: Malware Analysis Tools and Techniques</a></p><a href='https://www.sans.org/instructors/jim-clausing'>Instructor Page</a> </div> <div class="top-link"><a href="#">Top of page</a></div><h2 id="director"><span id="scott-fendley">Scott Fendley</span></h2><div class="bio"><img src="/images/design/custom/headshots/scott-fendley.jpg" alt="Fendley, Scott" class="headshot"> <table style="width:300px;"> <tr> <th style="text-align:left">Twitter:</th> <td><a target="_blank" href="http://www.twitter.com/itsecuritygeek">@itsecuritygeek</a></td></tr> </table> <h3 class='title'>Recent Diaries:</h3> <ul> <li><a href="/forums/diary/July+2023+Microsoft+Patch+Update/30018/">July 2023 Microsoft Patch Update</a> </li> <li><a href="/forums/diary/Warranty+Repairs+and+NonRemovable+Storage+Risks/27938/">Warranty Repairs and Non-Removable Storage Risks</a> </li> <li><a href="/forums/diary/Apple+May+2021+Security+Updates/27452/">Apple May 2021 Security Updates</a> </li> <li><a href="/forums/diary/Critical+Vuln+in+vCenter+vmdir+CVE20203952/26006/">Critical Vuln in vCenter vmdir (CVE-2020-3952)</a> </li> <li><a href="/forums/diary/Oracle+Critical+Patch+Update+Release/23886/">Oracle Critical Patch Update Release</a> </li> </ul><a href="/handler_list.html?author=140847&fname=Scott&lname=Fendley">View all diaries by this handler</a> </div> <div class="top-link"><a href="#">Top of page</a></div><h2 id="director"><span id="jan-kopriva">Jan Kopriva</span></h2><div class="bio"><img src="/images/design/custom/headshots/jan-kopriva.jpg" alt="Kopriva, Jan" class="headshot"> <table style="width:300px;"> <tr> <th style="text-align:left">Twitter:</th> <td><a target="_blank" href="http://www.twitter.com/@jk0pr">@jk0pr</a></td></tr> </table> <table style="width:300px;"> <tr> <th style="text-align:left">Mastodon:</th> <td><a target="_blank" rel="me" href="https://infosec.exchange/@jkopriva">@jkopriva@infosec.exchange</a> </td> </table> <h3 class='title'>Recent Diaries:</h3> <ul> <li><a href="/forums/diary/A+Tale+of+Two+Phishing+Sites/31810/">A Tale of Two Phishing Sites</a> </li> <li><a href="/forums/diary/SSL+20+turns+30+this+Sunday+Perhaps+the+time+has+come+to+let+it+die/31664/">SSL 2.0 turns 30 this Sunday... Perhaps the time has come to let it die?</a> </li> <li><a href="/forums/diary/An+unusual+shy+zwasp+phishing/31626/">An unusual "shy z-wasp" phishing</a> </li> <li><a href="/forums/diary/Changes+in+SSL+and+TLS+support+in+2024/31550/">Changes in SSL and TLS support in 2024</a> </li> <li><a href="/forums/diary/The+strange+case+of+disappearing+Russian+servers/31476/">The strange case of disappearing Russian servers</a> </li> </ul><a href="/handler_list.html?author=1016653899&fname=Jan&lname=Kopriva">View all diaries by this handler</a> </div> <div class="top-link"><a href="#">Top of page</a></div><h2 id="director"><span id="jesse-lagrew">Jesse La Grew</span></h2><div class="bio"><img src="/images/design/custom/headshots/jesse-lagrew.jpg" alt="La Grew, Jesse" class="headshot"> <p>Jesse La Grew has been an IT professional within higher education for over 20 years. He holds a variety of GIAC certifications including the GDSA, GCCC, GCFA, GCFE, GCIA, GPYC, GSOC, GCIH, GSEC, GISF, GCTI, GCPM and GSTRT and is also a CISSP. He recently received his Bachelor's Degree at SANS Technology Institute and is progressing through his Master's program at the same institution. Jesse's background in IT started in a desktop support role. This transitioned into a cyber security focus when becoming involved in building and supporting environments meeting PCI and FISMA compliance standards. He currently works as Chief Information Security Officer at Madison College.</p> <table style="width:300px;"> <tr> <th style="text-align:left">Twitter:</th> <td><a target="_blank" href="http://www.twitter.com/@stealthcrane">@stealthcrane</a></td></tr> </table> <table style="width:300px;"> <tr> <th style="text-align:left">Mastodon:</th> <td><a target="_blank" rel="me" href="https://infosec.exchange/@stealthcrane">@stealthcrane@infosec.exchange</a> </td> </table> <h3 class='title'>Recent Diaries:</h3> <ul> <li><a href="/forums/diary/Guest+Diary+Leveraging+CNNs+and+EntropyBased+Feature+Selection+to+Identify+Potential+Malware+Artifacts+of+Interest/31790/">[Guest Diary] Leveraging CNNs and Entropy-Based Feature Selection to Identify Potential Malware Artifacts of Interest</a> </li> <li><a href="/forums/diary/Guest+Diary+Malware+Source+Servers+The+Threat+of+Attackers+Using+Ephemeral+Ports+as+Service+Ports+to+Upload+Data/31710/">[Guest Diary] Malware Source Servers: The Threat of Attackers Using Ephemeral Ports as Service Ports to Upload Data</a> </li> <li><a href="/forums/diary/Guest+Diary+How+Access+Brokers+Maintain+Persistence/31600/">[Guest Diary] How Access Brokers Maintain Persistence</a> </li> <li><a href="/forums/diary/Extracting+Practical+Observations+from+Impractical+Datasets/31582/">Extracting Practical Observations from Impractical Datasets</a> </li> <li><a href="/forums/diary/Capturing+Honeypot+Data+Beyond+the+Logs/31546/">Capturing Honeypot Data Beyond the Logs</a> </li> </ul><a href="/handler_list.html?author=3000041606&fname=Jesse&lname=La Grew">View all diaries by this handler</a> </div> <div class="top-link"><a href="#">Top of page</a></div><h2 id="director"><span id="renato-marinho">Renato Marinho</span></h2><div class="bio"><img src="/images/design/custom/headshots/renato-marinho.jpg" alt="Marinho, Renato" class="headshot"> <p>Renato Marinho is Chief Research Officer at Morphus Labs. His journey in the area began in 2001, when he created Nettion, one of the first firewalls to use the contemporary UTM (Unified Threat Management) concept. Experienced in cyber security, Marinho was internationally recognized in 2016 by his research that unveiled Mamba, the first full disk encryption ransomware. At Morphus Labs, he oversees research, innovation and development of new products. Master and PhD candidate in Applied Informatics, he is also professor at University of Fortaleza teaching Computer Forensics in the post-graduate course. He is also a speaker having presented at Ignite Cybersecurity Conference, BSides Delaware, BSides Vienna, WSKS Portugal and Brazilian CSIRTs Forum. </p> <table style="width:300px;"> <tr> <th style="text-align:left">Twitter:</th> <td><a target="_blank" href="http://www.twitter.com/renato_marinho">@renato_marinho</a></td></tr> </table> <table style="width:300px;"> <tr> <th style="text-align:left">Mastodon:</th> <td><a target="_blank" rel="me" href="https://infosec.exchange/@renatomarinho">@renatomarinho@infosec.exchange</a> </td> </table> <h3 class='title'>Recent Diaries:</h3> <ul> <li><a href="/forums/diary/Microsoft+February+2025+Patch+Tuesday/31674/">Microsoft February 2025 Patch Tuesday</a> </li> <li><a href="/forums/diary/Microsoft+January+2025+Patch+Tuesday/31590/">Microsoft January 2025 Patch Tuesday</a> </li> <li><a href="/forums/diary/Microsoft+November+2024+Patch+Tuesday/31438/">Microsoft November 2024 Patch Tuesday</a> </li> <li><a href="/forums/diary/Microsoft+August+2024+Patch+Tuesday/31164/">Microsoft August 2024 Patch Tuesday</a> </li> <li><a href="/forums/diary/Microsoft+May+2024+Patch+Tuesday/30920/">Microsoft May 2024 Patch Tuesday</a> </li> </ul><a href="/handler_list.html?author=106896&fname=Renato&lname=Marinho">View all diaries by this handler</a> </div> <div class="top-link"><a href="#">Top of page</a></div><h2 id="director"><span id="russ-mcree">Russ McRee</span></h2><div class="bio"><img src="/images/design/custom/headshots/russ-mcree.jpg" alt="McRee, Russ" class="headshot"> <table style="width:300px;"> <tr> <th style="text-align:left">Twitter:</th> <td><a target="_blank" href="http://www.twitter.com/@holisticinfosec">@holisticinfosec</a></td></tr> </table> <p>Click to  <a href="/tools/handler_created#russmcree">View Handler Created Tools</a></p><h3 class='title'>Recent Diaries:</h3> <ul> <li><a href="/forums/diary/ModelScan+Protection+Against+Model+Serialization+Attacks/31692/">ModelScan - Protection Against Model Serialization Attacks</a> </li> <li><a href="/forums/diary/Sandfly+Security/29998/">Sandfly Security</a> </li> <li><a href="/forums/diary/Exploratory+Data+Analysis+with+CISSM+Cyber+Attacks+Database+Part+2/29828/">Exploratory Data Analysis with CISSM Cyber Attacks Database - Part 2</a> </li> <li><a href="/forums/diary/Exploratory+Data+Analysis+with+CISSM+Cyber+Attacks+Database+Part+1/29816/">Exploratory Data Analysis with CISSM Cyber Attacks Database - Part 1</a> </li> <li><a href="/forums/diary/Prowler+v3+AWS+Azure+security+assessments/29430/">Prowler v3: AWS & Azure security assessments</a> </li> </ul><a href="/handler_list.html?author=948565198&fname=Russ&lname=McRee">View all diaries by this handler</a> </div> <div class="top-link"><a href="#">Top of page</a></div><h2 id="director"><span id="xavier-mertens">Xavier Mertens</span></h2><div class="bio"><img src="/images/design/custom/headshots/xavier-mertens.jpg" alt="Mertens, Xavier" class="headshot"> <p>Xavier Mertens is a freelance security consultant based in Belgium. Xavier's own company (https://xameco.be) offers services like incident handling, forensic, SOC activities, and pentesting. He holds GCIA, GFCE, GCFA, GXPN, GREM, GDAT, GNFA, GCTI, GPYC SANS certifications but also CISSP, and CISA. Xavier is a SANS Certified Instructor (FOR610 - Malware Analysis and Reverse Engineering). His blog about security is https://blog.rootshell.be and he is co-organizer of the BruCON security conference (http://www.brucon.org).</p> <table style="width:300px;"> <tr> <th style="text-align:left">Twitter:</th> <td><a target="_blank" href="http://www.twitter.com/xme">@xme</a></td></tr> </table> <table style="width:300px;"> <tr> <th style="text-align:left">Mastodon:</th> <td><a target="_blank" rel="me" href="https://infosec.exchange/@xme">@xme@infosec.exchange</a> </td> </table> <h3 class='title'>Recent Diaries:</h3> <ul> <li><a href="/forums/diary/Python+Bot+Delivered+Through+DLL+SideLoading/31778/">Python Bot Delivered Through DLL Side-Loading</a> </li> <li><a href="/forums/diary/Shellcode+Encoded+in+UUIDs/31752/">Shellcode Encoded in UUIDs</a> </li> <li><a href="/forums/diary/Njrat+Campaign+Using+Microsoft+Dev+Tunnels/31724/">Njrat Campaign Using Microsoft Dev Tunnels</a> </li> <li><a href="/forums/diary/XWorm+Cocktail+A+Mix+of+PE+data+with+PowerShell+Code/31700/">XWorm Cocktail: A Mix of PE data with PowerShell Code</a> </li> <li><a href="/forums/diary/The+Danger+of+IP+Volatility/31688/">The Danger of IP Volatility</a> </li> </ul><a href="/handler_list.html?author=1016628506&fname=Xavier&lname=Mertens">View all diaries by this handler</a> </div> <br/> <div><h3 class='title'>Upcoming Courses:</h3><p><strong>SANS Cloud Singapore June 2025, Singapore<br/></strong>June 30, 2025 - July 05, 2025<br/><a href='https://www.sans.org/event/cloud-singapore-june-2025/course/reverse-engineering-malware-malware-analysis-tools-techniques'>Reverse-Engineering Malware: Malware Analysis Tools and Techniques</a></p><p><strong>SANS Riyadh July 2025, Riyadh<br/></strong>July 12, 2025 - July 17, 2025<br/><a href='https://www.sans.org/event/riyadh-july-2025/course/reverse-engineering-malware-malware-analysis-tools-techniques'>Reverse-Engineering Malware: Malware Analysis Tools and Techniques</a></p><p><strong>SANS Live Online Europe July 2025, Online | British Summer Time<br/></strong>July 28, 2025 - August 01, 2025<br/><a href='https://www.sans.org/event/live-online-europe-july-2025/course/reverse-engineering-malware-advanced-code-analysis'>Reverse-Engineering Malware: Advanced Code Analysis</a></p><a href=''>Instructor Page</a> </div> <div class="top-link"><a href="#">Top of page</a></div><h2 id="director"><span id="richard-porter">Richard Porter</span></h2><div class="bio"><img src="/images/design/custom/headshots/richard-porter.jpg" alt="Porter, Richard" class="headshot"> <table style="width:300px;"> <tr> <th style="text-align:left">Twitter:</th> <td><a target="_blank" href="http://www.twitter.com/packetalien">@packetalien</a></td></tr> </table> <p>Click to  <a href="/tools/handler_created#richardporter">View Handler Created Tools</a></p><h3 class='title'>Recent Diaries:</h3> <ul> <li><a href="/forums/diary/To+Simulate+or+Replicate+Crafting+Cyber+Ranges/31642/">To Simulate or Replicate: Crafting Cyber Ranges</a> </li> <li><a href="/forums/diary/A+Case+for+Lockdown+and+Isolation+and+not+the+Covid+kind/27336/">A Case for Lockdown and Isolation (and not the Covid kind)</a> </li> <li><a href="/forums/diary/Microsoft+April+2021+Patch+Tuesday/27306/">Microsoft April 2021 Patch Tuesday</a> </li> <li><a href="/forums/diary/Building+a+freq+file+with+Public+Domain+Data+Sources/26412/">Building a .freq file with Public Domain Data Sources</a> </li> <li><a href="/forums/diary/What+is+THAT+Address+Doing+on+my+Network/25028/">What is "THAT" Address Doing on my Network</a> </li> </ul><a href="/handler_list.html?author=948558718&fname=Richard&lname=Porter">View all diaries by this handler</a> </div> <div class="top-link"><a href="#">Top of page</a></div><h2 id="director"><span id="manuelhumberto-santanderpelaez">Manuel Humberto Santander Pelaez</span></h2><div class="bio"><img src="/images/design/custom/headshots/manuelhumberto-santanderpelaez.jpg" alt="Santander Pelaez, Manuel Humberto" class="headshot"> <p>Mr. Santander PelÃ¡ez currently serves as the CTO of Transportadora de Gas Internacional in BogotÃ¡, Colombia. His areas of interest are Intrusion Detection, Computer Forensics, Incident Response, SCADA Security, cyber defense, threat intelligence and threat hunting.</p> <table style="width:300px;"> <tr> <th style="text-align:left">Twitter:</th> <td><a target="_blank" href="http://www.twitter.com/manuelsantander">@manuelsantander</a></td></tr> </table> <table style="width:300px;"> <tr> <th style="text-align:left">Mastodon:</th> <td><a target="_blank" rel="me" href="https://infosec.exchange/@manuelsantander">@manuelsantander@infosec.exchange</a> </td> </table> <h3 class='title'>Recent Diaries:</h3> <ul> <li><a href="/forums/diary/Noticing+command+and+control+channels+by+reviewing+DNS+protocols/30396/">Noticing command and control channels by reviewing DNS protocols</a> </li> <li><a href="/forums/diary/Controlling+network+access+to+ICS+systems/30000/">Controlling network access to ICS systems</a> </li> <li><a href="/forums/diary/Management+of+DMARC+control+for+email+impersonation+of+domains+in+the+co+TLD+part+2/29922/">Management of DMARC control for email impersonation of domains in the .co TLD - part 2</a> </li> <li><a href="/forums/diary/Management+of+DMARC+control+for+email+impersonation+of+domains+in+the+co+TLD+part+1/29768/">Management of DMARC control for email impersonation of domains in the .co TLD - part 1</a> </li> <li><a href="/forums/diary/Security+headers+you+should+add+into+your+application+to+increase+cyber+risk+protection/29720/">Security headers you should add into your application to increase cyber risk protection</a> </li> </ul><a href="/handler_list.html?author=948538438&fname=Manuel Humberto&lname=Santander Pelaez">View all diaries by this handler</a> </div> <div class="top-link"><a href="#">Top of page</a></div><h2 id="director"><span id="didier-stevens">Didier Stevens</span></h2><div class="bio"><img src="/images/design/custom/headshots/didier-stevens.jpg" alt="Stevens, Didier" class="headshot"> <p>Didier Stevens (Microsoft MVP Consumer Security) holds many certifications from SANS, Microsoft, Cisco, ... He is a Senior Analyst (NVISO https://www.nviso.be). Didier started his own company in 2012 to provide IT security training services (http://DidierStevensLabs.com). You can find his open source security tools on his IT security related blog at https://blog.DidierStevens.com.</p> <table style="width:300px;"> <tr> <th style="text-align:left">Twitter:</th> <td><a target="_blank" href="http://www.twitter.com/DidierStevens">@DidierStevens</a></td></tr> </table> <h3 class='title'>Recent Diaries:</h3> <ul> <li><a href="/forums/diary/Static+Analysis+of+GUID+Encoded+Shellcode/31774/">Static Analysis of GUID Encoded Shellcode</a> </li> <li><a href="/forums/diary/Mark+of+the+Web+Some+Technical+Details/31732/">Mark of the Web: Some Technical Details</a> </li> <li><a href="/forums/diary/Wireshark+445+Released/31728/">Wireshark 4.4.5 Released</a> </li> <li><a href="/forums/diary/Wireshark+444+Released/31712/">Wireshark 4.4.4 Released</a> </li> <li><a href="/forums/diary/Reminder+7Zip+MoW/31668/">Reminder: 7-Zip & MoW</a> </li> </ul><a href="/handler_list.html?author=948538900&fname=Didier&lname=Stevens">View all diaries by this handler</a> </div> <div class="top-link"><a href="#">Top of page</a></div><h2 id="director"><span id="yeeching-tok">Yee Ching Tok</span></h2><div class="bio"><img src="/images/design/custom/headshots/yeeching-tok.jpg" alt="Tok, Yee Ching" class="headshot"> <p>Dr. Tok is currently a Senior Consultant at JT Consultancy & Management Pte. Ltd. and a Research Fellow at ASSET (Automated Systems SEcuriTy) Research Group in Singapore University of Technology and Design (SUTD) under the Information Systems Technology and Design (ISTD) Pillar. He was a recipient of the SG Digital (Postgraduate) Scholarship program from Infocomm Media Development Authority (IMDA), and won the Cybersecurity Awards in 2019 under the Professional category for his contributions to the Singapore information security industry. Yee Ching is a SANS Lethal Forensicator and also serves as a Co-Opted Committee Member in the Association of Information Security Professionals (AiSP). For more information, please visit https://poppopretn.com/aboutme/.</p> <table style="width:300px;"> <tr> <th style="text-align:left">Twitter:</th> <td><a target="_blank" href="http://www.twitter.com/poppopretn">@poppopretn</a></td></tr> </table> <table style="width:300px;"> <tr> <th style="text-align:left">Mastodon:</th> <td><a target="_blank" rel="me" href="https://infosec.exchange/@poppopretn">@poppopretn@infosec.exchange</a> </td> </table> <h3 class='title'>Recent Diaries:</h3> <ul> <li><a href="/forums/diary/An+ontology+for+threats+cybercrime+and+digital+forensic+investigation+on+Smart+City+Infrastructure/31676/">An ontology for threats, cybercrime and digital forensic investigation on Smart City Infrastructure</a> </li> <li><a href="/forums/diary/The+Curious+Case+of+a+12YearOld+Netgear+Router+Vulnerability/31592/">The Curious Case of a 12-Year-Old Netgear Router Vulnerability</a> </li> <li><a href="/forums/diary/PacketCrypt+Classic+Cryptocurrency+Miner+on+PHP+Servers/31564/">PacketCrypt Classic Cryptocurrency Miner on PHP Servers</a> </li> <li><a href="/forums/diary/Rolling+Back+Packages+on+UbuntuDebian/30842/">Rolling Back Packages on Ubuntu/Debian</a> </li> <li><a href="/forums/diary/Evolution+of+Artificial+Intelligence+Systems+and+Ensuring+Trustworthiness/30828/">Evolution of Artificial Intelligence Systems and Ensuring Trustworthiness</a> </li> </ul><a href="/handler_list.html?author=3000021158&fname=Yee Ching&lname=Tok">View all diaries by this handler</a> </div> <div class="top-link"><a href="#">Top of page</a></div><h2 id="director"><span id="johannes-ullrich">Johannes Ullrich</span></h2><div class="bio"><img src="/images/design/custom/headshots/johannes-ullrich.jpg" alt="Ullrich, Johannes" class="headshot"> <p>Dr. Johannes Ullrich is the Dean of Research and a faculty member of the SANS Technology Institute. In November of 2000, Johannes started the DShield.org project, which he later integrated into the Internet Storm Center. His work with the Internet Storm Center has been widely recognized. In 2004, Network World named him one of the 50 most powerful people in the networking industry. Secure Computing Magazine named him in 2005 one of the Top 5 influential IT security thinkers. His research interests include IPv6, Network Traffic Analysis and Secure Software Development. Johannes is regularly invited to speak at conferences and has been interviewed by major publications, radio as well as TV stations. He is a member of the SANS Technology Institute's Faculty and Administration as well as Curriculum and Long Range Planning Committee. As chief research officer for the SANS Institute, Johannes is currently responsible for the GIAC Gold program. Prior to working for SANS, Johannes worked as a lead support engineer for a Web development company and as a research physicist. Johannes holds a PhD in Physics from SUNY Albany and is located in Jacksonville, Florida. More Details: http://www.linkedin.com/in/johannesullrich</p> <table style="width:300px;"> <tr> <th style="text-align:left">Twitter:</th> <td><a target="_blank" href="http://www.twitter.com/johullrich">@johullrich</a></td></tr> </table> <table style="width:300px;"> <tr> <th style="text-align:left">Mastodon:</th> <td><a target="_blank" rel="me" href="https://infosec.exchange/@jullrich">@jullrich@infosec.exchange</a> </td> </table> <h3 class='title'>Recent Diaries:</h3> <ul> <li><a href="/forums/diary/Apple+Patches+Everything+March+31st+2025+Edition/31816/">Apple Patches Everything: March 31st 2025 Edition</a> </li> <li><a href="/forums/diary/Apache+Camel+Exploit+Attempt+by+Vulnerability+Scan+CVE202527636+CVE202529891/31814/">Apache Camel Exploit Attempt by Vulnerability Scan (CVE-2025-27636, CVE-2025-29891)</a> </li> <li><a href="/forums/diary/Sitecore+thumbnailsaccesstoken+Deserialization+Scans+and+some+new+reports+CVE202527218/31806/">Sitecore "thumbnailsaccesstoken" Deserialization Scans (and some new reports) CVE-2025-27218</a> </li> <li><a href="/forums/diary/XWiki+Search+Vulnerability+exploit+attempts+CVE20243721/31800/">X-Wiki Search Vulnerability exploit attempts (CVE-2024-3721)</a> </li> <li><a href="/forums/diary/Privacy+Aware+Bots/31796/">Privacy Aware Bots</a> </li> </ul><a href="/handler_list.html?author=642063&fname=Johannes&lname=Ullrich">View all diaries by this handler</a> </div> <br/> <div><h3 class='title'>Upcoming Courses:</h3><p><strong>SANS 2025, Orlando<br/></strong>April 13, 2025 - April 18, 2025<br/><a href='https://www.sans.org/event/sans-2025/course/application-security-securing-web-apps-api-microservices'>Application Security: Securing Web Apps, APIs, and Microservices</a></p><p><strong>SANS Security West 2025, San Diego<br/></strong>May 05, 2025 - May 10, 2025<br/><a href='https://www.sans.org/event/sans-security-west-2025/course/application-security-securing-web-apps-api-microservices'>Application Security: Securing Web Apps, APIs, and Microservices</a></p><p><strong>SANS Baltimore Spring 2025, Baltimore<br/></strong>June 02, 2025 - June 07, 2025<br/><a href='https://www.sans.org/event/baltimore-spring-2025/course/network-monitoring-threat-detection'>Network Monitoring and Threat Detection In-Depth</a></p><a href='https://www.sans.org/instructors/dr-johannes-ullrich'>Instructor Page</a> </div> <div class="top-link"><a href="#">Top of page</a></div><h2 id="director"><span id="rob-vandenbrink">Rob VandenBrink</span></h2><div class="bio"><img src="/images/design/custom/headshots/rob-vandenbrink.jpg" alt="VandenBrink, Rob" class="headshot"> <table style="width:300px;"> <tr> <th style="text-align:left">Twitter:</th> <td><a target="_blank" href="http://www.twitter.com/@rvandenbrink">@rvandenbrink</a></td></tr> </table> <p>Click to  <a href="/tools/handler_created#robvandenbrink">View Handler Created Tools</a></p><h3 class='title'>Recent Diaries:</h3> <ul> <li><a href="/forums/diary/NMAP+Scanning+without+Scanning+Part+2+The+ipinfo+API/30948/">NMAP Scanning without Scanning (Part 2) - The ipinfo API</a> </li> <li><a href="/forums/diary/Scanning+without+Scanning+with+NMAP+APIs+FTW/30944/">Scanning without Scanning with NMAP (APIs FTW)</a> </li> <li><a href="/forums/diary/Why+yq+Adventures+in+XML/30930/">Why yq? Adventures in XML</a> </li> <li><a href="/forums/diary/Got+MFA+If+not+Now+is+the+Time/30926/">Got MFA? If not, Now is the Time!</a> </li> <li><a href="/forums/diary/API+Rug+Pull+The+NIST+NVD+Database+and+API+Part+4+of+3/30868/">API Rug Pull - The NIST NVD Database and API (Part 4 of 3)</a> </li> </ul><a href="/handler_list.html?author=948537238&fname=Rob&lname=VandenBrink">View all diaries by this handler</a> </div> <div class="top-link"><a href="#">Top of page</a></div><h2 id="director"><span id="tom-webb">Tom Webb</span></h2><div class="bio"><img src="/images/design/custom/headshots/tom-webb.jpg" alt="Webb, Tom" class="headshot"> <table style="width:300px;"> <tr> <th style="text-align:left">Twitter:</th> <td><a target="_blank" href="http://www.twitter.com/twsecblog">@twsecblog</a></td></tr> </table> <table style="width:300px;"> <tr> <th style="text-align:left">Mastodon:</th> <td><a target="_blank" rel="me" href="https://infosec.exchange/@tom_webb">@tom_webb@infosec.exchange</a> </td> </table> <h3 class='title'>Recent Diaries:</h3> <ul> <li><a href="/forums/diary/Windows+Defender+Chrome+Extension+Detection/31574/">Windows Defender Chrome Extension Detection</a> </li> <li><a href="/forums/diary/PiHole+Pi4+Docker+Deployment/30516/">Pi-Hole Pi4 Docker Deployment</a> </li> <li><a href="/forums/diary/Are+Local+LLMs+Useful+in+Incident+Response/30274/">Are Local LLMs Useful in Incident Response?</a> </li> <li><a href="/forums/diary/Zeek+and+Defender+Endpoint/30088/">Zeek and Defender Endpoint</a> </li> <li><a href="/forums/diary/IR+CaseAlert+Management/29880/">IR Case/Alert Management</a> </li> </ul><a href="/handler_list.html?author=1016602142&fname=Tom&lname=Webb">View all diaries by this handler</a> </div> <div class="top-link"><a href="#">Top of page</a></div><h2 id="director"><span id="bojan-zdrnja">Bojan Zdrnja</span></h2><div class="bio"><img src="/images/design/custom/headshots/bojan-zdrnja.jpg" alt="Zdrnja, Bojan" class="headshot"> <table style="width:300px;"> <tr> <th style="text-align:left">Twitter:</th> <td><a target="_blank" href="http://www.twitter.com/bojanz">@bojanz</a></td></tr> </table> <table style="width:300px;"> <tr> <th style="text-align:left">Mastodon:</th> <td><a target="_blank" rel="me" href="https://infosec.exchange/@bojanz">@bojanz@infosec.exchange</a> </td> </table> <p>Click to  <a href="/tools/handler_created#bojanzdrnja">View Handler Created Tools</a></p><h3 class='title'>Recent Diaries:</h3> <ul> <li><a href="/forums/diary/Credential+Guard+and+Kerberos+delegation/31488/">Credential Guard and Kerberos delegation</a> </li> <li><a href="/forums/diary/The+amazingly+scary+xz+sshd+backdoor/30802/">The amazingly scary xz sshd backdoor</a> </li> <li><a href="/forums/diary/Scanning+and+abusing+the+QUIC+protocol/30720/">Scanning and abusing the QUIC protocol</a> </li> <li><a href="/forums/diary/Survival+time+for+web+sites/30170/">Survival time for web sites</a> </li> <li><a href="/forums/diary/Some+things+never+change+such+as+SQL+Authentication+encryption/30112/">Some things never change ? such as SQL Authentication ?encryption?</a> </li> </ul><a href="/handler_list.html?author=763821&fname=Bojan&lname=Zdrnja">View all diaries by this handler</a> </div> <br/> <div><h3 class='title'>Upcoming Courses:</h3><p><strong>SANS 2025, Orlando<br/></strong>April 13, 2025 - April 18, 2025<br/><a href='https://www.sans.org/event/sans-2025/course/web-app-penetration-testing-ethical-hacking'>Web App Penetration Testing and Ethical Hacking</a></p><p><strong>SANS Offensive Operations East 2025, Baltimore<br/></strong>June 09, 2025 - June 14, 2025<br/><a href='https://www.sans.org/event/offensive-operations-east-2025/course/web-app-penetration-testing-ethical-hacking'>Web App Penetration Testing and Ethical Hacking</a></p><p><strong>SANSFIRE 2025, Washington<br/></strong>July 14, 2025 - July 19, 2025<br/><a href='https://www.sans.org/event/sansfire-2025/course/web-app-penetration-testing-ethical-hacking'>Web App Penetration Testing and Ethical Hacking</a></p><a href='https://www.sans.org/instructors/bojan-zdrnja'>Instructor Page</a> </div> <div class="top-link"><a href="#">Top of page</a></div> </div> </div> </div> </div> </div> </div> <span id="isc-menu" class="isc-menu" tabindex="0" aria-label="Open the menu"> <span class="bar" aria-hidden="true"></span> <span class="bar" aria-hidden="true"></span> <span class="bar" aria-hidden="true"></span> </span> <div id="navigation" class="isc-nav"> <ul> <li> <a href="/index.html"> <svg style="width:20px;height:20px" viewBox="0 0 24 24"> <path fill="currentColor" d="M10,20V14H14V20H19V12H22L12,3L2,12H5V20H10Z" /> </svg> Homepage </a> </li> <li> <a href="/diaryarchive.html"> <svg style="width:20px;height:20px" viewBox="0 0 24 24"> <path fill="currentColor" d="M17.5 14.33C18.29 14.33 19.13 14.41 20 14.57V16.07C19.38 15.91 18.54 15.83 17.5 15.83C15.6 15.83 14.11 16.16 13 16.82V15.13C14.17 14.6 15.67 14.33 17.5 14.33M13 12.46C14.29 11.93 15.79 11.67 17.5 11.67C18.29 11.67 19.13 11.74 20 11.9V13.4C19.38 13.24 18.54 13.16 17.5 13.16C15.6 13.16 14.11 13.5 13 14.15M17.5 10.5C15.6 10.5 14.11 10.82 13 11.5V9.84C14.23 9.28 15.73 9 17.5 9C18.29 9 19.13 9.08 20 9.23V10.78C19.26 10.59 18.41 10.5 17.5 10.5M21 18.5V7C19.96 6.67 18.79 6.5 17.5 6.5C15.45 6.5 13.62 7 12 8V19.5C13.62 18.5 15.45 18 17.5 18C18.69 18 19.86 18.16 21 18.5M17.5 4.5C19.85 4.5 21.69 5 23 6V20.56C23 20.68 22.95 20.8 22.84 20.91C22.73 21 22.61 21.08 22.5 21.08C22.39 21.08 22.31 21.06 22.25 21.03C20.97 20.34 19.38 20 17.5 20C15.45 20 13.62 20.5 12 21.5C10.66 20.5 8.83 20 6.5 20C4.84 20 3.25 20.36 1.75 21.07C1.72 21.08 1.68 21.08 1.63 21.1C1.59 21.11 1.55 21.12 1.5 21.12C1.39 21.12 1.27 21.08 1.16 21C1.05 20.89 1 20.78 1 20.65V6C2.34 5 4.18 4.5 6.5 4.5C8.83 4.5 10.66 5 12 6C13.34 5 15.17 4.5 17.5 4.5Z" /> </svg> Diaries </a> </li> <li> <a href="/podcast.html"> <svg style="width:20px;height:20px" viewBox="0 0 24 24"> <path fill="currentColor" d="M17,18.25V21.5H7V18.25C7,16.87 9.24,15.75 12,15.75C14.76,15.75 17,16.87 17,18.25M12,5.5A6.5,6.5 0 0,1 18.5,12C18.5,13.25 18.15,14.42 17.54,15.41L16,14.04C16.32,13.43 16.5,12.73 16.5,12C16.5,9.5 14.5,7.5 12,7.5C9.5,7.5 7.5,9.5 7.5,12C7.5,12.73 7.68,13.43 8,14.04L6.46,15.41C5.85,14.42 5.5,13.25 5.5,12A6.5,6.5 0 0,1 12,5.5M12,1.5A10.5,10.5 0 0,1 22.5,12C22.5,14.28 21.77,16.39 20.54,18.11L19.04,16.76C19.96,15.4 20.5,13.76 20.5,12A8.5,8.5 0 0,0 12,3.5A8.5,8.5 0 0,0 3.5,12C3.5,13.76 4.04,15.4 4.96,16.76L3.46,18.11C2.23,16.39 1.5,14.28 1.5,12A10.5,10.5 0 0,1 12,1.5M12,9.5A2.5,2.5 0 0,1 14.5,12A2.5,2.5 0 0,1 12,14.5A2.5,2.5 0 0,1 9.5,12A2.5,2.5 0 0,1 12,9.5Z" /> </svg> Podcasts </a> </li> <li> <a href="/jobs"> <svg style="width:20px;height:20px" viewBox="0 0 24 24"> <path fill="currentColor" d="M15.5,12C18,12 20,14 20,16.5C20,17.38 19.75,18.21 19.31,18.9L22.39,22L21,23.39L17.88,20.32C17.19,20.75 16.37,21 15.5,21C13,21 11,19 11,16.5C11,14 13,12 15.5,12M15.5,14A2.5,2.5 0 0,0 13,16.5A2.5,2.5 0 0,0 15.5,19A2.5,2.5 0 0,0 18,16.5A2.5,2.5 0 0,0 15.5,14M10,4A4,4 0 0,1 14,8C14,8.91 13.69,9.75 13.18,10.43C12.32,10.75 11.55,11.26 10.91,11.9L10,12A4,4 0 0,1 6,8A4,4 0 0,1 10,4M2,20V18C2,15.88 5.31,14.14 9.5,14C9.18,14.78 9,15.62 9,16.5C9,17.79 9.38,19 10,20H2Z" /> </svg> Jobs </a> </li> <li> <a href="/data"> <svg style="width:20px;height:20px" viewBox="0 0 24 24"> <path fill="currentColor" d="M19 3H5C3.9 3 3 3.9 3 5V19C3 20.1 3.9 21 5 21H19C20.1 21 21 20.1 21 19V5C21 3.9 20.1 3 19 3M9 17H7V10H9V17M13 17H11V7H13V17M17 17H15V13H17V17Z" /> </svg> Data </a> <ul> <li><a href="/data/port.html">TCP/UDP Port Activity</a></li> <li><a href="/data/trends.html">Port Trends</a></li> <li><a href="/data/ssh.html">SSH/Telnet Scanning Activity</a></li> <li><a href="/weblogs">Weblogs</a></li> <li><a href="/data/threatfeed.html">Threat Feeds Activity</a></li> <li><a href="/data/threatmap.html">Threat Feeds Map</a></li> <li><a href="/data/links.html">Useful InfoSec Links</a></li> <li><a href="/data/presentation.html">Presentations & Papers</a></li> <li><a href="/data/researchpapers.html">Research Papers</a></li> <li><a href="/api">API</a></li> </ul> </li> <li> <a href="/tools/"> <svg style="width:20px;height:20px" viewBox="0 0 24 24"> <path fill="currentColor" d="M22.7,19L13.6,9.9C14.5,7.6 14,4.9 12.1,3C10.1,1 7.1,0.6 4.7,1.7L9,6L6,9L1.6,4.7C0.4,7.1 0.9,10.1 2.9,12.1C4.8,14 7.5,14.5 9.8,13.6L18.9,22.7C19.3,23.1 19.9,23.1 20.3,22.7L22.6,20.4C23.1,20 23.1,19.3 22.7,19Z" /> </svg> Tools </a> <ul> <li class="first"><a href="/howto.html">DShield Sensor</a></li> <li><a href="/tools/dnslookup">DNS Looking Glass</a></li> <li><a href="/tools/honeypot">Honeypot (RPi/AWS)</a></li> <li><a href="/tools/glossary">InfoSec Glossary</a></li> </ul> </li> <li class="active"> <a href="/contact.html"> <svg style="width:20px;height:20px" viewBox="0 0 24 24"> <path fill="currentColor" d="M15.07,11.25L14.17,12.17C13.45,12.89 13,13.5 13,15H11V14.5C11,13.39 11.45,12.39 12.17,11.67L13.41,10.41C13.78,10.05 14,9.55 14,9C14,7.89 13.1,7 12,7A2,2 0 0,0 10,9H8A4,4 0 0,1 12,5A4,4 0 0,1 16,9C16,9.88 15.64,10.67 15.07,11.25M13,19H11V17H13M12,2A10,10 0 0,0 2,12A10,10 0 0,0 12,22A10,10 0 0,0 22,12C22,6.47 17.5,2 12,2Z" /> </svg>Contact Us </a> <ul> <li class="first"><a href="/contact.html">Contact Us</a></li> <li><a href="/about.html">About Us</a></li> <li><a href="/handler_list.html">Handlers</a></li> </ul> <li> <a href="/about.html"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 30 30" width="20px" height="20px"><path fill="currentColor" d="M 15.001953 3.9921875 C 12.801953 3.9921875 11.001953 5.7821875 11.001953 7.9921875 C 11.001953 10.202188 12.801953 11.992188 15.001953 11.992188 C 17.211953 11.992188 19.011719 10.202187 19.011719 7.9921875 C 19.011719 5.7821875 17.211953 3.9921875 15.001953 3.9921875 z M 6.0019531 8.0039062 C 3.7919531 8.0039062 2.0019531 9.7939062 2.0019531 12.003906 C 2.0019531 14.213906 3.7919531 16.003906 6.0019531 16.003906 C 8.2119531 16.003906 10.001953 14.213906 10.001953 12.003906 C 10.001953 9.7939062 8.2119531 8.0039062 6.0019531 8.0039062 z M 6.0019531 16.003906 L 5.0019531 16.003906 C 2.7919531 16.003906 1.0019531 17.793906 1.0019531 20.003906 L 1.0019531 22.992188 C 1.0019531 23.542188 1.4519531 23.992188 2.0019531 23.992188 L 28.001953 23.992188 C 28.551953 23.992188 29.001953 23.542188 29.001953 22.992188 L 29.001953 20.003906 C 29.001953 17.793906 27.211953 16.003906 25.001953 16.003906 L 24.001953 16.003906 L 23.001953 16.003906 C 22.151953 16.003906 21.362891 16.272422 20.712891 16.732422 C 20.042891 15.142422 18.311719 13.992187 16.261719 13.992188 L 13.751953 13.992188 C 11.701953 13.992188 9.9727344 15.142187 9.3027344 16.742188 C 8.6527344 16.282187 7.8619531 16.003906 7.0019531 16.003906 L 6.0019531 16.003906 z M 24.001953 16.003906 C 26.211953 16.003906 28.001953 14.213906 28.001953 12.003906 C 28.001953 9.7939062 26.211953 8.0039062 24.001953 8.0039062 C 21.791953 8.0039062 20.001953 9.7939062 20.001953 12.003906 C 20.001953 14.213906 21.791953 16.003906 24.001953 16.003906 z M 6.0019531 10.003906 C 7.1019531 10.003906 8.0019531 10.903906 8.0019531 12.003906 C 8.0019531 13.103906 7.1019531 14.003906 6.0019531 14.003906 C 4.9019531 14.003906 4.0019531 13.103906 4.0019531 12.003906 C 4.0019531 10.903906 4.9019531 10.003906 6.0019531 10.003906 z M 24.001953 10.003906 C 25.101953 10.003906 26.001953 10.903906 26.001953 12.003906 C 26.001953 13.103906 25.101953 14.003906 24.001953 14.003906 C 22.901953 14.003906 22.001953 13.103906 22.001953 12.003906 C 22.001953 10.903906 22.901953 10.003906 24.001953 10.003906 z M 5.0019531 18.003906 L 7.0019531 18.003906 C 8.0819531 18.003906 9.0019531 18.923906 9.0019531 20.003906 L 9.0019531 21.992188 L 3.0019531 21.992188 L 3.0019531 20.003906 C 3.0019531 18.903906 3.9019531 18.003906 5.0019531 18.003906 z M 23.001953 18.003906 L 25.001953 18.003906 C 26.081953 18.003906 27.001953 18.923906 27.001953 20.003906 L 27.001953 21.992188 L 21.011719 21.992188 L 21.011719 19.902344 C 21.061719 18.852344 21.931953 18.003906 23.001953 18.003906 z"/></svg> About Us</a></li> </ul>   <div class="questions-sidebar"> <svg width="16" height="16" class="c-nav--footer__svgicon c-slackhash" viewBox="0 0 54 54" xmlns="http://www.w3.org/2000/svg"> <g fill="none" fill-rule="evenodd"> <path d="M19.712.133a5.381 5.381 0 0 0-5.376 5.387 5.381 5.381 0 0 0 5.376 5.386h5.376V5.52A5.381 5.381 0 0 0 19.712.133m0 14.365H5.376A5.381 5.381 0 0 0 0 19.884a5.381 5.381 0 0 0 5.376 5.387h14.336a5.381 5.381 0 0 0 5.376-5.387 5.381 5.381 0 0 0-5.376-5.386" fill="#435165"></path> <path d="M53.76 19.884a5.381 5.381 0 0 0-5.376-5.386 5.381 5.381 0 0 0-5.376 5.386v5.387h5.376a5.381 5.381 0 0 0 5.376-5.387m-14.336 0V5.52A5.381 5.381 0 0 0 34.048.133a5.381 5.381 0 0 0-5.376 5.387v14.364a5.381 5.381 0 0 0 5.376 5.387 5.381 5.381 0 0 0 5.376-5.387" fill="#435165"></path> <path d="M34.048 54a5.381 5.381 0 0 0 5.376-5.387 5.381 5.381 0 0 0-5.376-5.386h-5.376v5.386A5.381 5.381 0 0 0 34.048 54m0-14.365h14.336a5.381 5.381 0 0 0 5.376-5.386 5.381 5.381 0 0 0-5.376-5.387H34.048a5.381 5.381 0 0 0-5.376 5.387 5.381 5.381 0 0 0 5.376 5.386" fill="#435165"></path> <path d="M0 34.249a5.381 5.381 0 0 0 5.376 5.386 5.381 5.381 0 0 0 5.376-5.386v-5.387H5.376A5.381 5.381 0 0 0 0 34.25m14.336-.001v14.364A5.381 5.381 0 0 0 19.712 54a5.381 5.381 0 0 0 5.376-5.387V34.25a5.381 5.381 0 0 0-5.376-5.387 5.381 5.381 0 0 0-5.376 5.387" fill="#435165"></path> </g> </svg> <a rel="noopener" href="/slack/index.html">Slack Channel</a> </div>  <div class="questions-spacer"></div>  <div class="questions-sidebar"> <svg width="16" height="16" viewBox="0 0 54 74" fill="black" xmlns="http://www.w3.org/2000/svg" class="c-nav--footer__svgicon c-slackhash"> <path d="M73.7014 17.4323C72.5616 9.05152 65.1774 2.4469 56.424 1.1671C54.9472 0.950843 49.3518 0.163818 36.3901 0.163818H36.2933C23.3281 0.163818 20.5465 0.950843 19.0697 1.1671C10.56 2.41145 2.78877 8.34604 0.903306 16.826C-0.00357854 21.0022 -0.100361 25.6322 0.068112 29.8793C0.308275 35.9699 0.354874 42.0498 0.91406 48.1156C1.30064 52.1448 1.97502 56.1419 2.93215 60.0769C4.72441 67.3445 11.9795 73.3925 19.0876 75.86C26.6979 78.4332 34.8821 78.8603 42.724 77.0937C43.5866 76.8952 44.4398 76.6647 45.2833 76.4024C47.1867 75.8033 49.4199 75.1332 51.0616 73.9562C51.0841 73.9397 51.1026 73.9184 51.1156 73.8938C51.1286 73.8693 51.1359 73.8421 51.1368 73.8144V67.9366C51.1364 67.9107 51.1302 67.8852 51.1186 67.862C51.1069 67.8388 51.0902 67.8184 51.0695 67.8025C51.0489 67.7865 51.0249 67.7753 50.9994 67.7696C50.9738 67.764 50.9473 67.7641 50.9218 67.7699C45.8976 68.9569 40.7491 69.5519 35.5836 69.5425C26.694 69.5425 24.3031 65.3699 23.6184 63.6327C23.0681 62.1314 22.7186 60.5654 22.5789 58.9744C22.5775 58.9477 22.5825 58.921 22.5934 58.8965C22.6043 58.8721 22.621 58.8505 22.6419 58.8336C22.6629 58.8167 22.6876 58.8049 22.714 58.7992C22.7404 58.7934 22.7678 58.794 22.794 58.8007C27.7345 59.9796 32.799 60.5746 37.8813 60.5733C39.1036 60.5733 40.3223 60.5733 41.5447 60.5414C46.6562 60.3996 52.0437 60.1408 57.0728 59.1694C57.1983 59.1446 57.3237 59.1233 57.4313 59.0914C65.3638 57.5847 72.9128 52.8555 73.6799 40.8799C73.7086 40.4084 73.7803 35.9415 73.7803 35.4523C73.7839 33.7896 74.3216 23.6576 73.7014 17.4323ZM61.4925 47.3144H53.1514V27.107C53.1514 22.8528 51.3591 20.6832 47.7136 20.6832C43.7061 20.6832 41.6988 23.2499 41.6988 28.3194V39.3803H33.4078V28.3194C33.4078 23.2499 31.3969 20.6832 27.3894 20.6832C23.7654 20.6832 21.9552 22.8528 21.9516 27.107V47.3144H13.6176V26.4937C13.6176 22.2395 14.7157 18.8598 16.9118 16.3545C19.1772 13.8552 22.1488 12.5719 25.8373 12.5719C30.1064 12.5719 33.3325 14.1955 35.4832 17.4394L37.5587 20.8853L39.6377 17.4394C41.7884 14.1955 45.0145 12.5719 49.2765 12.5719C52.9614 12.5719 55.9329 13.8552 58.2055 16.3545C60.4017 18.8574 61.4997 22.2371 61.4997 26.4937L61.4925 47.3144Z" fill="inherit"/> </svg> <a rel="me" href="https://infosec.exchange/@sans_isc">Mastodon</a> </div>  <div class="questions-spacer"></div> <div class="questions-sidebar"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 54 54" width="24px" height="24px"><circle cx="28" cy="20" r="12" fill="#9fd5ed"/><circle cx="37" cy="28" r="9" fill="#9fd5ed"/><circle cx="30" cy="29" r="9" fill="#9fd5ed"/><circle cx="18" cy="29" r="9" fill="#9fd5ed"/><circle cx="24" cy="28" r="9" fill="#9fd5ed"/><circle cx="11" cy="28" r="9" fill="#9fd5ed"/><circle cx="15" cy="21" r="7" fill="#9fd5ed"/><radialGradient id="UWqm9mhW35Ao~JVa4RzWya" cx="28" cy="20" r="12" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#e3f4ff"/><stop offset="1" stop-color="#e3f4ff" stop-opacity="0"/></radialGradient><circle cx="28" cy="20" r="12" fill="url(#UWqm9mhW35Ao~JVa4RzWya)"/><radialGradient id="UWqm9mhW35Ao~JVa4RzWyb" cx="37" cy="28" r="9" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#e3f4ff"/><stop offset="1" stop-color="#e3f4ff" stop-opacity="0"/></radialGradient><circle cx="37" cy="28" r="9" fill="url(#UWqm9mhW35Ao~JVa4RzWyb)"/><radialGradient id="UWqm9mhW35Ao~JVa4RzWyc" cx="30" cy="29" r="9" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#e3f4ff"/><stop offset="1" stop-color="#e3f4ff" stop-opacity="0"/></radialGradient><circle cx="30" cy="29" r="9" fill="url(#UWqm9mhW35Ao~JVa4RzWyc)"/><radialGradient id="UWqm9mhW35Ao~JVa4RzWyd" cx="18" cy="29" r="9" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#e3f4ff"/><stop offset="1" stop-color="#e3f4ff" stop-opacity="0"/></radialGradient><circle cx="18" cy="29" r="9" fill="url(#UWqm9mhW35Ao~JVa4RzWyd)"/><radialGradient id="UWqm9mhW35Ao~JVa4RzWye" cx="24" cy="28" r="9" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#e3f4ff"/><stop offset="1" stop-color="#e3f4ff" stop-opacity="0"/></radialGradient><circle cx="24" cy="28" r="9" fill="url(#UWqm9mhW35Ao~JVa4RzWye)"/><radialGradient id="UWqm9mhW35Ao~JVa4RzWyf" cx="11" cy="28" r="9" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#e3f4ff"/><stop offset="1" stop-color="#e3f4ff" stop-opacity="0"/></radialGradient><circle cx="11" cy="28" r="9" fill="url(#UWqm9mhW35Ao~JVa4RzWyf)"/><radialGradient id="UWqm9mhW35Ao~JVa4RzWyg" cx="15" cy="21" r="7" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#e3f4ff"/><stop offset="1" stop-color="#e3f4ff" stop-opacity="0"/></radialGradient><circle cx="15" cy="21" r="7" fill="url(#UWqm9mhW35Ao~JVa4RzWyg)"/></svg> <a rel="me" href="https://bsky.app/profile/sansisc.bsky.social">Bluesky</a> </div> <div class="questions-spacer"></div> <div class="questions-sidebar"> <svg width="16" height="16" viewBox="0 0 1200 1227" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M714.163 519.284L1160.89 0H1055.03L667.137 450.887L357.328 0H0L468.492 681.821L0 1226.37H105.866L515.491 750.218L842.672 1226.37H1200L714.137 519.284H714.163ZM569.165 687.828L521.697 619.934L144.011 79.6944H306.615L611.412 515.685L658.88 583.579L1055.08 1150.3H892.476L569.165 687.854V687.828Z" fill="black"/> </svg> <a rel="noopener" href="https://twitter.com/sans_isc">X</a> </div> <div id="sidebar"> <p>The Internet Storm Center is a community for everyone, so <a href="/forums">join the conversation</a></p> </div> </div> <div id="footer"> <div class="footer-container"> <div class="footer-links"> <span>© 2025 SANS™ Internet Storm Center</span> <span>Developers: We have an <a href="/api/">API</a> for you!   <a rel="license" href="https://creativecommons.org/licenses/by-nc-sa/4.0/"><img class="lazyload" alt="Creative Commons License" src="/images/cc.png"></a></span> <ul id="footLinks"> <li><a href="/linkback.html">Link To Us</a></li> <li><a href="/about.html">About Us</a></li> <li><a href="/handler_list.html">Handlers</a></li> <li><a href="/privacy.html">Privacy Policy</a></li> </ul> </div> <div class="footer-social"> <ul id="socialIconsFoot"> <li><a rel="noopener" href="https://www.youtube.com/channel/UCfbOsqPmWg1H_34hTjKEW2A"><span class="youtube"></span></a></li> <li class="twitter"><a rel="noopener" href="https://twitter.com/sans_isc"><span class="twitter"></span></a></li> <li class="linkedin"><a rel="noopener" href="https://www.linkedin.com/groups?gid=35470"><span class="linkedin"></span></a></li> <li class="mastodon"><a rel="noopener" href="https://infosec.exchange/@sans_isc"><span class="mastodon"></span></a></li> <li class="rss"><a href="/xml.html"><span class="rss"></span></a></li> </ul> </div> </div> </div> <script type="text/javascript" src="/js/main.js"></script> <script language="JavaScript" type="text/javascript" src="/js/menu.js"></script> </div> </body></html>

CINXE.COM

ISC Handlers - SANS Internet Storm Center