ISC Handlers - SANS Internet Storm Center

<!doctype html><html lang="en"><head><title>ISC Handlers - SANS Internet Storm Center</title> <meta charset="utf-8"> <meta name="viewport" content="" /> <meta property="og:site_name" content="SANS Internet Storm Center" /> <meta property="og:locale" content="en_US" /> <meta property="og:type" content="website" /> <meta property="og:url" content="https://isc.sans.edu/handler_list.html" /> <meta property="og:title" content="ISC Handlers - SANS Internet Storm Center" /> <meta property="og:image" content="https://isc.sans.edu/images/logos/isc/large.png" /> <meta property="twitter:site" content="@sans_isc" /> <meta property="twitter:creator" content="@sans_isc" /> <meta property="twitter:card" content="summary_large_image" /> <meta property="twitter:image" content="https://isc.sans.edu/images/logos/isc/large.png" > <meta property="twitter:image:alt" content="SANS Internet Storm Center" /> <meta property="twitter:title" content="ISC Handlers - SANS Internet Storm Center" /> <meta name="description" content="Get to know the Internet Storm Center's volunteer incident handlers who identify, analyze, and report on emerging cyber threats&period;"> <meta property="og:description" content="Get to know the Internet Storm Center's volunteer incident handlers who identify, analyze, and report on emerging cyber threats."> <meta name="AUTHOR" content="SANS Internet Storm Center"/> <meta name="KEYWORDS" content="isc, sans, internet, security, threat, worm, virus, phishing, hacking, vulnerability, podcast"/> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="shortcut icon" href="/iscfavicon.ico" /> <link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png"> <link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png"> <link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png"> <link rel="manifest" href="/site.webmanifest"> <link rel="canonical" href="https://isc.sans.edu/handler_list.html" /> <link type="text/css" rel="stylesheet" href="/css/screen.css" /> <link type="text/css" rel="stylesheet" href="/css/msft.css" /> <link type="text/css" rel="stylesheet" href="/css/fontawesome.css" />  <link type="text/css" rel="stylesheet" href="/css/v3.css" /> <link rel="stylesheet" type="text/css" href="/css/bootstrap-modal/bootstrap-modal.min.css"/> <script type="text/javascript" src="/js/jquery-3.7.0.min.js"></script> <script language="javascript" type="text/javascript" src="https://isc.sans.edu/js/count.js"></script> <script src="/js/bootstrap-modal/bootstrap.min.js"></script> <script type="application/ld+json"> { "@context": "https://schema.org", "@type": "Organization", "name": "SANS Internet Storm Center", "url": "https://isc.sans.edu/", "logo": "https://isc.sans.edu/images/logos/isc/large.png", "email": "handlers@isc.sans.edu", "address": { "streetAddress": "8120 Woodmont Avenue, Suite 310", "addressLocality": "Bethesda", "addressRegion": "Maryland", "addressCountry": "USA", "postalCode": "20814" }, "sameAs": [ "https://twitter.com/sans_isc" ] } </script> <style> .handlerGrid { list-style:none; } .handlerGrid li { display:inline-block; width:128px; height:192px; float:left; text-align:center; } .handlerGrid li img { margin:0 auto; } </style> </head> <body class="isc"> <div id="container" class="isc-container"> <header id="isc-header"> <div class="eupopup eupopup-top"></div> <h1> <a href="/"> <svg width="80" height="70" viewBox="0 45 125 125" fill="none" xmlns="http://www.w3.org/2000/svg" baseProfile="tiny" overflow="visible"> <path fill="#7A1502" d="M81.5 105.6h1.4v16.1h-1.4zm-8.2-15.2h31.8v1H73.3z"/><path fill="#FFF" d="M0 0h125v125H0z"/><path fill="#7A1502" d="M18.9 78.6h12.8v1.3H26v14.8h-1.5V79.9h-5.6z"/><path fill="none" d="M32.4 83.9c-2.3 0-3.6 2-3.8 4.2h7.5c-.1-2.2-1.4-4.2-3.7-4.2zm43.3 0c-2.7 0-4.1 2.5-4.1 5s1.4 5 4.1 5 4.1-2.5 4.1-5-1.3-5-4.1-5z"/><path fill="#7A1502" d="M32.4 82.7c-3.7 0-5.3 3.1-5.3 6.2 0 3.3 1.6 6.2 5.3 6.2 2.9 0 4.5-1.5 5.1-4.2H36c-.5 1.8-1.6 3-3.7 3-2.7 0-3.8-2.5-3.8-4.6h9c.1-3.3-1.4-6.6-5.1-6.6zm-3.9 5.4c.2-2.1 1.5-4.2 3.8-4.2s3.6 2 3.7 4.2h-7.5zm15.4-4.2c1.9 0 2.9 1.1 3.3 2.8h1.4c-.3-2.7-2.2-4-4.7-4-3.6 0-5.5 2.8-5.5 6.2 0 3.3 1.9 6.2 5.5 6.2 2.6 0 4.4-1.7 4.8-4.5h-1.4c-.2 1.9-1.6 3.3-3.4 3.3-2.7 0-4.1-2.5-4.1-5s1.3-5 4.1-5zm5.4-5.3v16.1h1.4v-6.8c0-2.3 1.4-4 3.7-4 2.3 0 3 1.5 3 3.5v7.3h1.4v-7.5c0-2.8-1-4.5-4.3-4.5-1.6 0-3.2.9-3.7 2.3v-6.5h-1.5zM60 83.1v11.6h1.4v-6.8c0-2.3 1.4-4 3.7-4 2.3 0 3 1.5 3 3.5v7.3h1.4v-7.5c0-2.8-1-4.5-4.3-4.5-1.6 0-3.2.9-3.7 2.3v-2H60zm15.7-.4c-3.6 0-5.5 2.8-5.5 6.2 0 3.3 1.9 6.2 5.5 6.2s5.5-2.8 5.5-6.2c0-3.3-1.9-6.2-5.5-6.2zm0 11.2c-2.7 0-4.1-2.5-4.1-5s1.4-5 4.1-5 4.1 2.5 4.1 5-1.3 5-4.1 5zM82 78.6h1.4v16.1H82z"/><path fill="none" d="M101.1 83.9c-2.7 0-3.8 2.4-3.8 4.8 0 2.3 1.2 4.6 3.8 4.6 2.5 0 3.7-2.3 3.7-4.6.1-2.2-1-4.8-3.7-4.8zm-7.3 5c0-2.5-1.4-5-4.1-5-2.7 0-4.1 2.5-4.1 5s1.4 5 4.1 5c2.8 0 4.1-2.5 4.1-5z"/><path fill="#7A1502" d="M95.2 88.9c0-3.3-1.9-6.2-5.5-6.2s-5.5 2.8-5.5 6.2c0 3.3 1.9 6.2 5.5 6.2s5.5-2.9 5.5-6.2zm-9.6 0c0-2.5 1.4-5 4.1-5 2.7 0 4.1 2.5 4.1 5s-1.4 5-4.1 5c-2.7 0-4.1-2.5-4.1-5zm15.5 9.3c-1.6 0-3.1-.6-3.4-2.3h-1.4c.2 2.5 2.5 3.5 4.8 3.5 3.8 0 5.1-2.1 5.2-5.6V83.1h-1.4v2c-.6-1.3-2-2.3-3.7-2.3-3.4 0-5.3 2.7-5.3 5.9 0 3.3 1.5 6 5.3 6 1.7 0 3-1 3.7-2.4v1.6c0 2.7-1.2 4.3-3.8 4.3zm0-4.8c-2.6 0-3.8-2.3-3.8-4.6 0-2.4 1.1-4.8 3.8-4.8 2.7 0 3.7 2.5 3.7 4.8.1 2.3-1.2 4.6-3.7 4.6zm11-.4-3.8-9.9h-1.5l4.6 11.6-.5 1.3c-.5 1.1-.8 1.8-2 1.8-.3 0-.6 0-1-.1v1.2c.2.1.5.1 1.1.1 1.8 0 2.3-.6 3.1-2.5l5.1-13.4h-1.4l-3.7 9.9zm-80.6 3.8H33v16.1h-1.5zm3.3 4.4v11.6h1.4V106c0-2.3 1.4-4 3.7-4 2.3 0 3 1.5 3 3.5v7.3h1.4v-7.5c0-2.8-1-4.5-4.3-4.5-1.6 0-3.2.9-3.7 2.3v-2h-1.5zM49.7 112c-1.9 0-3.3-1-3.4-2.9h-1.4c.2 2.8 2.1 4.1 4.8 4.1 2.2 0 4.7-1 4.7-3.5 0-2-1.7-3-3.3-3.2l-1.9-.4c-1-.2-2.4-.7-2.4-2 0-1.5 1.5-2 2.8-2 1.6 0 3 .8 3 2.5H54c-.1-2.5-1.9-3.7-4.3-3.7-2.1 0-4.4.9-4.4 3.3 0 2 1.4 2.6 3.2 3.1l1.8.4c1.3.3 2.5.8 2.5 2.1.1 1.6-1.7 2.2-3.1 2.2zm7.6-14.2h-1.4v3.5h-2v1.2h2v8c0 2 .6 2.6 2.5 2.6h1.3v-1.2c-.4 0-.8.1-1.2.1-1-.1-1.2-.6-1.2-1.5v-7.8h2.4v-1.2h-2.4v-3.7zm3.5 15.1h1.4v-11.6h-1.4v11.6zm0-13.8h1.4v-2.3h-1.4v2.3z"/><path fill="none" d="M69 63.4h4.5l-2.2-13.7zm23 38.7c-2.3 0-3.6 2-3.8 4.2h7.5c-.1-2.2-1.4-4.2-3.7-4.2z"/><path fill="#7A1502" d="M69.2 102.4v-1.2h-2.4v-3.5h-1.4v3.5h-2v1.2h2v8c0 2 .6 2.6 2.5 2.6h1.3v-1.2c-.4 0-.8.1-1.2.1-1-.1-1.1-.6-1.1-1.5v-7.8h2.3zm10.5 10.5v-11.6h-1.4v6.1c0 2.4-1.1 4.7-3.5 4.7-2.3 0-3-1.1-3.1-3.2v-7.6h-1.4v7.6c0 2.7 1.1 4.4 4.1 4.4 1.7 0 3.3-.9 4-2.4v2.1h1.3zm6.4-10.5v-1.2h-2.4v-3.5h-1.4v3.5h-2v1.2h2v8c0 2 .6 2.6 2.5 2.6h1.3v-1.2c-.4 0-.8.1-1.2.1-1-.1-1.2-.6-1.2-1.5v-7.8h2.4zm5.9-1.5c-3.7 0-5.3 3.1-5.3 6.2 0 3.3 1.6 6.2 5.3 6.2 2.9 0 4.5-1.5 5.1-4.2h-1.4c-.5 1.8-1.6 3-3.7 3-2.7 0-3.8-2.5-3.8-4.6h9c0-3.3-1.5-6.6-5.2-6.6zm-3.9 5.4c.2-2.1 1.5-4.2 3.8-4.2s3.6 2 3.7 4.2h-7.5zM60.2 71.7c-1.3 0-2.4-.9-3.3-2.6-.9-1.7-1.4-4-1.5-6.8h-.7v10h.7l1-1.9c.6.7 1.3 1.3 1.9 1.6.6.3 1.3.5 2.1.5 1.3 0 2.4-.6 3.3-1.9.8-1.3 1.2-2.9 1.2-5 0-1.4-.3-2.8-.8-4.3-.6-1.5-1.6-3.3-3.1-5.6-.4-.5-.9-1.3-1.5-2.2-1.8-2.5-2.6-4.3-2.6-5.5 0-.8.2-1.5.6-2 .4-.5.9-.7 1.6-.7 1 0 1.9.7 2.6 2.2.7 1.5 1.2 3.5 1.4 6.1h.7v-9h-.7l-.8 1.8c-.4-.6-.9-1-1.5-1.4s-1.1-.5-1.7-.5c-1.2 0-2.1.6-2.9 1.7-.8 1.1-1.1 2.6-1.1 4.5 0 1.5.2 3 .7 4.4.5 1.4 1.6 3.3 3.2 5.8 1.3 2 2.3 3.6 2.8 4.9.6 1.3.8 2.4.8 3.3 0 .8-.2 1.5-.6 2-.6.3-1.1.6-1.8.6zm19.7-.5h-1l-4.6-26.4h-3.2l-4.2 22.6c0 .1 0 .2-.1.3-.4 2.1-1.2 3.3-2.3 3.5v.8h5.6v-.8c-.8 0-1.3-.2-1.6-.4-.3-.2-.5-.7-.5-1.2V69c0-.2 0-.4.1-.7l.6-3.9h4.9l1.1 6.9h-1.9v.7h7l.1-.8zM69 63.4l2.3-13.7 2.2 13.7H69zm12.5 6.9c-.3.5-.8.8-1.6.9v.8H86v-.8c-1.1-.1-1.8-.4-2.3-1-.4-.6-.6-1.6-.6-3.1V49.5L92.4 72h.8V48.8c0-1.3.1-2.1.4-2.5.3-.4.8-.6 1.5-.6h.1v-.8h-5.7v.8c.9 0 1.5.3 1.9.8.4.6.6 1.4.6 2.7v12.1l-6.6-16.4h-5.2v.8H82v21.7c0 1.5-.2 2.5-.5 2.9zm21.3-14.7c-.4-.5-.9-1.3-1.5-2.2-1.8-2.5-2.6-4.3-2.6-5.5 0-.8.2-1.5.6-2 .4-.5.9-.7 1.6-.7 1 0 1.9.7 2.6 2.2.7 1.5 1.2 3.5 1.4 6.1h.7v-9h-.7l-.8 1.8c-.4-.6-.9-1-1.5-1.4-.6-.3-1.1-.5-1.7-.5-1.2 0-2.1.6-2.9 1.7-.8 1.1-1.1 2.6-1.1 4.5 0 1.5.2 3 .7 4.4.5 1.4 1.6 3.3 3.2 5.8 1.3 2 2.3 3.6 2.8 4.9.6 1.3.8 2.4.8 3.3 0 .8-.2 1.5-.6 2-.4.5-1 .8-1.7.8-1.3 0-2.4-.9-3.3-2.6-.9-1.7-1.4-4-1.5-6.8h-.7v10h.7l1-1.9c.6.7 1.3 1.3 1.9 1.6.6.3 1.3.5 2.1.5 1.3 0 2.4-.6 3.3-1.9.8-1.3 1.2-2.9 1.2-5 0-1.4-.3-2.8-.8-4.3-.6-1.7-1.7-3.5-3.2-5.8z"/><path fill="#7A1502" d="M73.8 63.4h31.9v.9H73.8z"/> </svg> </a> <span id="pagetitle"> <a href="/">Internet Storm Center</a></span> </h1> <div class="isc-signin"> <form id="headerSearch" name="searchform" action="/search.html" method="get"> <input type="text" name="q" placeholder="Search...(IP, Port..)" /> <input type="hidden" id="token" name="token" value="fb50b0e1114af24a345477446552d0bd1abb2a42" /> <input class="btn btn-primary" type="submit" name="Search" value="Search"> </form> <div id="smallHeaderLogin"> <a class="btn btn-primary" href="/login.html">Sign In</a> <a class="btn" href="/register.html">Sign Up</a> <a href="#navigation"></a> </div> </header> <div id="content"> <div class="wrapper"> <div class="isc-alerts"> <div> <svg style="width:20px;height:20px" viewBox="0 0 24 24"> <path fill="currentColor" d="M12,2A10,10 0 0,0 2,12A10,10 0 0,0 12,22A10,10 0 0,0 22,12A10,10 0 0,0 12,2M7.07,18.28C7.5,17.38 10.12,16.5 12,16.5C13.88,16.5 16.5,17.38 16.93,18.28C15.57,19.36 13.86,20 12,20C10.14,20 8.43,19.36 7.07,18.28M18.36,16.83C16.93,15.09 13.46,14.5 12,14.5C10.54,14.5 7.07,15.09 5.64,16.83C4.62,15.5 4,13.82 4,12C4,7.59 7.59,4 12,4C16.41,4 20,7.59 20,12C20,13.82 19.38,15.5 18.36,16.83M12,6C10.06,6 8.5,7.56 8.5,9.5C8.5,11.44 10.06,13 12,13C13.94,13 15.5,11.44 15.5,9.5C15.5,7.56 13.94,6 12,6M12,11A1.5,1.5 0 0,1 10.5,9.5A1.5,1.5 0 0,1 12,8A1.5,1.5 0 0,1 13.5,9.5A1.5,1.5 0 0,1 12,11Z" /> </svg> Handler on Duty: <a title="Didier Stevens" href="/handler_list.html#didier-stevens">Didier Stevens</a> </div> <div>Threat Level: <a href="/infocon.html" style="text-transform: capitalize; color: green">green</a></div> </div> <div class="main-content"><div class="isc-card-main"> <div class="card-body"> <h1>Current Handlers</h1> <p>Volunteer incident handlers donate their valuable time to analyze detects and anomalies, and post a daily diary of their analysis and thoughts on the Storm Center website. Below you will find Handler details including personal pages, additional scripts or papers, or whatever the respective handler is interested in offering. All content is owned by the respective handler. <br/><br/> Interested in becoming a handler? A roadmap is available to <a href="/handlerroadmap.html">learn how</a>. </p> <ul class="handlerGrid"> <li><a href="#guy-bruneau"><img src="/images/design/custom/headshots/guy-bruneau.jpg" alt="Bruneau, Guy" class="headshot"><br/>Guy Bruneau</a></li><li><a href="#jim-clausing"><img src="/images/design/custom/headshots/jim-clausing.jpg" alt="Clausing, Jim" class="headshot"><br/>Jim Clausing</a></li><li><a href="#scott-fendley"><img src="/images/design/custom/headshots/scott-fendley.jpg" alt="Fendley, Scott" class="headshot"><br/>Scott Fendley</a></li><li><a href="#jan-kopriva"><img src="/images/design/custom/headshots/jan-kopriva.jpg" alt="Kopriva, Jan" class="headshot"><br/>Jan Kopriva</a></li><li><a href="#jesse-lagrew"><img src="/images/design/custom/headshots/jesse-lagrew.jpg" alt="La Grew, Jesse" class="headshot"><br/>Jesse La Grew</a></li><li><a href="#renato-marinho"><img src="/images/design/custom/headshots/renato-marinho.jpg" alt="Marinho, Renato" class="headshot"><br/>Renato Marinho</a></li><li><a href="#russ-mcree"><img src="/images/design/custom/headshots/russ-mcree.jpg" alt="McRee, Russ" class="headshot"><br/>Russ McRee</a></li><li><a href="#xavier-mertens"><img src="/images/design/custom/headshots/xavier-mertens.jpg" alt="Mertens, Xavier" class="headshot"><br/>Xavier Mertens</a></li><li><a href="#manuelhumberto-santanderpelaez"><img src="/images/design/custom/headshots/manuelhumberto-santanderpelaez.jpg" alt="Santander Pelaez, Manuel Humberto" class="headshot"><br/>Manuel Humberto Santander Pelaez</a></li><li><a href="#didier-stevens"><img src="/images/design/custom/headshots/didier-stevens.jpg" alt="Stevens, Didier" class="headshot"><br/>Didier Stevens</a></li><li><a href="#yeeching-tok"><img src="/images/design/custom/headshots/yeeching-tok.jpg" alt="Tok, Yee Ching" class="headshot"><br/>Yee Ching Tok</a></li><li><a href="#johannes-ullrich"><img src="/images/design/custom/headshots/johannes-ullrich.jpg" alt="Ullrich, Johannes" class="headshot"><br/>Johannes Ullrich</a></li><li><a href="#rob-vandenbrink"><img src="/images/design/custom/headshots/rob-vandenbrink.jpg" alt="VandenBrink, Rob" class="headshot"><br/>Rob VandenBrink</a></li><li><a href="#tom-webb"><img src="/images/design/custom/headshots/tom-webb.jpg" alt="Webb, Tom" class="headshot"><br/>Tom Webb</a></li><li><a href="#bojan-zdrnja"><img src="/images/design/custom/headshots/bojan-zdrnja.jpg" alt="Zdrnja, Bojan" class="headshot"><br/>Bojan Zdrnja</a></li> </ul> <div class="top-link"><a href="#">Top of page</a></div> <div class='accordion'> <h2 id="director"><span id="guy-bruneau">Guy Bruneau</span></h2><div class="bio"><img src="/images/design/custom/headshots/guy-bruneau.jpg" alt="Bruneau, Guy" class="headshot"> <p>Guy has a B.A. (IT) from University of Quebec and holds the prestigious GIAC Security Expert (GSE) certification as well as the GIAC GSEC(G), GCIA(G), GCIH(G), GCUX(G), GCFA, GPEN certifications.</p> <table style="width:300px;"> <tr> <th style="text-align:left">Twitter:</th> <td><a target="_blank" href="http://www.twitter.com/guybruneau">@guybruneau</a></td></tr> </table> <p>Click to  <a href="/tools/handler_created#guybruneau">View Handler Created Tools</a></p><h3 class='title'>Recent Diaries:</h3> <ul> <li><a href="/forums/diary/SANS+ISC+Internship+Setup+AWS+DShield+Sensor+DShield+SIEM+Guest+Diary/31480/">SANS ISC Internship Setup: AWS DShield Sensor + DShield SIEM [Guest Diary]</a> </li> <li><a href="/forums/diary/October+2024+Activity+with+Username+chenzilong/31400/">October 2024 Activity with Username chenzilong</a> </li> <li><a href="/forums/diary/Scanning+Activity+from+Subnet+151840016/31362/">Scanning Activity from Subnet 15.184.0.0/16</a> </li> <li><a href="/forums/diary/Kickstart+Your+DShield+Honeypot+Guest+Diary/31320/">Kickstart Your DShield Honeypot [Guest Diary]</a> </li> <li><a href="/forums/diary/OSINT+Image+Analysis+or+More+Where+When+and+Metadata+Guest+Diary/31298/">OSINT - Image Analysis or More Where, When, and Metadata [Guest Diary]</a> </li> </ul><a href="/handler_list.html?author=948544741&fname=Guy&lname=Bruneau">View all diaries by this handler</a> </div> <div class="top-link"><a href="#">Top of page</a></div><h2 id="director"><span id="jim-clausing">Jim Clausing</span></h2><div class="bio"><img src="/images/design/custom/headshots/jim-clausing.jpg" alt="Clausing, Jim" class="headshot"> <table style="width:300px;"> <tr> <th style="text-align:left">Twitter:</th> <td><a target="_blank" href="http://www.twitter.com/jclausing">@jclausing</a></td></tr> </table> <table style="width:300px;"> <tr> <th style="text-align:left">Mastodon:</th> <td><a target="_blank" rel="me" href="https://infosec.exchange/@clausing">@clausing@infosec.exchange</a> </td> </table> <h3 class='title'>Recent Diaries:</h3> <ul> <li><a href="/forums/diary/Security+related+Docker+containers/31318/">Security related Docker containers</a> </li> <li><a href="/forums/diary/Tool+update+macrobberpy+and+lehextoippy/31310/">Tool update: mac-robber.py and le-hex-to-ip.py</a> </li> <li><a href="/forums/diary/New+tool+linuxpkgssh/30774/">New tool: linux-pkgs.sh</a> </li> <li><a href="/forums/diary/Tool+updates+lehextoippy+and+sigspy/30772/">Tool updates: le-hex-to-ip.py and sigs.py</a> </li> <li><a href="/forums/diary/Wireshark+updates/30528/">Wireshark updates</a> </li> </ul><a href="/handler_list.html?author=660187&fname=Jim&lname=Clausing">View all diaries by this handler</a> </div> <br/> <div><h3 class='title'>Upcoming Courses:</h3><p><strong>SANS Cyber Threat Intelligence Summit & Training 2025 - Live Online, Online | US Eastern<br/></strong>January 29, 2025 - February 03, 2025<br/><a href='https://www.sans.org/event/cyber-threat-intelligence-summit-2025/course/linux-threat-hunting-incident-response'>LINUX Incident Response and Threat Hunting</a></p><p><strong>SANS Security East Baltimore 2025, Baltimore<br/></strong>March 03, 2025 - March 08, 2025<br/><a href='https://www.sans.org/event/security-east-2025/course/linux-threat-hunting-incident-response'>LINUX Incident Response and Threat Hunting</a></p><a href='https://www.sans.org/instructors/jim-clausing'>Instructor Page</a> </div> <div class="top-link"><a href="#">Top of page</a></div><h2 id="director"><span id="scott-fendley">Scott Fendley</span></h2><div class="bio"><img src="/images/design/custom/headshots/scott-fendley.jpg" alt="Fendley, Scott" class="headshot"> <table style="width:300px;"> <tr> <th style="text-align:left">Twitter:</th> <td><a target="_blank" href="http://www.twitter.com/itsecuritygeek">@itsecuritygeek</a></td></tr> </table> <h3 class='title'>Recent Diaries:</h3> <ul> <li><a href="/forums/diary/July+2023+Microsoft+Patch+Update/30018/">July 2023 Microsoft Patch Update</a> </li> <li><a href="/forums/diary/Warranty+Repairs+and+NonRemovable+Storage+Risks/27938/">Warranty Repairs and Non-Removable Storage Risks</a> </li> <li><a href="/forums/diary/Apple+May+2021+Security+Updates/27452/">Apple May 2021 Security Updates</a> </li> <li><a href="/forums/diary/Critical+Vuln+in+vCenter+vmdir+CVE20203952/26006/">Critical Vuln in vCenter vmdir (CVE-2020-3952)</a> </li> <li><a href="/forums/diary/Oracle+Critical+Patch+Update+Release/23886/">Oracle Critical Patch Update Release</a> </li> </ul><a href="/handler_list.html?author=140847&fname=Scott&lname=Fendley">View all diaries by this handler</a> </div> <div class="top-link"><a href="#">Top of page</a></div><h2 id="director"><span id="jan-kopriva">Jan Kopriva</span></h2><div class="bio"><img src="/images/design/custom/headshots/jan-kopriva.jpg" alt="Kopriva, Jan" class="headshot"> <table style="width:300px;"> <tr> <th style="text-align:left">Twitter:</th> <td><a target="_blank" href="http://www.twitter.com/@jk0pr">@jk0pr</a></td></tr> </table> <table style="width:300px;"> <tr> <th style="text-align:left">Mastodon:</th> <td><a target="_blank" rel="me" href="https://infosec.exchange/@jkopriva">@jkopriva@infosec.exchange</a> </td> </table> <h3 class='title'>Recent Diaries:</h3> <ul> <li><a href="/forums/diary/The+strange+case+of+disappearing+Russian+servers/31476/">The strange case of disappearing Russian servers</a> </li> <li><a href="/forums/diary/Selfcontained+HTML+phishing+attachment+using+Telegram+to+exfiltrate+stolen+credentials/31388/">Self-contained HTML phishing attachment using Telegram to exfiltrate stolen credentials</a> </li> <li><a href="/forums/diary/Phishing+links+with+sign+and+the+need+for+effective+security+awareness+building/31288/">Phishing links with @ sign and the need for effective security awareness building</a> </li> <li><a href="/forums/diary/Script+obfuscation+using+multiple+instances+of+the+same+function/31144/">Script obfuscation using multiple instances of the same function</a> </li> <li><a href="/forums/diary/Replychain+phishing+with+a+twist/31084/">"Reply-chain phishing" with a twist</a> </li> </ul><a href="/handler_list.html?author=1016653899&fname=Jan&lname=Kopriva">View all diaries by this handler</a> </div> <div class="top-link"><a href="#">Top of page</a></div><h2 id="director"><span id="jesse-lagrew">Jesse La Grew</span></h2><div class="bio"><img src="/images/design/custom/headshots/jesse-lagrew.jpg" alt="La Grew, Jesse" class="headshot"> <p>Jesse La Grew has been an IT professional within higher education for over 20 years. He holds a variety of GIAC certifications including the GDSA, GCCC, GCFA, GCFE, GCIA, GPYC, GSOC, GCIH, GSEC, GISF, GCTI, GCPM and GSTRT and is also a CISSP. He recently received his Bachelor's Degree at SANS Technology Institute and is progressing through his Master's program at the same institution. Jesse's background in IT started in a desktop support role. This transitioned into a cyber security focus when becoming involved in building and supporting environments meeting PCI and FISMA compliance standards. He currently works as Chief Information Security Officer at Madison College.</p> <table style="width:300px;"> <tr> <th style="text-align:left">Twitter:</th> <td><a target="_blank" href="http://www.twitter.com/@stealthcrane">@stealthcrane</a></td></tr> </table> <table style="width:300px;"> <tr> <th style="text-align:left">Mastodon:</th> <td><a target="_blank" rel="me" href="https://infosec.exchange/@stealthcrane">@stealthcrane@infosec.exchange</a> </td> </table> <h3 class='title'>Recent Diaries:</h3> <ul> <li><a href="/forums/diary/Guest+Diary+Using+Zeek+Snort+and+Grafana+to+Detect+Crypto+Mining+Malware/31472/">[Guest Diary] Using Zeek, Snort, and Grafana to Detect Crypto Mining Malware</a> </li> <li><a href="/forums/diary/Guest+Diary+Insights+from+August+Web+Traffic+Surge/31408/">[Guest Diary] Insights from August Web Traffic Surge</a> </li> <li><a href="/forums/diary/Finding+Honeypot+Data+Clusters+Using+DBSCAN+Part+2/31194/">Finding Honeypot Data Clusters Using DBSCAN: Part 2</a> </li> <li><a href="/forums/diary/Enrichment+Data+Keeping+it+Fresh/31236/">Enrichment Data: Keeping it Fresh</a> </li> <li><a href="/forums/diary/Simulating+Traffic+With+Scapy/31216/">Simulating Traffic With Scapy</a> </li> </ul><a href="/handler_list.html?author=3000041606&fname=Jesse&lname=La Grew">View all diaries by this handler</a> </div> <div class="top-link"><a href="#">Top of page</a></div><h2 id="director"><span id="renato-marinho">Renato Marinho</span></h2><div class="bio"><img src="/images/design/custom/headshots/renato-marinho.jpg" alt="Marinho, Renato" class="headshot"> <p>Renato Marinho is Chief Research Officer at Morphus Labs. His journey in the area began in 2001, when he created Nettion, one of the first firewalls to use the contemporary UTM (Unified Threat Management) concept. Experienced in cyber security, Marinho was internationally recognized in 2016 by his research that unveiled Mamba, the first full disk encryption ransomware. At Morphus Labs, he oversees research, innovation and development of new products. Master and PhD candidate in Applied Informatics, he is also professor at University of Fortaleza teaching Computer Forensics in the post-graduate course. He is also a speaker having presented at Ignite Cybersecurity Conference, BSides Delaware, BSides Vienna, WSKS Portugal and Brazilian CSIRTs Forum. </p> <table style="width:300px;"> <tr> <th style="text-align:left">Twitter:</th> <td><a target="_blank" href="http://www.twitter.com/renato_marinho">@renato_marinho</a></td></tr> </table> <table style="width:300px;"> <tr> <th style="text-align:left">Mastodon:</th> <td><a target="_blank" rel="me" href="https://infosec.exchange/@renatomarinho">@renatomarinho@infosec.exchange</a> </td> </table> <h3 class='title'>Recent Diaries:</h3> <ul> <li><a href="/forums/diary/Microsoft+November+2024+Patch+Tuesday/31438/">Microsoft November 2024 Patch Tuesday</a> </li> <li><a href="/forums/diary/Microsoft+August+2024+Patch+Tuesday/31164/">Microsoft August 2024 Patch Tuesday</a> </li> <li><a href="/forums/diary/Microsoft+May+2024+Patch+Tuesday/30920/">Microsoft May 2024 Patch Tuesday</a> </li> <li><a href="/forums/diary/Microsoft+February+2024+Patch+Tuesday/30646/">Microsoft February 2024 Patch Tuesday</a> </li> <li><a href="/forums/diary/Microsoft+September+2023+Patch+Tuesday/30214/">Microsoft September 2023 Patch Tuesday</a> </li> </ul><a href="/handler_list.html?author=106896&fname=Renato&lname=Marinho">View all diaries by this handler</a> </div> <div class="top-link"><a href="#">Top of page</a></div><h2 id="director"><span id="russ-mcree">Russ McRee</span></h2><div class="bio"><img src="/images/design/custom/headshots/russ-mcree.jpg" alt="McRee, Russ" class="headshot"> <table style="width:300px;"> <tr> <th style="text-align:left">Twitter:</th> <td><a target="_blank" href="http://www.twitter.com/@holisticinfosec">@holisticinfosec</a></td></tr> </table> <p>Click to  <a href="/tools/handler_created#russmcree">View Handler Created Tools</a></p><h3 class='title'>Recent Diaries:</h3> <ul> <li><a href="/forums/diary/Sandfly+Security/29998/">Sandfly Security</a> </li> <li><a href="/forums/diary/Exploratory+Data+Analysis+with+CISSM+Cyber+Attacks+Database+Part+2/29828/">Exploratory Data Analysis with CISSM Cyber Attacks Database - Part 2</a> </li> <li><a href="/forums/diary/Exploratory+Data+Analysis+with+CISSM+Cyber+Attacks+Database+Part+1/29816/">Exploratory Data Analysis with CISSM Cyber Attacks Database - Part 1</a> </li> <li><a href="/forums/diary/Prowler+v3+AWS+Azure+security+assessments/29430/">Prowler v3: AWS & Azure security assessments</a> </li> <li><a href="/forums/diary/Chainsaw+Hunt+search+and+extract+event+log+records/29066/">Chainsaw: Hunt, search, and extract event log records</a> </li> </ul><a href="/handler_list.html?author=948565198&fname=Russ&lname=McRee">View all diaries by this handler</a> </div> <div class="top-link"><a href="#">Top of page</a></div><h2 id="director"><span id="xavier-mertens">Xavier Mertens</span></h2><div class="bio"><img src="/images/design/custom/headshots/xavier-mertens.jpg" alt="Mertens, Xavier" class="headshot"> <p>Xavier Mertens is a freelance security consultant based in Belgium. Xavier's own company (https://xameco.be) offers services like incident handling, forensic, SOC activities, and pentesting. He holds GCIA, GFCE, GCFA, GXPN, GREM, GDAT, GNFA, GCTI, GPYC SANS certifications but also CISSP, and CISA. Xavier is a SANS Certified Instructor (FOR610 - Malware Analysis and Reverse Engineering). His blog about security is https://blog.rootshell.be and he is co-organizer of the BruCON security conference (http://www.brucon.org).</p> <table style="width:300px;"> <tr> <th style="text-align:left">Twitter:</th> <td><a target="_blank" href="http://www.twitter.com/xme">@xme</a></td></tr> </table> <table style="width:300px;"> <tr> <th style="text-align:left">Mastodon:</th> <td><a target="_blank" rel="me" href="https://infosec.exchange/@xme">@xme@infosec.exchange</a> </td> </table> <h3 class='title'>Recent Diaries:</h3> <ul> <li><a href="/forums/diary/From+a+Regular+Infostealer+to+its+Obfuscated+Version/31484/">From a Regular Infostealer to its Obfuscated Version</a> </li> <li><a href="/forums/diary/An+Infostealer+Searching+for+BIP0039+Data/31464/">An Infostealer Searching for « BIP-0039 » Data</a> </li> <li><a href="/forums/diary/Detecting+the+Presence+of+a+Debugger+in+Linux/31450/">Detecting the Presence of a Debugger in Linux</a> </li> <li><a href="/forums/diary/Steam+Account+Checker+Poisoned+with+Infostealer/31420/">Steam Account Checker Poisoned with Infostealer</a> </li> <li><a href="/forums/diary/Python+RAT+with+a+Nice+Screensharing+Feature/31414/">Python RAT with a Nice Screensharing Feature</a> </li> </ul><a href="/handler_list.html?author=1016628506&fname=Xavier&lname=Mertens">View all diaries by this handler</a> </div> <br/> <div><h3 class='title'>Upcoming Courses:</h3><p><strong>SANS Frankfurt December 2024, Frankfurt<br/></strong>December 09, 2024 - December 14, 2024<br/><a href='https://www.sans.org/event/frankfurt-december-2024/course/reverse-engineering-malware-malware-analysis-tools-techniques'>Reverse-Engineering Malware: Malware Analysis Tools and Techniques</a></p><p><strong>SANS Amsterdam January 2025, Amsterdam<br/></strong>January 20, 2025 - January 25, 2025<br/><a href='https://www.sans.org/event/amsterdam-january-2025/course/reverse-engineering-malware-malware-analysis-tools-techniques'>Reverse-Engineering Malware: Malware Analysis Tools and Techniques</a></p><p><strong>SANS Cairo February 2025, Cairo<br/></strong>February 15, 2025 - February 20, 2025<br/><a href='https://www.sans.org/event/cairo-february-2025/course/reverse-engineering-malware-malware-analysis-tools-techniques'>Reverse-Engineering Malware: Malware Analysis Tools and Techniques</a></p><a href=''>Instructor Page</a> </div> <div class="top-link"><a href="#">Top of page</a></div><h2 id="director"><span id="manuelhumberto-santanderpelaez">Manuel Humberto Santander Pelaez</span></h2><div class="bio"><img src="/images/design/custom/headshots/manuelhumberto-santanderpelaez.jpg" alt="Santander Pelaez, Manuel Humberto" class="headshot"> <p>Mr. Santander PelÃ¡ez currently serves as the CTO of Transportadora de Gas Internacional in BogotÃ¡, Colombia. His areas of interest are Intrusion Detection, Computer Forensics, Incident Response, SCADA Security, cyber defense, threat intelligence and threat hunting.</p> <table style="width:300px;"> <tr> <th style="text-align:left">Twitter:</th> <td><a target="_blank" href="http://www.twitter.com/manuelsantander">@manuelsantander</a></td></tr> </table> <table style="width:300px;"> <tr> <th style="text-align:left">Mastodon:</th> <td><a target="_blank" rel="me" href="https://infosec.exchange/@manuelsantander">@manuelsantander@infosec.exchange</a> </td> </table> <h3 class='title'>Recent Diaries:</h3> <ul> <li><a href="/forums/diary/Noticing+command+and+control+channels+by+reviewing+DNS+protocols/30396/">Noticing command and control channels by reviewing DNS protocols</a> </li> <li><a href="/forums/diary/Controlling+network+access+to+ICS+systems/30000/">Controlling network access to ICS systems</a> </li> <li><a href="/forums/diary/Management+of+DMARC+control+for+email+impersonation+of+domains+in+the+co+TLD+part+2/29922/">Management of DMARC control for email impersonation of domains in the .co TLD - part 2</a> </li> <li><a href="/forums/diary/Management+of+DMARC+control+for+email+impersonation+of+domains+in+the+co+TLD+part+1/29768/">Management of DMARC control for email impersonation of domains in the .co TLD - part 1</a> </li> <li><a href="/forums/diary/Security+headers+you+should+add+into+your+application+to+increase+cyber+risk+protection/29720/">Security headers you should add into your application to increase cyber risk protection</a> </li> </ul><a href="/handler_list.html?author=948538438&fname=Manuel Humberto&lname=Santander Pelaez">View all diaries by this handler</a> </div> <div class="top-link"><a href="#">Top of page</a></div><h2 id="director"><span id="didier-stevens">Didier Stevens</span></h2><div class="bio"><img src="/images/design/custom/headshots/didier-stevens.jpg" alt="Stevens, Didier" class="headshot"> <p>Didier Stevens (Microsoft MVP Consumer Security) holds many certifications from SANS, Microsoft, Cisco, ... He is a Senior Analyst (NVISO https://www.nviso.be). Didier started his own company in 2012 to provide IT security training services (http://DidierStevensLabs.com). You can find his open source security tools on his IT security related blog at https://blog.DidierStevens.com.</p> <table style="width:300px;"> <tr> <th style="text-align:left">Twitter:</th> <td><a target="_blank" href="http://www.twitter.com/DidierStevens">@DidierStevens</a></td></tr> </table> <h3 class='title'>Recent Diaries:</h3> <ul> <li><a href="/forums/diary/Extracting+Files+Embedded+Inside+Word+Documents/31486/">Extracting Files Embedded Inside Word Documents</a> </li> <li><a href="/forums/diary/Quickie+Mass+BASE64+Decoding/31470/">Quickie: Mass BASE64 Decoding</a> </li> <li><a href="/forums/diary/Quick+Dirty+Obfuscated+JavaScript+Analysis/31468/">Quick & Dirty Obfuscated JavaScript Analysis</a> </li> <li><a href="/forums/diary/Decrypting+a+PDF+With+a+User+Password/31466/">Decrypting a PDF With a User Password</a> </li> <li><a href="/forums/diary/Wireshark+442+Released/31460/">Wireshark 4.4.2 Released</a> </li> </ul><a href="/handler_list.html?author=948538900&fname=Didier&lname=Stevens">View all diaries by this handler</a> </div> <div class="top-link"><a href="#">Top of page</a></div><h2 id="director"><span id="yeeching-tok">Yee Ching Tok</span></h2><div class="bio"><img src="/images/design/custom/headshots/yeeching-tok.jpg" alt="Tok, Yee Ching" class="headshot"> <p>Dr. Tok is currently a Senior Consultant at JT Consultancy & Management Pte. Ltd. and a Research Fellow at ASSET (Automated Systems SEcuriTy) Research Group in Singapore University of Technology and Design (SUTD) under the Information Systems Technology and Design (ISTD) Pillar. He was a recipient of the SG Digital (Postgraduate) Scholarship program from Infocomm Media Development Authority (IMDA), and won the Cybersecurity Awards in 2019 under the Professional category for his contributions to the Singapore information security industry. Yee Ching is a SANS Lethal Forensicator and also serves as a Co-Opted Committee Member in the Association of Information Security Professionals (AiSP). For more information, please visit https://poppopretn.com/aboutme/.</p> <table style="width:300px;"> <tr> <th style="text-align:left">Twitter:</th> <td><a target="_blank" href="http://www.twitter.com/poppopretn">@poppopretn</a></td></tr> </table> <table style="width:300px;"> <tr> <th style="text-align:left">Mastodon:</th> <td><a target="_blank" rel="me" href="https://infosec.exchange/@poppopretn">@poppopretn@infosec.exchange</a> </td> </table> <h3 class='title'>Recent Diaries:</h3> <ul> <li><a href="/forums/diary/Rolling+Back+Packages+on+UbuntuDebian/30842/">Rolling Back Packages on Ubuntu/Debian</a> </li> <li><a href="/forums/diary/Evolution+of+Artificial+Intelligence+Systems+and+Ensuring+Trustworthiness/30828/">Evolution of Artificial Intelligence Systems and Ensuring Trustworthiness</a> </li> <li><a href="/forums/diary/5Ghoul+Revisited+Three+Months+Later/30746/">5Ghoul Revisited: Three Months Later</a> </li> <li><a href="/forums/diary/5Ghoul+Impacts+Implications+and+Next+Steps/30462/">5Ghoul: Impacts, Implications and Next Steps</a> </li> <li><a href="/forums/diary/VMware+Releases+Security+Patches+for+Fusion+Workstation+and+Aria+Operations+for+Logs/30330/">VMware Releases Security Patches for Fusion, Workstation and Aria Operations for Logs</a> </li> </ul><a href="/handler_list.html?author=3000021158&fname=Yee Ching&lname=Tok">View all diaries by this handler</a> </div> <div class="top-link"><a href="#">Top of page</a></div><h2 id="director"><span id="johannes-ullrich">Johannes Ullrich</span></h2><div class="bio"><img src="/images/design/custom/headshots/johannes-ullrich.jpg" alt="Ullrich, Johannes" class="headshot"> <p>Dr. Johannes Ullrich is the Dean of Research and a faculty member of the SANS Technology Institute. In November of 2000, Johannes started the DShield.org project, which he later integrated into the Internet Storm Center. His work with the Internet Storm Center has been widely recognized. In 2004, Network World named him one of the 50 most powerful people in the networking industry. Secure Computing Magazine named him in 2005 one of the Top 5 influential IT security thinkers. His research interests include IPv6, Network Traffic Analysis and Secure Software Development. Johannes is regularly invited to speak at conferences and has been interviewed by major publications, radio as well as TV stations. He is a member of the SANS Technology Institute's Faculty and Administration as well as Curriculum and Long Range Planning Committee. As chief research officer for the SANS Institute, Johannes is currently responsible for the GIAC Gold program. Prior to working for SANS, Johannes worked as a lead support engineer for a Web development company and as a research physicist. Johannes holds a PhD in Physics from SUNY Albany and is located in Jacksonville, Florida. More Details: http://www.linkedin.com/in/johannesullrich</p> <table style="width:300px;"> <tr> <th style="text-align:left">Twitter:</th> <td><a target="_blank" href="http://www.twitter.com/johullrich">@johullrich</a></td></tr> </table> <table style="width:300px;"> <tr> <th style="text-align:left">Mastodon:</th> <td><a target="_blank" rel="me" href="https://infosec.exchange/@jullrich">@jullrich@infosec.exchange</a> </td> </table> <h3 class='title'>Recent Diaries:</h3> <ul> <li><a href="/forums/diary/Apple+Fixes+Two+Exploited+Vulnerabilities/31452/">Apple Fixes Two Exploited Vulnerabilities</a> </li> <li><a href="/forums/diary/Exploit+attempts+for+unpatched+Citrix+vulnerability/31446/">Exploit attempts for unpatched Citrix vulnerability</a> </li> <li><a href="/forums/diary/Ancient+TPLink+Backdoor+Discovered+by+Attackers/31442/">Ancient TP-Link Backdoor Discovered by Attackers</a> </li> <li><a href="/forums/diary/Scans+for+RDP+Gateways/31398/">Scans for RDP Gateways</a> </li> <li><a href="/forums/diary/Apple+Updates+Everything/31390/">Apple Updates Everything</a> </li> </ul><a href="/handler_list.html?author=642063&fname=Johannes&lname=Ullrich">View all diaries by this handler</a> </div> <br/> <div><h3 class='title'>Upcoming Courses:</h3><p><strong>SANS Cyber Defense Initiative 2024, Washington<br/></strong>December 13, 2024 - December 18, 2024<br/><a href='https://www.sans.org/event/cyber-defense-initiative-2024/course/application-security-securing-web-apps-api-microservices'>Application Security: Securing Web Apps, APIs, and Microservices</a></p><p><strong>SANS Cyber Security East: Jan 2025, Online | US Eastern<br/></strong>January 27, 2025 - February 01, 2025<br/><a href='https://www.sans.org/event/cyber-security-east-jan-2025/course/application-security-securing-web-apps-api-microservices'>Application Security: Securing Web Apps, APIs, and Microservices</a></p><p><strong>SANS Security East Baltimore 2025, Baltimore<br/></strong>March 03, 2025 - March 08, 2025<br/><a href='https://www.sans.org/event/security-east-2025/course/network-monitoring-threat-detection'>Network Monitoring and Threat Detection In-Depth</a></p><a href='https://www.sans.org/instructors/dr-johannes-ullrich'>Instructor Page</a> </div> <div class="top-link"><a href="#">Top of page</a></div><h2 id="director"><span id="rob-vandenbrink">Rob VandenBrink</span></h2><div class="bio"><img src="/images/design/custom/headshots/rob-vandenbrink.jpg" alt="VandenBrink, Rob" class="headshot"> <table style="width:300px;"> <tr> <th style="text-align:left">Twitter:</th> <td><a target="_blank" href="http://www.twitter.com/@rvandenbrink">@rvandenbrink</a></td></tr> </table> <p>Click to  <a href="/tools/handler_created#robvandenbrink">View Handler Created Tools</a></p><h3 class='title'>Recent Diaries:</h3> <ul> <li><a href="/forums/diary/NMAP+Scanning+without+Scanning+Part+2+The+ipinfo+API/30948/">NMAP Scanning without Scanning (Part 2) - The ipinfo API</a> </li> <li><a href="/forums/diary/Scanning+without+Scanning+with+NMAP+APIs+FTW/30944/">Scanning without Scanning with NMAP (APIs FTW)</a> </li> <li><a href="/forums/diary/Why+yq+Adventures+in+XML/30930/">Why yq? Adventures in XML</a> </li> <li><a href="/forums/diary/Got+MFA+If+not+Now+is+the+Time/30926/">Got MFA? If not, Now is the Time!</a> </li> <li><a href="/forums/diary/API+Rug+Pull+The+NIST+NVD+Database+and+API+Part+4+of+3/30868/">API Rug Pull - The NIST NVD Database and API (Part 4 of 3)</a> </li> </ul><a href="/handler_list.html?author=948537238&fname=Rob&lname=VandenBrink">View all diaries by this handler</a> </div> <div class="top-link"><a href="#">Top of page</a></div><h2 id="director"><span id="tom-webb">Tom Webb</span></h2><div class="bio"><img src="/images/design/custom/headshots/tom-webb.jpg" alt="Webb, Tom" class="headshot"> <table style="width:300px;"> <tr> <th style="text-align:left">Twitter:</th> <td><a target="_blank" href="http://www.twitter.com/twsecblog">@twsecblog</a></td></tr> </table> <table style="width:300px;"> <tr> <th style="text-align:left">Mastodon:</th> <td><a target="_blank" rel="me" href="https://infosec.exchange/@tom_webb">@tom_webb@infosec.exchange</a> </td> </table> <h3 class='title'>Recent Diaries:</h3> <ul> <li><a href="/forums/diary/PiHole+Pi4+Docker+Deployment/30516/">Pi-Hole Pi4 Docker Deployment</a> </li> <li><a href="/forums/diary/Are+Local+LLMs+Useful+in+Incident+Response/30274/">Are Local LLMs Useful in Incident Response?</a> </li> <li><a href="/forums/diary/Zeek+and+Defender+Endpoint/30088/">Zeek and Defender Endpoint</a> </li> <li><a href="/forums/diary/IR+CaseAlert+Management/29880/">IR Case/Alert Management</a> </li> <li><a href="/forums/diary/Live+Linux+IR+with+UAC/29480/">Live Linux IR with UAC</a> </li> </ul><a href="/handler_list.html?author=1016602142&fname=Tom&lname=Webb">View all diaries by this handler</a> </div> <div class="top-link"><a href="#">Top of page</a></div><h2 id="director"><span id="bojan-zdrnja">Bojan Zdrnja</span></h2><div class="bio"><img src="/images/design/custom/headshots/bojan-zdrnja.jpg" alt="Zdrnja, Bojan" class="headshot"> <table style="width:300px;"> <tr> <th style="text-align:left">Twitter:</th> <td><a target="_blank" href="http://www.twitter.com/bojanz">@bojanz</a></td></tr> </table> <table style="width:300px;"> <tr> <th style="text-align:left">Mastodon:</th> <td><a target="_blank" rel="me" href="https://infosec.exchange/@bojanz">@bojanz@infosec.exchange</a> </td> </table> <p>Click to  <a href="/tools/handler_created#bojanzdrnja">View Handler Created Tools</a></p><h3 class='title'>Recent Diaries:</h3> <ul> <li><a href="/forums/diary/Credential+Guard+and+Kerberos+delegation/31488/">Credential Guard and Kerberos delegation</a> </li> <li><a href="/forums/diary/The+amazingly+scary+xz+sshd+backdoor/30802/">The amazingly scary xz sshd backdoor</a> </li> <li><a href="/forums/diary/Scanning+and+abusing+the+QUIC+protocol/30720/">Scanning and abusing the QUIC protocol</a> </li> <li><a href="/forums/diary/Survival+time+for+web+sites/30170/">Survival time for web sites</a> </li> <li><a href="/forums/diary/Some+things+never+change+such+as+SQL+Authentication+encryption/30112/">Some things never change ? such as SQL Authentication ?encryption?</a> </li> </ul><a href="/handler_list.html?author=763821&fname=Bojan&lname=Zdrnja">View all diaries by this handler</a> </div> <br/> <div><h3 class='title'>Upcoming Courses:</h3><p><strong>SANS Amsterdam March 2025, Amsterdam<br/></strong>March 31, 2025 - April 05, 2025<br/><a href='https://www.sans.org/event/amsterdam-march-2025/course/web-app-penetration-testing-ethical-hacking'>Web App Penetration Testing and Ethical Hacking</a></p><p><strong>SANS 2025, Orlando<br/></strong>April 13, 2025 - April 18, 2025<br/><a href='https://www.sans.org/event/sans-2025/course/web-app-penetration-testing-ethical-hacking'>Web App Penetration Testing and Ethical Hacking</a></p><a href='https://www.sans.org/instructors/bojan-zdrnja'>Instructor Page</a> </div> <div class="top-link"><a href="#">Top of page</a></div> </div> </div> </div> </div> </div> </div> <span id="isc-menu" class="isc-menu" tabindex="0" aria-label="Open the menu"> <span class="bar" aria-hidden="true"></span> <span class="bar" aria-hidden="true"></span> <span class="bar" aria-hidden="true"></span> </span> <div id="navigation" class="isc-nav"> <ul> <li> <a href="/index.html"> <svg style="width:20px;height:20px" viewBox="0 0 24 24"> <path fill="currentColor" d="M10,20V14H14V20H19V12H22L12,3L2,12H5V20H10Z" /> </svg> Homepage </a> </li> <li> <a href="/diaryarchive.html"> <svg style="width:20px;height:20px" viewBox="0 0 24 24"> <path fill="currentColor" d="M17.5 14.33C18.29 14.33 19.13 14.41 20 14.57V16.07C19.38 15.91 18.54 15.83 17.5 15.83C15.6 15.83 14.11 16.16 13 16.82V15.13C14.17 14.6 15.67 14.33 17.5 14.33M13 12.46C14.29 11.93 15.79 11.67 17.5 11.67C18.29 11.67 19.13 11.74 20 11.9V13.4C19.38 13.24 18.54 13.16 17.5 13.16C15.6 13.16 14.11 13.5 13 14.15M17.5 10.5C15.6 10.5 14.11 10.82 13 11.5V9.84C14.23 9.28 15.73 9 17.5 9C18.29 9 19.13 9.08 20 9.23V10.78C19.26 10.59 18.41 10.5 17.5 10.5M21 18.5V7C19.96 6.67 18.79 6.5 17.5 6.5C15.45 6.5 13.62 7 12 8V19.5C13.62 18.5 15.45 18 17.5 18C18.69 18 19.86 18.16 21 18.5M17.5 4.5C19.85 4.5 21.69 5 23 6V20.56C23 20.68 22.95 20.8 22.84 20.91C22.73 21 22.61 21.08 22.5 21.08C22.39 21.08 22.31 21.06 22.25 21.03C20.97 20.34 19.38 20 17.5 20C15.45 20 13.62 20.5 12 21.5C10.66 20.5 8.83 20 6.5 20C4.84 20 3.25 20.36 1.75 21.07C1.72 21.08 1.68 21.08 1.63 21.1C1.59 21.11 1.55 21.12 1.5 21.12C1.39 21.12 1.27 21.08 1.16 21C1.05 20.89 1 20.78 1 20.65V6C2.34 5 4.18 4.5 6.5 4.5C8.83 4.5 10.66 5 12 6C13.34 5 15.17 4.5 17.5 4.5Z" /> </svg> Diaries </a> </li> <li> <a href="/podcast.html"> <svg style="width:20px;height:20px" viewBox="0 0 24 24"> <path fill="currentColor" d="M17,18.25V21.5H7V18.25C7,16.87 9.24,15.75 12,15.75C14.76,15.75 17,16.87 17,18.25M12,5.5A6.5,6.5 0 0,1 18.5,12C18.5,13.25 18.15,14.42 17.54,15.41L16,14.04C16.32,13.43 16.5,12.73 16.5,12C16.5,9.5 14.5,7.5 12,7.5C9.5,7.5 7.5,9.5 7.5,12C7.5,12.73 7.68,13.43 8,14.04L6.46,15.41C5.85,14.42 5.5,13.25 5.5,12A6.5,6.5 0 0,1 12,5.5M12,1.5A10.5,10.5 0 0,1 22.5,12C22.5,14.28 21.77,16.39 20.54,18.11L19.04,16.76C19.96,15.4 20.5,13.76 20.5,12A8.5,8.5 0 0,0 12,3.5A8.5,8.5 0 0,0 3.5,12C3.5,13.76 4.04,15.4 4.96,16.76L3.46,18.11C2.23,16.39 1.5,14.28 1.5,12A10.5,10.5 0 0,1 12,1.5M12,9.5A2.5,2.5 0 0,1 14.5,12A2.5,2.5 0 0,1 12,14.5A2.5,2.5 0 0,1 9.5,12A2.5,2.5 0 0,1 12,9.5Z" /> </svg> Podcasts </a> </li> <li> <a href="/jobs"> <svg style="width:20px;height:20px" viewBox="0 0 24 24"> <path fill="currentColor" d="M15.5,12C18,12 20,14 20,16.5C20,17.38 19.75,18.21 19.31,18.9L22.39,22L21,23.39L17.88,20.32C17.19,20.75 16.37,21 15.5,21C13,21 11,19 11,16.5C11,14 13,12 15.5,12M15.5,14A2.5,2.5 0 0,0 13,16.5A2.5,2.5 0 0,0 15.5,19A2.5,2.5 0 0,0 18,16.5A2.5,2.5 0 0,0 15.5,14M10,4A4,4 0 0,1 14,8C14,8.91 13.69,9.75 13.18,10.43C12.32,10.75 11.55,11.26 10.91,11.9L10,12A4,4 0 0,1 6,8A4,4 0 0,1 10,4M2,20V18C2,15.88 5.31,14.14 9.5,14C9.18,14.78 9,15.62 9,16.5C9,17.79 9.38,19 10,20H2Z" /> </svg> Jobs </a> </li> <li> <a href="/data"> <svg style="width:20px;height:20px" viewBox="0 0 24 24"> <path fill="currentColor" d="M19 3H5C3.9 3 3 3.9 3 5V19C3 20.1 3.9 21 5 21H19C20.1 21 21 20.1 21 19V5C21 3.9 20.1 3 19 3M9 17H7V10H9V17M13 17H11V7H13V17M17 17H15V13H17V17Z" /> </svg> Data </a> <ul> <li><a href="/data/port.html">TCP/UDP Port Activity</a></li> <li><a href="/data/trends.html">Port Trends</a></li> <li><a href="/data/ssh.html">SSH/Telnet Scanning Activity</a></li> <li><a href="/weblogs">Weblogs</a></li> <li><a href="/data/threatfeed.html">Threat Feeds Activity</a></li> <li><a href="/data/threatmap.html">Threat Feeds Map</a></li> <li><a href="/data/links.html">Useful InfoSec Links</a></li> <li><a href="/data/presentation.html">Presentations & Papers</a></li> <li><a href="/data/researchpapers.html">Research Papers</a></li> <li><a href="/api">API</a></li> </ul> </li> <li> <a href="/tools/"> <svg style="width:20px;height:20px" viewBox="0 0 24 24"> <path fill="currentColor" d="M22.7,19L13.6,9.9C14.5,7.6 14,4.9 12.1,3C10.1,1 7.1,0.6 4.7,1.7L9,6L6,9L1.6,4.7C0.4,7.1 0.9,10.1 2.9,12.1C4.8,14 7.5,14.5 9.8,13.6L18.9,22.7C19.3,23.1 19.9,23.1 20.3,22.7L22.6,20.4C23.1,20 23.1,19.3 22.7,19Z" /> </svg> Tools </a> <ul> <li class="first"><a href="/howto.html">DShield Sensor</a></li> <li><a href="/tools/dnslookup">DNS Looking Glass</a></li> <li><a href="/tools/honeypot">Honeypot (RPi/AWS)</a></li> <li><a href="/tools/glossary">InfoSec Glossary</a></li> </ul> </li> <li class="active"> <a href="/contact.html"> <svg style="width:20px;height:20px" viewBox="0 0 24 24"> <path fill="currentColor" d="M15.07,11.25L14.17,12.17C13.45,12.89 13,13.5 13,15H11V14.5C11,13.39 11.45,12.39 12.17,11.67L13.41,10.41C13.78,10.05 14,9.55 14,9C14,7.89 13.1,7 12,7A2,2 0 0,0 10,9H8A4,4 0 0,1 12,5A4,4 0 0,1 16,9C16,9.88 15.64,10.67 15.07,11.25M13,19H11V17H13M12,2A10,10 0 0,0 2,12A10,10 0 0,0 12,22A10,10 0 0,0 22,12C22,6.47 17.5,2 12,2Z" /> </svg>Contact Us </a> <ul> <li class="first"><a href="/contact.html">Contact Us</a></li> <li><a href="/about.html">About Us</a></li> <li><a href="/handler_list.html">Handlers</a></li> </ul> <li> <a href="/about.html"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 30 30" width="20px" height="20px"><path fill="currentColor" d="M 15.001953 3.9921875 C 12.801953 3.9921875 11.001953 5.7821875 11.001953 7.9921875 C 11.001953 10.202188 12.801953 11.992188 15.001953 11.992188 C 17.211953 11.992188 19.011719 10.202187 19.011719 7.9921875 C 19.011719 5.7821875 17.211953 3.9921875 15.001953 3.9921875 z M 6.0019531 8.0039062 C 3.7919531 8.0039062 2.0019531 9.7939062 2.0019531 12.003906 C 2.0019531 14.213906 3.7919531 16.003906 6.0019531 16.003906 C 8.2119531 16.003906 10.001953 14.213906 10.001953 12.003906 C 10.001953 9.7939062 8.2119531 8.0039062 6.0019531 8.0039062 z M 6.0019531 16.003906 L 5.0019531 16.003906 C 2.7919531 16.003906 1.0019531 17.793906 1.0019531 20.003906 L 1.0019531 22.992188 C 1.0019531 23.542188 1.4519531 23.992188 2.0019531 23.992188 L 28.001953 23.992188 C 28.551953 23.992188 29.001953 23.542188 29.001953 22.992188 L 29.001953 20.003906 C 29.001953 17.793906 27.211953 16.003906 25.001953 16.003906 L 24.001953 16.003906 L 23.001953 16.003906 C 22.151953 16.003906 21.362891 16.272422 20.712891 16.732422 C 20.042891 15.142422 18.311719 13.992187 16.261719 13.992188 L 13.751953 13.992188 C 11.701953 13.992188 9.9727344 15.142187 9.3027344 16.742188 C 8.6527344 16.282187 7.8619531 16.003906 7.0019531 16.003906 L 6.0019531 16.003906 z M 24.001953 16.003906 C 26.211953 16.003906 28.001953 14.213906 28.001953 12.003906 C 28.001953 9.7939062 26.211953 8.0039062 24.001953 8.0039062 C 21.791953 8.0039062 20.001953 9.7939062 20.001953 12.003906 C 20.001953 14.213906 21.791953 16.003906 24.001953 16.003906 z M 6.0019531 10.003906 C 7.1019531 10.003906 8.0019531 10.903906 8.0019531 12.003906 C 8.0019531 13.103906 7.1019531 14.003906 6.0019531 14.003906 C 4.9019531 14.003906 4.0019531 13.103906 4.0019531 12.003906 C 4.0019531 10.903906 4.9019531 10.003906 6.0019531 10.003906 z M 24.001953 10.003906 C 25.101953 10.003906 26.001953 10.903906 26.001953 12.003906 C 26.001953 13.103906 25.101953 14.003906 24.001953 14.003906 C 22.901953 14.003906 22.001953 13.103906 22.001953 12.003906 C 22.001953 10.903906 22.901953 10.003906 24.001953 10.003906 z M 5.0019531 18.003906 L 7.0019531 18.003906 C 8.0819531 18.003906 9.0019531 18.923906 9.0019531 20.003906 L 9.0019531 21.992188 L 3.0019531 21.992188 L 3.0019531 20.003906 C 3.0019531 18.903906 3.9019531 18.003906 5.0019531 18.003906 z M 23.001953 18.003906 L 25.001953 18.003906 C 26.081953 18.003906 27.001953 18.923906 27.001953 20.003906 L 27.001953 21.992188 L 21.011719 21.992188 L 21.011719 19.902344 C 21.061719 18.852344 21.931953 18.003906 23.001953 18.003906 z"/></svg> About Us</a></li> </ul>   <div class="questions-sidebar"> <svg width="16" height="16" class="c-nav--footer__svgicon c-slackhash" viewBox="0 0 54 54" xmlns="http://www.w3.org/2000/svg"> <g fill="none" fill-rule="evenodd"> <path d="M19.712.133a5.381 5.381 0 0 0-5.376 5.387 5.381 5.381 0 0 0 5.376 5.386h5.376V5.52A5.381 5.381 0 0 0 19.712.133m0 14.365H5.376A5.381 5.381 0 0 0 0 19.884a5.381 5.381 0 0 0 5.376 5.387h14.336a5.381 5.381 0 0 0 5.376-5.387 5.381 5.381 0 0 0-5.376-5.386" fill="#435165"></path> <path d="M53.76 19.884a5.381 5.381 0 0 0-5.376-5.386 5.381 5.381 0 0 0-5.376 5.386v5.387h5.376a5.381 5.381 0 0 0 5.376-5.387m-14.336 0V5.52A5.381 5.381 0 0 0 34.048.133a5.381 5.381 0 0 0-5.376 5.387v14.364a5.381 5.381 0 0 0 5.376 5.387 5.381 5.381 0 0 0 5.376-5.387" fill="#435165"></path> <path d="M34.048 54a5.381 5.381 0 0 0 5.376-5.387 5.381 5.381 0 0 0-5.376-5.386h-5.376v5.386A5.381 5.381 0 0 0 34.048 54m0-14.365h14.336a5.381 5.381 0 0 0 5.376-5.386 5.381 5.381 0 0 0-5.376-5.387H34.048a5.381 5.381 0 0 0-5.376 5.387 5.381 5.381 0 0 0 5.376 5.386" fill="#435165"></path> <path d="M0 34.249a5.381 5.381 0 0 0 5.376 5.386 5.381 5.381 0 0 0 5.376-5.386v-5.387H5.376A5.381 5.381 0 0 0 0 34.25m14.336-.001v14.364A5.381 5.381 0 0 0 19.712 54a5.381 5.381 0 0 0 5.376-5.387V34.25a5.381 5.381 0 0 0-5.376-5.387 5.381 5.381 0 0 0-5.376 5.387" fill="#435165"></path> </g> </svg> <a rel="noopener" href="/slack/index.html">Slack Channel</a> </div>  <div class="questions-spacer"></div>  <div class="questions-sidebar"> <svg width="16" height="16" viewBox="0 0 54 74" fill="black" xmlns="http://www.w3.org/2000/svg" class="c-nav--footer__svgicon c-slackhash"> <path d="M73.7014 17.4323C72.5616 9.05152 65.1774 2.4469 56.424 1.1671C54.9472 0.950843 49.3518 0.163818 36.3901 0.163818H36.2933C23.3281 0.163818 20.5465 0.950843 19.0697 1.1671C10.56 2.41145 2.78877 8.34604 0.903306 16.826C-0.00357854 21.0022 -0.100361 25.6322 0.068112 29.8793C0.308275 35.9699 0.354874 42.0498 0.91406 48.1156C1.30064 52.1448 1.97502 56.1419 2.93215 60.0769C4.72441 67.3445 11.9795 73.3925 19.0876 75.86C26.6979 78.4332 34.8821 78.8603 42.724 77.0937C43.5866 76.8952 44.4398 76.6647 45.2833 76.4024C47.1867 75.8033 49.4199 75.1332 51.0616 73.9562C51.0841 73.9397 51.1026 73.9184 51.1156 73.8938C51.1286 73.8693 51.1359 73.8421 51.1368 73.8144V67.9366C51.1364 67.9107 51.1302 67.8852 51.1186 67.862C51.1069 67.8388 51.0902 67.8184 51.0695 67.8025C51.0489 67.7865 51.0249 67.7753 50.9994 67.7696C50.9738 67.764 50.9473 67.7641 50.9218 67.7699C45.8976 68.9569 40.7491 69.5519 35.5836 69.5425C26.694 69.5425 24.3031 65.3699 23.6184 63.6327C23.0681 62.1314 22.7186 60.5654 22.5789 58.9744C22.5775 58.9477 22.5825 58.921 22.5934 58.8965C22.6043 58.8721 22.621 58.8505 22.6419 58.8336C22.6629 58.8167 22.6876 58.8049 22.714 58.7992C22.7404 58.7934 22.7678 58.794 22.794 58.8007C27.7345 59.9796 32.799 60.5746 37.8813 60.5733C39.1036 60.5733 40.3223 60.5733 41.5447 60.5414C46.6562 60.3996 52.0437 60.1408 57.0728 59.1694C57.1983 59.1446 57.3237 59.1233 57.4313 59.0914C65.3638 57.5847 72.9128 52.8555 73.6799 40.8799C73.7086 40.4084 73.7803 35.9415 73.7803 35.4523C73.7839 33.7896 74.3216 23.6576 73.7014 17.4323ZM61.4925 47.3144H53.1514V27.107C53.1514 22.8528 51.3591 20.6832 47.7136 20.6832C43.7061 20.6832 41.6988 23.2499 41.6988 28.3194V39.3803H33.4078V28.3194C33.4078 23.2499 31.3969 20.6832 27.3894 20.6832C23.7654 20.6832 21.9552 22.8528 21.9516 27.107V47.3144H13.6176V26.4937C13.6176 22.2395 14.7157 18.8598 16.9118 16.3545C19.1772 13.8552 22.1488 12.5719 25.8373 12.5719C30.1064 12.5719 33.3325 14.1955 35.4832 17.4394L37.5587 20.8853L39.6377 17.4394C41.7884 14.1955 45.0145 12.5719 49.2765 12.5719C52.9614 12.5719 55.9329 13.8552 58.2055 16.3545C60.4017 18.8574 61.4997 22.2371 61.4997 26.4937L61.4925 47.3144Z" fill="inherit"/> </svg> <a rel="me" href="https://infosec.exchange/@sans_isc">Mastodon</a> </div>  <div class="questions-spacer"></div> <div class="questions-sidebar"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 54 54" width="24px" height="24px"><circle cx="28" cy="20" r="12" fill="#9fd5ed"/><circle cx="37" cy="28" r="9" fill="#9fd5ed"/><circle cx="30" cy="29" r="9" fill="#9fd5ed"/><circle cx="18" cy="29" r="9" fill="#9fd5ed"/><circle cx="24" cy="28" r="9" fill="#9fd5ed"/><circle cx="11" cy="28" r="9" fill="#9fd5ed"/><circle cx="15" cy="21" r="7" fill="#9fd5ed"/><radialGradient id="UWqm9mhW35Ao~JVa4RzWya" cx="28" cy="20" r="12" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#e3f4ff"/><stop offset="1" stop-color="#e3f4ff" stop-opacity="0"/></radialGradient><circle cx="28" cy="20" r="12" fill="url(#UWqm9mhW35Ao~JVa4RzWya)"/><radialGradient id="UWqm9mhW35Ao~JVa4RzWyb" cx="37" cy="28" r="9" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#e3f4ff"/><stop offset="1" stop-color="#e3f4ff" stop-opacity="0"/></radialGradient><circle cx="37" cy="28" r="9" fill="url(#UWqm9mhW35Ao~JVa4RzWyb)"/><radialGradient id="UWqm9mhW35Ao~JVa4RzWyc" cx="30" cy="29" r="9" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#e3f4ff"/><stop offset="1" stop-color="#e3f4ff" stop-opacity="0"/></radialGradient><circle cx="30" cy="29" r="9" fill="url(#UWqm9mhW35Ao~JVa4RzWyc)"/><radialGradient id="UWqm9mhW35Ao~JVa4RzWyd" cx="18" cy="29" r="9" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#e3f4ff"/><stop offset="1" stop-color="#e3f4ff" stop-opacity="0"/></radialGradient><circle cx="18" cy="29" r="9" fill="url(#UWqm9mhW35Ao~JVa4RzWyd)"/><radialGradient id="UWqm9mhW35Ao~JVa4RzWye" cx="24" cy="28" r="9" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#e3f4ff"/><stop offset="1" stop-color="#e3f4ff" stop-opacity="0"/></radialGradient><circle cx="24" cy="28" r="9" fill="url(#UWqm9mhW35Ao~JVa4RzWye)"/><radialGradient id="UWqm9mhW35Ao~JVa4RzWyf" cx="11" cy="28" r="9" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#e3f4ff"/><stop offset="1" stop-color="#e3f4ff" stop-opacity="0"/></radialGradient><circle cx="11" cy="28" r="9" fill="url(#UWqm9mhW35Ao~JVa4RzWyf)"/><radialGradient id="UWqm9mhW35Ao~JVa4RzWyg" cx="15" cy="21" r="7" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#e3f4ff"/><stop offset="1" stop-color="#e3f4ff" stop-opacity="0"/></radialGradient><circle cx="15" cy="21" r="7" fill="url(#UWqm9mhW35Ao~JVa4RzWyg)"/></svg> <a rel="me" href="https://bsky.app/profile/sansisc.bsky.social">Bluesky</a> </div> <div class="questions-spacer"></div> <div class="questions-sidebar"> <svg width="16" height="16" viewBox="0 0 1200 1227" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M714.163 519.284L1160.89 0H1055.03L667.137 450.887L357.328 0H0L468.492 681.821L0 1226.37H105.866L515.491 750.218L842.672 1226.37H1200L714.137 519.284H714.163ZM569.165 687.828L521.697 619.934L144.011 79.6944H306.615L611.412 515.685L658.88 583.579L1055.08 1150.3H892.476L569.165 687.854V687.828Z" fill="black"/> </svg> <a rel="noopener" href="https://twitter.com/sans_isc">X</a> </div> <div id="sidebar"> <p>Have you seen our swag? <a href="http://www.cafepress.com/stormcenter">Buy SANS ISC Gear</a></p> </div> </div> <div id="footer"> <div class="footer-container"> <div class="footer-links"> <span>© 2024 SANS™ Internet Storm Center</span> <span>Developers: We have an <a href="/api/">API</a> for you!   <a rel="license" href="https://creativecommons.org/licenses/by-nc-sa/4.0/"><img class="lazyload" alt="Creative Commons License" src="/images/cc.png"></a></span> <ul id="footLinks"> <li><a href="/linkback.html">Link To Us</a></li> <li><a href="/about.html">About Us</a></li> <li><a href="/handler_list.html">Handlers</a></li> <li><a href="/privacy.html">Privacy Policy</a></li> </ul> </div> <div class="footer-social"> <ul id="socialIconsFoot"> <li><a rel="noopener" href="https://www.youtube.com/channel/UCfbOsqPmWg1H_34hTjKEW2A"><span class="youtube"></span></a></li> <li class="twitter"><a rel="noopener" href="https://twitter.com/sans_isc"><span class="twitter"></span></a></li> <li class="linkedin"><a rel="noopener" href="https://www.linkedin.com/groups?gid=35470"><span class="linkedin"></span></a></li> <li class="mastodon"><a rel="noopener" href="https://infosec.exchange/@sans_isc"><span class="mastodon"></span></a></li> <li class="rss"><a href="/xml.html"><span class="rss"></span></a></li> </ul> </div> </div> </div> <script type="text/javascript" src="/js/main.js"></script> <script language="JavaScript" type="text/javascript" src="/js/menu.js"></script> </div> <script type="text/javascript" src="/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=1840809509" async></script></body></html>

CINXE.COM

ISC Handlers - SANS Internet Storm Center