AppSec Blog: Author - Johannes Ullrich

Anatomy of a Form Spam Run

At the Internet Storm Center, we feature a poll on our home page. As part of the poll, you will find a comment field. Sadly, this comment field is frequently abused for spam. Not that it does any good. The spam is easily filtered and all comments have to be approved anyway. But just today, … Continue reading Anatomy of a Form Spam Run


Weathering the Storm Part 2: A Day of Weblogs at the Internet Storm Center

Today, we will take a quick look at remote file inclusion (RFI). Based on our web honeypot project, RFI is by far the most common exploit attempt. Most of the vulnerabilities exploited are rather old. But it appears still worthwhile to these attackers to give it a try. There are a number of simple configuration … Continue reading Weathering the Storm Part 2: A Day of Weblogs at the Internet Storm Center


Weathering the Storm: A Day of Weblogs at the Internet Storm Center

Like any web server, the SANS Internet Storm Center web server is being attacked regularly. In this multi-part series, we will go over one of our server access logs to find out what attacks are used. Continue reading Weathering the Storm: A Day of Weblogs at the Internet Storm Center


Client Side Input Validation is Evil

In order to unlock the device, you have to enter your password into software installed on your laptop / desktop. You would expect the software hashes or encrypts the password, sends it to the device, the device uses the hash to decrypt the files stored on the device. WRONG. Continue reading Client Side Input Validation is Evil


DoS Attack After Action Report - Shell Scripts

In my DDoS after action report, I am mentioning that it is helpful to have a couple simple shell scripts around to analyze your logs while under stress. I got some requests for these scripts, so here they are. Continue reading DoS Attack After Action Report - Shell Scripts