100 IPS PER DOMAIN NAME |
| 2013-12-21 | Guy Bruneau | Strange DNS Queries - Request for Packets |
100 |
| 2013-12-21/a> | Guy Bruneau | Strange DNS Queries - Request for Packets |
| 2011-04-28/a> | Chris Mohan | Gathering and use of location information fears - or is it all a bit too late |
| 2010-06-02/a> | Mark Hofman | OpenSSL version 1.0.0a released. This fixes a number of security issues. Don't forget a number of commercial appliances will be using this, so look for vendor updates soon. |
| 2010-04-22/a> | Guy Bruneau | MS10-025 Security Update has been Pulled |
| 2010-04-16/a> | G. N. White | MS10-021: Encountering A Failed WinXP Update |
| 2010-03-03/a> | Mark Hofman | MS10-015 re-released |
| 2010-02-19/a> | Mark Hofman | MS10-015 may cause Windows XP to blue screen (but only if you have malware on it) |
| 2010-01-19/a> | Jim Clausing | The IE saga continues, out-of-cycle patch coming soon |
| 2010-01-15/a> | Kevin Liston | Exploit code available for CVE-2010-0249 |
| 2006-10-10/a> | Johannes Ullrich | MS06-056: ASP.NET XSS Information Disclosure Vulnerability (moderate) |
| 2006-10-10/a> | Johannes Ullrich | MS06-061: XSLT/MSXML Buffer Overflow Code Execution Vulnerability (moderate) |
| 2006-10-10/a> | Kyle Haugsness | MS06-063: Mailslot DoS (Server service) |
IPS |
| 2020-11-06/a> | Johannes Ullrich | Rediscovering Limitations of Stateful Firewalls: "NAT Slipstreaming" ? Implications, Detections and Mitigations |
| 2020-07-28/a> | Johannes Ullrich | All I want this Tuesday: More Data |
| 2017-10-25/a> | Mark Hofman | DUHK attack, continuing a week of named issues |
| 2017-04-02/a> | Guy Bruneau | IPFire - A Household Multipurpose Security Gateway |
| 2014-04-03/a> | Bojan Zdrnja | Watching the watchers |
| 2013-12-21/a> | Guy Bruneau | Strange DNS Queries - Request for Packets |
| 2013-10-25/a> | Rob VandenBrink | Kaspersky flags TCPIP.SYS as Malware |
| 2013-09-05/a> | Rob VandenBrink | What's Next for IPS? |
| 2012-12-06/a> | Johannes Ullrich | How to identify if you are behind a "Transparent Proxy" |
| 2012-10-04/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 4: Crypto Standards |
| 2012-07-18/a> | Rob VandenBrink | Snort Updated today |
| 2011-12-21/a> | Chris Mohan | The off switch |
| 2010-11-08/a> | Manuel Humberto Santander Pelaez | Network Security Perimeter: How to choose the correct firewall and IPS for your environment? |
| 2010-08-01/a> | Manuel Humberto Santander Pelaez | Evation because IPS fails to validate TCP checksums? |
| 2010-06-15/a> | Manuel Humberto Santander Pelaez | TCP evasions for IDS/IPS |
| 2009-03-24/a> | G. N. White | PSYB0T: A MIPS-device (mipsel) IRC Bot |
| 2009-03-22/a> | Mari Nichols | Dealing with Security Challenges |
| 2008-06-18/a> | Chris Carboni | Cisco Security Advisory |
PER |
| 2025-04-02/a> | Johannes Ullrich | Surge in Scans for Juniper "t128" Default User |
| 2024-10-24/a> | Johannes Ullrich | Development Features Enabled in Prodcution |
| 2024-10-09/a> | Xavier Mertens | From Perfctl to InfoStealer |
| 2024-06-20/a> | Guy Bruneau | No Excuses, Free Tools to Help Secure Authentication in Ubuntu Linux [Guest Diary] |
| 2024-02-29/a> | Jesse La Grew | [Guest Diary] Dissecting DarkGate: Modular Malware Delivery and Persistence as a Service. |
| 2023-06-24/a> | Guy Bruneau | Email Spam with Attachment Modiloader |
| 2023-05-16/a> | Jesse La Grew | Signals Defense With Faraday Bags & Flipper Zero |
| 2023-05-14/a> | Guy Bruneau | VMware Aria Operations addresses multiple Local Privilege Escalations and a Deserialization issue |
| 2022-10-17/a> | Xavier Mertens | Fileless Powershell Dropper |
| 2022-09-22/a> | Xavier Mertens | RAT Delivered Through FODHelper |
| 2022-03-04/a> | Johannes Ullrich | Scam E-Mail Impersonating Red Cross |
| 2022-02-11/a> | Xavier Mertens | CinaRAT Delivered Through HTML ID Attributes |
| 2022-01-31/a> | Xavier Mertens | Be careful with RPMSG files |
| 2021-12-21/a> | Xavier Mertens | More Undetected PowerShell Dropper |
| 2021-10-30/a> | Guy Bruneau | Remote Desktop Protocol (RDP) Discovery |
| 2021-07-20/a> | Bojan Zdrnja | Summer of SAM - incorrect permissions on Windows 10/11 hives |
| 2021-03-16/a> | Jan Kopriva | 50 years of malware? Not really. 50 years of computer worms? That's a different story... |
| 2021-03-04/a> | Xavier Mertens | From VBS, PowerShell, C Sharp, Process Hollowing to RAT |
| 2020-12-29/a> | Jan Kopriva | Want to know what's in a folder you don't have a permission to access? Try asking your AV solution... |
| 2020-11-19/a> | Xavier Mertens | PowerShell Dropper Delivering Formbook |
| 2020-08-25/a> | Xavier Mertens | Keep An Eye on LOLBins |
| 2020-06-11/a> | Xavier Mertens | Anti-Debugging JavaScript Techniques |
| 2020-03-15/a> | Guy Bruneau | VPN Access and Activity Monitoring |
| 2019-12-04/a> | Jan Kopriva | Analysis of a strangely poetic malware |
| 2019-08-22/a> | Xavier Mertens | Simple Mimikatz & RDPWrapper Dropper |
| 2019-02-17/a> | Didier Stevens | Video: Finding Property Values in Office Documents |
| 2019-02-16/a> | Didier Stevens | Finding Property Values in Office Documents |
| 2018-11-26/a> | Russ McRee | ViperMonkey: VBA maldoc deobfuscation |
| 2018-11-04/a> | Pasquale Stirparo | Beyond good ol' LaunchAgent - part 1 |
| 2018-10-21/a> | Pasquale Stirparo | Beyond good ol’ LaunchAgent - part 0 |
| 2018-05-07/a> | Xavier Mertens | Adding Persistence Via Scheduled Tasks |
| 2018-01-10/a> | Russ McRee | GitHub InfoSec Threepeat: HELK, ptf, and VulnWhisperer |
| 2017-11-07/a> | Xavier Mertens | Interesting VBA Dropper |
| 2017-08-10/a> | Didier Stevens | Maldoc Analysis with ViperMonkey |
| 2016-07-27/a> | Xavier Mertens | Critical Xen PV guests vulnerabilities |
| 2015-12-22/a> | Rick Wanner | The other Juniper vulnerability - CVE-2015-7756 |
| 2015-02-17/a> | Rob VandenBrink | A Different Kind of Equation |
| 2014-08-23/a> | Guy Bruneau | NSS Labs Cyber Resilience Report |
| 2014-01-01/a> | Russ McRee | Six degrees of celebration: Juniper, ANT, Shodan, Maltego, Cisco, and Tails |
| 2013-12-21/a> | Guy Bruneau | Strange DNS Queries - Request for Packets |
| 2013-12-16/a> | Tom Webb | The case of Minerd |
| 2013-10-26/a> | Guy Bruneau | Active Perl/Shellbot Trojan |
| 2013-10-25/a> | Rob VandenBrink | Kaspersky flags TCPIP.SYS as Malware |
| 2013-09-05/a> | Rob VandenBrink | Building Your Own GPU Enabled Private Cloud |
| 2013-04-25/a> | Adam Swanger | Guest Diary: Dylan Johnson - A week in the life of some Perimeter Firewalls |
| 2013-03-13/a> | Johannes Ullrich | IPv6 Focus Month: Kaspersky Firewall IPv6 Vulnerability |
| 2013-02-25/a> | Johannes Ullrich | Trustwave Trustkeeper Phish |
| 2013-02-25/a> | Johannes Ullrich | Punkspider enumerates web application vulnerabilities |
| 2013-02-04/a> | Adam Swanger | SAN Securing The Human Monthly Awareness Video - Advanced Persistent Threat (APT) http://www.securingthehuman.org/resources/ncsam |
| 2013-01-15/a> | Rob VandenBrink | When Disabling IE6 (or Java, or whatever) is not an Option... |
| 2012-09-19/a> | Russ McRee | Script kiddie scavenging with Shellbot.S |
| 2012-08-02/a> | Guy Bruneau | Opera Security Update |
| 2012-05-06/a> | Jim Clausing | Tool updates and Win 8 |
| 2012-03-27/a> | Guy Bruneau | Opera 11.62 for Windows patch several bugs and vulnerabilities - http://www.opera.com/docs/changelogs/windows/1162/ |
| 2011-11-07/a> | Rob VandenBrink | Juniper BGP issues causing locallized Internet Problems |
| 2011-06-28/a> | Johannes Ullrich | Update: Opera 11.50 is now available http://www.opera.com/ |
| 2011-06-04/a> | Rick Wanner | Do you have a personal disaster recovery plan? |
| 2011-03-16/a> | Johannes Ullrich | Analyzing HTTP Packet Captures |
| 2011-02-21/a> | Adrien de Beaupre | Kaspersky update servers unreachable |
| 2011-02-19/a> | Guy Bruneau | Snort Data Acquisition Library |
| 2011-01-27/a> | Chris Carboni | Opera Updates |
| 2011-01-12/a> | Richard Porter | How Many Loyalty Cards do you Carry? |
| 2010-11-08/a> | Manuel Humberto Santander Pelaez | Network Security Perimeter: How to choose the correct firewall and IPS for your environment? |
| 2010-10-12/a> | Adrien de Beaupre | New version of Opera- Opera 10.63 is a recommended upgrade offering security and stability enhancements: http://www.opera.com/browser/download/ |
| 2010-09-09/a> | Jim Clausing | Opera 10.62 - security (the DLL path issue) and stability upate see http://www.opera.com/docs/changelogs/windows/1062/ |
| 2010-08-19/a> | Daniel Wesemann | Casper the unfriendly ghost |
| 2010-06-23/a> | Scott Fendley | Opera Browser Update |
| 2010-05-22/a> | Rick Wanner | SANS 2010 Digital Forensics Summit - APT Based Forensic Challenge |
| 2010-03-22/a> | Guy Bruneau | New Opera 10.51 available with security fixes. More information available at: http://www.opera.com/docs/changelogs/windows/1051/ |
| 2010-03-05/a> | Kyle Haugsness | Unpatched Opera 10.50 and below code execution vulnerability |
| 2009-09-01/a> | Guy Bruneau | Opera 10 with Security Fixes |
| 2009-03-03/a> | Kyle Haugsness | Opera browser security updates |
| 2009-03-01/a> | Jim Clausing | Cool combination of tools |
| 2008-12-17/a> | donald smith | Opera 9.6.3 released with security fixes |
| 2008-10-30/a> | Kevin Liston | Opera 9.62 available - security update |
| 2008-10-22/a> | Mari Nichols | Opera 9.6.1 Released |
| 2008-08-20/a> | Adrien de Beaupre | From the mailbag, Opera 9.52... |
| 2008-07-03/a> | Bojan Zdrnja | New Opera v9.51 fixes couple of security issues |
| 2008-07-02/a> | Jim Clausing | Another little script I threw together |
| 2008-06-16/a> | Kevin Liston | Opera 9.5 is Available |
| 2008-06-10/a> | Swa Frantzen | Ransomware keybreaking |
| 2008-04-03/a> | Bojan Zdrnja | Opera fixes vulnerabilities and Microsoft announces April's fixes |
| 2006-11-29/a> | Toby Kohlenberg | New Vulnerability Announcement and patches from Apple |
DOMAIN |
| 2025-02-05/a> | Johannes Ullrich | Phishing via "com-" prefix domains |
| 2023-12-31/a> | Tom Webb | Pi-Hole Pi4 Docker Deployment |
| 2023-10-15/a> | Guy Bruneau | Domain Name Used as Password Captured by DShield Sensor |
| 2022-10-07/a> | Xavier Mertens | Powershell Backdoor with DGA Capability |
| 2022-06-21/a> | Johannes Ullrich | Experimental New Domain / Domain Age API |
| 2022-02-24/a> | Xavier Mertens | Ukraine & Russia Situation From a Domain Names Perspective |
| 2021-09-02/a> | Xavier Mertens | Attackers Will Always Abuse Major Events in our Lifes |
| 2021-07-24/a> | Bojan Zdrnja | Active Directory Certificate Services (ADCS - PKI) domain admin vulnerability |
| 2020-03-28/a> | Didier Stevens | Covid19 Domain Classifier |
| 2020-03-27/a> | Johannes Ullrich | Help us classify Covid19 related domains https://isc.sans.edu/covidclassifier.html (login required) |
| 2019-07-17/a> | Xavier Mertens | Analyzis of DNS TXT Records |
| 2019-04-24/a> | Rob VandenBrink | Where have all the Domain Admins gone? Rooting out Unwanted Domain Administrators |
| 2019-03-27/a> | Xavier Mertens | Running your Own Passive DNS Service |
| 2017-12-13/a> | Xavier Mertens | Tracking Newly Registered Domains |
| 2017-11-16/a> | Xavier Mertens | Suspicious Domains Tracking Dashboard |
| 2017-07-05/a> | Didier Stevens | Selecting domains with random names |
| 2017-05-20/a> | Xavier Mertens | Typosquatting: Awareness and Hunting |
| 2014-07-09/a> | Daniel Wesemann | Who owns your typo? |
| 2014-01-30/a> | Johannes Ullrich | New gTLDs appearing in the root zone |
| 2013-12-21/a> | Guy Bruneau | Strange DNS Queries - Request for Packets |
| 2012-03-13/a> | Lenny Zeltser | Please transfer this email to your CEO or appropriate person, thanks |
| 2009-05-02/a> | Rick Wanner | More Swine/Mexican/H1N1 related domains |
| 2009-04-27/a> | Johannes Ullrich | Swine Flu (Mexican Flu) related domains |
NAME |
| 2025-04-06/a> | Johannes Ullrich | New SSH Username Report |
| 2024-10-16/a> | Johannes Ullrich | The Top 10 Not So Common SSH Usernames and Passwords |
| 2023-12-31/a> | Tom Webb | Pi-Hole Pi4 Docker Deployment |
| 2023-10-15/a> | Guy Bruneau | Domain Name Used as Password Captured by DShield Sensor |
| 2023-09-05/a> | Jesse La Grew | Common usernames submitted to honeypots |
| 2022-06-03/a> | Xavier Mertens | Sandbox Evasion... With Just a Filename! |
| 2022-02-24/a> | Xavier Mertens | Ukraine & Russia Situation From a Domain Names Perspective |
| 2021-04-24/a> | Guy Bruneau | Base64 Hashes Used in Web Scanning |
| 2020-12-05/a> | Guy Bruneau | Is IP 91.199.118.137 testing Access to aahwwx.52host.xyz? |
| 2020-03-21/a> | Guy Bruneau | Honeypot - Scanning and Targeting Devices & Services |
| 2015-01-27/a> | Johannes Ullrich | New Critical GLibc Vulnerability CVE-2015-0235 (aka GHOST) |
| 2014-07-09/a> | Daniel Wesemann | Who owns your typo? |
| 2013-12-21/a> | Guy Bruneau | Strange DNS Queries - Request for Packets |
| 2012-03-13/a> | Lenny Zeltser | Please transfer this email to your CEO or appropriate person, thanks |
| 2011-09-04/a> | Lorna Hutcheson | Several Sites Defaced |
| 2008-05-19/a> | Maarten Van Horenbeeck | Route filtering and its impact on the DNS fabric |
