FROM THE WHEN IS A 0DAY NOT A 0DAY SERIES |
| 2010-02-09 | Adrien de Beaupre | When is a 0day not a 0day? Samba symlink bad default config |
FROM |
| 2010-02-09/a> | Adrien de Beaupre | When is a 0day not a 0day? Samba symlink bad default config |
THE |
| 2024-12-27/a> | Guy Bruneau | Phishing for Banking Information |
| 2024-06-20/a> | Guy Bruneau | No Excuses, Free Tools to Help Secure Authentication in Ubuntu Linux [Guest Diary] |
| 2024-03-17/a> | Guy Bruneau | Gamified Learning: Using Capture the Flag Challenges to Supplement Cybersecurity Training [Guest Diary] |
| 2023-02-16/a> | Jan Kopriva | HTML phishing attachment with browser-in-the-browser technique |
| 2022-02-05/a> | Didier Stevens | Power over Ethernet and Thermal Imaging |
| 2022-02-01/a> | Xavier Mertens | Automation is Nice But Don't Replace Your Knowledge |
| 2021-11-08/a> | Xavier Mertens | (Ab)Using Security Tools & Controls for the Bad |
| 2021-10-18/a> | Xavier Mertens | Malicious PowerShell Using Client Certificate Authentication |
| 2021-06-24/a> | Xavier Mertens | Do you Like Cookies? Some are for sale! |
| 2021-05-29/a> | Guy Bruneau | Spear-phishing Email Targeting Outlook Mail Clients |
| 2020-04-16/a> | Johannes Ullrich | Using AppLocker to Prevent Living off the Land Attacks |
| 2019-11-11/a> | Johannes Ullrich | Are We Going Back to TheMoon (and How is Liquor Involved)? |
| 2019-07-10/a> | Rob VandenBrink | Dumping File Contents in Hex (in PowerShell) |
| 2019-01-30/a> | Russ McRee | CR19-010: The United States vs. Huawei |
| 2018-11-20/a> | Xavier Mertens | Querying DShield from Cortex |
| 2018-11-11/a> | Pasquale Stirparo | Community contribution: joining forces or multiply solutions? |
| 2018-06-04/a> | Rob VandenBrink | Digging into Authenticode Certificates |
| 2017-12-05/a> | Tom Webb | IR using the Hive Project. |
| 2017-09-18/a> | Johannes Ullrich | SANS Securingthehuman posted a follow up to their Equifax breach webcast: https://securingthehuman.sans.org/blog/2017/09/15/equifax-webcast-follow-up |
| 2017-01-11/a> | Johannes Ullrich | January 2017 Edition of Ouch! Security Awareness Newsletter Released: https://securingthehuman.sans.org/ouch |
| 2016-11-02/a> | Rob VandenBrink | What Does a Pentest Look Like? |
| 2016-10-07/a> | Rick Wanner | First Hurricane Matthew related Phish |
| 2016-09-15/a> | Xavier Mertens | In Need of a OTP Manager Soon? |
| 2016-05-02/a> | Rick Wanner | Lean Threat Intelligence |
| 2015-12-15/a> | Russ McRee | Security Management vs Chaos: Understanding the Butterfly Effect to Manage Outcomes & Reduce Chaos |
| 2015-09-23/a> | Daniel Wesemann | Making our users unlearn what we taught them |
| 2015-08-16/a> | Guy Bruneau | Are you a "Hunter"? |
| 2015-02-06/a> | Johannes Ullrich | Anthem, TurboTax and How Things "Fit Together" Sometimes |
| 2014-07-02/a> | Johannes Ullrich | July Ouch! Security Awareness Newsletter Released. E-mail Do's and Don'ts http://www.securingthehuman.org/resources/newsletters/ouch/2014#july2014 |
| 2014-03-13/a> | Daniel Wesemann | Identification and authentication are hard ... finding out intention is even harder |
| 2014-02-18/a> | Johannes Ullrich | More Details About "TheMoon" Linksys Worm |
| 2014-02-05/a> | Johannes Ullrich | SANS Ouch Security Awareness Newsletter What is Malware http://www.securingthehuman.org/ouch |
| 2013-12-20/a> | Daniel Wesemann | authorized key lime pie |
| 2013-11-13/a> | Johannes Ullrich | Packet Challenge for the Hivemind: What's happening with this Ethernet header? |
| 2013-09-18/a> | Rob VandenBrink | Cisco DCNM Update Released |
| 2013-09-09/a> | Johannes Ullrich | SSL is broken. So what? |
| 2013-09-05/a> | Rob VandenBrink | Building Your Own GPU Enabled Private Cloud |
| 2013-08-09/a> | Kevin Shortt | Copy Machines - Changing Scanned Content |
| 2013-03-23/a> | Guy Bruneau | Apple ID Two-step Verification Now Available in some Countries |
| 2013-02-06/a> | Johannes Ullrich | Intel Network Card (82574L) Packet of Death |
| 2013-02-04/a> | Adam Swanger | SAN Securing The Human Monthly Awareness Video - Advanced Persistent Threat (APT) http://www.securingthehuman.org/resources/ncsam |
| 2012-10-26/a> | Adam Swanger | Securing the Human Special Webcast - October 30, 2012 |
| 2012-07-10/a> | Rob VandenBrink | Today at SANSFIRE (09 July 2012) - ISC Panel Discussion on the State of the Internet |
| 2012-07-02/a> | Dan Goldberg | Storms of June 29th 2012 in Mid Atlantic region of the USA |
| 2011-05-18/a> | Bojan Zdrnja | Android, HTTP and authentication tokens |
| 2011-04-28/a> | Chris Mohan | Gathering and use of location information fears - or is it all a bit too late |
| 2011-04-11/a> | Johannes Ullrich | Layer 2 DoS and other IPv6 Tricks |
| 2011-01-12/a> | Richard Porter | Has Big Brother gone Global? |
| 2010-12-21/a> | Rob VandenBrink | Network Reliability, Part 2 - HSRP Attacks and Defenses |
| 2010-09-21/a> | Johannes Ullrich | Implementing two Factor Authentication on the Cheap |
| 2010-07-24/a> | Manuel Humberto Santander Pelaez | Transmiting logon information unsecured in the network |
| 2010-07-21/a> | Adrien de Beaupre | Dell PowerEdge R410 replacement motherboard firmware contains malware |
| 2010-03-10/a> | Rob VandenBrink | Microsoft re-release of KB973811 - attacks on Extended Protection for Authentication |
| 2010-02-09/a> | Adrien de Beaupre | When is a 0day not a 0day? Samba symlink bad default config |
| 2009-11-11/a> | Rob VandenBrink | Layer 2 Network Protections against Man in the Middle Attacks |
| 2008-10-15/a> | Rick Wanner | Day 15 - Containing the Damage From a Lost or Stolen Laptop |
| 2006-10-05/a> | John Bambenek | There are no more Passive Exploits |
| 2006-09-29/a> | Kevin Liston | A Report from the Field |
WHEN |
| 2010-02-09/a> | Adrien de Beaupre | When is a 0day not a 0day? Samba symlink bad default config |
IS |
| 2025-04-29/a> | Guy Bruneau | Web Scanning Sonicwall for CVE-2021-20016 |
| 2025-04-21/a> | Jan Kopriva | It's 2025... so why are obviously malicious advertising URLs still going strong? |
| 2025-04-09/a> | Guy Bruneau | Network Infraxploit [Guest Diary] |
| 2025-04-02/a> | Guy Bruneau | Exploring Statistical Measures to Predict URLs as Legitimate or Intrusive [Guest Diary] |
| 2025-03-31/a> | Johannes Ullrich | Apple Patches Everything: March 31st 2025 Edition |
| 2025-03-19/a> | Johannes Ullrich | Exploit Attempts for Cisco Smart Licensing Utility CVE-2024-20439 and CVE-2024-20440 |
| 2025-03-12/a> | Guy Bruneau | File Hashes Analysis with Power BI from Data Stored in DShield SIEM |
| 2025-03-06/a> | Guy Bruneau | DShield Traffic Analysis using ELK |
| 2025-02-05/a> | Johannes Ullrich | Phishing via "com-" prefix domains |
| 2025-01-13/a> | Johannes Ullrich | Hikvision Password Reset Brute Forcing |
| 2025-01-09/a> | Guy Bruneau | Examining Redtail Analyzing a Sophisticated Cryptomining Malware and its Advanced Tactics [Guest Diary] |
| 2024-12-27/a> | Guy Bruneau | Phishing for Banking Information |
| 2024-12-20/a> | Xavier Mertens | Christmas "Gift" Delivered Through SSH |
| 2024-12-17/a> | Guy Bruneau | Command Injection Exploit For PHPUnit before 4.8.28 and 5.x before 5.6.3 [Guest Diary] |
| 2024-12-11/a> | Guy Bruneau | Vulnerability Symbiosis: vSphere?s CVE-2024-38812 and CVE-2024-38813 [Guest Diary] |
| 2024-12-05/a> | Jesse La Grew | [Guest Diary] Business Email Compromise |
| 2024-10-17/a> | Guy Bruneau | Scanning Activity from Subnet 15.184.0.0/16 |
| 2024-10-15/a> | Johannes Ullrich | A Network Nerd's Take on Emergency Preparedness |
| 2024-10-14/a> | Xavier Mertens | Phishing Page Delivered Through a Blob URL |
| 2024-09-25/a> | Guy Bruneau | OSINT - Image Analysis or More Where, When, and Metadata [Guest Diary] |
| 2024-09-24/a> | Johannes Ullrich | Exploitation of RAISECOM Gateway Devices Vulnerability CVE-2024-7120 |
| 2024-09-18/a> | Guy Bruneau | Time-to-Live Analysis of DShield Data with Vega-Lite |
| 2024-09-11/a> | Guy Bruneau | Hygiene, Hygiene, Hygiene! [Guest Diary] |
| 2024-08-29/a> | Xavier Mertens | Live Patching DLLs with Python |
| 2024-08-27/a> | Guy Bruneau | Vega-Lite with Kibana to Parse and Display IP Activity over Time |
| 2024-08-20/a> | Guy Bruneau | Mapping Threats with DNSTwist and the Internet Storm Center [Guest Diary] |
| 2024-08-16/a> | Jesse La Grew | [Guest Diary] 7 minutes and 4 steps to a quick win: A write-up on custom tools |
| 2024-08-07/a> | Guy Bruneau | Same Scripts, Different Day: What My DShield Honeypot Taught Me About the Importance of Security Fundamentals [Guest Diary] |
| 2024-07-16/a> | Jan Kopriva | "Reply-chain phishing" with a twist |
| 2024-07-08/a> | Xavier Mertens | Kunai: Keep an Eye on your Linux Hosts Activity |
| 2024-06-13/a> | Guy Bruneau | The Art of JQ and Command-line Fu [Guest Diary] |
| 2024-06-03/a> | Didier Stevens | A Wireshark Lua Dissector for Fixed Field Length Protocols |
| 2024-05-30/a> | Xavier Mertens | Feeding MISP with OSSEC |
| 2024-05-28/a> | Guy Bruneau | Is that It? Finding the Unknown: Correlations Between Honeypot Logs & PCAPs [Guest Diary] |
| 2024-05-08/a> | Xavier Mertens | Analyzing Synology Disks on Linux |
| 2024-04-29/a> | Guy Bruneau | Linux Trojan - Xorddos with Filename eyshcjdmzg |
| 2024-04-25/a> | Jesse La Grew | Does it matter if iptables isn't running on my honeypot? |
| 2024-03-29/a> | Xavier Mertens | Quick Forensics Analysis of Apache logs |
| 2024-03-14/a> | Jan Kopriva | Increase in the number of phishing messages pointing to IPFS and to R2 buckets |
| 2024-02-29/a> | Jesse La Grew | [Guest Diary] Dissecting DarkGate: Modular Malware Delivery and Persistence as a Service. |
| 2024-02-25/a> | Guy Bruneau | Utilizing the VirusTotal API to Query Files Uploaded to DShield Honeypot [Guest Diary] |
| 2024-02-21/a> | Jan Kopriva | Phishing pages hosted on archive.org |
| 2024-02-03/a> | Guy Bruneau | DShield Sensor Log Collection with Elasticsearch |
| 2024-01-06/a> | Xavier Mertens | Are you sure of your password? |
| 2023-12-22/a> | Xavier Mertens | Shall We Play a Game? |
| 2023-12-06/a> | Guy Bruneau | Revealing the Hidden Risks of QR Codes [Guest Diary] |
| 2023-11-27/a> | Guy Bruneau | Decoding the Patterns: Analyzing DShield Honeypot Activity [Guest Diary] |
| 2023-11-17/a> | Jan Kopriva | Phishing page with trivial anti-analysis features |
| 2023-11-08/a> | Xavier Mertens | Example of Phishing Campaign Project File |
| 2023-10-29/a> | Guy Bruneau | Spam or Phishing? Looking for Credentials & Passwords |
| 2023-10-20/a> | Yee Ching Tok | VMware Releases Security Patches for Fusion, Workstation and Aria Operations for Logs |
| 2023-10-16/a> | Jan Kopriva | Are typos still relevant as an indicator of phishing? |
| 2023-09-26/a> | Jan Kopriva | A new spin on the ZeroFont phishing technique |
| 2023-09-03/a> | Didier Stevens | Analysis of a Defective Phishing PDF |
| 2023-08-31/a> | Jan Kopriva | The low, low cost of (committing) cybercrime |
| 2023-08-18/a> | Xavier Mertens | From a Zalando Phishing to a RAT |
| 2023-08-12/a> | Guy Bruneau | DShield Sensor Monitoring with a Docker ELK Stack [Guest Diary] |
| 2023-07-26/a> | Xavier Mertens | Suspicious IP Addresses Avoided by Malware Samples |
| 2023-07-01/a> | Russ McRee | Sandfly Security |
| 2023-06-29/a> | Brad Duncan | GuLoader- or DBatLoader/ModiLoader-style infection for Remcos RAT |
| 2023-06-21/a> | Yee Ching Tok | Analyzing a YouTube Sponsorship Phishing Mail and Malware Targeting Content Creators |
| 2023-06-16/a> | Xavier Mertens | Another RAT Delivered Through VBS |
| 2023-06-11/a> | Guy Bruneau | DShield Honeypot Activity for May 2023 |
| 2023-05-30/a> | Brad Duncan | Malspam pushes ModiLoader (DBatLoader) infection for Remcos RAT |
| 2023-05-26/a> | Xavier Mertens | Using DFIR Techniques To Recover From Infrastructure Outages |
| 2023-05-20/a> | Xavier Mertens | Phishing Kit Collecting Victim's IP Address |
| 2023-05-19/a> | Xavier Mertens | When the Phisher Messes Up With Encoding |
| 2023-05-15/a> | Jan Kopriva | Ongoing Facebook phishing campaign without a sender and (almost) without links |
| 2023-05-09/a> | Russ McRee | Exploratory Data Analysis with CISSM Cyber Attacks Database - Part 2 |
| 2023-05-01/a> | Jan Kopriva | "Passive" analysis of a phishing attachment |
| 2023-04-26/a> | Yee Ching Tok | Strolling through Cyberspace and Hunting for Phishing Sites |
| 2023-04-03/a> | Johannes Ullrich | Tax Season Risks |
| 2023-03-31/a> | Jan Kopriva | Use of X-Frame-Options and CSP frame-ancestors security headers on 1 million most popular domains |
| 2023-03-20/a> | Xavier Mertens | From Phishing Kit To Telegram... or Not! |
| 2023-03-15/a> | Jan Kopriva | IPFS phishing and the need for correctly set HTTP security headers |
| 2023-03-12/a> | Guy Bruneau | AsynRAT Trojan - Bill Payment (Pago de la factura) |
| 2023-02-27/a> | Xavier Mertens | Phishing Again and Again |
| 2023-02-21/a> | Xavier Mertens | Phishing Page Branded with Your Corporate Website |
| 2023-02-18/a> | Guy Bruneau | Spear Phishing Handlers for Username/Password |
| 2023-02-16/a> | Jan Kopriva | HTML phishing attachment with browser-in-the-browser technique |
| 2023-02-15/a> | Rob VandenBrink | DNS Recon Redux - Zone Transfers (plus a time machine) for When You Can't do a Zone Transfer |
| 2023-02-04/a> | Guy Bruneau | Assemblyline as a Malware Analysis Sandbox |
| 2023-02-03/a> | Jim Clausing | VMware workstation 17.0.1 fixes arbitrary file deletion issue - https://www.vmware.com/security/advisories/VMSA-2023-0003.html |
| 2023-01-21/a> | Guy Bruneau | DShield Sensor JSON Log to Elasticsearch |
| 2023-01-17/a> | Johannes Ullrich | Packet Tuesday: IPv6 Router Advertisements https://www.youtube.com/watch?v=uRWpB_lYIZ8 |
| 2023-01-11/a> | Jan Kopriva | Passive detection of internet-connected systems affected by vulnerabilities from the CISA KEV catalog |
| 2023-01-08/a> | Guy Bruneau | DShield Sensor JSON Log Analysis |
| 2022-11-24/a> | Xavier Mertens | Attackers Keep Phishing Victims Under Stress |
| 2022-11-19/a> | Guy Bruneau | McAfee Fake Antivirus Phishing Campaign is Back! |
| 2022-11-10/a> | Xavier Mertens | Do you collect "Observables" or "IOCs"? |
| 2022-10-27/a> | Tom Webb | Supersizing your DUO and 365 Integration |
| 2022-10-21/a> | Brad Duncan | sczriptzzbn inject pushes malware for NetSupport RAT |
| 2022-10-16/a> | Didier Stevens | Video: Analysis of a Malicious HTML File (QBot) |
| 2022-10-13/a> | Didier Stevens | Analysis of a Malicious HTML File (QBot) |
| 2022-10-04/a> | Johannes Ullrich | Credential Harvesting with Telegram API |
| 2022-09-21/a> | Xavier Mertens | Phishing Campaigns Use Free Online Resources |
| 2022-09-18/a> | Tom Webb | Preventing ISO Malware |
| 2022-09-10/a> | Guy Bruneau | Phishing Word Documents with Suspicious URL |
| 2022-08-26/a> | Xavier Mertens | Paypal Phishing/Coinbase in One Image |
| 2022-08-26/a> | Guy Bruneau | HTTP/2 Packet Analysis with Wireshark |
| 2022-08-22/a> | Xavier Mertens | 32 or 64 bits Malware? |
| 2022-08-17/a> | Johannes Ullrich | A Quick VoIP Experiment |
| 2022-08-13/a> | Guy Bruneau | Phishing HTML Attachment as Voicemail Audio Transcription |
| 2022-08-02/a> | Johannes Ullrich | Increase in Chinese "Hacktivism" Attacks |
| 2022-07-29/a> | Johannes Ullrich | PDF Analysis Intro and OpenActions Entries |
| 2022-07-22/a> | Yee Ching Tok | An Analysis of a Discerning Phishing Website |
| 2022-07-18/a> | Didier Stevens | Adding Your Own Keywords To My PDF Tools |
| 2022-07-13/a> | Xavier Mertens | Using Referers to Detect Phishing Attacks |
| 2022-07-08/a> | Johannes Ullrich | ISC Website Redesign |
| 2022-06-01/a> | Jan Kopriva | HTML phishing attachments - now with anti-analysis features |
| 2022-05-18/a> | Jan Kopriva | Do you want 30 BTC? Nothing is easier (or cheaper) in this phishing campaign... |
| 2022-05-14/a> | Didier Stevens | Quick Analysis Of Phishing MSG |
| 2022-05-07/a> | Guy Bruneau | Phishing PDF Received in my ISC Mailbox |
| 2022-05-03/a> | Rob VandenBrink | Finding the Real "Last Patched" Day (Interim Version) |
| 2022-04-24/a> | Didier Stevens | Analyzing a Phishing Word Document |
| 2022-04-17/a> | Didier Stevens | Video: Office Protects You From Malicious ISO Files |
| 2022-04-16/a> | Didier Stevens | Office Protects You From Malicious ISO Files |
| 2022-04-07/a> | Johannes Ullrich | What is BIMI and how is it supposed to help with Phishing. |
| 2022-04-04/a> | Johannes Ullrich | Emptying the Phishtank: Are WordPress sites the Mosquitoes of the Internet? |
| 2022-02-13/a> | Guy Bruneau | DHL Spear Phishing to Capture Username/Password |
| 2022-02-11/a> | Xavier Mertens | CinaRAT Delivered Through HTML ID Attributes |
| 2022-02-07/a> | Johannes Ullrich | web3 phishing via self-customizing landing pages |
| 2022-01-31/a> | Xavier Mertens | Be careful with RPMSG files |
| 2022-01-28/a> | Xavier Mertens | Malicious ISO Embedded in an HTML Page |
| 2022-01-18/a> | Jan Kopriva | Phishing e-mail with...an advertisement? |
| 2022-01-16/a> | Guy Bruneau | 10 Most Popular Targeted Ports in the Past 3 Weeks |
| 2022-01-07/a> | Xavier Mertens | Custom Python RAT Builder |
| 2022-01-03/a> | Xavier Mertens | McAfee Phishing Campaign with a Nice Fake Scan |
| 2021-12-23/a> | Xavier Mertens | Nicely Crafted indeed.com Login Page |
| 2021-12-17/a> | Rob VandenBrink | DR Automation - Using Public DNS APIs |
| 2021-12-09/a> | Yee Ching Tok | Phishing Direct Messages via Discord |
| 2021-12-04/a> | Guy Bruneau | A Review of Year 2021 |
| 2021-11-24/a> | Jan Kopriva | Phishing page hiding itself using dynamically adjusted IP-based allow list |
| 2021-11-20/a> | Guy Bruneau | Hikvision Security Cameras Potentially Exposed to Remote Code Execution |
| 2021-11-14/a> | Didier Stevens | External Email System FBI Compromised: Sending Out Fake Warnings |
| 2021-11-10/a> | Xavier Mertens | Shadow IT Makes People More Vulnerable to Phishing |
| 2021-10-31/a> | Didier Stevens | Video: Phishing ZIP With Malformed Filename |
| 2021-10-26/a> | Yee Ching Tok | Hunting for Phishing Sites Masquerading as Outlook Web Access |
| 2021-10-24/a> | Didier Stevens | Phishing ZIP With Malformed Filename |
| 2021-10-07/a> | Johannes Ullrich | Who Is Hunting For Your IPTV Set-Top Box? |
| 2021-09-16/a> | Jan Kopriva | Phishing 101: why depend on one suspicious message subject when you can use many? |
| 2021-09-09/a> | Johannes Ullrich | Updates to Our Datafeeds/API |
| 2021-09-02/a> | Xavier Mertens | Attackers Will Always Abuse Major Events in our Lifes |
| 2021-08-19/a> | Johannes Ullrich | When Lightning Strikes. What works and doesn't work. |
| 2021-08-03/a> | Johannes Ullrich | Is this the Weirdest Phishing (SMishing?) Attempt Ever? |
| 2021-07-30/a> | Xavier Mertens | Infected With a .reg File |
| 2021-07-28/a> | Jan Kopriva | A sextortion e-mail from...IT support?! |
| 2021-07-20/a> | Bojan Zdrnja | Summer of SAM - incorrect permissions on Windows 10/11 hives |
| 2021-07-14/a> | Jan Kopriva | One way to fail at malspam - give recipients the wrong password for an encrypted attachment |
| 2021-07-13/a> | Johannes Ullrich | USPS Phishing Using Telegram to Collect Data |
| 2021-06-22/a> | Jan Kopriva | Phishing asking recipients not to report abuse |
| 2021-06-19/a> | Xavier Mertens | Easy Access to the NIST RDS Database |
| 2021-06-18/a> | Daniel Wesemann | Open redirects ... and why Phishers love them |
| 2021-06-15/a> | Johannes Ullrich | Multi Perimeter Device Exploit Mirai Version Hunting For Sonicwall, DLink, Cisco and more |
| 2021-05-29/a> | Guy Bruneau | Spear-phishing Email Targeting Outlook Mail Clients |
| 2021-05-22/a> | Xavier Mertens | "Serverless" Phishing Campaign |
| 2021-05-02/a> | Didier Stevens | PuTTY And FileZilla Use The Same Fingerprint Registry Keys |
| 2021-04-19/a> | Jan Kopriva | Hunting phishing websites with favicon hashes |
| 2021-04-10/a> | Guy Bruneau | Building an IDS Sensor with Suricata & Zeek with Logs to ELK |
| 2021-04-06/a> | Jan Kopriva | Malspam with Lokibot vs. Outlook and RFCs |
| 2021-03-11/a> | Johannes Ullrich | Piktochart - Phishing with Infographics |
| 2021-02-26/a> | Guy Bruneau | Pretending to be an Outlook Version Update |
| 2021-02-10/a> | Brad Duncan | Phishing message to the ISC handlers email distro |
| 2021-01-30/a> | Guy Bruneau | PacketSifter as Network Parsing and Telemetry Tool |
| 2021-01-18/a> | Rob VandenBrink | The CIS Benchmark for Cisco Nexus (NX-OS) 1.0 went live last week, find it here: https://www.cisecurity.org/cis-benchmarks/ |
| 2021-01-14/a> | Bojan Zdrnja | Dynamically analyzing a heavily obfuscated Excel 4 macro malicious file |
| 2021-01-07/a> | Rob VandenBrink | Using the NIST Database and API to Keep Up with Vulnerabilities and Patches (Part 1 of 3) |
| 2021-01-07/a> | Rob VandenBrink | Directly related to today's main story on CPE/CVEs - Code Exec in Cisco Jabber, all platforms https://nvd.nist.gov/vuln/detail/CVE-2020-26085 |
| 2020-12-29/a> | Jan Kopriva | Want to know what's in a folder you don't have a permission to access? Try asking your AV solution... |
| 2020-12-22/a> | Xavier Mertens | Malware Victim Selection Through WiFi Identification |
| 2020-12-03/a> | Brad Duncan | Traffic Analysis Quiz: Mr Natural |
| 2020-11-11/a> | Brad Duncan | Traffic Analysis Quiz: DESKTOP-FX23IK5 |
| 2020-10-24/a> | Guy Bruneau | An Alternative to Shodan, Censys with User-Agent CensysInspect/1.1 |
| 2020-10-22/a> | Jan Kopriva | BazarLoader phishing lures: plan a Halloween party, get a bonus and be fired in the same afternoon |
| 2020-10-21/a> | Daniel Wesemann | 20 new Cisco security advisories for ASA and Firepower with CVSS>7: https://tools.cisco.com/security/center/publicationListing.x |
| 2020-10-09/a> | Jan Kopriva | Phishing kits as far as the eye can see |
| 2020-10-02/a> | Xavier Mertens | Analysis of a Phishing Kit |
| 2020-10-01/a> | Daniel Wesemann | Making sense of Azure AD (AAD) activity logs |
| 2020-09-24/a> | Xavier Mertens | Party in Ibiza with PowerShell |
| 2020-09-21/a> | Jan Kopriva | Slightly broken overlay phishing |
| 2020-09-20/a> | Guy Bruneau | Analysis of a Salesforce Phishing Emails |
| 2020-09-17/a> | Xavier Mertens | Suspicious Endpoint Containment with OSSEC |
| 2020-09-15/a> | Brad Duncan | Traffic Analysis Quiz: Oh No... Another Infection! |
| 2020-08-18/a> | Rick Wanner | ISC Blocked |
| 2020-08-05/a> | Brad Duncan | Traffic Analysis Quiz: What's the Malware From This Infection? |
| 2020-08-01/a> | Jan Kopriva | What pages do bad bots look for? |
| 2020-07-25/a> | Didier Stevens | ndisasm Update 2.15 |
| 2020-07-24/a> | Xavier Mertens | Compromized Desktop Applications by Web Technologies |
| 2020-07-23/a> | Xavier Mertens | Simple Blocklisting with MISP & pfSense |
| 2020-06-18/a> | Jan Kopriva | Broken phishing accidentally exploiting Outlook zero-day |
| 2020-06-15/a> | Rick Wanner | HTML based Phishing Run |
| 2020-06-01/a> | Jim Clausing | Stackstrings, type 2 |
| 2020-05-27/a> | Jan Kopriva | Frankenstein's phishing using Google Cloud Storage |
| 2020-05-19/a> | Rick Wanner | Cisco Advisories for FTD, ASA, Firepower 1000 |
| 2020-05-14/a> | Rob VandenBrink | Patch Tuesday Revisited - CVE-2020-1048 isn't as "Medium" as MS Would Have You Believe |
| 2020-05-06/a> | Xavier Mertens | Keeping an Eye on Malicious Files Life Time |
| 2020-05-02/a> | Guy Bruneau | Phishing PDF with Unusual Hostname |
| 2020-04-28/a> | Jan Kopriva | Agent Tesla delivered by the same phishing campaign for over a year |
| 2020-04-18/a> | Guy Bruneau | Maldoc Falsely Represented as DOCX Invoice Redirecting to Fake Apple Store |
| 2020-04-13/a> | Jan Kopriva | Look at the same phishing campaign 3 months apart |
| 2020-04-10/a> | Scott Fendley | Critical Vuln in vCenter vmdir (CVE-2020-3952) |
| 2020-04-03/a> | Xavier Mertens | Obfuscated with a Simple 0x0A |
| 2020-03-27/a> | Xavier Mertens | Malicious JavaScript Dropping Payload in the Registry |
| 2020-03-14/a> | Didier Stevens | Phishing PDF With Incremental Updates. |
| 2020-03-05/a> | Xavier Mertens | Will You Put Your Password in a Survey? |
| 2020-03-02/a> | Jan Kopriva | Secure vs. cleartext protocols - couple of interesting stats |
| 2020-02-27/a> | Xavier Mertens | Offensive Tools Are For Blue Teams Too |
| 2020-02-10/a> | Jan Kopriva | Current PayPal phishing campaign or "give me all your personal information" |
| 2020-02-05/a> | Brad Duncan | Fake browser update pages are "still a thing" |
| 2020-02-03/a> | Jan Kopriva | Analysis of a triple-encrypted AZORult downloader |
| 2020-01-27/a> | Johannes Ullrich | Network Security Perspective on Coronavirus Preparedness |
| 2020-01-25/a> | Russell Eubanks | Visibility Gap of Your Security Tools |
| 2020-01-25/a> | Guy Bruneau | Is Threat Hunting the new Fad? |
| 2020-01-24/a> | Xavier Mertens | Why Phishing Remains So Popular? |
| 2020-01-16/a> | Jan Kopriva | Picks of 2019 malware - the large, the small and the one full of null bytes |
| 2020-01-12/a> | Guy Bruneau | ELK Dashboard and Logstash parser for tcp-honeypot Logs |
| 2020-01-06/a> | Johannes Ullrich | Increase in Number of Sources January 3rd and 4th: spoofed |
| 2019-12-29/a> | Guy Bruneau | ELK Dashboard for Pihole Logs |
| 2019-12-07/a> | Guy Bruneau | Integrating Pi-hole Logs in ELK with Logstash |
| 2019-12-06/a> | Jan Kopriva | Phishing with a self-contained credentials-stealing webpage |
| 2019-12-05/a> | Jan Kopriva | E-mail from Agent Tesla |
| 2019-12-04/a> | Jan Kopriva | Analysis of a strangely poetic malware |
| 2019-11-26/a> | Jan Kopriva | Lessons learned from playing a willing phish |
| 2019-11-23/a> | Guy Bruneau | Local Malware Analysis with Malice |
| 2019-11-22/a> | Xavier Mertens | Abusing Web Filters Misconfiguration for Reconnaissance |
| 2019-10-31/a> | Jan Kopriva | EML attachments in O365 - a recipe for phishing |
| 2019-10-24/a> | Johannes Ullrich | Your Supply Chain Doesn't End At Receiving: How Do You Decommission Network Equipment? |
| 2019-10-18/a> | Xavier Mertens | Quick Malicious VBS Analysis |
| 2019-10-17/a> | Jan Kopriva | Phishing e-mail spoofing SPF-enabled domain |
| 2019-10-06/a> | Russ McRee | visNetwork for Network Data |
| 2019-09-27/a> | Xavier Mertens | New Scans for Polycom Autoconfiguration Files |
| 2019-09-19/a> | Xavier Mertens | Blocklisting or Whitelisting in the Right Way |
| 2019-09-07/a> | Guy Bruneau | Unidentified Scanning Activity |
| 2019-08-19/a> | Didier Stevens | Compressed ISO Files (ISZ) |
| 2019-08-18/a> | Didier Stevens | Video: Analyzing DAA Files |
| 2019-08-16/a> | Didier Stevens | The DAA File Format |
| 2019-08-15/a> | Didier Stevens | Analysis of a Spearphishing Maldoc |
| 2019-08-12/a> | Didier Stevens | Malicious .DAA Attachments |
| 2019-08-09/a> | Xavier Mertens | 100% JavaScript Phishing Page |
| 2019-07-18/a> | Rob VandenBrink | The Other Side of Critical Control 1: 802.1x Wired Network Access Controls |
| 2019-07-18/a> | Xavier Mertens | Malicious PHP Script Back on Stage? |
| 2019-07-15/a> | Didier Stevens | isodump.py and Malicious ISO Files |
| 2019-07-09/a> | John Bambenek | Solving the WHOIS and Privacy Problem: A Draft of Implementing WHOIS in DNS |
| 2019-06-27/a> | Rob VandenBrink | Finding the Gold in a Pile of Pennies - Long Tail Analysis in PowerShell |
| 2019-06-14/a> | Jim Clausing | A few Ghidra tips for IDA users, part 4 - function call graphs |
| 2019-05-13/a> | Xavier Mertens | From Phishing To Ransomware? |
| 2019-04-24/a> | Rob VandenBrink | Where have all the Domain Admins gone? Rooting out Unwanted Domain Administrators |
| 2019-04-17/a> | Jim Clausing | A few Ghidra tips for IDA users, part 2 - strings and parameters |
| 2019-04-17/a> | Xavier Mertens | Malware Sample Delivered Through UDF Image |
| 2019-04-08/a> | Jim Clausing | A few Ghidra tips for IDA users, part 1 - the decompiler/unreachable code |
| 2019-04-05/a> | Russ McRee | Beagle: Graph transforms for DFIR data & logs |
| 2019-04-03/a> | Jim Clausing | A few Ghidra tips for IDA users, part 0 - automatic comments for API call parameters |
| 2019-03-31/a> | Didier Stevens | Maldoc Analysis of the Weekend by a Reader |
| 2019-03-06/a> | Xavier Mertens | Keep an Eye on Disposable Email Addresses |
| 2019-02-28/a> | Tom Webb | Phishing impersonations |
| 2019-02-27/a> | Didier Stevens | Maldoc Analysis by a Reader |
| 2019-02-07/a> | Xavier Mertens | Phishing Kit with JavaScript Keylogger |
| 2019-02-03/a> | Didier Stevens | Video: Analyzing a Simple HTML Phishing Attachment |
| 2019-01-29/a> | Johannes Ullrich | A Not So Well Done Phish (Why Attackers need to Implement IPv6 Now! ;-) ) |
| 2019-01-22/a> | Xavier Mertens | DNS Firewalling with MISP |
| 2019-01-02/a> | Lorna Hutcheson | Gift Card Scams on the rise |
| 2018-12-27/a> | Didier Stevens | Matryoshka Phish |
| 2018-12-26/a> | Didier Stevens | Bitcoin "Blocklists" |
| 2018-12-21/a> | Lorna Hutcheson | Phishing Attempts That Bypass 2FA |
| 2018-12-13/a> | Xavier Mertens | Phishing Attack Through Non-Delivery Notification |
| 2018-11-20/a> | Xavier Mertens | Querying DShield from Cortex |
| 2018-11-18/a> | Guy Bruneau | Multipurpose PCAP Analysis Tool |
| 2018-11-12/a> | Rick Wanner | Using the Neutrino ip-blocklist API to test general badness of an IP |
| 2018-11-04/a> | Pasquale Stirparo | Beyond good ol' LaunchAgent - part 1 |
| 2018-10-21/a> | Pasquale Stirparo | Beyond good ol’ LaunchAgent - part 0 |
| 2018-10-18/a> | Russ McRee | Cisco Security Advisories 17 OCT 2018 |
| 2018-10-17/a> | Russ McRee | VMSA-2018-0026 VMware ESXi, Workstation & Fusion updates address out-of-bounds read vulnerability https://www.vmware.com/security/advisories/VMSA-2018-0026.html |
| 2018-10-10/a> | Xavier Mertens | "OG" Tools Remain Valuable |
| 2018-08-31/a> | Jim Clausing | Quickie: Using radare2 to disassemble shellcode |
| 2018-08-25/a> | Didier Stevens | Microsoft Publisher malware: static analysis |
| 2018-08-24/a> | Xavier Mertens | Microsoft Publisher Files Delivering Malware |
| 2018-08-23/a> | Xavier Mertens | Simple Phishing Through formcrafts.com |
| 2018-08-12/a> | Didier Stevens | A URL shortener handy for phishers |
| 2018-07-01/a> | Didier Stevens | Video: Analyzing XPS Files |
| 2018-06-30/a> | Didier Stevens | XPS samples |
| 2018-06-26/a> | Didier Stevens | Analyzing XPS files |
| 2018-06-22/a> | Lorna Hutcheson | XPS Attachment Used for Phishing |
| 2018-06-07/a> | Remco Verhoef | Automated twitter loot collection |
| 2018-06-01/a> | Remco Verhoef | Binary analysis with Radare2 |
| 2018-05-24/a> | Xavier Mertens | "Blocked" Does Not Mean "Forget It" |
| 2018-05-23/a> | Remco Verhoef | Track naughty and nice binaries with Google Santa |
| 2018-05-09/a> | Xavier Mertens | Nice Phishing Sample Delivering Trickbot |
| 2018-05-07/a> | Xavier Mertens | Adding Persistence Via Scheduled Tasks |
| 2018-03-12/a> | Xavier Mertens | Payload delivery via SMB |
| 2018-03-02/a> | Xavier Mertens | Common Patterns Used in Phishing Campaigns Files |
| 2018-02-25/a> | Guy Bruneau | Blackhole Advertising Sites with Pi-hole |
| 2018-02-01/a> | Xavier Mertens | Adaptive Phishing Kit |
| 2018-01-31/a> | Tom Webb | Tax Phishing Time |
| 2018-01-30/a> | Kevin Liston | Cisco ASA WebVPN Vulnerability |
| 2018-01-23/a> | John Bambenek | Life after GDPR: Implications for Cybersecurity |
| 2018-01-20/a> | Didier Stevens | An RTF phish |
| 2018-01-12/a> | Bojan Zdrnja | Those pesky registry keys required by critical security patches |
| 2018-01-10/a> | Russ McRee | GitHub InfoSec Threepeat: HELK, ptf, and VulnWhisperer |
| 2018-01-03/a> | John Bambenek | Phishing to Rural America Leads to Six-figure Wire Fraud Losses |
| 2018-01-02/a> | Didier Stevens | PDF documents & URLs: video |
| 2017-12-20/a> | Richard Porter | VMWare Security Advisory: VMSA-2017-0021: https://www.vmware.com/security/advisories/VMSA-2017-0021.html |
| 2017-12-18/a> | Didier Stevens | Phish or scam? - Part 2 |
| 2017-12-17/a> | Didier Stevens | Phish or scam? - Part 1 |
| 2017-12-13/a> | Xavier Mertens | Tracking Newly Registered Domains |
| 2017-12-01/a> | Xavier Mertens | Phishing Kit (Ab)Using Cloud Services |
| 2017-11-23/a> | Xavier Mertens | Proactive Malicious Domain Search |
| 2017-11-15/a> | Xavier Mertens | If you want something done right, do it yourself! |
| 2017-11-10/a> | Bojan Zdrnja | Battling e-mail phishing |
| 2017-11-05/a> | Didier Stevens | Extracting the text from PDF documents |
| 2017-11-04/a> | Didier Stevens | PDF documents & URLs |
| 2017-10-20/a> | Rick Wanner | Cisco fixes for KRACKs not complete |
| 2017-09-29/a> | Lorna Hutcheson | Good Analysis = Understanding(tools + logs + normal) |
| 2017-08-16/a> | Xavier Mertens | Analysis of a Paypal phishing kit |
| 2017-08-13/a> | Didier Stevens | The Good Phishing Email |
| 2017-07-30/a> | Renato Marinho | SMBLoris - the new SMB flaw |
| 2017-07-21/a> | Didier Stevens | Malicious .iso Attachments |
| 2017-07-16/a> | Renato Marinho | SMS Phishing induces victims to photograph its own token card |
| 2017-07-09/a> | Russ McRee | Adversary hunting with SOF-ELK |
| 2017-06-27/a> | Brad Duncan | A Tale of Two Phishies |
| 2017-06-15/a> | Bojan Zdrnja | Uberscammers |
| 2017-06-02/a> | Xavier Mertens | Phishing Campaigns Follow Trends |
| 2017-05-20/a> | Xavier Mertens | Typosquatting: Awareness and Hunting |
| 2017-05-16/a> | Russ McRee | WannaCry? Do your own data analysis. |
| 2017-05-03/a> | Bojan Zdrnja | OAUTH phishing against Google Docs ? beware! |
| 2017-04-28/a> | Russell Eubanks | KNOW before NO |
| 2017-04-18/a> | Johannes Ullrich | Yet Another Apple Phish and Some DNS Lessons Learned From It |
| 2017-04-16/a> | Johannes Ullrich | Tool to Detect Active Phishing Attacks Using Unicode Look-Alike Domains |
| 2017-04-10/a> | Didier Stevens | Password History: Insights Shared by a Reader |
| 2017-04-05/a> | Xavier Mertens | Whitelists: The Holy Grail of Attackers |
| 2017-03-28/a> | Xavier Mertens | Logical & Physical Security Correlation |
| 2017-03-25/a> | Russell Eubanks | Distraction as a Service |
| 2017-03-24/a> | Xavier Mertens | Nicely Obfuscated JavaScript Sample |
| 2017-03-18/a> | Rick Wanner | Cisco IOS Remote Code Execution Vulnerability -> https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp |
| 2017-03-15/a> | Xavier Mertens | Retro Hunting! |
| 2017-03-11/a> | Russell Eubanks | What's On Your Not To Do List? |
| 2017-03-06/a> | Renato Marinho | A very convincing Typosquatting + Social Engineering campaign is targeting Santander corporate customers in Brazil |
| 2017-02-27/a> | Tom Webb | Dynamite Phishing |
| 2017-02-03/a> | Lorna Hutcheson | Cisco - Issue with Clock Signal Component |
| 2017-02-01/a> | Xavier Mertens | Quick Analysis of Data Left Available by Attackers |
| 2017-01-28/a> | Lorna Hutcheson | Packet Analysis - Where do you start? |
| 2017-01-26/a> | Xavier Mertens | IOC's: Risks of False Positive Alerts Flood Ahead |
| 2017-01-24/a> | Johannes Ullrich | Critical Vulnerability in Cisco WebEx Chrome Plugin |
| 2017-01-13/a> | Xavier Mertens | Who's Attacking Me? |
| 2017-01-10/a> | Johannes Ullrich | Realtors Be Aware: You Are a Target |
| 2017-01-04/a> | John Bambenek | Mixed Messages : Novel Phishing Attempts Trying to Steal Your E-mail Password Goes Wrong |
| 2016-12-24/a> | Didier Stevens | Pinging All The Way |
| 2016-11-16/a> | Xavier Mertens | Example of Getting Analysts & Researchers Away |
| 2016-10-30/a> | Pasquale Stirparo | Volatility Bot: Automated Memory Analysis |
| 2016-10-22/a> | Guy Bruneau | Request for Packets TCP 4786 - CVE-2016-6385 |
| 2016-10-17/a> | Didier Stevens | Maldoc VBA Anti-Analysis: Video |
| 2016-10-15/a> | Didier Stevens | Maldoc VBA Anti-Analysis |
| 2016-10-07/a> | Rick Wanner | First Hurricane Matthew related Phish |
| 2016-09-05/a> | Xavier Mertens | Malware Delivered via '.pub' Files |
| 2016-08-31/a> | Deborah Hale | Cisco Security Advisories Issued |
| 2016-08-29/a> | Russ McRee | Recommended Reading: Intrusion Detection Using Indicators of Compromise Based on Best Practices and Windows Event Logs |
| 2016-08-23/a> | Xavier Mertens | Voice Message Notifications Deliver Ransomware |
| 2016-08-21/a> | Rick Wanner | Cisco ASA SNMP Remote Code Execution Vulnerability |
| 2016-07-27/a> | Xavier Mertens | Critical Xen PV guests vulnerabilities |
| 2016-07-12/a> | Xavier Mertens | Hunting for Malicious Files with MISP + OSSEC |
| 2016-06-29/a> | Xavier Mertens | Phishing Campaign with Blurred Images |
| 2016-05-22/a> | Pasquale Stirparo | The strange case of WinZip MRU Registry key |
| 2016-05-14/a> | Guy Bruneau | INetSim as a Basic Honeypot |
| 2016-05-13/a> | Xavier Mertens | MISP - Malware Information Sharing Platform |
| 2016-05-12/a> | Xavier Mertens | Another Day, Another Wave of Phishing Emails |
| 2016-04-21/a> | Daniel Wesemann | Decoding Pseudo-Darkleech (Part #2) |
| 2016-04-15/a> | Xavier Mertens | Windows Command Line Persistence? |
| 2016-02-07/a> | Xavier Mertens | More Malicious JavaScript Obfuscation |
| 2016-01-13/a> | Alex Stanford | You Have Got a New Audio Message - Guest Diary by Pasquale Stirparo |
| 2016-01-10/a> | Jim Clausing | VMware security update |
| 2016-01-09/a> | Xavier Mertens | Virtual Bitlocker Containers |
| 2015-12-19/a> | Russell Eubanks | VMWare Security Advisory |
| 2015-12-04/a> | Tom Webb | Automating Phishing Analysis using BRO |
| 2015-11-01/a> | Guy Bruneau | Cisco Products Affected by Multiple Vulnerabilities in ntpd - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp |
| 2015-10-12/a> | Guy Bruneau | Data Visualization,What is your Tool of Choice? |
| 2015-09-08/a> | Lenny Zeltser | A Close Look at PayPal Overpayment Scams That Target Craigslist Sellers |
| 2015-07-31/a> | Russ McRee | Cisco Security Advisory: Cisco ASR 1000 (Aggregation Services Routers) Fragmented Packet DOS Vuln: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150730-asr1k |
| 2015-07-31/a> | Russ McRee | Tech tip follow-up: Using the data Invoked with R's system command |
| 2015-07-12/a> | Didier Stevens | Jump List Files Are OLE Files |
| 2015-06-26/a> | Daniel Wesemann | Cisco default credentials - again! |
| 2015-05-10/a> | Didier Stevens | Wireshark TCP Flags: How To Install On Windows Video |
| 2015-05-03/a> | Russ McRee | VolDiff, for memory image differential analysis |
| 2015-04-30/a> | Brad Duncan | Dalexis/CTB-Locker malspam campaign |
| 2015-04-15/a> | Johannes Ullrich | MS15-034: HTTP.sys (IIS) DoS And Possible Remote Code Execution. PATCH NOW |
| 2015-04-05/a> | Didier Stevens | Wireshark TCP Flags |
| 2015-04-03/a> | Didier Stevens | SSH Fingerprints Are Important |
| 2015-03-21/a> | Russell Eubanks | Have you seen my personal information? It has been lost. Again. |
| 2015-03-07/a> | Guy Bruneau | Should it be Mandatory to have an Independent Security Audit after a Breach? |
| 2015-02-23/a> | Richard Porter | Subscribing to the DShield Top 20 on a Palo Alto Networks Firewall |
| 2015-02-20/a> | Tom Webb | Fast analysis of a Tax Scam |
| 2015-02-13/a> | Johannes Ullrich | Microsoft February Patch Failures Continue: KB3023607 vs. Cisco AnyConnect Client |
| 2015-02-09/a> | Chris Mohan | Backups are part of the overall business continuity and disaster recovery plan |
| 2015-01-31/a> | Guy Bruneau | Beware of Phishing and Spam Super Bowl Fans! |
| 2014-11-27/a> | Russ McRee | Syrian Electronic Army attack leads to malvertising |
| 2014-11-24/a> | Richard Porter | Someone is using this? PoS: Compressor |
| 2014-11-04/a> | Daniel Wesemann | Whois someone else? |
| 2014-10-23/a> | Russ McRee | Digest: 23 OCT 2014 |
| 2014-10-01/a> | Russ McRee | VMware security advisory: VMSA-2014-0010 http://www.vmware.com/security/advisories/VMSA-2014-0010.html |
| 2014-09-19/a> | Guy Bruneau | Web Scan looking for /info/whitelist.pac |
| 2014-09-16/a> | Daniel Wesemann | https://yourfakebank.support -- TLD confusion starts! |
| 2014-09-12/a> | Chris Mohan | VMware NSX and vCNS product updates address a critical information disclosure vulnerability http://www.vmware.com/security/advisories/VMSA-2014-0009.html |
| 2014-08-17/a> | Rick Wanner | Part 1: Is your home network unwittingly contributing to NTP DDOS attacks? |
| 2014-08-05/a> | Johannes Ullrich | Center for Internet Security Releases Benchmark for VMWare ESXi 5.5 https://benchmarks.cisecurity.org/downloads/form/index.cfm?download=esxi55.100 |
| 2014-07-19/a> | Russ McRee | Keeping the RATs out: the trap is sprung - Part 3 |
| 2014-07-18/a> | Russ McRee | Keeping the RATs out: **it happens - Part 2 |
| 2014-07-17/a> | Russ McRee | Cisco Wireless Residential Gateway Remote Code Execution Vulnerability - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscosa-20140716-cm |
| 2014-07-16/a> | Russ McRee | Keeping the RATs out: an exercise in building IOCs - Part 1 |
| 2014-07-14/a> | Daniel Wesemann | E-ZPass phishing scam |
| 2014-07-05/a> | Guy Bruneau | Malware Analysis with pedump |
| 2014-07-02/a> | Johannes Ullrich | Cisco Unified Communications Domain Manager Update |
| 2014-06-17/a> | Rob VandenBrink | New Security Advisories / Updates from Microsoft - Heads up for Next Patch Tuesday! |
| 2014-06-11/a> | Daniel Wesemann | Help your pilot fly! |
| 2014-05-26/a> | Tony Carothers | NIST 800 Series Publications - New and Improved |
| 2014-05-23/a> | Richard Porter | Highlights from Cisco Live 2014 - The Internet of Everything |
| 2014-05-22/a> | Johannes Ullrich | Discontinuing Support for ISC Alert Task Bar Icon |
| 2014-04-21/a> | Daniel Wesemann | Finding the bleeders |
| 2014-04-11/a> | Rob VandenBrink | VMware Security Advisories / Patches released for 2 issues (NOT Heartbleed) - http://www.vmware.com/security/advisories/VMSA-2014-0003.html and http://www.vmware.com/security/advisories/VMSA-2014-0002.html |
| 2014-04-11/a> | Guy Bruneau | Heartbleed Fix Available for Download for Cisco Products |
| 2014-03-27/a> | Alex Stanford | Apple Credential Phishing via appleidconfirm.net |
| 2014-03-26/a> | Johannes Ullrich | Full Disclosure Mailing List is back: http://insecure.org/news/fulldisclosure/ |
| 2014-03-26/a> | Johannes Ullrich | Cisco Semiannual IOS Security Advisory http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar14.html |
| 2014-03-22/a> | Guy Bruneau | How the Compromise of a User Account Lead to a Spam Incident |
| 2014-03-21/a> | Johannes Ullrich | Cisco AsyncOS Patch |
| 2014-03-13/a> | Daniel Wesemann | Web server logs containing RS=^ ? |
| 2014-02-27/a> | Richard Porter | Cisco Prime Infrastructure Command Execution Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140226-pi |
| 2014-02-24/a> | Russ McRee | Explicit Trusted Proxy in HTTP/2.0 or...not so much |
| 2014-02-22/a> | Tony Carothers | Cisco UCS Director Vulnerability and Update |
| 2014-02-19/a> | Russ McRee | Seven Cisco Security Advisories now available: http://tools.cisco.com/security/center/publicationListing.x |
| 2014-02-07/a> | Rob VandenBrink | New ISO Standards on Vulnerability Handling and Disclosure |
| 2014-01-25/a> | Guy Bruneau | Finding in Cisco's Annual Security Report |
| 2014-01-24/a> | Johannes Ullrich | How to send mass e-mail the right way |
| 2014-01-24/a> | Chris Mohan | Phishing via Social Media |
| 2014-01-24/a> | Chris Mohan | Security Update for OS X for CVE-2014-1252 http://support.apple.com/kb/HT6117 |
| 2014-01-14/a> | Chris Mohan | Spamming and scanning botnets - is there something I can do to block them from my site? |
| 2014-01-10/a> | Basil Alawi S.Taher | Cisco Small Business Devices backdoor fix |
| 2014-01-01/a> | Russ McRee | Six degrees of celebration: Juniper, ANT, Shodan, Maltego, Cisco, and Tails |
| 2013-12-23/a> | Rob VandenBrink | How-To's for the Holidays - Java Whitelisting using AD Group Policy |
| 2013-12-23/a> | Scott Fendley | VMWare ESX/ESXi Security Advisory |
| 2013-12-21/a> | Daniel Wesemann | Adobe phishing underway |
| 2013-12-11/a> | Johannes Ullrich | Facebook Phishing and Malware via Tumblr Redirects |
| 2013-12-05/a> | Mark Hofman | Updated Standards Part 1 - ISO 27001 |
| 2013-12-04/a> | Adrien de Beaupre | VMware Security Advisory VMSA-2013-0014 |
| 2013-11-03/a> | Jim Clausing | What were you doing 25 years ago (yesterday)? |
| 2013-10-28/a> | Daniel Wesemann | Exploit cocktail (Struts, Java, Windows) going after 3-month old vulnerabilities |
| 2013-10-21/a> | Johannes Ullrich | New tricks that may bring DNS spoofing back or: "Why you should enable DNSSEC even if it is a pain to do" |
| 2013-10-17/a> | Adrien de Beaupre | Microsoft phish |
| 2013-10-16/a> | Adrien de Beaupre | Access denied and blockliss |
| 2013-09-18/a> | Rob VandenBrink | Cisco DCNM Update Released |
| 2013-09-17/a> | John Bambenek | Microsoft Releases Out-of-Band Advisory for all Versions of Internet Explorer |
| 2013-09-03/a> | Rob VandenBrink | Is "Reputation Backscatter" a Thing? |
| 2013-08-29/a> | Russ McRee | Suspect Sendori software |
| 2013-08-21/a> | Rob VandenBrink | Fibre Channel Reconnaissance - Reloaded |
| 2013-08-19/a> | Guy Bruneau | Business Risks and Cyber Attacks |
| 2013-08-13/a> | Swa Frantzen | Microsoft security advisories: RDP and MD5 deprecation in Microsoft root certificates |
| 2013-08-05/a> | Chris Mohan | DMARC: another step forward in the fight against phishing? |
| 2013-08-02/a> | Chris Mohan | VMware Security Advisory VMSA-2013-0009 - http://www.vmware.com/security/advisories/VMSA-2013-0009.html |
| 2013-08-02/a> | Chris Mohan | Cisco Security Advisory: OSPF LSA Manipulation Vulnerability in Multiple Cisco Products http://tools.cisco.com/security/center/viewAlert.x?alertId=30210 |
| 2013-07-25/a> | Johannes Ullrich | A couple Site Updates |
| 2013-07-10/a> | Johannes Ullrich | .NL Registrar Compromisse |
| 2013-07-04/a> | Russ McRee | Celebrating 4th of July With a Malware PCAP Visualization |
| 2013-06-26/a> | Adrien de Beaupre | Multiple Cisco security advisories |
| 2013-06-18/a> | Russ McRee | Volatility rules...any questions? |
| 2013-06-11/a> | Swa Frantzen | Other Microsoft Black Tuesday News |
| 2013-05-31/a> | Chris Mohan | VMware releases new and updated security advisories |
| 2013-05-21/a> | Adrien de Beaupre | Moore, Oklahoma tornado charitable organization scams, malware, and phishing |
| 2013-05-14/a> | Swa Frantzen | Microsoft Security Advisory 2846338 |
| 2013-05-11/a> | Lenny Zeltser | Extracting Digital Signatures from Signed Malware |
| 2013-04-30/a> | Russ McRee | Apache binary backdoor adds malicious redirect to Blackhole |
| 2013-04-28/a> | Russ McRee | SANS's Alan Paller discusses the threat of cyberterrorism on CNN |
| 2013-04-23/a> | Russ McRee | Microsoft's Security Intelligence Report (SIRv14) released |
| 2013-04-15/a> | Rob VandenBrink | Oops - You Mean That Deleted Server was a Certificate Authority? |
| 2013-03-29/a> | Chris Mohan | Does your breach email notification look like a phish? |
| 2013-03-27/a> | Rob VandenBrink | Several Cisco IOS DOS Issues Resolved |
| 2013-03-18/a> | Kevin Shortt | Cisco IOS Type 4 Password Issue: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4 |
| 2013-03-09/a> | Guy Bruneau | IPv6 Focus Month: IPv6 Encapsulation - Protocol 41 |
| 2013-02-22/a> | Johannes Ullrich | When web sites go bad: bible . org compromise |
| 2013-02-22/a> | Chris Mohan | VMware releases new and updated security advisories |
| 2013-02-17/a> | Guy Bruneau | HP ArcSight Connector Appliance and Logger Vulnerabilities |
| 2013-02-12/a> | Adam Swanger | Microsoft February 2013 Black Tuesday Update - Overview |
| 2013-02-11/a> | John Bambenek | Is This Chinese Registrar Really Trying to XSS Me? |
| 2013-02-04/a> | Adam Swanger | SAN Securing The Human Monthly Awareness Video - Advanced Persistent Threat (APT) http://www.securingthehuman.org/resources/ncsam |
| 2013-02-03/a> | Lorna Hutcheson | Is it Really an Attack? |
| 2013-02-01/a> | Jim Clausing | VMware vSphere security updates for the authentication service and third party libraries (see http://www.vmware.com/security/advisories/VMSA-2013-0001.html) |
| 2013-01-18/a> | Russ McRee | Interesting reads for Friday 18 JAN 2013 |
| 2013-01-15/a> | Russ McRee | Cisco introducing Cisco Security Notices 16 JAN 2013 |
| 2013-01-09/a> | Richard Porter | The 80's called - They Want Their Mainframe Back! |
| 2013-01-09/a> | Rob VandenBrink | Security Update - Cisco Prime LMS (cisco-sa-20130109-lms - remote execution as root vulnerability) - advisory at: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-lms |
| 2013-01-09/a> | Rob VandenBrink | Security Update - Cisco 7900 Phones - cisco-sa-20130109-uipphone privilege escallation issue - advisory at: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-uipphone |
| 2013-01-08/a> | Jim Clausing | Cuckoo 0.5 is out and the world didn't end |
| 2013-01-08/a> | Richard Porter | A picture worth a 1000 barcodes? |
| 2013-01-03/a> | Bojan Zdrnja | Memory acquisition traps |
| 2012-12-18/a> | Dan Goldberg | Mitigating the impact of organizational change: a risk assessment |
| 2012-12-18/a> | Rob VandenBrink | All I Want for Christmas is to Not Get Hacked ! |
| 2012-12-14/a> | Adam Swanger | ISC Feature of the Week: Webhoneypot: Web Server Log Project |
| 2012-12-11/a> | John Bambenek | Microsoft December 2012 Black Tuesday Update - Overview |
| 2012-12-07/a> | Adam Swanger | ISC Feature of the Week: Glossary Additions |
| 2012-12-06/a> | Daniel Wesemann | Fake tech support calls - revisited |
| 2012-12-03/a> | John Bambenek | John McAfee Exposes His Location in Photo About His Being on Run |
| 2012-12-02/a> | Guy Bruneau | Collecting Logs from Security Devices at Home |
| 2012-11-29/a> | Adam Swanger | ISC Feature of the Week: SSH Scan Reports |
| 2012-11-29/a> | Kevin Shortt | New Apple Security Update: APPLE-SA-2012-11-29-1 Apple TV 5.1.1 |
| 2012-11-28/a> | Mark Hofman | McAfee releases extraDAT for W32/Autorun.worm.aaeb-h |
| 2012-11-28/a> | Mark Hofman | New version of wireshark is available (1.8.4), some security fixes included. |
| 2012-11-27/a> | Chris Mohan | Can users' phish emails be a security admin's catch of the day? |
| 2012-11-26/a> | John Bambenek | Online Shopping for the Holidays? Tips, News and a Fair Warning |
| 2012-11-23/a> | Rob VandenBrink | Risk Assessment Reloaded (thanks PCI ! ) |
| 2012-11-23/a> | Rob VandenBrink | What's in Your Change Control Form? |
| 2012-11-20/a> | John Bambenek | Firefox v 17.0 just released, more here: http://www.mozilla.org/en-US/firefox/17.0/releasenotes/ |
| 2012-11-20/a> | John Bambenek | Behind the Random NTP Bizarreness of Incorrect Year Being Set |
| 2012-11-19/a> | John Bambenek | MoneyGram fined $100 million for aiding wire fraud - http://krebsonsecurity.com/2012/11/moneygram-fined-100-million-for-wire-fraud/ |
| 2012-11-19/a> | John Bambenek | New Poll: Top 5 Unresolved Security Problems of 2012 |
| 2012-11-17/a> | Manuel Humberto Santander Pelaez | New Sysinternal Updates: AdExplorer v1.44, Contig v1.7, Coreinfo v3.2, Procdump v5.1. See http://blogs.technet.com/b/sysinternals/archive/2012/11/16/updates-adexplorer-v1-44-contig-v1-7-coreinfo-v3-2-procdump-v5-1.aspx?Redirected=true |
| 2012-11-15/a> | Jim Clausing | Another month another password disclosure breach |
| 2012-11-13/a> | Jim Clausing | Microsoft November 2012 Black Tuesday Update - Overview |
| 2012-11-12/a> | John Bambenek | Request for info: Robocall Phishing Against Local/Regional Banks |
| 2012-11-09/a> | Mark Baggett | Remote Diagnostics with PSR |
| 2012-11-09/a> | Mark Baggett | Fresh batch of Microsoft patches next week |
| 2012-11-08/a> | Daniel Wesemann | Get a 40% discount on your hotel room! |
| 2012-11-07/a> | Mark Baggett | Help eliminate unquoted path vulnerabilities |
| 2012-11-07/a> | Mark Baggett | Multiple 0-Days Reported! |
| 2012-11-07/a> | Mark Baggett | Cisco TACACS+ Authentication Bypass |
| 2012-11-05/a> | Johannes Ullrich | Reminder: Ongoing SMTP Brute Forcing Attacks |
| 2012-11-05/a> | Johannes Ullrich | Possible Fake-AV Ads from Doubleclick Servers |
| 2012-11-04/a> | Lorna Hutcheson | What's important on your network? |
| 2012-10-31/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 31 - Business Continuity and Disaster Recovery |
| 2012-10-30/a> | Johannes Ullrich | Hurricane Sandy Update |
| 2012-10-30/a> | Richard Porter | Splunk 5.0 SP-CAAAHB4 http://www.splunk.com/view/SP-CAAAHB4 |
| 2012-10-30/a> | Mark Hofman | Cyber Security Awareness Month - Day 30 - DSD 35 mitigating controls |
| 2012-10-28/a> | Tony Carothers | Firefox 16.02 Released |
| 2012-10-26/a> | Russ McRee | Cyber Security Awareness Month - Day 26 - Attackers use trusted domain to propagate Citadel Zeus variant |
| 2012-10-25/a> | Richard Porter | Cyber Security Awareness Month - Day 25 - Pro Audio & Video Packets on the Wire |
| 2012-10-24/a> | Russ McRee | Cyber Security Awareness Month - Day 24 - A Standard for Information Security Incident Management - ISO 27035 |
| 2012-10-24/a> | Russ McRee | Ongoing Windstream outage in the midwest - https://twitter.com/search?q=windstream |
| 2012-10-21/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 22: Connectors |
| 2012-10-21/a> | Lorna Hutcheson | Potential Phish for Regular Webmail Accounts |
| 2012-10-19/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 19: Standard log formats and CEE. |
| 2012-10-18/a> | Rob VandenBrink | Cyber Security Awareness Month - Day 18 - Vendor Standards: The vSphere Hardening Guide |
| 2012-10-17/a> | Mark Hofman | Oracle Critical Patch Update October |
| 2012-10-17/a> | Mark Hofman | New Acrobat release (including reader) available. Version 11. Some security improvements more here -->http://blogs.adobe.com/adobereader/ |
| 2012-10-17/a> | Rob VandenBrink | Cyber Security Awareness Month - Day 17 - A Standard for Risk Management - ISO 27005 |
| 2012-10-16/a> | Richard Porter | CyberAwareness Month - Day 15, Standards Body Soup (pt2), Same Soup Different Cook. |
| 2012-10-16/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 16: W3C and HTML |
| 2012-10-14/a> | Pedro Bueno | Cyber Security Awareness Month - Day 14 - Poor Man's File Analysis System - Part 1 |
| 2012-10-11/a> | Rob VandenBrink | Cyber Security Awareness Month - Day 11 - Vendor Agnostic Standards (Center for Internet Security) |
| 2012-10-09/a> | Johannes Ullrich | Microsoft October 2012 Black Tuesday Update - Overview |
| 2012-10-08/a> | Mark Hofman | Cyber Security Awareness Month - Day 8 ISO 27001 |
| 2012-10-07/a> | Tony Carothers | Cyber Security Awareness Month - Day 7 - Rollup Review of CSAM Week 1 |
| 2012-10-05/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 5: Standards Body Soup, So many Flavors in the bowl. |
| 2012-10-05/a> | Richard Porter | VMWare Security Advisory: VMSA-2012-0014 - http://www.vmware.com/security/advisories/VMSA-2012-0014.html |
| 2012-10-05/a> | Adam Swanger | ISC Feature of the Week: Report Fake Tech Support Call Statistics |
| 2012-10-05/a> | Richard Porter | Reports of a Distributed Injection Scan |
| 2012-10-04/a> | Mark Hofman | And the SHA-3 title goes to .....Keccak |
| 2012-10-04/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 4: Crypto Standards |
| 2012-10-03/a> | Kevin Shortt | Fake Support Calls Reported |
| 2012-10-02/a> | Russ McRee | Cyber Security Awareness Month - Day 2 - PCI Security Standard: Mobile Payment Acceptance Security Guidelines |
| 2012-10-01/a> | Johannes Ullrich | Cyber Security Awareness Month |
| 2012-09-28/a> | Joel Esler | Adobe certification revocation for October 4th |
| 2012-09-27/a> | Kevin Shortt | Cisco IOS Security Advisory Bundle - http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep12.html |
| 2012-09-27/a> | Adam Swanger | ISC Feature of the Week: Glossary |
| 2012-09-26/a> | Johannes Ullrich | Some Android phones can be reset to factory default by clicking on links |
| 2012-09-26/a> | Johannes Ullrich | More Java Woes |
| 2012-09-21/a> | Johannes Ullrich | iOS 6 Security Roundup |
| 2012-09-20/a> | Russ McRee | Flash Player update but no announcement, check your version http://www.adobe.com/software/flash/about/ |
| 2012-09-20/a> | Russ McRee | Apple and Cisco Security Advisories 19 SEP 2012 |
| 2012-09-20/a> | Russ McRee | Financial sector advisory: attacks and threats against financial institutions |
| 2012-09-19/a> | Russ McRee | Script kiddie scavenging with Shellbot.S |
| 2012-09-19/a> | Kevin Liston | Volatility: 2.2 is Coming Soon |
| 2012-09-17/a> | Rob VandenBrink | What's on your iPad? |
| 2012-09-14/a> | Lenny Zeltser | Analyzing Malicious RTF Files Using OfficeMalScanner's RTFScan |
| 2012-09-14/a> | Lenny Zeltser | Scam Report - Fake Voice Mail Email Notification Redirects to Malicious Site |
| 2012-09-14/a> | Adam Swanger | ISC Feature of the Week: Privacy Policy |
| 2012-09-13/a> | Mark Baggett | More SSL trouble |
| 2012-09-13/a> | Mark Baggett | TCP Fuzzing with Scapy |
| 2012-09-13/a> | Mark Baggett | Microsoft disrupts traffic associated with the Nitol botnet |
| 2012-09-10/a> | Johannes Ullrich | Microsoft Patch Tuesday Pre-Release |
| 2012-09-10/a> | Johannes Ullrich | Godaddy DDoS Attack |
| 2012-09-10/a> | donald smith | Blue Toad publishing co compromise lead to UDID release. http://redtape.nbcnews.com/_news/2012/09/10/13781440-exclusive-the-real-source-of-apple-device-ids-leaked-by-anonymous-last-week?lite |
| 2012-09-09/a> | Guy Bruneau | Phishing/Spam Pretending to be from BBB |
| 2012-09-07/a> | Chris Mohan | Keeping an eye on those BYODs with DHCP |
| 2012-09-06/a> | Johannes Ullrich | SSL Requests sent to port 80 (request for help/input) |
| 2012-09-04/a> | Johannes Ullrich | Another round of "Spot the Exploit E-Mail" |
| 2012-09-02/a> | Lorna Hutcheson | Demonstrating the value of your Intrusion Detection Program and Analysts |
| 2012-09-01/a> | Russ McRee | Blackhole targeting Java vulnerability via fake Microsoft Services Agreement email phish |
| 2012-08-31/a> | Johannes Ullrich | VMware Updates |
| 2012-08-31/a> | Russ McRee | Not so fast: Java 7 Update 7 critical vulnerability discovered in less than 24 hours |
| 2012-08-30/a> | Johannes Ullrich | Editorial: The Slumlord Approach to Network Security http://isc.sans.edu/j/editorial |
| 2012-08-29/a> | Johannes Ullrich | "Data" URLs used for in-URL phishing |
| 2012-08-27/a> | Johannes Ullrich | Malware Spam harvesting Facebook Information |
| 2012-08-27/a> | Johannes Ullrich | The Good, Bad and Ugly about Assigning IPv6 Addresses |
| 2012-08-26/a> | Lorna Hutcheson | Who ya gonna contact? |
| 2012-08-23/a> | Adam Swanger | ISC Feature of the Week: Contact Us |
| 2012-08-22/a> | Adrien de Beaupre | Apple Remote Desktop update fixes no encryption issue |
| 2012-08-22/a> | Adrien de Beaupre | Phishing/spam via SMS |
| 2012-08-21/a> | Adrien de Beaupre | YYABCAFU - Yes Yet Another Bleeping Critical Adobe Flash Update |
| 2012-08-21/a> | Adrien de Beaupre | RuggedCom fails key management 101 on Rugged Operating System (ROS) |
| 2012-08-20/a> | Manuel Humberto Santander Pelaez | Do we need test procedures in our companies before implementing Antivirus signatures? |
| 2012-08-19/a> | Manuel Humberto Santander Pelaez | Authentication Issues between entities during protocol message exchange in SCADA Systems |
| 2012-08-17/a> | Guy Bruneau | Suspicious eFax Spear Phishing Messages |
| 2012-08-15/a> | Guy Bruneau | Cisco IOS XR Software Route Processor DoS Vulnerability - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120530-iosxr |
| 2012-08-14/a> | Rick Wanner | Backtrack 5 r3 released - http://www.backtrack-linux.org/downloads/ |
| 2012-08-13/a> | Rick Wanner | Interesting scan for medical certification information... |
| 2012-08-12/a> | Tony Carothers | Layers of the Defense-in-Depth Onion |
| 2012-08-12/a> | Tony Carothers | Oracle Security Alert for CVE-2012-3132 |
| 2012-08-10/a> | Adam Swanger | ISC Feature of the Week: Report Fake Tech Support Calls |
| 2012-08-09/a> | Mark Hofman | Zeus/Citadel variant causing issues in the Netherlands |
| 2012-08-09/a> | Mark Hofman | SQL Injection Lilupophilupop style, Part 2 |
| 2012-08-08/a> | Adrien de Beaupre | snort updated to 2.9.3.1 Changelog: http://www.snort.org/downloads/1837 |
| 2012-08-07/a> | Adrien de Beaupre | Who protects small business? |
| 2012-08-05/a> | Daniel Wesemann | Phishing for Payroll with unpatched Java |
| 2012-08-04/a> | Adam Swanger | ISC Feature of the Week: Handler Select News Feed |
| 2012-08-04/a> | Kevin Liston | Vendors: More Patch-Release Options Please |
| 2012-07-27/a> | Daniel Wesemann | Cuckoo 0.4 is out - cool new features for malware analysis http://www.cuckoosandbox.org/ |
| 2012-07-26/a> | Adam Swanger | ISC Feature of the Week: The 404Project - now with IP Mask |
| 2012-07-24/a> | Richard Porter | Wireshark 1.8.1 Released http://www.wireshark.org/ |
| 2012-07-24/a> | Richard Porter | Report of spike in DNS Queries gd21.net |
| 2012-07-20/a> | Mark Baggett | Syria Internet connection cut? |
| 2012-07-19/a> | Mark Baggett | Diagnosing Malware with Resource Monitor |
| 2012-07-19/a> | Mark Baggett | A Heap of Overflows? |
| 2012-07-16/a> | Richard Porter | Sysinternals Update @ http://blogs.technet.com/b/sysinternals/archive/2012/07/16/updates-handle-v3-5-process-explorer-v15-22-process-monitor-v3-03-rammap-v1-21-zoomit-v4-3.aspx |
| 2012-07-15/a> | Guy Bruneau | New ISC Poll - Are you currently using a Security Information and Event Management (SIEM) solution to collect security logs? |
| 2012-07-13/a> | Richard Porter | Yesterday (not as on the ball as Rob) at SANSFire |
| 2012-07-13/a> | Russ McRee | 2 for 1: SANSFIRE & MSRA presentations |
| 2012-07-13/a> | Russ McRee | VMWare Security Advisory 12 JUL 2012 |
| 2012-07-13/a> | Russ McRee | Yahoo service SQL injection vuln leads to account exposure |
| 2012-07-12/a> | Rick Wanner | Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctms |
| 2012-07-12/a> | Rick Wanner | Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Recording Server - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctrs |
| 2012-07-12/a> | Rick Wanner | Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-cts |
| 2012-07-12/a> | Rick Wanner | Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Manager - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctsman |
| 2012-07-12/a> | Rob VandenBrink | Today at SANSFIRE - Dude Your Car is PWND ! |
| 2012-07-12/a> | Adam Swanger | ISC Feature of the Week: Internet Storm Center Events |
| 2012-07-10/a> | Swa Frantzen | Microsoft revoking trust in Microsoft certificates - SA 2728973 |
| 2012-07-10/a> | Swa Frantzen | Microsoft fix-it to disable gadgets - SA 2719662 |
| 2012-07-09/a> | Johannes Ullrich | The FBI will turn off the Internet on Monday (or not) |
| 2012-07-09/a> | Manuel Humberto Santander Pelaez | Internet Storm Center panel tonight at SANSFIRE 2012! |
| 2012-07-05/a> | Adrien de Beaupre | New OS X trojan backdoor MaControl variant reported |
| 2012-07-05/a> | Adrien de Beaupre | Microsoft advanced notification for July 2012 patch Tuesday |
| 2012-07-02/a> | Joel Esler | A rough guide to keeping your website up |
| 2012-07-02/a> | Joel Esler | Linux & Java leap second bug |
| 2012-06-29/a> | Jim Clausing | Updated SysInternals tools - Autoruns, Process Explorer, Process Monitor, PSKill -- http://blogs.technet.com/b/sysinternals/archive/2012/06/28/updates-autoruns-v11-32-process-explorer-v15-21-process-monitor-v3-02-pskill-v1-15-rammap-v1-2.aspx |
| 2012-06-28/a> | Chris Mohan | Massive spike in BGP traffic - Possible BGP poisoning? |
| 2012-06-28/a> | Adam Swanger | ISC Feature of the Week: About the Internet Storm Center |
| 2012-06-26/a> | Daniel Wesemann | Run, Forest! (Update) |
| 2012-06-22/a> | Adam Swanger | ISC Feature of the Week: Tools->ISC At-A-Glance |
| 2012-06-21/a> | Russ McRee | Cisco Security Advisories 20 JUN 2012 |
| 2012-06-21/a> | Russ McRee | Analysis of drive-by attack sample set |
| 2012-06-21/a> | Russ McRee | Wireshark 1.8.0 released 21 JUN 2012 http://www.wireshark.org/download.html |
| 2012-06-19/a> | Daniel Wesemann | Vulnerabilityqueerprocessbrittleness |
| 2012-06-14/a> | Johannes Ullrich | VMWare Security Advisories |
| 2012-06-14/a> | Johannes Ullrich | Spot the Phish: Verizon Wireless |
| 2012-06-10/a> | Scott Fendley | Preying on Users After Major Security Incidents |
| 2012-06-05/a> | Adam Swanger | ISC Feature of the Week: IPv6 Preparedness and Tools |
| 2012-06-04/a> | Lenny Zeltser | Decoding Common XOR Obfuscation in Malicious Code |
| 2012-06-01/a> | Adam Swanger | ISC Feature of the Week: Country and Region Report |
| 2012-05-30/a> | Rob VandenBrink | Too Big to Fail / Too Big to Learn? |
| 2012-05-30/a> | Rob VandenBrink | It's Phishing Season! In fact, it's ALWAYS Phishing Season! |
| 2012-05-25/a> | Guy Bruneau | VMware vMA Security Advisory VMSA-2012-0010 - http://www.vmware.com/security/advisories/VMSA-2012-0010.html |
| 2012-05-24/a> | Adam Swanger | ISC Feature of the Week: Country Report |
| 2012-05-23/a> | Mark Baggett | IP Fragmentation Attacks |
| 2012-05-22/a> | Johannes Ullrich | nmap 6 released |
| 2012-05-17/a> | Johannes Ullrich | New IPv6 Video: IPv6 Router Advertisements https://isc.sans.edu/ipv6videos |
| 2012-05-17/a> | Adam Swanger | ISC Feature of the Week: Tools->Information Gathering |
| 2012-05-11/a> | Adam Swanger | ISC Feature of the Week: Link List |
| 2012-05-04/a> | Adam Swanger | ISC Feature of the Week: Data/Reports |
| 2012-05-03/a> | Guy Bruneau | VMware Critical Security Issues Advisory - http://www.vmware.com/security/advisories/VMSA-2012-0009.html |
| 2012-04-30/a> | Rob VandenBrink | Patch for Oracle TNS Listener issue released ! |
| 2012-04-27/a> | Adam Swanger | ISC Feature of the Week: Handler Created Tools |
| 2012-04-25/a> | Daniel Wesemann | Blacole's obfuscated JavaScript |
| 2012-04-25/a> | Daniel Wesemann | Blacole's shell code |
| 2012-04-18/a> | Adam Swanger | ISC Feature of the Week: Suspicious Domains |
| 2012-04-13/a> | Adam Swanger | ISC Feature of the Week: Get to know the Handlers |
| 2012-04-10/a> | Swa Frantzen | Windows Vista RIP |
| 2012-04-04/a> | Adam Swanger | ISC Feature of the Week: Diary/Infocon/Event Notifications |
| 2012-03-27/a> | Adam Swanger | ISC Feature of the Week: ISC Poll |
| 2012-03-21/a> | Adam Swanger | ISC Feature of the Week: Presentations and Papers |
| 2012-03-15/a> | Adam Swanger | ISC Feature of the Week: Infocon |
| 2012-03-12/a> | Guy Bruneau | OpenSSL Security Update |
| 2012-03-09/a> | Guy Bruneau | VMware New and Updated Advisories |
| 2012-03-06/a> | Adam Swanger | ISC Feature of the Week: Follow us on Twitter |
| 2012-03-03/a> | Jim Clausing | New automated sandbox for Android malware |
| 2012-02-29/a> | Adam Swanger | ISC Feature of the Week: 404Project Reports |
| 2012-02-29/a> | Russ McRee | Cisco Security Advisories - 29FEB2011 |
| 2012-02-24/a> | Guy Bruneau | Cisco Small Business SRP 500 Series Multiple Vulnerabilities - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120223-srp500 |
| 2012-02-23/a> | donald smith | DNS-Changer "clean DNS" extension requested |
| 2012-02-22/a> | Adam Swanger | ISC Feature of the Week: Handler Diaries |
| 2012-02-17/a> | Mark Hofman | Intersting Facebook SPAM |
| 2012-02-15/a> | Adam Swanger | ISC Feature of the Week: XML Feeds |
| 2012-02-09/a> | Richard Porter | DNS Ghost Domains, How I loath you so! |
| 2012-02-07/a> | Jim Clausing | Book Review: Practical Packet Analysis, 2nd ed |
| 2012-02-07/a> | Adam Swanger | ISC Feature of the Week: Security Dashboard |
| 2012-02-03/a> | Guy Bruneau | New Poll - What security issue concerns you the most this year? |
| 2012-02-01/a> | Adam Swanger | ISC Feature of the Week: ISC Search |
| 2012-01-31/a> | Russ McRee | Firefox 10 and VMWare advisories and updates |
| 2012-01-27/a> | Mark Hofman | CISCO Ironport C & M Series telnet vulnerability |
| 2012-01-25/a> | Adam Swanger | ISC Feature of the Week: ISC Link Back |
| 2012-01-19/a> | Chris Mohan | WHOIS contacts are your friends |
| 2012-01-18/a> | Adam Swanger | ISC Feature of the Week: The 404Project |
| 2012-01-11/a> | Adam Swanger | ISC Feature of the Week: Internet Storm Center / DShield API |
| 2012-01-03/a> | Adam Swanger | ISC Feature of the Week: How to Submit Firewall Logs |
| 2011-12-12/a> | Daniel Wesemann | You won 100$ or a free iPad! |
| 2011-12-06/a> | Pedro Bueno | The RedRet connection... |
| 2011-12-05/a> | Stephen Hall | ISC describe DNS crash bug analysis |
| 2011-11-22/a> | Pedro Bueno | Updates on ZeroAccess and BlackHole front... |
| 2011-11-18/a> | Kevin Liston | Recent VMWare security advisories |
| 2011-11-15/a> | Adrien de Beaupre | www.disa.mil down? |
| 2011-11-04/a> | Guy Bruneau | New Poll: In the coming 12 months, what is your deployment plan or status with IPv6? |
| 2011-10-12/a> | Adam Swanger | We are experiencing technical issues with the webcast. The webcast will start as soon as these issues are resolved. |
| 2011-10-05/a> | Jim Clausing | Cisco Advisories - FWSM, ASA, and NAC |
| 2011-10-05/a> | Jim Clausing | VMware Advisory - UDF file system handling |
| 2011-09-28/a> | Richard Porter | All Along the ARP Tower! |
| 2011-09-26/a> | Jason Lam | MySQL.com compromised spreading malware |
| 2011-08-31/a> | Johannes Ullrich | Phishing e-mail to custom e-mail addresses |
| 2011-08-30/a> | Scott Fendley | Cisco Security Advisory - Apache HTTPd DoS |
| 2011-08-17/a> | Rob VandenBrink | Putting all of Your Eggs in One Basket - or How NOT to do Layoffs |
| 2011-08-16/a> | Scott Fendley | Phishing Scam Victim Response |
| 2011-08-03/a> | Johannes Ullrich | Cisco shipping malicious warranty CD |
| 2011-07-19/a> | Richard Porter | SMS Phishing at the SANSFire 2011 Handler Dinner |
| 2011-07-11/a> | John Bambenek | Another Defense Contractor Hacked in AntiSec Hacktivism Spree |
| 2011-07-09/a> | Tony Carothers | Copyright Alert System - What say you? |
| 2011-06-28/a> | Johannes Ullrich | Deja-Vu: Cisco VPN Windows Client Privilege Escalation |
| 2011-06-27/a> | Kevin Shortt | Phishy Spam |
| 2011-06-19/a> | Guy Bruneau | Sega Pass Compromised - 1.29 Million Customers Data Leaked |
| 2011-06-17/a> | Richard Porter | When do you stop owning Technology? |
| 2011-06-08/a> | Johannes Ullrich | Spam from compromised Hotmail accounts |
| 2011-06-06/a> | Manuel Humberto Santander Pelaez | Phishing: Same goal, same techniques and people still falling for such scams |
| 2011-06-04/a> | Rick Wanner | Do you have a personal disaster recovery plan? |
| 2011-06-02/a> | Johannes Ullrich | ISC Site Redesign |
| 2011-06-01/a> | Adrien de Beaupre | Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified IP Phones 7900 Series - http://www.cisco.com/warp/public/707/cisco-sa-20110601-phone.shtml |
| 2011-06-01/a> | Adrien de Beaupre | Cisco Security Advisory: Default Credentials Vulnerability in Cisco Network Registrar - http://www.cisco.com/warp/public/707/cisco-sa-20110601-cnr.shtml |
| 2011-06-01/a> | Adrien de Beaupre | Cisco Security Advisory: Default Credentials for root Account on the Cisco Media Experience Engine 5600 - http://www.cisco.com/warp/public/707/cisco-sa-20110601-mxe.shtml |
| 2011-06-01/a> | Adrien de Beaupre | Cisco Security Advisory: Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client - http://www.cisco.com/warp/public/707/cisco-sa-20110601-ac.shtml |
| 2011-05-30/a> | Johannes Ullrich | Allied Telesis Passwords Leaked |
| 2011-05-25/a> | Daniel Wesemann | Five new Cisco security advisories released. See http://www.cisco.com/go/psirt |
| 2011-05-25/a> | Lenny Zeltser | Monitoring Social Media for Security References to Your Organization |
| 2011-05-20/a> | Guy Bruneau | Sysinternals Updates, Analyzing Stuxnet Infection with Sysinternals Tools Part 3 |
| 2011-04-28/a> | Chris Mohan | Cisco Security Advisories |
| 2011-04-18/a> | John Bambenek | Wordpress.com Security Breach |
| 2011-04-14/a> | Adrien de Beaupre | Sysinternals updates, a new blog post, and webcast |
| 2011-04-03/a> | Richard Porter | Extreme Disclosure? Not yet but a great trend! |
| 2011-04-02/a> | Rick Wanner | RSA/EMC: Anatomy of a compromise |
| 2011-03-30/a> | Adrien de Beaupre | Two Cisco advisories: cisco-sa-20110330-nac and cisco-sa-20110330-acs |
| 2011-03-18/a> | Chris Mohan | Deferral Announcement for the March 2011 Cisco IOS Software Security Advisories - http://seclists.org/bugtraq/2011/Mar/170 |
| 2011-02-22/a> | Johannes Ullrich | ISC/DShield Website Update |
| 2011-02-21/a> | Adrien de Beaupre | Winamp forums compromised |
| 2011-02-14/a> | Lorna Hutcheson | Network Visualization |
| 2011-02-14/a> | Richard Porter | Anonymous Damage Control Anybody? |
| 2011-02-10/a> | Chris Mohan | Linksys WAP610N has Unauthenticated Root Console issue |
| 2011-02-08/a> | Chris Mohan | VMWare Security Advisory |
| 2011-02-05/a> | Guy Bruneau | OpenSSH Legacy Certificate Information Disclosure Vulnerability |
| 2011-02-02/a> | Johannes Ullrich | Having Phish on Friday |
| 2011-02-02/a> | Chris Mohan | Default Credentials for Root Account on Cisco Personal Video units |
| 2011-02-01/a> | Lenny Zeltser | The Importance of HTTP Headers When Investigating Malicious Sites |
| 2010-12-30/a> | Rick Wanner | SamuraiWTF Review over at ISSA Toolsmith |
| 2010-12-28/a> | Johannes Ullrich | New annual survey: Please help us improve. http://isc.sans.edu/survey (redirect to surveymonkey) |
| 2010-12-22/a> | John Bambenek | IIS 7.5 0-Day DoS (processing FTP requests) |
| 2010-12-15/a> | Manuel Humberto Santander Pelaez | Vulnerability in the PDF distiller of the BlackBerry Attachment Service |
| 2010-12-13/a> | Deborah Hale | Gawker Media Breach of Security |
| 2010-11-29/a> | Stephen Hall | iPhone phishing - What you see, isn't what you get |
| 2010-11-29/a> | Stephen Hall | Sun security updates |
| 2010-11-22/a> | Lenny Zeltser | Brand Impersonations On-Line: Brandjacking and Social Networks |
| 2010-11-17/a> | Guy Bruneau | Cisco Unified Videoconferencing Affected by Multiple Vulnerabilities |
| 2010-11-15/a> | Stephen Hall | Minibis hits beta with Version 2.1 |
| 2010-09-25/a> | Rick Wanner | Guest Diary: Andrew Hunt - Visualizing the Hosting Patterns of Modern Cybercriminals |
| 2010-09-18/a> | Rick Wanner | Microsoft Security Advisory for ASP.NET |
| 2010-08-22/a> | Manuel Humberto Santander Pelaez | SCADA: A big challenge for information security professionals |
| 2010-08-15/a> | Manuel Humberto Santander Pelaez | Opensolaris project cancelled, replaced by Solaris 11 express |
| 2010-08-13/a> | Guy Bruneau | Cisco IOS Software 15.1(2)T TCP DoS |
| 2010-08-13/a> | Guy Bruneau | Shadowserver Binary Whitelisting Service |
| 2010-08-09/a> | Jim Clausing | Free/inexpensive tools for monitoring systems/networks |
| 2010-08-04/a> | Adrien de Beaupre | Multiple Cisco Advisories |
| 2010-08-03/a> | Johannes Ullrich | When Lightning Strikes |
| 2010-07-30/a> | Guy Bruneau | Cisco Internet Streamer: Web Server Directory Traversal Vulnerability http://www.cisco.com/warp/public/707/cisco-sa-20100721-spcdn.shtml |
| 2010-07-29/a> | Rob VandenBrink | Snort 2.8.6.1 and Snort 2.9 Beta Released |
| 2010-07-25/a> | Rick Wanner | Updated version of Mandiant's Web Historian |
| 2010-07-23/a> | Mark Hofman | A bit old, however CISCO has updated the November 2009 TLS renegotiation vulnerability with additional vulnerable products and patch information. More details here http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml |
| 2010-07-21/a> | Adrien de Beaupre | Update on .LNK vulnerability |
| 2010-07-21/a> | Adrien de Beaupre | autorun.inf and .lnk Malware (NOT 'Vulnerability in Windows Shell Could Allow Remote Code Execution' 2286198) |
| 2010-07-10/a> | Tony Carothers | Software Update for Cisco IE 3000 Series Switches |
| 2010-07-06/a> | Rob VandenBrink | Bogus Support Organizations use Live Operators to Install Malware |
| 2010-07-02/a> | Johannes Ullrich | OISF released version 1.0.0 of Suricata, the open source IDS/IPS engine http://www.openinfosecfoundation.org |
| 2010-06-24/a> | Jason Lam | Help your competitor - Advise them of vulnerability |
| 2010-06-21/a> | Adrien de Beaupre | GoDaddy Scam/Phish/Spam |
| 2010-06-18/a> | Adrien de Beaupre | End of the road for Cisco CSA |
| 2010-06-18/a> | Adrien de Beaupre | Distributed SSH Brute Force Attempts on the rise again |
| 2010-06-17/a> | Deborah Hale | FYI - Another bogus site |
| 2010-06-15/a> | Manuel Humberto Santander Pelaez | Apple releases advisory for Mac OS X - Multiple vulnerabilities discovered |
| 2010-06-10/a> | Deborah Hale | Another Morning of Fun |
| 2010-06-10/a> | Deborah Hale | Top 5 Social Networking Media Risks |
| 2010-06-10/a> | Deborah Hale | Microsoft Security Advisory 2219475 |
| 2010-06-09/a> | Deborah Hale | Mass Infection of IIS/ASP Sites |
| 2010-06-07/a> | Manuel Humberto Santander Pelaez | Internet Storm Center panel tonight at SANSFIRE |
| 2010-06-05/a> | Guy Bruneau | Security Advisory for Flash Player, Adobe Reader and Acrobat |
| 2010-06-04/a> | Johannes Ullrich | Changes to Internet Storm Center Host Name |
| 2010-06-01/a> | Mark Hofman | SPF how useful is it? |
| 2010-05-30/a> | Kevin Liston | VMware ESX/ESXi Updates |
| 2010-05-27/a> | Kevin Liston | Sasfis Propagation |
| 2010-05-26/a> | Bojan Zdrnja | Malware modularization and AV detection evasion |
| 2010-05-22/a> | Rick Wanner | SANS 2010 Digital Forensics Summit - APT Based Forensic Challenge |
| 2010-04-27/a> | Rob VandenBrink | Layer 2 Security - L2TPv3 for Disaster Recovery Sites |
| 2010-04-26/a> | Raul Siles | Vulnerable Sites Database |
| 2010-04-22/a> | Deborah Hale | How McAfee turned a Disaster Exercise Into a REAL Learning Experience for Our Community Disaster Team |
| 2010-04-21/a> | Guy Bruneau | Google Chrome Security Update v4.1.249.1059 Released: http://googlechromereleases.blogspot.com/2010/04/stable-update-security-fixes.html |
| 2010-04-19/a> | Daniel Wesemann | Linked into scams? |
| 2010-04-11/a> | Marcus Sachs | Network and process forensics toolset |
| 2010-04-04/a> | Mari Nichols | Financial Management of Cyber Risk |
| 2010-03-30/a> | Pedro Bueno | Sharing the Tools |
| 2010-03-27/a> | Guy Bruneau | HP-UX Running NFS/ONCplus, Inadvertently Enabled NFS |
| 2010-03-26/a> | Daniel Wesemann | Getting the EXE out of the RTF again |
| 2010-03-24/a> | Kyle Haugsness | Cisco security updates |
| 2010-03-21/a> | Scott Fendley | Skipfish - Web Application Security Tool |
| 2010-03-10/a> | Rob VandenBrink | Microsoft Security Advisory 981374 - Remote Code Execution Vulnerability for IE6 and IE7 |
| 2010-03-10/a> | Rob VandenBrink | Microsoft re-release of KB973811 - attacks on Extended Protection for Authentication |
| 2010-03-01/a> | Mark Hofman | Microsoft will drop support for Vista (without any Service Packs) on April 13 and support for XP SP2 ends July 13. (i.e. no more security updates). If you are still running these, it it time to update. |
| 2010-02-28/a> | Mari Nichols | Disasters take practice |
| 2010-02-26/a> | Rick Wanner | NIST Guidelines for Secure Deployment of IPv6 - http://csrc.nist.gov/publications/drafts/800-119/draft-sp800-119_feb2010.pdf |
| 2010-02-17/a> | Rob VandenBrink | Cisco ASA5500 Security Updates - cisco-sa-20100217-asa |
| 2010-02-17/a> | Rob VandenBrink | Cisco Security Agent Security Updates: cisco-sa-20100217-csa |
| 2010-02-15/a> | Johannes Ullrich | New ISC Tool: Whitelist Hash Database |
| 2010-02-15/a> | Johannes Ullrich | Various Olympics Related Dangerous Google Searches |
| 2010-02-13/a> | Lorna Hutcheson | Network Traffic Analysis in Reverse |
| 2010-02-09/a> | Adrien de Beaupre | When is a 0day not a 0day? Samba symlink bad default config |
| 2010-02-03/a> | Johannes Ullrich | Information Disclosure Vulnerability in Internet Explorer |
| 2010-02-02/a> | Johannes Ullrich | Twitter Mass Password Reset due to Phishing |
| 2010-02-02/a> | Guy Bruneau | Cisco Secure Desktop Remote XSS Vulnerability |
| 2010-01-26/a> | Jason Lam | e107 CMS system website compromised |
| 2010-01-21/a> | Johannes Ullrich | New Microsoft Advisory: Vulnerability in Windows Kernel Privilege Escalation (CVE-2010-0232) |
| 2010-01-20/a> | Johannes Ullrich | Weathering the Storm Part 1: An analysis of our SANS ISC weblogs http://appsecstreetfighter.com |
| 2010-01-14/a> | Bojan Zdrnja | PDF Babushka |
| 2010-01-14/a> | Bojan Zdrnja | DRG (Dragon Research Group) Distro available for general release |
| 2010-01-07/a> | Daniel Wesemann | Static analysis of malicious PDFs |
| 2010-01-07/a> | Daniel Wesemann | Static analysis of malicous PDFs (Part #2) |
| 2009-12-29/a> | Rick Wanner | Microsoft responds to possible IIS 6 0-day |
| 2009-12-28/a> | Johannes Ullrich | 8 Basic Rules to Implement Secure File Uploads http://jbu.me/48 (inspired by IIS ; bug) |
| 2009-12-27/a> | Patrick Nolan | Pressure increasing for Microsoft to patch IIS 0 day |
| 2009-12-24/a> | Guy Bruneau | Microsoft IIS File Parsing Extension Vulnerability |
| 2009-12-23/a> | Johannes Ullrich | Tell us about your Christmas Family Emergency Kit |
| 2009-12-19/a> | Deborah Hale | Frustrations of ISP Abuse Handling |
| 2009-12-16/a> | Rob VandenBrink | Beware the Attack of the Christmas Greeting Cards ! |
| 2009-12-04/a> | Daniel Wesemann | The economics of security advice (MSFT research paper) |
| 2009-11-29/a> | Patrick Nolan | A Cloudy Weekend |
| 2009-11-25/a> | Jim Clausing | Updates to my GREM Gold scripts and a new script |
| 2009-11-24/a> | John Bambenek | BIND Security Advisory (DNSSEC only) |
| 2009-11-18/a> | Rob VandenBrink | Using a Cisco Router as a “Remote Collector” for tcpdump or Wireshark |
| 2009-11-14/a> | Adrien de Beaupre | Microsoft advisory for Windows 7 / Windows Server 2008 R2 Remote SMB DoS Exploit released |
| 2009-11-03/a> | Bojan Zdrnja | Opachki, from (and to) Russia with love |
| 2009-10-30/a> | Rob VandenBrink | New version of NIST 800-41, Firewalls and Firewall Policy Guidelines |
| 2009-10-22/a> | Adrien de Beaupre | Sysinternals updates: Disk2vhd v1.1, ZoomIt v4.1, Coreinfo v2.0, VMMap v2.4 |
| 2009-10-20/a> | Raul Siles | WASC 2008 Statistics |
| 2009-10-19/a> | Daniel Wesemann | Scam Email |
| 2009-10-16/a> | Adrien de Beaupre | Cyber Security Awareness Month - Day 16 - Port 1521 - Oracle TNS Listener |
| 2009-10-16/a> | Adrien de Beaupre | Multiple Vulnerabilities in Cisco Wireless LAN Controllers |
| 2009-10-09/a> | Rob VandenBrink | AT&T Cell Phone Phish |
| 2009-10-05/a> | Adrien de Beaupre | Time to change your hotmail/gmail/yahoo password |
| 2009-10-04/a> | Guy Bruneau | Samba Security Information Disclosure and DoS |
| 2009-09-25/a> | Lenny Zeltser | Categories of Common Malware Traits |
| 2009-09-16/a> | Raul Siles | IETF Draft for Remediation of Bots in ISP Networks |
| 2009-09-15/a> | Johannes Ullrich | SANS releases new Cyber Security Risk Report |
| 2009-09-10/a> | Johannes Ullrich | Healthcare Spam |
| 2009-09-10/a> | Guy Bruneau | Firefox 3.5.3 and 3.0.14 has been released |
| 2009-09-08/a> | Adrien de Beaupre | Microsoft Security Advisory 975191 Revised |
| 2009-09-08/a> | Guy Bruneau | Cisco Security Advisory TCP DoS |
| 2009-09-07/a> | Jim Clausing | Seclists.org is finally back |
| 2009-09-04/a> | Adrien de Beaupre | Vulnerabilities (plural) in MS IIS FTP Service 5.0, 5.1. 6.0, 7.0 |
| 2009-08-28/a> | Adrien de Beaupre | apache.org compromised |
| 2009-08-26/a> | Johannes Ullrich | Cisco over-the-air-provisioning skyjacking exploit |
| 2009-07-29/a> | Bojan Zdrnja | Increasing number of attacks on security sites |
| 2009-07-28/a> | Adrien de Beaupre | Twitter spam/phish |
| 2009-07-26/a> | Jim Clausing | New Volatility plugins |
| 2009-07-16/a> | Guy Bruneau | Changes in Windows Security Center |
| 2009-07-11/a> | Marcus Sachs | Imageshack |
| 2009-07-02/a> | Daniel Wesemann | Getting the EXE out of the RTF |
| 2009-06-23/a> | Bojan Zdrnja | Slowloris and Iranian DDoS attacks |
| 2009-06-16/a> | Bojan Zdrnja | Iranian hacktivism |
| 2009-06-12/a> | Adrien de Beaupre | Google updates for Chrome |
| 2009-06-11/a> | Rick Wanner | MIR-ROR Motile Incident Response - Respond Objectively Remediate |
| 2009-05-30/a> | John Bambenek | Embedded Devices: An Avenue for Cyberterrorism? |
| 2009-05-28/a> | Stephen Hall | Microsoft DirectShow vulnerability |
| 2009-05-27/a> | donald smith | Host file black lists |
| 2009-05-26/a> | Jason Lam | Vista & Win2K8 SP2 available |
| 2009-05-24/a> | Raul Siles | IIS admins, help finding WebDAV remotely using nmap |
| 2009-05-24/a> | Raul Siles | Facebook phising using Belgium (.be) domains |
| 2009-05-21/a> | Adrien de Beaupre | IIS admins, help finding WebDAV |
| 2009-05-18/a> | Rick Wanner | Cisco SAFE Security Reference Guide Updated |
| 2009-05-15/a> | Daniel Wesemann | IIS6.0 WebDav Remote Auth Bypass |
| 2009-05-04/a> | Tom Liston | Facebook phishing malware |
| 2009-04-19/a> | Mari Nichols | Providing Accurate Risk Assessments |
| 2009-04-15/a> | Marcus Sachs | 2009 Data Breach Investigation Report |
| 2009-03-30/a> | Daniel Wesemann | Watch your Internet routers! |
| 2009-03-27/a> | Mark Hofman | There is some SMiShing going on in the EU |
| 2009-03-26/a> | Mark Hofman | Sanitising media |
| 2009-03-25/a> | Mari Nichols | Cisco Releases IOS Bundle of Vulnerabilities |
| 2009-03-21/a> | Stephen Hall | Updates to ISC BIND |
| 2009-03-13/a> | Bojan Zdrnja | When web application security, Microsoft and the AV vendors all fail |
| 2009-02-20/a> | Mark Hofman | Phishing with a small twist |
| 2009-02-12/a> | Mark Hofman | Australian Bushfires |
| 2009-02-10/a> | Bojan Zdrnja | More tricks from Conficker and VM detection |
| 2009-02-09/a> | Bojan Zdrnja | Some tricks from Conficker's bag |
| 2009-02-08/a> | Mari Nichols | Are we becoming desensitized to data breaches? |
| 2009-02-03/a> | Swa Frantzen | On the importance of patching fast |
| 2009-01-21/a> | Raul Siles | Vulnerabilities on Cisco and Apple products |
| 2009-01-18/a> | Daniel Wesemann | 3322. org |
| 2009-01-15/a> | Bojan Zdrnja | Conficker's autorun and social engineering |
| 2009-01-12/a> | William Salusky | Web Application Firewalls (WAF) - Have you deployed WAF technology? |
| 2009-01-11/a> | Deborah Hale | The Frustration of Phishing Attacks |
| 2009-01-07/a> | Bojan Zdrnja | An Israeli patriot program or a trojan |
| 2009-01-07/a> | William Salusky | BIND 9.x security patch - resolves potentially new DNS poisoning vector |
| 2009-01-04/a> | Rick Wanner | Twitter/Facebook Phishing Attempt |
| 2009-01-02/a> | Rick Wanner | Tools on my Christmas list. |
| 2008-12-25/a> | Maarten Van Horenbeeck | Christmas Ecard Malware |
| 2008-12-16/a> | donald smith | Cisco's Annual Security report has been released. |
| 2008-12-13/a> | Jim Clausing | Followup from last shift and some research to do. |
| 2008-11-17/a> | Marcus Sachs | New Tool: NetWitness Investigator |
| 2008-11-17/a> | Jim Clausing | Finding stealth injected DLLs |
| 2008-11-16/a> | Maarten Van Horenbeeck | Detection of Trojan control channels |
| 2008-11-11/a> | Swa Frantzen | Phishing for Google adwords |
| 2008-10-29/a> | Deborah Hale | Enom Phishing - Caution Enom Registrars |
| 2008-10-20/a> | Johannes Ullrich | Fraudulent ATM Reactivation Phone Calls. |
| 2008-10-10/a> | Marcus Sachs | Fake Microsoft Update Email |
| 2008-10-02/a> | Kyle Haugsness | Low, slow, distributed SSH username brute forcing |
| 2008-09-24/a> | Deborah Hale | Flurry of Security Advisories from CISCO |
| 2008-09-08/a> | Raul Siles | Quick Analysis of the 2007 Web Application Security Statistics |
| 2008-09-04/a> | Chris Carboni | Cisco Vulnerabilities |
| 2008-09-03/a> | Daniel Wesemann | Static analysis of Shellcode - Part 2 |
| 2008-08-25/a> | John Bambenek | Thoughts on the Best Western Compromise |
| 2008-08-15/a> | Jim Clausing | OMFW 2008 reflections |
| 2008-08-10/a> | Stephen Hall | From lolly pops to afterglow |
| 2008-07-14/a> | Daniel Wesemann | DR/BCM lessons from the Vancouver fire |
| 2008-07-08/a> | Swa Frantzen | Security implications in HVAC equipment |
| 2008-07-07/a> | Pedro Bueno | Bad url classification |
| 2008-07-02/a> | Jim Clausing | Another little script I threw together |
| 2008-06-18/a> | Chris Carboni | Cisco Security Advisory |
| 2008-06-17/a> | Kyle Haugsness | Why go high-tech? |
| 2008-06-13/a> | Johannes Ullrich | Floods: More of the same (2) |
| 2008-06-01/a> | Mari Nichols | Updates to VMware resolve critical security issues |
| 2008-05-30/a> | Johannes Ullrich | ISC Flyer is ready |
| 2008-05-28/a> | Johannes Ullrich | Reminder: Proper use of DShield data |
| 2008-05-27/a> | Johannes Ullrich | Suggestions wanted for ISC |
| 2008-05-26/a> | Marcus Sachs | Predictable Response |
| 2008-05-25/a> | Stephen Hall | Cisco's Response to Rootkit presentation |
| 2008-05-23/a> | Mike Poor | Cisco IOS Rootkit thoughts |
| 2008-05-20/a> | Raul Siles | List of malicious domains inserted through SQL injection |
| 2008-05-19/a> | Maarten Van Horenbeeck | Text message and telephone aid scams |
| 2008-05-17/a> | Jim Clausing | Disaster donation scams continue |
| 2008-05-03/a> | Deborah Hale | Windows Vista Update Causing Loss of Audio on Some Systems |
| 2008-04-18/a> | John Bambenek | IIS Vulnerability Documented by Microsoft - Includes Workarounds |
| 2008-04-14/a> | John Bambenek | A Federal Subpoena or Just Some More Spam & Malware? |
| 2008-03-26/a> | Swa Frantzen | Cisco security advisory overview |
| 2008-03-22/a> | Koon Yaw Tan | Microsoft Security Advisory Released (950627) |
| 2006-12-26/a> | Swa Frantzen | Vista: better security [Y/N] ? |
| 2006-12-18/a> | Toby Kohlenberg | ORDB Shutting down |
| 2006-12-12/a> | Swa Frantzen | Offline Microsoft Patching |
| 2006-10-02/a> | Jim Clausing | Reader's tip of the day: ratios vs. raw counts |
| 2006-09-18/a> | Jim Clausing | Log analysis follow up |
| 2006-09-10/a> | Lenny Zeltser | Early Discussions of Computer Security in the Media |
| 2006-09-09/a> | Jim Clausing | Log Analysis tips? |
| 2006-09-09/a> | Jim Clausing | A few preliminary log analysis thoughts |
| 2006-09-06/a> | Johannes Ullrich | Updated Packet Attack flash animation |
A |
| 2025-04-29/a> | Guy Bruneau | Web Scanning Sonicwall for CVE-2021-20016 |
| 2025-04-25/a> | Xavier Mertens | Example of a Payload Delivered Through Steganography |
| 2025-04-24/a> | Johannes Ullrich | Attacks against Teltonika Networks SMS Gateways |
| 2025-04-23/a> | Jesse La Grew | Honeypot Iptables Maintenance and DShield-SIEM Logging |
| 2025-04-21/a> | Jan Kopriva | It's 2025... so why are obviously malicious advertising URLs still going strong? |
| 2025-04-16/a> | Guy Bruneau | RedTail, Remnux and Malware Management [Guest Diary] |
| 2025-04-15/a> | Xavier Mertens | Online Services Again Abused to Exfiltrate Data |
| 2025-04-12/a> | Johannes Ullrich | Exploit Attempts for Recent Langflow AI Vulnerability (CVE-2025-3248) |
| 2025-04-09/a> | Xavier Mertens | Obfuscated Malicious Python Scripts with PyArmor |
| 2025-04-09/a> | Guy Bruneau | Network Infraxploit [Guest Diary] |
| 2025-04-06/a> | Johannes Ullrich | New SSH Username Report |
| 2025-04-02/a> | Guy Bruneau | Exploring Statistical Measures to Predict URLs as Legitimate or Intrusive [Guest Diary] |
| 2025-03-31/a> | Johannes Ullrich | Apache Camel Exploit Attempt by Vulnerability Scan (CVE-2025-27636, CVE-2025-29891) |
| 2025-03-31/a> | Johannes Ullrich | Apple Patches Everything: March 31st 2025 Edition |
| 2025-03-27/a> | Johannes Ullrich | Sitecore "thumbnailsaccesstoken" Deserialization Scans (and some new reports) CVE-2025-27218 |
| 2025-03-26/a> | Jesse La Grew | [Guest Diary] Leveraging CNNs and Entropy-Based Feature Selection to Identify Potential Malware Artifacts of Interest |
| 2025-03-23/a> | Johannes Ullrich | Let's Talk About HTTP Headers. |
| 2025-03-20/a> | Johannes Ullrich | Some new Data Feeds, and a little "incident". |
| 2025-03-18/a> | Xavier Mertens | Python Bot Delivered Through DLL Side-Loading |
| 2025-03-12/a> | Johannes Ullrich | Scans for VMWare Hybrid Cloud Extension (HCX) API (Log4j - not brute forcing) |
| 2025-03-12/a> | Guy Bruneau | File Hashes Analysis with Power BI from Data Stored in DShield SIEM |
| 2025-03-11/a> | Johannes Ullrich | Microsoft Patch Tuesday: March 2025 |
| 2025-03-11/a> | Johannes Ullrich | Apple Fixes Exploited WebKit Vulnerability in iOS, MacOS, visionOS and Safari |
| 2025-03-10/a> | Xavier Mertens | Shellcode Encoded in UUIDs |
| 2025-03-06/a> | Guy Bruneau | DShield Traffic Analysis using ELK |
| 2025-02-27/a> | Xavier Mertens | Njrat Campaign Using Microsoft Dev Tunnels |
| 2025-02-26/a> | Jesse La Grew | [Guest Diary] Malware Source Servers: The Threat of Attackers Using Ephemeral Ports as Service Ports to Upload Data |
| 2025-02-20/a> | Guy Bruneau | Using ES|QL in Kibana to Queries DShield Honeypot Logs |
| 2025-02-19/a> | Xavier Mertens | XWorm Cocktail: A Mix of PE data with PowerShell Code |
| 2025-02-18/a> | Russ McRee | https://SecTemplates.com - simplified, free open-source templates to enable engineering and smaller security teams to bootstrap security capabilities for their organizations |
| 2025-02-17/a> | Russ McRee | ModelScan - Protection Against Model Serialization Attacks |
| 2025-02-15/a> | Xavier Mertens | The Danger of IP Volatility |
| 2025-02-14/a> | Xavier Mertens | Fake BSOD Delivered by Malicious Python Script |
| 2025-02-13/a> | Guy Bruneau | DShield SIEM Docker Updates |
| 2025-02-12/a> | Yee Ching Tok | An ontology for threats, cybercrime and digital forensic investigation on Smart City Infrastructure |
| 2025-02-06/a> | Xavier Mertens | The Unbreakable Multi-Layer Anti-Debugging System |
| 2025-02-06/a> | Johannes Ullrich | My Very Personal Guidance and Strategies to Protect Network Edge Devices |
| 2025-02-05/a> | Johannes Ullrich | Phishing via "com-" prefix domains |
| 2025-01-30/a> | Guy Bruneau | PCAPs or It Didn't Happen: Exposing an Old Netgear Vulnerability Still Active in 2025 [Guest Diary] |
| 2025-01-29/a> | Xavier Mertens | From PowerShell to a Python Obfuscation Race! |
| 2025-01-28/a> | Xavier Mertens | Fileless Python InfoStealer Targeting Exodus |
| 2025-01-24/a> | Jesse La Grew | [Guest Diary] How Access Brokers Maintain Persistence |
| 2025-01-22/a> | Johannes Ullrich | Catching CARP: Fishing for Firewall States in PFSync Traffic |
| 2025-01-21/a> | Johannes Ullrich | Geolocation and Starlink |
| 2025-01-17/a> | Guy Bruneau | Leveraging Honeypot Data for Offensive Security Operations [Guest Diary] |
| 2025-01-16/a> | Jesse La Grew | Extracting Practical Observations from Impractical Datasets |
| 2025-01-13/a> | Johannes Ullrich | Hikvision Password Reset Brute Forcing |
| 2025-01-09/a> | Guy Bruneau | Examining Redtail Analyzing a Sophisticated Cryptomining Malware and its Advanced Tactics [Guest Diary] |
| 2025-01-07/a> | Yee Ching Tok | PacketCrypt Classic Cryptocurrency Miner on PHP Servers |
| 2025-01-06/a> | Xavier Mertens | Make Malware Happy |
| 2025-01-03/a> | Xavier Mertens | SwaetRAT Delivery Through Python |
| 2025-01-02/a> | Xavier Mertens | Goodware Hash Sets |
| 2024-12-31/a> | Xavier Mertens | No Holiday Season for Attackers |
| 2024-12-27/a> | Guy Bruneau | Phishing for Banking Information |
| 2024-12-26/a> | Jesse La Grew | Capturing Honeypot Data Beyond the Logs |
| 2024-12-24/a> | Xavier Mertens | More SSH Fun! |
| 2024-12-23/a> | Xavier Mertens | Modiloader From Obfuscated Batch File |
| 2024-12-20/a> | Xavier Mertens | Christmas "Gift" Delivered Through SSH |
| 2024-12-18/a> | Jesse La Grew | [Guest Diary] A Deep Dive into TeamTNT and Spinning YARN |
| 2024-12-17/a> | Xavier Mertens | Python Delivering AnyDesk Client as RAT |
| 2024-12-17/a> | Guy Bruneau | Command Injection Exploit For PHPUnit before 4.8.28 and 5.x before 5.6.3 [Guest Diary] |
| 2024-12-15/a> | Johannes Ullrich | Exploit attempts inspired by recent Struts2 File Upload Vulnerability (CVE-2024-53677, CVE-2023-50164) |
| 2024-12-11/a> | Guy Bruneau | Vulnerability Symbiosis: vSphere?s CVE-2024-38812 and CVE-2024-38813 [Guest Diary] |
| 2024-12-11/a> | Johannes Ullrich | Apple Updates Everything (iOS, iPadOS, macOS, watchOS, tvOS, visionOS) |
| 2024-12-10/a> | Johannes Ullrich | Microsoft Patch Tuesday: December 2024 |
| 2024-12-05/a> | Jesse La Grew | [Guest Diary] Business Email Compromise |
| 2024-11-30/a> | Xavier Mertens | From a Regular Infostealer to its Obfuscated Version |
| 2024-11-26/a> | Jesse La Grew | [Guest Diary] Using Zeek, Snort, and Grafana to Detect Crypto Mining Malware |
| 2024-11-26/a> | Guy Bruneau | SANS ISC Internship Setup: AWS DShield Sensor + DShield SIEM [Guest Diary] |
| 2024-11-22/a> | Xavier Mertens | An Infostealer Searching for « BIP-0039 » Data |
| 2024-11-19/a> | Xavier Mertens | Detecting the Presence of a Debugger in Linux |
| 2024-11-18/a> | Johannes Ullrich | Exploit attempts for unpatched Citrix vulnerability |
| 2024-11-17/a> | Johannes Ullrich | Ancient TP-Link Backdoor Discovered by Attackers |
| 2024-11-07/a> | Xavier Mertens | Steam Account Checker Poisoned with Infostealer |
| 2024-11-05/a> | Xavier Mertens | Python RAT with a Nice Screensharing Feature |
| 2024-10-31/a> | Guy Bruneau | October 2024 Activity with Username chenzilong |
| 2024-10-28/a> | Johannes Ullrich | Apple Updates Everything |
| 2024-10-17/a> | Guy Bruneau | Scanning Activity from Subnet 15.184.0.0/16 |
| 2024-10-16/a> | Johannes Ullrich | The Top 10 Not So Common SSH Usernames and Passwords |
| 2024-10-15/a> | Johannes Ullrich | Angular-base64-update Demo Script Exploited (CVE-2024-42640) |
| 2024-10-15/a> | Johannes Ullrich | A Network Nerd's Take on Emergency Preparedness |
| 2024-10-09/a> | Xavier Mertens | From Perfctl to InfoStealer |
| 2024-10-07/a> | Xavier Mertens | macOS Sequoia: System/Network Admins, Hold On! |
| 2024-10-03/a> | Guy Bruneau | Kickstart Your DShield Honeypot [Guest Diary] |
| 2024-09-26/a> | Johannes Ullrich | Patch for Critical CUPS vulnerability: Don't Panic |
| 2024-09-25/a> | Johannes Ullrich | DNS Reflection Update and Odd Corrupted DNS Requests |
| 2024-09-25/a> | Guy Bruneau | OSINT - Image Analysis or More Where, When, and Metadata [Guest Diary] |
| 2024-09-24/a> | Johannes Ullrich | Exploitation of RAISECOM Gateway Devices Vulnerability CVE-2024-7120 |
| 2024-09-18/a> | Guy Bruneau | Time-to-Live Analysis of DShield Data with Vega-Lite |
| 2024-09-18/a> | Xavier Mertens | Python Infostealer Patching Windows Exodus App |
| 2024-09-17/a> | Xavier Mertens | 23:59, Time to Exfiltrate! |
| 2024-09-16/a> | Xavier Mertens | Managing PE Files With Overlays |
| 2024-09-13/a> | Jesse La Grew | Finding Honeypot Data Clusters Using DBSCAN: Part 2 |
| 2024-09-11/a> | Xavier Mertens | Python Libraries Used for Malicious Purposes |
| 2024-09-11/a> | Guy Bruneau | Hygiene, Hygiene, Hygiene! [Guest Diary] |
| 2024-09-06/a> | Jesse La Grew | Enrichment Data: Keeping it Fresh |
| 2024-09-04/a> | Guy Bruneau | Attack Surface [Guest Diary] |
| 2024-08-30/a> | Jesse La Grew | Simulating Traffic With Scapy |
| 2024-08-29/a> | Xavier Mertens | Live Patching DLLs with Python |
| 2024-08-27/a> | Xavier Mertens | Why Is Python so Popular to Infect Windows Hosts? |
| 2024-08-27/a> | Guy Bruneau | Vega-Lite with Kibana to Parse and Display IP Activity over Time |
| 2024-08-26/a> | Xavier Mertens | From Highly Obfuscated Batch File to XWorm and Redline |
| 2024-08-23/a> | Jesse La Grew | Pandas Errors: What encoding are my logs in? |
| 2024-08-22/a> | Johannes Ullrich | OpenAI Scans for Honeypots. Artificially Malicious? Action Abuse? |
| 2024-08-20/a> | Guy Bruneau | Mapping Threats with DNSTwist and the Internet Storm Center [Guest Diary] |
| 2024-08-19/a> | Xavier Mertens | Do you Like Donuts? Here is a Donut Shellcode Delivered Through PowerShell/Python |
| 2024-08-16/a> | Jesse La Grew | [Guest Diary] 7 minutes and 4 steps to a quick win: A write-up on custom tools |
| 2024-08-14/a> | Xavier Mertens | Multiple Malware Dropped Through MSI Package |
| 2024-08-07/a> | Guy Bruneau | Same Scripts, Different Day: What My DShield Honeypot Taught Me About the Importance of Security Fundamentals [Guest Diary] |
| 2024-08-01/a> | Johannes Ullrich | Tracking Proxy Scans with IPv4.Games |
| 2024-07-30/a> | Johannes Ullrich | Apple Patches Everything. July 2024 Edition |
| 2024-07-26/a> | Xavier Mertens | ExelaStealer Delivered "From Russia With Love" |
| 2024-07-25/a> | Xavier Mertens | XWorm Hidden With Process Hollowing |
| 2024-07-24/a> | Xavier Mertens | "Mouse Logger" Malicious Python Script |
| 2024-07-23/a> | Johannes Ullrich | New Exploit Variation Against D-Link NAS Devices (CVE-2024-3273) |
| 2024-07-16/a> | Jan Kopriva | "Reply-chain phishing" with a twist |
| 2024-07-16/a> | Guy Bruneau | Who You Gonna Call? AndroxGh0st Busters! [Guest Diary] |
| 2024-07-13/a> | Didier Stevens | 16-bit Hash Collisions in .xls Spreadsheets |
| 2024-07-10/a> | Jesse La Grew | Finding Honeypot Data Clusters Using DBSCAN: Part 1 |
| 2024-07-09/a> | Johannes Ullrich | Microsoft Patch Tuesday July 2024 |
| 2024-07-08/a> | Xavier Mertens | Kunai: Keep an Eye on your Linux Hosts Activity |
| 2024-06-26/a> | Guy Bruneau | What Setting Live Traps for Cybercriminals Taught Me About Security [Guest Diary] |
| 2024-06-20/a> | Guy Bruneau | No Excuses, Free Tools to Help Secure Authentication in Ubuntu Linux [Guest Diary] |
| 2024-06-17/a> | Xavier Mertens | New NetSupport Campaign Delivered Through MSIX Packages |
| 2024-06-13/a> | Guy Bruneau | The Art of JQ and Command-line Fu [Guest Diary] |
| 2024-06-11/a> | Johannes Ullrich | Microsoft Patch Tuesday June 2024 |
| 2024-06-06/a> | Xavier Mertens | Malicious Python Script with a "Best Before" Date |
| 2024-06-04/a> | Johannes Ullrich | No-Defender, Yes-Defender |
| 2024-06-03/a> | Didier Stevens | A Wireshark Lua Dissector for Fixed Field Length Protocols |
| 2024-05-31/a> | Xavier Mertens | "K1w1" InfoStealer Uses gofile.io for Exfiltration |
| 2024-05-30/a> | Xavier Mertens | Feeding MISP with OSSEC |
| 2024-05-28/a> | Guy Bruneau | Is that It? Finding the Unknown: Correlations Between Honeypot Logs & PCAPs [Guest Diary] |
| 2024-05-27/a> | Jan Kopriva | Files with TXZ extension used as malspam attachments |
| 2024-05-22/a> | Guy Bruneau | Analysis of ?redtail? File Uploads to ICS Honeypot, a Multi-Architecture Coin Miner [Guest Diary] |
| 2024-05-22/a> | Rob VandenBrink | NMAP Scanning without Scanning (Part 2) - The ipinfo API |
| 2024-05-21/a> | Rob VandenBrink | Scanning without Scanning with NMAP (APIs FTW) |
| 2024-05-16/a> | Rob VandenBrink | Why yq? Adventures in XML |
| 2024-05-15/a> | Rob VandenBrink | Got MFA? If not, Now is the Time! |
| 2024-05-08/a> | Xavier Mertens | Analyzing Synology Disks on Linux |
| 2024-05-06/a> | Johannes Ullrich | Detecting XFinity/Comcast DNS Spoofing |
| 2024-04-30/a> | Johannes Ullrich | Another Day, Another NAS: Attacks against Zyxel NAS326 devices CVE-2023-4473, CVE-2023-4474 |
| 2024-04-29/a> | Johannes Ullrich | D-Link NAS Device Backdoor Abused |
| 2024-04-29/a> | Guy Bruneau | Linux Trojan - Xorddos with Filename eyshcjdmzg |
| 2024-04-25/a> | Jesse La Grew | Does it matter if iptables isn't running on my honeypot? |
| 2024-04-22/a> | Jan Kopriva | It appears that the number of industrial devices accessible from the internet has risen by 30 thousand over the past three years |
| 2024-04-17/a> | Xavier Mertens | Malicious PDF File Used As Delivery Mechanism |
| 2024-04-16/a> | Yee Ching Tok | Rolling Back Packages on Ubuntu/Debian |
| 2024-04-15/a> | Johannes Ullrich | Quick Palo Alto Networks Global Protect Vulnerablity Update (CVE-2024-3400) |
| 2024-04-13/a> | Johannes Ullrich | Critical Palo Alto GlobalProtect Vulnerability Exploited (CVE-2024-3400) |
| 2024-04-11/a> | Yee Ching Tok | Evolution of Artificial Intelligence Systems and Ensuring Trustworthiness |
| 2024-04-07/a> | Guy Bruneau | A Use Case for Adding Threat Hunting to Your Security Operations Team. Detecting Adversaries Abusing Legitimate Tools in A Customer Environment. [Guest Diary] |
| 2024-04-01/a> | Bojan Zdrnja | The amazingly scary xz sshd backdoor |
| 2024-03-31/a> | Didier Stevens | Wireshark 4.2.4 Released |
| 2024-03-29/a> | Xavier Mertens | Quick Forensics Analysis of Apache logs |
| 2024-03-28/a> | Xavier Mertens | From JavaScript to AsyncRAT |
| 2024-03-19/a> | Johannes Ullrich | Attacker Hunting Firewalls |
| 2024-03-17/a> | Guy Bruneau | Gamified Learning: Using Capture the Flag Challenges to Supplement Cybersecurity Training [Guest Diary] |
| 2024-03-14/a> | Jan Kopriva | Increase in the number of phishing messages pointing to IPFS and to R2 buckets |
| 2024-03-13/a> | Xavier Mertens | Using ChatGPT to Deobfuscate Malicious Scripts |
| 2024-03-12/a> | Johannes Ullrich | Microsoft Patch Tuesday - March 2024 |
| 2024-03-10/a> | Guy Bruneau | What happens when you accidentally leak your AWS API keys? [Guest Diary] |
| 2024-03-07/a> | Jesse La Grew | [Guest Diary] AWS Deployment Risks - Configuration and Credential File Targeting |
| 2024-03-06/a> | Bojan Zdrnja | Scanning and abusing the QUIC protocol |
| 2024-03-05/a> | Johannes Ullrich | Apple Releases iOS/iPadOS Updates with Zero Day Fixes. |
| 2024-03-03/a> | Guy Bruneau | Capturing DShield Packets with a LAN Tap [Guest Diary] |
| 2024-02-29/a> | Jesse La Grew | [Guest Diary] Dissecting DarkGate: Modular Malware Delivery and Persistence as a Service. |
| 2024-02-28/a> | Johannes Ullrich | Exploit Attempts for Unknown Password Reset Vulnerability |
| 2024-02-25/a> | Guy Bruneau | Utilizing the VirusTotal API to Query Files Uploaded to DShield Honeypot [Guest Diary] |
| 2024-02-22/a> | Johannes Ullrich | Large AT&T Wireless Network Outage #att #outage |
| 2024-02-21/a> | Jan Kopriva | Phishing pages hosted on archive.org |
| 2024-02-20/a> | Xavier Mertens | Python InfoStealer With Dynamic Sandbox Detection |
| 2024-02-18/a> | Guy Bruneau | Mirai-Mirai On The Wall... [Guest Diary] |
| 2024-02-12/a> | Johannes Ullrich | Exploit against Unnamed "Bytevalue" router vulnerability included in Mirai Bot |
| 2024-02-09/a> | Xavier Mertens | MSIX With Heavily Obfuscated PowerShell Script |
| 2024-02-08/a> | Xavier Mertens | A Python MP3 Player with Builtin Keylogger Capability |
| 2024-02-06/a> | Jan Kopriva | Computer viruses are celebrating their 40th birthday (well, 54th, really) |
| 2024-02-05/a> | Jesse La Grew | Public Information and Email Spam |
| 2024-02-03/a> | Guy Bruneau | DShield Sensor Log Collection with Elasticsearch |
| 2024-01-31/a> | Johannes Ullrich | The Fun and Dangers of Top Level Domains (TLDs) |
| 2024-01-29/a> | Johannes Ullrich | Exploit Flare Up Against Older Altassian Confluence Vulnerability |
| 2024-01-26/a> | Xavier Mertens | A Batch File With Multiple Payloads |
| 2024-01-25/a> | Xavier Mertens | Facebook AdsManager Targeted by a Python Infostealer |
| 2024-01-24/a> | Johannes Ullrich | How Bad User Interfaces Make Security Tools Harmful |
| 2024-01-22/a> | Johannes Ullrich | Apple Updates Everything - New 0 Day in WebKit |
| 2024-01-19/a> | Xavier Mertens | macOS Python Script Replacing Wallet Applications with Rogue Apps |
| 2024-01-18/a> | Johannes Ullrich | More Scans for Ivanti Connect "Secure" VPN. Exploits Public |
| 2024-01-17/a> | Jesse La Grew | Number Usage in Passwords |
| 2024-01-16/a> | Johannes Ullrich | Scans for Ivanti Connect "Secure" VPN Vulnerability (CVE-2023-46805, CVE-2024-21887) |
| 2024-01-12/a> | Xavier Mertens | One File, Two Payloads |
| 2024-01-08/a> | Jesse La Grew | What is that User Agent? |
| 2024-01-07/a> | Guy Bruneau | Suspicious Prometei Botnet Activity |
| 2024-01-06/a> | Xavier Mertens | Are you sure of your password? |
| 2024-01-05/a> | Rob VandenBrink | Netstat, but Better and in PowerShell |
| 2024-01-04/a> | Jim Clausing | Wireshark updates |
| 2024-01-03/a> | Jan Kopriva | Interesting large and small malspam attachments from 2023 |
| 2024-01-02/a> | Johannes Ullrich | Fingerprinting SSH Identification Strings |
| 2023-12-31/a> | Tom Webb | Pi-Hole Pi4 Docker Deployment |
| 2023-12-27/a> | Guy Bruneau | Unveiling the Mirai: Insights into Recent DShield Honeypot Activity [Guest Diary] |
| 2023-12-23/a> | Xavier Mertens | Python Keylogger Using Mailtrap.io |
| 2023-12-22/a> | Xavier Mertens | Shall We Play a Game? |
| 2023-12-20/a> | Guy Bruneau | How to Protect your Webserver from Directory Enumeration Attack ? Apache2 [Guest Diary] |
| 2023-12-16/a> | Xavier Mertens | An Example of RocketMQ Exploit Scanner |
| 2023-12-15/a> | Xavier Mertens | CSharp Payload Phoning to a CobaltStrike Server |
| 2023-12-13/a> | Guy Bruneau | T-shooting Terraform for DShield Honeypot in Azure [Guest Diary] |
| 2023-12-12/a> | Johannes Ullrich | Microsoft Patch Tuesday December 2023 |
| 2023-12-11/a> | Rob VandenBrink | What is sitemap.xml, and Why a Pentester Should Care |
| 2023-12-11/a> | Johannes Ullrich | Apple Patches Everything |
| 2023-12-10/a> | Guy Bruneau | Honeypots: From the Skeptical Beginner to the Tactical Enthusiast |
| 2023-12-06/a> | Jan Kopriva | Whose packet is it anyway: a new RFC for attribution of internet probes |
| 2023-12-06/a> | Guy Bruneau | Revealing the Hidden Risks of QR Codes [Guest Diary] |
| 2023-12-05/a> | Didier Stevens | Cobalt Strike's "Runtime Configuration" |
| 2023-11-30/a> | John Bambenek | Prophetic Post by Intern on CVE-2023-1389 Foreshadows Mirai Botnet Expansion Today |
| 2023-11-27/a> | Guy Bruneau | Decoding the Patterns: Analyzing DShield Honeypot Activity [Guest Diary] |
| 2023-11-25/a> | Didier Stevens | OVA Files |
| 2023-11-25/a> | Didier Stevens | Wireshark 4.2.0 Released |
| 2023-11-22/a> | Guy Bruneau | CVE-2023-1389: A New Means to Expand Botnets |
| 2023-11-18/a> | Xavier Mertens | Quasar RAT Delivered Through Updated SharpLoader |
| 2023-11-17/a> | Jan Kopriva | Phishing page with trivial anti-analysis features |
| 2023-11-15/a> | Xavier Mertens | Redline Dropped Through MSIX Package |
| 2023-11-09/a> | Xavier Mertens | Visual Examples of Code Injection |
| 2023-11-09/a> | Guy Bruneau | Routers Targeted for Gafgyt Botnet [Guest Diary] |
| 2023-11-08/a> | Xavier Mertens | Example of Phishing Campaign Project File |
| 2023-11-06/a> | Johannes Ullrich | Exploit Activity for CVE-2023-22518, Atlassian Confluence Data Center and Server |
| 2023-11-01/a> | Xavier Mertens | Malware Dropped Through a ZPAQ Archive |
| 2023-10-31/a> | Xavier Mertens | Multiple Layers of Anti-Sandboxing Techniques |
| 2023-10-29/a> | Guy Bruneau | Spam or Phishing? Looking for Credentials & Passwords |
| 2023-10-28/a> | Xavier Mertens | Size Matters for Many Security Controls |
| 2023-10-25/a> | Johannes Ullrich | Apple Patches Everything. Releases iOS 17.1, MacOS 14.1 and updates for older versions fixing exploited vulnerability |
| 2023-10-23/a> | Johannes Ullrich | How an AppleTV may take down your (#IPv6) network |
| 2023-10-20/a> | Yee Ching Tok | VMware Releases Security Patches for Fusion, Workstation and Aria Operations for Logs |
| 2023-10-18/a> | Jesse La Grew | Hiding in Hex |
| 2023-10-15/a> | Guy Bruneau | Domain Name Used as Password Captured by DShield Sensor |
| 2023-10-10/a> | Johannes Ullrich | October 2023 Microsoft Patch Tuesday Summary |
| 2023-10-09/a> | Didier Stevens | ZIP's DOSTIME & DOSDATE Formats |
| 2023-10-08/a> | Didier Stevens | Wireshark 4.2.0 First Release Candidate |
| 2023-10-07/a> | Jim Clausing | Wireshark releases 2 updates in one day. Mac users especially will want the latest. |
| 2023-09-30/a> | Xavier Mertens | Simple Netcat Backdoor in Python Script |
| 2023-09-29/a> | Xavier Mertens | Are You Still Storing Passwords In Plain Text Files? |
| 2023-09-26/a> | Johannes Ullrich | Apple Releases MacOS Sonoma Including Numerous Security Patches |
| 2023-09-24/a> | Didier Stevens | YARA Support for .LNK Files |
| 2023-09-23/a> | Guy Bruneau | Scanning for Laravel - a PHP Framework for Web Artisants |
| 2023-09-18/a> | Johannes Ullrich | Internet Wide Multi VPN Search From Single /24 Network |
| 2023-09-11/a> | Johannes Ullrich | Apple fixes 0-Day Vulnerability in Older Operating Systems |
| 2023-09-09/a> | Guy Bruneau | ?Anyone get the ASN of the Truck that Hit Me?!?: Creating a PowerShell Function to Make 3rd Party API Calls for Extending Honeypot Information [Guest Diary] |
| 2023-09-07/a> | Johannes Ullrich | Fleezeware/Scareware Advertised via Facebook Tags; Available in Apple App Store |
| 2023-09-07/a> | Johannes Ullrich | Apple Releases iOS/iPadOS 16.6.1, macOS 13.5.2, watchOS 9.6.2 fixing two zeroday vulnerabilities |
| 2023-09-05/a> | Jesse La Grew | Common usernames submitted to honeypots |
| 2023-09-02/a> | Jesse La Grew | What is the origin of passwords submitted to honeypots? |
| 2023-08-31/a> | Guy Bruneau | Potential Weaponizing of Honeypot Logs [Guest Diary] |
| 2023-08-28/a> | Johannes Ullrich | Home Office / Small Business Hurricane Prep |
| 2023-08-26/a> | Xavier Mertens | macOS: Who?s Behind This Network Connection? |
| 2023-08-25/a> | Xavier Mertens | Python Malware Using Postgresql for C2 Communications |
| 2023-08-23/a> | Xavier Mertens | More Exotic Excel Files Dropping AgentTesla |
| 2023-08-23/a> | Guy Bruneau | How I made a qwerty ?keyboard walk? password generator with ChatGPT [Guest Diary] |
| 2023-08-22/a> | Xavier Mertens | Have You Ever Heard of the Fernet Encryption Algorithm? |
| 2023-08-21/a> | Xavier Mertens | Quick Malware Triage With Inotify Tools |
| 2023-08-20/a> | Guy Bruneau | SystemBC Malware Activity |
| 2023-08-18/a> | Xavier Mertens | From a Zalando Phishing to a RAT |
| 2023-08-16/a> | Yee Ching Tok | A Gentle Reminder: The Evolving Nature of Digital Scams |
| 2023-08-12/a> | Guy Bruneau | DShield Sensor Monitoring with a Docker ELK Stack [Guest Diary] |
| 2023-08-11/a> | Xavier Mertens | Show me All Your Windows! |
| 2023-08-10/a> | Bojan Zdrnja | Some things never change ? such as SQL Authentication ?encryption? |
| 2023-08-04/a> | Xavier Mertens | Are Leaked Credentials Dumps Used by Attackers? |
| 2023-08-03/a> | Jan Kopriva | From small LNK to large malicious BAT file with zero VT score |
| 2023-07-29/a> | Xavier Mertens | Do Attackers Pay More Attention to IPv6? |
| 2023-07-28/a> | Xavier Mertens | ShellCode Hidden with Steganography |
| 2023-07-26/a> | Xavier Mertens | Suspicious IP Addresses Avoided by Malware Samples |
| 2023-07-23/a> | Guy Bruneau | Install & Configure Filebeat on Raspberry Pi ARM64 to Parse DShield Sensor Logs |
| 2023-07-21/a> | Rob VandenBrink | Shodan's API For The (Recon) Win! |
| 2023-07-18/a> | Johannes Ullrich | Exploit Attempts for "Stagil navigation for Jira Menus & Themes" CVE-2023-26255 and CVE-2023-26256 |
| 2023-07-13/a> | Jesse La Grew | DShield Honeypot Maintenance and Data Retention |
| 2023-07-12/a> | Brad Duncan | Loader activity for Formbook "QM18" |
| 2023-07-07/a> | Xavier Mertens | DSSuite (Didier's Toolbox) Docker Image Update |
| 2023-07-06/a> | Jesse La Grew | IDS Comparisons with DShield Honeypot Data |
| 2023-07-01/a> | Russ McRee | Sandfly Security |
| 2023-06-29/a> | Brad Duncan | GuLoader- or DBatLoader/ModiLoader-style infection for Remcos RAT |
| 2023-06-28/a> | Jan Kopriva | Kazakhstan - the world's last SSLv2 superpower... and a country with potentially vulnerable last-mile internet infrastructure |
| 2023-06-27/a> | Xavier Mertens | The Importance of Malware Triage |
| 2023-06-24/a> | Guy Bruneau | Email Spam with Attachment Modiloader |
| 2023-06-23/a> | Xavier Mertens | Word Document with an Online Attached Template |
| 2023-06-22/a> | Brad Duncan | Qakbot (Qbot) activity, obama271 distribution tag |
| 2023-06-22/a> | Johannes Ullrich | Apple Patches Exploited Vulnerabilities in iOS/iPadOS, macOS, watchOS and Safari |
| 2023-06-21/a> | Yee Ching Tok | Analyzing a YouTube Sponsorship Phishing Mail and Malware Targeting Content Creators |
| 2023-06-20/a> | Xavier Mertens | Malicious Code Can Be Anywhere |
| 2023-06-19/a> | Xavier Mertens | Malware Delivered Through .inf File |
| 2023-06-17/a> | Brad Duncan | Formbook from Possible ModiLoader (DBatLoader) |
| 2023-06-16/a> | Xavier Mertens | Another RAT Delivered Through VBS |
| 2023-06-15/a> | Yee Ching Tok | Supervision and Verification in Vulnerability Management |
| 2023-06-11/a> | Guy Bruneau | DShield Honeypot Activity for May 2023 |
| 2023-06-09/a> | Xavier Mertens | Undetected PowerShell Backdoor Disguised as a Profile File |
| 2023-06-05/a> | Johannes Ullrich | Brute Forcing Simple Archive Passwords |
| 2023-05-30/a> | Brad Duncan | Malspam pushes ModiLoader (DBatLoader) infection for Remcos RAT |
| 2023-05-30/a> | Johannes Ullrich | Your Business Data and Machine Learning at Risk: Attacks Against Apache NiFi |
| 2023-05-28/a> | Guy Bruneau | We Can no Longer Ignore the Cost of Cybersecurity |
| 2023-05-26/a> | Xavier Mertens | Using DFIR Techniques To Recover From Infrastructure Outages |
| 2023-05-24/a> | Jesse La Grew | More Data Enrichment for Cowrie Logs |
| 2023-05-24/a> | Tom Webb | IR Case/Alert Management |
| 2023-05-22/a> | Johannes Ullrich | Probes for recent ABUS Security Camera Vulnerability: Attackers keep an eye on everything. |
| 2023-05-20/a> | Xavier Mertens | Phishing Kit Collecting Victim's IP Address |
| 2023-05-19/a> | Xavier Mertens | When the Phisher Messes Up With Encoding |
| 2023-05-17/a> | Xavier Mertens | Increase in Malicious RAR SFX files |
| 2023-05-16/a> | Jesse La Grew | Signals Defense With Faraday Bags & Flipper Zero |
| 2023-05-15/a> | Jan Kopriva | Ongoing Facebook phishing campaign without a sender and (almost) without links |
| 2023-05-14/a> | Guy Bruneau | VMware Aria Operations addresses multiple Local Privilege Escalations and a Deserialization issue |
| 2023-05-09/a> | Russ McRee | Exploratory Data Analysis with CISSM Cyber Attacks Database - Part 2 |
| 2023-05-07/a> | Didier Stevens | Quickly Finding Encoded Payloads in Office Documents |
| 2023-05-04/a> | Xavier Mertens | Infostealer Embedded in a Word Document |
| 2023-05-03/a> | Xavier Mertens | Increased Number of Configuration File Scans |
| 2023-04-29/a> | Didier Stevens | Wireshark 4.0.5 Released |
| 2023-04-28/a> | Xavier Mertens | Quick IOC Scan With Docker |
| 2023-04-27/a> | Johannes Ullrich | SANS.edu Research Journal: Volume 3 |
| 2023-04-22/a> | Didier Stevens | YARA v4.3.1 Release |
| 2023-04-19/a> | Rob VandenBrink | Taking a Bite Out of Password Expiry Helpdesk Calls |
| 2023-04-17/a> | Jan Kopriva | The strange case of Great honeypot of China |
| 2023-04-12/a> | Brad Duncan | Recent IcedID (Bokbot) activity |
| 2023-04-09/a> | Didier Stevens | Chrome's Download Tab: Dangerous Files |
| 2023-04-08/a> | Xavier Mertens | Microsoft Netlogon: Potential Upcoming Impacts of CVE-2022-38023 |
| 2023-04-07/a> | Xavier Mertens | Detecting Suspicious API Usage with YARA Rules |
| 2023-04-07/a> | Johannes Ullrich | Apple Patching Two 0-Day Vulnerabilities in iOS and macOS |
| 2023-04-04/a> | Johannes Ullrich | Analyzing the efile.com Malware "efail" |
| 2023-04-03/a> | Johannes Ullrich | Tax Season Risks |
| 2023-04-02/a> | Didier Stevens | YARA v4.3.0 Release |
| 2023-03-31/a> | Jan Kopriva | Use of X-Frame-Options and CSP frame-ancestors security headers on 1 million most popular domains |
| 2023-03-30/a> | Xavier Mertens | Bypassing PowerShell Strong Obfuscation |
| 2023-03-28/a> | Jesse La Grew | Network Data Collector Placement Makes a Difference |
| 2023-03-27/a> | Johannes Ullrich | Apple Updates Everything (including Studio Display) |
| 2023-03-26/a> | Didier Stevens | Extra: "String Obfuscation: Character Pair Reversal" |
| 2023-03-25/a> | Guy Bruneau | Microsoft Released an Update for Windows Snipping Tool Vulnerability |
| 2023-03-22/a> | Didier Stevens | Windows 11 Snipping Tool Privacy Bug: Inspecting PNG Files |
| 2023-03-21/a> | Didier Stevens | String Obfuscation: Character Pair Reversal |
| 2023-03-20/a> | Xavier Mertens | From Phishing Kit To Telegram... or Not! |
| 2023-03-18/a> | Xavier Mertens | Old Backdoor, New Obfuscation |
| 2023-03-16/a> | Xavier Mertens | Simple Shellcode Dissection |
| 2023-03-12/a> | Guy Bruneau | AsynRAT Trojan - Bill Payment (Pago de la factura) |
| 2023-03-11/a> | Xavier Mertens | Overview of a Mirai Payload Generator |
| 2023-03-07/a> | Johannes Ullrich | Hackers Love This VSCode Extension: What You Can Do to Stay Safe |
| 2023-03-02/a> | Didier Stevens | YARA: Detect The Unexpected ... |
| 2023-03-01/a> | Xavier Mertens | Python Infostealer Targeting Gamers |
| 2023-02-28/a> | Brad Duncan | BB17 distribution Qakbot (Qbot) activity |
| 2023-02-25/a> | Didier Stevens | Crypto Inside a Browser |
| 2023-02-24/a> | Brad Duncan | URL files and WebDAV used for IcedID (Bokbot) infection |
| 2023-02-22/a> | Johannes Ullrich | Internet Wide Scan Fingerprinting Confluence Servers |
| 2023-02-21/a> | Xavier Mertens | Phishing Page Branded with Your Corporate Website |
| 2023-02-18/a> | Guy Bruneau | Spear Phishing Handlers for Username/Password |
| 2023-02-15/a> | Rob VandenBrink | DNS Recon Redux - Zone Transfers (plus a time machine) for When You Can't do a Zone Transfer |
| 2023-02-14/a> | Johannes Ullrich | Microsoft February 2023 Patch Tuesday |
| 2023-02-12/a> | Jesse La Grew | PCAP Data Analysis with Zeek |
| 2023-02-10/a> | Xavier Mertens | Obfuscated Deactivation of Script Block Logging |
| 2023-02-09/a> | Xavier Mertens | A Backdoor with Smart Screenshot Capability |
| 2023-02-06/a> | Johannes Ullrich | APIs Used by Bots to Detect Public IP address |
| 2023-02-05/a> | Didier Stevens | Video: Analyzing Malicious OneNote Documents |
| 2023-02-04/a> | Guy Bruneau | Assemblyline as a Malware Analysis Sandbox |
| 2023-02-03/a> | Jim Clausing | VMware workstation 17.0.1 fixes arbitrary file deletion issue - https://www.vmware.com/security/advisories/VMSA-2023-0003.html |
| 2023-02-01/a> | Didier Stevens | Detecting (Malicious) OneNote Files |
| 2023-02-01/a> | Jesse La Grew | Rotating Packet Captures with pfSense |
| 2023-01-31/a> | Jesse La Grew | DShield Honeypot Setup with pfSense |
| 2023-01-28/a> | Didier Stevens | Sysinternals Updates: RDCMan v2.92, Sysmon v14.14, and ZoomIt v6.12 |
| 2023-01-25/a> | Xavier Mertens | A First Malicious OneNote Document |
| 2023-01-24/a> | Johannes Ullrich | Apple Updates (almost) Everything: Patch Overview |
| 2023-01-23/a> | Xavier Mertens | Who's Resolving This Domain? |
| 2023-01-22/a> | Didier Stevens | Wireshark 4.0.3 Released |
| 2023-01-21/a> | Guy Bruneau | DShield Sensor JSON Log to Elasticsearch |
| 2023-01-19/a> | Jan Kopriva | SPF and DMARC use on 100k most popular domains |
| 2023-01-17/a> | Johannes Ullrich | Packet Tuesday: IPv6 Router Advertisements https://www.youtube.com/watch?v=uRWpB_lYIZ8 |
| 2023-01-16/a> | Johannes Ullrich | PSA: Why you must run an ad blocker when using Google |
| 2023-01-15/a> | Johannes Ullrich | Elon Musk Themed Crypto Scams Flooding YouTube Today |
| 2023-01-12/a> | Russ McRee | Prowler v3: AWS & Azure security assessments |
| 2023-01-11/a> | Jan Kopriva | Passive detection of internet-connected systems affected by vulnerabilities from the CISA KEV catalog |
| 2023-01-08/a> | Guy Bruneau | DShield Sensor JSON Log Analysis |
| 2023-01-07/a> | Didier Stevens | YARA v4.3.0-rc1 --skip-larger |
| 2023-01-06/a> | Xavier Mertens | AutoIT Remains Popular in the Malware Landscape |
| 2023-01-05/a> | Brad Duncan | More Brazil malspam pushing Astaroth (Guildma) in January 2023 |
| 2023-01-04/a> | Rob VandenBrink | Update to RTRBK - Diff and File Dates in PowerShell |
| 2023-01-02/a> | Xavier Mertens | NetworkMiner 2.8 Released |
| 2022-12-31/a> | Didier Stevens | YARA v4.3.0-rc1 --print-xor-key |
| 2022-12-30/a> | Jan Kopriva | SPF and DMARC use on GOV domains in different ccTLDs |
| 2022-12-29/a> | Jesse La Grew | Opening the Door for a Knock: Creating a Custom DShield Listener |
| 2022-12-28/a> | Rob VandenBrink | Playing with Powershell and JSON (and Amazon and Firewalls) |
| 2022-12-22/a> | Guy Bruneau | Exchange OWASSRF Exploited for Remote Code Execution |
| 2022-12-21/a> | Guy Bruneau | DShield Sensor Setup in Azure |
| 2022-12-19/a> | Xavier Mertens | Hunting for Mastodon Servers |
| 2022-12-18/a> | Guy Bruneau | Infostealer Malware with Double Extension |
| 2022-12-10/a> | Didier Stevens | Open Now: 2022 SANS Holiday Hack Challenge & KringleCon |
| 2022-12-07/a> | Jim Clausing | Wireshark 4.0.2 and 3.6.10 released |
| 2022-12-05/a> | Didier Stevens | VLC's Check For Updates: No Updates? |
| 2022-12-03/a> | Guy Bruneau | Linux LOLBins Applications Available in Windows |
| 2022-12-02/a> | Brad Duncan | obama224 distribution Qakbot tries .vhd (virtual hard disk) images |
| 2022-11-29/a> | Johannes Ullrich | Identifying Groups of "Bot" Accounts on LinkedIn |
| 2022-11-29/a> | Johannes Ullrich | Packet Tuesday Episode 3: TCP Urgent Flag. https://packettuesday.com |
| 2022-11-28/a> | Johannes Ullrich | Ukraine Themed Twitter Spam Pushing iOS Scareware |
| 2022-11-19/a> | Guy Bruneau | McAfee Fake Antivirus Phishing Campaign is Back! |
| 2022-11-14/a> | Jesse La Grew | Extracting 'HTTP CONNECT' Requests with Python |
| 2022-11-10/a> | Xavier Mertens | Do you collect "Observables" or "IOCs"? |
| 2022-11-09/a> | Xavier Mertens | Another Script-Based Ransomware |
| 2022-11-05/a> | Guy Bruneau | Windows Malware with VHD Extension |
| 2022-11-04/a> | Xavier Mertens | Remcos Downloader with Unicode Obfuscation |
| 2022-11-02/a> | Brad Duncan | Who put the "Dark" in DarkVNC? |
| 2022-11-02/a> | Rob VandenBrink | Breakpoints in Burp |
| 2022-10-31/a> | Rob VandenBrink | NMAP without NMAP - Port Testing and Scanning with PowerShell |
| 2022-10-30/a> | Didier Stevens | Sysinternals Updates: Process Explorer v17.0, Handle v5.0, Process Monitor v3.92 and Sysmon v14.11 |
| 2022-10-27/a> | Tom Webb | Supersizing your DUO and 365 Integration |
| 2022-10-24/a> | Xavier Mertens | C2 Communications Through outlook.com |
| 2022-10-22/a> | Didier Stevens | rtfdump's Find Option |
| 2022-10-21/a> | Brad Duncan | sczriptzzbn inject pushes malware for NetSupport RAT |
| 2022-10-19/a> | Xavier Mertens | Are Internet Scanning Services Good or Bad for You? |
| 2022-10-18/a> | Xavier Mertens | Python Obfuscation for Dummies |
| 2022-10-17/a> | Xavier Mertens | Fileless Powershell Dropper |
| 2022-10-16/a> | Didier Stevens | Video: Analysis of a Malicious HTML File (QBot) |
| 2022-10-15/a> | Guy Bruneau | Malware - Covid Vaccination Supplier Declaration |
| 2022-10-13/a> | Didier Stevens | Analysis of a Malicious HTML File (QBot) |
| 2022-10-11/a> | Johannes Ullrich | October 2022 Microsoft Patch Tuesday |
| 2022-10-10/a> | Didier Stevens | Wireshark: Specifying a Protocol Stack Layer in Display Filters |
| 2022-10-08/a> | Didier Stevens | Wireshark 4.0.0 Released |
| 2022-10-07/a> | Xavier Mertens | Powershell Backdoor with DGA Capability |
| 2022-10-07/a> | Xavier Mertens | Critical Fortinet Vulnerability Ahead |
| 2022-10-04/a> | Johannes Ullrich | Credential Harvesting with Telegram API |
| 2022-09-26/a> | Xavier Mertens | Easy Python Sandbox Detection |
| 2022-09-25/a> | Didier Stevens | Downloading Samples From Takendown Domains |
| 2022-09-24/a> | Didier Stevens | Maldoc Analysis Info On MalwareBazaar |
| 2022-09-23/a> | Xavier Mertens | Kids Like Cookies, Malware Too! |
| 2022-09-22/a> | Xavier Mertens | RAT Delivered Through FODHelper |
| 2022-09-21/a> | Xavier Mertens | Phishing Campaigns Use Free Online Resources |
| 2022-09-19/a> | Russ McRee | Chainsaw: Hunt, search, and extract event log records |
| 2022-09-18/a> | Didier Stevens | Video: Grep & Tail -f With Notepad++ |
| 2022-09-18/a> | Tom Webb | Preventing ISO Malware |
| 2022-09-16/a> | Didier Stevens | Word Maldoc With CustomXML and Renamed VBAProject.bin |
| 2022-09-15/a> | Xavier Mertens | Malicious Word Document with a Frameset |
| 2022-09-14/a> | Xavier Mertens | Easy Process Injection within Python |
| 2022-09-12/a> | Johannes Ullrich | VirusTotal Result Comparisons for Honeypot Malware |
| 2022-09-11/a> | Didier Stevens | Wireshark 3.6.8 and 4.0.0rc1 Released |
| 2022-09-10/a> | Guy Bruneau | Phishing Word Documents with Suspicious URL |
| 2022-09-09/a> | Didier Stevens | Maldoc With Decoy BASE64 |
| 2022-09-07/a> | Johannes Ullrich | PHP Deserialization Exploit attempt |
| 2022-09-06/a> | Didier Stevens | Analysis of an Encoded Cobalt Strike Beacon |
| 2022-09-05/a> | Didier Stevens | Quickie: Grep & Tail -f With Notepad++ |
| 2022-09-04/a> | Didier Stevens | Video: VBA Maldoc & UTF7 (APT-C-35) |
| 2022-09-03/a> | Didier Stevens | Video: James Webb JPEG With Malware |
| 2022-09-02/a> | Didier Stevens | James Webb JPEG With Malware |
| 2022-09-01/a> | Johannes Ullrich | Jolokia Scans: Possible Hunt for Vulnerable Apache Geode Servers (CVE-2022-37021) |
| 2022-08-31/a> | Johannes Ullrich | Underscores and DNS: The Privacy Story |
| 2022-08-30/a> | Johannes Ullrich | Two things that will never die: bash scripts and IRC! |
| 2022-08-29/a> | Didier Stevens | Update: VBA Maldoc & UTF7 (APT-C-35) |
| 2022-08-28/a> | Didier Stevens | Sysinternals Updates: Sysmon v14.0 and ZoomIt v6.01 |
| 2022-08-28/a> | Didier Stevens | Dealing With False Positives when Scanning Memory Dumps for Cobalt Strike Beacons |
| 2022-08-26/a> | Xavier Mertens | Paypal Phishing/Coinbase in One Image |
| 2022-08-26/a> | Guy Bruneau | HTTP/2 Packet Analysis with Wireshark |
| 2022-08-24/a> | Brad Duncan | Monster Libra (TA551/Shathak) --> IcedID (Bokbot) --> Cobalt Strike & DarkVNC |
| 2022-08-22/a> | Xavier Mertens | 32 or 64 bits Malware? |
| 2022-08-20/a> | Didier Stevens | YARA 4.2.3 Released |
| 2022-08-19/a> | Brad Duncan | Brazil malspam pushes Astaroth (Guildma) malware |
| 2022-08-17/a> | Johannes Ullrich | A Quick VoIP Experiment |
| 2022-08-17/a> | Johannes Ullrich | Apple Patches Two Exploited Vulnerabilities |
| 2022-08-16/a> | Didier Stevens | VBA Maldoc & UTF7 (APT-C-35) |
| 2022-08-14/a> | Johannes Ullrich | Realtek SDK SIP ALG Vulnerability: A Big Deal, but not much you can do about it. CVE 2022-27255 |
| 2022-08-13/a> | Guy Bruneau | Phishing HTML Attachment as Voicemail Audio Transcription |
| 2022-08-12/a> | Brad Duncan | Monster Libra (TA551/Shathak) pushes IcedID (Bokbot) with Dark VNC and Cobalt Strike |
| 2022-08-11/a> | Xavier Mertens | InfoStealer Script Based on Curl and NSudo |
| 2022-08-10/a> | Johannes Ullrich | And Here They Come Again: DNS Reflection Attacks |
| 2022-08-03/a> | Johannes Ullrich | l9explore and LeakIX Internet wide recon scans. |
| 2022-08-02/a> | Johannes Ullrich | A Little DDoS in the Morning - Followup |
| 2022-08-02/a> | Johannes Ullrich | Increase in Chinese "Hacktivism" Attacks |
| 2022-08-01/a> | Johannes Ullrich | A Little DDoS In the Morning |
| 2022-07-30/a> | Didier Stevens | Wireshark 3.6.7 Released |
| 2022-07-29/a> | Johannes Ullrich | PDF Analysis Intro and OpenActions Entries |
| 2022-07-28/a> | Johannes Ullrich | Exfiltrating Data With Bookmarks |
| 2022-07-27/a> | Brad Duncan | IcedID (Bokbot) with Dark VNC and Cobalt Strike |
| 2022-07-26/a> | Xavier Mertens | How is Your macOS Security Posture? |
| 2022-07-25/a> | Xavier Mertens | PowerShell Script with Fileless Capability |
| 2022-07-24/a> | Didier Stevens | Video: Maldoc: non-ASCII VBA Identifiers |
| 2022-07-23/a> | Guy Bruneau | Analysis of SSH Honeypot Data with PowerBI |
| 2022-07-22/a> | Yee Ching Tok | An Analysis of a Discerning Phishing Website |
| 2022-07-21/a> | Didier Stevens | Maldoc: non-ASCII VBA Identifiers |
| 2022-07-20/a> | Xavier Mertens | Malicious Python Script Behaving Like a Rubber Ducky |
| 2022-07-20/a> | Johannes Ullrich | Apple Patches Everything Day |
| 2022-07-19/a> | Johannes Ullrich | Requests For beacon.http-get. Help Us Figure Out What They Are Looking For |
| 2022-07-18/a> | Didier Stevens | Adding Your Own Keywords To My PDF Tools |
| 2022-07-13/a> | Xavier Mertens | Using Referers to Detect Phishing Attacks |
| 2022-07-10/a> | Guy Bruneau | Excel 4 Emotet Maldoc Analysis using CyberChef |
| 2022-07-07/a> | Brad Duncan | Emotet infection with Cobalt Strike |
| 2022-07-06/a> | Johannes Ullrich | How Many SANs are Insane? |
| 2022-07-05/a> | Jan Kopriva | EternalBlue 5 years after WannaCry and NotPetya |
| 2022-07-02/a> | Didier Stevens | YARA 4.2.2 Released |
| 2022-06-30/a> | Brad Duncan | Case Study: Cobalt Strike Server Lives on After Its Domain Is Suspended |
| 2022-06-28/a> | Johannes Ullrich | Possible Scans for HiByMusic Devices |
| 2022-06-26/a> | Didier Stevens | My Paste Command |
| 2022-06-26/a> | Didier Stevens | More Decoding Analysis |
| 2022-06-25/a> | Xavier Mertens | Malicious Code Passed to PowerShell via the Clipboard |
| 2022-06-24/a> | Xavier Mertens | Python (ab)using The Windows GUI |
| 2022-06-23/a> | Xavier Mertens | FLOSS 2.0 Has Been Released |
| 2022-06-22/a> | Xavier Mertens | Malicious PowerShell Targeting Cryptocurrency Browser Extensions |
| 2022-06-21/a> | Johannes Ullrich | Experimental New Domain / Domain Age API |
| 2022-06-20/a> | Johannes Ullrich | Odd TCP Fast Open Packets. Anybody understands why? |
| 2022-06-19/a> | Didier Stevens | Wireshark 3.6.6 Released |
| 2022-06-19/a> | Didier Stevens | Video: Decoding Obfuscated BASE64 Statistically |
| 2022-06-18/a> | Didier Stevens | Decoding Obfuscated BASE64 Statistically |
| 2022-06-17/a> | Brad Duncan | Malspam pushes Matanbuchus malware, leads to Cobalt Strike |
| 2022-06-16/a> | Xavier Mertens | Houdini is Back Delivered Through a JavaScript Dropper |
| 2022-06-15/a> | Johannes Ullrich | Terraforming Honeypots. Installing DShield Sensors in the Cloud |
| 2022-06-12/a> | Didier Stevens | Quickie: Follina, RTF & Explorer Preview Pane |
| 2022-06-10/a> | Russ McRee | EPSScall: An Exploit Prediction Scoring System App |
| 2022-06-09/a> | Brad Duncan | TA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt) |
| 2022-06-06/a> | Didier Stevens | "ms-msdt" RTF Maldoc Analysis: oledump Plugins |
| 2022-06-05/a> | Didier Stevens | Analysis Of An "ms-msdt" RTF Maldoc |
| 2022-06-04/a> | Guy Bruneau | Spam Email Contains a Very Large ISO file |
| 2022-06-03/a> | Xavier Mertens | Sandbox Evasion... With Just a Filename! |
| 2022-06-02/a> | Johannes Ullrich | Quick Answers in Incident Response: RECmd.exe |
| 2022-06-01/a> | Jan Kopriva | HTML phishing attachments - now with anti-analysis features |
| 2022-05-31/a> | Xavier Mertens | First Exploitation of Follina Seen in the Wild |
| 2022-05-29/a> | Didier Stevens | Extracting The Overlay Of A PE File |
| 2022-05-28/a> | Didier Stevens | Huge Signed PE File: Keeping The Signature |
| 2022-05-26/a> | Didier Stevens | Huge Signed PE File |
| 2022-05-25/a> | Rob VandenBrink | Using NMAP to Assess Hosts in Load Balanced Clusters |
| 2022-05-23/a> | Johannes Ullrich | Attacker Scanning for jQuery-File-Upload |
| 2022-05-20/a> | Xavier Mertens | A 'Zip Bomb' to Bypass Security Controls & Sandboxes |
| 2022-05-19/a> | Brad Duncan | Bumblebee Malware from TransferXL URLs |
| 2022-05-17/a> | Xavier Mertens | Use Your Browser Internal Password Vault... or Not? |
| 2022-05-16/a> | Johannes Ullrich | Apple Patches Everything |
| 2022-05-15/a> | Didier Stevens | Wireshark 3.6.5 Released |
| 2022-05-13/a> | Johannes Ullrich | From 0-Day to Mirai: 7 days of BIG-IP Exploits |
| 2022-05-11/a> | Brad Duncan | TA578 using thread-hijacked emails to push ISO files for Bumblebee malware |
| 2022-05-10/a> | Renato Marinho | Microsoft May 2022 Patch Tuesday |
| 2022-05-09/a> | Xavier Mertens | Octopus Backdoor is Back with a New Embedded Obfuscated Bat File |
| 2022-05-07/a> | Guy Bruneau | Phishing PDF Received in my ISC Mailbox |
| 2022-05-06/a> | Jan Kopriva | What is the simplest malware in the world? |
| 2022-05-05/a> | Brad Duncan | Password-protected Excel spreadsheet pushes Remcos RAT |
| 2022-05-03/a> | Johannes Ullrich | Some Honeypot Updates |
| 2022-05-03/a> | Rob VandenBrink | Finding the Real "Last Patched" Day (Interim Version) |
| 2022-05-02/a> | Didier Stevens | Detecting VSTO Office Files With ExifTool |
| 2022-04-30/a> | Didier Stevens | YARA 4.2.1 Released |
| 2022-04-29/a> | Rob VandenBrink | Using Passive DNS sources for Reconnaissance and Enumeration |
| 2022-04-27/a> | Jan Kopriva | MITRE ATT&CK v11 - a small update that can help (not just) with detection engineering |
| 2022-04-25/a> | Xavier Mertens | Simple PDF Linking to Malicious Content |
| 2022-04-24/a> | Didier Stevens | Analyzing a Phishing Word Document |
| 2022-04-23/a> | Guy Bruneau | Are Roku Streaming Devices Safe from Exploitation? |
| 2022-04-21/a> | Xavier Mertens | Multi-Cryptocurrency Clipboard Swapper |
| 2022-04-20/a> | Brad Duncan | "aa" distribution Qakbot (Qbot) infection with DarkVNC traffic |
| 2022-04-19/a> | Johannes Ullrich | Resetting Linux Passwords with U-Boot Bootloaders |
| 2022-04-17/a> | Didier Stevens | Video: Office Protects You From Malicious ISO Files |
| 2022-04-16/a> | Didier Stevens | Office Protects You From Malicious ISO Files |
| 2022-04-13/a> | Jan Kopriva | How is Ukrainian internet holding up during the Russian invasion? |
| 2022-04-10/a> | Didier Stevens | Video: Method For String Extraction Filtering |
| 2022-04-09/a> | Didier Stevens | Method For String Extraction Filtering |
| 2022-04-06/a> | Brad Duncan | Windows MetaStealer Malware |
| 2022-04-05/a> | Johannes Ullrich | WebLogic Crypto Miner Malware Disabling Alibaba Cloud Monitoring Tools |
| 2022-04-04/a> | Johannes Ullrich | Emptying the Phishtank: Are WordPress sites the Mosquitoes of the Internet? |
| 2022-03-31/a> | Johannes Ullrich | Spring Vulnerability Update - Exploitation Attempts CVE-2022-22965 |
| 2022-03-31/a> | Johannes Ullrich | Apple Patches Actively Exploited Vulnerability in macOS, iOS and iPadOS, |
| 2022-03-30/a> | Didier Stevens | Quickie: Parsing XLSB Documents |
| 2022-03-30/a> | Johannes Ullrich | Possible new Java Spring Framework Vulnerability (Updated: not a Spring problem) |
| 2022-03-30/a> | Johannes Ullrich | Java Springtime Confusion: What Vulnerability are We Talking About |
| 2022-03-29/a> | Johannes Ullrich | More Fake/Typosquatting Twitter Accounts Asking for Ukraine Crytocurrency Donations |
| 2022-03-27/a> | Didier Stevens | Wireshark 3.6.3 Released |
| 2022-03-27/a> | Didier Stevens | Video: Maldoc Cleaned by Anti-Virus |
| 2022-03-26/a> | Guy Bruneau | Is buying Cyber Insurance a Must Now? |
| 2022-03-25/a> | Xavier Mertens | XLSB Files: Because Binary is Stealthier Than XML |
| 2022-03-24/a> | Xavier Mertens | Malware Delivered Through Free Sharing Tool |
| 2022-03-23/a> | Brad Duncan | Arkei Variants: From Vidar to Mars Stealer |
| 2022-03-22/a> | Johannes Ullrich | Statement by President Biden: What you need to do (or not do) |
| 2022-03-20/a> | Didier Stevens | MGLNDD_* Scans |
| 2022-03-18/a> | Johannes Ullrich | Scans for Movable Type Vulnerability (CVE-2021-20837) |
| 2022-03-16/a> | Brad Duncan | Qakbot infection with Cobalt Strike and VNC activity |
| 2022-03-15/a> | Xavier Mertens | Clean Binaries with Suspicious Behaviour |
| 2022-03-14/a> | Johannes Ullrich | Apple Updates Everything: MacOS 12.3, XCode 13.3, tvOS 15.4, watchOS 8.5, iPadOS 15.4 and more |
| 2022-03-13/a> | Didier Stevens | YARA 4.2.0 Released |
| 2022-03-12/a> | Didier Stevens | ICMP Messages: Original Datagram Field |
| 2022-03-11/a> | Xavier Mertens | Keep an Eye on WebSockets |
| 2022-03-10/a> | Xavier Mertens | Credentials Leaks on VirusTotal |
| 2022-03-09/a> | Xavier Mertens | Infostealer in a Batch File |
| 2022-03-07/a> | Johannes Ullrich | No Bitcoin - No Problem: Follow Up to Last Weeks Donation Scam |
| 2022-03-06/a> | Didier Stevens | Video: TShark & Multiple IP Addresses |
| 2022-03-05/a> | Didier Stevens | oledump's Extra Option |
| 2022-03-04/a> | Johannes Ullrich | Scam E-Mail Impersonating Red Cross |
| 2022-03-02/a> | Johannes Ullrich | The More Often Something is Repeated, the More True It Becomes: Dealing with Social Media |
| 2022-02-28/a> | Didier Stevens | TShark & Multiple IP Addresses |
| 2022-02-26/a> | Guy Bruneau | Using Snort IDS Rules with NetWitness PacketDecoder |
| 2022-02-25/a> | Didier Stevens | Windows, Fixed IPv4 Addresses and APIPA |
| 2022-02-24/a> | Xavier Mertens | Ukraine & Russia Situation From a Domain Names Perspective |
| 2022-02-22/a> | Xavier Mertens | A Good Old Equation Editor Vulnerability Delivering Malware |
| 2022-02-20/a> | Didier Stevens | Video: YARA's Console Module |
| 2022-02-19/a> | Didier Stevens | Wireshark 3.6.2 Released |
| 2022-02-18/a> | Xavier Mertens | Remcos RAT Delivered Through Double Compressed Archive |
| 2022-02-16/a> | Brad Duncan | Astaroth (Guildma) infection |
| 2022-02-15/a> | Xavier Mertens | Who Are Those Bots? |
| 2022-02-13/a> | Guy Bruneau | DHL Spear Phishing to Capture Username/Password |
| 2022-02-11/a> | Xavier Mertens | CinaRAT Delivered Through HTML ID Attributes |
| 2022-02-10/a> | Johannes Ullrich | Zyxel Network Storage Devices Hunted By Mirai Variant |
| 2022-02-10/a> | Johannes Ullrich | iOS/iPadOS and MacOS Update: Single WebKit 0-Day Vulnerability Patched |
| 2022-02-09/a> | Brad Duncan | Example of Cobalt Strike from Emotet infection |
| 2022-02-07/a> | Johannes Ullrich | web3 phishing via self-customizing landing pages |
| 2022-02-05/a> | Didier Stevens | Power over Ethernet and Thermal Imaging |
| 2022-02-03/a> | Johannes Ullrich | Keeping Track of Your Attack Surface for Cheap |
| 2022-02-01/a> | Xavier Mertens | Automation is Nice But Don't Replace Your Knowledge |
| 2022-01-30/a> | Didier Stevens | YARA's Console Module |
| 2022-01-29/a> | Guy Bruneau | SIEM In this Decade, Are They Better than the Last? |
| 2022-01-27/a> | Johannes Ullrich | Apple Patches Everything |
| 2022-01-26/a> | Jan Kopriva | Over 20 thousand servers have their iLO interfaces exposed to the internet, many with outdated and vulnerable versions of FW |
| 2022-01-25/a> | Brad Duncan | Emotet Stops Using 0.0.0.0 in Spambot Traffic |
| 2022-01-22/a> | Xavier Mertens | Mixed VBA & Excel4 Macro In a Targeted Excel Sheet |
| 2022-01-21/a> | Xavier Mertens | Obscure Wininet.dll Feature? |
| 2022-01-20/a> | Xavier Mertens | RedLine Stealer Delivered Through FTP |
| 2022-01-18/a> | Jan Kopriva | Phishing e-mail with...an advertisement? |
| 2022-01-16/a> | Guy Bruneau | 10 Most Popular Targeted Ports in the Past 3 Weeks |
| 2022-01-11/a> | Johannes Ullrich | Microsoft Patch Tuesday - January 2022 |
| 2022-01-09/a> | Didier Stevens | Extracting Cobalt Strike Beacons from MSBuild Scripts |
| 2022-01-08/a> | Didier Stevens | TShark & jq |
| 2022-01-07/a> | Xavier Mertens | Custom Python RAT Builder |
| 2022-01-06/a> | Xavier Mertens | Malicious Python Script Targeting Chinese People |
| 2022-01-05/a> | Xavier Mertens | Code Reuse In the Malware Landscape |
| 2022-01-04/a> | Xavier Mertens | A Simple Batch File That Blocks People |
| 2022-01-03/a> | Xavier Mertens | McAfee Phishing Campaign with a Nice Fake Scan |
| 2022-01-02/a> | Guy Bruneau | Exchange Server - Email Trapped in Transport Queues |
| 2021-12-31/a> | Jan Kopriva | Do you want your Agent Tesla in the 300 MB or 8 kB package? |
| 2021-12-30/a> | Brad Duncan | Agent Tesla Updates SMTP Data Exfiltration Technique |
| 2021-12-28/a> | Russ McRee | LotL Classifier tests for shells, exfil, and miners |
| 2021-12-26/a> | Didier Stevens | Quicktip: TShark's Options -e and -T |
| 2021-12-25/a> | Didier Stevens | TShark Tip: Extracting Field Values From Capture Files |
| 2021-12-22/a> | Brad Duncan | December 2021 Forensic Contest: Answers and Analysis |
| 2021-12-21/a> | Xavier Mertens | More Undetected PowerShell Dropper |
| 2021-12-20/a> | Jan Kopriva | PowerPoint attachments, Agent Tesla and code reuse in malware |
| 2021-12-19/a> | Didier Stevens | Office 2021: VBA Project Version |
| 2021-12-18/a> | Guy Bruneau | VMware Security Update - https://www.vmware.com/security/advisories/VMSA-2021-0030.html |
| 2021-12-17/a> | Rob VandenBrink | DR Automation - Using Public DNS APIs |
| 2021-12-16/a> | Brad Duncan | How the "Contact Forms" campaign tricks people |
| 2021-12-15/a> | Xavier Mertens | Simple but Undetected PowerShell Backdoor |
| 2021-12-08/a> | Brad Duncan | December 2021 Forensic Challenge |
| 2021-12-06/a> | Xavier Mertens | The Importance of Out-of-Band Networks |
| 2021-12-04/a> | Guy Bruneau | A Review of Year 2021 |
| 2021-12-03/a> | Xavier Mertens | The UPX Packer Will Never Die! |
| 2021-12-02/a> | Brad Duncan | TA551 (Shathak) pushes IcedID (Bokbot) |
| 2021-12-01/a> | Xavier Mertens | Info-Stealer Using webhook.site to Exfiltrate Data |
| 2021-11-29/a> | Didier Stevens | Wireshark 3.6.0 Released |
| 2021-11-28/a> | Didier Stevens | Video: YARA Rules for Office Maldocs |
| 2021-11-27/a> | Didier Stevens | Video: SANS Holiday Hack Challenge 2021 Q&A with Ed Skoudis |
| 2021-11-26/a> | Guy Bruneau | Searching for Exposed ASUS Routers Vulnerable to CVE-2021-20090 |
| 2021-11-25/a> | Didier Stevens | YARA's Private Strings |
| 2021-11-23/a> | Didier Stevens | YARA Rule for OOXML Maldocs: Less False Positives |
| 2021-11-21/a> | Didier Stevens | Backdooring PAM |
| 2021-11-20/a> | Guy Bruneau | Hikvision Security Cameras Potentially Exposed to Remote Code Execution |
| 2021-11-19/a> | Xavier Mertens | Downloader Disguised as Excel Add-In (XLL) |
| 2021-11-18/a> | Xavier Mertens | JavaScript Downloader Delivers Agent Tesla Trojan |
| 2021-11-16/a> | Brad Duncan | Emotet Returns |
| 2021-11-15/a> | Rob VandenBrink | Changing your AD Password Using the Clipboard - Not as Easy as You'd Think! |
| 2021-11-14/a> | Didier Stevens | Video: Obfuscated Maldoc: Reversed BASE64 |
| 2021-11-14/a> | Didier Stevens | External Email System FBI Compromised: Sending Out Fake Warnings |
| 2021-11-11/a> | Johannes Ullrich | In Memory of Alan Paller |
| 2021-11-10/a> | Xavier Mertens | Shadow IT Makes People More Vulnerable to Phishing |
| 2021-11-08/a> | Xavier Mertens | (Ab)Using Security Tools & Controls for the Bad |
| 2021-11-07/a> | Didier Stevens | Video: Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory |
| 2021-11-06/a> | Didier Stevens | Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory |
| 2021-11-04/a> | Brad Duncan | October 2021 Forensic Contest: Answers and Analysis |
| 2021-11-04/a> | Tom Webb | Xmount for Disk Images |
| 2021-11-01/a> | Yee Ching Tok | Revisiting BrakTooth: Two Months Later |
| 2021-10-31/a> | Didier Stevens | Sysinternals: Autoruns and Sysmon updates |
| 2021-10-31/a> | Didier Stevens | Video: Phishing ZIP With Malformed Filename |
| 2021-10-30/a> | Guy Bruneau | Remote Desktop Protocol (RDP) Discovery |
| 2021-10-28/a> | Yee Ching Tok | Multiple Apple Patches for October 2021 |
| 2021-10-26/a> | Yee Ching Tok | Hunting for Phishing Sites Masquerading as Outlook Web Access |
| 2021-10-25/a> | Didier Stevens | Decrypting Cobalt Strike Traffic With a "Leaked" Private Key |
| 2021-10-24/a> | Didier Stevens | Phishing ZIP With Malformed Filename |
| 2021-10-22/a> | Brad Duncan | October 2021 Contest: Forensic Challenge |
| 2021-10-21/a> | Brad Duncan | "Stolen Images Evidence" campaign pushes Sliver-based malware |
| 2021-10-20/a> | Xavier Mertens | Thanks to COVID-19, New Types of Documents are Lost in The Wild |
| 2021-10-18/a> | Xavier Mertens | Malicious PowerShell Using Client Certificate Authentication |
| 2021-10-16/a> | Guy Bruneau | Apache is Actively Scan for CVE-2021-41773 & CVE-2021-42013 |
| 2021-10-14/a> | Xavier Mertens | Port-Forwarding with Windows for the Win |
| 2021-10-13/a> | Johannes Ullrich | Please fix your E-Mail Brute forcing tool! |
| 2021-10-10/a> | Didier Stevens | Wireshark 3.4.9 Released |
| 2021-10-09/a> | Guy Bruneau | Scanning for Previous Oracle WebLogic Vulnerabilities |
| 2021-10-08/a> | Rob VandenBrink | Sorting Things Out - Sorting Data by IP Address |
| 2021-10-07/a> | Johannes Ullrich | Who Is Hunting For Your IPTV Set-Top Box? |
| 2021-10-06/a> | Johannes Ullrich | Apache 2.4.49 Directory Traversal Vulnerability (CVE-2021-41773) |
| 2021-10-04/a> | Johannes Ullrich | Boutique "Dark" Botnet Hunting for Crumbs |
| 2021-10-04/a> | Johannes Ullrich | Facebook Outage: Yes, its DNS (sort of). A super quick analysis of what is going on. |
| 2021-10-03/a> | Didier Stevens | Video: CVE-2021-40444 Maldocs: Extracting URLs |
| 2021-10-01/a> | Xavier Mertens | New Tool to Add to Your LOLBAS List: cvtres.exe |
| 2021-09-28/a> | Jan Kopriva | TLS 1.3 and SSL - the current state of affairs |
| 2021-09-25/a> | Didier Stevens | Strings Analysis: VBA & Excel4 Maldoc |
| 2021-09-25/a> | Didier Stevens | Video: Strings Analysis: VBA & Excel4 Maldoc |
| 2021-09-24/a> | Xavier Mertens | Keep an Eye on Your Users Mobile Devices (Simple Inventory) |
| 2021-09-23/a> | Xavier Mertens | Excel Recipe: Some VBA Code with a Touch of Excel4 Macro |
| 2021-09-22/a> | Didier Stevens | An XML-Obfuscated Office Document (CVE-2021-40444) |
| 2021-09-21/a> | Johannes Ullrich | A First Look at Apple's iOS 15 "Private Relay" feature. |
| 2021-09-20/a> | Johannes Ullrich | #OMIGOD Exploits Captured in the Wild. Researchers responsible for half of scans for related ports. |
| 2021-09-19/a> | Didier Stevens | Video: Simple Analysis Of A CVE-2021-40444 .docx Document |
| 2021-09-18/a> | Didier Stevens | Simple Analysis Of A CVE-2021-40444 .docx Document |
| 2021-09-17/a> | Xavier Mertens | Malicious Calendar Subscriptions Are Back? |
| 2021-09-16/a> | Jan Kopriva | Phishing 101: why depend on one suspicious message subject when you can use many? |
| 2021-09-15/a> | Brad Duncan | Hancitor campaign abusing Microsoft's OneDrive |
| 2021-09-14/a> | Renato Marinho | Microsoft September 2021 Patch Tuesday |
| 2021-09-11/a> | Guy Bruneau | Shipping to Elasticsearch Microsoft DNS Logs |
| 2021-09-09/a> | Johannes Ullrich | Updates to Our Datafeeds/API |
| 2021-09-08/a> | Brad Duncan | "Stolen Images Evidence" Campaign Continues Pushing BazarLoader Malware |
| 2021-09-08/a> | Johannes Ullrich | Microsoft Offers Workaround for 0-Day Office Vulnerability (CVE-2021-40444) |
| 2021-09-07/a> | Johannes Ullrich | Why I Gave Up on IPv6. And no, it is not because of security issues. |
| 2021-09-02/a> | Xavier Mertens | Attackers Will Always Abuse Major Events in our Lifes |
| 2021-09-01/a> | Brad Duncan | STRRAT: a Java-based RAT that doesn't care if you have Java |
| 2021-08-31/a> | Yee Ching Tok | BrakTooth: Impacts, Implications and Next Steps |
| 2021-08-30/a> | Xavier Mertens | Cryptocurrency Clipboard Swapper Delivered With Love |
| 2021-08-29/a> | Guy Bruneau | Filter JSON Data by Value with Linux jq |
| 2021-08-24/a> | Johannes Ullrich | Attackers Hunting For Twilio Credentials |
| 2021-08-21/a> | Didier Stevens | New Versions Of Sysinternals Tools |
| 2021-08-20/a> | Xavier Mertens | Waiting for the C2 to Show Up |
| 2021-08-19/a> | Johannes Ullrich | When Lightning Strikes. What works and doesn't work. |
| 2021-08-17/a> | Johannes Ullrich | Laravel (<=v8.4.2) exploit attempts for CVE-2021-3129 (debug mode: Remote code execution) |
| 2021-08-15/a> | Didier Stevens | Simple Tips For Triage Of MALWARE Bazaar's Daily Malware Batches |
| 2021-08-13/a> | Brad Duncan | Example of Danabot distributed through malspam |
| 2021-08-13/a> | Guy Bruneau | Scanning for Microsoft Exchange eDiscovery |
| 2021-08-11/a> | Brad Duncan | TA551 (Shathak) continues pushing BazarLoader, infections lead to Cobalt Strike |
| 2021-08-09/a> | Jan Kopriva | ProxyShell - how many Exchange servers are affected and where are they? |
| 2021-08-07/a> | Didier Stevens | MALWARE Bazaar "Download daily malware batches" |
| 2021-08-06/a> | Xavier Mertens | Malicious Microsoft Word Remains A Key Infection Vector |
| 2021-08-04/a> | Yee Ching Tok | Pivoting and Hunting for Shenanigans from a Reported Phishing Domain |
| 2021-08-03/a> | Johannes Ullrich | Three Problems with Two Factor Authentication |
| 2021-08-02/a> | Didier Stevens | Changing BAT Files On The Fly |
| 2021-08-01/a> | Didier Stevens | procdump Version 10.1 |
| 2021-07-31/a> | Guy Bruneau | Unsolicited DNS Queries |
| 2021-07-30/a> | Xavier Mertens | Infected With a .reg File |
| 2021-07-29/a> | Xavier Mertens | Malicious Content Delivered Through archive.org |
| 2021-07-26/a> | Didier Stevens | Failed Malspam: Recovering The Password |
| 2021-07-25/a> | Didier Stevens | Wireshark 3.4.7 Released |
| 2021-07-24/a> | Bojan Zdrnja | Active Directory Certificate Services (ADCS - PKI) domain admin vulnerability |
| 2021-07-24/a> | Xavier Mertens | Agent.Tesla Dropped via a .daa Image and Talking to Telegram |
| 2021-07-21/a> | Johannes Ullrich | "Summer of SAM": Microsoft Releases Guidance for CVE-2021-36934 |
| 2021-07-20/a> | Bojan Zdrnja | Summer of SAM - incorrect permissions on Windows 10/11 hives |
| 2021-07-18/a> | Didier Stevens | Video: CyberChef BASE85 Decoding |
| 2021-07-17/a> | Didier Stevens | BASE85 Decoding With base64dump.py |
| 2021-07-16/a> | Xavier Mertens | Multiple BaseXX Obfuscations |
| 2021-07-14/a> | Jan Kopriva | One way to fail at malspam - give recipients the wrong password for an encrypted attachment |
| 2021-07-10/a> | Guy Bruneau | Scanning for Microsoft Secure Socket Tunneling Protocol |
| 2021-07-09/a> | Brad Duncan | Hancitor tries XLL as initial malware file |
| 2021-07-06/a> | Xavier Mertens | Python DLL Injection Check |
| 2021-07-04/a> | Didier Stevens | DIY CD/DVD Destruction - Follow Up |
| 2021-07-03/a> | Didier Stevens | Finding Strings With oledump.py |
| 2021-07-02/a> | Xavier Mertens | "inception.py"... Multiple Base64 Encodings |
| 2021-07-02/a> | Xavier Mertens | Kaseya VSA Users Hit by Ransomware |
| 2021-06-30/a> | Johannes Ullrich | CVE-2021-1675: Incomplete Patch and Leaked RCE Exploit |
| 2021-06-30/a> | Brad Duncan | June 2021 Forensic Contest: Answers and Analysis |
| 2021-06-28/a> | Didier Stevens | CFBF Files Strings Analysis |
| 2021-06-27/a> | Didier Stevens | DIY CD/DVD Destruction |
| 2021-06-26/a> | Guy Bruneau | CVE-2019-9670: Zimbra Collaboration Suite XXE vulnerability |
| 2021-06-25/a> | Jim Clausing | Is this traffic bAD? |
| 2021-06-24/a> | Xavier Mertens | Do you Like Cookies? Some are for sale! |
| 2021-06-23/a> | Johannes Ullrich | Standing With Security Researchers Against Misuse of the DMCA |
| 2021-06-21/a> | Rick Wanner | Mitre CWE - Common Weakness Enumeration |
| 2021-06-20/a> | Didier Stevens | Video: oledump Cheat Sheet |
| 2021-06-19/a> | Xavier Mertens | Easy Access to the NIST RDS Database |
| 2021-06-18/a> | Daniel Wesemann | Network Forensics on Azure VMs (Part #2) |
| 2021-06-17/a> | Daniel Wesemann | Network Forensics on Azure VMs (Part #1) |
| 2021-06-15/a> | Johannes Ullrich | Multi Perimeter Device Exploit Mirai Version Hunting For Sonicwall, DLink, Cisco and more |
| 2021-06-12/a> | Guy Bruneau | Fortinet Targeted for Unpatched SSL VPN Discovery Activity |
| 2021-06-11/a> | Xavier Mertens | Keeping an Eye on Dangerous Python Modules |
| 2021-06-11/a> | Xavier Mertens | Sonicwall SRA 4600 Targeted By an Old Vulnerability |
| 2021-06-09/a> | Jan Kopriva | Architecture, compilers and black magic, or "what else affects the ability of AVs to detect malicious files" |
| 2021-06-07/a> | Johannes Ullrich | Amazon Sidewalk: Cutting Through the Hype |
| 2021-06-04/a> | Xavier Mertens | Russian Dolls VBS Obfuscation |
| 2021-06-02/a> | Jim Clausing | Wireshark 3.4.6 (and 3.2.14) released |
| 2021-05-31/a> | Rick Wanner | Quick and dirty Python: nmap |
| 2021-05-30/a> | Didier Stevens | YARA Release v4.1.1 |
| 2021-05-30/a> | Didier Stevens | Sysinternals: Procmon, Sysmon, TcpView and Process Explorer update |
| 2021-05-30/a> | Didier Stevens | Video: Cobalt Strike & DNS - Part 1 |
| 2021-05-29/a> | Guy Bruneau | Spear-phishing Email Targeting Outlook Mail Clients |
| 2021-05-28/a> | Xavier Mertens | Malicious PowerShell Hosted on script.google.com |
| 2021-05-27/a> | Jan Kopriva | All your Base are...nearly equal when it comes to AV evasion, but 64-bit executables are not |
| 2021-05-23/a> | Didier Stevens | Video: Making Sense Of Encrypted Cobalt Strike Traffic |
| 2021-05-22/a> | Xavier Mertens | "Serverless" Phishing Campaign |
| 2021-05-21/a> | Xavier Mertens | Locking Kernel32.dll As Anti-Debugging Technique |
| 2021-05-20/a> | Johannes Ullrich | Are Cookie Banners a Waste of Time or a Complete Waste of Time? |
| 2021-05-19/a> | Brad Duncan | May 2021 Forensic Contest: Answers and Analysis |
| 2021-05-18/a> | Xavier Mertens | From RunDLL32 to JavaScript then PowerShell |
| 2021-05-17/a> | Daniel Wesemann | Ransomware Defenses |
| 2021-05-14/a> | Xavier Mertens | "Open" Access to Industrial Systems Interface is Also Far From Zero |
| 2021-05-12/a> | Jan Kopriva | Number of industrial control systems on the internet is lower then in 2020...but still far from zero |
| 2021-05-10/a> | Johannes Ullrich | Correctly Validating IP Addresses: Why encoding matters for input validation. |
| 2021-05-08/a> | Guy Bruneau | Who is Probing the Internet for Research Purposes? |
| 2021-05-07/a> | Daniel Wesemann | Exposed Azure Storage Containers |
| 2021-05-06/a> | Xavier Mertens | Alternative Ways To Perform Basic Tasks |
| 2021-05-05/a> | Brad Duncan | May 2021 Forensic Contest |
| 2021-05-04/a> | Rick Wanner | Important Apple Updates |
| 2021-05-04/a> | Rick Wanner | Quick and dirty Python: masscan |
| 2021-05-02/a> | Didier Stevens | PuTTY And FileZilla Use The Same Fingerprint Registry Keys |
| 2021-04-29/a> | Xavier Mertens | From Python to .Net |
| 2021-04-28/a> | Xavier Mertens | Deeper Analyzis of my Last Malicious PowerPoint Add-On |
| 2021-04-26/a> | Didier Stevens | CAD: .DGN and .MVBA Files |
| 2021-04-25/a> | Didier Stevens | Wireshark 3.4.5 Released |
| 2021-04-24/a> | Guy Bruneau | Base64 Hashes Used in Web Scanning |
| 2021-04-23/a> | Xavier Mertens | Malicious PowerPoint Add-On: "Small Is Beautiful" |
| 2021-04-22/a> | Xavier Mertens | How Safe Are Your Docker Images? |
| 2021-04-19/a> | Jan Kopriva | Hunting phishing websites with favicon hashes |
| 2021-04-18/a> | Didier Stevens | Decoding Cobalt Strike Traffic |
| 2021-04-16/a> | Xavier Mertens | HTTPS Support for All Internal Services |
| 2021-04-16/a> | Rick Wanner | Querying Spamhaus for IP reputation |
| 2021-04-15/a> | Johannes Ullrich | Why and How You Should be Using an Internal Certificate Authority |
| 2021-04-13/a> | Richard Porter | Microsoft April 2021 Patch Tuesday |
| 2021-04-12/a> | Didier Stevens | Example of Cleartext Cobalt Strike Traffic (Thanks Brad) |
| 2021-04-10/a> | Guy Bruneau | Building an IDS Sensor with Suricata & Zeek with Logs to ELK |
| 2021-04-09/a> | Xavier Mertens | No Python Interpreter? This Simple RAT Installs Its Own Copy |
| 2021-04-08/a> | Xavier Mertens | Simple Powershell Ransomware Creating a 7Z Archive of your Files |
| 2021-04-06/a> | Jan Kopriva | Malspam with Lokibot vs. Outlook and RFCs |
| 2021-04-03/a> | Didier Stevens | Video: YARA and CyberChef |
| 2021-04-02/a> | Xavier Mertens | C2 Activity: Sandboxes or Real Victims? |
| 2021-04-01/a> | Brad Duncan | April 2021 Forensic Quiz |
| 2021-03-31/a> | Xavier Mertens | Quick Analysis of a Modular InfoStealer |
| 2021-03-30/a> | Jan Kopriva | Old TLS versions - gone, but not forgotten... well, not really "gone" either |
| 2021-03-19/a> | Xavier Mertens | Pastebin.com Used As a Simple C2 Channel |
| 2021-03-18/a> | Xavier Mertens | Simple Python Keylogger |
| 2021-03-17/a> | Xavier Mertens | Defenders, Know Your Operating System Like Attackers Do! |
| 2021-03-16/a> | Jan Kopriva | 50 years of malware? Not really. 50 years of computer worms? That's a different story... |
| 2021-03-15/a> | Didier Stevens | Finding Metasploit & Cobalt Strike URLs |
| 2021-03-14/a> | Didier Stevens | Wireshark 3.4.4 Released |
| 2021-03-12/a> | Guy Bruneau | Microsoft DHCP Logs Shipped to ELK |
| 2021-03-11/a> | Johannes Ullrich | Piktochart - Phishing with Infographics |
| 2021-03-10/a> | Rob VandenBrink | SharpRDP - PSExec without PSExec, PSRemoting without PowerShell |
| 2021-03-07/a> | Didier Stevens | PCAPs and Beacons |
| 2021-03-06/a> | Xavier Mertens | Spotting the Red Team on VirusTotal! |
| 2021-03-05/a> | Xavier Mertens | Spam Farm Spotted in the Wild |
| 2021-03-04/a> | Xavier Mertens | From VBS, PowerShell, C Sharp, Process Hollowing to RAT |
| 2021-03-03/a> | Brad Duncan | Qakbot infection with Cobalt Strike |
| 2021-03-03/a> | Johannes Ullrich | Microsoft Releases Exchange Emergency Patch to Fix Actively Exploited Vulnerability |
| 2021-03-02/a> | Russ McRee | Adversary Simulation with Sim |
| 2021-02-28/a> | Didier Stevens | Maldocs: Protection Passwords |
| 2021-02-26/a> | Guy Bruneau | Pretending to be an Outlook Version Update |
| 2021-02-25/a> | Daniel Wesemann | Forensicating Azure VMs |
| 2021-02-25/a> | Jim Clausing | So where did those Satori attacks come from? |
| 2021-02-24/a> | Brad Duncan | Malspam pushes GuLoader for Remcos RAT |
| 2021-02-23/a> | Jan Kopriva | Qakbot in a response to Full Disclosure post |
| 2021-02-22/a> | Didier Stevens | Unprotecting Malicious Documents For Inspection |
| 2021-02-21/a> | Didier Stevens | DDE and oledump |
| 2021-02-20/a> | Didier Stevens | Quickie: Extracting HTTP URLs With tshark |
| 2021-02-19/a> | Xavier Mertens | Dynamic Data Exchange (DDE) is Back in the Wild? |
| 2021-02-17/a> | Xavier Mertens | The new "LinkedInSecureMessage" ? |
| 2021-02-17/a> | Brad Duncan | Malspam pushing Trickbot gtag rob13 |
| 2021-02-16/a> | Jim Clausing | More weirdness on TCP port 26 |
| 2021-02-15/a> | Johannes Ullrich | Securing and Optimizing Networks: Using pfSense Traffic Shaper Limiters to Combat Bufferbloat |
| 2021-02-14/a> | Didier Stevens | Video: tshark & Malware Analysis |
| 2021-02-13/a> | Guy Bruneau | vSphere Replication updates address a command injection vulnerability (CVE-2021-21976) - https://www.vmware.com/security/advisories/VMSA-2021-0001.html |
| 2021-02-13/a> | Guy Bruneau | Using Logstash to Parse IPtables Firewall Logs |
| 2021-02-12/a> | Xavier Mertens | AgentTesla Dropped Through Automatic Click in Microsoft Help File |
| 2021-02-11/a> | Jan Kopriva | Agent Tesla hidden in a historical anti-malware tool |
| 2021-02-10/a> | Brad Duncan | Phishing message to the ISC handlers email distro |
| 2021-02-08/a> | Didier Stevens | Quickie: tshark & Malware Analysis |
| 2021-02-06/a> | Didier Stevens | YARA v4.0.5 |
| 2021-02-05/a> | Xavier Mertens | VBA Macro Trying to Alter the Application Menus |
| 2021-02-04/a> | Bojan Zdrnja | Abusing Google Chrome extension syncing for data exfiltration and C&C |
| 2021-02-03/a> | Brad Duncan | Excel spreadsheets push SystemBC malware |
| 2021-02-02/a> | Xavier Mertens | New Example of XSL Script Processing aka "Mitre T1220" |
| 2021-02-01/a> | Rob VandenBrink | Taking a Shot at Reverse Shell Attacks, CNC Phone Home and Data Exfil from Servers |
| 2021-01-31/a> | Didier Stevens | YARA v4.0.4 |
| 2021-01-30/a> | Guy Bruneau | PacketSifter as Network Parsing and Telemetry Tool |
| 2021-01-30/a> | Guy Bruneau | Wireshark 3.2.11 is now available which contains Bug Fixes - https://www.wireshark.org |
| 2021-01-29/a> | Xavier Mertens | Sensitive Data Shared with Cloud Services |
| 2021-01-27/a> | Jan Kopriva | TriOp - tool for gathering (not just) security-related data from Shodan.io (tool drop) |
| 2021-01-26/a> | Brad Duncan | TA551 (Shathak) Word docs push Qakbot (Qbot) |
| 2021-01-25/a> | Rob VandenBrink | Fun with NMAP NSE Scripts and DOH (DNS over HTTPS) |
| 2021-01-24/a> | Didier Stevens | Video: Doc & RTF Malicious Document |
| 2021-01-23/a> | Didier Stevens | CyberChef: Analyzing OOXML Files for URLs |
| 2021-01-22/a> | Xavier Mertens | Another File Extension to Block in your MTA: .jnlp |
| 2021-01-21/a> | Xavier Mertens | Powershell Dropping a REvil Ransomware |
| 2021-01-20/a> | Brad Duncan | Qakbot activity resumes after holiday break |
| 2021-01-19/a> | Russ McRee | Gordon for fast cyber reputation checks |
| 2021-01-18/a> | Didier Stevens | Doc & RTF Malicious Document |
| 2021-01-18/a> | Rob VandenBrink | The CIS Benchmark for Cisco Nexus (NX-OS) 1.0 went live last week, find it here: https://www.cisecurity.org/cis-benchmarks/ |
| 2021-01-17/a> | Didier Stevens | New Release of Sysmon Adding Detection for Process Tampering |
| 2021-01-14/a> | Bojan Zdrnja | Dynamically analyzing a heavily obfuscated Excel 4 macro malicious file |
| 2021-01-13/a> | Brad Duncan | Hancitor activity resumes after a hoilday break |
| 2021-01-11/a> | Rob VandenBrink | Using the NVD Database and API to Keep Up with Vulnerabilities and Patches - Tool Drop: CVEScan (Part 3 of 3) |
| 2021-01-10/a> | Didier Stevens | Maldoc Analysis With CyberChef |
| 2021-01-09/a> | Didier Stevens | Maldoc Strings Analysis |
| 2021-01-07/a> | Rob VandenBrink | Using the NIST Database and API to Keep Up with Vulnerabilities and Patches (Part 1 of 3) |
| 2021-01-07/a> | Rob VandenBrink | Directly related to today's main story on CPE/CVEs - Code Exec in Cisco Jabber, all platforms https://nvd.nist.gov/vuln/detail/CVE-2020-26085 |
| 2021-01-06/a> | Johannes Ullrich | Scans for Zyxel Backdoors are Commencing. |
| 2021-01-05/a> | Johannes Ullrich | Netfox Detective: An Alternative Open-Source Packet Analysis Tool |
| 2021-01-04/a> | Jan Kopriva | From a small BAT file to Mass Logger infostealer |
| 2021-01-02/a> | Guy Bruneau | Protecting Home Office and Enterprise in 2021 |
| 2020-12-30/a> | Jan Kopriva | TLS 1.3 is now supported by about 1 in every 5 HTTPS servers |
| 2020-12-29/a> | Jan Kopriva | Want to know what's in a folder you don't have a permission to access? Try asking your AV solution... |
| 2020-12-26/a> | Didier Stevens | base64dump.py Supported Encodings |
| 2020-12-24/a> | Xavier Mertens | Malicious Word Document Delivering an Octopus Backdoor |
| 2020-12-22/a> | Xavier Mertens | Malware Victim Selection Through WiFi Identification |
| 2020-12-20/a> | Didier Stevens | Wireshark 3.4.2 Released |
| 2020-12-19/a> | Guy Bruneau | Secure Communication using TLS in Elasticsearch |
| 2020-12-17/a> | Daniel Wesemann | "Amazon" invoice that asks to call 1-866-335-0659 "to cancel" an order that you never made is (obviously) a #scam |
| 2020-12-16/a> | Daniel Wesemann | DNS Logs in Public Clouds |
| 2020-12-15/a> | Didier Stevens | Analyzing FireEye Maldocs |
| 2020-12-14/a> | Johannes Ullrich | SolarWinds Breach Used to Infiltrate Customer Networks (Solarigate) |
| 2020-12-13/a> | Didier Stevens | Wireshark 3.4.1 Released |
| 2020-12-10/a> | Xavier Mertens | Python Backdoor Talking to a C2 Through Ngrok |
| 2020-12-10/a> | John Bambenek | Writing Yara Rules for Fun and Profit: Notes from the FireEye Breach Countermeasures |
| 2020-12-09/a> | Brad Duncan | Recent Qakbot (Qbot) activity |
| 2020-12-08/a> | Johannes Ullrich | December 2020 Microsoft Patch Tuesday: Exchange, Sharepoint, Dynamics and DNS Spoofing |
| 2020-12-07/a> | Didier Stevens | Corrupt BASE64 Strings: Detection and Decoding |
| 2020-12-06/a> | Didier Stevens | oledump's Indicators (video) |
| 2020-12-05/a> | Guy Bruneau | Is IP 91.199.118.137 testing Access to aahwwx.52host.xyz? |
| 2020-12-04/a> | Guy Bruneau | Detecting Actors Activity with Threat Intel |
| 2020-12-03/a> | Brad Duncan | Traffic Analysis Quiz: Mr Natural |
| 2020-11-30/a> | Didier Stevens | Decrypting PowerShell Payloads (video) |
| 2020-11-29/a> | Didier Stevens | Quick Tip: Using JARM With a SOCKS Proxy |
| 2020-11-25/a> | Xavier Mertens | Live Patching Windows API Calls Using PowerShell |
| 2020-11-23/a> | Didier Stevens | Quick Tip: Cobalt Strike Beacon Analysis |
| 2020-11-22/a> | Didier Stevens | Quick Tip: Extracting all VBA Code from a Maldoc - JSON Format |
| 2020-11-21/a> | Guy Bruneau | VMware privilege escalation vulnerabilities (CVE-2020-4004, CVE-2020-4005) - https://www.vmware.com/security/advisories/VMSA-2020-0026.html |
| 2020-11-20/a> | Xavier Mertens | Malicious Python Code and LittleSnitch Detection |
| 2020-11-19/a> | Xavier Mertens | PowerShell Dropper Delivering Formbook |
| 2020-11-18/a> | Xavier Mertens | When Security Controls Lead to Security Issues |
| 2020-11-16/a> | Jan Kopriva | Heartbleed, BlueKeep and other vulnerabilities that didn't disappear just because we don't talk about them anymore |
| 2020-11-15/a> | Didier Stevens | oledump's ! Indicator |
| 2020-11-13/a> | Xavier Mertens | Old Worm But New Obfuscation Technique |
| 2020-11-12/a> | Daniel Wesemann | Exposed Blob Storage in Azure |
| 2020-11-12/a> | Daniel Wesemann | Preventing Exposed Azure Blob Storage |
| 2020-11-11/a> | Brad Duncan | Traffic Analysis Quiz: DESKTOP-FX23IK5 |
| 2020-11-09/a> | Xavier Mertens | How Attackers Brush Up Their Malicious Scripts |
| 2020-11-08/a> | Didier Stevens | Quick Tip: Extracting all VBA Code from a Maldoc |
| 2020-11-06/a> | Johannes Ullrich | Rediscovering Limitations of Stateful Firewalls: "NAT Slipstreaming" ? Implications, Detections and Mitigations |
| 2020-11-05/a> | Xavier Mertens | Did You Spot "Invoke-Expression"? |
| 2020-11-03/a> | Brad Duncan | Emotet -> Qakbot -> more Emotet |
| 2020-10-31/a> | Didier Stevens | More File Selection Gaffes |
| 2020-10-30/a> | Xavier Mertens | Quick Status of the CAA DNS Record Adoption |
| 2020-10-26/a> | Didier Stevens | Excel 4 Macros: "Abnormal Sheet Visibility" |
| 2020-10-25/a> | Didier Stevens | Video: Pascal Strings |
| 2020-10-24/a> | Guy Bruneau | An Alternative to Shodan, Censys with User-Agent CensysInspect/1.1 |
| 2020-10-23/a> | Russ McRee | Sooty: SOC Analyst's All-in-One Tool |
| 2020-10-22/a> | Jan Kopriva | BazarLoader phishing lures: plan a Halloween party, get a bonus and be fired in the same afternoon |
| 2020-10-21/a> | Daniel Wesemann | Shipping dangerous goods |
| 2020-10-20/a> | Xavier Mertens | Mirai-alike Python Scanner |
| 2020-10-14/a> | Brad Duncan | More TA551 (Shathak) Word docs push IcedID (Bokbot) |
| 2020-10-14/a> | Xavier Mertens | Nicely Obfuscated Python RAT |
| 2020-10-09/a> | Jan Kopriva | Phishing kits as far as the eye can see |
| 2020-10-07/a> | Johannes Ullrich | Today, Nobody is Going to Attack You. |
| 2020-10-03/a> | Guy Bruneau | Scanning for SOHO Routers |
| 2020-10-02/a> | Xavier Mertens | Analysis of a Phishing Kit |
| 2020-10-01/a> | Daniel Wesemann | Making sense of Azure AD (AAD) activity logs |
| 2020-09-30/a> | Johannes Ullrich | Scans for FPURL.xml: Reconnaissance or Not? |
| 2020-09-29/a> | Xavier Mertens | Managing Remote Access for Partners & Contractors |
| 2020-09-28/a> | Xavier Mertens | Some Tyler Technologies Customers Targeted with The Installation of a Bomgar Client |
| 2020-09-27/a> | Didier Stevens | Wireshark 3.2.7 Released |
| 2020-09-27/a> | Didier Stevens | Decoding Corrupt BASE64 Strings |
| 2020-09-24/a> | Xavier Mertens | Party in Ibiza with PowerShell |
| 2020-09-23/a> | Xavier Mertens | Malicious Word Document with Dynamic Content |
| 2020-09-21/a> | Jan Kopriva | Slightly broken overlay phishing |
| 2020-09-20/a> | Guy Bruneau | Analysis of a Salesforce Phishing Emails |
| 2020-09-18/a> | Xavier Mertens | A Mix of Python & VBA in a Malicious Word Document |
| 2020-09-17/a> | Xavier Mertens | Suspicious Endpoint Containment with OSSEC |
| 2020-09-16/a> | Johannes Ullrich | Do Vulnerabilities Ever Get Old? Recent "Mirai" Variant Scanning for 20 Year Old Amanda Version? |
| 2020-09-15/a> | Brad Duncan | Traffic Analysis Quiz: Oh No... Another Infection! |
| 2020-09-11/a> | Rob VandenBrink | What's in Your Clipboard? Pillaging and Protecting the Clipboard |
| 2020-09-10/a> | Brad Duncan | Recent Dridex activity |
| 2020-09-09/a> | Johannes Ullrich | A First Look at macOS 11 Big Sur Network Traffic (New! Now with more GREASE!) |
| 2020-09-04/a> | Jan Kopriva | A blast from the past - XXEncoded VB6.0 Trojan |
| 2020-09-03/a> | Xavier Mertens | Sandbox Evasion Using NTP |
| 2020-09-02/a> | Xavier Mertens | Python and Risky Windows API Calls |
| 2020-09-01/a> | Johannes Ullrich | Exposed Windows Domain Controllers Used in CLDAP DDoS Attacks |
| 2020-08-31/a> | Didier Stevens | Finding The Original Maldoc |
| 2020-08-29/a> | Didier Stevens | Malicious Excel Sheet with a NULL VT Score: More Info |
| 2020-08-28/a> | Xavier Mertens | Example of Malicious DLL Injected in PowerShell |
| 2020-08-26/a> | Xavier Mertens | Malicious Excel Sheet with a NULL VT Score |
| 2020-08-25/a> | Xavier Mertens | Keep An Eye on LOLBins |
| 2020-08-24/a> | Xavier Mertens | Tracking A Malware Campaign Through VT |
| 2020-08-22/a> | Guy Bruneau | VMware App Volumes patches address Stored Cross-Site Scripting (XSS) vulnerability - https://www.vmware.com/security/advisories/VMSA-2020-0019.html |
| 2020-08-22/a> | Guy Bruneau | Remote Desktop (TCP/3389) and Telnet (TCP/23), What might they have in Common? |
| 2020-08-20/a> | Rob VandenBrink | Office 365 Mail Forwarding Rules (and other Mail Rules too) |
| 2020-08-19/a> | Xavier Mertens | Example of Word Document Delivering Qakbot |
| 2020-08-18/a> | Rick Wanner | ISC Blocked |
| 2020-08-18/a> | Xavier Mertens | Using API's to Track Attackers |
| 2020-08-16/a> | Didier Stevens | Small Challenge: A Simple Word Maldoc - Part 3 |
| 2020-08-15/a> | Didier Stevens | Wireshark 3.2.6 Released |
| 2020-08-14/a> | Jan Kopriva | Definition of 'overkill' - using 130 MB executable to hide 24 kB malware |
| 2020-08-12/a> | Russ McRee | To the Brim at the Gates of Mordor Pt. 1 |
| 2020-08-10/a> | Bojan Zdrnja | Scoping web application and web service penetration tests |
| 2020-08-08/a> | Guy Bruneau | Scanning Activity Include Netcat Listener |
| 2020-08-07/a> | Brad Duncan | TA551 (Shathak) Word docs push IcedID (Bokbot) |
| 2020-08-06/a> | Xavier Mertens | A Fork of the FTCode Powershell Ransomware |
| 2020-08-05/a> | Brad Duncan | Traffic Analysis Quiz: What's the Malware From This Infection? |
| 2020-08-04/a> | Johannes Ullrich | Reminder: Patch Cisco ASA / FTD Devices (CVE-2020-3452). Exploitation Continues |
| 2020-08-04/a> | Johannes Ullrich | Internet Choke Points: Concentration of Authoritative Name Servers |
| 2020-08-03/a> | Xavier Mertens | Powershell Bot with Multiple C2 Protocols |
| 2020-08-03/a> | Johannes Ullrich | A Word of Caution: Helping Out People Being Stalked Online |
| 2020-08-02/a> | Didier Stevens | Small Challenge: A Simple Word Maldoc |
| 2020-08-01/a> | Jan Kopriva | What pages do bad bots look for? |
| 2020-07-28/a> | Johannes Ullrich | All I want this Tuesday: More Data |
| 2020-07-27/a> | Didier Stevens | Analyzing Metasploit ASP .NET Payloads |
| 2020-07-26/a> | Didier Stevens | Cracking Maldoc VBA Project Passwords |
| 2020-07-25/a> | Didier Stevens | ndisasm Update 2.15 |
| 2020-07-24/a> | Xavier Mertens | Compromized Desktop Applications by Web Technologies |
| 2020-07-21/a> | Jan Kopriva | Couple of interesting Covid-19 related stats |
| 2020-07-19/a> | Guy Bruneau | Scanning Activity for ZeroShell Unauthenticated Access |
| 2020-07-15/a> | Brad Duncan | Word docs with macros for IcedID (Bokbot) |
| 2020-07-13/a> | Didier Stevens | VBA Project Passwords |
| 2020-07-12/a> | Didier Stevens | Maldoc: VBA Purging Example |
| 2020-07-11/a> | Guy Bruneau | VMware XPC Client validation privilege escalation vulnerability - https://www.vmware.com/security/advisories/VMSA-2020-0017.html |
| 2020-07-11/a> | Guy Bruneau | Scanning Home Internet Facing Devices to Exploit |
| 2020-07-10/a> | Brad Duncan | Excel spreasheet macro kicks off Formbook infection |
| 2020-07-08/a> | Xavier Mertens | If You Want Something Done Right, You Have To Do It Yourself... Malware Too! |
| 2020-07-05/a> | Didier Stevens | CVE-2020-5902 F5 BIG-IP Exploitation Attempt |
| 2020-07-04/a> | Russ McRee | Happy FouRth of July from the Internet Storm Center |
| 2020-06-30/a> | Russ McRee | ISC Snapshot: SpectX IP Hitcount Query |
| 2020-06-29/a> | Didier Stevens | Sysmon and Alternate Data Streams |
| 2020-06-27/a> | Didier Stevens | Video: YARA's BASE64 Strings |
| 2020-06-25/a> | Johannes Ullrich | Tech Tuesday Recap / Recordings: Part 2 (Installing the Honeypot) release. |
| 2020-06-19/a> | Remco Verhoef | Sigma rules! The generic signature format for SIEM systems. |
| 2020-06-18/a> | Jan Kopriva | Broken phishing accidentally exploiting Outlook zero-day |
| 2020-06-16/a> | Xavier Mertens | Sextortion to The Next Level |
| 2020-06-16/a> | Johannes Ullrich | Odd "Protest" Spam (Scam?) Targeting Atlanta Police Foundation |
| 2020-06-15/a> | Rick Wanner | VMWare Security Advisory - VMSA-2020-0013 - https://www.vmware.com/security/advisories/VMSA-2020-0013.html |
| 2020-06-14/a> | Didier Stevens | YARA's BASE64 Strings |
| 2020-06-13/a> | Guy Bruneau | Mirai Botnet Activity |
| 2020-06-12/a> | Xavier Mertens | Malicious Excel Delivering Fileless Payload |
| 2020-06-11/a> | Xavier Mertens | Anti-Debugging JavaScript Techniques |
| 2020-06-10/a> | Brad Duncan | Job application-themed malspam pushes ZLoader |
| 2020-06-08/a> | Didier Stevens | Translating BASE64 Obfuscated Scripts |
| 2020-06-04/a> | Xavier Mertens | Anti-Debugging Technique based on Memory Protection |
| 2020-06-01/a> | Jim Clausing | Stackstrings, type 2 |
| 2020-06-01/a> | Didier Stevens | XLMMacroDeobfuscator: An Update |
| 2020-05-31/a> | Guy Bruneau | Windows 10 Built-in Packet Sniffer - PktMon |
| 2020-05-30/a> | Didier Stevens | YARA v4.0.1 |
| 2020-05-29/a> | Johannes Ullrich | The Impact of Researchers on Our Data |
| 2020-05-28/a> | Xavier Mertens | Flashback on CVE-2019-19781 |
| 2020-05-27/a> | Jan Kopriva | Frankenstein's phishing using Google Cloud Storage |
| 2020-05-26/a> | Jim Clausing | Seriously, SHA3 where art thou? |
| 2020-05-24/a> | Didier Stevens | Wireshark 3.2.4 Released |
| 2020-05-24/a> | Didier Stevens | Zloader Maldoc Analysis With xlm-deobfuscator |
| 2020-05-23/a> | Xavier Mertens | AgentTesla Delivered via a Malicious PowerPoint Add-In |
| 2020-05-22/a> | Didier Stevens | Some Strings to Remember |
| 2020-05-21/a> | Xavier Mertens | Malware Triage with FLOSS: API Calls Based Behavior |
| 2020-05-20/a> | Brad Duncan | Microsoft Word document with malicious macro pushes IcedID (Bokbot) |
| 2020-05-19/a> | Rick Wanner | Wireshark Release - 2.6.17, 3.0.11 and 3.2.4 - https://www.wireshark.org/news/20200519.html |
| 2020-05-19/a> | Rick Wanner | VMWare Security Advisory - VMSA-2020-0010 - https://www.vmware.com/security/advisories/VMSA-2020-0010.html |
| 2020-05-18/a> | Rick Wanner | Automating nmap scans |
| 2020-05-16/a> | Guy Bruneau | Scanning for Outlook Web Access (OWA) & Microsoft Exchange Control Panel (ECP) |
| 2020-05-15/a> | Rob VandenBrink | Hashes in PowerShell |
| 2020-05-15/a> | Rob VandenBrink | SHA3 Hashes (on Windows) - Where Art Thou? |
| 2020-05-14/a> | Rob VandenBrink | Patch Tuesday Revisited - CVE-2020-1048 isn't as "Medium" as MS Would Have You Believe |
| 2020-05-13/a> | Brad Duncan | Malspam with links to zip archives pushes Dridex malware |
| 2020-05-10/a> | Didier Stevens | YARA v4.0.0: BASE64 Strings |
| 2020-05-09/a> | Rick Wanner | VMWare vRealize Critical vulnerabilities due to SaltStack - VMSA-2020-0009 |
| 2020-05-09/a> | Rick Wanner | Nmap Basics - The Security Practitioner's Swiss Army Knife |
| 2020-05-08/a> | Xavier Mertens | Using Nmap As a Lightweight Vulnerability Scanner |
| 2020-05-07/a> | Bojan Zdrnja | Scanning with nmap?s NSE scripts |
| 2020-05-06/a> | Xavier Mertens | Keeping an Eye on Malicious Files Life Time |
| 2020-05-05/a> | Russ McRee | Cloud Security Features Don't Replace the Need for Personnel Security Capabilities |
| 2020-05-04/a> | Didier Stevens | Sysmon and File Deletion |
| 2020-05-03/a> | Didier Stevens | ZIP & AES |
| 2020-05-02/a> | Guy Bruneau | Phishing PDF with Unusual Hostname |
| 2020-05-01/a> | Jim Clausing | Attack traffic on TCP port 9673 |
| 2020-04-30/a> | Xavier Mertens | Collecting IOCs from IMAP Folder |
| 2020-04-29/a> | Johannes Ullrich | Privacy Preserving Protocols to Trace Covid19 Exposure |
| 2020-04-28/a> | Jan Kopriva | Agent Tesla delivered by the same phishing campaign for over a year |
| 2020-04-27/a> | Xavier Mertens | Powershell Payload Stored in a PSCredential Object |
| 2020-04-26/a> | Didier Stevens | Video: Malformed .docm File |
| 2020-04-25/a> | Didier Stevens | MALWARE Bazaar |
| 2020-04-24/a> | Xavier Mertens | Malicious Excel With a Strong Obfuscation and Sandbox Evasion |
| 2020-04-21/a> | Russ McRee | SpectX: Log Parser for DFIR |
| 2020-04-20/a> | Didier Stevens | KPOT AutoIt Script: Analysis |
| 2020-04-18/a> | Guy Bruneau | Maldoc Falsely Represented as DOCX Invoice Redirecting to Fake Apple Store |
| 2020-04-17/a> | Xavier Mertens | Weaponized RTF Document Generator & Mailer in PowerShell |
| 2020-04-16/a> | Johannes Ullrich | Using AppLocker to Prevent Living off the Land Attacks |
| 2020-04-13/a> | Jan Kopriva | Look at the same phishing campaign 3 months apart |
| 2020-04-12/a> | Didier Stevens | Reader Analysis: "Dynamic analysis technique to get decrypted KPOT Malware." |
| 2020-04-11/a> | Didier Stevens | Wireshark 3.2.3 Released: Mac Users Pay Attention Please |
| 2020-04-10/a> | Xavier Mertens | PowerShell Sample Extracting Payload From SSL |
| 2020-04-10/a> | Scott Fendley | Critical Vuln in vCenter vmdir (CVE-2020-3952) |
| 2020-04-08/a> | Brad Duncan | German malspam pushes ZLoader malware |
| 2020-04-07/a> | Johannes Ullrich | Increase in RDP Scanning |
| 2020-04-06/a> | Didier Stevens | Password Protected Malicious Excel Files |
| 2020-04-05/a> | Guy Bruneau | Maldoc XLS Invoice with Excel 4 Macros |
| 2020-04-04/a> | Didier Stevens | New Bypass Technique or Corrupt Word Document? |
| 2020-04-03/a> | Xavier Mertens | Obfuscated with a Simple 0x0A |
| 2020-04-01/a> | Brad Duncan | Qakbot malspam sent from an infected Windows host |
| 2020-03-31/a> | Johannes Ullrich | Kwampirs Targeted Attacks Involving Healthcare Sector |
| 2020-03-30/a> | Jan Kopriva | Crashing explorer.exe with(out) a click |
| 2020-03-29/a> | Didier Stevens | Obfuscated Excel 4 Macros |
| 2020-03-28/a> | Didier Stevens | Covid19 Domain Classifier |
| 2020-03-27/a> | Xavier Mertens | Malicious JavaScript Dropping Payload in the Registry |
| 2020-03-27/a> | Johannes Ullrich | Help us classify Covid19 related domains https://isc.sans.edu/covidclassifier.html (login required) |
| 2020-03-26/a> | Xavier Mertens | Very Large Sample as Evasion Technique? |
| 2020-03-25/a> | Brad Duncan | Recent Dridex activity |
| 2020-03-24/a> | Russ McRee | Another Critical COVID-19 Shortage: Digital Security |
| 2020-03-23/a> | Didier Stevens | KPOT Deployed via AutoIt Script |
| 2020-03-23/a> | Didier Stevens | Windows Zeroday Actively Exploited: Type 1 Font Parsing Remote Code Execution Vulnerability |
| 2020-03-22/a> | Didier Stevens | More COVID-19 Themed Malware |
| 2020-03-21/a> | Guy Bruneau | Honeypot - Scanning and Targeting Devices & Services |
| 2020-03-19/a> | Xavier Mertens | COVID-19 Themed Multistage Malware |
| 2020-03-18/a> | Brad Duncan | Trickbot gtag red5 distributed as a DLL file |
| 2020-03-16/a> | Jan Kopriva | Desktop.ini as a post-exploitation tool |
| 2020-03-15/a> | Guy Bruneau | VPN Access and Activity Monitoring |
| 2020-03-14/a> | Didier Stevens | Phishing PDF With Incremental Updates. |
| 2020-03-13/a> | Rob VandenBrink | Not all Ethernet NICs are Created Equal - Trying to Capture Invalid Ethernet Frames |
| 2020-03-12/a> | Xavier Mertens | Critical SMBv3 Vulnerability: Remote Code Execution |
| 2020-03-12/a> | Brad Duncan | Hancitor distributed through coronavirus-themed malspam |
| 2020-03-11/a> | Xavier Mertens | Agent Tesla Delivered via Fake Canon EOS Notification on Free OwnCloud Account |
| 2020-03-10/a> | Johannes Ullrich | Microsoft Patch Tuesday March 2020 |
| 2020-03-09/a> | Didier Stevens | Malicious Spreadsheet With Data Connection and Excel 4 Macros |
| 2020-03-07/a> | Didier Stevens | Wireshark 3.2.2 Released: Windows' Users Pay Attention Please |
| 2020-03-06/a> | Xavier Mertens | A Safe Excel Sheet Not So Safe |
| 2020-03-05/a> | Xavier Mertens | Will You Put Your Password in a Survey? |
| 2020-03-02/a> | Jan Kopriva | Secure vs. cleartext protocols - couple of interesting stats |
| 2020-02-29/a> | Guy Bruneau | Hazelcast IMDG Discover Scan |
| 2020-02-28/a> | Xavier Mertens | Show me Your Clipboard Data! |
| 2020-02-27/a> | Xavier Mertens | Offensive Tools Are For Blue Teams Too |
| 2020-02-25/a> | Jan Kopriva | Quick look at a couple of current online scam campaigns |
| 2020-02-24/a> | Didier Stevens | Maldoc: Excel 4 Macros and VBA, Devil and Angel? |
| 2020-02-23/a> | Didier Stevens | Maldoc: Excel 4 Macros in OOXML Format |
| 2020-02-22/a> | Xavier Mertens | Simple but Efficient VBScript Obfuscation |
| 2020-02-21/a> | Xavier Mertens | Quick Analysis of an Encrypted Compound Document Format |
| 2020-02-18/a> | Jan Kopriva | Discovering contents of folders in Windows without permissions |
| 2020-02-16/a> | Guy Bruneau | SOAR or not to SOAR? |
| 2020-02-15/a> | Didier Stevens | bsdtar on Windows 10 |
| 2020-02-14/a> | Xavier Mertens | Keep an Eye on Command-Line Browsers |
| 2020-02-13/a> | Rob VandenBrink | Auth-mageddon deferred (but not averted), Microsoft LDAP Changes now slated for Q3Q4 2020 |
| 2020-02-12/a> | Brad Duncan | Malpsam pushes Ursnif through Italian language Word docs |
| 2020-02-12/a> | Rob VandenBrink | March Patch Tuesday is Coming - the LDAP Changes will Change Your Life! |
| 2020-02-10/a> | Jan Kopriva | Current PayPal phishing campaign or "give me all your personal information" |
| 2020-02-08/a> | Russell Eubanks | After Action Review |
| 2020-02-07/a> | Xavier Mertens | Sandbox Detection Tricks & Nice Obfuscation in a Single VBScript |
| 2020-02-05/a> | Brad Duncan | Fake browser update pages are "still a thing" |
| 2020-02-03/a> | Jan Kopriva | Analysis of a triple-encrypted AZORult downloader |
| 2020-02-01/a> | Didier Stevens | Wireshark 3.2.1 Released |
| 2020-01-27/a> | Johannes Ullrich | Network Security Perspective on Coronavirus Preparedness |
| 2020-01-25/a> | Guy Bruneau | Is Threat Hunting the new Fad? |
| 2020-01-23/a> | Xavier Mertens | Complex Obfuscation VS Simple Trick |
| 2020-01-22/a> | Brad Duncan | German language malspam pushes Ursnif |
| 2020-01-21/a> | Russ McRee | DeepBlueCLI: Powershell Threat Hunting |
| 2020-01-16/a> | Bojan Zdrnja | Summing up CVE-2020-0601, or the Let?s Decrypt vulnerability |
| 2020-01-16/a> | Jan Kopriva | Picks of 2019 malware - the large, the small and the one full of null bytes |
| 2020-01-15/a> | Johannes Ullrich | CVE-2020-0601 Followup |
| 2020-01-13/a> | Didier Stevens | Citrix ADC Exploits: Overview of Observed Payloads |
| 2020-01-12/a> | Guy Bruneau | ELK Dashboard and Logstash parser for tcp-honeypot Logs |
| 2020-01-11/a> | Johannes Ullrich | Citrix ADC Exploits are Public and Heavily Used. Attempts to Install Backdoor |
| 2020-01-10/a> | Xavier Mertens | More Data Exfiltration |
| 2020-01-09/a> | Xavier Mertens | Quick Analyzis of a(nother) Maldoc |
| 2020-01-07/a> | Johannes Ullrich | A Quick Update on Scanning for CVE-2019-19781 (Citrix ADC / Gateway Vulnerability) |
| 2020-01-05/a> | Didier Stevens | etl2pcapng: Convert .etl Capture Files To .pcapng Format |
| 2020-01-03/a> | Kevin Shortt | CCPA - Quick Overview |
| 2020-01-02/a> | Xavier Mertens | Ransomware in Node.js |
| 2019-12-31/a> | Johannes Ullrich | Some Thoughts About the Critical Citrix ADC/Gateway Vulnerability (CVE-2019-19781) |
| 2019-12-29/a> | Guy Bruneau | ELK Dashboard for Pihole Logs |
| 2019-12-28/a> | Didier Stevens | Corrupt Office Documents |
| 2019-12-26/a> | Xavier Mertens | Bypassing UAC to Install a Cryptominer |
| 2019-12-24/a> | Brad Duncan | Malspam with links to Word docs pushes IcedID (Bokbot) |
| 2019-12-23/a> | Didier Stevens | New oledump.py plugin: plugin_version_vba |
| 2019-12-22/a> | Didier Stevens | Extracting VBA Macros From .DWG Files |
| 2019-12-21/a> | Didier Stevens | Wireshark 3.2.0 Released |
| 2019-12-18/a> | Brad Duncan | Emotet infection with spambot activity |
| 2019-12-16/a> | Didier Stevens | Malicious .DWG Files? |
| 2019-12-15/a> | Didier Stevens | VirusTotal Email Submissions |
| 2019-12-14/a> | Didier Stevens | (Lazy) Sunday Maldoc Analysis: A Bit More ... |
| 2019-12-13/a> | Jan Kopriva | Internet banking sites and their use of TLS... and SSLv3... and SSLv2?! |
| 2019-12-12/a> | Xavier Mertens | Code & Data Reuse in the Malware Ecosystem |
| 2019-12-11/a> | Brad Duncan | German language malspam pushes yet another wave of Trickbot |
| 2019-12-09/a> | Didier Stevens | (Lazy) Sunday Maldoc Analysis |
| 2019-12-08/a> | Didier Stevens | Wireshark 3.0.7 Released |
| 2019-12-07/a> | Guy Bruneau | Integrating Pi-hole Logs in ELK with Logstash |
| 2019-12-06/a> | Jan Kopriva | Phishing with a self-contained credentials-stealing webpage |
| 2019-12-05/a> | Jan Kopriva | E-mail from Agent Tesla |
| 2019-12-04/a> | Jan Kopriva | Analysis of a strangely poetic malware |
| 2019-12-03/a> | Brad Duncan | Ursnif infection with Dridex |
| 2019-11-29/a> | Russ McRee | ISC Snapshot: Search with SauronEye |
| 2019-11-27/a> | Brad Duncan | Finding an Agent Tesla malware sample |
| 2019-11-26/a> | Jan Kopriva | Lessons learned from playing a willing phish |
| 2019-11-23/a> | Guy Bruneau | Local Malware Analysis with Malice |
| 2019-11-22/a> | Xavier Mertens | Abusing Web Filters Misconfiguration for Reconnaissance |
| 2019-11-20/a> | Brad Duncan | Hancitor infection with Pony, Evil Pony, Ursnif, and Cobalt Strike |
| 2019-11-19/a> | Johannes Ullrich | Cheap Chinese JAWS of DVR Exploitability on Port 60001 |
| 2019-11-18/a> | Johannes Ullrich | SMS and 2FA: Another Reason to Move away from It. |
| 2019-11-13/a> | Brad Duncan | An example of malspam pushing Lokibot malware, November 2019 |
| 2019-11-10/a> | Jan Kopriva | Did the recent malicious BlueKeep campaign have any positive impact when it comes to patching? |
| 2019-11-09/a> | Guy Bruneau | Fake Netflix Update Request by Text |
| 2019-11-08/a> | Xavier Mertens | Microsoft Apps Diverted from Their Main Use |
| 2019-11-06/a> | Brad Duncan | More malspam pushing Formbook |
| 2019-11-05/a> | Rick Wanner | Bluekeep exploitation causing Bluekeep vulnerability scan to fail |
| 2019-11-03/a> | Didier Stevens | You Too? "Unusual Activity with Double Base64 Encoding" |
| 2019-11-01/a> | Didier Stevens | Tip: Password Managers and 2FA |
| 2019-10-31/a> | Jan Kopriva | EML attachments in O365 - a recipe for phishing |
| 2019-10-30/a> | Xavier Mertens | Keep an Eye on Remote Access to Mailboxes |
| 2019-10-29/a> | Xavier Mertens | Generating PCAP Files from YAML |
| 2019-10-27/a> | Didier Stevens | Wireshark 3.0.6 Released |
| 2019-10-27/a> | Guy Bruneau | Unusual Activity with Double Base64 Encoding |
| 2019-10-24/a> | Johannes Ullrich | Your Supply Chain Doesn't End At Receiving: How Do You Decommission Network Equipment? |
| 2019-10-20/a> | Guy Bruneau | Scanning Activity for NVMS-9000 Digital Video Recorder |
| 2019-10-19/a> | Russell Eubanks | What Assumptions Are You Making? |
| 2019-10-18/a> | Xavier Mertens | Quick Malicious VBS Analysis |
| 2019-10-17/a> | Jan Kopriva | Phishing e-mail spoofing SPF-enabled domain |
| 2019-10-14/a> | Didier Stevens | YARA's XOR Modifier |
| 2019-10-12/a> | Didier Stevens | YARA v3.11.0 released |
| 2019-10-10/a> | Rob VandenBrink | Mining Live Networks for OUI Data Oddness |
| 2019-10-09/a> | Brad Duncan | What data does Vidar malware steal from an infected host? |
| 2019-10-06/a> | Russ McRee | visNetwork for Network Data |
| 2019-10-03/a> | Xavier Mertens | "Lost_Files" Ransomware |
| 2019-10-03/a> | Jim Clausing | Buffer overflows found in libpcap and tcpdump |
| 2019-10-02/a> | Brad Duncan | A recent example of Emotet malspam |
| 2019-10-01/a> | Johannes Ullrich | A Quick Look at Some Current Comment Spam |
| 2019-09-27/a> | Xavier Mertens | New Scans for Polycom Autoconfiguration Files |
| 2019-09-26/a> | Rob VandenBrink | Mining MAC Address and OUI Information |
| 2019-09-25/a> | Brad Duncan | Malspam pushing Quasar RAT |
| 2019-09-24/a> | Xavier Mertens | Huge Amount of remotewebaccess.com Sites Found in Certificate Transparency Logs |
| 2019-09-21/a> | Didier Stevens | Wireshark 3.0.5 Release: Potential Windows Crash when Updating |
| 2019-09-19/a> | Xavier Mertens | Agent Tesla Trojan Abusing Corporate Email Accounts |
| 2019-09-19/a> | Xavier Mertens | Blocklisting or Whitelisting in the Right Way |
| 2019-09-18/a> | Brad Duncan | Emotet malspam is back |
| 2019-09-17/a> | Rob VandenBrink | Investigating Gaps in your Windows Event Logs |
| 2019-09-07/a> | Guy Bruneau | Unidentified Scanning Activity |
| 2019-09-03/a> | Johannes Ullrich | [Guest Diary] Tricky LNK points to TrickBot |
| 2019-08-30/a> | Xavier Mertens | Malware Dropping a Local Node.js Instance |
| 2019-08-28/a> | Johannes Ullrich | [Guest Diary] Open Redirect: A Small But Very Common Vulnerability |
| 2019-08-28/a> | Xavier Mertens | Malware Samples Compiling Their Next Stage on Premise |
| 2019-08-25/a> | Guy Bruneau | Are there any Advantages of Buying Cyber Security Insurance? |
| 2019-08-22/a> | Xavier Mertens | Simple Mimikatz & RDPWrapper Dropper |
| 2019-08-21/a> | Russ McRee | KAPE: Kroll Artifact Parser and Extractor |
| 2019-08-18/a> | Didier Stevens | Video: Analyzing DAA Files |
| 2019-08-16/a> | Didier Stevens | The DAA File Format |
| 2019-08-15/a> | Didier Stevens | Analysis of a Spearphishing Maldoc |
| 2019-08-14/a> | Brad Duncan | Recent example of MedusaHTTP malware |
| 2019-08-12/a> | Didier Stevens | Malicious .DAA Attachments |
| 2019-08-11/a> | Didier Stevens | Nmap Defcon Release: 7.80 |
| 2019-08-09/a> | Xavier Mertens | 100% JavaScript Phishing Page |
| 2019-08-08/a> | Johannes Ullrich | [Guest Diary] The good, the bad and the non-functional, or "how not to do an attack campaign" |
| 2019-08-07/a> | Bojan Zdrnja | Verifying SSL/TLS configuration (part 2) |
| 2019-08-05/a> | Rick Wanner | Scanning for Bluekeep vulnerable RDP instances |
| 2019-08-01/a> | Johannes Ullrich | What is Listening On Port 9527/TCP? |
| 2019-07-28/a> | Didier Stevens | Video: Analyzing Compressed PowerShell Scripts |
| 2019-07-26/a> | Kevin Shortt | DVRIP Port 34567 - Uptick |
| 2019-07-25/a> | Rob VandenBrink | When Users Attack! Users (and Admins) Thwarting Security Controls |
| 2019-07-24/a> | Xavier Mertens | May People Be Considered as IOC? |
| 2019-07-23/a> | Bojan Zdrnja | Verifying SSL/TLS configuration (part 1) |
| 2019-07-20/a> | Guy Bruneau | Re-evaluating Network Security - It is Increasingly More Complex |
| 2019-07-18/a> | Rob VandenBrink | The Other Side of Critical Control 1: 802.1x Wired Network Access Controls |
| 2019-07-18/a> | Xavier Mertens | Malicious PHP Script Back on Stage? |
| 2019-07-17/a> | Xavier Mertens | Analyzis of DNS TXT Records |
| 2019-07-16/a> | Russ McRee | Commando VM: The Complete Mandiant Offensive VM |
| 2019-07-13/a> | Guy Bruneau | Guidance to Protect DNS Against Hijacking & Scanning for Version.BIND Still a Thing |
| 2019-07-11/a> | Johannes Ullrich | Remembering Mike Assante |
| 2019-07-11/a> | Xavier Mertens | Russian Dolls Malicious Script Delivering Ursnif |
| 2019-07-10/a> | Rob VandenBrink | Samba Project tells us "What's New" - SMBv1 Disabled by Default (finally) |
| 2019-07-10/a> | Rob VandenBrink | Dumping File Contents in Hex (in PowerShell) |
| 2019-07-09/a> | John Bambenek | Solving the WHOIS and Privacy Problem: A Draft of Implementing WHOIS in DNS |
| 2019-07-09/a> | John Bambenek | MSFT July 2019 Patch Tuesday |
| 2019-07-08/a> | Didier Stevens | Machine Code? No! |
| 2019-07-06/a> | Didier Stevens | Malicious XSL Files |
| 2019-07-05/a> | Didier Stevens | A "Stream O" Maldoc |
| 2019-07-04/a> | Didier Stevens | Machine Code? |
| 2019-07-02/a> | Xavier Mertens | Malicious Script With Multiple Payloads |
| 2019-07-01/a> | Didier Stevens | Maldoc: Payloads in User Forms |
| 2019-06-28/a> | Rob VandenBrink | Verifying Running Processes against VirusTotal - Domain-Wide |
| 2019-06-27/a> | Rob VandenBrink | Finding the Gold in a Pile of Pennies - Long Tail Analysis in PowerShell |
| 2019-06-25/a> | Brad Duncan | Rig Exploit Kit sends Pitou.B Trojan |
| 2019-06-24/a> | Johannes Ullrich | Extensive BGP Issues Affecting Cloudflare and possibly others |
| 2019-06-21/a> | Rob VandenBrink | Netstat Local and Remote -new and improved, now with more PowerShell! |
| 2019-06-20/a> | Xavier Mertens | Using a Travel Packing App for Infosec Purpose |
| 2019-06-19/a> | Johannes Ullrich | Critical Actively Exploited WebLogic Flaw Patched CVE-2019-2729 |
| 2019-06-18/a> | Brad Duncan | Malspam with password-protected Word docs pushing Dridex |
| 2019-06-18/a> | Johannes Ullrich | What You Need To Know About TCP "SACK Panic" |
| 2019-06-17/a> | Brad Duncan | An infection from Rig exploit kit |
| 2019-06-14/a> | Jim Clausing | A few Ghidra tips for IDA users, part 4 - function call graphs |
| 2019-06-10/a> | Xavier Mertens | Interesting JavaScript Obfuscation Example |
| 2019-06-06/a> | Xavier Mertens | Keep an Eye on Your WMI Logs |
| 2019-06-03/a> | Didier Stevens | Tip: BASE64 Encoded PowerShell Scripts are Recognizable by the Amount of Letter As |
| 2019-05-31/a> | Didier Stevens | Retrieving Second Stage Payload with Ncat |
| 2019-05-29/a> | Xavier Mertens | Behavioural Malware Analysis with Microsoft ASA |
| 2019-05-28/a> | Didier Stevens | Office Document & BASE64? PowerShell! |
| 2019-05-26/a> | Didier Stevens | Video: nmap Service Detection Customization |
| 2019-05-22/a> | Johannes Ullrich | An Update on the Microsoft Windows RDP "Bluekeep" Vulnerability (CVE-2019-0708) [now with pcaps] |
| 2019-05-21/a> | Tom Webb | Using Shodan Monitoring |
| 2019-05-20/a> | Tom Webb | CVE-2019-0604 Attack |
| 2019-05-19/a> | Guy Bruneau | Is Metadata Only Approach, Good Enough for Network Traffic Analysis? |
| 2019-05-16/a> | Xavier Mertens | The Risk of Authenticated Vulnerability Scans |
| 2019-05-13/a> | Xavier Mertens | From Phishing To Ransomware? |
| 2019-05-06/a> | Didier Stevens | Text and Text |
| 2019-05-03/a> | Jim Clausing | A few Ghidra tips for IDA users, part 3 - conversion, labels, and comments |
| 2019-05-01/a> | Xavier Mertens | Another Day, Another Suspicious UDF File |
| 2019-05-01/a> | Didier Stevens | VBA Office Document: Which Version? |
| 2019-04-27/a> | Didier Stevens | Quick Tip for Dissecting CVE-2017-11882 Exploits |
| 2019-04-26/a> | Rob VandenBrink | Pillaging Passwords from Service Accounts |
| 2019-04-25/a> | Rob VandenBrink | Unpatched Vulnerability Alert - WebLogic Zero Day |
| 2019-04-25/a> | Rob VandenBrink | Service Accounts Redux - Collecting Service Accounts with PowerShell |
| 2019-04-24/a> | Rob VandenBrink | Where have all the Domain Admins gone? Rooting out Unwanted Domain Administrators |
| 2019-04-23/a> | Didier Stevens | Malicious VBA Office Document Without Source Code |
| 2019-04-22/a> | Didier Stevens | .rar Files and ACE Exploit CVE-2018-20250 |
| 2019-04-19/a> | Didier Stevens | Analyzing UDF Files with Python |
| 2019-04-17/a> | Jim Clausing | A few Ghidra tips for IDA users, part 2 - strings and parameters |
| 2019-04-17/a> | Xavier Mertens | Malware Sample Delivered Through UDF Image |
| 2019-04-13/a> | Johannes Ullrich | Configuring MTA-STS and TLS Reporting For Your Domain |
| 2019-04-11/a> | Johannes Ullrich | How to Find Hidden Cameras in your AirBNB |
| 2019-04-08/a> | Jim Clausing | A few Ghidra tips for IDA users, part 1 - the decompiler/unreachable code |
| 2019-04-07/a> | Guy Bruneau | Fake Office 365 Payment Information Update |
| 2019-04-05/a> | Russ McRee | Beagle: Graph transforms for DFIR data & logs |
| 2019-04-04/a> | Xavier Mertens | New Waves of Scans Detected by an Old Rule |
| 2019-04-03/a> | Jim Clausing | A few Ghidra tips for IDA users, part 0 - automatic comments for API call parameters |
| 2019-04-02/a> | Johannes Ullrich | Fake AV is Back: LaCie Network Drives Used to Spread Malware |
| 2019-03-31/a> | Didier Stevens | Maldoc Analysis of the Weekend by a Reader |
| 2019-03-30/a> | Didier Stevens | "404" is not Malware |
| 2019-03-29/a> | Remco Verhoef | Annotating Golang binaries with Cutter and Jupyter |
| 2019-03-27/a> | Xavier Mertens | Running your Own Passive DNS Service |
| 2019-03-25/a> | Didier Stevens | "VelvetSweatshop" Maldocs: Shellcode Analysis |
| 2019-03-23/a> | Didier Stevens | "VelvetSweatshop" Maldocs |
| 2019-03-21/a> | Xavier Mertens | New Wave of Extortion Emails: Central Intelligence Agency Case |
| 2019-03-18/a> | Didier Stevens | Wireshark 3.0.0 and Npcap: Some Remarks |
| 2019-03-17/a> | Didier Stevens | Video: Maldoc Analysis: Excel 4.0 Macro |
| 2019-03-16/a> | Didier Stevens | Maldoc: Excel 4.0 Macros |
| 2019-03-15/a> | Remco Verhoef | Binary Analysis with Jupyter and Radare2 |
| 2019-03-14/a> | Didier Stevens | Tip: Ghidra & ZIP Files |
| 2019-03-13/a> | Brad Duncan | Malspam pushes Emotet with Qakbot as the follow-up malware |
| 2019-03-11/a> | Didier Stevens | Wireshark 3.0.0 and Npcap |
| 2019-03-10/a> | Didier Stevens | Quick and Dirty Malicious HTA Analysis |
| 2019-03-10/a> | Didier Stevens | Malicious HTA Analysis by a Reader |
| 2019-03-09/a> | Guy Bruneau | A Comparison Study of SSH Port Activity - TCP 22 & 2222 |
| 2019-03-08/a> | Remco Verhoef | Analysing meterpreter payload with Ghidra |
| 2019-03-06/a> | Brad Duncan | Malspam with password-protected word docs still pushing IcedID (Bokbot) with Trickbot |
| 2019-03-06/a> | Johannes Ullrich | March Edition of Ouch! Newsletter: Securely Disposing Mobile Devices https://www.sans.org/security-awareness-training/resources/disposing-your-mobile-device |
| 2019-03-06/a> | Xavier Mertens | Keep an Eye on Disposable Email Addresses |
| 2019-03-05/a> | Rob VandenBrink | Powershell, Active Directory and the Windows Host Firewall |
| 2019-02-27/a> | Didier Stevens | Maldoc Analysis by a Reader |
| 2019-02-24/a> | Guy Bruneau | Packet Editor and Builder by Colasoft |
| 2019-02-20/a> | Brad Duncan | More Russian language malspam pushing Shade (Troldesh) ransomware |
| 2019-02-19/a> | Didier Stevens | Identifying Files: Failure Happens |
| 2019-02-18/a> | Didier Stevens | Know What You Are Logging |
| 2019-02-17/a> | Didier Stevens | Video: Finding Property Values in Office Documents |
| 2019-02-16/a> | Didier Stevens | Finding Property Values in Office Documents |
| 2019-02-14/a> | Xavier Mertens | Suspicious PDF Connecting to a Remote SMB Share |
| 2019-02-14/a> | Xavier Mertens | Old H-Worm Delivered Through GitHub |
| 2019-02-11/a> | Didier Stevens | Have You Seen an Email Virus Recently? |
| 2019-02-10/a> | Didier Stevens | Video: Maldoc Analysis of the Weekend |
| 2019-02-09/a> | Didier Stevens | Maldoc Analysis of the Weekend |
| 2019-02-07/a> | Bojan Zdrnja | UAC is not all that bad really |
| 2019-02-07/a> | Xavier Mertens | Phishing Kit with JavaScript Keylogger |
| 2019-02-06/a> | Brad Duncan | Hancitor malspam and infection traffic from Tuesday 2019-02-05 |
| 2019-02-05/a> | Rob VandenBrink | Mitigations against Mimikatz Style Attacks |
| 2019-02-02/a> | Guy Bruneau | Scanning for WebDAV PROPFIND Exploiting CVE-2017-7269 |
| 2019-01-31/a> | Xavier Mertens | Tracking Unexpected DNS Changes |
| 2019-01-30/a> | Russ McRee | CR19-010: The United States vs. Huawei |
| 2019-01-29/a> | Johannes Ullrich | A Not So Well Done Phish (Why Attackers need to Implement IPv6 Now! ;-) ) |
| 2019-01-28/a> | Bojan Zdrnja | Relaying Exchange?s NTLM authentication to domain admin (and more) |
| 2019-01-26/a> | Didier Stevens | Video: Analyzing Encrypted Malicious Office Documents |
| 2019-01-24/a> | Brad Duncan | Malspam with Word docs uses macro to run Powershell script and steal system data |
| 2019-01-22/a> | Xavier Mertens | DNS Firewalling with MISP |
| 2019-01-16/a> | Brad Duncan | Emotet infections and follow-up malware |
| 2019-01-14/a> | Rob VandenBrink | Microsoft LAPS - Blue Team / Red Team |
| 2019-01-12/a> | Guy Bruneau | Snorpy a Web Base Tool to Build Snort/Suricata Rules |
| 2019-01-11/a> | Didier Stevens | Quick Maldoc Analysis |
| 2019-01-10/a> | Brad Duncan | Heartbreaking Emails: "Love You" Malspam |
| 2019-01-09/a> | Russ McRee | gganimate: Animate YouR Security Analysis |
| 2019-01-07/a> | Didier Stevens | Analyzing Encrypted Malicious Office Documents |
| 2019-01-06/a> | Didier Stevens | Malicious .tar Attachments |
| 2019-01-05/a> | Didier Stevens | A Malicious JPEG? Second Example |
| 2019-01-04/a> | Didier Stevens | A Malicious JPEG? |
| 2019-01-02/a> | Didier Stevens | Maldoc with Nonfunctional Shellcode |
| 2019-01-02/a> | Lorna Hutcheson | Gift Card Scams on the rise |
| 2019-01-02/a> | Xavier Mertens | Malicious Script Leaking Data via FTP |
| 2018-12-31/a> | Didier Stevens | Software Crashes: A New Year's Resolution |
| 2018-12-29/a> | Didier Stevens | Video: De-DOSfuscation Example |
| 2018-12-23/a> | Guy Bruneau | Scanning Activity, end Goal is to add Hosts to Mirai Botnet |
| 2018-12-21/a> | Lorna Hutcheson | Phishing Attempts That Bypass 2FA |
| 2018-12-19/a> | Xavier Mertens | Restricting PowerShell Capabilities with NetSh |
| 2018-12-19/a> | Xavier Mertens | Microsoft OOB Patch for Internet Explorer: Scripting Engine Memory Corruption Vulnerability |
| 2018-12-19/a> | Xavier Mertens | Using OSSEC Active-Response as a DFIR Framework |
| 2018-12-18/a> | Brad Duncan | Malspam links to password-protected Word docs that push IcedID (Bokbot) |
| 2018-12-17/a> | Didier Stevens | Password Protected ZIP with Maldoc |
| 2018-12-16/a> | Guy Bruneau | Random Port Scan for Open RDP Backdoor |
| 2018-12-15/a> | Didier Stevens | De-DOSfuscation Example |
| 2018-12-12/a> | Didier Stevens | Yet Another DOSfuscation Sample |
| 2018-12-11/a> | Richard Porter | Microsoft December 2018 Patch Tuesday |
| 2018-12-09/a> | Didier Stevens | Quickie: String Analysis is Still Useful |
| 2018-12-09/a> | Johannes Ullrich | Arrest of Huawei CFO Inspires Advance Fee Scam |
| 2018-12-08/a> | Didier Stevens | Reader Malware Submission: MHT File Inside a ZIP File |
| 2018-12-05/a> | Brad Duncan | Campaign evolution: Hancitor changes its Word macros |
| 2018-12-04/a> | Brad Duncan | Malspam pushing Lokibot malware |
| 2018-12-03/a> | Didier Stevens | Word maldoc: yet another place to hide a command |
| 2018-12-01/a> | Didier Stevens | Wireshark update 2.6.5 available |
| 2018-11-30/a> | Remco Verhoef | CoinMiners searching for hosts |
| 2018-11-29/a> | Brad Duncan | Russian language malspam pushing Shade (Troldesh) ransomware |
| 2018-11-27/a> | Xavier Mertens | More obfuscated shell scripts: Fake MacOS Flash update |
| 2018-11-27/a> | Rob VandenBrink | Data Exfiltration in Penetration Tests |
| 2018-11-26/a> | Russ McRee | ViperMonkey: VBA maldoc deobfuscation |
| 2018-11-26/a> | Xavier Mertens | Obfuscated bash script targeting QNap boxes |
| 2018-11-23/a> | Didier Stevens | Video: Dissecting a CVE-2017-11882 Exploit |
| 2018-11-22/a> | Xavier Mertens | Divided Payload in Multiple Pasties |
| 2018-11-21/a> | Johannes Ullrich | Critical Vulnerability in Flash Player |
| 2018-11-20/a> | Xavier Mertens | Querying DShield from Cortex |
| 2018-11-20/a> | Xavier Mertens | VMware Affected by Dell EMC Avamar Vulnerability |
| 2018-11-19/a> | Xavier Mertens | The Challenge of Managing Your Digital Library |
| 2018-11-18/a> | Guy Bruneau | Multipurpose PCAP Analysis Tool |
| 2018-11-17/a> | Xavier Mertens | Quickly Investigating Websites with Lookyloo |
| 2018-11-16/a> | Xavier Mertens | Basic Obfuscation With Permissive Languages |
| 2018-11-15/a> | Brad Duncan | Emotet infection with IcedID banking Trojan |
| 2018-11-14/a> | Brad Duncan | Day in the life of a researcher: Finding a wave of Trickbot malspam |
| 2018-11-13/a> | Johannes Ullrich | November 2018 Microsoft Patch Tuesday |
| 2018-11-12/a> | Rick Wanner | Using the Neutrino ip-blocklist API to test general badness of an IP |
| 2018-11-11/a> | Pasquale Stirparo | Community contribution: joining forces or multiply solutions? |
| 2018-11-10/a> | Didier Stevens | Video: CyberChef: BASE64/XOR Recipe |
| 2018-11-06/a> | Xavier Mertens | Malicious Powershell Script Dissection |
| 2018-11-05/a> | Johannes Ullrich | Struts 2.3 Vulnerable to Two Year old File Upload Flaw |
| 2018-11-04/a> | Pasquale Stirparo | Beyond good ol' LaunchAgent - part 1 |
| 2018-11-02/a> | Didier Stevens | TriJklcj2HIUCheDES decryption failed? |
| 2018-10-31/a> | Brad Duncan | More malspam using password-protected Word docs |
| 2018-10-30/a> | Brad Duncan | Campaign evolution: Hancitor malspam starts pushing Ursnif this week |
| 2018-10-23/a> | Xavier Mertens | Diving into Malicious AutoIT Code |
| 2018-10-22/a> | Xavier Mertens | Malicious Powershell using a Decoy Picture |
| 2018-10-21/a> | Pasquale Stirparo | Beyond good ol’ LaunchAgent - part 0 |
| 2018-10-18/a> | Russ McRee | Cisco Security Advisories 17 OCT 2018 |
| 2018-10-17/a> | Russ McRee | VMSA-2018-0026 VMware ESXi, Workstation & Fusion updates address out-of-bounds read vulnerability https://www.vmware.com/security/advisories/VMSA-2018-0026.html |
| 2018-10-17/a> | Russ McRee | RedHunt Linux - Adversary Emulation, Threat Hunting & Intelligence |
| 2018-10-16/a> | Didier Stevens | CyberChef: BASE64/XOR Recipe |
| 2018-10-13/a> | Didier Stevens | Maldoc: Once More It's XOR |
| 2018-10-12/a> | Xavier Mertens | More Equation Editor Exploit Waves |
| 2018-10-10/a> | Xavier Mertens | New Campaign Using Old Equation Editor Vulnerability |
| 2018-10-09/a> | Johannes Ullrich | October 2018 Microsoft Patch Tuesday |
| 2018-10-08/a> | Guy Bruneau | Apple Security Updates |
| 2018-10-08/a> | Guy Bruneau | Latest Release of rockNSM 2.1 |
| 2018-10-07/a> | Didier Stevens | YARA XOR Strings: Some Remarks |
| 2018-10-06/a> | Didier Stevens | YARA: XOR Strings |
| 2018-10-05/a> | Jim Clausing | A strange spam |
| 2018-10-01/a> | Didier Stevens | Decoding Custom Substitution Encodings with translate.py |
| 2018-10-01/a> | Didier Stevens | Developing YARA Rules: a Practical Example |
| 2018-09-30/a> | Didier Stevens | When DOSfuscation Helps... |
| 2018-09-28/a> | Xavier Mertens | More Excel DDE Code Injection |
| 2018-09-26/a> | Brad Duncan | One Emotet infection leads to three follow-up malware infections |
| 2018-09-22/a> | Didier Stevens | Suspicious DNS Requests ... Issued by a Firewall |
| 2018-09-20/a> | Xavier Mertens | Hunting for Suspicious Processes with OSSEC |
| 2018-09-19/a> | Rob VandenBrink | Certificates Revisited - SSL VPN Certificates 2 Ways |
| 2018-09-18/a> | Rob VandenBrink | Using Certificate Transparency as an Attack / Defense Tool |
| 2018-09-16/a> | Didier Stevens | 20/20 malware vision |
| 2018-09-13/a> | Xavier Mertens | Malware Delivered Through MHT Files |
| 2018-09-11/a> | Johannes Ullrich | Microsoft September Patch Tuesday Summary |
| 2018-09-07/a> | Xavier Mertens | Crypto Mining in a Windows Headless Browser |
| 2018-09-05/a> | Rob VandenBrink | Where have all my Certificates gone? (And when do they expire?) |
| 2018-09-05/a> | Xavier Mertens | Malicious PowerShell Compiling C# Code on the Fly |
| 2018-09-04/a> | Rob VandenBrink | Let's Trade: You Read My Email, I'll Read Your Password! |
| 2018-08-31/a> | Jim Clausing | Quickie: Using radare2 to disassemble shellcode |
| 2018-08-30/a> | Xavier Mertens | Crypto Mining Is More Popular Than Ever! |
| 2018-08-29/a> | Xavier Mertens | 3D Printers in The Wild, What Can Go Wrong? |
| 2018-08-26/a> | Didier Stevens | "When was this machine infected?" |
| 2018-08-26/a> | Didier Stevens | Identifying numeric obfuscation |
| 2018-08-25/a> | Didier Stevens | Microsoft Publisher malware: static analysis |
| 2018-08-24/a> | Xavier Mertens | Microsoft Publisher Files Delivering Malware |
| 2018-08-23/a> | Xavier Mertens | Simple Phishing Through formcrafts.com |
| 2018-08-22/a> | Deborah Hale | Email/password Frustration |
| 2018-08-21/a> | Xavier Mertens | Malicious DLL Loaded Through AutoIT |
| 2018-08-20/a> | Didier Stevens | OpenSSH user enumeration (CVE-2018-15473) |
| 2018-08-19/a> | Didier Stevens | Video: Peeking into msg files - revisited |
| 2018-08-15/a> | Xavier Mertens | Truncating Payloads and Anonymizing PCAP files |
| 2018-08-15/a> | Brad Duncan | More malspam pushing password-protected Word docs for AZORult and Hermes Ransomware |
| 2018-08-11/a> | Didier Stevens | Peeking into msg files - revisited |
| 2018-08-10/a> | Remco Verhoef | Hunting SSL/TLS clients using JA3 |
| 2018-08-06/a> | Didier Stevens | Numeric obfuscation: another example |
| 2018-08-05/a> | Didier Stevens | Video: Maldoc analysis with standard Linux tools |
| 2018-08-04/a> | Didier Stevens | Dealing with numeric obfuscation in malicious scripts |
| 2018-08-02/a> | Brad Duncan | DHL-themed malspam reveals embedded malware in animated gif |
| 2018-08-01/a> | Johannes Ullrich | When Cameras and Routers attack Phones. Spike in CVE-2014-8361 Exploits Against Port 52869 |
| 2018-07-30/a> | Didier Stevens | Malicious Word documents using DOSfuscation |
| 2018-07-30/a> | Xavier Mertens | Exploiting the Power of Curl |
| 2018-07-29/a> | Guy Bruneau | Using RITA for Threat Analysis |
| 2018-07-27/a> | Brad Duncan | Malspam with password-protected Word docs pushes Hermes ransomware |
| 2018-07-26/a> | Xavier Mertens | Windows Batch File Deobfuscation |
| 2018-07-24/a> | Brad Duncan | Recent Emotet activity |
| 2018-07-23/a> | Didier Stevens | Analyzing MSG files |
| 2018-07-17/a> | Xavier Mertens | Searching for Geographically Improbable Login Attempts |
| 2018-07-17/a> | Scott Fendley | Oracle Critical Patch Update Release |
| 2018-07-15/a> | Didier Stevens | Extracting BTC addresses from emails |
| 2018-07-13/a> | Xavier Mertens | Cryptominer Delivered Though Compromized JavaScript File |
| 2018-07-12/a> | Johannes Ullrich | New Extortion Tricks: Now Including Your Password! |
| 2018-07-11/a> | Remco Verhoef | Well, Hello Again Peppa! |
| 2018-07-09/a> | Renato Marinho | Criminals Don't Read Instructions or Use Strong Passwords |
| 2018-07-04/a> | Didier Stevens | XPS Metadata |
| 2018-07-03/a> | Didier Stevens | Progress indication for scripts on Windows |
| 2018-07-02/a> | Guy Bruneau | VMware ESXi, Workstation, and Fusion address multiple out-of-bounds read vulnerabilities https://www.vmware.com/security/advisories/VMSA-2018-0016.html |
| 2018-07-02/a> | Guy Bruneau | Hello Peppa! - PHP Scans |
| 2018-06-29/a> | Remco Verhoef | Crypto community target of MacOS malware |
| 2018-06-27/a> | Renato Marinho | Silently Profiling Unknown Malware Samples |
| 2018-06-25/a> | Didier Stevens | Guilty by association |
| 2018-06-22/a> | Lorna Hutcheson | XPS Attachment Used for Phishing |
| 2018-06-21/a> | Xavier Mertens | Are Your Hunting Rules Still Working? |
| 2018-06-18/a> | Xavier Mertens | Malicious JavaScript Targeting Mobile Browsers |
| 2018-06-17/a> | Didier Stevens | Encrypted Office Documents |
| 2018-06-16/a> | Russ McRee | Anomaly Detection & Threat Hunting with Anomalize |
| 2018-06-15/a> | Lorna Hutcheson | SMTP Strangeness - Possible C2 |
| 2018-06-13/a> | Xavier Mertens | A Bunch of Compromized Wordpress Sites |
| 2018-06-12/a> | Johannes Ullrich | Microsoft June 2018 Patch Tuesday |
| 2018-06-07/a> | Remco Verhoef | Automated twitter loot collection |
| 2018-06-06/a> | Xavier Mertens | Converting PCAP Web Traffic to Apache Log |
| 2018-06-05/a> | Xavier Mertens | Malicious Post-Exploitation Batch File |
| 2018-06-04/a> | Rob VandenBrink | Digging into Authenticode Certificates |
| 2018-06-01/a> | Remco Verhoef | Binary analysis with Radare2 |
| 2018-05-28/a> | Kevin Liston | Do you hear Laurel or Yanny or is it On-Off Keying? |
| 2018-05-27/a> | Guy Bruneau | Capture and Analysis of User Agents |
| 2018-05-25/a> | Xavier Mertens | Antivirus Evasion? Easy as 1,2,3 |
| 2018-05-24/a> | Xavier Mertens | "Blocked" Does Not Mean "Forget It" |
| 2018-05-23/a> | Remco Verhoef | Track naughty and nice binaries with Google Santa |
| 2018-05-22/a> | Guy Bruneau | VMware updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue - https://www.vmware.com/security/advisories/VMSA-2018-0012.html |
| 2018-05-22/a> | Xavier Mertens | Malware Distributed via .slk Files |
| 2018-05-22/a> | Xavier Mertens | VMware Workstation and Fusion updates address signature bypass and multiple denial-of-service vulnerabilities https://www.vmware.com/security/advisories/VMSA-2018-0013.html |
| 2018-05-19/a> | Xavier Mertens | Malicious Powershell Targeting UK Bank Customers |
| 2018-05-16/a> | Mark Hofman | EFAIL, a weakness in openPGP and S\MIME |
| 2018-05-10/a> | Bojan Zdrnja | Exfiltrating data from (very) isolated environments |
| 2018-05-09/a> | Xavier Mertens | Nice Phishing Sample Delivering Trickbot |
| 2018-05-07/a> | Xavier Mertens | Adding Persistence Via Scheduled Tasks |
| 2018-05-06/a> | Guy Bruneau | Scans Attempting to use PowerShell to Download PHP Script |
| 2018-05-03/a> | Renato Marinho | WebLogic Exploited in the Wild (Again) |
| 2018-05-02/a> | Russ McRee | Windows Commands Reference - An InfoSec Must Have |
| 2018-05-01/a> | Xavier Mertens | Diving into a Simple Maldoc Generator |
| 2018-04-30/a> | Remco Verhoef | Another approach to webapplication fingerprinting |
| 2018-04-27/a> | Tom Webb | More Threat Hunting with User Agent and Drupal Exploits |
| 2018-04-25/a> | Johannes Ullrich | Yet Another Drupal RCE Vulnerability |
| 2018-03-12/a> | Xavier Mertens | Payload delivery via SMB |
| 2018-03-11/a> | Guy Bruneau | rockNSM Configuration & Installation Steps http://handlers.sans.org/gbruneau/rockNSM%20as%20an%20Incident%20Response%20Package.htm |
| 2018-03-08/a> | Xavier Mertens | CRIMEB4NK IRC Bot |
| 2018-03-06/a> | Mark Hofman | The joys of changing Privacy Laws |
| 2018-03-05/a> | Xavier Mertens | Malicious Bash Script with Multiple Features |
| 2018-03-04/a> | Xavier Mertens | The Crypto Miners Fight For CPU Cycles |
| 2018-03-03/a> | Xavier Mertens | Reminder: Beware of the "Cloud" |
| 2018-03-02/a> | Xavier Mertens | Common Patterns Used in Phishing Campaigns Files |
| 2018-03-01/a> | Johannes Ullrich | Why Does Emperor Xi Dislike Winnie the Pooh and Scrambled Eggs? |
| 2018-02-28/a> | Kevin Liston | How did this Memcache thing happen? |
| 2018-02-25/a> | Guy Bruneau | Blackhole Advertising Sites with Pi-hole |
| 2018-02-25/a> | Didier Stevens | Retrieving malware over Tor on Windows |
| 2018-02-02/a> | Xavier Mertens | Simple but Effective Malicious XLS Sheet |
| 2018-02-01/a> | Johannes Ullrich | Adobe Flash 0-Day Used Against South Korean Targets |
| 2018-02-01/a> | Xavier Mertens | Adaptive Phishing Kit |
| 2018-01-31/a> | Tom Webb | Tax Phishing Time |
| 2018-01-29/a> | Didier Stevens | Comment your Packet Captures - Extra! |
| 2018-01-28/a> | Didier Stevens | Is this a pentest? |
| 2018-01-26/a> | Xavier Mertens | Investigating Microsoft BITS Activity |
| 2018-01-25/a> | Xavier Mertens | Ransomware as a Service |
| 2018-01-23/a> | John Bambenek | Life after GDPR: Implications for Cybersecurity |
| 2018-01-23/a> | Johannes Ullrich | Apple Updates Everything, Again |
| 2018-01-22/a> | Didier Stevens | HTTPS on every port? |
| 2018-01-20/a> | Didier Stevens | An RTF phish |
| 2018-01-19/a> | Jim Clausing | Followup to IPv6 brute force and IPv6 blocking |
| 2018-01-18/a> | Xavier Mertens | Comment your Packet Captures! |
| 2018-01-13/a> | Rick Wanner | Flaw in Intel's Active Management Technology (AMT) |
| 2018-01-11/a> | Xavier Mertens | Mining or Nothing! |
| 2018-01-07/a> | Guy Bruneau | SSH Scans by Clients Types |
| 2018-01-03/a> | John Bambenek | Phishing to Rural America Leads to Six-figure Wire Fraud Losses |
| 2018-01-02/a> | Didier Stevens | PDF documents & URLs: video |
| 2018-01-01/a> | Didier Stevens | What is new? |
| 2017-12-31/a> | Didier Stevens | Analyzing TNEF files |
| 2017-12-30/a> | Xavier Mertens | 2017, The Flood of CVEs |
| 2017-12-27/a> | Guy Bruneau | What are your Security Challenges for 2018? |
| 2017-12-25/a> | Didier Stevens | Dealing with obfuscated RTF files |
| 2017-12-24/a> | Didier Stevens | PDF documents & URLs: update |
| 2017-12-23/a> | Didier Stevens | Encrypted PDFs |
| 2017-12-20/a> | Richard Porter | VMWare Security Advisory: VMSA-2017-0021: https://www.vmware.com/security/advisories/VMSA-2017-0021.html |
| 2017-12-19/a> | Xavier Mertens | Example of 'MouseOver' Link in a Powerpoint File |
| 2017-12-18/a> | Didier Stevens | Phish or scam? - Part 2 |
| 2017-12-17/a> | Didier Stevens | Phish or scam? - Part 1 |
| 2017-12-16/a> | Xavier Mertens | Microsoft Office VBA Macro Obfuscation via Metadata |
| 2017-12-14/a> | Russ McRee | Security Planner: Improve your online safety |
| 2017-12-14/a> | Russ McRee | Detection Lab: Visibility & Introspection for Defenders |
| 2017-12-13/a> | Xavier Mertens | Tracking Newly Registered Domains |
| 2017-12-12/a> | Johannes Ullrich | December Microsoft Patch Tuesday Summary |
| 2017-12-09/a> | Didier Stevens | Sometimes it's a dud |
| 2017-12-03/a> | Xavier Mertens | StartSSL: Termination of Services is Now Scheduled |
| 2017-11-30/a> | Brad Duncan | More Malspam pushing Emotet malware |
| 2017-11-29/a> | Xavier Mertens | Fileless Malicious PowerShell Sample |
| 2017-11-28/a> | Xavier Mertens | Apple High Sierra Uses a Passwordless Root Account |
| 2017-11-25/a> | Guy Bruneau | Benefits associated with the use of Open Source Software |
| 2017-11-23/a> | Xavier Mertens | Proactive Malicious Domain Search |
| 2017-11-17/a> | Xavier Mertens | Top-100 Malicious IP STIX Feed |
| 2017-11-16/a> | Xavier Mertens | Suspicious Domains Tracking Dashboard |
| 2017-11-15/a> | Xavier Mertens | If you want something done right, do it yourself! |
| 2017-11-13/a> | Guy Bruneau | jsonrpc Scanning for root account |
| 2017-11-13/a> | Guy Bruneau | VBE Embeded Script (info.zip) |
| 2017-11-11/a> | Xavier Mertens | Keep An Eye on your Root Certificates |
| 2017-11-10/a> | Bojan Zdrnja | Battling e-mail phishing |
| 2017-11-07/a> | Xavier Mertens | Interesting VBA Dropper |
| 2017-11-06/a> | Didier Stevens | Metasploit's Maldoc |
| 2017-11-05/a> | Didier Stevens | Extracting the text from PDF documents |
| 2017-11-04/a> | Didier Stevens | PDF documents & URLs |
| 2017-11-03/a> | Xavier Mertens | Simple Analysis of an Obfuscated JAR File |
| 2017-10-31/a> | Xavier Mertens | Some Powershell Malicious Code |
| 2017-10-30/a> | Johannes Ullrich | Critical Patch For Oracle's Identity Manager |
| 2017-10-29/a> | Didier Stevens | Remember ACE files? |
| 2017-10-27/a> | Renato Marinho | "Catch-All" Google Chrome Malicious Extension Steals All Posted Data |
| 2017-10-24/a> | Xavier Mertens | Stop relying on file extensions |
| 2017-10-24/a> | Xavier Mertens | BadRabbit: New ransomware wave hitting RU & UA |
| 2017-10-20/a> | Rick Wanner | Cisco fixes for KRACKs not complete |
| 2017-10-19/a> | Brad Duncan | HSBC-themed malspam uses ISO attachments to push Loki Bot malware |
| 2017-10-18/a> | Renato Marinho | Baselining Servers to Detect Outliers |
| 2017-10-17/a> | Brad Duncan | Hancitor malspam uses DDE attack |
| 2017-10-16/a> | Johannes Ullrich | WPA2 "KRACK" Attack |
| 2017-10-15/a> | Didier Stevens | Peeking into .msg files |
| 2017-10-12/a> | Xavier Mertens | Version control tools aren't only for Developers |
| 2017-10-06/a> | Johannes Ullrich | What's in a cable? The dangers of unauthorized cables |
| 2017-10-05/a> | Johannes Ullrich | pcap2curl: Turning a pcap file into a set of cURL commands for "replay" |
| 2017-10-02/a> | Xavier Mertens | Investigating Security Incidents with Passive DNS |
| 2017-09-30/a> | Lorna Hutcheson | Who's Borrowing your Resources? |
| 2017-09-29/a> | Lorna Hutcheson | Good Analysis = Understanding(tools + logs + normal) |
| 2017-09-28/a> | Xavier Mertens | The easy way to analyze huge amounts of PCAP data |
| 2017-09-25/a> | Renato Marinho | XPCTRA Malware Steals Banking and Digital Wallet User's Credentials |
| 2017-09-20/a> | Renato Marinho | Ongoing Ykcol (Locky) campaign |
| 2017-09-19/a> | Jim Clausing | New tool: mac-robber.py |
| 2017-09-18/a> | Johannes Ullrich | SANS Securingthehuman posted a follow up to their Equifax breach webcast: https://securingthehuman.sans.org/blog/2017/09/15/equifax-webcast-follow-up |
| 2017-09-18/a> | Xavier Mertens | Getting some intelligence from malspam |
| 2017-09-18/a> | Xavier Mertens | CCleaner 5.33 compromised - http://www.piriform.com/news/release-announcements/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users |
| 2017-09-17/a> | Guy Bruneau | rockNSM as a Incident Response Package |
| 2017-09-16/a> | Guy Bruneau | VMware ESXi, vCenter Server, Fusion and Workstation updates resolve multiple security vulnerabilities - https://www.vmware.com/security/advisories/VMSA-2017-0015.html |
| 2017-09-14/a> | Xavier Mertens | Another webshell, another backdoor! |
| 2017-09-13/a> | Rob VandenBrink | Sysinternals Update: Sysmon v6.10, Process Monitor v3.40, Autoruns v13.80, AccessChk v6.11 - https://blogs.technet.microsoft.com/sysinternals/2017/09/12/sysinternals-update-sysmon-v6-1-process-monitor-v3-4-autoruns-v13-8-accesschk-v6-11/ |
| 2017-09-11/a> | Russ McRee | Windows Auditing with WINspect |
| 2017-09-10/a> | Didier Stevens | It is a resume - Part 3 |
| 2017-09-09/a> | Didier Stevens | Malware analysis output sanitization |
| 2017-09-08/a> | Adrien de Beaupre | YASRV (Yet Another Struts RCE Vulnerability) yes a different one from yesterday |
| 2017-09-06/a> | Adrien de Beaupre | Modern Web Application Penetration Testing , Hash Length Extension Attacks |
| 2017-09-05/a> | Johannes Ullrich | The Mirai Botnet: A Look Back and Ahead At What's Next |
| 2017-09-05/a> | Adrien de Beaupre | Struts vulnerability patch released by apache, patch now |
| 2017-09-02/a> | Xavier Mertens | AutoIT based malware back in the wild |
| 2017-09-01/a> | Brad Duncan | Malspam pushing Locky ransomware tries HoeflerText notifications for Chrome and FireFox |
| 2017-08-29/a> | Renato Marinho | Second Google Chrome Extension Banker Malware in Two Weeks |
| 2017-08-28/a> | Johannes Ullrich | An Update On DVR Malware: A DVR Torture Chamber |
| 2017-08-26/a> | Didier Stevens | Malware analysis: searching for dots |
| 2017-08-25/a> | Xavier Mertens | Malicious AutoIT script delivered in a self-extracting RAR file |
| 2017-08-24/a> | Bojan Zdrnja | Free Bitcoins? Why not? |
| 2017-08-23/a> | Xavier Mertens | Malicious script dropping an executable signed by Avast? |
| 2017-08-22/a> | Xavier Mertens | Defang all the things! |
| 2017-08-20/a> | Didier Stevens | It's Not An Invoice ... |
| 2017-08-18/a> | Guy Bruneau | tshark 2.4 New Feature - Command Line Export Objects |
| 2017-08-18/a> | Renato Marinho | EngineBox Malware Supports 10+ Brazilian Banks |
| 2017-08-17/a> | Xavier Mertens | Maldoc with auto-updated link |
| 2017-08-16/a> | Xavier Mertens | Analysis of a Paypal phishing kit |
| 2017-08-15/a> | Brad Duncan | Malspam pushing Trickbot banking Trojan |
| 2017-08-15/a> | Renato Marinho | (Banker(GoogleChromeExtension)).targeting("Brazil") |
| 2017-08-14/a> | Didier Stevens | Sometimes it's just SPAM |
| 2017-08-13/a> | Didier Stevens | The Good Phishing Email |
| 2017-08-10/a> | Didier Stevens | Maldoc Analysis with ViperMonkey |
| 2017-08-07/a> | Xavier Mertens | Increase of phpMyAdmin scans |
| 2017-08-03/a> | Johannes Ullrich | Using a Raspberry Pi honeypot to contribute data to DShield/ISC |
| 2017-08-01/a> | Rob VandenBrink | Rooting Out Hosts that Support Older Samba Versions |
| 2017-07-30/a> | Renato Marinho | SMBLoris - the new SMB flaw |
| 2017-07-30/a> | Guy Bruneau | Re-release of MS Oulook Security Patches https://portal.msrc.microsoft.com/en-us/security-guidance/summary |
| 2017-07-30/a> | Guy Bruneau | Text Banking Scams |
| 2017-07-29/a> | Didier Stevens | Maldoc Submitted and Analyzed |
| 2017-07-28/a> | Didier Stevens | Static Analysis of Emotet Maldoc |
| 2017-07-26/a> | Brad Duncan | Malspam pushing Emotet malware |
| 2017-07-24/a> | Renato Marinho | Uber drivers new threat: the "passenger" |
| 2017-07-24/a> | Russell Eubanks | Trends Over Time |
| 2017-07-21/a> | Didier Stevens | Malicious .iso Attachments |
| 2017-07-19/a> | Xavier Mertens | Bots Searching for Keys & Config Files |
| 2017-07-16/a> | Renato Marinho | SMS Phishing induces victims to photograph its own token card |
| 2017-07-15/a> | Didier Stevens | Office maldoc + .lnk |
| 2017-07-14/a> | Brad Duncan | NemucodAES and the malspam that distributes it |
| 2017-07-12/a> | Xavier Mertens | Backup Scripts, the FIM of the Poor |
| 2017-07-11/a> | Renato Marinho | July's Microsoft Patch Tuesday |
| 2017-07-10/a> | Didier Stevens | Basic Office maldoc analysis |
| 2017-07-09/a> | Russ McRee | Adversary hunting with SOF-ELK |
| 2017-07-08/a> | Xavier Mertens | A VBScript with Obfuscated Base64 Data |
| 2017-07-07/a> | Renato Marinho | DDoS Extortion E-mail: Yet Another Bluff? |
| 2017-07-05/a> | Didier Stevens | Selecting domains with random names |
| 2017-07-01/a> | Rick Wanner | Using nmap to scan for MS17-010 (CVE-2017-0143 EternalBlue) |
| 2017-06-28/a> | Brad Duncan | Petya? I hardly know ya! - an ISC update on the 2017-06-27 ransomware outbreak |
| 2017-06-28/a> | Brad Duncan | Catching up with Blank Slate: a malspam campaign still going strong |
| 2017-06-22/a> | Xavier Mertens | Obfuscating without XOR |
| 2017-06-17/a> | Guy Bruneau | Mapping Use Cases to Logs. Which Logs are the Most Important to Collect? |
| 2017-06-15/a> | Bojan Zdrnja | Uberscammers |
| 2017-06-10/a> | Russell Eubanks | An Occasional Look in the Rear View Mirror |
| 2017-06-08/a> | Tom Webb | Summer STEM for Kids |
| 2017-06-07/a> | Johannes Ullrich | Deceptive Advertisements: What they do and where they come from |
| 2017-06-06/a> | Didier Stevens | Malware and XOR - Part 2 |
| 2017-06-05/a> | Didier Stevens | Malware and XOR - Part 1 |
| 2017-06-02/a> | Xavier Mertens | Phishing Campaigns Follow Trends |
| 2017-06-01/a> | Xavier Mertens | Sharing Private Data with Webcast Invitations |
| 2017-05-31/a> | Pasquale Stirparo | Analysis of Competing Hypotheses, WCry and Lazarus (ACH part 2) |
| 2017-05-30/a> | Johannes Ullrich | FreeRadius Authentication Bypass |
| 2017-05-28/a> | Pasquale Stirparo | Analysis of Competing Hypotheses (ACH part 1) |
| 2017-05-28/a> | Guy Bruneau | CyberChef a Must Have Tool in your Tool bag! |
| 2017-05-26/a> | Lorna Hutcheson | File2pcap - A new tool for your toolkit! |
| 2017-05-25/a> | Xavier Mertens | Critical Vulnerability in Samba from 3.5.0 onwards |
| 2017-05-24/a> | Brad Duncan | Jaff ransomware gets a makeover |
| 2017-05-23/a> | Rob VandenBrink | What did we Learn from WannaCry? - Oh Wait, We Already Knew That! |
| 2017-05-20/a> | Xavier Mertens | Typosquatting: Awareness and Hunting |
| 2017-05-18/a> | Xavier Mertens | My Little CVE Bot |
| 2017-05-17/a> | Richard Porter | Wait What? We don?t have to change passwords every 90 days? |
| 2017-05-16/a> | Russ McRee | WannaCry? Do your own data analysis. |
| 2017-05-13/a> | Guy Bruneau | Microsoft Released Guidance for WannaCrypt |
| 2017-05-13/a> | Guy Bruneau | Has anyone Tested WannaCry Killswitch? - https://blog.didierstevens.com/2017/05/13/quickpost-wcry-killswitch-check-is-not-proxy-aware/ |
| 2017-05-12/a> | Xavier Mertens | When Bad Guys are Pwning Bad Guys... |
| 2017-05-12/a> | Xavier Mertens | Massive wave of ransomware ongoing |
| 2017-05-10/a> | Johannes Ullrich | Read This If You Are Using a Script to Pull Data From This Site |
| 2017-05-08/a> | Renato Marinho | Exploring a P2P Transient Botnet - From Discovery to Enumeration |
| 2017-05-06/a> | Xavier Mertens | The story of the CFO and CEO... |
| 2017-05-06/a> | Russell Eubanks | What Can You Learn On Your Own? |
| 2017-05-05/a> | Xavier Mertens | HTTP Headers... the Achilles' heel of many applications |
| 2017-05-03/a> | Bojan Zdrnja | Powershelling with exploits |
| 2017-05-03/a> | Bojan Zdrnja | OAUTH phishing against Google Docs ? beware! |
| 2017-05-02/a> | Richard Porter | Do you have Intel AMT? Then you have a problem today! Intel Active Management Technology INTEL-SA-00075 |
| 2017-04-28/a> | Xavier Mertens | Another Day, Another Obfuscation Technique |
| 2017-04-28/a> | Russell Eubanks | KNOW before NO |
| 2017-04-26/a> | Johannes Ullrich | If there are some unexploited MSSQL Servers With Weak Passwords Left: They got you now (again) |
| 2017-04-23/a> | Didier Stevens | Malicious Documents: A Bit Of News |
| 2017-04-22/a> | Jim Clausing | WTF tcp port 81 |
| 2017-04-21/a> | Xavier Mertens | Analysis of a Maldoc with Multiple Layers of Obfuscation |
| 2017-04-20/a> | Xavier Mertens | DNS Query Length... Because Size Does Matter |
| 2017-04-19/a> | Xavier Mertens | Hunting for Malicious Excel Sheets |
| 2017-04-18/a> | Johannes Ullrich | Yet Another Apple Phish and Some DNS Lessons Learned From It |
| 2017-04-14/a> | Rick Wanner | Wireshark 2.2.6 available -> https://www.wireshark.org/docs/relnotes/wireshark-2.2.6.html |
| 2017-04-13/a> | Rob VandenBrink | Packet Captures Filtered by Process |
| 2017-04-12/a> | Brad Duncan | Malspam on 2017-04-11 pushes yet another ransomware variant |
| 2017-04-11/a> | Brad Duncan | Dridex malspam seen on Monday 2017-04-10 |
| 2017-04-10/a> | Didier Stevens | Password History: Insights Shared by a Reader |
| 2017-04-07/a> | Xavier Mertens | Tracking Website Defacers with HTTP Referers |
| 2017-04-05/a> | Xavier Mertens | Whitelists: The Holy Grail of Attackers |
| 2017-04-02/a> | Guy Bruneau | IPFire - A Household Multipurpose Security Gateway |
| 2017-03-30/a> | Xavier Mertens | Diverting built-in features for the bad |
| 2017-03-29/a> | Xavier Mertens | Critical VMware vulnerabilities disclosed |
| 2017-03-28/a> | Xavier Mertens | Logical & Physical Security Correlation |
| 2017-03-25/a> | Russell Eubanks | Distraction as a Service |
| 2017-03-24/a> | Xavier Mertens | Nicely Obfuscated JavaScript Sample |
| 2017-03-19/a> | Xavier Mertens | Searching for Base64-encoded PE Files |
| 2017-03-18/a> | Xavier Mertens | Example of Multiple Stages Dropper |
| 2017-03-14/a> | Johannes Ullrich | February and March Microsoft Patch Tuesday |
| 2017-03-12/a> | Guy Bruneau | Honeypot Logs and Tracking a VBE Script |
| 2017-03-11/a> | Russell Eubanks | What's On Your Not To Do List? |
| 2017-03-10/a> | Xavier Mertens | The Side Effect of GeoIP Filters |
| 2017-03-08/a> | Xavier Mertens | Not All Malware Samples Are Complex |
| 2017-03-06/a> | Renato Marinho | A very convincing Typosquatting + Social Engineering campaign is targeting Santander corporate customers in Brazil |
| 2017-03-05/a> | Didier Stevens | Another example of maldoc string obfuscation, with extra bonus: UAC bypass |
| 2017-03-04/a> | Xavier Mertens | How your pictures may affect your website reputation |
| 2017-03-03/a> | Lorna Hutcheson | BitTorrent or Something Else? |
| 2017-03-01/a> | Bojan Zdrnja | SSL/TLS on port 389. Say what? |
| 2017-02-28/a> | Johannes Ullrich | My Catch Of 4 Months In The Amazon IP Address Space |
| 2017-02-28/a> | Xavier Mertens | Amazon S3 Outage |
| 2017-02-28/a> | Xavier Mertens | Analysis of a Simple PHP Backdoor |
| 2017-02-26/a> | Guy Bruneau | It is Tax Season - Watch out for Suspicious Attachment |
| 2017-02-26/a> | Didier Stevens | CRA Maldoc Analysis |
| 2017-02-24/a> | Rick Wanner | Cloudflare data leak...what does it mean to me? |
| 2017-02-17/a> | Rob VandenBrink | RTRBK - Router / Switch / Firewall Backups in PowerShell (tool drop) |
| 2017-02-15/a> | Xavier Mertens | How was your stay at the Hotel La Playa? |
| 2017-02-14/a> | Johannes Ullrich | Microsoft Patch Tuesday Delayed |
| 2017-02-12/a> | Xavier Mertens | Analysis of a Suspicious Piece of JavaScript |
| 2017-02-10/a> | Brad Duncan | Hancitor/Pony malspam |
| 2017-02-09/a> | Brad Duncan | CryptoShield Ransomware from Rig EK |
| 2017-02-07/a> | Johannes Ullrich | My Password is [taco] Using Emojis for Stronger Passwords |
| 2017-02-05/a> | Xavier Mertens | Many Malware Samples Found on Pastebin |
| 2017-02-04/a> | Xavier Mertens | Detecting Undisclosed Vulnerabilities with Security Tools & Features |
| 2017-02-03/a> | Lorna Hutcheson | Cisco - Issue with Clock Signal Component |
| 2017-02-01/a> | Xavier Mertens | Quick Analysis of Data Left Available by Attackers |
| 2017-01-31/a> | Johannes Ullrich | Malicious Office files using fileless UAC bypass to drop KEYBASE malware |
| 2017-01-31/a> | Johannes Ullrich | VMWare Security Advisory for AirWatch http://www.vmware.com/security/advisories/VMSA-2017-0001.html |
| 2017-01-30/a> | Didier Stevens | py2exe Decompiling - Part 2 |
| 2017-01-28/a> | Lorna Hutcheson | Packet Analysis - Where do you start? |
| 2017-01-26/a> | Xavier Mertens | IOC's: Risks of False Positive Alerts Flood Ahead |
| 2017-01-24/a> | Xavier Mertens | Malicious SVG Files in the Wild |
| 2017-01-18/a> | Rob VandenBrink | Making Windows 10 a bit less "Creepy" - Common Privacy Settings |
| 2017-01-14/a> | Xavier Mertens | Backup Files Are Good but Can Be Evil |
| 2017-01-13/a> | Xavier Mertens | Who's Attacking Me? |
| 2017-01-11/a> | Johannes Ullrich | January 2017 Edition of Ouch! Security Awareness Newsletter Released: https://securingthehuman.sans.org/ouch |
| 2017-01-10/a> | Johannes Ullrich | Realtors Be Aware: You Are a Target |
| 2017-01-10/a> | Johannes Ullrich | Port 37777 "MapTable" Requests |
| 2017-01-10/a> | Johannes Ullrich | January 2017 Microsoft Patch Tuesday |
| 2017-01-06/a> | John Bambenek | Great Misadventures of Security Vendors: Absurd Sandboxing Edition |
| 2017-01-06/a> | John Bambenek | Ransomware Operators Cold Calling UK Schools to Get Malware Through |
| 2017-01-05/a> | John Bambenek | New Year's Resolution: Build Your Own Malware Lab? |
| 2017-01-01/a> | Didier Stevens | py2exe Decompiling - Part 1 |
| 2016-12-31/a> | Xavier Mertens | Ongoing Scans Below the Radar |
| 2016-12-27/a> | Guy Bruneau | Using daemonlogger as a Software Tap |
| 2016-12-26/a> | Russ McRee | Critical security update: PHPMailer 5.2.20 (CVE-2016-10045) |
| 2016-12-24/a> | Didier Stevens | Pinging All The Way |
| 2016-12-19/a> | John Bambenek | UPDATED x1: Mirai Scanning for Port 6789 Looking for New Victims / Now hitting tcp/23231 |
| 2016-12-13/a> | Xavier Mertens | UAC Bypass in JScript Dropper |
| 2016-12-11/a> | Russ McRee | Steganography in Action: Image Steganography & StegExpose |
| 2016-12-10/a> | Didier Stevens | Sleeping VBS Really Wants To Sleep |
| 2016-12-09/a> | Rick Wanner | Mirai - now with DGA |
| 2016-12-07/a> | Xavier Mertens | The Passwords You Should Never Use |
| 2016-12-06/a> | Bojan Zdrnja | Attacking NoSQL applications |
| 2016-12-05/a> | Didier Stevens | Hancitor Maldoc Videos |
| 2016-11-27/a> | Russ McRee | Scapy vs. CozyDuke |
| 2016-11-25/a> | Xavier Mertens | Free Software Quick Security Checklist |
| 2016-11-24/a> | Didier Stevens | Extracting Shellcode From JavaScript |
| 2016-11-23/a> | Tom Webb | Mapping Attack Methodology to Controls |
| 2016-11-23/a> | Tom Webb | Vmware Patches VMSA-2016-0005.5, VMSA-2016-0018.3 and VMSA-2016-0021 |
| 2016-11-22/a> | Didier Stevens | Update:ZIP With Comment |
| 2016-11-20/a> | Pasquale Stirparo | How many “Epoch” times? Epocalypse.py timestamp converter |
| 2016-11-18/a> | Brad Duncan | Wireshark update: version 2.2.2 (stable release) and 2.0.8 (old stable release) - https://www.wireshark.org/download.html |
| 2016-11-18/a> | Didier Stevens | VBA Shellcode and Windows 10 |
| 2016-11-16/a> | Xavier Mertens | Example of Getting Analysts & Researchers Away |
| 2016-11-12/a> | Didier Stevens | VBA Shellcode and EMET |
| 2016-11-11/a> | Rick Wanner | Benevolent malware? reincarna/Linux.Wifatch |
| 2016-11-05/a> | Xavier Mertens | Full Packet Capture for Dummies |
| 2016-11-02/a> | Rob VandenBrink | What Does a Pentest Look Like? |
| 2016-10-30/a> | Pasquale Stirparo | Volatility Bot: Automated Memory Analysis |
| 2016-10-26/a> | Johannes Ullrich | New VMWare Security Advisory: VMSA-2016-0017 Information Disclosure in VMWare Fusion and VMWare Tools https://www.vmware.com/security/advisories/VMSA-2016-0017.html |
| 2016-10-26/a> | Johannes Ullrich | Critical Flash Player Update APSB16-36 |
| 2016-10-25/a> | Xavier Mertens | Another Day, Another Spam... |
| 2016-10-23/a> | Johannes Ullrich | ISC Briefing: Large DDoS Attack Against Dyn |
| 2016-10-19/a> | Xavier Mertens | Spam Delivered via .ICS Files |
| 2016-10-17/a> | Didier Stevens | Maldoc VBA Anti-Analysis: Video |
| 2016-10-16/a> | Didier Stevens | Analyzing Office Maldocs With Decoder.xls |
| 2016-10-15/a> | Didier Stevens | Maldoc VBA Anti-Analysis |
| 2016-10-10/a> | Didier Stevens | Radare2: rahash2 |
| 2016-10-08/a> | Russell Eubanks | Unauthorized Change Detected! |
| 2016-10-07/a> | Rick Wanner | First Hurricane Matthew related Phish |
| 2016-10-02/a> | Guy Bruneau | Is there an Infosec Cybersecurity Talent Shortage? |
| 2016-09-30/a> | Xavier Mertens | Another Day, Another Malicious Behaviour |
| 2016-09-28/a> | Xavier Mertens | SNMP Pwn3ge |
| 2016-09-26/a> | Didier Stevens | VBA and P-code |
| 2016-09-25/a> | Pasquale Stirparo | Defining Threat Intelligence Requirements |
| 2016-09-22/a> | Rick Wanner | YAHDD! (Yet another HUGE data Breach!) |
| 2016-09-15/a> | Xavier Mertens | In Need of a OTP Manager Soon? |
| 2016-09-13/a> | Rob VandenBrink | If it's Free, YOU are the Product |
| 2016-09-13/a> | Rob VandenBrink | Apple iOS 10 and 10.0.1 Released |
| 2016-09-13/a> | Rob VandenBrink | Microsoft Patch Tuesday Analysis |
| 2016-09-10/a> | Xavier Mertens | Ongoing IMAP Scan, Anyone Else? |
| 2016-09-09/a> | Xavier Mertens | Collecting Users Credentials from Locked Devices |
| 2016-09-05/a> | Xavier Mertens | Malware Delivered via '.pub' Files |
| 2016-09-04/a> | Russ McRee | Kali Linux 2016.2 Release: https://www.kali.org/news/kali-linux-20162-release/ |
| 2016-09-02/a> | Johannes Ullrich | Apple Patches "Trident" Vulnerabilities in OS X / Safari |
| 2016-09-01/a> | Xavier Mertens | Maxmind.com (Ab)used As Anti-Analysis Technique |
| 2016-08-31/a> | Deborah Hale | Dropbox Breach |
| 2016-08-31/a> | Deborah Hale | Cisco Security Advisories Issued |
| 2016-08-31/a> | Deborah Hale | Angler Exploit Kits Reported |
| 2016-08-29/a> | Russ McRee | Recommended Reading: Intrusion Detection Using Indicators of Compromise Based on Best Practices and Windows Event Logs |
| 2016-08-28/a> | Guy Bruneau | Spam with Obfuscated Javascript |
| 2016-08-25/a> | Xavier Mertens | Out-of-Band iOS Patch Fixes 0-Day Vulnerabilities |
| 2016-08-24/a> | Xavier Mertens | Example of Targeted Attack Through a Proxy PAC File |
| 2016-08-23/a> | Xavier Mertens | Voice Message Notifications Deliver Ransomware |
| 2016-08-22/a> | Russ McRee | Red Team Tools Updates: hashcat and SpiderFoot |
| 2016-08-21/a> | Rick Wanner | Cisco ASA SNMP Remote Code Execution Vulnerability |
| 2016-08-20/a> | Russell Eubanks | What are YOU doing to give back to the security community? |
| 2016-08-19/a> | Xavier Mertens | Data Classification For the Masses |
| 2016-08-14/a> | Guy Bruneau | vRealize Log Insight directory traversal vulnerability - http://www.vmware.com/security/advisories/VMSA-2016-0011.html |
| 2016-08-11/a> | Pasquale Stirparo | Looking for the insider: Forensic Artifacts on iOS Messaging App |
| 2016-08-06/a> | Didier Stevens | rtfdump |
| 2016-08-01/a> | Daniel Wesemann | Are you getting I-CANNED ? |
| 2016-07-31/a> | Pasquale Stirparo | Sharing (intel) is caring... or not? |
| 2016-07-30/a> | Didier Stevens | rtfobj |
| 2016-07-29/a> | Didier Stevens | Malicious RTF Files |
| 2016-07-27/a> | Xavier Mertens | Analyze of a Linux botnet client source code |
| 2016-07-27/a> | Xavier Mertens | Critical Xen PV guests vulnerabilities |
| 2016-07-26/a> | Johannes Ullrich | Command and Control Channels Using "AAAA" DNS Records |
| 2016-07-25/a> | Didier Stevens | Python Malware - Part 4 |
| 2016-07-21/a> | Didier Stevens | Practice ntds.dit File |
| 2016-07-19/a> | Didier Stevens | Office Maldoc: Let's Focus on the VBA Macros Later... |
| 2016-07-16/a> | Didier Stevens | Python Malware - Part 3 |
| 2016-07-15/a> | Xavier Mertens | Name All the Things! |
| 2016-07-13/a> | Xavier Mertens | Drupal: Patch released today to fix a highly critical RCE in contributed modules |
| 2016-07-12/a> | Johannes Ullrich | Microsoft Patch Tuesday Summary for July 2016 |
| 2016-07-12/a> | Xavier Mertens | Hunting for Malicious Files with MISP + OSSEC |
| 2016-07-08/a> | Mark Hofman | Malware being distributed pretending to be from AU Fedcourts |
| 2016-07-07/a> | Johannes Ullrich | Patchwork: Is it still "Advanced" if all you have to do is Copy/Paste? |
| 2016-07-05/a> | Johannes Ullrich | Apache Update: TLS Certificate Authentication Bypass with HTTP/2 (CVE-2016-4979) |
| 2016-07-03/a> | Guy Bruneau | Is Data Privacy part of your Company's Culture? |
| 2016-06-29/a> | Xavier Mertens | Phishing Campaign with Blurred Images |
| 2016-06-26/a> | Rick Wanner | Bart - a new Ransomware |
| 2016-06-23/a> | Russell Eubanks | An Approach to Vulnerability Management |
| 2016-06-22/a> | Bojan Zdrnja | Security through obscurity never works |
| 2016-06-20/a> | Xavier Mertens | Using Your Password Manager to Monitor Data Leaks |
| 2016-06-20/a> | Xavier Mertens | Ongoing Spam Campaign Related to Swift |
| 2016-06-18/a> | Rob VandenBrink | Controlling JavaScript Malware Before it Runs |
| 2016-06-17/a> | Johannes Ullrich | Critical Adobe Flash Update. Patch Now |
| 2016-06-15/a> | Richard Porter | Warp Speed Ahead, L7 Open Source Packet Generator: Warp17 |
| 2016-06-03/a> | Tom Liston | MySQL is YourSQL |
| 2016-06-01/a> | Xavier Mertens | Docker Containers Logging |
| 2016-05-29/a> | Guy Bruneau | Analysis of a Distributed Denial of Service (DDoS) |
| 2016-05-28/a> | Russell Eubanks | Applied Lessons Learned |
| 2016-05-26/a> | Xavier Mertens | Keeping an Eye on Tor Traffic |
| 2016-05-25/a> | Rick Wanner | VMWare Security Advisories |
| 2016-05-21/a> | Didier Stevens | Python Malware - Part 2 |
| 2016-05-19/a> | Rick Wanner | TeslaCrypt closes down...Releases master decryption key |
| 2016-05-18/a> | Russ McRee | Resources: Windows Auditing & Monitoring, Linux 2FA |
| 2016-05-16/a> | Rick Wanner | An oldie but a goodie - 419 Death Scam |
| 2016-05-15/a> | Didier Stevens | Python Malware - Part 1 |
| 2016-05-14/a> | Guy Bruneau | INetSim as a Basic Honeypot |
| 2016-05-13/a> | Xavier Mertens | MISP - Malware Information Sharing Platform |
| 2016-05-12/a> | Xavier Mertens | Another Day, Another Wave of Phishing Emails |
| 2016-05-12/a> | Xavier Mertens | Adobe Released Updates to Fix Critical Vulnerability |
| 2016-05-08/a> | Jim Clausing | Guest Diary: Linux Capabilities - A friend and foe |
| 2016-05-05/a> | Xavier Mertens | Microsoft BITS Used to Download Payloads |
| 2016-05-02/a> | Rick Wanner | Fake Chrome update for Android |
| 2016-05-02/a> | Rick Wanner | Lean Threat Intelligence |
| 2016-04-29/a> | Rob VandenBrink | Sysinternals Updated today - Updates to Sysmon, Procdump and Sigcheck. https://blogs.technet.microsoft.com/sysinternals/2016/04/28/update-sysmon-v4-procdump-v8-sigcheck-v2-51/ |
| 2016-04-29/a> | Mark Hofman | New release of PCI DSS (version 3.2) is available |
| 2016-04-27/a> | Tom Webb | Kippos Cousin Cowrie |
| 2016-04-25/a> | Guy Bruneau | Highlights from the 2016 HPE Annual Cyber Threat Report |
| 2016-04-21/a> | Daniel Wesemann | Decoding Pseudo-Darkleech (#1) |
| 2016-04-21/a> | Daniel Wesemann | Decoding Pseudo-Darkleech (Part #2) |
| 2016-04-15/a> | Xavier Mertens | Windows Command Line Persistence? |
| 2016-04-11/a> | John Bambenek | Tool Released to Decrypt Petya Ransomware Infected Disks |
| 2016-04-10/a> | Didier Stevens | Handling Malware Samples |
| 2016-04-06/a> | Bojan Zdrnja | YAFP (Yet Another Flash Patch) |
| 2016-04-02/a> | Russell Eubanks | Why Can't We Be Friends? |
| 2016-04-01/a> | John Bambenek | Tips for Stopping Ransomware |
| 2016-03-29/a> | Didier Stevens | VBE: Encoded VBS Script |
| 2016-03-28/a> | Xavier Mertens | Improving Bash Forensics Capabilities |
| 2016-03-23/a> | Bojan Zdrnja | Abusing Oracles |
| 2016-03-09/a> | Rob VandenBrink | A Wall Against Cryptowall? Some Tips for Preventing Ransomware |
| 2016-03-08/a> | Rick Wanner | Critical Adobe Updates - March 2016 |
| 2016-03-07/a> | Xavier Mertens | Another Malicious Document, Another Way to Deliver Malicious Code |
| 2016-03-07/a> | Xavier Mertens | OSX Ransomware Spread via a Rogue BitTorrent Client Installer |
| 2016-03-06/a> | Jim Clausing | Novel method for slowing down Locky on Samba server using fail2ban |
| 2016-02-28/a> | Guy Bruneau | RFC 6598 - Carrier Grade NAT |
| 2016-02-27/a> | Guy Bruneau | Wireshark Fixes Several Bugs and Vulnerabilities |
| 2016-02-27/a> | Guy Bruneau | OpenSSL Security Update Planned for 1 March Release |
| 2016-02-26/a> | Xavier Mertens | Quick Audit of *NIX Systems |
| 2016-02-24/a> | Xavier Mertens | Analyzis of a Malicious .lnk File with an Embedded Payload |
| 2016-02-23/a> | Xavier Mertens | VMware VMSA-2016-0002 |
| 2016-02-22/a> | Xavier Mertens | Reducing False Positives with Open Data Sources |
| 2016-02-21/a> | Didier Stevens | Tip: Quick Analysis of Office Maldoc |
| 2016-02-20/a> | Didier Stevens | Locky: JavaScript Deobfuscation |
| 2016-02-18/a> | Xavier Mertens | Hunting for Executable Code in Windows Environments |
| 2016-02-13/a> | Guy Bruneau | VMware VMSA-2015-0007.3 has been Re-released |
| 2016-02-11/a> | Tom Webb | Tomcat IR with XOR.DDoS |
| 2016-02-09/a> | Johannes Ullrich | Microsoft February 2016 Patch Tuesday |
| 2016-02-09/a> | Johannes Ullrich | Adobe Patch Tuesday - February 2016 |
| 2016-02-07/a> | Xavier Mertens | More Malicious JavaScript Obfuscation |
| 2016-02-03/a> | Xavier Mertens | Automating Vulnerability Scans |
| 2016-02-02/a> | Johannes Ullrich | Targeted IPv6 Scans Using pool.ntp.org . |
| 2016-01-30/a> | Xavier Mertens | All CVE Details at Your Fingertips |
| 2016-01-29/a> | Xavier Mertens | Scripting Web Categorization |
| 2016-01-26/a> | Rob VandenBrink | Pentest Time Machine: NMAP + Powershell + whatever tool is next |
| 2016-01-25/a> | Rob VandenBrink | Assessing Remote Certificates with Powershell |
| 2016-01-24/a> | Didier Stevens | Obfuscated MIME Files |
| 2016-01-23/a> | Didier Stevens | Sigcheck and VirusTotal for Offline Machine |
| 2016-01-21/a> | Jim Clausing | Scanning for Fortinet ssh backdoor |
| 2016-01-20/a> | Xavier Mertens | /tmp, %TEMP%, ~/Desktop, T:\, ... A goldmine for pentesters! |
| 2016-01-15/a> | Xavier Mertens | JavaScript Deobfuscation Tool |
| 2016-01-13/a> | Alex Stanford | You Have Got a New Audio Message - Guest Diary by Pasquale Stirparo |
| 2016-01-12/a> | Alex Stanford | January 2016 Microsoft Patch Tuesday |
| 2016-01-11/a> | Didier Stevens | BlackEnergy .XLS Dropper |
| 2016-01-10/a> | Jim Clausing | VMware security update |
| 2016-01-09/a> | Xavier Mertens | Virtual Bitlocker Containers |
| 2016-01-05/a> | Guy Bruneau | What are you Concerned the Most in 2016? |
| 2016-01-01/a> | Didier Stevens | Failure Is An Option |
| 2015-12-29/a> | Daniel Wesemann | New Years Resolutions |
| 2015-12-28/a> | Rick Wanner | Adobe Flash and Adobe AIR Updates - https://helpx.adobe.com/security/products/flash-player/apsb16-01.html |
| 2015-12-26/a> | Didier Stevens | Malfunctioning Malware |
| 2015-12-24/a> | Xavier Mertens | Unity Makes Strength |
| 2015-12-23/a> | Rob VandenBrink | Libraries and Dependencies - It Really is Turtles All The Way Down! |
| 2015-12-21/a> | Daniel Wesemann | Critical Security Controls: Getting to know the unknown |
| 2015-12-19/a> | Russell Eubanks | VMWare Security Advisory |
| 2015-12-17/a> | Alex Stanford | When Hunting BeEF, Yara rules (Part 2) |
| 2015-12-16/a> | Xavier Mertens | Playing With Sandboxes Like a Boss |
| 2015-12-15/a> | Russ McRee | Security Management vs Chaos: Understanding the Butterfly Effect to Manage Outcomes & Reduce Chaos |
| 2015-12-14/a> | Russ McRee | AD Security's Unofficial Guide to Mimikatz & Command Reference |
| 2015-12-13/a> | Didier Stevens | Use The Privilege |
| 2015-12-12/a> | Russell Eubanks | What Signs Are You Missing? |
| 2015-12-10/a> | Rob VandenBrink | Uninstalling Problem Applications using Powershell |
| 2015-12-10/a> | Rob VandenBrink | New Burp Feature - ClickBandit |
| 2015-12-08/a> | Johannes Ullrich | December 2015 Microsoft Patch Tuesday |
| 2015-12-06/a> | Mark Hofman | Malware SPAM a new run has started. |
| 2015-12-05/a> | Guy Bruneau | Are you looking to setup your own Malware Sandbox? |
| 2015-12-04/a> | Tom Webb | Automating Phishing Analysis using BRO |
| 2015-11-22/a> | Guy Bruneau | OpenDNS Research Used to Predict Threat |
| 2015-11-21/a> | Didier Stevens | Maldoc Social Engineering Trick |
| 2015-11-21/a> | Guy Bruneau | Nmap 7.00 is out! |
| 2015-11-10/a> | Johannes Ullrich | November 2015 Microsoft Patch Tuesday |
| 2015-11-09/a> | John Bambenek | ICYMI: Widespread Unserialize Vulnerability in Java |
| 2015-11-09/a> | John Bambenek | Protecting Users and Enterprises from the Mobile Malware Threat |
| 2015-11-08/a> | Rick Wanner | DNS Reconnaissance using nmap |
| 2015-11-07/a> | Didier Stevens | Ransomware & Entropy: Your Turn -> Solution |
| 2015-11-04/a> | Richard Porter | Application Aware and Critical Control 2 |
| 2015-11-04/a> | Johannes Ullrich | Internet Wide Scanners Wanted |
| 2015-10-30/a> | Didier Stevens | Ransomware & Entropy: Your Turn |
| 2015-10-27/a> | Xavier Mertens | The "Yes, but..." syndrome |
| 2015-10-18/a> | Russell Eubanks | Security Awareness for Security Professionals |
| 2015-10-18/a> | Didier Stevens | Ransomware & Entropy |
| 2015-10-17/a> | Russell Eubanks | CIS Critical Security Controls - Version 6.0 |
| 2015-10-16/a> | Alex Stanford | Adobe Flash Update |
| 2015-10-13/a> | Alex Stanford | October 2015 Microsoft Patch Tuesday |
| 2015-10-13/a> | Alex Stanford | Adobe Updates Acrobat and Adobe Reader |
| 2015-10-12/a> | Guy Bruneau | Data Visualization,What is your Tool of Choice? |
| 2015-10-12/a> | Guy Bruneau | Critical Vulnerability in Multiple Cisco Products - Apache Struts 2 Command Execution http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2 |
| 2015-10-09/a> | Guy Bruneau | Adobe Acrobat and Reader Pre-Announcement |
| 2015-09-29/a> | Pedro Bueno | Tricks for DLL analysis |
| 2015-09-28/a> | Johannes Ullrich | "Transport of London" Malicious E-Mail |
| 2015-09-23/a> | Daniel Wesemann | Making our users unlearn what we taught them |
| 2015-09-21/a> | Xavier Mertens | Detecting XCodeGhost Activity |
| 2015-09-19/a> | Didier Stevens | Don't launch that file Adobe Reader! |
| 2015-09-08/a> | Lenny Zeltser | A Close Look at PayPal Overpayment Scams That Target Craigslist Sellers |
| 2015-09-08/a> | Johannes Ullrich | September 2015 Microsoft Patch Tuesday |
| 2015-09-03/a> | Xavier Mertens | Querying the DShield API from RTIR |
| 2015-09-01/a> | Daniel Wesemann | How to hack |
| 2015-09-01/a> | Daniel Wesemann | Encryption of "data at rest" in servers |
| 2015-09-01/a> | Daniel Wesemann | Gift card from Marriott? |
| 2015-08-31/a> | Xavier Mertens | Detecting file changes on Microsoft systems with FCIV |
| 2015-08-28/a> | Didier Stevens | Test File: PDF With Embedded DOC Dropping EICAR |
| 2015-08-26/a> | Didier Stevens | PDF + maldoc1 = maldoc2 |
| 2015-08-17/a> | Russ McRee | Tool Tip: Kansa Stafford released, PowerShell for DFIR |
| 2015-08-16/a> | Guy Bruneau | Are you a "Hunter"? |
| 2015-08-12/a> | Rob VandenBrink | Windows Service Accounts - Why They're Evil and Why Pentesters Love them! |
| 2015-08-12/a> | Rob VandenBrink | Wireshark 1.12.7 is released, multiple fixes. Find the release notes at: https://www.wireshark.org/docs/relnotes/wireshark-1.12.7.html and the binaries at: https://www.wireshark.org/download.html |
| 2015-08-11/a> | Manuel Humberto Santander Pelaez | August 2015 Microsoft Patch Tuesday |
| 2015-08-07/a> | Tony Carothers | Critical Firefox Update Today |
| 2015-08-06/a> | Didier Stevens | Sigcheck and virustotal-search |
| 2015-07-31/a> | Russ McRee | Tech tip: Invoke a system command in R |
| 2015-07-31/a> | Russ McRee | Tech tip follow-up: Using the data Invoked with R's system command |
| 2015-07-28/a> | Rick Wanner | Android Stagefright multimedia viewer prone to remote exploitation |
| 2015-07-27/a> | Daniel Wesemann | Angler's best friends |
| 2015-07-23/a> | Mark Hofman | Some more 0-days from ZDI |
| 2015-07-21/a> | Didier Stevens | Searching Through the VirusTotal Database |
| 2015-07-18/a> | Russell Eubanks | The Value a "Fresh Set Of Eyes" (FSOE) |
| 2015-07-17/a> | Didier Stevens | Process Explorer and VirusTotal |
| 2015-07-17/a> | Didier Stevens | Autoruns and VirusTotal |
| 2015-07-17/a> | Didier Stevens | Sigcheck and VirusTotal |
| 2015-07-15/a> | Richard Porter | Always Check Your References (Cheat Sheets to the Rescue) |
| 2015-07-14/a> | Johannes Ullrich | Adobe Updates Flash Player, Shockwave and PDF Reader |
| 2015-07-14/a> | Johannes Ullrich | July 2015 Microsoft Patch Tuesday |
| 2015-07-12/a> | Rick Wanner | Another Adobe Flash Zero Day http://www.kb.cert.org/vuls/id/338736 |
| 2015-07-05/a> | Didier Stevens | Working with base64 |
| 2015-07-03/a> | Didier Stevens | Analyzing Quarantine Files |
| 2015-06-29/a> | Rob VandenBrink | The Powershell Diaries 2 - Software Inventory |
| 2015-06-28/a> | Didier Stevens | The EICAR Test File |
| 2015-06-26/a> | Daniel Wesemann | Cisco default credentials - again! |
| 2015-06-24/a> | Rob VandenBrink | The Powershell Diaries - Finding Problem User Accounts in AD |
| 2015-06-23/a> | Kevin Shortt | Adobe Flash Player Update - https://helpx.adobe.com/security/products/flash-player/apsb15-14.html |
| 2015-06-22/a> | Johannes Ullrich | SMTP Brute Forcing |
| 2015-06-18/a> | Johannes Ullrich | OS X and iOS Unauthorized Cross Application Resource Access (XARA) |
| 2015-06-16/a> | John Bambenek | CVE-2014-4114 and an Interesting AV Bypass Technique |
| 2015-06-09/a> | Johannes Ullrich | Microsoft Patch Tuesday Summary for June 2015 |
| 2015-06-02/a> | Alex Stanford | Guest Diary: Xavier Mertens - Playing with IP Reputation with Dshield & OSSEC |
| 2015-06-01/a> | Tom Webb | Submit Dshield ASA Logs |
| 2015-05-29/a> | Russell Eubanks | Trust But Verify |
| 2015-05-27/a> | Tom Webb | SYSINTERNALS Update(AccessChk v6.0, Autoruns v13.4, Process Monitor v3.2, VMMap v3.2) |
| 2015-05-23/a> | Guy Bruneau | Business Value in "Big Data" |
| 2015-05-20/a> | Brad Duncan | Logjam - vulnerabilities in Diffie-Hellman key exchange affect browsers and servers using TLS |
| 2015-05-15/a> | Didier Stevens | Another Maldoc? I'm Afraid So... |
| 2015-05-14/a> | Daniel Wesemann | Oh Bloat! |
| 2015-05-12/a> | Johannes Ullrich | May 2015 Microsoft Patch Tuesday Summary |
| 2015-05-10/a> | Didier Stevens | Wireshark TCP Flags: How To Install On Windows Video |
| 2015-05-09/a> | Didier Stevens | Malicious Word Document: This Time The Maldoc Is A MIME File |
| 2015-05-07/a> | Chris Mohan | Security Awareness? How do you keep your staff safe? |
| 2015-05-03/a> | Russ McRee | VolDiff, for memory image differential analysis |
| 2015-04-30/a> | Brad Duncan | Dalexis/CTB-Locker malspam campaign |
| 2015-04-29/a> | Daniel Wesemann | UDP/3478 to Amazon 54.84.9.242 -- got packets? (solved) |
| 2015-04-28/a> | Daniel Wesemann | Scammy Nepal earthquake donation requests |
| 2015-04-27/a> | Richard Porter | When Prevention Fails, Incident Response Begins |
| 2015-04-24/a> | Basil Alawi S.Taher | Fileless Malware |
| 2015-04-23/a> | Bojan Zdrnja | When automation does not help |
| 2015-04-14/a> | Alex Stanford | Microsoft Patch Tuesday - April 2015 |
| 2015-04-10/a> | Didier Stevens | The Kill Chain: Now With Pastebin |
| 2015-04-09/a> | Brad Duncan | An example of the malicious emails sometimes sent to the ISC handler addresses |
| 2015-04-08/a> | Tom Webb | Is it a breach or not? |
| 2015-04-06/a> | Guy Bruneau | 'Dead Drops' Hidden USB Sticks Around the World |
| 2015-04-05/a> | Didier Stevens | Wireshark TCP Flags |
| 2015-04-04/a> | Didier Stevens | VMware Product Updates Address Critical Information Disclosure Issue In JRE |
| 2015-04-02/a> | Brad Duncan | Angler Exploit Kit - Recent Traffic Patterns |
| 2015-03-30/a> | Didier Stevens | YARA Rules For Shellcode |
| 2015-03-26/a> | Daniel Wesemann | Pin-up on your Smartphone! |
| 2015-03-23/a> | Rick Wanner | Interesting Home Depot Spam |
| 2015-03-21/a> | Russell Eubanks | Have you seen my personal information? It has been lost. Again. |
| 2015-03-18/a> | Daniel Wesemann | New SANS memory forensics poster |
| 2015-03-18/a> | Daniel Wesemann | Pass the hash! |
| 2015-03-17/a> | Didier Stevens | From PEiD To YARA |
| 2015-03-16/a> | Johannes Ullrich | Automatically Documenting Network Connections From New Devices Connected to Home Networks |
| 2015-03-14/a> | Didier Stevens | Maldoc VBA Sandbox/Virtualization Detection |
| 2015-03-13/a> | Guy Bruneau | Blind SQL Injection against WordPress SEO by Yoast |
| 2015-03-12/a> | Johannes Ullrich | Who got the bad SSL Certificate? Using tshark to analyze the SSL handshake. |
| 2015-03-11/a> | Rob VandenBrink | Apple iTunes Store is seeing an extended outage (11 Mar) - watch https://www.apple.com/support/systemstatus/ for status changes. (12 Mar) - service restored, all green! |
| 2015-03-10/a> | Johannes Ullrich | Microsoft March Patch Tuesday |
| 2015-03-08/a> | Brad Duncan | What Happened to You, Asprox Botnet? |
| 2015-03-07/a> | Guy Bruneau | Should it be Mandatory to have an Independent Security Audit after a Breach? |
| 2015-03-01/a> | Rick Wanner | Advisory: Seagate NAS Remote Code Execution |
| 2015-02-27/a> | Rick Wanner | Tails 1.3 released - https://tails.boum.org/news/version_1.3/index.en.html |
| 2015-02-27/a> | Rick Wanner | Let's Encrypt! |
| 2015-02-26/a> | Johannes Ullrich | New Feature: Subnet Report |
| 2015-02-23/a> | Richard Porter | Subscribing to the DShield Top 20 on a Palo Alto Networks Firewall |
| 2015-02-22/a> | Russell Eubanks | Leave Things Better Than When You Found Them |
| 2015-02-20/a> | Tom Webb | Fast analysis of a Tax Scam |
| 2015-02-19/a> | Daniel Wesemann | Macros? Really?! |
| 2015-02-19/a> | Daniel Wesemann | DNS-based DDoS |
| 2015-02-17/a> | Rob VandenBrink | oclHashcat 1.33 Released |
| 2015-02-17/a> | Rob VandenBrink | A Different Kind of Equation |
| 2015-02-13/a> | Johannes Ullrich | Microsoft February Patch Failures Continue: KB3023607 vs. Cisco AnyConnect Client |
| 2015-02-12/a> | Johannes Ullrich | Did You Remove That Debug Code? Netatmo Weather Station Sending WPA Passphrase in the Clear |
| 2015-02-11/a> | Johannes Ullrich | Microsoft Hardens GPO by Fixing Two Serious Vulnerabilities. |
| 2015-02-10/a> | Mark Baggett | Detecting Mimikatz Use On Your Network |
| 2015-02-10/a> | Mark Baggett | Microsoft Update Advisory for February 2015 |
| 2015-02-09/a> | Chris Mohan | Backups are part of the overall business continuity and disaster recovery plan |
| 2015-02-08/a> | Rob VandenBrink | Raising the "Creep Factor" in License Agreements |
| 2015-02-06/a> | Johannes Ullrich | Anthem, TurboTax and How Things "Fit Together" Sometimes |
| 2015-02-05/a> | Johannes Ullrich | Adobe Flash Player Update Released, Fixing CVE 2015-0313 |
| 2015-02-03/a> | Johannes Ullrich | What is using this library? |
| 2015-02-02/a> | Stephen Hall | New Adobe Flash Vulnerability - CVE-2015-0313 |
| 2015-01-31/a> | Guy Bruneau | Beware of Phishing and Spam Super Bowl Fans! |
| 2015-01-27/a> | Johannes Ullrich | New Critical GLibc Vulnerability CVE-2015-0235 (aka GHOST) |
| 2015-01-26/a> | Russ McRee | Adobe updates Security Advisory for Adobe Flash Player, Infocon returns to green |
| 2015-01-23/a> | Johannes Ullrich | Flash 0-Day: Deciphering CVEs and Understanding Patches |
| 2015-01-23/a> | Adrien de Beaupre | Infocon change to yellow for Adobe Flash issues |
| 2015-01-13/a> | Johannes Ullrich | Microsoft Patch Tuesday - January 2015 (Really? Telnet?) |
| 2014-12-23/a> | John Bambenek | How I learned to stop worrying and love malware DGAs.... |
| 2014-12-09/a> | Alex Stanford | Microsoft Patch Tuesday - December 2014 |
| 2014-12-06/a> | Rick Wanner | Google App Engine Java Security Sandbox bypasses |
| 2014-12-05/a> | Basil Alawi S.Taher | VMware new and updated security advisories |
| 2014-12-01/a> | Guy Bruneau | Do you have a Data Breach Response Plan? |
| 2014-11-27/a> | Russ McRee | Syrian Electronic Army attack leads to malvertising |
| 2014-11-25/a> | Adrien de Beaupre | Less is, umm, less? |
| 2014-11-24/a> | Richard Porter | Someone is using this? PoS: Compressor |
| 2014-11-18/a> | Jim Clausing | Microsoft November out-of-cycle patch MS14-068 |
| 2014-11-11/a> | Johannes Ullrich | Adobe Flash Update |
| 2014-11-11/a> | Johannes Ullrich | Microsoft November 2014 Patch Tuesday |
| 2014-11-04/a> | Daniel Wesemann | Whois someone else? |
| 2014-11-04/a> | Daniel Wesemann | 20$ is 999999 Euro |
| 2014-10-23/a> | Russ McRee | Digest: 23 OCT 2014 |
| 2014-10-17/a> | Johannes Ullrich | Apple Updates (not just Yosemite) |
| 2014-10-14/a> | Johannes Ullrich | Microsoft October 2014 Patch Tuesday |
| 2014-10-14/a> | Johannes Ullrich | Adobe October 2014 Bulletins for Flash Player and Coldfusion |
| 2014-10-13/a> | Lorna Hutcheson | For or Against: Port Security for Network Access Control |
| 2014-10-09/a> | Johannes Ullrich | CSAM: My servers started speaking IRC, and that is when I started to listen! |
| 2014-10-06/a> | Johannes Ullrich | CSAM: Patch and get pw0ned (not OR). |
| 2014-10-03/a> | Johannes Ullrich | CSAM: The Power of Virustotal to Turn Harmless Binaries Malicious |
| 2014-10-02/a> | Johannes Ullrich | CSAM: My Storage Array SSHs Outbound! |
| 2014-10-02/a> | Johannes Ullrich | Why is your Mac all for sudden using Bing as a search engine? |
| 2014-10-01/a> | Russ McRee | VMware security advisory: VMSA-2014-0010 http://www.vmware.com/security/advisories/VMSA-2014-0010.html |
| 2014-10-01/a> | Russ McRee | Security Onion news: Updated ShellShock detection scripts for Bro |
| 2014-09-29/a> | Johannes Ullrich | Apple Released Update to Fix Shellshock Vulnerability http://support.apple.com/kb/DL1769 |
| 2014-09-27/a> | Guy Bruneau | What has Bash and Heartbleed Taught Us? |
| 2014-09-26/a> | Richard Porter | Why We Have Moved to InfoCon:Yellow |
| 2014-09-25/a> | Johannes Ullrich | Update on CVE-2014-6271: Vulnerability in bash (shellshock) |
| 2014-09-22/a> | Johannes Ullrich | Cyber Security Awareness Month: What's your favorite/most scary false positive |
| 2014-09-22/a> | Johannes Ullrich | Fake LogMeIn Certificate Update with Bad AV Detection Rate |
| 2014-09-19/a> | Guy Bruneau | Added today in oclhashcat 131 Django [Default Auth] (PBKDF2 SHA256 Rounds Salt) Support - http://hashcat.net/hashcat/ |
| 2014-09-19/a> | Guy Bruneau | Web Scan looking for /info/whitelist.pac |
| 2014-09-18/a> | Johannes Ullrich | Apple Releases OS X 10.9.5 / Safari 6.2 and 7.1 with several security fixes http://support.apple.com/kb/HT1222 |
| 2014-09-17/a> | Daniel Wesemann | Your online background check is now public! |
| 2014-09-16/a> | Daniel Wesemann | https://yourfakebank.support -- TLD confusion starts! |
| 2014-09-16/a> | Mark Hofman | FreeBSD Denial of Service advisory (CVE-2004-0230) |
| 2014-09-12/a> | Chris Mohan | VMware NSX and vCNS product updates address a critical information disclosure vulnerability http://www.vmware.com/security/advisories/VMSA-2014-0009.html |
| 2014-09-12/a> | Chris Mohan | Are credential dumps worth reviewing? |
| 2014-09-10/a> | Johannes Ullrich | Content Security Policy (CSP) is Growing Up. |
| 2014-09-09/a> | Alex Stanford | Microsoft Patch Tuesday - September 2014 |
| 2014-09-07/a> | Johannes Ullrich | Odd Persistent Password Bruteforcing |
| 2014-08-29/a> | Johannes Ullrich | False Positive or Not? Difficult to Analyze Javascript |
| 2014-08-27/a> | Rob VandenBrink | One More Day of Trolling in POS Memory |
| 2014-08-25/a> | Jim Clausing | Unusual CRL traffic? |
| 2014-08-23/a> | Guy Bruneau | NSS Labs Cyber Resilience Report |
| 2014-08-22/a> | Richard Porter | OCLHashCat 1.30 Released |
| 2014-08-22/a> | Richard Porter | PHP 5.4.32 Released http://www.php.net/ChangeLog-5.php#5.4.32 |
| 2014-08-22/a> | Richard Porter | PHP 5.5.16 is available http://www.php.net/ChangeLog-5.php#5.5.16 |
| 2014-08-20/a> | Kevin Shortt | Social Engineering Alive and Well |
| 2014-08-17/a> | Rick Wanner | Part 2: Is your home network unwittingly contributing to NTP DDOS attacks? |
| 2014-08-16/a> | Lenny Zeltser | Web Server Attack Investigation - Installing a Bot and Reverse Shell via a PHP Vulnerability |
| 2014-08-15/a> | Tom Webb | AppLocker Event Logs with OSSEC 2.8 |
| 2014-08-14/a> | Basil Alawi S.Taher | Threats to virtual environments |
| 2014-08-13/a> | Johannes Ullrich | Updates for Apple Safari |
| 2014-08-12/a> | Adrien de Beaupre | Host discovery with nmap |
| 2014-08-12/a> | Alex Stanford | Microsoft Patch Tuesday - August 2014 |
| 2014-08-12/a> | Adrien de Beaupre | Adobe updates for 2014/08 |
| 2014-08-12/a> | Adrien de Beaupre | Sysinternals updates Sysmon v1.0; Updates: Autoruns v12.01, Coreinfo v3.3, Procexp v16.03 http://blogs.technet.com/b/sysinternals/ |
| 2014-08-11/a> | Bojan Zdrnja | Verifying preferred SSL/TLS ciphers with Nmap |
| 2014-08-09/a> | Adrien de Beaupre | Complete application ownage via Multi-POST XSRF |
| 2014-08-06/a> | Johannes Ullrich | All Passwords have been lost: What's next? |
| 2014-08-06/a> | Johannes Ullrich | Exploit Available for Symantec End Point Protection |
| 2014-08-06/a> | Chris Mohan | Free Service to Help CryptoLocker Victims by FireEye and Fox-IT |
| 2014-08-05/a> | Johannes Ullrich | Legal Threat Spam: Sometimes it Gets Personal |
| 2014-08-05/a> | Johannes Ullrich | Center for Internet Security Releases Benchmark for VMWare ESXi 5.5 https://benchmarks.cisecurity.org/downloads/form/index.cfm?download=esxi55.100 |
| 2014-08-04/a> | Russ McRee | Threats & Indicators: A Security Intelligence Lifecycle |
| 2014-08-02/a> | Chris Mohan | All Samba 4.x.x are vulnerable to a remote code execution vulnerability in the nmbd NetBIOS name services daemon |
| 2014-08-01/a> | Chris Mohan | WireShark 1.10.9 and 1.12.0 has been released |
| 2014-07-30/a> | Rick Wanner | Symantec Endpoint Protection Privilege Escalation Zero Day |
| 2014-07-28/a> | Guy Bruneau | Management and Control of Mobile Device Security |
| 2014-07-28/a> | Johannes Ullrich | Interesting HTTP User Agent "chroot-apach0day" |
| 2014-07-26/a> | Chris Mohan | "Internet scanning project" scans |
| 2014-07-24/a> | Bojan Zdrnja | Windows Previous Versions against ransomware |
| 2014-07-22/a> | Daniel Wesemann | Ivan's Order of Magnitude |
| 2014-07-19/a> | Russ McRee | Keeping the RATs out: the trap is sprung - Part 3 |
| 2014-07-18/a> | Russ McRee | Keeping the RATs out: **it happens - Part 2 |
| 2014-07-18/a> | Russ McRee | Gameover Zeus reported as "returned from the dead" |
| 2014-07-16/a> | Russ McRee | Keeping the RATs out: an exercise in building IOCs - Part 1 |
| 2014-07-15/a> | Daniel Wesemann | AOC Cloud |
| 2014-07-15/a> | Daniel Wesemann | Oracle Java: 20 new vulnerabilities patched |
| 2014-07-15/a> | Daniel Wesemann | Oracle July 2014 CPU (patch bundle) |
| 2014-07-14/a> | Johannes Ullrich | The Internet of Things: How do you "on-board" devices? |
| 2014-07-13/a> | Tony Carothers | Oracle July 2014 Update Pre-Notification |
| 2014-07-11/a> | Rob VandenBrink | Apple pushes OS X update to block out of date Flash versions - http://support.apple.com/kb/HT5655 |
| 2014-07-11/a> | Rob VandenBrink | Metasploit Update Alert |
| 2014-07-09/a> | Daniel Wesemann | Who owns your typo? |
| 2014-07-09/a> | Daniel Wesemann | Who inherits your IP address? |
| 2014-07-08/a> | Johannes Ullrich | Hardcoded Netgear Prosafe Switch Password |
| 2014-07-08/a> | Alex Stanford | Microsoft Patch Tuesday - July |
| 2014-07-06/a> | Richard Porter | Physical Access, Point of Sale, Vegas |
| 2014-07-05/a> | Guy Bruneau | Java Support ends for Windows XP |
| 2014-07-05/a> | Guy Bruneau | Malware Analysis with pedump |
| 2014-07-03/a> | Johannes Ullrich | Credit Card Processing in 700 Words or Less |
| 2014-07-02/a> | Johannes Ullrich | July Ouch! Security Awareness Newsletter Released. E-mail Do's and Don'ts http://www.securingthehuman.org/resources/newsletters/ouch/2014#july2014 |
| 2014-07-02/a> | Johannes Ullrich | Cisco Unified Communications Domain Manager Update |
| 2014-07-02/a> | Johannes Ullrich | Simple Javascript Extortion Scheme Advertised via Bing |
| 2014-07-01/a> | Johannes Ullrich | Apple Releases Patches for All Products |
| 2014-06-30/a> | Johannes Ullrich | Should I setup a Honeypot? [SANSFIRE] |
| 2014-06-28/a> | Mark Hofman | No more Microsoft advisory email notifications? |
| 2014-06-23/a> | Russ McRee | Microsoft Interflow announced today at 26th FIRST conference |
| 2014-06-22/a> | Russ McRee | OfficeMalScanner helps identify the source of a compromise |
| 2014-06-17/a> | Rob VandenBrink | Canada's Anti-Spam Legislation (CASL) 2014 |
| 2014-06-17/a> | Rob VandenBrink | New Security Advisories / Updates from Microsoft - Heads up for Next Patch Tuesday! |
| 2014-06-13/a> | Richard Porter | A welcomed response, PF Chang's |
| 2014-06-12/a> | Daniel Wesemann | Made any new friends lately? |
| 2014-06-12/a> | Guy Bruneau | BIND Security Update for CVE-2014-3859 |
| 2014-06-12/a> | Johannes Ullrich | Metasploit now includes module to exploit CVE-2014-0195 (OpenSSL DTLS Fragment Vuln.) |
| 2014-06-11/a> | Daniel Wesemann | Gimme your keys! |
| 2014-06-11/a> | Daniel Wesemann | Help your pilot fly! |
| 2014-06-11/a> | Daniel Wesemann | Pay attention to Cryptowall! |
| 2014-06-10/a> | Alex Stanford | Microsoft Patch Tuesday June 2014 |
| 2014-06-08/a> | Guy Bruneau | efax Spam Containing Malware |
| 2014-06-06/a> | Johannes Ullrich | Microsoft June Patch Tuesday Advance Notification |
| 2014-06-04/a> | Richard Porter | p0f, Got Packets? |
| 2014-06-03/a> | Basil Alawi S.Taher | An Introduction to RSA Netwitness Investigator |
| 2014-06-02/a> | Rick Wanner | Using nmap to scan for DDOS reflectors |
| 2014-06-02/a> | John Bambenek | Gameover Zeus and Cryptolocker Takedowns |
| 2014-06-01/a> | Johannes Ullrich | When was the last time you checked your Comcast cable modem settings? |
| 2014-05-30/a> | Johannes Ullrich | Fake Australian Electric Bill Leads to Cryptolocker |
| 2014-05-28/a> | Rob VandenBrink | Assessing SOAP APIs with Burp |
| 2014-05-27/a> | Kevin Shortt | Avast forums hacked |
| 2014-05-22/a> | Rob VandenBrink | Another Site Breached - Time to Change your Passwords! (If you can that is) |
| 2014-05-22/a> | Johannes Ullrich | Discontinuing Support for ISC Alert Task Bar Icon |
| 2014-05-21/a> | John Bambenek | New, Unpatched IE 0 Day published at ZDI |
| 2014-05-18/a> | Russ McRee | sed and awk will always rock |
| 2014-05-13/a> | Johannes Ullrich | Microsoft May 2014 Patch Tuesday |
| 2014-05-07/a> | Johannes Ullrich | De-Clouding your Life: Things that should not go into the cloud. |
| 2014-05-01/a> | Johannes Ullrich | Microsoft Announces Special Patch for IE 0-day (Win XP included!) |
| 2014-04-30/a> | Russ McRee | UltraDNS DDOS |
| 2014-04-29/a> | Russ McRee | Firefox 29.0 & Thunderbird 24.5 released: http://www.mozilla.org/security/known-vulnerabilities/ |
| 2014-04-28/a> | Russ McRee | Adobe Security Bulletin: Security updates available for Adobe Flash Player http://adobe.ly/QVjO72 |
| 2014-04-27/a> | Tony Carothers | The Dreaded "D" Word of IT |
| 2014-04-26/a> | Guy Bruneau | Android Users - Beware of Bitcoin Mining Malware |
| 2014-04-26/a> | Guy Bruneau | New Project by Linux Foundation - Core Infrastructure Initiative |
| 2014-04-24/a> | Rob VandenBrink | Apple IOS updates to 7.1.1, OSX Security update 2014-002, Airport Updates - http://support.apple.com/kb/HT1222, http://support.apple.com/kb/HT6208, http://support.apple.com/kb/HT6207, http://support.apple.com/kb/HT6203 |
| 2014-04-22/a> | Johannes Ullrich | Apple Patches for OS X, iOS and Apple TV. |
| 2014-04-21/a> | Daniel Wesemann | Allow us to leave! |
| 2014-04-21/a> | Pedro Bueno | Heartbleed hunting |
| 2014-04-21/a> | Daniel Wesemann | OpenSSL Rampage |
| 2014-04-21/a> | Daniel Wesemann | Finding the bleeders |
| 2014-04-17/a> | Manuel Humberto Santander Pelaez | Looking for malicious traffic in electrical SCADA networks - part 2 - solving problems with DNP3 Secure Authentication Version 5 |
| 2014-04-16/a> | Johannes Ullrich | Oracle Critical Patch Update for April 2014 |
| 2014-04-15/a> | Manuel Humberto Santander Pelaez | Looking for malicious traffic in electrical SCADA networks - part 1 |
| 2014-04-15/a> | Richard Porter | VMWare Advisory VMSA-2014-0004 - Updates on OpenSSL HeartBleed http://www.vmware.com/security/advisories/VMSA-2014-0004.html |
| 2014-04-14/a> | Kevin Shortt | INFOCon Green: Heartbleed - on the mend |
| 2014-04-13/a> | Kevin Shortt | Reverse Heartbleed Testing |
| 2014-04-12/a> | Guy Bruneau | Critical Security Update for JetPack WordPress Plugin. Bug has existed since Jetpack 1.9, released in October 2012. - http://jetpack.me/2014/04/10/jetpack-security-update/ |
| 2014-04-12/a> | Guy Bruneau | Interested in a Heartbleed Challenge? |
| 2014-04-11/a> | Rob VandenBrink | The Other Side of Heartbleed - Client Vulnerabilities |
| 2014-04-11/a> | Rob VandenBrink | VMware Security Advisories / Patches released for 2 issues (NOT Heartbleed) - http://www.vmware.com/security/advisories/VMSA-2014-0003.html and http://www.vmware.com/security/advisories/VMSA-2014-0002.html |
| 2014-04-11/a> | Johannes Ullrich | Tonight OpenSSL Webcast #4: Client Side Issues / What to tell your kids & managers about it https://www.sans.org/webcasts/side-heartbleed-client-vulnerabilities-98135 |
| 2014-04-11/a> | Guy Bruneau | Heartbleed Fix Available for Download for Cisco Products |
| 2014-04-08/a> | Richard Porter | April 2014 Microsoft Patches |
| 2014-04-08/a> | Guy Bruneau | OpenSSL CVE-2014-0160 Fixed |
| 2014-04-08/a> | Johannes Ullrich | * Patch Now: OpenSSL "Heartbleed" Vulnerability |
| 2014-04-08/a> | Rick Wanner | Security Updates available for Adobe Flash Player - http://helpx.adobe.com/security/products/flash-player/apsb14-09.html |
| 2014-04-07/a> | Johannes Ullrich | Attack or Bad Link? Your Guess? |
| 2014-04-06/a> | Basil Alawi S.Taher | "Power Worm" PowerShell based Malware |
| 2014-04-05/a> | Jim Clausing | Those strange e-mails with URLs in them can lead to Android malware |
| 2014-04-02/a> | Kevin Shortt | Apple Security Update for Safari 6.1.3/7.0.3: http://support.apple.com/kb/HT6181 |
| 2014-04-01/a> | Basil Alawi S.Taher | Upgrading Your Android, Elevating My Malware |
| 2014-03-27/a> | Alex Stanford | Apple Credential Phishing via appleidconfirm.net |
| 2014-03-24/a> | Johannes Ullrich | Integrating Physical Security Sensors |
| 2014-03-24/a> | Johannes Ullrich | New Microsoft Advisory: Unpatched Word Flaw used in Targeted Attacks |
| 2014-03-22/a> | Guy Bruneau | How the Compromise of a User Account Lead to a Spam Incident |
| 2014-03-21/a> | Johannes Ullrich | Cisco AsyncOS Patch |
| 2014-03-18/a> | Mark Hofman | Call for packets dest 5000 or source 6000 |
| 2014-03-17/a> | Jim Clausing | New Apache web server release |
| 2014-03-17/a> | Johannes Ullrich | Scans for FCKEditor File Manager |
| 2014-03-14/a> | Richard Porter | Word Press Shenanigans? Anyone seeing strange activity today? |
| 2014-03-13/a> | Daniel Wesemann | Web server logs containing RS=^ ? |
| 2014-03-13/a> | Daniel Wesemann | Identification and authentication are hard ... finding out intention is even harder |
| 2014-03-13/a> | Daniel Wesemann | Adobe Shockwave Player critical update: http://helpx.adobe.com/security/products/shockwave/apsb14-10.html |
| 2014-03-12/a> | Johannes Ullrich | Wordpress "Pingback" DDoS Attacks |
| 2014-03-11/a> | Johannes Ullrich | Adobe Updates: Flash Player |
| 2014-03-11/a> | Johannes Ullrich | Microsoft Patch Tuesday March 2014 |
| 2014-03-11/a> | Basil Alawi S.Taher | Introduction to Memory Analysis with Mandiant Redline |
| 2014-03-10/a> | Basil Alawi S.Taher | Sysinternals Process Explorer v16.02, Process Monitor v3.1, PSExec v2.1 and Sigcheck v2.03 update |
| 2014-03-10/a> | Basil Alawi S.Taher | Apple iOS 7.1 |
| 2014-03-08/a> | Guy Bruneau | Microsoft March Patch Pre-Announcement |
| 2014-03-07/a> | Tom Webb | Linux Memory Dump with Rekall |
| 2014-03-06/a> | Mark Baggett | Port 5000 traffic and snort signature |
| 2014-03-04/a> | Daniel Wesemann | XPired! |
| 2014-03-04/a> | Daniel Wesemann | Triple Handshake Cookie Cutter |
| 2014-03-02/a> | Stephen Hall | Sunday Reading |
| 2014-03-02/a> | Stephen Hall | Symantec goes yellow |
| 2014-02-28/a> | Daniel Wesemann | Oversharing |
| 2014-02-28/a> | Daniel Wesemann | Fiesta! |
| 2014-02-27/a> | Richard Porter | Cisco Prime Infrastructure Command Execution Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140226-pi |
| 2014-02-26/a> | Russ McRee | Ongoing NTP Amplification Attacks |
| 2014-02-25/a> | Alex Stanford | Apple releases OS X 10.9.2 patching SSL vulnerability and updates Safari |
| 2014-02-21/a> | Johannes Ullrich | UPS Malware Spam Using Fake SPF Headers |
| 2014-02-21/a> | Jim Clausing | Apple updates iOS and Apple TV |
| 2014-02-20/a> | Stephen Hall | Abobe out of band patch announcement (APSB14-07) |
| 2014-02-19/a> | Russ McRee | Threat modeling in the name of security |
| 2014-02-17/a> | Chris Mohan | NTP reflection attacks continue |
| 2014-02-15/a> | Rob VandenBrink | More on HNAP - What is it, How to Use it, How to Find it |
| 2014-02-14/a> | Chris Mohan | Scanning activity for /siemens/bootstrapping/JnlpBrowser/Development/ |
| 2014-02-14/a> | Chris Mohan | FireEye reports IE 10 zero-day being used in watering hole attack |
| 2014-02-14/a> | Chris Mohan | SYM14-004 Symantec Endpoint Protection Management Vulnerabilities - http://www.symantec.com/business/support/index?page=content&id=TECH214866 |
| 2014-02-13/a> | Johannes Ullrich | Linksys Worm ("TheMoon") Captured |
| 2014-02-12/a> | Johannes Ullrich | Suspected Mass Exploit Against Linksys E1000 / E1200 Routers |
| 2014-02-11/a> | Johannes Ullrich | February 2014 Microsoft Patch Tuesday |
| 2014-02-11/a> | Johannes Ullrich | Adobe February 2014 Patch Tuesday |
| 2014-02-10/a> | Rob VandenBrink | Isn't it About Time to Get Moving on Chip and PIN? |
| 2014-02-10/a> | Rob VandenBrink | A Tale of Two Admins (and no Change Control) |
| 2014-02-09/a> | Basil Alawi S.Taher | Mandiant Highlighter 2 |
| 2014-02-07/a> | Johannes Ullrich | Microsoft Advance Notification for February 2014 |
| 2014-02-07/a> | Rob VandenBrink | Hello Virustotal? It's Microsoft Calling. |
| 2014-02-07/a> | Rob VandenBrink | New ISO Standards on Vulnerability Handling and Disclosure |
| 2014-02-05/a> | Johannes Ullrich | To Merrillville or Sochi: How Dangerous is it to travel? |
| 2014-02-05/a> | Johannes Ullrich | SANS Ouch Security Awareness Newsletter What is Malware http://www.securingthehuman.org/ouch |
| 2014-02-04/a> | Johannes Ullrich | Adobe Flash Player Emergency Patch |
| 2014-02-04/a> | Johannes Ullrich | Odd ICMP Echo Request Payload |
| 2014-02-03/a> | Johannes Ullrich | When an Attack isn't an Attack |
| 2014-01-31/a> | Chris Mohan | Attack on Yahoo mail accounts |
| 2014-01-31/a> | Chris Mohan | Looking for packets from three particular subnets |
| 2014-01-30/a> | Johannes Ullrich | Oracle Reports Vulnerability |
| 2014-01-30/a> | Johannes Ullrich | New gTLDs appearing in the root zone |
| 2014-01-28/a> | Kevin Shortt | Sendmail v8.14.8 released - http://www.sendmail.com/sm/open_source/download/8.14.8/?show_rs=1#RS |
| 2014-01-24/a> | Johannes Ullrich | How to send mass e-mail the right way |
| 2014-01-24/a> | Chris Mohan | Phishing via Social Media |
| 2014-01-24/a> | Chris Mohan | Security Update for OS X for CVE-2014-1252 http://support.apple.com/kb/HT6117 |
| 2014-01-23/a> | Chris Mohan | Learning from the breaches that happens to others Part 2 |
| 2014-01-20/a> | Rob VandenBrink | You Can Run, but You Can't Hide (SSH and other open services) |
| 2014-01-19/a> | Rick Wanner | Anatomy of a Malware distribution campaign |
| 2014-01-17/a> | Russ McRee | Massive RFI scans likely a free web app vuln scanner rather than bots |
| 2014-01-17/a> | Russ McRee | New and updated VMWare security advisories - http://www.vmware.com/security/advisories |
| 2014-01-16/a> | Kevin Shortt | Port 4028 - Interesting Activity |
| 2014-01-14/a> | Chris Mohan | Spamming and scanning botnets - is there something I can do to block them from my site? |
| 2014-01-14/a> | Johannes Ullrich | Microsoft Patch Tuesday January 2014 |
| 2014-01-14/a> | Johannes Ullrich | Adobe Patch Tuesday January 2014 |
| 2014-01-14/a> | Johannes Ullrich | Oracle Critical Patch Update January 2014 |
| 2014-01-13/a> | Johannes Ullrich | Special Webcast today: HTML5, Risky Business or Hidden Security Toolchest? https://www.sans.org/webcasts/html5-risky-business-hidden-security-tool-chest-mobile-web-app-authentication-97650 |
| 2014-01-11/a> | Guy Bruneau | tcpflow 1.4.4 and some of its most Interesting Features |
| 2014-01-10/a> | Basil Alawi S.Taher | Windows Autorun-3 |
| 2014-01-10/a> | Basil Alawi S.Taher | Cisco Small Business Devices backdoor fix |
| 2014-01-09/a> | Johannes Ullrich | Microsoft Security Bulletin Advance Notification for January 2014 http://technet.microsoft.com/en-us/security/bulletin/ms14-jan |
| 2014-01-09/a> | Bojan Zdrnja | Massive PHP RFI scans |
| 2014-01-08/a> | Kevin Shortt | Intercepted Email Attempts to Steal Payments |
| 2014-01-04/a> | Tom Webb | Monitoring Windows Networks Using Syslog (Part One) |
| 2014-01-02/a> | John Bambenek | OpenSSL.org Defaced by Attackers Gaining Access to Hypervisor |
| 2014-01-02/a> | Johannes Ullrich | Scans Increase for New Linksys Backdoor (32764/TCP) |
| 2014-01-01/a> | Russ McRee | Six degrees of celebration: Juniper, ANT, Shodan, Maltego, Cisco, and Tails |
| 2014-01-01/a> | Russ McRee | Happy New Year from the Syrian Electronic Army - Skype’s Social Media Accounts Hacked |
| 2013-12-29/a> | Russ McRee | OpenSSL suffers apparent defacement |
| 2013-12-28/a> | Russ McRee | Weekend Reading List 27 DEC |
| 2013-12-28/a> | Bojan Zdrnja | DRG online challenge(s) |
| 2013-12-24/a> | Daniel Wesemann | Unfriendly crontab additions |
| 2013-12-24/a> | Daniel Wesemann | Mr Jones wants you to appear in court! |
| 2013-12-23/a> | Rob VandenBrink | How-To's for the Holidays - Java Whitelisting using AD Group Policy |
| 2013-12-23/a> | Scott Fendley | VMWare ESX/ESXi Security Advisory |
| 2013-12-23/a> | Daniel Wesemann | Costco, BestBuy, Walmart really want to send you a package! |
| 2013-12-21/a> | Daniel Wesemann | Adobe phishing underway |
| 2013-12-21/a> | Guy Bruneau | Strange DNS Queries - Request for Packets |
| 2013-12-20/a> | Daniel Wesemann | authorized key lime pie |
| 2013-12-19/a> | Rob VandenBrink | Passive Scanning Two Ways - How-Tos for the Holidays |
| 2013-12-19/a> | Rob VandenBrink | Target US - Credit Card Data Breach |
| 2013-12-18/a> | Adrien de Beaupre | Wireshark 1.10.4 and 1.8.12 are available |
| 2013-12-17/a> | Adrien de Beaupre | Apple security updates Mac OS X and Safari |
| 2013-12-16/a> | Tom Webb | The case of Minerd |
| 2013-12-14/a> | Johannes Ullrich | WhatsApp Malware Spam uses Geolocation to Mass Customize Filename |
| 2013-12-11/a> | Johannes Ullrich | Facebook Phishing and Malware via Tumblr Redirects |
| 2013-12-10/a> | Johannes Ullrich | Microsoft December Patch Tuesday |
| 2013-12-10/a> | Rob VandenBrink | Adobe Updates today as well. |
| 2013-12-10/a> | Rob VandenBrink | Those Look Just Like Hashes! |
| 2013-12-09/a> | Rob VandenBrink | Scanning without Scanning |
| 2013-12-07/a> | Guy Bruneau | Suspected Active Rovnix Botnet Controller |
| 2013-12-07/a> | Guy Bruneau | Microsoft December Patch Pre-Announcement |
| 2013-12-05/a> | Mark Hofman | Updated Standards Part 1 - ISO 27001 |
| 2013-12-04/a> | Adrien de Beaupre | VMware Security Advisory VMSA-2013-0014 |
| 2013-12-02/a> | Richard Porter | Reports of higher than normal SSH Attacks |
| 2013-12-01/a> | Richard Porter | BPF, PCAP, Binary, hex, why they matter? |
| 2013-11-29/a> | Russ McRee | MS Exchange update, includes failed backup fix: http://support.microsoft.com/kb/2892464 |
| 2013-11-28/a> | Rob VandenBrink | Microsoft Security Advisory (2914486): Vulnerability in Microsoft Windows Kernel 0 day exploit in wild |
| 2013-11-27/a> | Rob VandenBrink | ATM Traffic + TCPDump + Video = Good or Evil? |
| 2013-11-27/a> | Rob VandenBrink | Apache 2.4.7 is released 11/25. Download: http://httpd.apache.org/download.cgi#apache24 and Readme: http://apache.mirror.iweb.ca//httpd/CHANGES_2.4.7 |
| 2013-11-22/a> | Rick Wanner | Port 0 DDOS |
| 2013-11-22/a> | Rick Wanner | Tales of Password Reuse |
| 2013-11-16/a> | Guy Bruneau | Sagan as a Log Normalizer |
| 2013-11-15/a> | Johannes Ullrich | The Security Impact of HTTP Caching Headers |
| 2013-11-15/a> | Johannes Ullrich | VMWare Security Advisory: http://www.vmware.com/security/advisories/VMSA-2013-0013.html |
| 2013-11-14/a> | Johannes Ullrich | iOS 7.0.4 released. Fixes issue with unauthorized in App purchases http://lists.apple.com/archives/security-announce/2013/Nov/msg00000.html |
| 2013-11-13/a> | Johannes Ullrich | Packet Challenge for the Hivemind: What's happening with this Ethernet header? |
| 2013-11-12/a> | Johannes Ullrich | November 2013 Microsoft Patch Tuesday |
| 2013-11-11/a> | Johannes Ullrich | What Happened to the SANS Ads? |
| 2013-11-10/a> | Rick Wanner | Microsoft and Facebook announce bug bounty |
| 2013-11-09/a> | Guy Bruneau | IE Zero-Day Vulnerability Exploiting msvcrt.dll |
| 2013-11-08/a> | Johannes Ullrich | Microsoft Patch Tuesday Preview |
| 2013-11-05/a> | Daniel Wesemann | Is your vacuum cleaner sending spam? |
| 2013-11-05/a> | Daniel Wesemann | TIFF images in MS-Office documents used in targeted attacks |
| 2013-11-04/a> | Manuel Humberto Santander Pelaez | When attackers use your DNS to check for the sites you are visiting |
| 2013-11-02/a> | Rick Wanner | Protecting Your Family's Computers |
| 2013-11-01/a> | Russ McRee | Secunia's PSI Country Report - Q3 2013 |
| 2013-10-31/a> | Russ McRee | Happy Halloween: The Ghost Really May Be In The Machine |
| 2013-10-30/a> | Russ McRee | SIR v15: Five good reasons to leave Windows XP behind |
| 2013-10-28/a> | Daniel Wesemann | Exploit cocktail (Struts, Java, Windows) going after 3-month old vulnerabilities |
| 2013-10-26/a> | Guy Bruneau | Active Perl/Shellbot Trojan |
| 2013-10-25/a> | Rob VandenBrink | Kaspersky flags TCPIP.SYS as Malware |
| 2013-10-24/a> | Johannes Ullrich | False Positive: php.net Malware Alert |
| 2013-10-22/a> | Richard Porter | Greenbone and OpenVAS Scanner |
| 2013-10-22/a> | John Bambenek | Cryptolocker Update, Request for Info |
| 2013-10-21/a> | Johannes Ullrich | New tricks that may bring DNS spoofing back or: "Why you should enable DNSSEC even if it is a pain to do" |
| 2013-10-18/a> | Rob VandenBrink | CSAM - Why am I seeing DNS Requests to IANA.ORG in my Firewall Logs? |
| 2013-10-17/a> | Adrien de Beaupre | Chrome updated http://googlechromereleases.blogspot.ca/2013/10/stable-channel-update_15.html |
| 2013-10-17/a> | Adrien de Beaupre | Internet wide DNS scanning |
| 2013-10-17/a> | Adrien de Beaupre | New spamming technique - onmicrosoft.com |
| 2013-10-16/a> | Adrien de Beaupre | Access denied and blockliss |
| 2013-10-15/a> | Rob VandenBrink | CSAM: Microsoft Logs - NPS and IAS (RADIUS) |
| 2013-10-15/a> | Rob VandenBrink | Java Quarterly Updates |
| 2013-10-15/a> | Rob VandenBrink | Wireshark 1.11.0 Development Version Released ==> http://www.wireshark.org/download.html (1.10.2 remains the Stable version) |
| 2013-10-12/a> | Richard Porter | Reported Spike in tcp/5901 and tcp/5900 |
| 2013-10-10/a> | Mark Hofman | CSAM Some more unusual scans |
| 2013-10-10/a> | Johannes Ullrich | google.com.my DNS hijack |
| 2013-10-09/a> | Johannes Ullrich | Other Patch Tuesday Updates (Adobe, Apple) |
| 2013-10-09/a> | Johannes Ullrich | CSAM: SSL Request Logs |
| 2013-10-08/a> | Johannes Ullrich | Anti-Virus Company Avira Homepage Defaced |
| 2013-10-08/a> | Johannes Ullrich | CSAM: ANY queries used in reflective DoS attack |
| 2013-10-08/a> | Johannes Ullrich | Microsoft October 2013 Patch Tuesday |
| 2013-10-05/a> | Richard Porter | Adobe Breach Notification, Notifications? |
| 2013-10-04/a> | Johannes Ullrich | The Adobe Breach FAQ |
| 2013-10-04/a> | Pedro Bueno | CSAM: WebHosting BruteForce logs |
| 2013-10-03/a> | Johannes Ullrich | October Patch Tuesday Preview (CVE-2013-3893 patch coming!) |
| 2013-10-02/a> | Johannes Ullrich | CSAM: Misc. DNS Logs |
| 2013-10-02/a> | John Bambenek | Obamacare related domain registration spike, Government shutdown domain registration beginning |
| 2013-10-01/a> | Adrien de Beaupre | CSAM! Send us your logs! |
| 2013-09-30/a> | Adrien de Beaupre | Twitter DM spam/malware |
| 2013-09-24/a> | Tom Webb | IDS, NSM, and Log Management with Security Onion 12.04.3 |
| 2013-09-23/a> | Rob VandenBrink | How do you spell "PSK"? |
| 2013-09-18/a> | Rob VandenBrink | Apple IOS 7 - Brace for Impact! |
| 2013-09-18/a> | Rob VandenBrink | Cisco DCNM Update Released |
| 2013-09-17/a> | John Bambenek | Microsoft Releases Out-of-Band Advisory for all Versions of Internet Explorer |
| 2013-09-13/a> | Rob VandenBrink | Update for Safari to version 5.1.10 is out - http://support.apple.com/kb/HT5921 |
| 2013-09-12/a> | Daniel Wesemann | 37.58.73.42 / 95.156.228.69 / 195.210.43.42, anyone? |
| 2013-09-11/a> | Johannes Ullrich | Reboot Wednesday: Yesterday's Patch Tuesday Aftermath |
| 2013-09-10/a> | Swa Frantzen | Adobe September 2013 Black Tuesday Overview |
| 2013-09-10/a> | Swa Frantzen | Microsoft September 2013 Black Tuesday Overview |
| 2013-09-10/a> | Swa Frantzen | More Black Tuesday workload |
| 2013-09-10/a> | Swa Frantzen | Macs need to patch too! |
| 2013-09-09/a> | Johannes Ullrich | SSL is broken. So what? |
| 2013-09-07/a> | Guy Bruneau | Microsoft September Patch Pre-Announcement |
| 2013-09-05/a> | Rob VandenBrink | Building Your Own GPU Enabled Private Cloud |
| 2013-09-05/a> | Rob VandenBrink | What's Next for IPS? |
| 2013-09-03/a> | Rob VandenBrink | Is "Reputation Backscatter" a Thing? |
| 2013-09-02/a> | Guy Bruneau | Multiple Cisco Security Notice |
| 2013-09-02/a> | Guy Bruneau | Snort IDS Sensor with Sguil New ISO Released |
| 2013-08-30/a> | Kevin Liston | VMware ESXi and ESX address an NFC Protocol Unhandled Exception |
| 2013-08-29/a> | Russ McRee | Suspect Sendori software |
| 2013-08-28/a> | Bojan Zdrnja | MS13-056 (false positive)? alerts |
| 2013-08-26/a> | Alex Stanford | Stop, Drop and File Carve |
| 2013-08-25/a> | Johannes Ullrich | When does your browser send a "Referer" header (or not)? |
| 2013-08-22/a> | Russ McRee | Read of the Week: A Fuzzy Future in Malware Research |
| 2013-08-21/a> | Alex Stanford | Psst. Your Browser Knows All Your Secrets. |
| 2013-08-21/a> | Rob VandenBrink | Fibre Channel Reconnaissance - Reloaded |
| 2013-08-19/a> | Guy Bruneau | Business Risks and Cyber Attacks |
| 2013-08-19/a> | Rob VandenBrink | ZMAP 1.02 released |
| 2013-08-19/a> | Johannes Ullrich | Microsoft re-releases MS13-066: https://technet.microsoft.com/security/bulletin/MS13-066 |
| 2013-08-19/a> | Rob VandenBrink | NMAP 6.40 Released (www.nmap.org), Release Notes at www.nmap.org/changelog.html |
| 2013-08-15/a> | Johannes Ullrich | Microsoft Pulls MS013-061 due to problems with Exchange Server 2013 http://blogs.technet.com/b/exchange/archive/2013/08/14/exchange-2013-security-update-ms13-061-status-update.aspx |
| 2013-08-14/a> | Johannes Ullrich | Imaging LUKS Encrypted Drives |
| 2013-08-13/a> | Swa Frantzen | Microsoft security advisories: RDP and MD5 deprecation in Microsoft root certificates |
| 2013-08-13/a> | Swa Frantzen | Microsoft August 2013 Black Tuesday Overview |
| 2013-08-11/a> | Bojan Zdrnja | XATattacks (attacks on xat.com) |
| 2013-08-09/a> | Kevin Shortt | Copy Machines - Changing Scanned Content |
| 2013-08-07/a> | Johannes Ullrich | New edition of the Ouch! Security Awareness Newsletter is out: http://www.securingthehuman.org/resources/newsletters/ouch/2013 |
| 2013-08-07/a> | Johannes Ullrich | Firefox 23 and Mixed Active Content |
| 2013-08-07/a> | Mark Hofman | DNS servers hijacked in the Netherlands |
| 2013-08-05/a> | Chris Mohan | DMARC: another step forward in the fight against phishing? |
| 2013-08-03/a> | Deborah Hale | What Anti-virus Program Is Right For You? |
| 2013-08-02/a> | Chris Mohan | VMware Security Advisory VMSA-2013-0009 - http://www.vmware.com/security/advisories/VMSA-2013-0009.html |
| 2013-08-02/a> | Chris Mohan | Cisco Security Advisory: OSPF LSA Manipulation Vulnerability in Multiple Cisco Products http://tools.cisco.com/security/center/viewAlert.x?alertId=30210 |
| 2013-08-02/a> | Johannes Ullrich | Fake American Express Alerts |
| 2013-07-29/a> | Adrien de Beaupre | BGP multiple banking addresses hijacked |
| 2013-07-28/a> | Guy Bruneau | Wireshark 1.8.9 and 1.10.1 Security Update |
| 2013-07-27/a> | Scott Fendley | Defending Against Web Server Denial of Service Attacks |
| 2013-07-22/a> | Johannes Ullrich | Apple Developer Site Breach |
| 2013-07-21/a> | Guy Bruneau | Why use Regular Expressions? |
| 2013-07-21/a> | Guy Bruneau | Ubuntu Forums Security Breach |
| 2013-07-20/a> | Manuel Humberto Santander Pelaez | Do you have rogue Internet gateways in your network? Check it with nmap |
| 2013-07-18/a> | Chris Mohan | Blog Spam - annoying junk or a source of intelligence? |
| 2013-07-13/a> | Lenny Zeltser | Decoy Personas for Safeguarding Online Identity Using Deception |
| 2013-07-10/a> | Johannes Ullrich | .NL Registrar Compromisse |
| 2013-07-09/a> | Swa Frantzen | Microsoft July 2013 Black Tuesday Overview |
| 2013-07-09/a> | Swa Frantzen | Adobe July 2013 Black Tuesday Overview |
| 2013-07-08/a> | Richard Porter | Why do we Click? |
| 2013-07-06/a> | Guy Bruneau | Microsoft July Patch Pre-Announcement |
| 2013-07-06/a> | Guy Bruneau | Is Metadata the Magic in Modern Network Security? |
| 2013-07-04/a> | Russ McRee | Celebrating 4th of July With a Malware PCAP Visualization |
| 2013-07-03/a> | Kevin Shortt | Apple Security Update 2013-003 |
| 2013-07-01/a> | Manuel Humberto Santander Pelaez | Using nmap scripts to enhance vulnerability asessment results |
| 2013-06-29/a> | Johannes Ullrich | Instagram "Fruit" Spam |
| 2013-06-27/a> | Tony Carothers | Physical Security in the Cyber World |
| 2013-06-27/a> | Tony Carothers | Ruby Update for SSL Vulnerability |
| 2013-06-26/a> | Adrien de Beaupre | Multiple Cisco security advisories |
| 2013-06-25/a> | Bojan Zdrnja | Mozilla Firefox 22 released, fixes 14 security vulnerabilities, more info at http://www.mozilla.org/en-US/firefox/22.0/releasenotes/ |
| 2013-06-22/a> | Guy Bruneau | Facebook Reports a Potential Leak of User Data |
| 2013-06-21/a> | Guy Bruneau | Sysinternals Updates for Autoruns, Strings & ZoomIt http://blogs.technet.com/b/sysinternals/archive/2013/06/20/updates-autoruns-v11-61-strings-v2-52-zoomit-v4-5.aspx |
| 2013-06-20/a> | Guy Bruneau | HP iLO3/iLO4 Remote Unauthorized Access with Single-Sign-On |
| 2013-06-18/a> | Russ McRee | EMET 4.0 is now available for download |
| 2013-06-18/a> | Russ McRee | Volatility rules...any questions? |
| 2013-06-17/a> | Daniel Wesemann | SANSFIRE 2013 |
| 2013-06-11/a> | Swa Frantzen | Store passwords the right way in your application |
| 2013-06-11/a> | Swa Frantzen | Microsoft June 2013 Black Tuesday Overview |
| 2013-06-11/a> | Swa Frantzen | Adobe June 2013 Black Tuesday Overview |
| 2013-06-11/a> | Swa Frantzen | Other Microsoft Black Tuesday News |
| 2013-06-11/a> | Swa Frantzen | vmware security advisory VMSA-2013-0008 |
| 2013-06-10/a> | Johannes Ullrich | When Google isn't Google |
| 2013-06-07/a> | Daniel Wesemann | 100% Compliant (for 65% of the systems) |
| 2013-06-05/a> | Richard Porter | BIND 9 Update fixing CVE-2013-3919 |
| 2013-06-05/a> | Johannes Ullrich | Apple releases OS 10.8.4 |
| 2013-06-05/a> | Richard Porter | Windows Sysinternals Updated http://technet.microsoft.com/en-us/sysinternals/default.aspx |
| 2013-06-05/a> | Johannes Ullrich | New version of "Ouch", the SANS Securing the Human Newsletter http://www.securingthehuman.org/resources/newsletters/ouch/2013 |
| 2013-06-05/a> | Richard Porter | Wireshark 1.10.0 Stable Released http://www.wireshark.org/download.html |
| 2013-05-31/a> | Chris Mohan | VMware releases new and updated security advisories |
| 2013-05-27/a> | Johannes Ullrich | Nuclear Scientists, Pandas and EMET Keeping Me Honest |
| 2013-05-23/a> | Adrien de Beaupre | Wireshark 1.10.0rc2 is now available http://www.wireshark.org/download.html |
| 2013-05-23/a> | Adrien de Beaupre | MoVP II |
| 2013-05-22/a> | Adrien de Beaupre | Privilege escalation, why should I care? |
| 2013-05-22/a> | Adrien de Beaupre | Wireshark 1.8.7 and 1.6.15 Released http://www.wireshark.org/news/20130517.html |
| 2013-05-22/a> | Adrien de Beaupre | Apple QuickTime 7.7.4 for Windows updated, MANY security vulnerabilities: http://support.apple.com/kb/HT1222 |
| 2013-05-22/a> | Adrien de Beaupre | Chrome 24.0.1312.52 has been updated for Windows, Mac, Linux, and Chrome Frame |
| 2013-05-21/a> | Adrien de Beaupre | Moore, Oklahoma tornado charitable organization scams, malware, and phishing |
| 2013-05-20/a> | Guy Bruneau | Sysinternals Updates for Accesschk, Procdump, RAMMap and Strings http://blogs.technet.com/b/sysinternals/archive/2013/05/17/updates-accesschk-v5-11-procdump-v6-0-rammap-v1-22-strings-v2-51.aspx |
| 2013-05-20/a> | Guy Bruneau | Safe - Tools, Tactics and Techniques |
| 2013-05-19/a> | Kevin Shortt | Port 51616 - Got Packets? |
| 2013-05-17/a> | Daniel Wesemann | e-netprotections.su ? |
| 2013-05-17/a> | Johannes Ullrich | SSL: Another reason not to ignore IPv6 |
| 2013-05-16/a> | Daniel Wesemann | Extracting signatures from Apple .apps |
| 2013-05-14/a> | Jim Clausing | So what passwords are those ssh scanners trying? |
| 2013-05-14/a> | Swa Frantzen | Microsoft May 2013 Black Tuesday Overview |
| 2013-05-14/a> | Swa Frantzen | Firefox & Thunderbird released |
| 2013-05-14/a> | Swa Frantzen | Adobe May 2013 Black Tuesday Overview |
| 2013-05-14/a> | Swa Frantzen | Microsoft Security Advisory 2846338 |
| 2013-05-11/a> | Lenny Zeltser | Extracting Digital Signatures from Signed Malware |
| 2013-05-10/a> | Johannes Ullrich | Microsoft and Adobe Patch Tuesday Pre-Release |
| 2013-05-09/a> | John Bambenek | Adobe Releases 0-day Security Advisory for Coldfusion, Exploit Code Available. Advisory here: http://www.adobe.com/support/security/advisories/apsa13-03.html |
| 2013-05-08/a> | Johannes Ullrich | "De Flashing" the ISC Web Site and Flash XSS issues |
| 2013-05-08/a> | Chris Mohan | Syria drops from Internet 7th May 2013 |
| 2013-05-07/a> | Jim Clausing | Is there an epidemic of typo squatting? |
| 2013-05-04/a> | Kevin Shortt | The Zero-Day Pendulum Swings |
| 2013-05-01/a> | Daniel Wesemann | The cost of cleaning up |
| 2013-04-30/a> | Russ McRee | Apache binary backdoor adds malicious redirect to Blackhole |
| 2013-04-29/a> | Adam Swanger | Report Fake Tech Support Calls submission form reminder |
| 2013-04-26/a> | Russ McRee | What is "up to date anti-virus software"? |
| 2013-04-25/a> | Adam Swanger | SANS 2013 Forensics Survey - https://www.surveymonkey.com/s/2013SANSForensicsSurvey |
| 2013-04-25/a> | Adam Swanger | Guest Diary: Dylan Johnson - A week in the life of some Perimeter Firewalls |
| 2013-04-23/a> | Russ McRee | Microsoft's Security Intelligence Report (SIRv14) released |
| 2013-04-21/a> | John Bambenek | A Chargen-based DDoS? Chargen is still a thing? |
| 2013-04-19/a> | Russ McRee | Java 8 release schedule delayed for renewed focus on security |
| 2013-04-18/a> | John Bambenek | ISC Handler Lenny Zeltser's REMnux v4 Reviewed on Hak5 |
| 2013-04-17/a> | Richard Porter | Apple iTunes Services Outage |
| 2013-04-17/a> | John Bambenek | UPDATEDx1: Boston-Related Malware Campaigns Have Begun - Now with Waco Plant Explosion Fun |
| 2013-04-16/a> | John Bambenek | Fake Boston Marathon Scams Update |
| 2013-04-16/a> | Rob VandenBrink | Java 7 Update 21 is available - Watch for Behaviour Changes ! |
| 2013-04-15/a> | Rob VandenBrink | Oops - You Mean That Deleted Server was a Certificate Authority? |
| 2013-04-15/a> | John Bambenek | Please send any spam (full headers), URLs or other suspicious content scamming off Boston Marathon explosions to handlers@sans.org |
| 2013-04-13/a> | Johannes Ullrich | Protocol 61: Anybody got packets? |
| 2013-04-10/a> | Manuel Humberto Santander Pelaez | Massive Google scam sent by email to Colombian domains |
| 2013-04-09/a> | Swa Frantzen | Microsoft April 2013 Black Tuesday Overview |
| 2013-04-09/a> | Swa Frantzen | Adobe April 2013 Black Tuesday Overview |
| 2013-04-08/a> | Johannes Ullrich | Cleaning Up After the Leak: Hiding exposed web content |
| 2013-04-04/a> | Johannes Ullrich | Microsoft April Patch Tuesday Advance Notification |
| 2013-04-03/a> | Mark Hofman | Firefox 20 and Thunderbird 17.0.5 updates |
| 2013-03-29/a> | Chris Mohan | Does your breach email notification look like a phish? |
| 2013-03-29/a> | Chris Mohan | Fake Link removal requests |
| 2013-03-28/a> | John Bambenek | Where Were You During the Great DDoS Cybergeddon of 2013? |
| 2013-03-26/a> | Daniel Wesemann | How your Webhosting Account is Getting Abused |
| 2013-03-25/a> | Johannes Ullrich | IPv6 Focus Month: IPv6 over IPv4 Preference |
| 2013-03-23/a> | Guy Bruneau | Apple ID Two-step Verification Now Available in some Countries |
| 2013-03-22/a> | Mark Baggett | Wipe the drive! Stealthy Malware Persistence - Part 4 |
| 2013-03-20/a> | Mark Baggett | Wipe the drive! Stealthy Malware Persistence - Part 3 |
| 2013-03-19/a> | Johannes Ullrich | Scam of the day: More fake CNN e-mails |
| 2013-03-19/a> | Johannes Ullrich | IPv6 Focus Month: The warm and fuzzy side of IPv6 |
| 2013-03-19/a> | Johannes Ullrich | Windows 7 SP1 and Windows Server 2008 R2 SP1 Being "pushed" today |
| 2013-03-18/a> | Kevin Shortt | Cisco IOS Type 4 Password Issue: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4 |
| 2013-03-18/a> | Kevin Shortt | Spamhaus DDOS |
| 2013-03-15/a> | Mark Baggett | AVG detect legit file as virus |
| 2013-03-14/a> | Mark Baggett | Wipe the drive! Stealthy Malware Persistence - Part 2 |
| 2013-03-14/a> | Richard Porter | Apple Security Updates: http://support.apple.com/kb/HT1222 |
| 2013-03-13/a> | Mark Baggett | Wipe the drive! Stealthy Malware Persistence Mechanism - Part 1 |
| 2013-03-13/a> | Johannes Ullrich | IPv6 Focus Month: Kaspersky Firewall IPv6 Vulnerability |
| 2013-03-12/a> | Swa Frantzen | Microsoft March 2013 Black Tuesday Overview |
| 2013-03-12/a> | Swa Frantzen | Adobe March 2013 Black Tueday |
| 2013-03-09/a> | Guy Bruneau | IPv6 Focus Month: IPv6 Encapsulation - Protocol 41 |
| 2013-03-08/a> | Johannes Ullrich | IPv6 Focus Month: Filtering ICMPv6 at the Border |
| 2013-03-07/a> | Guy Bruneau | Wireshark Security Updates |
| 2013-03-07/a> | Guy Bruneau | Apple Blocking Java Web plug-in |
| 2013-03-06/a> | Adam Swanger | IPv6 Focus Month: Guest Diary: Stephen Groat - Geolocation Using IPv6 Addresses |
| 2013-03-05/a> | Mark Hofman | IPv6 Focus Month: Device Defaults |
| 2013-03-05/a> | Richard Porter | Java j6u43 update #YAJU http://www.oracle.com/technetwork/java/javase/6u43-relnotes-1915290.html |
| 2013-03-04/a> | Johannes Ullrich | IPv6 Focus Month: Addresses |
| 2013-03-04/a> | Richard Porter | Java 7u17 update #YAJU http://www.oracle.com/technetwork/java/javase/7u17-relnotes-1915289.html |
| 2013-03-03/a> | Richard Porter | Uptick in MSSQL Activity |
| 2013-03-02/a> | Scott Fendley | Evernote Security Issue |
| 2013-03-02/a> | Scott Fendley | Apple Blocks Older Insecure Versions of Flash Player |
| 2013-03-01/a> | Jim Clausing | And the Java 0-days just keep on coming |
| 2013-02-27/a> | Adam Swanger | Guest Diary: Dylan Johnson - There's value in them there logs! |
| 2013-02-27/a> | Adam Swanger | Adobe Flash Player Security Update - http://www.adobe.com/support/security/bulletins/apsb13-08.html |
| 2013-02-26/a> | Rob VandenBrink | All I need Java for is .... |
| 2013-02-25/a> | Johannes Ullrich | Mass-Customized Malware Lures: Don't trust your cat! |
| 2013-02-25/a> | Johannes Ullrich | Trustwave Trustkeeper Phish |
| 2013-02-25/a> | Johannes Ullrich | Punkspider enumerates web application vulnerabilities |
| 2013-02-25/a> | Rob VandenBrink | Silent Traitors - Embedded Devices in your Datacenter |
| 2013-02-22/a> | Johannes Ullrich | Zendesk breach affects Tumblr/Pinterest/Twitter |
| 2013-02-22/a> | Johannes Ullrich | What has Iran been up to lately? |
| 2013-02-22/a> | Chris Mohan | PHP 5.4.12 and PHP 5.3.22 released http://www.php.net/ChangeLog-5.php |
| 2013-02-22/a> | Chris Mohan | Chrome 25.0.1364.87 addresses multiple vulnerabilities http://googlechromereleases.blogspot.com.au/2013/02/stable-channel-update_21.html |
| 2013-02-22/a> | Chris Mohan | VMware releases new and updated security advisories |
| 2013-02-21/a> | Pedro Bueno | NBC site redirecting to Exploit kit |
| 2013-02-20/a> | Manuel Humberto Santander Pelaez | SANS SCADA Summit at Orlando - Bigger problems and so far from getting them solved |
| 2013-02-20/a> | Johannes Ullrich | Update Palooza |
| 2013-02-19/a> | Johannes Ullrich | APT1, Unit 61398 and are state sponsored attacks real |
| 2013-02-19/a> | Johannes Ullrich | Oracle Updates Java (Java 7 Update 15, Java 6 update 41) |
| 2013-02-19/a> | Johannes Ullrich | EDUCAUSE Breach |
| 2013-02-17/a> | Guy Bruneau | HP ArcSight Connector Appliance and Logger Vulnerabilities |
| 2013-02-17/a> | Guy Bruneau | Adobe Acrobat and Reader Security Update Planned this Week |
| 2013-02-16/a> | Lorna Hutcheson | Fedora RedHat Vulnerabilty Released |
| 2013-02-14/a> | Adam Swanger | ISC Monthly Threat Update - February 2013 http://isc.sans.edu/podcastdetail.html?id=3121 |
| 2013-02-14/a> | Bojan Zdrnja | Auditd is your friend |
| 2013-02-13/a> | Swa Frantzen | More adobe reader and acrobat (PDF) trouble |
| 2013-02-12/a> | Swa Frantzen | Adobe Feb 2013 Black Tuesday patches |
| 2013-02-12/a> | Adam Swanger | Microsoft February 2013 Black Tuesday Update - Overview |
| 2013-02-08/a> | Kevin Shortt | Is it Spam or Is it Malware? |
| 2013-02-08/a> | Johannes Ullrich | VMWare Advisories (ESX, Workstation, Fusion...) http://www.vmware.com/security/advisories/VMSA-2013-0002.html |
| 2013-02-08/a> | Johannes Ullrich | Microsoft February Patch Tuesday Advance Notification |
| 2013-02-07/a> | John Bambenek | Adobe Releases Patches for 0-day Vulnerability in Flash Player for Windows and Mac, Upgrade now: http://www.adobe.com/support/security/bulletins/apsb13-04.html |
| 2013-02-06/a> | Adam Swanger | Sysinternals in particular Process Explorer update https://blogs.technet.com/b/sysinternals/?Redirected=true |
| 2013-02-06/a> | Johannes Ullrich | HTTP Range Header and Partial Downloads |
| 2013-02-06/a> | Johannes Ullrich | Are you losing system logging information (and don't know it)? |
| 2013-02-06/a> | Johannes Ullrich | Intel Network Card (82574L) Packet of Death |
| 2013-02-05/a> | Russ McRee | Apple Security Update: OS X Server v.2.2.1 now available http://support.apple.com/kb/HT5644 |
| 2013-02-04/a> | Adam Swanger | SAN Securing The Human Monthly Awareness Video - Advanced Persistent Threat (APT) http://www.securingthehuman.org/resources/ncsam |
| 2013-02-03/a> | Lorna Hutcheson | Is it Really an Attack? |
| 2013-02-01/a> | Jim Clausing | VMware vSphere security updates for the authentication service and third party libraries (see http://www.vmware.com/security/advisories/VMSA-2013-0001.html) |
| 2013-02-01/a> | Jim Clausing | Oracle quitely releases Java 7u13 early |
| 2013-01-30/a> | Richard Porter | Getting Involved with the Local Community |
| 2013-01-28/a> | Johannes Ullrich | iOS 6.1 Released |
| 2013-01-25/a> | Johannes Ullrich | Vulnerability Scans via Search Engines (Request for Logs) |
| 2013-01-22/a> | Richard Porter | Using Metasploit for Patch Sanity Checks |
| 2013-01-19/a> | Guy Bruneau | Java 7 Update 11 Still has a Flaw |
| 2013-01-18/a> | Russ McRee | Interesting reads for Friday 18 JAN 2013 |
| 2013-01-17/a> | Russ McRee | PHP 5.4.11 and PHP 5.3.21 released |
| 2013-01-15/a> | Rob VandenBrink | When Disabling IE6 (or Java, or whatever) is not an Option... |
| 2013-01-15/a> | Russ McRee | Cisco introducing Cisco Security Notices 16 JAN 2013 |
| 2013-01-14/a> | Richard Porter | Microsoft Out of Cycle Patch: IE http://technet.microsoft.com/en-us/security/bulletin/ms13-jan |
| 2013-01-14/a> | Richard Porter | January 2013 Microsoft Out of Cycle Patch |
| 2013-01-13/a> | Stephen Hall | Sysinternals Updates |
| 2013-01-13/a> | Stephen Hall | Java 0-Day patched as Java 7 U 11 released |
| 2013-01-12/a> | Stephen Hall | Java 0-day impact to Java 6 (and beyond?) |
| 2013-01-12/a> | Stephen Hall | Oracle Patch Tuesday Pre-Release |
| 2013-01-10/a> | Johannes Ullrich | Java is still exploitable and is likely going to remain so. |
| 2013-01-10/a> | Rob VandenBrink | What Else runs Telnets? Or, Pentesters Love Video Conferencing Units Too! |
| 2013-01-10/a> | Adam Swanger | ISC Monthly Threat Update New Format |
| 2013-01-09/a> | Rob VandenBrink | SQL Injection Flaw in Ruby on Rails |
| 2013-01-09/a> | Rob VandenBrink | Hotmail seeing some temporary access issues |
| 2013-01-09/a> | Rob VandenBrink | Firefox and Thunderbird Updates |
| 2013-01-09/a> | Rob VandenBrink | Security Updates for Adobe Reader / Acrobat - http://www.adobe.com/support/security/bulletins/apsb13-02.html |
| 2013-01-09/a> | Rob VandenBrink | Security Updates for Adobe Flash - http://www.adobe.com/support/security/bulletins/apsb13-01.html |
| 2013-01-09/a> | Johannes Ullrich | New Format for Monthly Threat Update |
| 2013-01-09/a> | Rob VandenBrink | Security Update - Cisco Prime LMS (cisco-sa-20130109-lms - remote execution as root vulnerability) - advisory at: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-lms |
| 2013-01-09/a> | Rob VandenBrink | Security Update - Cisco 7900 Phones - cisco-sa-20130109-uipphone privilege escallation issue - advisory at: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-uipphone |
| 2013-01-08/a> | Jim Clausing | Cuckoo 0.5 is out and the world didn't end |
| 2013-01-08/a> | Richard Porter | Yahoo Web Interface Report: Compose and Send |
| 2013-01-08/a> | Richard Porter | A picture worth a 1000 barcodes? |
| 2013-01-08/a> | Richard Porter | Microsoft January 2013 Black Tuesday Update - Overview |
| 2013-01-08/a> | Richard Porter | Adobe Security Bulletins http://blogs.adobe.com/psirt/2013/01/adobe-security-bulletins-posted-4.html |
| 2013-01-08/a> | Richard Porter | Firefox 18 Released, Security Fixes http://www.mozilla.org/security/known-vulnerabilities/firefox.html |
| 2013-01-07/a> | Adam Swanger | Please consider participating in our 2013 ISC StormCast survey at http://www.surveymonkey.com/s/stormcast |
| 2013-01-06/a> | Kevin Liston | A Bit About the NVIDIA Vulnerability |
| 2013-01-05/a> | Guy Bruneau | Adobe ColdFusion Security Advisory |
| 2013-01-04/a> | Daniel Wesemann | Blue for Reset? |
| 2013-01-04/a> | Daniel Wesemann | Patch pre-notification from Adobe and Microsoft |
| 2013-01-03/a> | Bojan Zdrnja | Memory acquisition traps |
| 2013-01-03/a> | Manuel Humberto Santander Pelaez | New year and new CA compromised |
| 2013-01-02/a> | Chris Mohan | Starting the New Year on the right foot |
| 2013-01-02/a> | Russ McRee | EMET 3.5: The Value of Looking Through an Attacker's Eyes |
| 2012-12-31/a> | Manuel Humberto Santander Pelaez | How to determine which NAC solutions fits best to your needs |
| 2012-12-27/a> | John Bambenek | It's 3pm 2 days after Christmas, do you know where your unmanaged SSH keys are? |
| 2012-12-22/a> | Guy Bruneau | New Poll - Which of the following issues impacted the most your business in 2012? - https://isc.sans.edu/poll.html |
| 2012-12-20/a> | Daniel Wesemann | White House strategy on security information sharing and safeguarding |
| 2012-12-18/a> | Dan Goldberg | Mitigating the impact of organizational change: a risk assessment |
| 2012-12-18/a> | Rob VandenBrink | All I Want for Christmas is to Not Get Hacked ! |
| 2012-12-14/a> | Adam Swanger | ISC Feature of the Week: Webhoneypot: Web Server Log Project |
| 2012-12-13/a> | Johannes Ullrich | What if Tomorrow Was the Day? |
| 2012-12-11/a> | John Bambenek | Microsoft December 2012 Black Tuesday Update - Overview |
| 2012-12-10/a> | Johannes Ullrich | Your CPA License has not been revoked |
| 2012-12-07/a> | Richard Porter | Reports of Strange TCP Port 443 Behavior |
| 2012-12-07/a> | Adam Swanger | ISC Feature of the Week: Glossary Additions |
| 2012-12-06/a> | Johannes Ullrich | How to identify if you are behind a "Transparent Proxy" |
| 2012-12-06/a> | Daniel Wesemann | Fake tech support calls - revisited |
| 2012-12-06/a> | Daniel Wesemann | Rich Quick Make Money! |
| 2012-12-04/a> | Johannes Ullrich | Where do your backup tapes go to die? |
| 2012-12-03/a> | Kevin Liston | Mobile Malware: Request for Field Reports |
| 2012-12-03/a> | John Bambenek | John McAfee Exposes His Location in Photo About His Being on Run |
| 2012-12-03/a> | Kevin Liston | Recent SSH vulnerabilities |
| 2012-12-02/a> | Guy Bruneau | Collecting Logs from Security Devices at Home |
| 2012-11-30/a> | Daniel Wesemann | Snipping Leaks |
| 2012-11-30/a> | Daniel Wesemann | Nmap 6.25 released - lots of new goodies, see http://nmap.org/changelog.html |
| 2012-11-29/a> | Adam Swanger | ISC Feature of the Week: SSH Scan Reports |
| 2012-11-29/a> | Kevin Shortt | New Apple Security Update: APPLE-SA-2012-11-29-1 Apple TV 5.1.1 |
| 2012-11-28/a> | Mark Hofman | New version of wireshark is available (1.8.4), some security fixes included. |
| 2012-11-28/a> | Mark Hofman | McAfee releases extraDAT for W32/Autorun.worm.aaeb-h |
| 2012-11-27/a> | Chris Mohan | Can users' phish emails be a security admin's catch of the day? |
| 2012-11-26/a> | John Bambenek | Online Shopping for the Holidays? Tips, News and a Fair Warning |
| 2012-11-23/a> | Rob VandenBrink | Risk Assessment Reloaded (thanks PCI ! ) |
| 2012-11-23/a> | Rob VandenBrink | What's in Your Change Control Form? |
| 2012-11-22/a> | Kevin Liston | Greek National Arrested on Suspicion of Theft of 9M Records on Fellow Greeks |
| 2012-11-20/a> | John Bambenek | Behind the Random NTP Bizarreness of Incorrect Year Being Set |
| 2012-11-20/a> | John Bambenek | Firefox v 17.0 just released, more here: http://www.mozilla.org/en-US/firefox/17.0/releasenotes/ |
| 2012-11-19/a> | John Bambenek | MoneyGram fined $100 million for aiding wire fraud - http://krebsonsecurity.com/2012/11/moneygram-fined-100-million-for-wire-fraud/ |
| 2012-11-19/a> | John Bambenek | New Poll: Top 5 Unresolved Security Problems of 2012 |
| 2012-11-18/a> | Guy Bruneau | FreeBSD Project Servers Compromised - http://www.freebsd.org/news/2012-compromise.html |
| 2012-11-17/a> | Manuel Humberto Santander Pelaez | New Sysinternal Updates: AdExplorer v1.44, Contig v1.7, Coreinfo v3.2, Procdump v5.1. See http://blogs.technet.com/b/sysinternals/archive/2012/11/16/updates-adexplorer-v1-44-contig-v1-7-coreinfo-v3-2-procdump-v5-1.aspx?Redirected=true |
| 2012-11-16/a> | Guy Bruneau | VMware security updates for vSphere API and ESX Service Console - http://www.vmware.com/security/advisories/VMSA-2012-0016.html |
| 2012-11-15/a> | Jim Clausing | Another month another password disclosure breach |
| 2012-11-14/a> | Jim Clausing | Skype account hijack vulnerability fixed |
| 2012-11-13/a> | Jim Clausing | Microsoft November 2012 Black Tuesday Update - Overview |
| 2012-11-12/a> | John Bambenek | Request for info: Robocall Phishing Against Local/Regional Banks |
| 2012-11-09/a> | Mark Baggett | Remote Diagnostics with PSR |
| 2012-11-09/a> | Mark Baggett | Fresh batch of Microsoft patches next week |
| 2012-11-08/a> | Daniel Wesemann | Adobe Patches |
| 2012-11-07/a> | Mark Baggett | Help eliminate unquoted path vulnerabilities |
| 2012-11-07/a> | Mark Baggett | Multiple 0-Days Reported! |
| 2012-11-07/a> | Mark Baggett | Cisco TACACS+ Authentication Bypass |
| 2012-11-05/a> | Johannes Ullrich | Reminder: Ongoing SMTP Brute Forcing Attacks |
| 2012-11-05/a> | Johannes Ullrich | Possible Fake-AV Ads from Doubleclick Servers |
| 2012-11-04/a> | Lorna Hutcheson | What's important on your network? |
| 2012-11-02/a> | Daniel Wesemann | The shortcomings of anti-virus software |
| 2012-11-02/a> | Daniel Wesemann | Lamiabiocasa |
| 2012-11-01/a> | Daniel Wesemann | Patched your Java yet? |
| 2012-10-31/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 31 - Business Continuity and Disaster Recovery |
| 2012-10-30/a> | Mark Hofman | Cyber Security Awareness Month - Day 30 - DSD 35 mitigating controls |
| 2012-10-30/a> | Johannes Ullrich | Hurricane Sandy Update |
| 2012-10-30/a> | Richard Porter | Splunk 5.0 SP-CAAAHB4 http://www.splunk.com/view/SP-CAAAHB4 |
| 2012-10-29/a> | Kevin Shortt | Cyber Security Awareness Month - Day 29 - Clear Desk: The Unacquainted Standard |
| 2012-10-28/a> | Tony Carothers | Firefox 16.02 Released |
| 2012-10-26/a> | Adam Swanger | Securing the Human Special Webcast - October 30, 2012 |
| 2012-10-26/a> | Russ McRee | Cyber Security Awareness Month - Day 26 - Attackers use trusted domain to propagate Citadel Zeus variant |
| 2012-10-25/a> | Richard Porter | Cyber Security Awareness Month - Day 25 - Pro Audio & Video Packets on the Wire |
| 2012-10-24/a> | Rob VandenBrink | Time to run Windows Update - - Microsoft Updates KB2755801 for Windows RT / IE10 / Flash Player - http://technet.microsoft.com/en-us/security/advisory/2755801 |
| 2012-10-24/a> | Russ McRee | Cyber Security Awareness Month - Day 24 - A Standard for Information Security Incident Management - ISO 27035 |
| 2012-10-24/a> | Russ McRee | Ongoing Windstream outage in the midwest - https://twitter.com/search?q=windstream |
| 2012-10-23/a> | Rob VandenBrink | Cyber Security Awareness Month - Day 23: Character Encoding Standards - ASCII and Successors |
| 2012-10-21/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 22: Connectors |
| 2012-10-21/a> | Lorna Hutcheson | Potential Phish for Regular Webmail Accounts |
| 2012-10-19/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 19: Standard log formats and CEE. |
| 2012-10-18/a> | Rob VandenBrink | Another Java update! Java SE 1.6.0_37 Available ==> http://www.oracle.com/technetwork/java/javase/releasenotes-136954.html |
| 2012-10-18/a> | Rob VandenBrink | Cyber Security Awareness Month - Day 18 - Vendor Standards: The vSphere Hardening Guide |
| 2012-10-17/a> | Mark Hofman | Oracle Critical Patch Update October |
| 2012-10-17/a> | Mark Hofman | New Acrobat release (including reader) available. Version 11. Some security improvements more here -->http://blogs.adobe.com/adobereader/ |
| 2012-10-17/a> | Rob VandenBrink | Time to update - Java version 7 update 9 (JRE 7u9, JDK 7u9) is out! Release notes here - http://www.oracle.com/technetwork/java/javase/7u9-relnotes-1863279.html |
| 2012-10-17/a> | Rob VandenBrink | Cyber Security Awareness Month - Day 17 - A Standard for Risk Management - ISO 27005 |
| 2012-10-16/a> | Richard Porter | CyberAwareness Month - Day 15, Standards Body Soup (pt2), Same Soup Different Cook. |
| 2012-10-16/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 16: W3C and HTML |
| 2012-10-14/a> | Pedro Bueno | Cyber Security Awareness Month - Day 14 - Poor Man's File Analysis System - Part 1 |
| 2012-10-13/a> | Guy Bruneau | New Poll - Cyber Security Awareness Month Activities 2012 - https://isc.sans.edu/poll.html |
| 2012-10-12/a> | Mark Hofman | Cyber Security Awareness Month - Day 12 PCI DSS |
| 2012-10-11/a> | Rob VandenBrink | Firefox 16 / Thunderbird 16 updates |
| 2012-10-11/a> | Rob VandenBrink | Cyber Security Awareness Month - Day 11 - Vendor Agnostic Standards (Center for Internet Security) |
| 2012-10-10/a> | Kevin Shortt | Facebook Scam Spam |
| 2012-10-10/a> | Kevin Shortt | Cyber Security Awareness Month - Day 10 - Standard Sudo - Part Two |
| 2012-10-09/a> | Johannes Ullrich | Adobe Flash Player update http://www.adobe.com/support/security/bulletins/apsb12-22.html |
| 2012-10-09/a> | Johannes Ullrich | Cyber Security Awreness Month - Day 9 - Request for Comment (RFC) |
| 2012-10-09/a> | Johannes Ullrich | Microsoft October 2012 Black Tuesday Update - Overview |
| 2012-10-08/a> | Mark Hofman | Cyber Security Awareness Month - Day 8 ISO 27001 |
| 2012-10-07/a> | Tony Carothers | Cyber Security Awareness Month - Day 7 - Rollup Review of CSAM Week 1 |
| 2012-10-06/a> | Manuel Humberto Santander Pelaez | Cyber Security Awareness Month - Day 6 - NERC: The standard that enforces security on power SCADA |
| 2012-10-05/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 5: Standards Body Soup, So many Flavors in the bowl. |
| 2012-10-05/a> | Richard Porter | VMWare Security Advisory: VMSA-2012-0014 - http://www.vmware.com/security/advisories/VMSA-2012-0014.html |
| 2012-10-05/a> | Adam Swanger | ISC Feature of the Week: Report Fake Tech Support Call Statistics |
| 2012-10-05/a> | Richard Porter | Reports of a Distributed Injection Scan |
| 2012-10-04/a> | Mark Hofman | And the SHA-3 title goes to .....Keccak |
| 2012-10-04/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 4: Crypto Standards |
| 2012-10-04/a> | Johannes Ullrich | Microsoft October Patch Pre-Announcement |
| 2012-10-03/a> | Kevin Shortt | Fake Support Calls Reported |
| 2012-10-03/a> | Kevin Shortt | Cyber Security Awareness Month - Day 3 - Standard Sudo - Part One |
| 2012-10-02/a> | Russ McRee | Cyber Security Awareness Month - Day 2 - PCI Security Standard: Mobile Payment Acceptance Security Guidelines |
| 2012-10-01/a> | Johannes Ullrich | Cyber Security Awareness Month |
| 2012-09-28/a> | Joel Esler | Adobe certification revocation for October 4th |
| 2012-09-27/a> | Adam Swanger | ISC Feature of the Week: Glossary |
| 2012-09-27/a> | Kevin Shortt | Cisco IOS Security Advisory Bundle - http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep12.html |
| 2012-09-26/a> | Johannes Ullrich | Some Android phones can be reset to factory default by clicking on links |
| 2012-09-26/a> | Johannes Ullrich | More Java Woes |
| 2012-09-23/a> | Tony Carothers | Update for CVE-2012-3132 |
| 2012-09-21/a> | Johannes Ullrich | iOS 6 Security Roundup |
| 2012-09-21/a> | Guy Bruneau | Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10 (2755801) |
| 2012-09-21/a> | Guy Bruneau | Storing your Collection of Malware Samples with Malwarehouse |
| 2012-09-20/a> | Russ McRee | Flash Player update but no announcement, check your version http://www.adobe.com/software/flash/about/ |
| 2012-09-20/a> | Russ McRee | Apple and Cisco Security Advisories 19 SEP 2012 |
| 2012-09-20/a> | Russ McRee | Financial sector advisory: attacks and threats against financial institutions |
| 2012-09-19/a> | Russ McRee | Script kiddie scavenging with Shellbot.S |
| 2012-09-19/a> | Kevin Liston | Volatility: 2.2 is Coming Soon |
| 2012-09-17/a> | Rob VandenBrink | IE Zero Day is "For Real" |
| 2012-09-17/a> | Rob VandenBrink | What's on your iPad? |
| 2012-09-14/a> | Lenny Zeltser | Scam Report - Fake Voice Mail Email Notification Redirects to Malicious Site |
| 2012-09-14/a> | Adam Swanger | ISC Feature of the Week: Privacy Policy |
| 2012-09-14/a> | Lenny Zeltser | Analyzing Malicious RTF Files Using OfficeMalScanner's RTFScan |
| 2012-09-13/a> | Mark Baggett | TCP Fuzzing with Scapy |
| 2012-09-13/a> | Mark Baggett | Microsoft disrupts traffic associated with the Nitol botnet |
| 2012-09-13/a> | Mark Baggett | More SSL trouble |
| 2012-09-11/a> | Adam Swanger | Microsoft September 2012 Black Tuesday Update - Overview |
| 2012-09-10/a> | Johannes Ullrich | Microsoft Patch Tuesday Pre-Release |
| 2012-09-10/a> | Johannes Ullrich | Godaddy DDoS Attack |
| 2012-09-10/a> | donald smith | Blue Toad publishing co compromise lead to UDID release. http://redtape.nbcnews.com/_news/2012/09/10/13781440-exclusive-the-real-source-of-apple-device-ids-leaked-by-anonymous-last-week?lite |
| 2012-09-09/a> | Guy Bruneau | Phishing/Spam Pretending to be from BBB |
| 2012-09-08/a> | Guy Bruneau | Webmin Input Validation Vulnerabilities |
| 2012-09-07/a> | Chris Mohan | Keeping an eye on those BYODs with DHCP |
| 2012-09-06/a> | Johannes Ullrich | SSL Requests sent to port 80 (request for help/input) |
| 2012-09-05/a> | Rob VandenBrink | Auditing a Network for VOIP Call Quality Metrics |
| 2012-09-04/a> | Johannes Ullrich | Another round of "Spot the Exploit E-Mail" |
| 2012-09-02/a> | Lorna Hutcheson | Demonstrating the value of your Intrusion Detection Program and Analysts |
| 2012-09-01/a> | Russ McRee | Blackhole targeting Java vulnerability via fake Microsoft Services Agreement email phish |
| 2012-08-31/a> | Johannes Ullrich | VMware Updates |
| 2012-08-31/a> | Russ McRee | Not so fast: Java 7 Update 7 critical vulnerability discovered in less than 24 hours |
| 2012-08-30/a> | Bojan Zdrnja | Analyzing outgoing network traffic (part 2) |
| 2012-08-30/a> | Johannes Ullrich | Editorial: The Slumlord Approach to Network Security http://isc.sans.edu/j/editorial |
| 2012-08-29/a> | Johannes Ullrich | "Data" URLs used for in-URL phishing |
| 2012-08-27/a> | Johannes Ullrich | The Good, Bad and Ugly about Assigning IPv6 Addresses |
| 2012-08-27/a> | Johannes Ullrich | Malware Spam harvesting Facebook Information |
| 2012-08-27/a> | Kevin Liston | Quick Bits about Today's Java 0-Day |
| 2012-08-26/a> | Lorna Hutcheson | Who ya gonna contact? |
| 2012-08-23/a> | Bojan Zdrnja | Analyzing outgoing network traffic |
| 2012-08-23/a> | Adam Swanger | ISC Feature of the Week: Contact Us |
| 2012-08-22/a> | Adrien de Beaupre | Apple Remote Desktop update fixes no encryption issue |
| 2012-08-22/a> | Adrien de Beaupre | Phishing/spam via SMS |
| 2012-08-21/a> | Adrien de Beaupre | YYABCAFU - Yes Yet Another Bleeping Critical Adobe Flash Update |
| 2012-08-21/a> | Adrien de Beaupre | RuggedCom fails key management 101 on Rugged Operating System (ROS) |
| 2012-08-20/a> | Manuel Humberto Santander Pelaez | Do we need test procedures in our companies before implementing Antivirus signatures? |
| 2012-08-19/a> | Manuel Humberto Santander Pelaez | Authentication Issues between entities during protocol message exchange in SCADA Systems |
| 2012-08-17/a> | Guy Bruneau | Suspicious eFax Spear Phishing Messages |
| 2012-08-16/a> | Johannes Ullrich | A Poor Man's DNS Anomaly Detection Script |
| 2012-08-15/a> | Guy Bruneau | Wireshark Security Update |
| 2012-08-14/a> | Rick Wanner | Backtrack 5 r3 released - http://www.backtrack-linux.org/downloads/ |
| 2012-08-14/a> | Rick Wanner | Microsoft August 2012 Black Tuesday Update - Overview |
| 2012-08-14/a> | Rick Wanner | Adobe Security Bulletins - http://blogs.adobe.com/psirt/2012/08/adobe-security-bulletins-posted-2.html |
| 2012-08-13/a> | Rick Wanner | Interesting scan for medical certification information... |
| 2012-08-12/a> | Tony Carothers | Layers of the Defense-in-Depth Onion |
| 2012-08-12/a> | Tony Carothers | Oracle Security Alert for CVE-2012-3132 |
| 2012-08-10/a> | Adam Swanger | ISC Feature of the Week: Report Fake Tech Support Calls |
| 2012-08-09/a> | Mark Hofman | Zeus/Citadel variant causing issues in the Netherlands |
| 2012-08-09/a> | Mark Hofman | SQL Injection Lilupophilupop style, Part 2 |
| 2012-08-08/a> | Adrien de Beaupre | snort updated to 2.9.3.1 Changelog: http://www.snort.org/downloads/1837 |
| 2012-08-07/a> | Adrien de Beaupre | Who protects small business? |
| 2012-08-05/a> | Daniel Wesemann | Phishing for Payroll with unpatched Java |
| 2012-08-04/a> | Adam Swanger | ISC Feature of the Week: Handler Select News Feed |
| 2012-08-04/a> | Kevin Liston | Vendors: More Patch-Release Options Please |
| 2012-08-03/a> | Guy Bruneau | Flash Player 11.3.300.270 for Windows released to address a crash - http://forums.adobe.com/message/4594596#4594596 |
| 2012-08-02/a> | Guy Bruneau | Opera Security Update |
| 2012-07-30/a> | Guy Bruneau | End of Days for MS-CHAPv2 |
| 2012-07-27/a> | Daniel Wesemann | Cuckoo 0.4 is out - cool new features for malware analysis http://www.cuckoosandbox.org/ |
| 2012-07-26/a> | Adam Swanger | ISC Feature of the Week: The 404Project - now with IP Mask |
| 2012-07-25/a> | Johannes Ullrich | Apple OS X 10.8 (Mountain Lion) released |
| 2012-07-25/a> | Johannes Ullrich | Apple Releases Safari 6 |
| 2012-07-25/a> | Johannes Ullrich | Microsoft Exchange/Sharepoint and others: Oracle Outside In Vulnerability |
| 2012-07-24/a> | Richard Porter | Wireshark 1.8.1 Released http://www.wireshark.org/ |
| 2012-07-24/a> | Richard Porter | Report of spike in DNS Queries gd21.net |
| 2012-07-23/a> | Johannes Ullrich | Most Anti-Privacy Web Browsing Tool Ever? |
| 2012-07-21/a> | Rick Wanner | OpenDNS is looking for a few good malware people! |
| 2012-07-20/a> | Mark Baggett | Syria Internet connection cut? |
| 2012-07-19/a> | Mark Baggett | A Heap of Overflows? |
| 2012-07-19/a> | Mark Baggett | Diagnosing Malware with Resource Monitor |
| 2012-07-18/a> | Rob VandenBrink | Snort Updated today |
| 2012-07-18/a> | Rob VandenBrink | Vote NO to Weak Keys! |
| 2012-07-18/a> | Rob VandenBrink | Vote NO to Weak Encryption! |
| 2012-07-16/a> | Richard Porter | Sysinternals Update @ http://blogs.technet.com/b/sysinternals/archive/2012/07/16/updates-handle-v3-5-process-explorer-v15-22-process-monitor-v3-03-rammap-v1-21-zoomit-v4-3.aspx |
| 2012-07-16/a> | Jim Clausing | An analysis of the Yahoo! passwords |
| 2012-07-15/a> | Guy Bruneau | Oracle July 2012 Critical Patch Pre-Release Announcement |
| 2012-07-14/a> | Tony Carothers | User Awareness and Education |
| 2012-07-13/a> | Richard Porter | Yesterday (not as on the ball as Rob) at SANSFire |
| 2012-07-13/a> | Russ McRee | 2 for 1: SANSFIRE & MSRA presentations |
| 2012-07-13/a> | Russ McRee | VMWare Security Advisory 12 JUL 2012 |
| 2012-07-13/a> | Russ McRee | Yahoo service SQL injection vuln leads to account exposure |
| 2012-07-12/a> | Rick Wanner | Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-cts |
| 2012-07-12/a> | Rick Wanner | Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Manager - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctsman |
| 2012-07-12/a> | Rob VandenBrink | Today at SANSFIRE - Dude Your Car is PWND ! |
| 2012-07-12/a> | Adam Swanger | ISC Feature of the Week: Internet Storm Center Events |
| 2012-07-12/a> | Rick Wanner | Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctms |
| 2012-07-12/a> | Rick Wanner | Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Recording Server - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctrs |
| 2012-07-11/a> | Rick Wanner | Excellent Security Education Resources |
| 2012-07-10/a> | Swa Frantzen | Microsoft July 2012 Black Tuesday Update - Overview |
| 2012-07-10/a> | Rob VandenBrink | Today at SANSFIRE (09 July 2012) - ISC Panel Discussion on the State of the Internet |
| 2012-07-10/a> | Swa Frantzen | Microsoft revoking trust in Microsoft certificates - SA 2728973 |
| 2012-07-10/a> | Swa Frantzen | Microsoft fix-it to disable gadgets - SA 2719662 |
| 2012-07-09/a> | Johannes Ullrich | The FBI will turn off the Internet on Monday (or not) |
| 2012-07-09/a> | Manuel Humberto Santander Pelaez | Internet Storm Center panel tonight at SANSFIRE 2012! |
| 2012-07-05/a> | Adrien de Beaupre | New OS X trojan backdoor MaControl variant reported |
| 2012-07-05/a> | Adrien de Beaupre | Microsoft advanced notification for July 2012 patch Tuesday |
| 2012-07-02/a> | Joel Esler | A rough guide to keeping your website up |
| 2012-07-02/a> | Dan Goldberg | Storms of June 29th 2012 in Mid Atlantic region of the USA |
| 2012-07-02/a> | Joel Esler | Linux & Java leap second bug |
| 2012-06-29/a> | Jim Clausing | Updated SysInternals tools - Autoruns, Process Explorer, Process Monitor, PSKill -- http://blogs.technet.com/b/sysinternals/archive/2012/06/28/updates-autoruns-v11-32-process-explorer-v15-21-process-monitor-v3-02-pskill-v1-15-rammap-v1-2.aspx |
| 2012-06-28/a> | Adam Swanger | ISC Feature of the Week: About the Internet Storm Center |
| 2012-06-28/a> | Chris Mohan | Massive spike in BGP traffic - Possible BGP poisoning? |
| 2012-06-27/a> | Daniel Wesemann | What's up with port 79 ? |
| 2012-06-27/a> | Swa Frantzen | Online Banking Heists |
| 2012-06-26/a> | Daniel Wesemann | Run, Forest! (Update) |
| 2012-06-25/a> | Rick Wanner | Targeted Malware for Industrial Espionage? |
| 2012-06-25/a> | Guy Bruneau | Issues with Windows Update Agent |
| 2012-06-25/a> | Swa Frantzen | Belgian online banking customers hacked. |
| 2012-06-25/a> | Guy Bruneau | Using JSDetox to Analyze and Deobfuscate Javascript |
| 2012-06-24/a> | Rick Wanner | nmap 6.01 released - http://nmap.org/download.html |
| 2012-06-22/a> | Kevin Liston | Updated Poll: Which Patch Delivery Schedule Works the Best for You? |
| 2012-06-22/a> | Adam Swanger | ISC Feature of the Week: Tools->ISC At-A-Glance |
| 2012-06-22/a> | Daniel Wesemann | Run, Forest! |
| 2012-06-21/a> | Russ McRee | Cisco Security Advisories 20 JUN 2012 |
| 2012-06-21/a> | Raul Siles | Print Bomb? (Take 2) |
| 2012-06-21/a> | Russ McRee | Analysis of drive-by attack sample set |
| 2012-06-21/a> | Russ McRee | Wireshark 1.8.0 released 21 JUN 2012 http://www.wireshark.org/download.html |
| 2012-06-20/a> | Raul Siles | Firefox 13.0.1 Update |
| 2012-06-20/a> | Raul Siles | CVE-2012-0217 (from MS12-042) applies to other environments too |
| 2012-06-19/a> | Daniel Wesemann | Vulnerabilityqueerprocessbrittleness |
| 2012-06-18/a> | Guy Bruneau | CVE-2012-1875 exploit is now available |
| 2012-06-15/a> | Johannes Ullrich | Authenticating E-Mail |
| 2012-06-14/a> | Johannes Ullrich | VMWare Security Advisories |
| 2012-06-13/a> | Johannes Ullrich | ICANN "Reveal Day" Lists new TLD Applications |
| 2012-06-13/a> | Johannes Ullrich | Microsoft Certificate Updater |
| 2012-06-12/a> | Scott Fendley | Apple iTunes Security Update |
| 2012-06-12/a> | Swa Frantzen | Adobe June 2012 Black Tuesday patches |
| 2012-06-12/a> | Swa Frantzen | Microsoft June 2012 Black Tuesday Update - Overview |
| 2012-06-12/a> | Swa Frantzen | Java 7u5 and 6u33 released |
| 2012-06-11/a> | Johannes Ullrich | Microsoft Update Security |
| 2012-06-07/a> | Johannes Ullrich | Microsoft June Security Bulletin Advance Notification |
| 2012-06-06/a> | Jim Clausing | Firefox, Thunderbird, and Seamonkey Security Updates |
| 2012-06-06/a> | Jim Clausing | Potential leak of 6.5+ million LinkedIn password hashes |
| 2012-06-05/a> | Adam Swanger | ISC Feature of the Week: IPv6 Preparedness and Tools |
| 2012-06-04/a> | Lenny Zeltser | Decoding Common XOR Obfuscation in Malicious Code |
| 2012-06-04/a> | Rob VandenBrink | vSphere 5.0 Hardening Guide Officially Released |
| 2012-06-04/a> | Johannes Ullrich | Microsoft Emergency Bulletin: Unauthorized Certificate used in "Flame" |
| 2012-06-01/a> | Johannes Ullrich | Apple Releases iOS Security Specs |
| 2012-06-01/a> | Johannes Ullrich | What Does "IPv6 Day" mean to you? |
| 2012-06-01/a> | Adam Swanger | ISC Feature of the Week: Country and Region Report |
| 2012-05-31/a> | Johannes Ullrich | SCADA@Home: Your health is no secret no more! |
| 2012-05-31/a> | Johannes Ullrich | NASA Man-in-the-Middle Attack: Why you should use proper SSL Certificates |
| 2012-05-31/a> | Johannes Ullrich | Why Flame is Lame |
| 2012-05-30/a> | Rob VandenBrink | Too Big to Fail / Too Big to Learn? |
| 2012-05-30/a> | Rob VandenBrink | What's in Your Lab? |
| 2012-05-25/a> | Guy Bruneau | Apple PGP Product Security key update - https://www.apple.com/support/security/pgp/ |
| 2012-05-25/a> | Guy Bruneau | Google Publish Transparency Report |
| 2012-05-25/a> | Guy Bruneau | Technical Analysis of Flash Player CVE-2012-0779 |
| 2012-05-25/a> | Guy Bruneau | VMware vMA Security Advisory VMSA-2012-0010 - http://www.vmware.com/security/advisories/VMSA-2012-0010.html |
| 2012-05-24/a> | Adam Swanger | ISC Feature of the Week: Country Report |
| 2012-05-23/a> | Mark Baggett | IP Fragmentation Attacks |
| 2012-05-23/a> | Mark Baggett | Problems with MS12-035 affecting XP, SBS and Windows 2003? |
| 2012-05-22/a> | Johannes Ullrich | nmap 6 released |
| 2012-05-22/a> | Johannes Ullrich | The "Do Not Track" header |
| 2012-05-22/a> | Johannes Ullrich | When factors collapse and two factor authentication becomes one. |
| 2012-05-21/a> | Kevin Shortt | DNS ANY Request Cannon - Need More Packets |
| 2012-05-18/a> | Johannes Ullrich | ZTE Score M Android Phone backdoor |
| 2012-05-17/a> | Johannes Ullrich | Do Firewalls make sense? |
| 2012-05-17/a> | Johannes Ullrich | New IPv6 Video: IPv6 Router Advertisements https://isc.sans.edu/ipv6videos |
| 2012-05-17/a> | Adam Swanger | ISC Feature of the Week: Tools->Information Gathering |
| 2012-05-16/a> | Johannes Ullrich | Reserved IP Address Space Reminder |
| 2012-05-16/a> | Johannes Ullrich | Avira Antivirus false positives http://forum.avira.com/wbb/index.php?page=Thread&threadID=144875 |
| 2012-05-14/a> | Chris Mohan | Laptops at Security Conferences |
| 2012-05-14/a> | Mark Hofman | Got packets? Interested in TCP/8909, TCP/6666, TCP/9415, TCP/27977 and UDP/7 |
| 2012-05-12/a> | Tony Carothers | Adobe Update to Vulnerabilities |
| 2012-05-11/a> | Adam Swanger | ISC Feature of the Week: Link List |
| 2012-05-10/a> | Kevin Shortt | Safari 5.1.7 - an interesting feature |
| 2012-05-08/a> | Bojan Zdrnja | Windows Firewall Bypass Vulnerability and NetBIOS NS |
| 2012-05-08/a> | Adam Swanger | Microsoft May 2012 Black Tuesday Update - Overview |
| 2012-05-07/a> | Guy Bruneau | iOS 5.1.1 Software Update for iPod, iPhone, iPad |
| 2012-05-05/a> | Tony Carothers | Vulnerability Assessment Program - Discussions |
| 2012-05-05/a> | Tony Carothers | Vulnerability Exploit for Snow Leopard |
| 2012-05-04/a> | Adam Swanger | ISC Feature of the Week: Data/Reports |
| 2012-05-04/a> | Guy Bruneau | Adobe Security Flash Update |
| 2012-05-03/a> | Guy Bruneau | VMware Critical Security Issues Advisory - http://www.vmware.com/security/advisories/VMSA-2012-0009.html |
| 2012-05-02/a> | Bojan Zdrnja | Monitoring VMWare logs |
| 2012-04-30/a> | Rob VandenBrink | FCC posts Enquiry Documents on Google Wardriving |
| 2012-04-30/a> | Rob VandenBrink | Patch for Oracle TNS Listener issue released ! |
| 2012-04-27/a> | Johannes Ullrich | Critical Unpatched Oracle Vulnerability |
| 2012-04-27/a> | Adam Swanger | ISC Feature of the Week: Handler Created Tools |
| 2012-04-26/a> | Richard Porter | Define Irony: A medical device with a Virus? |
| 2012-04-26/a> | Richard Porter | Packetstorm Security and Metasploit have Exploit code for MS12-027 |
| 2012-04-25/a> | Daniel Wesemann | Blacole's obfuscated JavaScript |
| 2012-04-25/a> | Daniel Wesemann | Blacole's shell code |
| 2012-04-23/a> | Russ McRee | Emergency Operations Centers & Security Incident Management: A Correlation |
| 2012-04-21/a> | Guy Bruneau | WordPress Release Security Update |
| 2012-04-18/a> | Kevin Shortt | Sysinternals Updates - 2012 Apr 17 |
| 2012-04-18/a> | Kevin Shortt | Oracle Critical Patch Update Advisory - April 2012: http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html |
| 2012-04-18/a> | Adam Swanger | ISC Feature of the Week: Suspicious Domains |
| 2012-04-16/a> | Mark Baggett | Challenge: What can you do with Funky Directory Names (Part 2) |
| 2012-04-16/a> | Mark Baggett | McAfee DAT troubles |
| 2012-04-15/a> | Rick Wanner | .Net update affects printing from some applications |
| 2012-04-14/a> | Rick Wanner | Flashback Trojan Removal Tool Released |
| 2012-04-13/a> | Daniel Wesemann | VMware ESX/ESXi privilege escalation vuln. advisory: http://www.vmware.com/security/advisories/VMSA-2012-0007.html |
| 2012-04-13/a> | Daniel Wesemann | Oracle CPU Patches announced for Apr 17 |
| 2012-04-13/a> | Adam Swanger | ISC Feature of the Week: Get to know the Handlers |
| 2012-04-13/a> | Daniel Wesemann | Anti-virus scanning exclusions |
| 2012-04-12/a> | Guy Bruneau | HP ProCurve 5400 zl Switch, Flash Cards Infected with Malware |
| 2012-04-12/a> | Guy Bruneau | wicd Privilege Escalation 0day exploit for Backtrack 5 R2 |
| 2012-04-12/a> | Guy Bruneau | Apple Java Updates for Mac OS X |
| 2012-04-11/a> | Mark Baggett | Challenge: What can you do with funky directory names? |
| 2012-04-10/a> | Swa Frantzen | Windows Vista RIP |
| 2012-04-10/a> | Swa Frantzen | Microsoft April 2012 Black Tuesday Update - Overview |
| 2012-04-10/a> | Swa Frantzen | Adobe April 2012 Black Tuesday Update |
| 2012-04-10/a> | Swa Frantzen | SAMBA "root" credential remote code execution. |
| 2012-04-06/a> | Johannes Ullrich | Social Share Privacy |
| 2012-04-06/a> | Johannes Ullrich | Another OS X Java Patch |
| 2012-04-06/a> | Johannes Ullrich | Microsoft April Patch Tuesday Pre-Announcement (6 Patches): http://technet.microsoft.com/en-us/security/bulletin/ms12-apr |
| 2012-04-06/a> | Johannes Ullrich | Adobe Patch Tuesday Prerelease (Reader/Acrobat) http://www.adobe.com/support/security/bulletins/apsb12-08.html |
| 2012-04-05/a> | Johannes Ullrich | Evil hides everywhere: Web Application Exploits in Headers |
| 2012-04-04/a> | Adam Swanger | ISC Feature of the Week: Diary/Infocon/Event Notifications |
| 2012-04-02/a> | Johannes Ullrich | SHA 1-2-3 |
| 2012-03-30/a> | Daniel Wesemann | Fake tech reps calling |
| 2012-03-28/a> | Kevin Shortt | Adobe Flash Player APSB12-07 - 28 March 2012 |
| 2012-03-27/a> | Johannes Ullrich | Firefox 3.6 EOL |
| 2012-03-27/a> | Adam Swanger | ISC Feature of the Week: ISC Poll |
| 2012-03-27/a> | Guy Bruneau | Wireshark 1.6.6 and 1.4.2 Released |
| 2012-03-27/a> | Guy Bruneau | Opera 11.62 for Windows patch several bugs and vulnerabilities - http://www.opera.com/docs/changelogs/windows/1162/ |
| 2012-03-25/a> | Daniel Wesemann | evilcode.class |
| 2012-03-21/a> | Johannes Ullrich | Virus Bulletin Spam Filter Test |
| 2012-03-21/a> | Adam Swanger | ISC Feature of the Week: Presentations and Papers |
| 2012-03-20/a> | Johannes Ullrich | A Reminder: Private Key Security |
| 2012-03-16/a> | Guy Bruneau | VMware New and Updated Security Advisories |
| 2012-03-16/a> | Russ McRee | MS12-020 RDP vulnerabilities: Patch, Mitigate, Detect |
| 2012-03-15/a> | Adam Swanger | ISC Feature of the Week: Infocon |
| 2012-03-13/a> | Lenny Zeltser | March 2012 Microsoft Black Tuesday |
| 2012-03-13/a> | Lenny Zeltser | Please transfer this email to your CEO or appropriate person, thanks |
| 2012-03-12/a> | Johannes Ullrich | Apple Released Safari 5.1.4 |
| 2012-03-12/a> | Guy Bruneau | OpenSSL Security Update |
| 2012-03-11/a> | Johannes Ullrich | An Analysis of Jester's QR Code Attack. (Guest Diary) |
| 2012-03-09/a> | Guy Bruneau | VMware New and Updated Advisories |
| 2012-03-09/a> | Guy Bruneau | Nmap 5.61TEST5 released with 43 new scripts,improved OS & version detection, and more available for download - http://nmap.org/download.html |
| 2012-03-08/a> | Johannes Ullrich | Apple Patches |
| 2012-03-08/a> | Johannes Ullrich | Microsoft March Patch Tuesday Pre-Anouncement out. 6 patches, 1 critical: http://technet.microsoft.com/en-us/security/bulletin/ms12-mar |
| 2012-03-06/a> | Mark Hofman | Websense posted a small article relating to mass injection into wordpress sites (thanks Chris) More info Here --> http://community.websense.com/blogs/securitylabs/archive/2012/03/05/mass-injection-of-wordpress-sites.aspx |
| 2012-03-06/a> | Adam Swanger | ISC Feature of the Week: Follow us on Twitter |
| 2012-03-05/a> | Johannes Ullrich | Flashback Malware now with Twitter C&C |
| 2012-03-05/a> | Johannes Ullrich | Adobe Flash Player Security Update |
| 2012-03-03/a> | Jim Clausing | New automated sandbox for Android malware |
| 2012-03-01/a> | Bojan Zdrnja | Monitoring Remote Desktop Services logs ... or not? |
| 2012-02-29/a> | Johannes Ullrich | COX Network Outage |
| 2012-02-29/a> | Adam Swanger | ISC Feature of the Week: 404Project Reports |
| 2012-02-29/a> | Russ McRee | Cisco Security Advisories - 29FEB2011 |
| 2012-02-27/a> | Johannes Ullrich | Odd Vanishing Signatures in OS X XProtect |
| 2012-02-24/a> | Guy Bruneau | Flashback Trojan in the Wild |
| 2012-02-24/a> | Guy Bruneau | BlackBerry PlayBook tablet Samba file sharing Vulnerability - http://www.blackberry.com/btsc/KB29565 |
| 2012-02-23/a> | donald smith | DNS-Changer "clean DNS" extension requested |
| 2012-02-22/a> | Johannes Ullrich | How to test OS X Mountain Lion's Gatekeeper in Lion |
| 2012-02-22/a> | Johannes Ullrich | Apache 2.4 Features |
| 2012-02-22/a> | Adam Swanger | ISC Feature of the Week: Handler Diaries |
| 2012-02-20/a> | Johannes Ullrich | The Ultimate OS X Hardening Guide Collection |
| 2012-02-20/a> | Pedro Bueno | Simple Malware Research Tools |
| 2012-02-20/a> | Rick Wanner | DNSChanger resolver shutdown deadline is March 8th |
| 2012-02-17/a> | Mark Hofman | Intersting Facebook SPAM |
| 2012-02-16/a> | Johannes Ullrich | Adobe Flash Player Update |
| 2012-02-16/a> | Tony Carothers | Java Update for February |
| 2012-02-15/a> | Adam Swanger | ISC Feature of the Week: XML Feeds |
| 2012-02-14/a> | Johannes Ullrich | Adobe Shockwave Player and RoboHelp for Word Patches |
| 2012-02-14/a> | Johannes Ullrich | February 2012 Microsoft Black Tuesday |
| 2012-02-08/a> | Jim Clausing | Chrome to stop checking Certificate Revocation List (CRL)? |
| 2012-02-07/a> | Adam Swanger | ISC Feature of the Week: Security Dashboard |
| 2012-02-07/a> | Jim Clausing | Book Review: Practical Packet Analysis, 2nd ed |
| 2012-02-07/a> | Johannes Ullrich | Secure E-Mail Access |
| 2012-02-04/a> | Scott Fendley | Apple Security Advisory 2012-001 v1.1 |
| 2012-02-01/a> | Adam Swanger | ISC Feature of the Week: ISC Search |
| 2012-02-01/a> | Russ McRee | Oracle Security Alert: http://www.oracle.com/technetwork/topics/security/alert-cve-2011-5035-1506603.html |
| 2012-01-31/a> | Russ McRee | OSINT tactics: parsing from FOCA for Maltego |
| 2012-01-31/a> | Russ McRee | Firefox 10 and VMWare advisories and updates |
| 2012-01-25/a> | Adam Swanger | ISC Feature of the Week: ISC Link Back |
| 2012-01-25/a> | Bojan Zdrnja | pcAnywhere users – patch now! |
| 2012-01-22/a> | Johannes Ullrich | Javascript DDoS Tool Analysis |
| 2012-01-22/a> | Lorna Hutcheson | Mailbag - "Attacks" |
| 2012-01-18/a> | Adam Swanger | ISC Feature of the Week: The 404Project |
| 2012-01-18/a> | Richard Porter | Oracle Quarterly Released, http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html |
| 2012-01-16/a> | Kevin Shortt | Zappos Breached |
| 2012-01-14/a> | Daniel Wesemann | Hello, Antony! |
| 2012-01-13/a> | Guy Bruneau | Sysinternals Updates - http://blogs.technet.com/b/sysinternals/archive/2012/01/13/updates-autoruns-v11-21-coreinfo-v3-03-portmon-v-3-03-process-explorer-v15-12-mark-s-blog-and-mark-at-rsa-2012.aspx |
| 2012-01-13/a> | Guy Bruneau | Strange DNS Queries - Request Packets/Logs |
| 2012-01-11/a> | Adrien de Beaupre | New wireshark released - 1.6.5 and 1.4.11 - www.wireshark.org/download.html |
| 2012-01-11/a> | Adam Swanger | ISC Feature of the Week: Internet Storm Center / DShield API |
| 2012-01-10/a> | Adrien de Beaupre | January 2012 Microsoft Black Tuesday Summary |
| 2012-01-10/a> | Adrien de Beaupre | Adobe January 2012 Black Tuesday overview |
| 2012-01-06/a> | Guy Bruneau | January 2012 Patch Tuesday Pre-release |
| 2012-01-05/a> | Russ McRee | OpenSSL vulnerability fixes |
| 2012-01-03/a> | Rick Wanner | nmap 5.61TEST4 released |
| 2012-01-03/a> | Rick Wanner | Analysis of the Stratfor Password List |
| 2012-01-03/a> | Bojan Zdrnja | The tale of obfuscated JavaScript continues |
| 2012-01-03/a> | Adam Swanger | ISC Feature of the Week: How to Submit Firewall Logs |
| 2011-12-29/a> | Richard Porter | ASP.Net Vulnerability |
| 2011-12-28/a> | Daniel Wesemann | .nl.ai ? |
| 2011-12-28/a> | Daniel Wesemann | Hash collisions vulnerability in web servers |
| 2011-12-26/a> | Deborah Hale | Badware 2011 |
| 2011-12-25/a> | Deborah Hale | Another Company Falls Victim |
| 2011-12-25/a> | Deborah Hale | Merry Christmas, Happy Holidays |
| 2011-12-21/a> | Chris Mohan | Firefox 9 has been released patching known vulnerabilities http://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox9 |
| 2011-12-21/a> | Chris Mohan | The off switch |
| 2011-12-13/a> | Johannes Ullrich | December 2011 Microsoft Black Tuesday Summary |
| 2011-12-13/a> | Johannes Ullrich | December 2011 Adobe Black Tuesday |
| 2011-12-12/a> | Daniel Wesemann | You won 100$ or a free iPad! |
| 2011-12-12/a> | Daniel Wesemann | Java 6u30 released |
| 2011-12-10/a> | Daniel Wesemann | Unwanted Presents |
| 2011-12-08/a> | Adrien de Beaupre | Newest Adobe Flash 11.1.102.55 and Previous 0 Day Exploit |
| 2011-12-08/a> | Adrien de Beaupre | Microsoft Security Bulletin Advance Notification for December 2011 |
| 2011-12-07/a> | Lenny Zeltser | V8 as an Alternative to SpiderMonkey for JavaScript Deobfuscation |
| 2011-12-07/a> | Lenny Zeltser | Adobe Acrobat Latest Zero-Day Vulnerability Fix Coming to All Platforms by January 10 |
| 2011-12-06/a> | Kevin Shortt | C|Net download.com serving malware with nmap software |
| 2011-12-06/a> | Kevin Shortt | Cain & Abel v4.9.43 Released - http://www.oxid.it/ |
| 2011-12-01/a> | Mark Hofman | SQL Injection Attack happening ATM |
| 2011-11-28/a> | Tom Liston | A Puzzlement... |
| 2011-11-28/a> | Rob VandenBrink | It's Cyber Monday - Click Here! |
| 2011-11-24/a> | Russ McRee | Quick Tip: Pastebin Monitoring & Recon |
| 2011-11-23/a> | Johannes Ullrich | SCADA hacks published on Pastebin |
| 2011-11-22/a> | Pedro Bueno | Updates on ZeroAccess and BlackHole front... |
| 2011-11-19/a> | Pedro Bueno | Dragon Research Group (DRG) announced the white paper entitled "VNC: Threats and Countermeasures" : https://dragonresearchgroup.org/insight/vnc-tac.html |
| 2011-11-18/a> | Kevin Liston | Recent VMWare security advisories |
| 2011-11-16/a> | Adrien de Beaupre | GET BACK TO ME ASAP |
| 2011-11-16/a> | Jason Lam | Potential 0-day on Bind 9 |
| 2011-11-15/a> | Adrien de Beaupre | www.disa.mil down? |
| 2011-11-14/a> | Stephen Hall | Apple update summary |
| 2011-11-11/a> | Rick Wanner | APPLE-SA-2011-11-10-2 Time Capsule and AirPort Base Station (802.11n) Firmware 7.6 update |
| 2011-11-11/a> | Rick Wanner | Adobe Flash update to 11.1.102.55 |
| 2011-11-11/a> | Rick Wanner | Adobe Air updated to 3.1.0.4880 |
| 2011-11-11/a> | Rick Wanner | Yay! More Sysinternals updates! http://technet.microsoft.com/en-us/sysinternals |
| 2011-11-10/a> | Rob VandenBrink | Stuff I Learned Scripting - - Parsing XML in a One-Liner |
| 2011-11-09/a> | Russ McRee | Operation Ghost Click: FBI bags crime ring responsible for $14 million in losses |
| 2011-11-08/a> | Swa Frantzen | Microsoft November 2011 Black Tuesday Overview |
| 2011-11-08/a> | Swa Frantzen | Abobe November 2011 Black Tuesday Overview |
| 2011-11-08/a> | Swa Frantzen | Apple Black Tuesday |
| 2011-11-04/a> | Guy Bruneau | Duqu Mitigation |
| 2011-11-03/a> | Richard Porter | An Apple, Inc. Sandbox to play in. |
| 2011-11-03/a> | Guy Bruneau | November 2011 Patch Tuesday Pre-release |
| 2011-11-02/a> | Russ McRee | Wireshark updates: 1.6.3 and 1.4.10 released |
| 2011-11-01/a> | Russ McRee | Honeynet Project: Android Reverse Engineering (A.R.E.) Virtual Machine released |
| 2011-11-01/a> | Russ McRee | Secure languages & frameworks |
| 2011-10-29/a> | Richard Porter | The Sub Critical Control? Evidence Collection |
| 2011-10-28/a> | Russ McRee | Critical Control 19: Data Recovery Capability |
| 2011-10-28/a> | Daniel Wesemann | Critical Control 20: Security Skills Assessment and Training to fill Gaps |
| 2011-10-27/a> | Mark Baggett | Critical Control 18: Incident Response Capabilities |
| 2011-10-26/a> | Rick Wanner | Critical Control 17:Penetration Tests and Red Team Exercises |
| 2011-10-26/a> | Rob VandenBrink | The Theoretical "SSL Renegotiation" Issue gets a Whole Lot More Real ! |
| 2011-10-23/a> | Guy Bruneau | tcpdump and IPv6 |
| 2011-10-22/a> | Guy Bruneau | Oracle Java SE Critical Patch Update |
| 2011-10-21/a> | Johannes Ullrich | New Flash Click Jacking Exploit |
| 2011-10-20/a> | Johannes Ullrich | Evil Printers Sending Mail |
| 2011-10-19/a> | Pedro Bueno | The old new Stuxnet...DuQu? |
| 2011-10-19/a> | Mark Hofman | Oracle Critical Patch Update |
| 2011-10-19/a> | Johannes Ullrich | House for rent! Observing an Overpayment Scam |
| 2011-10-17/a> | Rob VandenBrink | Critical Control 11: Account Monitoring and Control |
| 2011-10-13/a> | Johannes Ullrich | Critical OS X Vulnerability Patched |
| 2011-10-13/a> | Kevin Shortt | VMware ESXi and ESX updates to third party libraries and ESX Service Console - http://www.vmware.com/security/advisories/VMSA-2011-0012.html |
| 2011-10-13/a> | Guy Bruneau | Critical Control 10: Continuous Vulnerability Assessment and Remediation |
| 2011-10-12/a> | Adam Swanger | We are experiencing technical issues with the webcast. The webcast will start as soon as these issues are resolved. |
| 2011-10-12/a> | Kevin Shortt | Critical Control 8 - Controlled Use of Administrative Privileges |
| 2011-10-11/a> | Swa Frantzen | Microsoft Black Tuesday Overview October 2011 |
| 2011-10-11/a> | Swa Frantzen | Critical Control 7 - Application Software Security |
| 2011-10-11/a> | Swa Frantzen | Apple iTunes 10.5 |
| 2011-10-10/a> | Tom Liston | What's In A Name? |
| 2011-10-10/a> | Jim Clausing | Critical Control 6 - Maintenance, Monitoring, and Analysis of Security Audit Logs |
| 2011-10-07/a> | Mark Hofman | Critical Control 5 - Boundary Defence |
| 2011-10-06/a> | Rob VandenBrink | Apache HTTP Server mod_proxy reverse proxy issue |
| 2011-10-05/a> | Johannes Ullrich | Adobe SSL Certificate Problem (fixed) |
| 2011-10-05/a> | Jim Clausing | VMware Advisory - UDF file system handling |
| 2011-10-04/a> | Rob VandenBrink | Critical Control 2 - Inventory of Authorized and Unauthorized Software |
| 2011-10-04/a> | Johannes Ullrich | Critical Control 3 - Secure Configurations for Hardware and Software on Laptops, Workstations and Servers |
| 2011-10-03/a> | Mark Hofman | Critical Control 1 - Inventory of Authorized and Unauthorized Devices |
| 2011-10-03/a> | Mark Baggett | What are the 20 Critical Controls? |
| 2011-10-03/a> | Bojan Zdrnja | Beauty and the BEAST |
| 2011-10-03/a> | Tom Liston | Security 101 : Security Basics in 140 Characters Or Less |
| 2011-10-02/a> | Mark Hofman | Cyber Security Awareness Month Day 1/2 - Schedule |
| 2011-10-02/a> | Mark Hofman | Cyber Security Awareness Month Day 1/2 - Introduction to the controls |
| 2011-10-01/a> | Mark Hofman | Hot on the heels fo FF, Thunderbird v 7.0.1 and SeaMonkey v 2.4.1 have been updated. |
| 2011-10-01/a> | Mark Hofman | Adobe Photoshop for Windows Vulnerability (CVE-2011-2443) |
| 2011-09-28/a> | Richard Porter | All Along the ARP Tower! |
| 2011-09-27/a> | donald smith | New feature in JUNOS to drop or ignore path attributes. |
| 2011-09-23/a> | Mark Hofman | SSL/TLS Vulnerability Details to be Released Friday (Part 2) |
| 2011-09-22/a> | Rob VandenBrink | TLS 1.2 - Look before you Leap ! |
| 2011-09-21/a> | Swa Frantzen | Emergency patch expected for Flash Player |
| 2011-09-21/a> | Mark Hofman | October 2011 Cyber Security Awareness Month |
| 2011-09-21/a> | Guy Bruneau | Adobe Release Flash Player 10.3.183.10 available at http://get.adobe.com/flashplayer/ |
| 2011-09-20/a> | Swa Frantzen | Diginotar declared bankrupt |
| 2011-09-19/a> | Guy Bruneau | MS Security Advisory Update - Fraudulent DigiNotar Certificates |
| 2011-09-18/a> | Guy Bruneau | Google Chrome Security Updates |
| 2011-09-15/a> | Swa Frantzen | DigiNotar looses their accreditation for qualified certificates |
| 2011-09-15/a> | Johannes Ullrich | SSH Vandals? |
| 2011-09-15/a> | Johannes Ullrich | September OUCH! awareness newsletter released - How to use social networking sites safely. http://bit.ly/ja6TMH |
| 2011-09-13/a> | Swa Frantzen | GlobalSign back in operation |
| 2011-09-13/a> | Swa Frantzen | Microsoft September 2011 Black Tuesday |
| 2011-09-13/a> | Swa Frantzen | Adobe September 2011 Black Tuesday overview |
| 2011-09-13/a> | Swa Frantzen | More DigiNotar intermediate certificates blocklisted at Microsoft |
| 2011-09-09/a> | Rob VandenBrink | Wireshark 1.62 (Newest Stable Release) is out !! ==> http://www.wireshark.org/download.html |
| 2011-09-09/a> | Guy Bruneau | Adobe plan to release critical security updates next Tuesday for Acrobat and Reader http://www.adobe.com/support/security/bulletins/apsb11-24.html |
| 2011-09-09/a> | Johannes Ullrich | Large power outage in Southern California may last until Friday. http://www.sdge.com |
| 2011-09-09/a> | Johannes Ullrich | Early Patch Tuesday Today: Microsoft September 2011 Patches |
| 2011-09-09/a> | Guy Bruneau | Apple Certificate Trust Policy Update |
| 2011-09-09/a> | Guy Bruneau | Adobe Publish its List of Trusted Root Certificate - http://www.adobe.com/security/approved-trust-list.html |
| 2011-09-08/a> | Rob VandenBrink | Should We Still Test Patches? |
| 2011-09-08/a> | Rob VandenBrink | When Good CA's go Bad: Other Things to Check in Your Datacenter |
| 2011-09-08/a> | Mark Hofman | Microsoft has released their advanced notification for patch Tuesday. 15 Vulnerabilities to be addressed. more here --> http://blogs.technet.com/b/msrc/archive/2011/09/08/advanced-notification-for-the-september-2011-bulletin-release.aspx |
| 2011-09-07/a> | Lenny Zeltser | Analyzing Mobile Device Malware - Honeynet Forensic Challenge 9 and Some Tools |
| 2011-09-07/a> | Lenny Zeltser | GlobalSign Temporarily Stops Issuing Certificates to Investigate a Potential Breach |
| 2011-09-06/a> | Swa Frantzen | DigiNotar audit - intermediate report available |
| 2011-09-06/a> | Johannes Ullrich | Microsoft Releases Diginotar Related Patch and Advisory |
| 2011-09-06/a> | Guy Bruneau | Firefox 6.0.2 released to removed trust to DigiNotar certificate authority http://www.mozilla.org/en-US/firefox/6.0.2/releasenotes/ |
| 2011-09-05/a> | Raul Siles | Java 7 Officially Released |
| 2011-09-04/a> | Lorna Hutcheson | Several Sites Defaced |
| 2011-09-01/a> | Swa Frantzen | DigiNotar breach - the story so far |
| 2011-08-31/a> | Johannes Ullrich | Firefox/Thunderbird 6.0.1 released to blocklist bad DigiNotar SSL certificates |
| 2011-08-31/a> | Johannes Ullrich | Phishing e-mail to custom e-mail addresses |
| 2011-08-30/a> | Johannes Ullrich | A Packet Challenge: Help us identify this traffic |
| 2011-08-30/a> | Scott Fendley | Cisco Security Advisory - Apache HTTPd DoS |
| 2011-08-30/a> | Johannes Ullrich | Apache patch out for "byte range" DoS vulnerability http://www.apache.org/dist/httpd/Announcement2.2.html |
| 2011-08-29/a> | Kevin Shortt | Internet Worm in the Wild |
| 2011-08-26/a> | Daniel Wesemann | User Agent 007 |
| 2011-08-26/a> | Johannes Ullrich | SANS Virginia Beach Conference Canceled. Details: http://www.sans.org/virginia-beach-2011/ |
| 2011-08-26/a> | Daniel Wesemann | Adobe Flash stability update to 10.3.183.7. See http://forums.adobe.com/message/3883150 |
| 2011-08-26/a> | Johannes Ullrich | Some Hurricane Technology Tips |
| 2011-08-25/a> | Kevin Shortt | Revival of an Unpatched Apache HTTPD DoS |
| 2011-08-25/a> | Kevin Shortt | Increased Traffic on Port 3389 |
| 2011-08-24/a> | Rob VandenBrink | Disaster Preparedness - Are We Shaken or Stirred? |
| 2011-08-24/a> | Rob VandenBrink | Citrix Access Gateway Cross Site Scripting vulnerability and fix ==> http://support.citrix.com/article/CTX129971 |
| 2011-08-19/a> | Kevin Shortt | Java SE 6 Update 27 released. No security updates, many bug fixes ==> http://www.oracle.com/technetwork/java/javase/6u27-relnotes-444147.html |
| 2011-08-17/a> | Johannes Ullrich | August edition of security awareness newsletter OUCH! released. Focus: Updating your Software http://t.co/ftRVetZ |
| 2011-08-17/a> | Rob VandenBrink | Putting all of Your Eggs in One Basket - or How NOT to do Layoffs |
| 2011-08-17/a> | Rob VandenBrink | Sysinternal updates for ProcDump v4.0, Process Monitor v2.96, Process Explorer v15.02 ==> http://blogs.technet.com/b/sysinternals/ |
| 2011-08-16/a> | Johannes Ullrich | What are the most dangerous web applications and how to secure them? |
| 2011-08-16/a> | Scott Fendley | Firefox 3.6.20 Corrects Several Critical Vulnerabilities |
| 2011-08-15/a> | Mark Hofman | How to find unwanted files on workstations |
| 2011-08-15/a> | Rob VandenBrink | 8 Years since the Eastern Seaboard Blackout - Has it Been that Long? |
| 2011-08-14/a> | Guy Bruneau | FireCAT 2.0 Released |
| 2011-08-11/a> | Guy Bruneau | BlackBerry Enterprise Server Critical Update |
| 2011-08-10/a> | Johannes Ullrich | Theoretical and Practical Password Entropy |
| 2011-08-10/a> | Guy Bruneau | Samba 3.6.0 Released |
| 2011-08-09/a> | Swa Frantzen | abuse handling |
| 2011-08-09/a> | Swa Frantzen | Microsoft August 2011 Black Tuesday Overview |
| 2011-08-09/a> | Swa Frantzen | Adobe August 2011 Black Tuesday Overview |
| 2011-08-05/a> | Johannes Ullrich | Microsoft Patch Tuesday Advance Notification: 13 Bulletins coming http://www.microsoft.com/technet/security/Bulletin/MS11-aug.mspx |
| 2011-08-05/a> | donald smith | New Mac Trojan: BASH/QHost.WB |
| 2011-08-03/a> | Johannes Ullrich | Malicious Images: What's a QR Code |
| 2011-08-02/a> | Mark Hofman | Metsploit 4 hits the downloads |
| 2011-07-30/a> | Deborah Hale | Links on your Facebook Wall |
| 2011-07-29/a> | Richard Porter | Apple Lion talking on TCP 5223 |
| 2011-07-28/a> | Guy Bruneau | XenApp and XenDesktop could result in Arbitrary Code Execution |
| 2011-07-28/a> | Johannes Ullrich | Announcing: The "404 Project" |
| 2011-07-28/a> | Guy Bruneau | Java 7.0 released. Get it here - http://blogs.oracle.com/javase/entry/java_7_has_released |
| 2011-07-27/a> | Daniel Wesemann | OWASP Session Management "Cheat Sheet" |
| 2011-07-25/a> | Johannes Ullrich | Apple released patch for iWork security issue http://support.apple.com/kb/HT1222 |
| 2011-07-25/a> | Bojan Zdrnja | When the FakeAV coder(s) fail |
| 2011-07-25/a> | Johannes Ullrich | iOS 4.3.5 released fixing an SSL certificate verification flaw. http://support.apple.com/kb/HT1222 |
| 2011-07-23/a> | Johannes Ullrich | Apple Battery Firmware Default Password |
| 2011-07-21/a> | Daniel Wesemann | Down the FakeAV rabbit hole |
| 2011-07-21/a> | Mark Hofman | Lion Released |
| 2011-07-21/a> | Johannes Ullrich | Lion: What is new in Security |
| 2011-07-19/a> | Richard Porter | SMS Phishing at the SANSFire 2011 Handler Dinner |
| 2011-07-17/a> | Mark Hofman | SSH Brute Force |
| 2011-07-15/a> | Deborah Hale | Apple Software Updates |
| 2011-07-15/a> | Deborah Hale | What's in a Firewall? |
| 2011-07-14/a> | Guy Bruneau | Blackberry Server Security Update - http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB27258 |
| 2011-07-13/a> | Guy Bruneau | New Sguil HTTPRY Agent |
| 2011-07-13/a> | Guy Bruneau | Are Mobile Devices taking over your Corporate Network? |
| 2011-07-12/a> | Swa Frantzen | Microsoft July 2011 Black Tuesday Overview |
| 2011-07-11/a> | John Bambenek | Another Defense Contractor Hacked in AntiSec Hacktivism Spree |
| 2011-07-10/a> | Raul Siles | Security Testing SSL/TLS (HTTPS) Implementations |
| 2011-07-10/a> | Raul Siles | Jailbreakme Takes Advantage of 0-day PDF Vuln in Apple iOS Devices |
| 2011-07-09/a> | Tony Carothers | Copyright Alert System - What say you? |
| 2011-07-07/a> | Rob VandenBrink | "There's a Patch for that" (or maybe not) |
| 2011-07-06/a> | Rob VandenBrink | "Too Important to Patch" - Wait? What? |
| 2011-07-05/a> | Raul Siles | Helping Developers Understand Security - Spot the Vuln |
| 2011-07-04/a> | Deborah Hale | VSFTP Backdoor in Source Code |
| 2011-06-30/a> | Guy Bruneau | Adobe Release Flash Player 10.3.181.34 available at http://get.adobe.com/flashplayer/ |
| 2011-06-30/a> | Guy Bruneau | Symantec Report - Spam Surge against Social Networks |
| 2011-06-30/a> | Rob VandenBrink | Update for RSA Authentication Manager |
| 2011-06-29/a> | Johannes Ullrich | Random SSL Tips and Tricks |
| 2011-06-28/a> | Johannes Ullrich | Hashing Passwords |
| 2011-06-28/a> | Johannes Ullrich | Update: Opera 11.50 is now available http://www.opera.com/ |
| 2011-06-28/a> | Johannes Ullrich | Update: Google Chrome 12.0.742.112 released http://googlechromereleases.blogspot.com/2011/06/stable-channel-update_28.html |
| 2011-06-28/a> | Johannes Ullrich | Update: Thunderbird 5.0 released. https://www.mozilla.org/en-US/thunderbird/ |
| 2011-06-28/a> | Johannes Ullrich | Update: Java update for OS X fixes security issues http://support.apple.com/kb/HT1222 |
| 2011-06-27/a> | Kevin Shortt | Phishy Spam |
| 2011-06-26/a> | Rick Wanner | Nagios script for ISC threat level http://www.aj-services.com/?p=275 |
| 2011-06-23/a> | Jim Clausing | Apple Security Updates 2011-004 |
| 2011-06-22/a> | Guy Bruneau | WordPress Forces Password Reset |
| 2011-06-22/a> | Guy Bruneau | How Good is your Employee Termination Policy? |
| 2011-06-21/a> | Chris Mohan | StartSSL, a web authentication authority, suspend services after a security breach |
| 2011-06-19/a> | Guy Bruneau | Sega Pass Compromised - 1.29 Million Customers Data Leaked |
| 2011-06-17/a> | Richard Porter | When do you stop owning Technology? |
| 2011-06-15/a> | Pedro Bueno | Hit by MacDefender, Apple Web Security (name your Mac FakeAV here)... |
| 2011-06-15/a> | Johannes Ullrich | Latest issue of "Ouch!" is out http://www.securingthehuman.org/resources/newsletters/ouch |
| 2011-06-14/a> | Swa Frantzen | Adobe releases patches |
| 2011-06-14/a> | Swa Frantzen | Microsoft June 2011 Black Tuesday Overview |
| 2011-06-13/a> | Bojan Zdrnja | Harry Potter and the Rogue anti-virus: Part 1 |
| 2011-06-09/a> | Richard Porter | Chrome Version 12.0.742.91 Released |
| 2011-06-09/a> | Richard Porter | One Browser to Rule them All? |
| 2011-06-08/a> | Johannes Ullrich | Spam from compromised Hotmail accounts |
| 2011-06-07/a> | Johannes Ullrich | RSA Offers to Replace Tokens |
| 2011-06-07/a> | Johannes Ullrich | Oracle Releases Java Version 1.6.0.26 http://java.com/en/download/manual.jsp |
| 2011-06-06/a> | Manuel Humberto Santander Pelaez | Phishing: Same goal, same techniques and people still falling for such scams |
| 2011-06-06/a> | Johannes Ullrich | The Havij SQL Injection Tool |
| 2011-06-06/a> | Johannes Ullrich | Adobe releases Flash Player patch on a Sunday to combat latest 0day http://www.adobe.com/support/security/bulletins/apsb11-13.html |
| 2011-06-04/a> | Rick Wanner | Do you have a personal disaster recovery plan? |
| 2011-06-03/a> | Guy Bruneau | Release of Wireshark 1.6.0rc2 |
| 2011-06-03/a> | Guy Bruneau | Oracle Java SE Critical Patch Update Pre-Release Announcement - June 2011 |
| 2011-06-02/a> | Johannes Ullrich | Some Insight into Apple's Anti-Virus Signatures |
| 2011-06-01/a> | Adrien de Beaupre | Wireshark 1.4.7 and 1.2.17 Released - http://www.wireshark.org/news/20110531.html |
| 2011-06-01/a> | Adrien de Beaupre | Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified IP Phones 7900 Series - http://www.cisco.com/warp/public/707/cisco-sa-20110601-phone.shtml |
| 2011-06-01/a> | Adrien de Beaupre | Cisco Security Advisory: Default Credentials Vulnerability in Cisco Network Registrar - http://www.cisco.com/warp/public/707/cisco-sa-20110601-cnr.shtml |
| 2011-06-01/a> | Adrien de Beaupre | Cisco Security Advisory: Default Credentials for root Account on the Cisco Media Experience Engine 5600 - http://www.cisco.com/warp/public/707/cisco-sa-20110601-mxe.shtml |
| 2011-06-01/a> | Johannes Ullrich | Enabling Privacy Enhanced Addresses for IPv6 |
| 2011-06-01/a> | Adrien de Beaupre | Cisco Security Advisory: Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client - http://www.cisco.com/warp/public/707/cisco-sa-20110601-ac.shtml |
| 2011-05-31/a> | Johannes Ullrich | Skype EasyBits Add-on |
| 2011-05-31/a> | Chris Mohan | Getting the IT security word out there to the rest of the world |
| 2011-05-31/a> | Johannes Ullrich | Apple Improving OS X Anti-Malware Feature |
| 2011-05-30/a> | Johannes Ullrich | Allied Telesis Passwords Leaked |
| 2011-05-30/a> | Johannes Ullrich | Lockheed Martin and RSA Tokens |
| 2011-05-26/a> | Swa Frantzen | MacDefender ups the ante with removing the password need for installation |
| 2011-05-25/a> | Daniel Wesemann | Apple advisory on "MacDefender" malware |
| 2011-05-25/a> | Lenny Zeltser | Monitoring Social Media for Security References to Your Organization |
| 2011-05-25/a> | Daniel Wesemann | Five new Cisco security advisories released. See http://www.cisco.com/go/psirt |
| 2011-05-23/a> | Mark Hofman | Microsoft Support Scam (again) |
| 2011-05-22/a> | Kevin Shortt | Facebook goes two-factor |
| 2011-05-21/a> | Daniel Wesemann | Weekend reading |
| 2011-05-20/a> | Guy Bruneau | Sysinternals Updates, Analyzing Stuxnet Infection with Sysinternals Tools Part 3 |
| 2011-05-19/a> | Daniel Wesemann | Fake AV Bingo |
| 2011-05-18/a> | Bojan Zdrnja | Android, HTTP and authentication tokens |
| 2011-05-16/a> | Jason Lam | Firefox 3.5 forced upgrade coming soon |
| 2011-05-14/a> | Guy Bruneau | Websense Study Claims Canada Next Hotbed for Cybercrime Web Hosting Activity |
| 2011-05-12/a> | Chris Mohan | Reports of another javascript-based spam scam doing the rounds in Facebook |
| 2011-05-12/a> | Johannes Ullrich | ActiveX Flaw Affecting SCADA systems |
| 2011-05-12/a> | Chris Mohan | Security updates available for Flash Player, RoboHelp, Audition, and Flash Media Server |
| 2011-05-10/a> | Swa Frantzen | May 2011 Microsoft Black Tuesday Overview |
| 2011-05-10/a> | Swa Frantzen | Backtrack 5 released |
| 2011-05-10/a> | Swa Frantzen | Changing MO in scamming our users ? |
| 2011-05-10/a> | Swa Frantzen | Time to change your facebook password? |
| 2011-05-09/a> | Rick Wanner | Serious flaw in OpenID |
| 2011-05-08/a> | Lorna Hutcheson | Monitoring Virtual Machines |
| 2011-05-07/a> | Rick Wanner | Belated May 2: Metasploit 3.7.0 released. http://blog.metasploit.com/2011/05/metasploit-framework-370-released.html |
| 2011-05-06/a> | Richard Porter | Updated Exploit Index for Microsoft |
| 2011-05-06/a> | Richard Porter | Unpatched Exploit: Skype for MAC |
| 2011-05-04/a> | Bojan Zdrnja | More on Google image poisoning |
| 2011-05-04/a> | Richard Porter | Microsoft Sysinterals Update |
| 2011-05-03/a> | Johannes Ullrich | Analyzing Teredo with tshark and Wireshark |
| 2011-05-03/a> | Johannes Ullrich | Update on Osama Bin Laden themed Malware |
| 2011-05-02/a> | Johannes Ullrich | Bin Laden Death Related Malware |
| 2011-05-01/a> | Deborah Hale | Another Potentially Malicious Email Making The Rounds |
| 2011-05-01/a> | Deborah Hale | Java 6.25 Is Now Available |
| 2011-05-01/a> | Deborah Hale | Droid MarketPlace Has a New App |
| 2011-04-29/a> | Guy Bruneau | Firefox, Thunderbird and SeaMonkey Security Updates |
| 2011-04-28/a> | Chris Mohan | Cisco Security Advisories |
| 2011-04-28/a> | Guy Bruneau | VMware ESXi 4.1 Security and Firmware Updates |
| 2011-04-28/a> | Chris Mohan | DSL Reports advise 9,000 accounts were compromised |
| 2011-04-26/a> | John Bambenek | Is the Insider Threat Really Over? |
| 2011-04-25/a> | Rob VandenBrink | What's Your (IP) Address Worth? |
| 2011-04-25/a> | Rob VandenBrink | Sony PlayStation Network Outage - Day 5 |
| 2011-04-23/a> | Manuel Humberto Santander Pelaez | Image search can lead to malware download |
| 2011-04-22/a> | Manuel Humberto Santander Pelaez | In-house developed applications: The constant headache for the information security officer |
| 2011-04-22/a> | Manuel Humberto Santander Pelaez | iPhoneMap: iPhoneTracker port to Linux |
| 2011-04-21/a> | Guy Bruneau | Adobe Reader and Acrobat Security Updates |
| 2011-04-20/a> | Daniel Wesemann | Data Breach Investigations Report published by Verizon |
| 2011-04-20/a> | Daniel Wesemann | Virustotal.com hiccup |
| 2011-04-18/a> | John Bambenek | Wordpress.com Security Breach |
| 2011-04-16/a> | Scott Fendley | New Versions of Wireshark released |
| 2011-04-16/a> | Scott Fendley | Oracle Patch Update Pre-Release Announcement |
| 2011-04-14/a> | Johannes Ullrich | Update to Adobe Flash 0-day: Patch will be out soon |
| 2011-04-14/a> | Johannes Ullrich | Apple Security Patches for OS X and iOS |
| 2011-04-14/a> | Adrien de Beaupre | Sysinternals updates, a new blog post, and webcast |
| 2011-04-13/a> | Johannes Ullrich | April issue of SANS Security Awareness Newsletter is out http://www.securingthehuman.org/resources/ouch |
| 2011-04-11/a> | Johannes Ullrich | GMail User Using 2FA Warned of Access From China |
| 2011-04-11/a> | Johannes Ullrich | Layer 2 DoS and other IPv6 Tricks |
| 2011-04-11/a> | Jim Clausing | April 2011 Microsoft Black Tuesday Summary |
| 2011-04-11/a> | Johannes Ullrich | Yet another Adobe Flash/Reader/Acrobat 0 day |
| 2011-04-08/a> | Johannes Ullrich | Dark Black Tuesday Coming Up: 17 Microsoft Bulletins |
| 2011-04-07/a> | Chris Mohan | Being a good internet neighbour |
| 2011-04-04/a> | Mark Hofman | When your service provider has a breach |
| 2011-04-03/a> | Richard Porter | Extreme Disclosure? Not yet but a great trend! |
| 2011-04-02/a> | Rick Wanner | RSA/EMC: Anatomy of a compromise |
| 2011-04-01/a> | John Bambenek | LizaMoon Mass SQL-Injection Attack Infected at least 500k Websites |
| 2011-03-30/a> | Adrien de Beaupre | Two Cisco advisories: cisco-sa-20110330-nac and cisco-sa-20110330-acs |
| 2011-03-29/a> | Daniel Wesemann | Making sense of RSA ACE server audit logs |
| 2011-03-29/a> | Daniel Wesemann | Requesting deletion of "free" email and chat accounts |
| 2011-03-29/a> | Daniel Wesemann | Malware emails with fake cellphone invoice |
| 2011-03-27/a> | Guy Bruneau | Strange Shockwave File with Surprising Attachments |
| 2011-03-25/a> | Kevin Liston | APT Tabletop Exercise |
| 2011-03-25/a> | Rob VandenBrink | The Recent RSA Breach - Imagining the Worst Case, And Why it Isn't Time to Panic (Yet) |
| 2011-03-22/a> | Kevin Shortt | Adobe Reader/Acrobat Security Update - http://www.adobe.com/support/security/bulletins/apsb11-06.html |
| 2011-03-22/a> | Chris Mohan | Read only USB stick trick |
| 2011-03-21/a> | Kevin Shortt | APPLE-SA-2011-03-21-1 Mac OS X v10.6.7 and Security Update 2011-001 |
| 2011-03-21/a> | Kevin Shortt | Port 1434: Sudden Slammer Decline? |
| 2011-03-18/a> | Chris Mohan | RSA Breach Notification |
| 2011-03-17/a> | Kevin Liston | So You Got an AV Alert. Now What? |
| 2011-03-16/a> | Johannes Ullrich | Analyzing HTTP Packet Captures |
| 2011-03-14/a> | Bojan Zdrnja | Tsunami in Japan and self modifying RogueAV code |
| 2011-03-14/a> | Bojan Zdrnja | Adobe Flash 0-day being used in targeted attacks |
| 2011-03-12/a> | Chris Mohan | Apple releases iTunes 10.2.1 - http://support.apple.com/kb/DL1103 |
| 2011-03-11/a> | Guy Bruneau | Snort IDS Sensor with Sguil Framework ISO |
| 2011-03-11/a> | Guy Bruneau | Japan Earthquake: Possible scams / malware |
| 2011-03-10/a> | Bojan Zdrnja | iOS 4.3 released, numerous security vulnerabilities patched |
| 2011-03-09/a> | Chris Mohan | Possible Issue with Forefront Update KB2508823 |
| 2011-03-09/a> | Jim Clausing | Apple updates Java |
| 2011-03-09/a> | Kevin Shortt | AVG Anti-Virus 2011 False Positives - Luhe.Exploit.PDF.B |
| 2011-03-08/a> | Jim Clausing | VMware ESX/ESXi security updates released, see http://www.vmware.com/security/advisories/VMSA-2011-0004.html |
| 2011-03-08/a> | Jim Clausing | March 2011 Microsoft Black Tuesday Summary |
| 2011-03-07/a> | Bojan Zdrnja | Oracle padding attacks (Codegate crypto 400 writeup) |
| 2011-03-07/a> | Lorna Hutcheson | Call for Packets - Unassigned TCP Options |
| 2011-03-04/a> | Mark Hofman | A new version of Seamonkey is available, includes security fixes. More details here http://www.seamonkey-project.org/news#2011-03-02 |
| 2011-03-03/a> | Manuel Humberto Santander Pelaez | Rogue apps inside Android Marketplace |
| 2011-03-02/a> | Chris Mohan | Microsoft’s Autorun update v2.1 now automatically deployed from Windows Update |
| 2011-03-02/a> | Chris Mohan | Updates: Firefox 3.6.14/3.5.17, Thunderbird 3.1.8, Adobe Flash v10.2.152.32 & WireShark 1.4.4 |
| 2011-03-01/a> | Daniel Wesemann | AV software and "sharing samples" |
| 2011-02-28/a> | Deborah Hale | Possible Botnet Scanning |
| 2011-02-25/a> | Johannes Ullrich | Thunderbolt Security Speculations |
| 2011-02-24/a> | Johannes Ullrich | Windows 7 / 2008 R2 Service Pack 1 Problems |
| 2011-02-23/a> | Johannes Ullrich | Windows 7 Service Pack 1 out |
| 2011-02-22/a> | Bojan Zdrnja | HBGary hack: lessons learned |
| 2011-02-21/a> | Adrien de Beaupre | Winamp forums compromised |
| 2011-02-21/a> | Adrien de Beaupre | Kaspersky update servers unreachable |
| 2011-02-19/a> | Guy Bruneau | Snort Data Acquisition Library |
| 2011-02-15/a> | Jason Lam | Oracle Java 6 Update 24 |
| 2011-02-15/a> | Jason Lam | HTTP headers fun |
| 2011-02-14/a> | Lorna Hutcheson | Network Visualization |
| 2011-02-11/a> | Kevin Johnson | Two-Factor Auth: Can we just Google the response? |
| 2011-02-10/a> | Chris Mohan | Linksys WAP610N has Unauthenticated Root Console issue |
| 2011-02-09/a> | Mark Hofman | Adobe Patches (shockwave, Flash, Reader & Coldfusion) |
| 2011-02-09/a> | Mark Hofman | Java Floating point issue (CVE-2010-4476) |
| 2011-02-08/a> | Chris Mohan | VMWare Security Advisory |
| 2011-02-08/a> | Joel Esler | Feburary 2011 Microsoft Black Tuesday Summary |
| 2011-02-07/a> | Pedro Bueno | The Good , the Bad and the Unknown Online Scanners |
| 2011-02-07/a> | Richard Porter | Crime is still Crime! Pt 2 |
| 2011-02-05/a> | Guy Bruneau | OpenSSH Legacy Certificate Information Disclosure Vulnerability |
| 2011-02-04/a> | Daniel Wesemann | Busy patch tuesday ahead |
| 2011-02-04/a> | Daniel Wesemann | Oh, just click "yes" |
| 2011-02-02/a> | Chris Mohan | Default Credentials for Root Account on Cisco Personal Video units |
| 2011-02-01/a> | Lenny Zeltser | The Importance of HTTP Headers When Investigating Malicious Sites |
| 2011-01-30/a> | Richard Porter | The Modern Dark Ages? |
| 2011-01-28/a> | Guy Bruneau | Nmap 5.50 Released |
| 2011-01-27/a> | Chris Carboni | Opera Updates |
| 2011-01-25/a> | Johannes Ullrich | Packet Tricks with xxd |
| 2011-01-25/a> | Chris Mohan | Reviewing our preconceptions |
| 2011-01-24/a> | Rob VandenBrink | Where have all the COM Ports Gone? - How enumerating COM ports led to me finding a “misplaced” Microsoft tool |
| 2011-01-23/a> | Richard Porter | Crime is still Crime! |
| 2011-01-19/a> | Johannes Ullrich | Microsoft's Secure Developer Tools |
| 2011-01-18/a> | Daniel Wesemann | Yet another rogue anti-virus |
| 2011-01-18/a> | Daniel Wesemann | Oracle Patches (Jan2011 CPU) |
| 2011-01-16/a> | Tony Carothers | Facebook User Data Call for 3rd Party Apps |
| 2011-01-15/a> | Jim Clausing | What's up with port 8881? |
| 2011-01-14/a> | Chris Mohan | How does your family backup their memories? |
| 2011-01-13/a> | Rob VandenBrink | Blackberry BES Server Updates for PDF Vulnerabilities |
| 2011-01-12/a> | Richard Porter | How Many Loyalty Cards do you Carry? |
| 2011-01-12/a> | Richard Porter | Has Big Brother gone Global? |
| 2011-01-12/a> | Richard Porter | Yet Another Data Broker? AOL Lifestream. |
| 2011-01-11/a> | Kevin Shortt | January 2011 Microsoft Black Tuesday Summary |
| 2011-01-11/a> | Kevin Shortt | Spam Cannons on Holiday |
| 2011-01-10/a> | Manuel Humberto Santander Pelaez | Facebook virus spreads via photo album chat messages |
| 2011-01-10/a> | Manuel Humberto Santander Pelaez | VirusTotal VTzilla firefox/chrome plugin |
| 2011-01-08/a> | Guy Bruneau | PandaLabs 2010 Annual Report |
| 2011-01-08/a> | Guy Bruneau | January 2011 Patch Tuesday Pre-release |
| 2011-01-06/a> | Johannes Ullrich | Flash Local-with-filesystem Sandbox Bypass |
| 2011-01-06/a> | Johannes Ullrich | OS X 10.6.6 released. Probably some security content but Apple hasn't released details yet. |
| 2011-01-05/a> | Johannes Ullrich | VMWare Security Advisory VMSA-2011-0001 |
| 2011-01-05/a> | Johannes Ullrich | Survey: Software Security Awareness Training |
| 2011-01-04/a> | Johannes Ullrich | Microsoft Advisory: Vulnerability in Graphics Rendering Engine |
| 2010-12-31/a> | Bojan Zdrnja | Android malware enters 2011 |
| 2010-12-30/a> | Rick Wanner | SamuraiWTF Review over at ISSA Toolsmith |
| 2010-12-30/a> | Rick Wanner | Obvious Lessons from the Skype outage |
| 2010-12-29/a> | Daniel Wesemann | Malware Domains 2234.in, 0000002.in & co |
| 2010-12-29/a> | Daniel Wesemann | Beware of strange web sites bearing gifts ... |
| 2010-12-28/a> | John Bambenek | Mozilla Notifies of Relatively Minor Security Breach |
| 2010-12-27/a> | Johannes Ullrich | Various sites "Owned and Exposed" |
| 2010-12-26/a> | Manuel Humberto Santander Pelaez | ISC infocon monitor app for OS X |
| 2010-12-25/a> | Manuel Humberto Santander Pelaez | An interesting vulnerability playground to learn application vulnerabilities |
| 2010-12-24/a> | Daniel Wesemann | A question of class |
| 2010-12-23/a> | Mark Hofman | Skoudis' Annual Xmas Hacking Challenge - The Nightmare Before Charlie Brown's Christmas |
| 2010-12-23/a> | Mark Hofman | IE 0 Day, just in time for Christmas |
| 2010-12-23/a> | Mark Hofman | Older AV Scam Active again. |
| 2010-12-23/a> | Mark Hofman | White house greeting cards |
| 2010-12-22/a> | John Bambenek | IIS 7.5 0-Day DoS (processing FTP requests) |
| 2010-12-21/a> | Rob VandenBrink | Network Reliability, Part 2 - HSRP Attacks and Defenses |
| 2010-12-20/a> | Guy Bruneau | Patch Issues with Outlook 2007 |
| 2010-12-18/a> | Raul Siles | Where are the Wi-Fi Driver Vulnerabilities? |
| 2010-12-15/a> | Manuel Humberto Santander Pelaez | Vulnerability in the PDF distiller of the BlackBerry Attachment Service |
| 2010-12-15/a> | Johannes Ullrich | OpenBSD IPSec "Backdoor" |
| 2010-12-15/a> | Manuel Humberto Santander Pelaez | HP StorageWorks P2000 G3 MSA hardcoded user |
| 2010-12-14/a> | Manuel Humberto Santander Pelaez | December 2010 Microsoft Black Tuesday Summary |
| 2010-12-13/a> | Deborah Hale | Gawker Media Breach of Security |
| 2010-12-13/a> | Deborah Hale | The Week to Top All Weeks |
| 2010-12-12/a> | Raul Siles | New trend regarding web application vulnerabilities? |
| 2010-12-12/a> | Raul Siles | Apple Quickime 7.6.9 was released a few days ago (just in case you missed it): http://support.apple.com/kb/HT1222. Update all your web browser plugins! |
| 2010-12-10/a> | Mark Hofman | EXIM MTA vulnerability |
| 2010-12-10/a> | Mark Hofman | Microsoft patches |
| 2010-12-09/a> | Mark Hofman | Firefox version 3.6.13 is being pushed out, time to update (thanks Vincent). Thunderbird 3.1.7 and 3.0.11 can also be added to the list as well as SeaMonkey 2.0.11. - M |
| 2010-12-08/a> | Rob VandenBrink | How a Tablet Changed My Life |
| 2010-12-08/a> | Rob VandenBrink | Interesting DDOS activity around Wikileaks |
| 2010-12-08/a> | Rob VandenBrink | Java 6, Update 23 is out => http://java.sun.com/javase/6/webnotes/ReleaseNotes.html , http://www.oracle.com/technetwork/java/javase/6u23releasenotes-191058.html , http://www.oracle.com/technetwork/java/javase/2col/6u23bugfixes-191074.html |
| 2010-12-07/a> | Kevin Shortt | You got a sec? |
| 2010-12-05/a> | Jim Clausing | Updates to a couple of Sysinternals tools |
| 2010-12-03/a> | Mark Hofman | T'is the season to be SPAMMY, trallalalaa la la la laaa |
| 2010-12-03/a> | Mark Hofman | AVG Update Bricking windows 7 64 bit |
| 2010-12-02/a> | Kevin Johnson | Robert Hansen and our happiness |
| 2010-12-02/a> | Kevin Johnson | SQL Injection: Wordpress 3.0.2 released |
| 2010-12-02/a> | Kevin Johnson | ProFTPD distribution servers compromised |
| 2010-12-01/a> | Deborah Hale | McAfee Security Bulletin Released |
| 2010-12-01/a> | Deborah Hale | A Gentle Reminder - It is that time of year again |
| 2010-11-30/a> | Joel Esler | VMWare Security Advisory |
| 2010-11-29/a> | Stephen Hall | Sun security updates |
| 2010-11-26/a> | Mark Hofman | Using password cracking as metric/indicator for the organisation's security posture |
| 2010-11-25/a> | Bojan Zdrnja | Secunia's DNS/domain hijacked? |
| 2010-11-24/a> | Bojan Zdrnja | Privilege escalation 0-day in almost all Windows versions |
| 2010-11-24/a> | Jim Clausing | Help with odd port scans |
| 2010-11-22/a> | Lenny Zeltser | Brand Impersonations On-Line: Brandjacking and Social Networks |
| 2010-11-22/a> | Lenny Zeltser | Adobe Acrobat Spam Going Strong - More to Come? |
| 2010-11-19/a> | Jason Lam | Exchanging and sharing of assessment results |
| 2010-11-19/a> | Jason Lam | Adobe Reader X - Sandbox |
| 2010-11-18/a> | Chris Carboni | Stopping the ZeroAccess Rootkit |
| 2010-11-17/a> | Guy Bruneau | Reference on Open Source Digital Forensics |
| 2010-11-17/a> | Guy Bruneau | Conficker B++ Activated on Nov 15 |
| 2010-11-16/a> | Guy Bruneau | Mac OS X Server v10.6.5 (10H575) Security Update: http://support.apple.com/kb/HT4452 |
| 2010-11-16/a> | Guy Bruneau | Acrobat and Adobe Reader Security Update |
| 2010-11-12/a> | Guy Bruneau | Scripting with Unix Date |
| 2010-11-12/a> | Guy Bruneau | Honeynet Forensic Challenge - Analyzing Malicious Portable Destructive Files |
| 2010-11-11/a> | Daniel Wesemann | Java Exploits |
| 2010-11-11/a> | Johannes Ullrich | OS X 10.6.5 released with security patches. Careful: issues with PGP WDE! (see PGP support forums) |
| 2010-11-11/a> | Daniel Wesemann | Fake AV scams via Skype Chat |
| 2010-11-09/a> | Johannes Ullrich | November 2010 Microsoft Black Tuesday Summary |
| 2010-11-08/a> | Manuel Humberto Santander Pelaez | Network Security Perimeter: How to choose the correct firewall and IPS for your environment? |
| 2010-11-08/a> | Manuel Humberto Santander Pelaez | DST to EST error summary |
| 2010-11-04/a> | Johannes Ullrich | Today's Adobe Patches and Vulnerablities |
| 2010-11-04/a> | Johannes Ullrich | Microsoft Patches Pre-Announcement |
| 2010-11-04/a> | Johannes Ullrich | Microsoft Smart Screen False Positivies |
| 2010-11-03/a> | Kevin Liston | SQL Slammer Clean-up: Roundup and Review |
| 2010-11-02/a> | Johannes Ullrich | Limited Malicious Search Engine Poisoning for Election |
| 2010-11-01/a> | Manuel Humberto Santander Pelaez | CVE-2010-3654 exploit in the wild |
| 2010-10-31/a> | Marcus Sachs | Cyber Security Awareness Month - Day 31 - Tying it all together |
| 2010-10-30/a> | Guy Bruneau | Security Update for Shockwave Player |
| 2010-10-30/a> | Guy Bruneau | Cyber Security Awareness Month - Day 30 - Role of the network team |
| 2010-10-29/a> | Kevin Liston | SQL Slammer Clean-up: Contacting CERTs |
| 2010-10-29/a> | Manuel Humberto Santander Pelaez | Cyber Security Awareness Month - Day 29- Role of the office geek |
| 2010-10-28/a> | Rick Wanner | Cyber Security Awareness Month - Day 27 - Social Media use in the office |
| 2010-10-28/a> | Tony Carothers | Cyber Security Awareness Month - Day 28 - Role of the employee |
| 2010-10-28/a> | Manuel Humberto Santander Pelaez | CVE-2010-3654 - New dangerous 0-day authplay library adobe products vulnerability |
| 2010-10-26/a> | Pedro Bueno | Be (even more) careful with public hotspots. Firesheep released yesterday. Brilliant and scary. |
| 2010-10-26/a> | Pedro Bueno | Firefox news |
| 2010-10-26/a> | Pedro Bueno | Cyber Security Awareness Month - Day 26 - Sharing Office Files |
| 2010-10-25/a> | Kevin Shortt | Cyber Security Awareness Month - Day 25 - Using Home Computers for Work |
| 2010-10-25/a> | Kevin Liston | SQL Slammer Clean-up: Switching Viewpoints |
| 2010-10-24/a> | Swa Frantzen | Cyber Security Awarenes Month - Day 24 - Using work computers at home |
| 2010-10-23/a> | Mark Hofman | Cyber Security Awareness Month - Day 23 - The Importance of compliance |
| 2010-10-22/a> | Daniel Wesemann | Cyber Security Awareness Month - Day 22 - Security of removable media |
| 2010-10-22/a> | Manuel Humberto Santander Pelaez | Intypedia project |
| 2010-10-21/a> | Chris Carboni | Cyber Security Awareness Month - Day 21 - Impossible Requests from the Boss |
| 2010-10-20/a> | Jim Clausing | Cyber Security Awareness Month - Day 20 - Securing Mobile Devices |
| 2010-10-20/a> | Jim Clausing | Tools updates - Oct 2010 |
| 2010-10-19/a> | Rob VandenBrink | Cyber Security Awareness Month - Day 19 - Remote Access Tools |
| 2010-10-19/a> | Rob VandenBrink | Cyber Security Awareness Month - Day 19 - Remote User VPN Tunnels - to Split or not to Split? |
| 2010-10-19/a> | Rob VandenBrink | Cyber Security Awareness Month - Day 19 - VPN Architectures – SSL or IPSec? |
| 2010-10-19/a> | Rob VandenBrink | Cyber Security Awareness Month - Day 19 - Remote User VPN Access – Are things getting too easy, or too hard? |
| 2010-10-19/a> | Rob VandenBrink | Cyber Security Awareness Month - Day 19 - VPN and Remote Access Tools |
| 2010-10-19/a> | Kevin Liston | SQL Slammer Clean-up: Picking up the Phone |
| 2010-10-18/a> | Manuel Humberto Santander Pelaez | Cyber Security Awareness Month - Day 18 - What you should tell your boss when there's a crisis |
| 2010-10-17/a> | Stephen Hall | Cyber Security Awareness Month - Day 17 - What a boss should and should not have access to |
| 2010-10-15/a> | Marcus Sachs | Cyber Security Awareness Month - Day 15 - What Teachers Need to Know About Their Students |
| 2010-10-15/a> | Guy Bruneau | Cyber Security Awareness Month - Day 16 - Securing a donated computer |
| 2010-10-14/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 14 - Securing a public computer |
| 2010-10-13/a> | Deborah Hale | Cyber Security Awareness Month - Day 13 - Online Bullying |
| 2010-10-12/a> | Adrien de Beaupre | New version of Opera- Opera 10.63 is a recommended upgrade offering security and stability enhancements: http://www.opera.com/browser/download/ |
| 2010-10-12/a> | Scott Fendley | Cyber Security Awareness Month - Day 12 - Protecting and Managing Your Digital Identity On Social Media Sites |
| 2010-10-12/a> | Adrien de Beaupre | October 2010 Microsoft Black Tuesday Summary |
| 2010-10-12/a> | Scott Fendley | Oracle Critical Updates Released |
| 2010-10-11/a> | Kevin Liston | SQL Slammer Clean-up: Reporting Upstream |
| 2010-10-11/a> | Rick Wanner | Cyber Security Awareness Month - Day 11 - Safe Browsing for Teens |
| 2010-10-11/a> | Adrien de Beaupre | OT: Happy Thanksgiving Day Canada |
| 2010-10-11/a> | Rick Wanner | New version of Wireshark available for download - 1.4.1 - http://www.wireshark.org/download.html |
| 2010-10-10/a> | Kevin Liston | Cyber Security Awareness Month - Day 10 - Safe browsing for pre-teens |
| 2010-10-09/a> | Kevin Shortt | Cyber Security Awareness Month - Day 9 - Disposal of an Old Computer |
| 2010-10-08/a> | Rick Wanner | Patch Tuesday Pre-release -- 16 updates |
| 2010-10-08/a> | Rick Wanner | Cyber Security Awareness Month - Day 8 - Patch Management and System Updates |
| 2010-10-06/a> | Robert Danford | Adobe updates: http://www.adobe.com/support/security/bulletins/apsb10-21.html |
| 2010-10-06/a> | Rob VandenBrink | Cyber Security Awareness Month - Day 7 - Remote Access and Monitoring Tools |
| 2010-10-06/a> | Marcus Sachs | Cyber Security Awareness Month - Day 6 - Computer Monitoring Tools |
| 2010-10-05/a> | Rick Wanner | Cyber Security Awareness Month - Day 5 - Sites you should stay away from |
| 2010-10-04/a> | Daniel Wesemann | Cyber Security Awareness Month - Day 4 - Managing EMail |
| 2010-10-04/a> | Kevin Liston | SQL Slammer Clean-up: How to Report |
| 2010-10-03/a> | Adrien de Beaupre | Cyber Security Awareness Month - Day 3 - Recognizing phishing and online scams |
| 2010-10-03/a> | Adrien de Beaupre | H went down. |
| 2010-10-03/a> | Adrien de Beaupre | Canada's Cyber Security Strategy released today |
| 2010-10-02/a> | Mark Hofman | Cyber Security Awareness Month - Day 2 - Securing the Family Network |
| 2010-10-01/a> | Kevin Liston | Cyber Security Awareness Month Activity: SQL Slammer Clean-up |
| 2010-10-01/a> | Marcus Sachs | Cyber Security Awareness Month - 2010 |
| 2010-10-01/a> | Marcus Sachs | Cyber Security Awareness Month - Day 1 - Securing the Family PC |
| 2010-09-30/a> | Pedro Bueno | MS OOB .NET patch is now also available via Windows Update. |
| 2010-09-28/a> | Daniel Wesemann | Strange packet: "daylight rekick", anyone? |
| 2010-09-28/a> | Daniel Wesemann | Supporting the economy (in Russia and Ukraine) |
| 2010-09-28/a> | Daniel Wesemann | MS10-070 OOB Patch for ASP.NET vulnerability |
| 2010-09-27/a> | Adrien de Beaupre | MS OOB patch tomorrow for Security Advisory 2416728 |
| 2010-09-26/a> | Daniel Wesemann | Egosurfing, the corporate way |
| 2010-09-26/a> | Daniel Wesemann | PDF analysis paper |
| 2010-09-25/a> | Rick Wanner | Guest Diary: Andrew Hunt - Visualizing the Hosting Patterns of Modern Cybercriminals |
| 2010-09-21/a> | Johannes Ullrich | Implementing two Factor Authentication on the Cheap |
| 2010-09-18/a> | Rick Wanner | Microsoft Security Advisory for ASP.NET |
| 2010-09-18/a> | Rick Wanner | I'm fine, thanks! |
| 2010-09-16/a> | Johannes Ullrich | Facebook "Like Pages" |
| 2010-09-16/a> | Johannes Ullrich | A Packet a Day |
| 2010-09-16/a> | Johannes Ullrich | OpenX Ad-Server Vulnerability |
| 2010-09-14/a> | Adrien de Beaupre | Adobe Flash v10.1.82.76 and earlier vulnerability in-the-wild |
| 2010-09-14/a> | Adrien de Beaupre | September 2010 Microsoft Black Tuesday Summary |
| 2010-09-14/a> | Adrien de Beaupre | BlackEnergy DDoS |
| 2010-09-13/a> | Manuel Humberto Santander Pelaez | Adobe SING table parsing exploit (CVE-2010-2883) in the wild |
| 2010-09-13/a> | Manuel Humberto Santander Pelaez | Enhanced Mitigation Experience Toolkit can block Adobe 0-day exploit |
| 2010-09-12/a> | Manuel Humberto Santander Pelaez | Adobe Acrobat pushstring Memory Corruption paper |
| 2010-09-09/a> | Jim Clausing | Opera 10.62 - security (the DLL path issue) and stability upate see http://www.opera.com/docs/changelogs/windows/1062/ |
| 2010-09-09/a> | Marcus Sachs | 'Here You Have' Email |
| 2010-09-08/a> | John Bambenek | Adobe Acrobat/Reader 0-day in Wild, Adobe Issues Advisory |
| 2010-09-04/a> | Kevin Liston | What's not to Like about "Like?" |
| 2010-08-30/a> | Adrien de Beaupre | Apple QuickTime potential vulnerability/backdoor |
| 2010-08-29/a> | Swa Frantzen | Abandoned free email accounts |
| 2010-08-29/a> | Swa Frantzen | DLL hijacking - what are you doing ? |
| 2010-08-27/a> | Mark Hofman | FTP Brute Password guessing attacks |
| 2010-08-25/a> | Pedro Bueno | Adobe released security update for Shockwave player that fix several CVEs: APSB1020 |
| 2010-08-23/a> | Manuel Humberto Santander Pelaez | Firefox plugins to perform penetration testing activities |
| 2010-08-23/a> | Bojan Zdrnja | DLL hijacking vulnerabilities |
| 2010-08-22/a> | Rick Wanner | Failure of controls...Spanair crash caused by a Trojan |
| 2010-08-22/a> | Manuel Humberto Santander Pelaez | SCADA: A big challenge for information security professionals |
| 2010-08-19/a> | Rob VandenBrink | Don points us to multiple Adobe updates (Reader and Acrobat 9.3.4 among them) ==> http://www.adobe.com/support/downloads/new.jsp |
| 2010-08-19/a> | Rob VandenBrink | Change is Good. Change is Bad. Change is Life. |
| 2010-08-18/a> | Guy Bruneau | Adobe out-of-cycle Updates |
| 2010-08-17/a> | Bojan Zdrnja | Do you like Bing? So do the RogueAV guys! |
| 2010-08-16/a> | Raul Siles | The Seven Deadly Sins of Security Vulnerability Reporting |
| 2010-08-16/a> | Raul Siles | DDOS: State of the Art |
| 2010-08-16/a> | Raul Siles | Blind Elephant: A New Web Application Fingerprinting Tool |
| 2010-08-15/a> | Manuel Humberto Santander Pelaez | Obfuscated SQL Injection attacks |
| 2010-08-15/a> | Manuel Humberto Santander Pelaez | Opensolaris project cancelled, replaced by Solaris 11 express |
| 2010-08-15/a> | Manuel Humberto Santander Pelaez | Python to test web application security |
| 2010-08-14/a> | Tony Carothers | Freedom of Information |
| 2010-08-13/a> | Tom Liston | The Strange Case of Doctor Jekyll and Mr. ED |
| 2010-08-13/a> | Guy Bruneau | Shadowserver Binary Whitelisting Service |
| 2010-08-10/a> | Jason Lam | Adobe critical security updates |
| 2010-08-10/a> | Jim Clausing | August 2010 Micrsoft Black Tuesday Summary |
| 2010-08-10/a> | Daniel Wesemann | SSH - new brute force tool? |
| 2010-08-10/a> | Daniel Wesemann | New Apple security updates for iPad/Pod/Phone. See http://support.apple.com/kb/ht1222 |
| 2010-08-09/a> | Jim Clausing | Virtualbox update available - looks like a few stability fixes http://www.virtualbox.org/wiki/Changelog |
| 2010-08-09/a> | Jim Clausing | Free/inexpensive tools for monitoring systems/networks |
| 2010-08-08/a> | Marcus Sachs | Thinking about Cyber Security Awareness Month in October |
| 2010-08-07/a> | Stephen Hall | Countdown to Tuesday... |
| 2010-08-07/a> | Stephen Hall | DnsMadeEasy under a "quite large and unique" ddos. |
| 2010-08-06/a> | Rob VandenBrink | FOXIT PDF Reader update to resolve iPhone/iPad Jailbreak issue ==> http://www.foxitsoftware.com/announcements/2010861227.html |
| 2010-08-05/a> | Manuel Humberto Santander Pelaez | Adobe Acrobat Font Parsing Integer Overflow Vulnerability |
| 2010-08-05/a> | Rob VandenBrink | Access Controls for Network Infrastructure |
| 2010-08-04/a> | Tom Liston | Incident Reporting - Liston's "How-To" Guide |
| 2010-08-04/a> | Adrien de Beaupre | Multiple Cisco Advisories |
| 2010-08-03/a> | Johannes Ullrich | When Lightning Strikes |
| 2010-08-03/a> | Johannes Ullrich | Solar activity may cause problems this week |
| 2010-08-02/a> | Johannes Ullrich | Microsoft Out-of-Band bulletin addresses LNK/Shortcut vulnerability |
| 2010-08-01/a> | Manuel Humberto Santander Pelaez | Evation because IPS fails to validate TCP checksums? |
| 2010-07-30/a> | Guy Bruneau | Wireshark 1.2.10 released |
| 2010-07-30/a> | Guy Bruneau | Cisco Internet Streamer: Web Server Directory Traversal Vulnerability http://www.cisco.com/warp/public/707/cisco-sa-20100721-spcdn.shtml |
| 2010-07-29/a> | Rob VandenBrink | The 2010 Verizon Data Breach Report is Out |
| 2010-07-29/a> | Rob VandenBrink | Snort 2.8.6.1 and Snort 2.9 Beta Released |
| 2010-07-29/a> | Rob VandenBrink | FBI, Slovenian and Spanish Police announce more arrests of Mariposa Botnet Creator, Operators |
| 2010-07-25/a> | Rick Wanner | Updated version of Mandiant's Web Historian |
| 2010-07-24/a> | Manuel Humberto Santander Pelaez | Types of diary: One liners vs full diary |
| 2010-07-24/a> | Manuel Humberto Santander Pelaez | Transmiting logon information unsecured in the network |
| 2010-07-23/a> | Mark Hofman | Some of our favourite sysinternals tools have been updated. TCPview, Autoruns, ProcDump and Disk2vhd have changed. More here http://blogs.technet.com/b/sysinternals/archive/2010/07/22/updates-tcpview-v3-0-autoruns-v10-02-procdump-v1-81-disk2vhd-v1-61.aspx |
| 2010-07-21/a> | Adrien de Beaupre | Update on .LNK vulnerability |
| 2010-07-21/a> | Adrien de Beaupre | Adobe Reader Protected Mode |
| 2010-07-21/a> | Adrien de Beaupre | Dell PowerEdge R410 replacement motherboard firmware contains malware |
| 2010-07-21/a> | Adrien de Beaupre | autorun.inf and .lnk Malware (NOT 'Vulnerability in Windows Shell Could Allow Remote Code Execution' 2286198) |
| 2010-07-20/a> | Manuel Humberto Santander Pelaez | LNK vulnerability now with Metasploit module implementing the WebDAV method |
| 2010-07-20/a> | Manuel Humberto Santander Pelaez | iTunes buffer overflow vulnerability |
| 2010-07-20/a> | Manuel Humberto Santander Pelaez | Lowering infocon back to green |
| 2010-07-18/a> | Manuel Humberto Santander Pelaez | SAGAN: An open-source event correlation system - Part 1: Installation |
| 2010-07-18/a> | Manuel Humberto Santander Pelaez | New metasploit GUI written in Java |
| 2010-07-15/a> | Deborah Hale | Be on the Alert |
| 2010-07-14/a> | Deborah Hale | Secunia Half Year Report for 2010 shows interesting trends |
| 2010-07-13/a> | Jim Clausing | Forensic challenge results |
| 2010-07-13/a> | Jim Clausing | July 2010 Microsoft Black Tuesday Summary |
| 2010-07-13/a> | Jim Clausing | VMware Studio Security Update |
| 2010-07-10/a> | Tony Carothers | Oracle July 2010 Pre-Release Announcement |
| 2010-07-08/a> | Kyle Haugsness | Pirate Bay account database compromised |
| 2010-07-07/a> | Kevin Shortt | Facebook, Facebook, What Do YOU See? |
| 2010-07-06/a> | Rob VandenBrink | Bogus Support Organizations use Live Operators to Install Malware |
| 2010-07-05/a> | Manuel Humberto Santander Pelaez | Apple ITunes account security compromised |
| 2010-07-04/a> | Manuel Humberto Santander Pelaez | New Winpcap Version |
| 2010-07-04/a> | Manuel Humberto Santander Pelaez | Malware inside PDF Files |
| 2010-07-04/a> | Manuel Humberto Santander Pelaez | Interesting analysis of the PHP SplObjectStorage Vulnerability |
| 2010-07-03/a> | Deborah Hale | Delivery Status Failure Notice That Packed A Wallop |
| 2010-07-02/a> | Johannes Ullrich | OISF released version 1.0.0 of Suricata, the open source IDS/IPS engine http://www.openinfosecfoundation.org |
| 2010-07-01/a> | Bojan Zdrnja | Down the RogueAV and Blackhat SEO rabbit hole (part 2) |
| 2010-06-29/a> | Johannes Ullrich | How to be a better spy: Cyber security lessons from the recent russian spy arrests |
| 2010-06-29/a> | donald smith | Interesting idea to help prevent RogueAV from using SEO without being noticed:) |
| 2010-06-29/a> | donald smith | Adobe Reader 9.3.3/8.2.3 addressing CVE-2010-1297 |
| 2010-06-28/a> | Bojan Zdrnja | Down the RogueAV and Blackhat SEO rabbit hole |
| 2010-06-27/a> | Manuel Humberto Santander Pelaez | Study of clickjacking vulerabilities on popular sites |
| 2010-06-26/a> | Guy Bruneau | socat to Simulate a Website |
| 2010-06-24/a> | Jason Lam | Help your competitor - Advise them of vulnerability |
| 2010-06-23/a> | Scott Fendley | Mozilla Firefox Updates |
| 2010-06-23/a> | Scott Fendley | Opera Browser Update |
| 2010-06-21/a> | Adrien de Beaupre | GoDaddy Scam/Phish/Spam |
| 2010-06-20/a> | Marcus Sachs | Father's Day Tips |
| 2010-06-18/a> | Johannes Ullrich | Please take a second and rate the daily podcast (Stormcast): http://www.surveymonkey.com/s/stormcast |
| 2010-06-18/a> | Adrien de Beaupre | End of the road for Cisco CSA |
| 2010-06-18/a> | Adrien de Beaupre | Distributed SSH Brute Force Attempts on the rise again |
| 2010-06-18/a> | Tom Liston | IMPORTANT INFORMATION: Distributed SSH Brute Force Attacks |
| 2010-06-17/a> | Deborah Hale | FYI - Another bogus site |
| 2010-06-17/a> | Deborah Hale | Digital Copy Machines - Security Risk? |
| 2010-06-17/a> | Deborah Hale | Internet Fraud Alert Kicks Off Today |
| 2010-06-16/a> | Kevin Shortt | Maltego 3 |
| 2010-06-16/a> | Kevin Shortt | Adobe Flash Player 10.1 - Security Update Available |
| 2010-06-15/a> | Manuel Humberto Santander Pelaez | TCP evasions for IDS/IPS |
| 2010-06-15/a> | Manuel Humberto Santander Pelaez | Mastercard delivering cards with OTP device included |
| 2010-06-15/a> | Manuel Humberto Santander Pelaez | Apple releases advisory for Mac OS X - Multiple vulnerabilities discovered |
| 2010-06-15/a> | Manuel Humberto Santander Pelaez | iPhone 4 Order Security Breach Exposes Private Information |
| 2010-06-14/a> | Manuel Humberto Santander Pelaez | New way of social engineering on IRC |
| 2010-06-14/a> | Manuel Humberto Santander Pelaez | Another way to get protection for application-level attacks |
| 2010-06-14/a> | Manuel Humberto Santander Pelaez | Metasploit 101 |
| 2010-06-14/a> | Manuel Humberto Santander Pelaez | Small lot of Olympus Stylus Tough 6010 shipped with malware |
| 2010-06-14/a> | Manuel Humberto Santander Pelaez | Rogue facebook application acting like a worm |
| 2010-06-13/a> | Rick Wanner | UnRealCD compromised by Trojan |
| 2010-06-10/a> | Deborah Hale | Wireshark 1.2.9 Now Available |
| 2010-06-10/a> | Deborah Hale | Microsoft Security Advisory 2219475 |
| 2010-06-10/a> | Deborah Hale | iPad Owners Exposed |
| 2010-06-10/a> | Deborah Hale | Another Morning of Fun |
| 2010-06-10/a> | Deborah Hale | Top 5 Social Networking Media Risks |
| 2010-06-09/a> | Deborah Hale | Adobe POC in the Wild |
| 2010-06-09/a> | Deborah Hale | Mass Infection of IIS/ASP Sites |
| 2010-06-09/a> | Deborah Hale | Best Practice to Prevent PDF Attacks |
| 2010-06-08/a> | Mark Hofman | Safari 5.0 is available for all platforms. Addresses some security issues, more here http://support.apple.com/kb/HT4196 |
| 2010-06-08/a> | Manuel Humberto Santander Pelaez | June 2010 Microsoft Black Tuesday Summary |
| 2010-06-07/a> | Manuel Humberto Santander Pelaez | Software Restriction Policy to keep malware away |
| 2010-06-07/a> | Manuel Humberto Santander Pelaez | Internet Storm Center panel tonight at SANSFIRE |
| 2010-06-06/a> | Manuel Humberto Santander Pelaez | Nice OS X exploit tutorial |
| 2010-06-05/a> | Guy Bruneau | Security Advisory for Flash Player, Adobe Reader and Acrobat |
| 2010-06-04/a> | Johannes Ullrich | Changes to Internet Storm Center Host Name |
| 2010-06-04/a> | Rick Wanner | New Honeynet Project Forensic Challenge |
| 2010-06-03/a> | Guy Bruneau | Microsoft Patch Tuesday June 2010 Pre-Release |
| 2010-06-02/a> | Bojan Zdrnja | Clickjacking attacks on Facebook's Like plugin |
| 2010-06-02/a> | Mark Hofman | OpenSSL version 1.0.0a released. This fixes a number of security issues. Don't forget a number of commercial appliances will be using this, so look for vendor updates soon. |
| 2010-06-02/a> | Rob VandenBrink | SPAM pretending to be from Habitat for Humanity |
| 2010-06-02/a> | Rob VandenBrink | New Mac malware - OSX/Onionspy |
| 2010-05-30/a> | Kevin Liston | VMware ESX/ESXi Updates |
| 2010-05-29/a> | G. N. White | Rogue AV Indictment |
| 2010-05-28/a> | Jim Clausing | Wireshark SMB file extraction plug-in |
| 2010-05-27/a> | Kevin Liston | Sasfis Propagation |
| 2010-05-26/a> | Bojan Zdrnja | Malware modularization and AV detection evasion |
| 2010-05-25/a> | donald smith | Face book “joke” leads to firing. |
| 2010-05-23/a> | Manuel Humberto Santander Pelaez | e-mail scam announcing Fidel Castro's funeral ... and nasty malware to your computer. |
| 2010-05-23/a> | Manuel Humberto Santander Pelaez | Oracle Java SE and Java for Business 'MixerSequencer' Remote Code Execution Vulnerability |
| 2010-05-22/a> | Rick Wanner | SANS 2010 Digital Forensics Summit - APT Based Forensic Challenge |
| 2010-05-21/a> | Rick Wanner | IBM distributes malware at AusCERT! |
| 2010-05-21/a> | Rick Wanner | 2010 Digital Forensics and Incident Response Summit |
| 2010-05-19/a> | Jason Lam | EFF paper about browser tracking |
| 2010-05-19/a> | Kyle Haugsness | Metasploit 3.4.0 released |
| 2010-05-18/a> | Johannes Ullrich | Canonical Display Driver Vulnerability |
| 2010-05-16/a> | Rick Wanner | Symantec triggers on World of Warcraft update |
| 2010-05-15/a> | Deborah Hale | Phony Phone Scam |
| 2010-05-15/a> | Deborah Hale | Onboard Computers Subject to Attack? |
| 2010-05-12/a> | Rob VandenBrink | Adobe Shockwave Update |
| 2010-05-12/a> | Rob VandenBrink | Layer 2 Security - Private VLANs (the Story Continues ...) |
| 2010-05-11/a> | Scott Fendley | May 2010 Microsoft Patches |
| 2010-05-08/a> | Guy Bruneau | Microsoft Patch Tuesday May 2010 Pre-Release |
| 2010-05-08/a> | Guy Bruneau | Wireshark DOCSIS Dissector DoS Vulnerability |
| 2010-05-07/a> | Rob VandenBrink | Security Awareness – Many Audiences, Many Messages (Part 2) |
| 2010-05-07/a> | Johannes Ullrich | Stock market "wipe out" may be due to computer error |
| 2010-05-06/a> | Rick Wanner | Learn about web app hacking and defense |
| 2010-05-04/a> | Rick Wanner | SIFT review in the ISSA Toolsmith |
| 2010-05-03/a> | Daniel Wesemann | Social engineering via paper mail |
| 2010-05-02/a> | Mari Nichols | Zbot Social Engineering |
| 2010-04-30/a> | Kevin Liston | The Importance of Small Files |
| 2010-04-30/a> | Johannes Ullrich | Sharepoint XSS Vulnerability |
| 2010-04-30/a> | Kevin Liston | CVE-2010-0817 SharePoint XSS Scorecard |
| 2010-04-29/a> | Bojan Zdrnja | Who needs exploits when you have social engineering? |
| 2010-04-27/a> | Rob VandenBrink | Layer 2 Security - L2TPv3 for Disaster Recovery Sites |
| 2010-04-26/a> | Raul Siles | Vulnerable Sites Database |
| 2010-04-22/a> | Deborah Hale | How McAfee turned a Disaster Exercise Into a REAL Learning Experience for Our Community Disaster Team |
| 2010-04-22/a> | Deborah Hale | Don't Be Fooled by Twitter Spam in Your Inbox |
| 2010-04-22/a> | John Bambenek | Data Redaction: You're Doing it Wrong |
| 2010-04-21/a> | Guy Bruneau | McAfee DAT 5958 Update Issues |
| 2010-04-21/a> | Guy Bruneau | Google Chrome Security Update v4.1.249.1059 Released: http://googlechromereleases.blogspot.com/2010/04/stable-update-security-fixes.html |
| 2010-04-20/a> | Raul Siles | Are You Ready for a Transportation Collapse...? |
| 2010-04-19/a> | Daniel Wesemann | Linked into scams? |
| 2010-04-18/a> | Guy Bruneau | Some NetSol hosted sites breached |
| 2010-04-14/a> | Mark Hofman | Oracle has released 47 critical patches (Includes SUN patches) |
| 2010-04-14/a> | Mark Hofman | ClamAV 0.94 EOL Reminder |
| 2010-04-14/a> | Mark Hofman | And let the patching games continue |
| 2010-04-13/a> | Adrien de Beaupre | Web App Testing Tools |
| 2010-04-13/a> | Johannes Ullrich | More Legal Threat Malware E-Mail |
| 2010-04-13/a> | Johannes Ullrich | Apache.org Bugtracker Breach |
| 2010-04-13/a> | Johannes Ullrich | Microsoft April 2010 Patch Tuesday |
| 2010-04-13/a> | Adrien de Beaupre | Security update available for Adobe Reader and Acrobat |
| 2010-04-11/a> | Marcus Sachs | Network and process forensics toolset |
| 2010-04-10/a> | Andre Ludwig | New bug/exploit for javaws |
| 2010-04-09/a> | Mark Hofman | Adobe launch issue response/work around. |
| 2010-04-09/a> | Mark Hofman | VMware has released the following patch "VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues". Make sure you test before applying to production. |
| 2010-04-09/a> | Mark Hofman | Outage Update - isc.sans.org |
| 2010-04-08/a> | Bojan Zdrnja | JavaScript obfuscation in PDF: Sky is the limit |
| 2010-04-08/a> | Guy Bruneau | Microsoft Patch Tuesday April 2010 Pre-Release |
| 2010-04-07/a> | Rob VandenBrink | The Many Paths to Security Awareness |
| 2010-04-07/a> | Johannes Ullrich | our primary datacenter is currently experiencing a network outage |
| 2010-04-06/a> | Daniel Wesemann | Application Logs |
| 2010-04-04/a> | Mari Nichols | Financial Management of Cyber Risk |
| 2010-04-02/a> | Guy Bruneau | Security Advisory for ESX Service Console |
| 2010-04-02/a> | Guy Bruneau | Apple QuickTime and iTunes Security Update |
| 2010-04-02/a> | Guy Bruneau | Foxit Reader Security Update |
| 2010-04-02/a> | Guy Bruneau | Oracle Java SE and Java for Business Critical Patch Update Advisory |
| 2010-04-01/a> | Jim Clausing | Wireshark 1.2.7 released, bug fixes, doesn't look like any security issues (http://www.wireshark.org/) |
| 2010-03-31/a> | Johannes Ullrich | PDF Arbitrary Code Execution - vulnerable by design. |
| 2010-03-30/a> | Pedro Bueno | VMWare Security Advisories Out |
| 2010-03-30/a> | Pedro Bueno | Sharing the Tools |
| 2010-03-29/a> | Adrien de Beaupre | APPLE-SA-2010-03-29-1 Security Update 2010-002 / Mac OS X v10.6.3 |
| 2010-03-29/a> | Pedro Bueno | Microsoft to release out-of-band security bulletin tomorrow for IE6/IE7 with cumulative fix. |
| 2010-03-29/a> | Adrien de Beaupre | Nmap 5.30BETA1 released |
| 2010-03-29/a> | Adrien de Beaupre | OOB Update for Internet Explorer MS10-018 |
| 2010-03-28/a> | Rick Wanner | Honeynet Project: 2010 Forensic Challenge #3 |
| 2010-03-27/a> | Guy Bruneau | HP-UX Running NFS/ONCplus, Inadvertently Enabled NFS |
| 2010-03-27/a> | Guy Bruneau | Create a Summary of IP Addresses from PCAP Files using Unix Tools |
| 2010-03-26/a> | Daniel Wesemann | Getting the EXE out of the RTF again |
| 2010-03-24/a> | Johannes Ullrich | ".sys" Directories Delivering Driveby Downloads |
| 2010-03-24/a> | Kyle Haugsness | Wikipedia outage |
| 2010-03-22/a> | Guy Bruneau | New Opera 10.51 available with security fixes. More information available at: http://www.opera.com/docs/changelogs/windows/1051/ |
| 2010-03-21/a> | Scott Fendley | Skipfish - Web Application Security Tool |
| 2010-03-17/a> | Deborah Hale | Trojan outbreak on a College Campus |
| 2010-03-17/a> | Deborah Hale | Spam was killing us! Here is what we did to help! |
| 2010-03-15/a> | Adrien de Beaupre | Spamassassin Milter Plugin Remote Root Attack |
| 2010-03-12/a> | Mark Hofman | Firefox 3.6 is being pushed out to users. http://www.mozilla.com/en-US/firefox/3.6/releasenotes/ |
| 2010-03-11/a> | Mark Hofman | A new version of Safari is out. Looks like for Mac and Windows. Plenty of security fixes (mostly for Windows Safari users http://support.apple.com/kb/HT4070 ) |
| 2010-03-10/a> | Rob VandenBrink | What's My Firewall Telling Me? (Part 4) |
| 2010-03-10/a> | Rob VandenBrink | Microsoft Security Advisory 981374 - Remote Code Execution Vulnerability for IE6 and IE7 |
| 2010-03-10/a> | Rob VandenBrink | Microsoft re-release of KB973811 - attacks on Extended Protection for Authentication |
| 2010-03-09/a> | Marcus Sachs | Energizer Malware |
| 2010-03-09/a> | John Bambenek | March 2010 - Microsoft Patch Tuesday Diary |
| 2010-03-08/a> | Raul Siles | Samurai WTF 0.8 |
| 2010-03-08/a> | Raul Siles | Microsoft announced two important bulletins (fixing multiple vulns. affecting Windows and Office) for tomorrow: http://www.microsoft.com/technet/security/Bulletin/MS10-mar.mspx |
| 2010-03-07/a> | Mari Nichols | DHS issues Cybersecurity challenge |
| 2010-03-07/a> | Mari Nichols | Apache releases version 2.2.15 with 5 security fixes including OpenSSL issue. |
| 2010-03-06/a> | Tony Carothers | Integration and the Security of New Technologies |
| 2010-03-05/a> | Kyle Haugsness | Unpatched Opera 10.50 and below code execution vulnerability |
| 2010-03-05/a> | Kyle Haugsness | Javascript obfuscators used in the wild |
| 2010-03-05/a> | Kyle Haugsness | What is your firewall log telling you - responses |
| 2010-03-05/a> | Kyle Haugsness | False scare email proclaiming North Korea nuclear launch against Japan |
| 2010-03-04/a> | Daniel Wesemann | salefale-dot-com is bad |
| 2010-03-03/a> | Mark Hofman | MS10-015 re-released |
| 2010-03-03/a> | Johannes Ullrich | Reports about large number of fake Amazon order confirmations |
| 2010-03-03/a> | Daniel Wesemann | What is your firewall log telling you - Part #2 |
| 2010-03-01/a> | Mark Hofman | AS/NZ "Online Offensive - Fight fraud online" week March 1-7 |
| 2010-03-01/a> | Mark Hofman | Microsoft will drop support for Vista (without any Service Packs) on April 13 and support for XP SP2 ends July 13. (i.e. no more security updates). If you are still running these, it it time to update. |
| 2010-03-01/a> | Mark Hofman | IE 0-day using .hlp files |
| 2010-02-27/a> | Guy Bruneau | PHP 5.2.13 Security Update |
| 2010-02-27/a> | Johannes Ullrich | Search Engine Poisoning: Chile Earthquake |
| 2010-02-26/a> | Rick Wanner | New version of dnsmap |
| 2010-02-25/a> | Chris Carboni | Pass The Hash |
| 2010-02-25/a> | Andre Ludwig | Microsoft, restraining orders, and how a big botnet (waledec) ate curb. |
| 2010-02-23/a> | Mark Hofman | What is your firewall telling you and what is TCP249? |
| 2010-02-22/a> | Rob VandenBrink | New Risks in Penetration Testing |
| 2010-02-22/a> | Rob VandenBrink | Not Every Cloud has a Silver Lining |
| 2010-02-21/a> | Patrick Nolan | Looking for "more useful" malware information? Help develop the format. |
| 2010-02-20/a> | Mari Nichols | Is "Green IT" Defeating Security? |
| 2010-02-17/a> | Rob VandenBrink | Defining Clouds - " A Cloud by any Other Name Would be a Lot Less Confusing" |
| 2010-02-17/a> | Rob VandenBrink | Multiple Security Updates for ESX 3.x and ESXi 3.x |
| 2010-02-17/a> | Rob VandenBrink | Cisco ASA5500 Security Updates - cisco-sa-20100217-asa |
| 2010-02-17/a> | Rob VandenBrink | Cisco Security Agent Security Updates: cisco-sa-20100217-csa |
| 2010-02-16/a> | Johannes Ullrich | Teredo "stray packet" analysis |
| 2010-02-16/a> | Robert Danford | Adobe Updates: http://www.adobe.com/support/security/bulletins/apsb10-07.html http://www.adobe.com/support/security/bulletins/apsb10-06.html |
| 2010-02-15/a> | Johannes Ullrich | New ISC Tool: Whitelist Hash Database |
| 2010-02-15/a> | Johannes Ullrich | Various Olympics Related Dangerous Google Searches |
| 2010-02-13/a> | Lorna Hutcheson | Network Traffic Analysis in Reverse |
| 2010-02-12/a> | G. N. White | Adobe Flash Player 10.0.45.2 and AIR 1.5.3.9130 released to correct vulnerability CVE-2010-0186 Details: http://www.adobe.com/support/security/bulletins/apsb10-06.html |
| 2010-02-12/a> | G. N. White | Time to update those IP Bogon Filters (again) |
| 2010-02-11/a> | Johannes Ullrich | MS10-015 may cause Windows XP to blue screen |
| 2010-02-11/a> | Deborah Hale | The Mysterious Blue Screen |
| 2010-02-11/a> | Deborah Hale | Critical Update for AD RMS |
| 2010-02-10/a> | Johannes Ullrich | Twitpic, EXIF and GPS: I Know Where You Did it Last Summer |
| 2010-02-10/a> | Marcus Sachs | Datacenters and Directory Traversals |
| 2010-02-09/a> | Adrien de Beaupre | When is a 0day not a 0day? Samba symlink bad default config |
| 2010-02-09/a> | Mark Hofman | Oracle has an unscheduled security alert and patch for CVE-2010-0073. The issue affects WebLogic Server and is remotely exploitable. Details and patch are here http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0073.html |
| 2010-02-09/a> | Johannes Ullrich | February 2010 Black Tuesday Overview |
| 2010-02-08/a> | Adrien de Beaupre | When is a 0day not a 0day? Fake OpenSSh exploit, again. |
| 2010-02-07/a> | Rick Wanner | Mandiant Mtrends Report |
| 2010-02-06/a> | Guy Bruneau | Oracle WebLogic Server Security Alert |
| 2010-02-06/a> | Guy Bruneau | LANDesk Management Gateway Vulnerability |
| 2010-02-05/a> | Jim Clausing | Memory Analysis - time to move beyond XP |
| 2010-02-05/a> | Jim Clausing | WordPress iframe injection? |
| 2010-02-04/a> | Johannes Ullrich | Microsoft Patch Tuesday Pre-Release |
| 2010-02-03/a> | Rob VandenBrink | APPLE-SA-2010-02-02-1 iPhone OS 3.1.3 and iPhone OS 3.1.3 for iPod touch |
| 2010-02-03/a> | Johannes Ullrich | Anatomy of a Form Spam Campaign (in progress against isc.sans.org right now) https://blogs.sans.org/appsecstreetfighter/ |
| 2010-02-03/a> | Rob VandenBrink | Support for Legacy Browsers |
| 2010-02-03/a> | Johannes Ullrich | Information Disclosure Vulnerability in Internet Explorer |
| 2010-02-02/a> | Guy Bruneau | Adobe ColdFusion Information Disclosure |
| 2010-02-02/a> | Johannes Ullrich | New IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux) |
| 2010-02-02/a> | Johannes Ullrich | Twitter Mass Password Reset due to Phishing |
| 2010-02-01/a> | Rob VandenBrink | NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care? |
| 2010-01-30/a> | Stephen Hall | New and updated VMWare advisories |
| 2010-01-29/a> | Johannes Ullrich | Analyzing isc.sans.org weblogs, part 2, RFI attacks |
| 2010-01-29/a> | Adrien de Beaupre | Neo-legacy applications |
| 2010-01-27/a> | Raul Siles | European Union Security Challenge (Campus Party 2010) |
| 2010-01-27/a> | Raul Siles | Command Line Kung Fu |
| 2010-01-27/a> | Raul Siles | Nmap 5.21 released (nmap.org): bug-fix only release. |
| 2010-01-27/a> | Raul Siles | Active SEO poisoning attacks for hot topics |
| 2010-01-26/a> | Rob VandenBrink | VMware vSphere Hardening Guide Draft posted for public review |
| 2010-01-25/a> | William Salusky | "Bots and Spiders and Crawlers, be gone!" - or - "New Open Source WebAppSec tools, Huzzah!" |
| 2010-01-24/a> | Pedro Bueno | Outdated client applications |
| 2010-01-22/a> | Mari Nichols | Pass-down for a Successful Incident Response |
| 2010-01-21/a> | Johannes Ullrich | New Microsoft Advisory: Vulnerability in Windows Kernel Privilege Escalation (CVE-2010-0232) |
| 2010-01-21/a> | Chris Carboni | Security Update Available for Shockwave Player |
| 2010-01-21/a> | Chris Carboni | * Microsoft Out Of Band Patch Release |
| 2010-01-21/a> | Johannes Ullrich | Microsoft January Out of Band Patch |
| 2010-01-20/a> | Guy Bruneau | New stable version of Nmap (5.20) available for download: http://nmap.org/download.html |
| 2010-01-19/a> | Jim Clausing | Forensic challenges |
| 2010-01-19/a> | Jim Clausing | Apple Security Update 2010-001 |
| 2010-01-17/a> | Rick Wanner | Buffer overflow in Quicktime |
| 2010-01-14/a> | Bojan Zdrnja | Rogue AV exploiting Haiti earthquake |
| 2010-01-14/a> | Bojan Zdrnja | DRG (Dragon Research Group) Distro available for general release |
| 2010-01-14/a> | Bojan Zdrnja | 0-day vulnerability in Internet Explorer 6, 7 and 8 |
| 2010-01-14/a> | Bojan Zdrnja | PDF Babushka |
| 2010-01-13/a> | Johannes Ullrich | SMS Donations Advertised via Twitter |
| 2010-01-13/a> | Guy Bruneau | Sun Java JRE 6 Update 18 Released |
| 2010-01-12/a> | Adrien de Beaupre | PoC for CVE-2009-0689 MacOS X 10.5/10.6 vulnerability |
| 2010-01-12/a> | Johannes Ullrich | Baidu defaced - Domain Registrar Tampering |
| 2010-01-12/a> | Johannes Ullrich | Microsoft Security Bulletin: January 2010 |
| 2010-01-12/a> | Johannes Ullrich | Microsoft Advices XP Users to Uninstall Flash Player 6 |
| 2010-01-12/a> | Johannes Ullrich | Oracle Patches Relased |
| 2010-01-12/a> | Johannes Ullrich | Pre-Announced Adobe Reader and Acrobat Patch Found! |
| 2010-01-12/a> | Johannes Ullrich | Haiti Earthquake: Possible scams / malware |
| 2010-01-11/a> | Johannes Ullrich | Fake Android Application |
| 2010-01-11/a> | Adrien de Beaupre | BackTrack 4 final released http://www.remote-exploit.org/news.html http://www.backtrack-linux.org/downloads/ |
| 2010-01-10/a> | Johannes Ullrich | 6.5 magnitude earthquake in California causing local poweroutage |
| 2010-01-09/a> | G. N. White | What's Up With All The Port Scanning Using TCP/6000 As A Source Port? |
| 2010-01-08/a> | Rob VandenBrink | Microsoft OfficeOnline, Searching for Trust and Malware |
| 2010-01-07/a> | Daniel Wesemann | Static analysis of malicous PDFs (Part #2) |
| 2010-01-07/a> | Daniel Wesemann | Static analysis of malicious PDFs |
| 2010-01-06/a> | Guy Bruneau | Firefox security and stability update for version 3.5.7 and 3.0.17 available for download |
| 2010-01-06/a> | Guy Bruneau | Secure USB Flaw Exposed |
| 2009-12-29/a> | Rick Wanner | What's up with port 12174? Possible Symantec server compromise? |
| 2009-12-28/a> | Johannes Ullrich | 8 Basic Rules to Implement Secure File Uploads http://jbu.me/48 (inspired by IIS ; bug) |
| 2009-12-27/a> | Patrick Nolan | Pressure increasing for Microsoft to patch IIS 0 day |
| 2009-12-24/a> | Guy Bruneau | Microsoft IIS File Parsing Extension Vulnerability |
| 2009-12-23/a> | Johannes Ullrich | Tell us about your Christmas Family Emergency Kit |
| 2009-12-23/a> | Marcus Sachs | Blackberry Outage |
| 2009-12-19/a> | Deborah Hale | Frustrations of ISP Abuse Handling |
| 2009-12-19/a> | Deborah Hale | Educationing Our Communities |
| 2009-12-18/a> | Stephen Hall | Wireshark 1.2.5 released - including three security fixes |
| 2009-12-17/a> | Daniel Wesemann | overlay.xul is back |
| 2009-12-17/a> | Daniel Wesemann | In caches, danger lurks |
| 2009-12-16/a> | Rob VandenBrink | Seamonkey Update to 2.0.1, find the release notes here ==> http://www.seamonkey-project.org/releases/seamonkey2.0.1 |
| 2009-12-16/a> | Rob VandenBrink | Beware the Attack of the Christmas Greeting Cards ! |
| 2009-12-15/a> | Johannes Ullrich | Adobe 0-day in the wild - again |
| 2009-12-14/a> | Adrien de Beaupre | Anti-forensics, COFEE vs. DECAF |
| 2009-12-09/a> | Swa Frantzen | Adobe flash player and air patched |
| 2009-12-09/a> | Swa Frantzen | OSSEC 2.3 released |
| 2009-12-09/a> | Swa Frantzen | Facebook announces privacy improvements |
| 2009-12-08/a> | Deborah Hale | December 2009 Black Tuesday Overview |
| 2009-12-07/a> | Rick Wanner | Cheat Sheet: Analyzing Malicious Documents |
| 2009-12-07/a> | Rob VandenBrink | Layer 2 Network Protections – reloaded! |
| 2009-12-05/a> | Guy Bruneau | Java JRE Buffer and Integer Overflow |
| 2009-12-04/a> | Daniel Wesemann | Max Power's Malware Paradise |
| 2009-12-04/a> | Daniel Wesemann | The economics of security advice (MSFT research paper) |
| 2009-12-03/a> | Mark Hofman | Avast false positives |
| 2009-12-03/a> | Mark Hofman | Apple released some Java updates today APPLE-SA-2009-12-03-1 & 2 (for 10.5 and 10.6). Fixes a number of security issues so updating is a good idea. |
| 2009-12-03/a> | Mark Hofman | Next week will be a big patch week - Adobe is also releasing patches "Adobe is planning to release an update for Adobe Flash Player 10.0.32.18 and earlier versions, and an update to Adobe AIR 1.5.2 and earlier versions, to resolve critical security issues |
| 2009-12-02/a> | Rob VandenBrink | Microsoft Black Screen of Death - Fact of Fiction? |
| 2009-12-02/a> | Rob VandenBrink | SPAM and Malware taking advantage of H1N1 concerns |
| 2009-12-01/a> | Chris Carboni | Vulnerabilities in the PDF distiller of the BlackBerry Attachment Service |
| 2009-11-29/a> | Patrick Nolan | A Cloudy Weekend |
| 2009-11-25/a> | Jim Clausing | Tool updates |
| 2009-11-25/a> | Jim Clausing | Microsoft Updates requiring reboot |
| 2009-11-25/a> | Jim Clausing | Updates to my GREM Gold scripts and a new script |
| 2009-11-24/a> | Rick Wanner | Microsoft Security Advisory 977981 - IE 6 and IE 7 |
| 2009-11-24/a> | John Bambenek | BIND Security Advisory (DNSSEC only) |
| 2009-11-24/a> | Johannes Ullrich | The ISC and DShield websites will be unavailable on Wednesday Nov 25th from 8-8:30 am EST. |
| 2009-11-22/a> | Marcus Sachs | IE6 and IE7 0-Day Reported |
| 2009-11-21/a> | Mark Hofman | VMware vCenter and ESX updates available http://lists.vmware.com/pipermail/security-announce/2009/000070.html |
| 2009-11-18/a> | Rob VandenBrink | Using a Cisco Router as a “Remote Collector” for tcpdump or Wireshark |
| 2009-11-17/a> | Guy Bruneau | Metasploit Framework 3.3 Released |
| 2009-11-16/a> | G. N. White | Reports of a successful exploit of the SSL Renegotiation Vulnerability? |
| 2009-11-14/a> | Adrien de Beaupre | Microsoft advisory for Windows 7 / Windows Server 2008 R2 Remote SMB DoS Exploit released |
| 2009-11-13/a> | Adrien de Beaupre | Flash Origin Policy Attack |
| 2009-11-13/a> | Adrien de Beaupre | Conficker patch via email? |
| 2009-11-13/a> | Deborah Hale | Pushdo/Cutwail Spambot - A Little Known BIG Problem |
| 2009-11-13/a> | Deborah Hale | It's Never Too Early To Start Teaching Them |
| 2009-11-13/a> | Adrien de Beaupre | TLS & SSLv3 renegotiation vulnerability explained |
| 2009-11-11/a> | Rob VandenBrink | Layer 2 Network Protections against Man in the Middle Attacks |
| 2009-11-11/a> | Rob VandenBrink | Apple Safari 4.0.4 Released |
| 2009-11-10/a> | Swa Frantzen | Microsoft November Black Tuesday Overview |
| 2009-11-09/a> | Chris Carboni | 80's Flashback on Jailbroken iPhones |
| 2009-11-09/a> | Guy Bruneau | Apple Security Update 2009-006 for Mac OS X v10.6.2 |
| 2009-11-08/a> | Kevin Liston | Even More Thoughts on Legacy Systems |
| 2009-11-06/a> | Mark Hofman | A new version of Firefox (3.5.5) just became available. According to the release notes they are stability improvements. |
| 2009-11-05/a> | Swa Frantzen | Legacy systems |
| 2009-11-05/a> | Swa Frantzen | Insider threat: The snapnames case |
| 2009-11-05/a> | Swa Frantzen | TLS Man-in-the-middle on renegotiation vulnerability made public |
| 2009-11-05/a> | Swa Frantzen | RIM fixes random code execution vulnerability |
| 2009-11-03/a> | Bojan Zdrnja | Opachki, from (and to) Russia with love |
| 2009-11-03/a> | Bojan Zdrnja | Adobe released Shockwave Player 11.5.2.602 which fixes several critical security vulnerabilities |
| 2009-11-03/a> | Andre Ludwig | SURBL now posting abuse statistics for TLD's |
| 2009-11-02/a> | Daniel Wesemann | IDN ccTLDs |
| 2009-11-02/a> | Daniel Wesemann | Password rules: Change them every 25 years |
| 2009-11-02/a> | Rob VandenBrink | Microsoft releases v1.02 of Enhanced Mitigation Evaluation Toolkit (EMET) |
| 2009-10-31/a> | Rick Wanner | Cyber Security Awareness Month - Day 31, ident |
| 2009-10-30/a> | Rob VandenBrink | Cyber Security Awareness Month - Day 30 - The "Common" IPSEC VPN Protocols - IKE / ISAKMP (500/udp), ESP (IP Protocol 50), NAT-T-IKE (500/udp, 4500/udp), PPTP (tcp/1723), GRE (IP Protocol 47) |
| 2009-10-30/a> | Rob VandenBrink | ICANN Strategic Planning (2010-2013) Consultation |
| 2009-10-30/a> | Rob VandenBrink | New version of NIST 800-41, Firewalls and Firewall Policy Guidelines |
| 2009-10-29/a> | Kyle Haugsness | Cyber Security Awareness Month - Day 29 - dns port 53 |
| 2009-10-28/a> | Johannes Ullrich | Sniffing SSL: RFC 4366 and TLS Extensions |
| 2009-10-28/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 28 - ntp (123/udp) |
| 2009-10-28/a> | Johannes Ullrich | Firefox 3.5.4 released. Lots of security bug fixes. (thanks Gilbert!) |
| 2009-10-27/a> | Rob VandenBrink | New VMware Desktop Products Released (Workstation, Fusion, ACE) |
| 2009-10-25/a> | Lorna Hutcheson | Cyber Security Awareness Month - Day 25 - Port 80 and 443 |
| 2009-10-23/a> | Johannes Ullrich | Little new tool: reversing md5/sha1 hashes http://isc.sans.org/tools/reversehash.html |
| 2009-10-22/a> | Adrien de Beaupre | Sysinternals updates: Disk2vhd v1.1, ZoomIt v4.1, Coreinfo v2.0, VMMap v2.4 |
| 2009-10-22/a> | Adrien de Beaupre | Cyber Security Awareness Month - Day 22 port 502 TCP - Modbus |
| 2009-10-21/a> | Pedro Bueno | Cyber Security Awareness Month - Day 21 - Port 135 |
| 2009-10-20/a> | Raul Siles | Oracle Critical Patch Update (CPU) - October 2009 |
| 2009-10-20/a> | Raul Siles | WASC 2008 Statistics |
| 2009-10-19/a> | Daniel Wesemann | Cyber Security Awareness Month - Day 19 - ICMP |
| 2009-10-19/a> | Daniel Wesemann | Backed up, lately ? |
| 2009-10-19/a> | Daniel Wesemann | Scam Email |
| 2009-10-18/a> | Mari Nichols | Computer Security Awareness Month - Day 18 - Telnet an oldie but a goodie |
| 2009-10-17/a> | Rick Wanner | Cyber Security Awareness Month - Day 17 - Port 22/SSH |
| 2009-10-17/a> | Rick Wanner | Unusual traffic from Loopback to Unused ARIN address |
| 2009-10-16/a> | Stephen Hall | VMWare updates ESX |
| 2009-10-16/a> | Adrien de Beaupre | Cyber Security Awareness Month - Day 16 - Port 1521 - Oracle TNS Listener |
| 2009-10-16/a> | Adrien de Beaupre | Disable MS09-054 patch, or Firefox Plugin? |
| 2009-10-15/a> | Deborah Hale | Cyber Security Awareness Month - Day 15 - Ports 995, 465, and 993 - Secure Email |
| 2009-10-14/a> | Johannes Ullrich | Odd Apache/MSIE issue with downloads from ISC |
| 2009-10-13/a> | Johannes Ullrich | Microsoft October 2009 Black Tuesday Overview |
| 2009-10-13/a> | Daniel Wesemann | Adobe Reader and Acrobat - Black Tuesday continues |
| 2009-10-12/a> | Mark Hofman | Some interesting SSL SPAM |
| 2009-10-11/a> | Mark Hofman | Cyber Security Awareness Month - Day 12 Ports 161/162 Simple Network Management Protocol (SNMP) |
| 2009-10-09/a> | Rob VandenBrink | Cyber Security Awareness Month - Day 9 - Port 3389/tcp (RDP) |
| 2009-10-09/a> | Rob VandenBrink | THAWTE to discontinue free Email Certificate Services and Web of Trust Service |
| 2009-10-08/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 8 - Port 25 - SMTP |
| 2009-10-08/a> | Johannes Ullrich | New Adobe Vulnerability Exploited in Targeted Attacks |
| 2009-10-07/a> | Joel Esler | Spam rate increase is seen |
| 2009-10-06/a> | Adrien de Beaupre | Cyber Security Awareness Month - Day 6 ports 67&68 udp - bootp and dhcp |
| 2009-10-05/a> | Adrien de Beaupre | Cyber Security Awareness Month - Day 5 port 31337 |
| 2009-10-05/a> | Adrien de Beaupre | Time to change your hotmail/gmail/yahoo password |
| 2009-10-04/a> | Guy Bruneau | Samba Security Information Disclosure and DoS |
| 2009-10-02/a> | Stephen Hall | Cyber Security Awareness Month - Day 2 - Port 0 |
| 2009-10-02/a> | Stephen Hall | New SysInternal fun for the weekend |
| 2009-10-02/a> | Stephen Hall | VMware Fusion updates to fixes a couple of bugs |
| 2009-09-27/a> | Stephen Hall | Use Emerging Threats signatures? READ THIS! |
| 2009-09-25/a> | Lenny Zeltser | Categories of Common Malware Traits |
| 2009-09-25/a> | Deborah Hale | Conficker Continues to Impact Networks |
| 2009-09-25/a> | Deborah Hale | Malware delivered over Google and Yahoo Ad's? |
| 2009-09-24/a> | Jim Clausing | A couple more tools |
| 2009-09-22/a> | Jason Lam | ESTA scam |
| 2009-09-20/a> | Mari Nichols | Insider Threat and Security Awareness |
| 2009-09-19/a> | Rick Wanner | Sysinternals Tools Updates |
| 2009-09-17/a> | Bojan Zdrnja | Why is Rogue/Fake AV so successful? |
| 2009-09-16/a> | Raul Siles | Wireshark 1.2.2 (and 1.0.9) is out! |
| 2009-09-16/a> | Raul Siles | Review the security controls of your Web Applications... all them! |
| 2009-09-15/a> | Johannes Ullrich | SANS releases new Cyber Security Risk Report |
| 2009-09-12/a> | Jim Clausing | Apple Updates |
| 2009-09-10/a> | Johannes Ullrich | Healthcare Spam |
| 2009-09-10/a> | Guy Bruneau | Firefox 3.5.3 and 3.0.14 has been released |
| 2009-09-08/a> | Guy Bruneau | Bug Fixes in Sun SDK 5 and Java SE 6 |
| 2009-09-08/a> | Adrien de Beaupre | Microsoft Security Advisory 975191 Revised |
| 2009-09-08/a> | Guy Bruneau | Microsoft September 2009 Black Tuesday Overview |
| 2009-09-07/a> | Jim Clausing | Seclists.org is finally back |
| 2009-09-07/a> | Lorna Hutcheson | Encrypting Data |
| 2009-09-05/a> | Mark Hofman | Critical Infrastructure and dependencies |
| 2009-09-04/a> | Adrien de Beaupre | Vulnerabilities (plural) in MS IIS FTP Service 5.0, 5.1. 6.0, 7.0 |
| 2009-09-04/a> | Adrien de Beaupre | Fake anti-virus |
| 2009-09-04/a> | Adrien de Beaupre | So, you updated your Flash did you? |
| 2009-09-04/a> | Adrien de Beaupre | SeaMonkey Security Update |
| 2009-09-01/a> | Guy Bruneau | Opera 10 with Security Fixes |
| 2009-09-01/a> | Guy Bruneau | Gmail Down |
| 2009-08-31/a> | Pedro Bueno | Microsoft IIS 5/6 FTP 0Day released |
| 2009-08-30/a> | Tony Carothers | How do I recover from.....? |
| 2009-08-29/a> | Guy Bruneau | Immunet Protect - Cloud and Community Malware Protection |
| 2009-08-28/a> | Adrien de Beaupre | WPA with TKIP done |
| 2009-08-28/a> | Adrien de Beaupre | apache.org compromised |
| 2009-08-26/a> | Johannes Ullrich | Cisco over-the-air-provisioning skyjacking exploit |
| 2009-08-26/a> | Johannes Ullrich | Malicious CD ROMs mailed to banks |
| 2009-08-25/a> | Bojan Zdrnja | Flash attack vectors (and worms) |
| 2009-08-21/a> | Rick Wanner | Updates to VMWare Products |
| 2009-08-19/a> | Daniel Wesemann | Checking your protection |
| 2009-08-18/a> | Deborah Hale | Domain tcpdump.org unavailable |
| 2009-08-18/a> | Deborah Hale | Security Bulletin for ColdFusion and JRun |
| 2009-08-18/a> | Deborah Hale | Sysinternals Procdump Updated |
| 2009-08-17/a> | Adrien de Beaupre | YAMWD: Yet Another Mass Web Defacement |
| 2009-08-16/a> | Mari Nichols | Surviving a third party onsite audit |
| 2009-08-13/a> | Johannes Ullrich | CA eTrust update crashes systems |
| 2009-08-13/a> | Jim Clausing | Tools for extracting files from pcaps |
| 2009-08-11/a> | Swa Frantzen | Microsoft August 2009 Black Tuesday Overview |
| 2009-08-11/a> | Swa Frantzen | Safari 4.0.3 |
| 2009-08-05/a> | donald smith | Security Update 2009-003 / Mac OS X v10.5.8 |
| 2009-08-04/a> | donald smith | Java Security Update |
| 2009-08-03/a> | Mark Hofman | Switch hardening on your network |
| 2009-07-31/a> | Deborah Hale | Don't forget to tell your SysAdmin Thanks |
| 2009-07-31/a> | Deborah Hale | The iPhone patch is out |
| 2009-07-31/a> | Deborah Hale | Adobe Patch is out |
| 2009-07-30/a> | Mark Hofman | Happy patching day |
| 2009-07-30/a> | Deborah Hale | iPhone Hijack |
| 2009-07-28/a> | Adrien de Beaupre | YYAMCCBA |
| 2009-07-28/a> | Adrien de Beaupre | MS released two OOB bulletins and an advisory |
| 2009-07-28/a> | Adrien de Beaupre | Twitter spam/phish |
| 2009-07-27/a> | Raul Siles | Filemon and Regmon are dead, long life to Procmon! |
| 2009-07-27/a> | Raul Siles | New Hacker Challenge: Prison Break - Breaking, Entering & Decoding |
| 2009-07-26/a> | Jim Clausing | New Volatility plugins |
| 2009-07-24/a> | Rick Wanner | Microsoft Out of Band Patch |
| 2009-07-23/a> | John Bambenek | Missouri Passes Breach Notification Law: Gap Still Exists for Banking Account Information |
| 2009-07-22/a> | Bojan Zdrnja | YA0D (Yet Another 0-Day) in Adobe Flash player |
| 2009-07-20/a> | Stephen Hall | Wireshark Release 1.2.1 |
| 2009-07-18/a> | Patrick Nolan | Chrome update contains Security fixes |
| 2009-07-17/a> | Bojan Zdrnja | A new fascinating Linux kernel vulnerability |
| 2009-07-17/a> | John Bambenek | Cross-Platform, Cross-Browser DoS Vulnerability |
| 2009-07-16/a> | Guy Bruneau | Changes in Windows Security Center |
| 2009-07-16/a> | Bojan Zdrnja | Nmap 5.0 released |
| 2009-07-15/a> | Bojan Zdrnja | Make sure you update that Java |
| 2009-07-14/a> | Swa Frantzen | Microsoft July Black Tuesday Overview |
| 2009-07-14/a> | Swa Frantzen | ISC DHCP client updated |
| 2009-07-14/a> | Swa Frantzen | Oracle Black Tuesday |
| 2009-07-13/a> | Adrien de Beaupre | Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution |
| 2009-07-13/a> | Adrien de Beaupre | * Infocon raised to yellow for Excel Web Components ActiveX vulnerability |
| 2009-07-13/a> | Adrien de Beaupre | Security Update available for Wyse Device Manager |
| 2009-07-12/a> | Mari Nichols | CA Apologizes for False Positive |
| 2009-07-11/a> | Rick Wanner | VMWare Security Advisories |
| 2009-07-11/a> | Marcus Sachs | Imageshack |
| 2009-07-10/a> | Guy Bruneau | WordPress Fixes Multiple vulnerabilities |
| 2009-07-09/a> | John Bambenek | Latest Updates on Ongoing DDoS on Governmental/Commercial Websites in USA and S. Korea |
| 2009-07-08/a> | Andre Ludwig | Safari 4.0.2 update published |
| 2009-07-06/a> | Stephen Hall | 0-day in Microsoft DirectShow (msvidctl.dll) used in drive-by attacks |
| 2009-07-05/a> | Bojan Zdrnja | More on ColdFusion hacks |
| 2009-07-03/a> | Adrien de Beaupre | Happy 4th of July! |
| 2009-07-02/a> | Daniel Wesemann | Getting the EXE out of the RTF |
| 2009-07-02/a> | Daniel Wesemann | Time to update updating on PCs for 3rd party apps |
| 2009-07-02/a> | Daniel Wesemann | Unpatched Bloatware on new PCs |
| 2009-07-02/a> | Bojan Zdrnja | Cold Fusion web sites getting compromised |
| 2009-07-01/a> | Bojan Zdrnja | Mobile phone trojans |
| 2009-07-01/a> | Bojan Zdrnja | New VMWare Security Advisory |
| 2009-06-30/a> | Chris Carboni | Obfuscated Code |
| 2009-06-30/a> | Chris Carboni | De-Obfuscation Submissions |
| 2009-06-28/a> | Guy Bruneau | IP Address Range Search with libpcap |
| 2009-06-27/a> | Tony Carothers | New NIAP Strategy on the Horizon |
| 2009-06-26/a> | Mark Hofman | PHPMYADMIN scans |
| 2009-06-25/a> | Mark Hofman | Michael J & Farrah F death SPAM |
| 2009-06-24/a> | Kyle Haugsness | Adobe Shockwave Player Update |
| 2009-06-24/a> | Kyle Haugsness | Exploit tools are publicly available for phpMyAdmin |
| 2009-06-24/a> | Kyle Haugsness | TCP scanning increase for 4899 |
| 2009-06-23/a> | Bojan Zdrnja | Slowloris and Iranian DDoS attacks |
| 2009-06-23/a> | Bojan Zdrnja | New Thunderbird out, patches couple of vulnerabilities |
| 2009-06-21/a> | Scott Fendley | phpMyAdmin Scans |
| 2009-06-21/a> | Bojan Zdrnja | Apache HTTP DoS tool mitigation |
| 2009-06-20/a> | Mark Hofman | G'day from Sansfire2009 |
| 2009-06-20/a> | Scott Fendley | Situational Awareness: Spam Crisis and China |
| 2009-06-18/a> | Bojan Zdrnja | Apache HTTP DoS tool released |
| 2009-06-17/a> | Guy Bruneau | Wireshark 1.2.0 released |
| 2009-06-16/a> | Bojan Zdrnja | Iranian hacktivism |
| 2009-06-16/a> | John Bambenek | Iran Internet Blackout: Using Twitter for Operational Intelligence |
| 2009-06-16/a> | John Bambenek | URL Shortening Service Cligs Hacked |
| 2009-06-15/a> | Daniel Wesemann | Drive-by Blackouting ? |
| 2009-06-14/a> | Guy Bruneau | SANSFIRE 2009 Starts Tomorrow |
| 2009-06-12/a> | Adrien de Beaupre | Google updates for Chrome |
| 2009-06-12/a> | Adrien de Beaupre | Green Dam |
| 2009-06-11/a> | Rick Wanner | WHO Declares Flu A(H1N1) a Pandemic |
| 2009-06-10/a> | Rick Wanner | SysInternals Survey |
| 2009-06-10/a> | Swa Frantzen | Java 6 update 14 released |
| 2009-06-09/a> | Swa Frantzen | Safari 4.0 released - contains security fixes |
| 2009-06-09/a> | Swa Frantzen | Microsoft June Black Tuesday Overview |
| 2009-06-09/a> | Swa Frantzen | Adobe June Black Tuesday upgrades |
| 2009-06-06/a> | Patrick Nolan | ARRA/HIPAA Breach Reporting Dates Approaching |
| 2009-06-04/a> | Raul Siles | New version (v 1.4.3.1) of BASE available |
| 2009-06-04/a> | Raul Siles | Malware targetting banks ATM's |
| 2009-06-04/a> | Raul Siles | Targeted e-mail attacks asking to verify wire transfer details |
| 2009-06-02/a> | Deborah Hale | Another Quicktime Update |
| 2009-06-01/a> | G. N. White | Yet another "Digital Certificate" malware campaign |
| 2009-05-31/a> | Tony Carothers | L0phtcrack is Back! |
| 2009-05-29/a> | Lorna Hutcheson | Blackberry Server Vulnerability |
| 2009-05-29/a> | Lorna Hutcheson | VMWare Patches Released |
| 2009-05-28/a> | Jim Clausing | More new volatility plugins |
| 2009-05-28/a> | Jim Clausing | Stego in TCP retransmissions |
| 2009-05-28/a> | Stephen Hall | Microsoft DirectShow vulnerability |
| 2009-05-27/a> | donald smith | Host file black lists |
| 2009-05-27/a> | donald smith | WebDAV write-up |
| 2009-05-26/a> | Jason Lam | A new Web application security blog |
| 2009-05-26/a> | Jason Lam | Vista & Win2K8 SP2 available |
| 2009-05-25/a> | Jim Clausing | Wireshark-1.0.8 released |
| 2009-05-25/a> | Jim Clausing | NTPD autokey vulnerability |
| 2009-05-24/a> | Raul Siles | IIS admins, help finding WebDAV remotely using nmap |
| 2009-05-24/a> | Raul Siles | Analyzing malicious PDF documents |
| 2009-05-24/a> | Raul Siles | Facebook phising using Belgium (.be) domains |
| 2009-05-22/a> | Mark Hofman | Patching and Adobe |
| 2009-05-22/a> | Mark Hofman | Patching and Apple - Java issue |
| 2009-05-21/a> | Adrien de Beaupre | Gumblar analysis and writeup |
| 2009-05-21/a> | Adrien de Beaupre | IIS admins, help finding WebDAV |
| 2009-05-20/a> | Tom Liston | Web Toolz |
| 2009-05-20/a> | Pedro Bueno | Cyber Warfare and Kylin thoughts |
| 2009-05-19/a> | Rick Wanner | New Version of Mandiant Highlighter |
| 2009-05-19/a> | Bojan Zdrnja | Advanced blind SQL injection (with Oracle examples) |
| 2009-05-18/a> | Rick Wanner | Cisco SAFE Security Reference Guide Updated |
| 2009-05-18/a> | Rick Wanner | JSRedir-R/Gumblar badness |
| 2009-05-15/a> | Daniel Wesemann | Warranty void if seal shredded? |
| 2009-05-12/a> | Swa Frantzen | MSFT's version of responsible disclosure |
| 2009-05-12/a> | Swa Frantzen | May Black Tuesday Overview |
| 2009-05-12/a> | Swa Frantzen | Apple patches and updates |
| 2009-05-12/a> | Swa Frantzen | Adobe Acrobat (reader) patches released |
| 2009-05-11/a> | Mari Nichols | Sysinternals Updates 3 Applications |
| 2009-05-10/a> | Mari Nichols | Is your Symantec Antivirus Alerting working correctly? |
| 2009-05-09/a> | Patrick Nolan | Unusable, Unreadable, or Indecipherable? No Breach reporting required |
| 2009-05-07/a> | Jim Clausing | A packet challenge and how I solved it |
| 2009-05-07/a> | Deborah Hale | Malicious Content on the Web |
| 2009-05-05/a> | Bojan Zdrnja | Health database breached |
| 2009-05-04/a> | Tom Liston | Facebook phishing malware |
| 2009-05-04/a> | Tom Liston | Adobe Reader/Acrobat Critical Vulnerability |
| 2009-05-02/a> | Rick Wanner | More Swine/Mexican/H1N1 related domains |
| 2009-05-01/a> | Adrien de Beaupre | Odd packets |
| 2009-05-01/a> | Adrien de Beaupre | Adobe Flash Media Server privilege escalation security bulletin |
| 2009-05-01/a> | Adrien de Beaupre | Incident Management |
| 2009-05-01/a> | Adrien de Beaupre | Password != secure |
| 2009-04-30/a> | Marcus Sachs | ARIN Notification Concerning IPv6 |
| 2009-04-29/a> | Jason Lam | Two Adobe 0-day vulnerabilities |
| 2009-04-28/a> | Deborah Hale | RSA Conference Social Security Awards |
| 2009-04-27/a> | Johannes Ullrich | Swine Flu (Mexican Flu) related domains |
| 2009-04-26/a> | Johannes Ullrich | Pandemic Preparation - Swine Flu |
| 2009-04-24/a> | John Bambenek | Data Leak Prevention: Proactive Security Requirements of Breach Notification Laws |
| 2009-04-24/a> | Pedro Bueno | Did you check your conference goodies? |
| 2009-04-22/a> | Jason Lam | OAuth vulnerability |
| 2009-04-21/a> | Bojan Zdrnja | Web application vulnerabilities |
| 2009-04-20/a> | Jason Lam | Digital Content on TV |
| 2009-04-19/a> | Mari Nichols | Providing Accurate Risk Assessments |
| 2009-04-17/a> | Joel Esler | Internet Storm Center Podcast Episode Number Fourteen |
| 2009-04-16/a> | Adrien de Beaupre | Incident Response vs. Incident Handling |
| 2009-04-16/a> | Adrien de Beaupre | Some conficker lessons learned |
| 2009-04-15/a> | Marcus Sachs | 2009 Data Breach Investigation Report |
| 2009-04-14/a> | Swa Frantzen | VMware exploits - just how bad is it ? |
| 2009-04-14/a> | Swa Frantzen | April Black Tuesday Overview |
| 2009-04-14/a> | Swa Frantzen | Oracle quarterly patches |
| 2009-04-10/a> | Stephen Hall | Firefox 3 updates now in Seamonkey |
| 2009-04-10/a> | Stephen Hall | Patches for critical VMWare vulnerability |
| 2009-04-10/a> | Stephen Hall | Hosted javascript leading to .cn PDF malware |
| 2009-04-09/a> | Jim Clausing | Wireshark 1.0.7 released |
| 2009-04-09/a> | Johannes Ullrich | Conficker update with payload |
| 2009-04-07/a> | Johannes Ullrich | Common Apache Misconception |
| 2009-04-07/a> | Bojan Zdrnja | Advanced JavaScript obfuscation (or why signature scanning is a failure) |
| 2009-04-07/a> | Johannes Ullrich | Tax Season Scams |
| 2009-04-07/a> | Johannes Ullrich | SSH scanning from compromised mail servers |
| 2009-04-06/a> | Adrien de Beaupre | Abuse addresses |
| 2009-04-04/a> | Tony Carothers | Recent VMware Updates Available |
| 2009-04-03/a> | Johannes Ullrich | Cyber Security Act of 2009 |
| 2009-04-02/a> | Bojan Zdrnja | JavaScript insertion and log deletion attack tools |
| 2009-04-02/a> | Handlers | A view from the CWG Trenches |
| 2009-03-28/a> | Rick Wanner | New Beta release of Nmap |
| 2009-03-26/a> | Mark Hofman | Sanitising media |
| 2009-03-25/a> | David Goldsmith | Java Runtime Environment 6.0 Update 13 Released |
| 2009-03-24/a> | G. N. White | CanSecWest Pwn2Own: Would IE8 have been exploitable had the event waited one more day? |
| 2009-03-22/a> | Mari Nichols | Dealing with Security Challenges |
| 2009-03-20/a> | Stephen Hall | Making the most of your runbooks |
| 2009-03-20/a> | donald smith | Stealthier then a MBR rootkit, more powerful then ring 0 control, it’s the soon to be developed SMM root kit. |
| 2009-03-19/a> | Mark Hofman | Brace yourselves - IE8 reported to be released |
| 2009-03-19/a> | Mark Hofman | Browsers Tumble at CanSecWest |
| 2009-03-18/a> | Adrien de Beaupre | Adobe Security Bulletin Adobe Reader and Acrobat |
| 2009-03-17/a> | Johannes Ullrich | Identifying applications using UDP payload |
| 2009-03-16/a> | Johannes Ullrich | new rogue-DHCP server malware |
| 2009-03-13/a> | Bojan Zdrnja | When web application security, Microsoft and the AV vendors all fail |
| 2009-03-11/a> | Bojan Zdrnja | Massive ARP spoofing attacks on web sites |
| 2009-03-10/a> | Swa Frantzen | Browser plug-ins, transparent proxies and same origin policies |
| 2009-03-10/a> | Swa Frantzen | conspiracy fodder: pifts.exe |
| 2009-03-10/a> | Swa Frantzen | March black Tuesday overview |
| 2009-03-10/a> | Swa Frantzen | Adobe Acrobat 9.1 released |
| 2009-03-08/a> | Marcus Sachs | Behind the Estonia Cyber Attacks |
| 2009-03-04/a> | Deborah Hale | Wireshark 1.0.6 Released |
| 2009-03-03/a> | Kyle Haugsness | Opera browser security updates |
| 2009-03-02/a> | Swa Frantzen | Obama's leaked chopper blueprints: anything we can learn? |
| 2009-03-01/a> | Jim Clausing | Cool combination of tools |
| 2009-02-25/a> | Andre Ludwig | Adobe Acrobat pdf 0-day exploit, No JavaScript needed! |
| 2009-02-25/a> | Andre Ludwig | Adobe flash player patch |
| 2009-02-25/a> | Andre Ludwig | Preview/Iphone/Linux pdf issues |
| 2009-02-25/a> | Swa Frantzen | Targeted link diversion attempts |
| 2009-02-25/a> | donald smith | AutoRun disabling patch released |
| 2009-02-24/a> | G. N. White | Gmail Access Issues Early This AM |
| 2009-02-23/a> | Daniel Wesemann | Turf War |
| 2009-02-23/a> | Daniel Wesemann | And the Oscar goes to... |
| 2009-02-22/a> | Mari Nichols | The Internet Safety Act of 2009 |
| 2009-02-19/a> | Joel Esler | Internet Storm Center Podcast Episode Number Thirteen |
| 2009-02-14/a> | Deborah Hale | Debit Card Compromise Letter |
| 2009-02-13/a> | Andre Ludwig | Third party information on conficker |
| 2009-02-12/a> | Mark Hofman | Australian Bushfires |
| 2009-02-11/a> | Robert Danford | ProFTPd SQL Authentication Vulnerability exploit activity |
| 2009-02-10/a> | Bojan Zdrnja | More tricks from Conficker and VM detection |
| 2009-02-10/a> | Swa Frantzen | February Black Tuesday Overview |
| 2009-02-10/a> | Swa Frantzen | Java up to date ? |
| 2009-02-09/a> | Bojan Zdrnja | Some tricks from Conficker's bag |
| 2009-02-09/a> | Johannes Ullrich | New ISC Feature: Micro Podcasts |
| 2009-02-08/a> | Mari Nichols | Are we becoming desensitized to data breaches? |
| 2009-02-06/a> | Adrien de Beaupre | Time to patch your HP printers |
| 2009-02-06/a> | Adrien de Beaupre | Other patches and updates du jour... |
| 2009-02-06/a> | Adrien de Beaupre | Fake stimulus payments |
| 2009-02-05/a> | Rick Wanner | Mandiant Memoryze review, Hilighter, other Mandiant tools! |
| 2009-02-04/a> | Daniel Wesemann | Firefox 3.0.6 |
| 2009-02-04/a> | Daniel Wesemann | Titan Shields up! |
| 2009-02-03/a> | Swa Frantzen | On the importance of patching fast |
| 2009-02-02/a> | Stephen Hall | How do you audit your production code? |
| 2009-02-01/a> | Chris Carboni | Scanning for Trixbox vulnerabilities |
| 2009-01-31/a> | Swa Frantzen | VMware updates |
| 2009-01-31/a> | John Bambenek | Google Search Engine's Malware Detection Broken |
| 2009-01-31/a> | Swa Frantzen | Windows 7 - not so secure ? |
| 2009-01-30/a> | Mark Hofman | We all "Love" USB drives |
| 2009-01-30/a> | Mark Hofman | Request for info - Scan and webmail |
| 2009-01-25/a> | Rick Wanner | Twam?? Twammers? |
| 2009-01-24/a> | Pedro Bueno | Identifying and Removing the iWork09 Trojan |
| 2009-01-21/a> | Raul Siles | NMAP Trivia ANSWERS: Mastering Network Mapping and Scanning |
| 2009-01-21/a> | Raul Siles | Traffic increase for port UDP/8247 |
| 2009-01-21/a> | Raul Siles | Vulnerabilities on Cisco and Apple products |
| 2009-01-20/a> | Adrien de Beaupre | Obamamania |
| 2009-01-18/a> | Maarten Van Horenbeeck | Targeted social engineering |
| 2009-01-18/a> | Daniel Wesemann | 3322. org |
| 2009-01-16/a> | G. N. White | ...and all that SPAM - Evolution of Spam Bots in 2009 |
| 2009-01-16/a> | G. N. White | Conficker.B/Downadup.B/Kido: F-Secure publishes details pertaining to their counting methodology of compromised machines |
| 2009-01-15/a> | Bojan Zdrnja | Conficker's autorun and social engineering |
| 2009-01-13/a> | Johannes Ullrich | January Black Tuesday Overview |
| 2009-01-12/a> | William Salusky | Web Application Firewalls (WAF) - Have you deployed WAF technology? |
| 2009-01-12/a> | William Salusky | Downadup / Conficker - MS08-067 exploit and Windows domain account lockout |
| 2009-01-11/a> | Deborah Hale | The Frustration of Phishing Attacks |
| 2009-01-07/a> | Bojan Zdrnja | An Israeli patriot program or a trojan |
| 2009-01-04/a> | Rick Wanner | Twitter/Facebook Phishing Attempt |
| 2009-01-03/a> | Rick Wanner | RAID != Backup |
| 2009-01-03/a> | Rick Wanner | Gaza<->Israel Defacements/Hacks |
| 2009-01-02/a> | Rick Wanner | Tools on my Christmas list. |
| 2009-01-02/a> | Mark Hofman | Blocking access to MD5 signed certs |
| 2008-12-28/a> | Raul Siles | NMAP Trivia: Mastering Network Mapping and Scanning |
| 2008-12-28/a> | Raul Siles | Level3 Outage? |
| 2008-12-28/a> | Raul Siles | AT&T Wireless Outage |
| 2008-12-25/a> | Maarten Van Horenbeeck | Merry Christmas, and beware of digital hitchhikers! |
| 2008-12-25/a> | Maarten Van Horenbeeck | Christmas Ecard Malware |
| 2008-12-23/a> | Patrick Nolan | MS ACK's Vulnerability in SQL Server which Could Allow Remote Code Execution |
| 2008-12-17/a> | donald smith | Opera 9.6.3 released with security fixes |
| 2008-12-17/a> | donald smith | Internet Explorer 960714 is released |
| 2008-12-17/a> | donald smith | Team CYMRU's Malware Hash Registry |
| 2008-12-16/a> | donald smith | Microsoft announces an out of band patch for IE zero day |
| 2008-12-16/a> | donald smith | Cisco's Annual Security report has been released. |
| 2008-12-13/a> | Jim Clausing | Followup from last shift and some research to do. |
| 2008-12-12/a> | Johannes Ullrich | MSIE 0-day Spreading Via SQL Injection |
| 2008-12-12/a> | Kevin Liston | IE7 0day expanded to include IE6 and IE8(beta) |
| 2008-12-12/a> | Joel Esler | Internet Storm Center Podcast Episode Twelve |
| 2008-12-12/a> | Swa Frantzen | Browser Security Handbook |
| 2008-12-10/a> | Bojan Zdrnja | 0-day exploit for Internet Explorer in the wild |
| 2008-12-10/a> | Mark Hofman | Microsoft wordpad text converter issue |
| 2008-12-09/a> | Swa Frantzen | December Black Tuesday Overview |
| 2008-12-09/a> | Swa Frantzen | Contacting us might be hard today |
| 2008-12-05/a> | Daniel Wesemann | Been updatin' your Flash player lately? |
| 2008-12-05/a> | Daniel Wesemann | Baby, baby! |
| 2008-12-04/a> | Bojan Zdrnja | Finjan blocking access to isc.sans.org |
| 2008-12-04/a> | Bojan Zdrnja | Rogue DHCP servers |
| 2008-12-03/a> | Andre Ludwig | New ISC Poll! Has your organization suffered a DDoS (Distributed Denial of Service) attack in the last year? |
| 2008-12-02/a> | Deborah Hale | Sonicwall License Manager Failure |
| 2008-11-30/a> | Mari Nichols | Rejected Email Issues |
| 2008-11-29/a> | Pedro Bueno | Possible Mumbai Scams? |
| 2008-11-29/a> | Pedro Bueno | Ubuntu users: Time to update! |
| 2008-11-25/a> | Andre Ludwig | OS X Dns Changers part three |
| 2008-11-25/a> | Andre Ludwig | Tmobile G1 handsets having DNS problems? |
| 2008-11-25/a> | Andre Ludwig | The beginnings of a collaborative approach to IDS |
| 2008-11-22/a> | G. N. White | Picture Printing Kiosks & Flash Memory Devices |
| 2008-11-20/a> | Jason Lam | Large quantity SQL Injection mitigation |
| 2008-11-17/a> | Jim Clausing | A new cheat sheet and a contest |
| 2008-11-17/a> | Marcus Sachs | New Tool: NetWitness Investigator |
| 2008-11-17/a> | Jim Clausing | Finding stealth injected DLLs |
| 2008-11-17/a> | Jim Clausing | Critical update to Adobe AIR |
| 2008-11-16/a> | Maarten Van Horenbeeck | Detection of Trojan control channels |
| 2008-11-14/a> | Stephen Hall | More updated tools |
| 2008-11-13/a> | Jim Clausing | Some recently updated tools |
| 2008-11-12/a> | John Bambenek | Thoughts on Security Intelligence (McColo Corp alleged spam/malware host knocked offline) |
| 2008-11-11/a> | Swa Frantzen | Acrobat continued activity in the wild |
| 2008-11-11/a> | Swa Frantzen | Phishing for Google adwords |
| 2008-11-11/a> | Swa Frantzen | November Black Tuesday Overview |
| 2008-11-10/a> | Stephen Hall | Apple breathing iLife into 10.4 |
| 2008-11-10/a> | Stephen Hall | Adobe Reader Vulnerability - part 2 |
| 2008-11-06/a> | Joel Esler | More Adobe Updates |
| 2008-11-05/a> | donald smith | hacking the election |
| 2008-11-05/a> | donald smith | If you missed President Elect Obamas speech have some malware instead |
| 2008-11-04/a> | Marcus Sachs | Cyber Security Awareness Month 2008 - Summary and Links |
| 2008-11-03/a> | Joel Esler | Day 34 -- Feeding The Lessons Learned Back to the Preparation Phase |
| 2008-11-02/a> | Mari Nichols | Day 33 - Working with Management to Improve Processes |
| 2008-11-02/a> | Adrien de Beaupre | Daylight saving time |
| 2008-11-01/a> | Koon Yaw Tan | Day 32 - What Should I Make Public? |
| 2008-10-31/a> | Rick Wanner | Day 31 - Legal Awareness |
| 2008-10-30/a> | Kevin Liston | Day 30 - Applying Patches and Updates |
| 2008-10-30/a> | Kevin Liston | Opera 9.62 available - security update |
| 2008-10-29/a> | Deborah Hale | Day 29 - Should I Switch Software Vendors? |
| 2008-10-28/a> | Jason Lam | Day 28 - Avoiding Finger Pointing and the Blame Game |
| 2008-10-27/a> | Johannes Ullrich | Day 27 - Validation via Vulnerability Scanning |
| 2008-10-25/a> | Koon Yaw Tan | Day 25 - Finding and Removing Hidden Files and Directories |
| 2008-10-25/a> | Rick Wanner | Day 26 - Restoring Systems from Backup |
| 2008-10-24/a> | Stephen Hall | Day 24 - Cleaning Email Servers and Clients |
| 2008-10-23/a> | Mark Hofman | Microsoft out-of-band patch - Severity Critical |
| 2008-10-22/a> | Johannes Ullrich | Day 22 - Wiping Disks and Media |
| 2008-10-22/a> | Joel Esler | Podcast Episode Eleven Posted |
| 2008-10-22/a> | Mari Nichols | Opera 9.6.1 Released |
| 2008-10-22/a> | Chris Carboni | Day 23 - Turning off Unused Services |
| 2008-10-21/a> | Johannes Ullrich | Wireshark 1.0.4 released |
| 2008-10-21/a> | Johannes Ullrich | Day 21 - Removing Bots, Keyloggers, and Spyware |
| 2008-10-20/a> | Johannes Ullrich | Fraudulent ATM Reactivation Phone Calls. |
| 2008-10-20/a> | Raul Siles | Day 20 - Eradicating a Rootkit |
| 2008-10-19/a> | Lorna Hutcheson | Day 19 - Eradication: Forensic Analysis Tools - What Happened? |
| 2008-10-18/a> | Rick Wanner | Updates to SysInternals tools! |
| 2008-10-17/a> | Patrick Nolan | Day 17 - Containing a DNS Hijacking |
| 2008-10-17/a> | Rick Wanner | Day 18 - Containing Other Incidents |
| 2008-10-16/a> | Mark Hofman | Day 16 - Containing a Malware Outbreak |
| 2008-10-15/a> | Rick Wanner | Day 15 - Containing the Damage From a Lost or Stolen Laptop |
| 2008-10-15/a> | Mari Nichols | Adobe Flash 10 Released |
| 2008-10-14/a> | Swa Frantzen | Day 14 - Containment: a Personal IdentityTheft Incident |
| 2008-10-14/a> | Swa Frantzen | October Black Tuesday Overview |
| 2008-10-14/a> | Swa Frantzen | Oracle quarterly patches on black tuesday |
| 2008-10-13/a> | Adrien de Beaupre | Day 13 - Containment: Containing on Production Systems Such as a Web Server |
| 2008-10-12/a> | Mari Nichols | Day 12 Containment: Gathering Evidence That Can be Used in Court |
| 2008-10-11/a> | Stephen Hall | Day 11 - Identification: Other Methods of Identifying an Incident |
| 2008-10-10/a> | Marcus Sachs | Day 10 - Identification: Using Your Help Desk to Identify Security Incidents |
| 2008-10-10/a> | Marcus Sachs | Fake Microsoft Update Email |
| 2008-10-09/a> | Marcus Sachs | Day 9 - Identification: Log and Audit Analysis |
| 2008-10-09/a> | Bojan Zdrnja | Watch that .htaccess file on your web site |
| 2008-10-08/a> | Johannes Ullrich | Day 8 - Global Incident Awareness |
| 2008-10-08/a> | Johannes Ullrich | Domaincontrol (GoDaddy) Nameservers DNS Poisoning |
| 2008-10-07/a> | Kyle Haugsness | Day 7 - Identification: Host-based Intrusion Detection Systems |
| 2008-10-07/a> | Kyle Haugsness | Good reading and a malware challenge |
| 2008-10-06/a> | Jim Clausing | Day 6 - Network-based Intrusion Detection Systems |
| 2008-10-05/a> | Stephen Hall | Day 5 - Identification: Events versus Incidents |
| 2008-10-04/a> | Marcus Sachs | Day 4 - Preparation: What Goes Into a Response Kit |
| 2008-10-03/a> | Jason Lam | Day 3 - Preparation: Building Checklists |
| 2008-10-02/a> | Marcus Sachs | Day 2 - Preparation: Building a Response Team |
| 2008-10-01/a> | Marcus Sachs | Day 1 - Preparation: Policies, Management Support, and User Awareness |
| 2008-10-01/a> | Rick Wanner | Handler Mailbag |
| 2008-09-30/a> | Marcus Sachs | Cyber Security Awareness Month - Daily Topics |
| 2008-09-29/a> | Daniel Wesemann | ASPROX mutant |
| 2008-09-29/a> | Daniel Wesemann | Patchbag: WinZip / MPlayer / RealWin SCADA vuln |
| 2008-09-24/a> | Deborah Hale | Flurry of Security Advisories from CISCO |
| 2008-09-22/a> | Maarten Van Horenbeeck | Data exfiltration and the use of anonymity providers |
| 2008-09-22/a> | Jim Clausing | Lessons learned from the Palin (and other) account hijacks |
| 2008-09-22/a> | Jim Clausing | More on tools/resources/blogs |
| 2008-09-21/a> | Mari Nichols | You still have time! |
| 2008-09-20/a> | Rick Wanner | New (to me) nmap Features |
| 2008-09-19/a> | Bojan Zdrnja | VMWare ESX(i) 3.5 security patches |
| 2008-09-18/a> | Bojan Zdrnja | Monitoring HTTP User-Agent fields |
| 2008-09-16/a> | Joel Esler | Apple Updates you may have missed in the past week |
| 2008-09-16/a> | donald smith | Don't open that invoice.zip file its not from UPS |
| 2008-09-15/a> | donald smith | Fake antivirus 2009 and search engine results |
| 2008-09-11/a> | David Goldsmith | CookieMonster is coming to Pown (err, Town) |
| 2008-09-10/a> | Adrien de Beaupre | Mailbag: OSSEC 1.6 released, NMAP 4.75 released |
| 2008-09-10/a> | Adrien de Beaupre | Apple updates iPod Touch + Bonjour for Windows |
| 2008-09-09/a> | Swa Frantzen | wordpress upgrade |
| 2008-09-09/a> | Swa Frantzen | Apple updates iTunes+QuickTime |
| 2008-09-09/a> | Swa Frantzen | The complaint that's an attack |
| 2008-09-09/a> | Swa Frantzen | Google Chrome being polished |
| 2008-09-09/a> | Swa Frantzen | Evil side economy: $1 for breaking 1000 CAPTCHAs |
| 2008-09-09/a> | Swa Frantzen | September 2008 Black Tuesday Overview |
| 2008-09-08/a> | Raul Siles | CitectSCADA ODBC service exploit published |
| 2008-09-08/a> | Raul Siles | Quick Analysis of the 2007 Web Application Security Statistics |
| 2008-09-07/a> | Lorna Hutcheson | Malware Analysis: Tools are only so good |
| 2008-09-07/a> | Daniel Wesemann | Staying current, but not too current |
| 2008-09-04/a> | Chris Carboni | Wireshark 1.0.3 released |
| 2008-09-03/a> | Daniel Wesemann | Static analysis of Shellcode |
| 2008-09-03/a> | Daniel Wesemann | Static analysis of Shellcode - Part 2 |
| 2008-09-03/a> | donald smith | New bgp hijack isn't very new. |
| 2008-09-01/a> | John Bambenek | The Number of Machines Controlled by Botnets Has Jumped 4x in Last 3 Months |
| 2008-08-26/a> | Joel Esler | Podcast Episode X Record Notice |
| 2008-08-26/a> | John Bambenek | Active attacks using stolen SSH keys (UPDATED) |
| 2008-08-25/a> | John Bambenek | Thoughts on the Best Western Compromise |
| 2008-08-20/a> | Adrien de Beaupre | From the mailbag, Opera 9.52... |
| 2008-08-16/a> | Marcus Sachs | Another Infected Digital Photo Frame |
| 2008-08-15/a> | Jim Clausing | Joomla user password reset vulnerability being actively exploited |
| 2008-08-15/a> | Jim Clausing | Another MS update that may have escaped notice |
| 2008-08-15/a> | Jim Clausing | WebEx ActiveX buffer overflow |
| 2008-08-14/a> | Mari Nichols | SBC Outage? |
| 2008-08-13/a> | Adrien de Beaupre | CNN switched to MSNBC |
| 2008-08-12/a> | Johannes Ullrich | VMWare ESX 3.5u2 Errors |
| 2008-08-12/a> | Stephen Hall | August 2008 Black Tuesday Overview |
| 2008-08-10/a> | Stephen Hall | Fake IE 7 update spam doing the rounds |
| 2008-08-10/a> | Stephen Hall | From lolly pops to afterglow |
| 2008-08-09/a> | Deborah Hale | Cleveland Outage |
| 2008-08-06/a> | Bojan Zdrnja | When spammers use your own e-mails |
| 2008-08-05/a> | Daniel Wesemann | The news update you never asked for |
| 2008-08-03/a> | Deborah Hale | Securing A Network - Lessons Learned |
| 2008-08-02/a> | Maarten Van Horenbeeck | A little of that human touch |
| 2008-08-01/a> | Swa Frantzen | Apple's Security Update 2008-005: DNS workaround finally included |
| 2008-07-30/a> | David Goldsmith | Serious 0-Day Flaw in Oracle -- Patch Released |
| 2008-07-24/a> | Bojan Zdrnja | What's brewing in Danmec's pot? |
| 2008-07-24/a> | Bojan Zdrnja | Mozilla releases Thunderbrid 2.0.0.16, fixes security vulnerabilities |
| 2008-07-24/a> | Kyle Haugsness | DNS cache poisoning vulnerability details confirmed |
| 2008-07-20/a> | Kevin Liston | Malware Intelligence: Making it Actionable |
| 2008-07-19/a> | William Salusky | A twist in fluxnet operations. Enter Hydraflux |
| 2008-07-18/a> | Adrien de Beaupre | Exit process? |
| 2008-07-17/a> | Mari Nichols | Firefox Releases 3.0.1 and fixes 3 security vulnerabilities |
| 2008-07-17/a> | Mari Nichols | Adobe Reader 9 Released |
| 2008-07-16/a> | Maarten Van Horenbeeck | Firefox 2.0.0.16 fixes two security vulnerabilities |
| 2008-07-15/a> | Maarten Van Horenbeeck | Extracting scripts and data from suspect PDF files |
| 2008-07-15/a> | Maarten Van Horenbeeck | Oracle (and BEA, Hyperion and TimesTen) critical patch update July 15th, 2008 |
| 2008-07-15/a> | Maarten Van Horenbeeck | BlackBerry PDF parsing vulnerability |
| 2008-07-14/a> | Daniel Wesemann | Obfuscated JavaScript Redux |
| 2008-07-14/a> | Daniel Wesemann | DR/BCM lessons from the Vancouver fire |
| 2008-07-11/a> | Raul Siles | How to Determine if Adobe Acrobat or Reader 8.1.2 Security Update 1 is Installed? |
| 2008-07-11/a> | Jim Clausing | Updates to some of our favorite tools |
| 2008-07-11/a> | Jim Clausing | Handling the load |
| 2008-07-11/a> | Jim Clausing | And you thought the DNS issue was an old one... |
| 2008-07-09/a> | Johannes Ullrich | Unpatched Word Vulnerability |
| 2008-07-09/a> | Johannes Ullrich | Java Update |
| 2008-07-08/a> | Swa Frantzen | Security implications in HVAC equipment |
| 2008-07-08/a> | Swa Frantzen | July 2008 black tuesday overview |
| 2008-07-08/a> | Joel Esler | Podcast Episode Eight Record Notice |
| 2008-07-07/a> | Scott Fendley | Microsoft Snapshot Viewer Security Advisory |
| 2008-07-07/a> | Pedro Bueno | Bad url classification |
| 2008-07-03/a> | Bojan Zdrnja | Detecting scripts in ASF files (part 2) |
| 2008-07-03/a> | Bojan Zdrnja | New Opera v9.51 fixes couple of security issues |
| 2008-07-01/a> | Joel Esler | Apple Posts 10.5.4, Security Update 2008-004, Time Machine + Apple Base Station Upgrades, and Safari upgrade for 10.4.11 |
| 2008-06-30/a> | Marcus Sachs | More SQL Injection with Fast Flux hosting |
| 2008-06-25/a> | Deborah Hale | Report of Coreflood.dr Infection |
| 2008-06-24/a> | Jason Lam | SQL Injection mitigation in ASP |
| 2008-06-24/a> | Jason Lam | Adobe Reader and Acrobat 8.1.2 Security Update |
| 2008-06-24/a> | Joel Esler | Podcast Episode Seven Record Notice |
| 2008-06-19/a> | William Stearns | Firefox vunerability |
| 2008-06-18/a> | Marcus Sachs | Olympics Part II |
| 2008-06-18/a> | Chris Carboni | Cisco Security Advisory |
| 2008-06-16/a> | Kevin Liston | Opera 9.5 is Available |
| 2008-06-16/a> | Marcus Sachs | Firefox 3.0 to be Released on Tuesday |
| 2008-06-14/a> | Lorna Hutcheson | Malware Detection - Take the Blinders Off |
| 2008-06-13/a> | Joel Esler | Podcast Episode Six |
| 2008-06-13/a> | Johannes Ullrich | Floods: More of the same (2) |
| 2008-06-12/a> | Bojan Zdrnja | Safari on Windows - not looking good |
| 2008-06-11/a> | John Bambenek | CitectSCADA Buffer Overflow Vulnerability |
| 2008-06-10/a> | Swa Frantzen | Ransomware keybreaking |
| 2008-06-10/a> | Swa Frantzen | Upgrade to QuickTime 7.5 |
| 2008-06-10/a> | Swa Frantzen | June 2008 Black Tuesday Overview |
| 2008-06-07/a> | Jim Clausing | What's going on with these ports? Got packets? |
| 2008-06-02/a> | Jim Clausing | Emergingthreats.net and ThePlanet |
| 2008-06-01/a> | Mark Hofman | Free Yahoo email account! Sign me up, Ok well maybe not. |
| 2008-06-01/a> | Mari Nichols | Updates to VMware resolve critical security issues |
| 2008-06-01/a> | Swa Frantzen | The Planet outage - what can we all learn from it? |
| 2008-05-29/a> | Joel Esler | Apple Update 10.5.3 and Apple Security Update 2008-003 |
| 2008-05-29/a> | Joel Esler | Creative Software AutoUpdate Engine ActiveX stack buffer overflow |
| 2008-05-28/a> | Joel Esler | Podcast Episode Five has been released |
| 2008-05-28/a> | Jim Clausing | Followup to Flash/swf stories |
| 2008-05-28/a> | Adrien de Beaupre | Another example of malicious SWF |
| 2008-05-27/a> | Adrien de Beaupre | Adobe flash player vuln |
| 2008-05-27/a> | Adrien de Beaupre | Malicious swf files? |
| 2008-05-26/a> | Marcus Sachs | Predictable Response |
| 2008-05-26/a> | Marcus Sachs | Port 1533 on the Rise |
| 2008-05-23/a> | Mike Poor | Cisco IOS Rootkit thoughts |
| 2008-05-22/a> | Chris Carboni | From the mailbag |
| 2008-05-20/a> | Raul Siles | List of malicious domains inserted through SQL injection |
| 2008-05-20/a> | Joel Esler | Podcast Episode Four has been released |
| 2008-05-20/a> | Raul Siles | Java 6 Update 6 has been released |
| 2008-05-19/a> | Maarten Van Horenbeeck | Text message and telephone aid scams |
| 2008-05-19/a> | Maarten Van Horenbeeck | Route filtering and its impact on the DNS fabric |
| 2008-05-17/a> | Jim Clausing | Disaster donation scams continue |
| 2008-05-16/a> | Daniel Wesemann | INFOcon back to green |
| 2008-05-15/a> | Bojan Zdrnja | INFOCon yellow: update your Debian generated keys/certs ASAP |
| 2008-05-14/a> | Bojan Zdrnja | War of the worlds? |
| 2008-05-13/a> | Swa Frantzen | May 2008 black tuesday overview |
| 2008-05-12/a> | Scott Fendley | Adobe Releases Security Updates |
| 2008-05-08/a> | Joel Esler | COMPROMISED FILE IN VIETNAMESE LANGUAGE PACK FOR FIREFOX 2 |
| 2008-05-07/a> | Jim Clausing | More on automated exploit generation |
| 2008-05-06/a> | Marcus Sachs | Industrial Control Systems Vulnerability |
| 2008-05-05/a> | John Bambenek | Defenses Against Automated Patch-Based Exploit Generation |
| 2008-05-03/a> | Deborah Hale | Windows Vista Update Causing Loss of Audio on Some Systems |
| 2008-05-02/a> | Adrien de Beaupre | Hi, remember me?... |
| 2008-05-01/a> | Joel Esler | ISC Podcast Episode Number 3 |
| 2008-04-30/a> | Bojan Zdrnja | (Minor) evolution in Mac DNS changer malware |
| 2008-04-29/a> | Bojan Zdrnja | Scripts in ASF files |
| 2008-04-27/a> | Marcus Sachs | What's With Port 20329? |
| 2008-04-25/a> | Joel Esler | Hey, where is the podcast? |
| 2008-04-25/a> | Joel Esler | Some packets perhaps? |
| 2008-04-24/a> | Maarten Van Horenbeeck | Targeted attacks using malicious PDF files |
| 2008-04-24/a> | donald smith | Hundreds of thousands of SQL injections |
| 2008-04-22/a> | donald smith | Spam to your calendar via Google agenda? |
| 2008-04-22/a> | donald smith | Symantec decomposer rar bypass allowed malicious content. |
| 2008-04-22/a> | donald smith | Maximus root kit downloads via MySpace social engineering trick. |
| 2008-04-20/a> | Joel Esler | Software Update -- Did Apple Do Enough? |
| 2008-04-18/a> | John Bambenek | EV SSL Certificates - Just once, why can't one of our poorly considered quick fixes work? |
| 2008-04-18/a> | John Bambenek | The Patch Window is Gone: Automated Patch-Based Exploit Generation |
| 2008-04-17/a> | Chris Carboni | Safari 3.1.1 Released |
| 2008-04-16/a> | Bojan Zdrnja | The 10.000 web sites infection mystery solved |
| 2008-04-16/a> | William Stearns | Passer, a aassive machine and service sniffer |
| 2008-04-15/a> | Johannes Ullrich | SRI Malware Threat Center |
| 2008-04-14/a> | John Bambenek | A Federal Subpoena or Just Some More Spam & Malware? |
| 2008-04-11/a> | John Bambenek | ADSL Router / Cable Modem / Home Wireless AP Hardening in 5 Steps |
| 2008-04-10/a> | Deborah Hale | Abuse Contacts |
| 2008-04-09/a> | Raul Siles | Critical vulnerabilities in Adobe Flash Player |
| 2008-04-09/a> | Joel Esler | ISC Podcast Episode Number 2 |
| 2008-04-08/a> | Swa Frantzen | Symantec's Global Internet Security Threat Report |
| 2008-04-08/a> | Swa Frantzen | April 2008 - Black Tuesday Overview |
| 2008-04-08/a> | Swa Frantzen | Notes file viewer vulnerabilities |
| 2008-04-07/a> | John Bambenek | HP USB Keys Shipped with Malware for your Proliant Server |
| 2008-04-07/a> | John Bambenek | Got Kraken? |
| 2008-04-07/a> | John Bambenek | Kraken Technical Details: UPDATED x3 |
| 2008-04-06/a> | Tony Carothers | Happenings in the Northeast US |
| 2008-04-06/a> | Daniel Wesemann | Advanced obfuscated JavaScript analysis |
| 2008-04-04/a> | Daniel Wesemann | Tax day scams |
| 2008-04-04/a> | Daniel Wesemann | nmidahena |
| 2008-04-03/a> | Bojan Zdrnja | Mixed (VBScript and JavaScript) obfuscation |
| 2008-04-03/a> | Bojan Zdrnja | VB detection: is it so difficult? |
| 2008-04-03/a> | Bojan Zdrnja | Opera fixes vulnerabilities and Microsoft announces April's fixes |
| 2008-04-02/a> | Adrien de Beaupre | When is a DMG file not a DMG file |
| 2008-03-30/a> | Mark Hofman | Mail Anyone? |
| 2008-03-27/a> | Johannes Ullrich | Internet Storm Center Podcast |
| 2008-03-27/a> | Pedro Bueno | Freedom of Speech...or not? |
| 2008-03-27/a> | Maarten Van Horenbeeck | Guarding the guardians: a story of PGP key ring theft |
| 2008-03-26/a> | Raul Siles | ORDB.org blocklisting all IP addresses |
| 2008-03-25/a> | Raul Siles | New Security Challenge - It Happened One Friday |
| 2008-03-23/a> | Johannes Ullrich | Finding hidden gems (easter eggs) in your logs (packet challenge!) |
| 2008-03-22/a> | Koon Yaw Tan | Microsoft Security Advisory Released (950627) |
| 2008-03-20/a> | Joel Esler | APPLE-SA-2008-03-19 AirPort Extreme Base Station Firmware 7.3.1 |
| 2008-03-20/a> | Joel Esler | Potential Vulnerability in Flash CS3 Professional, Flash Professional 8 and Flash Basic 8? |
| 2008-03-19/a> | Raul Siles | VMware updates resolve critical security issues (VMSA-2008-0005) |
| 2008-03-12/a> | Joel Esler | Don't use G-Archiver |
| 2008-03-12/a> | Joel Esler | Adobe security updates |
| 2008-03-11/a> | Swa Frantzen | March Black Tuesday Overview |
| 2008-02-12/a> | Swa Frantzen | February Black Tuesday Overview |
| 2008-01-08/a> | Swa Frantzen | January Black Tuesday overview |
| 2007-12-11/a> | Swa Frantzen | December black tuesday overview |
| 2007-11-13/a> | Swa Frantzen | november black tuesday overview |
| 2007-10-09/a> | Swa Frantzen | October Black Tuesday overview |
| 2007-09-11/a> | Swa Frantzen | September microsoft patch overview |
| 2007-08-14/a> | Swa Frantzen | August 'Black Tuesday' overview |
| 2007-07-10/a> | Swa Frantzen | July 'Black Tuesday' overview |
| 2007-06-12/a> | Johannes Ullrich | June 2007, Microsoft Patch Tuesday Overview. |
| 2007-05-08/a> | Swa Frantzen | May 2007, Black Tuesday patch overview |
| 2007-04-10/a> | Swa Frantzen | Microsoft black Tuesday patches - April 2007 |
| 2007-04-03/a> | Swa Frantzen | * Microsoft out of cycle patch |
| 2007-02-13/a> | Swa Frantzen | Microsoft Black Tuesday patches - February 2007 |
| 2007-01-09/a> | Swa Frantzen | Microsoft Patches - January 2007 - overview |
| 2007-01-03/a> | Toby Kohlenberg | VLC Media Player udp URL handler Format String Vulnerability |
| 2006-12-26/a> | Swa Frantzen | Vista: better security [Y/N] ? |
| 2006-12-18/a> | Toby Kohlenberg | ORDB Shutting down |
| 2006-12-12/a> | Swa Frantzen | Microsoft Black Tuesday - December 2006 overview |
| 2006-12-12/a> | Robert Danford | MS06-078: 2 Windows Media Format Vulnerabilities (CVE-2006-4702, CVE-2006-6134) |
| 2006-12-12/a> | Swa Frantzen | Microsoft Office 2004 - Mac OS X updated |
| 2006-12-12/a> | Swa Frantzen | Offline Microsoft Patching |
| 2006-12-12/a> | Swa Frantzen | The missing Microsoft patches |
| 2006-12-08/a> | Jim Clausing | nmap-4.20 released |
| 2006-11-29/a> | Toby Kohlenberg | New Vulnerability Announcement and patches from Apple |
| 2006-11-29/a> | Toby Kohlenberg | Week of Oracle bugs cancelled |
| 2006-11-29/a> | Toby Kohlenberg | New Adobe vulnerability |
| 2006-11-14/a> | Swa Frantzen | Microsoft Black Tuesday Overview |
| 2006-11-14/a> | Swa Frantzen | Adobe Flash update available |
| 2006-11-14/a> | Jim Clausing | MS06-069: Adobe Flash Player |
| 2006-10-30/a> | William Salusky | ToD - Configuration Management - maintaining security awareness |
| 2006-10-18/a> | Robert Danford | Oracle Quarterly Critical Patch Update (Oct 2006) |
| 2006-10-17/a> | Arrigo Triulzi | Hacking Tor, the anonymity onion routing network |
| 2006-10-09/a> | Swa Frantzen | Microsoft black tuesday - October 2006 STATUS |
| 2006-10-08/a> | Swa Frantzen | Spam Backscatter |
| 2006-10-05/a> | John Bambenek | There are no more Passive Exploits |
| 2006-10-02/a> | Jim Clausing | Reader's tip of the day: ratios vs. raw counts |
| 2006-09-30/a> | Robert Danford | *WebViewFolderIcon ActiveX control exploit(s) in the wild |
| 2006-09-28/a> | Swa Frantzen | Powerpoint, yet another new vulnerability |
| 2006-09-28/a> | Swa Frantzen | MSIE: One patched, one pops up again (setslice) |
| 2006-09-26/a> | Jim Clausing | MS06-049 re-release |
| 2006-09-22/a> | Swa Frantzen | Yellow: MSIE VML exploit spreading |
| 2006-09-21/a> | Johannes Ullrich | Apple updates Airport Drivers |
| 2006-09-19/a> | Swa Frantzen | Yet another MSIE 0-day: VML |
| 2006-09-18/a> | Jim Clausing | Log analysis follow up |
| 2006-09-15/a> | Swa Frantzen | MSIE DirectAnimation ActiveX 0-day update |
| 2006-09-13/a> | Swa Frantzen | PHP - shared hosters, take note. |
| 2006-09-12/a> | Swa Frantzen | Apple Quicktime 7.1.3 released |
| 2006-09-12/a> | Swa Frantzen | Microsoft security patches for September 2006 |
| 2006-09-12/a> | Swa Frantzen | Adobe Flash player upgrade time |
| 2006-09-09/a> | Jim Clausing | Log Analysis tips? |
| 2006-09-09/a> | Jim Clausing | New feature at isc.sans.org |
| 2006-09-09/a> | Jim Clausing | A few preliminary log analysis thoughts |
| 2006-09-06/a> | Johannes Ullrich | Updated Packet Attack flash animation |
| 2006-09-01/a> | Joel Esler | CA eTrust Antivirus [was] flagging lsass.e x e |
| 2006-08-31/a> | Joel Esler | Contacting the ISC, good practices for response |
| 2006-08-31/a> | Swa Frantzen | NT botnet submitted |
| 2006-08-31/a> | Swa Frantzen | Mailbag grab |
| 2006-08-17/a> | Swa Frantzen | Microsoft August 2006 Patches: STATUS |
| 2000-01-02/a> | Deborah Hale | 2010 A Look Back - 2011 A Look Ahead |
| 2000-01-01/a> | Manuel Humberto Santander Pelaez | Happy New Year 2011!!! |
0DAY |
| 2025-03-11/a> | Johannes Ullrich | Apple Fixes Exploited WebKit Vulnerability in iOS, MacOS, visionOS and Safari |
| 2024-03-05/a> | Johannes Ullrich | Apple Releases iOS/iPadOS Updates with Zero Day Fixes. |
| 2024-01-22/a> | Johannes Ullrich | Apple Updates Everything - New 0 Day in WebKit |
| 2023-09-07/a> | Johannes Ullrich | Apple Releases iOS/iPadOS 16.6.1, macOS 13.5.2, watchOS 9.6.2 fixing two zeroday vulnerabilities |
| 2023-06-22/a> | Johannes Ullrich | Apple Patches Exploited Vulnerabilities in iOS/iPadOS, macOS, watchOS and Safari |
| 2023-04-07/a> | Johannes Ullrich | Apple Patching Two 0-Day Vulnerabilities in iOS and macOS |
| 2022-08-17/a> | Johannes Ullrich | Apple Patches Two Exploited Vulnerabilities |
| 2022-02-10/a> | Johannes Ullrich | iOS/iPadOS and MacOS Update: Single WebKit 0-Day Vulnerability Patched |
| 2021-03-03/a> | Johannes Ullrich | Microsoft Releases Exchange Emergency Patch to Fix Actively Exploited Vulnerability |
| 2018-02-01/a> | Johannes Ullrich | Adobe Flash 0-Day Used Against South Korean Targets |
| 2016-08-25/a> | Xavier Mertens | Out-of-Band iOS Patch Fixes 0-Day Vulnerabilities |
| 2016-04-06/a> | Bojan Zdrnja | YAFP (Yet Another Flash Patch) |
| 2015-02-05/a> | Johannes Ullrich | Adobe Flash Player Update Released, Fixing CVE 2015-0313 |
| 2015-01-23/a> | Adrien de Beaupre | Infocon change to yellow for Adobe Flash issues |
| 2014-07-28/a> | Johannes Ullrich | Interesting HTTP User Agent "chroot-apach0day" |
| 2014-05-21/a> | John Bambenek | New, Unpatched IE 0 Day published at ZDI |
| 2013-08-28/a> | Bojan Zdrnja | MS13-056 (false positive)? alerts |
| 2013-05-09/a> | John Bambenek | Adobe Releases 0-day Security Advisory for Coldfusion, Exploit Code Available. Advisory here: http://www.adobe.com/support/security/advisories/apsa13-03.html |
| 2013-02-07/a> | John Bambenek | Adobe Releases Patches for 0-day Vulnerability in Flash Player for Windows and Mac, Upgrade now: http://www.adobe.com/support/security/bulletins/apsb13-04.html |
| 2011-12-29/a> | Richard Porter | ASP.Net Vulnerability |
| 2011-11-16/a> | Jason Lam | Potential 0-day on Bind 9 |
| 2011-05-06/a> | Richard Porter | Unpatched Exploit: Skype for MAC |
| 2010-12-22/a> | John Bambenek | IIS 7.5 0-Day DoS (processing FTP requests) |
| 2010-11-24/a> | Bojan Zdrnja | Privilege escalation 0-day in almost all Windows versions |
| 2010-11-01/a> | Manuel Humberto Santander Pelaez | CVE-2010-3654 exploit in the wild |
| 2010-10-28/a> | Manuel Humberto Santander Pelaez | CVE-2010-3654 - New dangerous 0-day authplay library adobe products vulnerability |
| 2010-10-26/a> | Pedro Bueno | Firefox news |
| 2010-03-01/a> | Mark Hofman | IE 0-day using .hlp files |
| 2010-02-09/a> | Adrien de Beaupre | When is a 0day not a 0day? Samba symlink bad default config |
| 2010-01-14/a> | Bojan Zdrnja | 0-day vulnerability in Internet Explorer 6, 7 and 8 |
| 2010-01-12/a> | Johannes Ullrich | Pre-Announced Adobe Reader and Acrobat Patch Found! |
| 2010-01-07/a> | Daniel Wesemann | Static analysis of malicious PDFs |
| 2010-01-07/a> | Daniel Wesemann | Static analysis of malicous PDFs (Part #2) |
| 2009-12-27/a> | Patrick Nolan | Pressure increasing for Microsoft to patch IIS 0 day |
| 2009-12-15/a> | Johannes Ullrich | Adobe 0-day in the wild - again |
| 2009-11-22/a> | Marcus Sachs | IE6 and IE7 0-Day Reported |
| 2009-09-08/a> | Adrien de Beaupre | Microsoft Security Advisory 975191 Revised |
| 2009-09-04/a> | Adrien de Beaupre | Vulnerabilities (plural) in MS IIS FTP Service 5.0, 5.1. 6.0, 7.0 |
| 2009-08-31/a> | Pedro Bueno | Microsoft IIS 5/6 FTP 0Day released |
| 2009-07-22/a> | Bojan Zdrnja | YA0D (Yet Another 0-Day) in Adobe Flash player |
| 2009-07-17/a> | Bojan Zdrnja | A new fascinating Linux kernel vulnerability |
| 2009-04-29/a> | Jason Lam | Two Adobe 0-day vulnerabilities |
| 2009-03-18/a> | Adrien de Beaupre | Adobe Security Bulletin Adobe Reader and Acrobat |
| 2009-02-25/a> | Andre Ludwig | Adobe Acrobat pdf 0-day exploit, No JavaScript needed! |
| 2008-12-12/a> | Johannes Ullrich | MSIE 0-day Spreading Via SQL Injection |
| 2008-12-12/a> | Kevin Liston | IE7 0day expanded to include IE6 and IE8(beta) |
| 2008-12-10/a> | Bojan Zdrnja | 0-day exploit for Internet Explorer in the wild |
| 2006-11-29/a> | Toby Kohlenberg | Week of Oracle bugs cancelled |
| 2006-09-28/a> | Swa Frantzen | Powerpoint, yet another new vulnerability |
| 2006-09-28/a> | Swa Frantzen | MSIE: One patched, one pops up again (setslice) |
| 2006-09-22/a> | Swa Frantzen | Yellow: MSIE VML exploit spreading |
| 2006-09-19/a> | Swa Frantzen | Yet another MSIE 0-day: VML |
| 2006-09-15/a> | Swa Frantzen | MSIE DirectAnimation ActiveX 0-day update |
NOT |
| 2024-04-17/a> | Xavier Mertens | Malicious PDF File Used As Delivery Mechanism |
| 2023-08-21/a> | Xavier Mertens | Quick Malware Triage With Inotify Tools |
| 2023-03-02/a> | Didier Stevens | YARA: Detect The Unexpected ... |
| 2023-02-05/a> | Didier Stevens | Video: Analyzing Malicious OneNote Documents |
| 2023-02-01/a> | Didier Stevens | Detecting (Malicious) OneNote Files |
| 2023-01-25/a> | Xavier Mertens | A First Malicious OneNote Document |
| 2022-12-20/a> | Xavier Mertens | Linux File System Monitoring & Actions |
| 2022-09-18/a> | Didier Stevens | Video: Grep & Tail -f With Notepad++ |
| 2022-09-05/a> | Didier Stevens | Quickie: Grep & Tail -f With Notepad++ |
| 2022-07-05/a> | Jan Kopriva | EternalBlue 5 years after WannaCry and NotPetya |
| 2022-06-24/a> | Xavier Mertens | Python (ab)using The Windows GUI |
| 2018-06-16/a> | Russ McRee | Anomaly Detection & Threat Hunting with Anomalize |
| 2017-06-28/a> | Brad Duncan | Petya? I hardly know ya! - an ISC update on the 2017-06-27 ransomware outbreak |
| 2015-04-08/a> | Tom Webb | Is it a breach or not? |
| 2014-06-28/a> | Mark Hofman | No more Microsoft advisory email notifications? |
| 2013-10-05/a> | Richard Porter | Adobe Breach Notification, Notifications? |
| 2013-04-04/a> | Johannes Ullrich | Microsoft April Patch Tuesday Advance Notification |
| 2013-03-29/a> | Chris Mohan | Does your breach email notification look like a phish? |
| 2013-03-02/a> | Scott Fendley | Evernote Security Issue |
| 2013-01-15/a> | Russ McRee | Cisco introducing Cisco Security Notices 16 JAN 2013 |
| 2012-07-05/a> | Adrien de Beaupre | Microsoft advanced notification for July 2012 patch Tuesday |
| 2012-05-22/a> | Johannes Ullrich | The "Do Not Track" header |
| 2011-12-08/a> | Adrien de Beaupre | Microsoft Security Bulletin Advance Notification for December 2011 |
| 2011-09-20/a> | Swa Frantzen | Diginotar declared bankrupt |
| 2011-09-19/a> | Guy Bruneau | MS Security Advisory Update - Fraudulent DigiNotar Certificates |
| 2011-09-15/a> | Swa Frantzen | DigiNotar looses their accreditation for qualified certificates |
| 2011-09-13/a> | Swa Frantzen | More DigiNotar intermediate certificates blocklisted at Microsoft |
| 2011-09-07/a> | Lenny Zeltser | GlobalSign Temporarily Stops Issuing Certificates to Investigate a Potential Breach |
| 2011-09-06/a> | Swa Frantzen | DigiNotar audit - intermediate report available |
| 2011-09-06/a> | Johannes Ullrich | Microsoft Releases Diginotar Related Patch and Advisory |
| 2011-09-01/a> | Swa Frantzen | DigiNotar breach - the story so far |
| 2011-08-31/a> | Johannes Ullrich | Firefox/Thunderbird 6.0.1 released to blocklist bad DigiNotar SSL certificates |
| 2011-07-29/a> | Richard Porter | Apple Lion talking on TCP 5223 |
| 2011-06-21/a> | Chris Mohan | StartSSL, a web authentication authority, suspend services after a security breach |
| 2011-04-28/a> | Chris Mohan | DSL Reports advise 9,000 accounts were compromised |
| 2011-04-03/a> | Richard Porter | Extreme Disclosure? Not yet but a great trend! |
| 2010-02-09/a> | Adrien de Beaupre | When is a 0day not a 0day? Samba symlink bad default config |
| 2009-11-05/a> | Swa Frantzen | RIM fixes random code execution vulnerability |
| 2009-07-23/a> | John Bambenek | Missouri Passes Breach Notification Law: Gap Still Exists for Banking Account Information |
| 2009-04-24/a> | John Bambenek | Data Leak Prevention: Proactive Security Requirements of Breach Notification Laws |
| 2008-04-08/a> | Swa Frantzen | Notes file viewer vulnerabilities |
A |
| 2025-04-29/a> | Guy Bruneau | Web Scanning Sonicwall for CVE-2021-20016 |
| 2025-04-25/a> | Xavier Mertens | Example of a Payload Delivered Through Steganography |
| 2025-04-24/a> | Johannes Ullrich | Attacks against Teltonika Networks SMS Gateways |
| 2025-04-23/a> | Jesse La Grew | Honeypot Iptables Maintenance and DShield-SIEM Logging |
| 2025-04-21/a> | Jan Kopriva | It's 2025... so why are obviously malicious advertising URLs still going strong? |
| 2025-04-16/a> | Guy Bruneau | RedTail, Remnux and Malware Management [Guest Diary] |
| 2025-04-15/a> | Xavier Mertens | Online Services Again Abused to Exfiltrate Data |
| 2025-04-12/a> | Johannes Ullrich | Exploit Attempts for Recent Langflow AI Vulnerability (CVE-2025-3248) |
| 2025-04-09/a> | Xavier Mertens | Obfuscated Malicious Python Scripts with PyArmor |
| 2025-04-09/a> | Guy Bruneau | Network Infraxploit [Guest Diary] |
| 2025-04-06/a> | Johannes Ullrich | New SSH Username Report |
| 2025-04-02/a> | Guy Bruneau | Exploring Statistical Measures to Predict URLs as Legitimate or Intrusive [Guest Diary] |
| 2025-03-31/a> | Johannes Ullrich | Apache Camel Exploit Attempt by Vulnerability Scan (CVE-2025-27636, CVE-2025-29891) |
| 2025-03-31/a> | Johannes Ullrich | Apple Patches Everything: March 31st 2025 Edition |
| 2025-03-27/a> | Johannes Ullrich | Sitecore "thumbnailsaccesstoken" Deserialization Scans (and some new reports) CVE-2025-27218 |
| 2025-03-26/a> | Jesse La Grew | [Guest Diary] Leveraging CNNs and Entropy-Based Feature Selection to Identify Potential Malware Artifacts of Interest |
| 2025-03-23/a> | Johannes Ullrich | Let's Talk About HTTP Headers. |
| 2025-03-20/a> | Johannes Ullrich | Some new Data Feeds, and a little "incident". |
| 2025-03-18/a> | Xavier Mertens | Python Bot Delivered Through DLL Side-Loading |
| 2025-03-12/a> | Johannes Ullrich | Scans for VMWare Hybrid Cloud Extension (HCX) API (Log4j - not brute forcing) |
| 2025-03-12/a> | Guy Bruneau | File Hashes Analysis with Power BI from Data Stored in DShield SIEM |
| 2025-03-11/a> | Johannes Ullrich | Microsoft Patch Tuesday: March 2025 |
| 2025-03-11/a> | Johannes Ullrich | Apple Fixes Exploited WebKit Vulnerability in iOS, MacOS, visionOS and Safari |
| 2025-03-10/a> | Xavier Mertens | Shellcode Encoded in UUIDs |
| 2025-03-06/a> | Guy Bruneau | DShield Traffic Analysis using ELK |
| 2025-02-27/a> | Xavier Mertens | Njrat Campaign Using Microsoft Dev Tunnels |
| 2025-02-26/a> | Jesse La Grew | [Guest Diary] Malware Source Servers: The Threat of Attackers Using Ephemeral Ports as Service Ports to Upload Data |
| 2025-02-20/a> | Guy Bruneau | Using ES|QL in Kibana to Queries DShield Honeypot Logs |
| 2025-02-19/a> | Xavier Mertens | XWorm Cocktail: A Mix of PE data with PowerShell Code |
| 2025-02-18/a> | Russ McRee | https://SecTemplates.com - simplified, free open-source templates to enable engineering and smaller security teams to bootstrap security capabilities for their organizations |
| 2025-02-17/a> | Russ McRee | ModelScan - Protection Against Model Serialization Attacks |
| 2025-02-15/a> | Xavier Mertens | The Danger of IP Volatility |
| 2025-02-14/a> | Xavier Mertens | Fake BSOD Delivered by Malicious Python Script |
| 2025-02-13/a> | Guy Bruneau | DShield SIEM Docker Updates |
| 2025-02-12/a> | Yee Ching Tok | An ontology for threats, cybercrime and digital forensic investigation on Smart City Infrastructure |
| 2025-02-06/a> | Xavier Mertens | The Unbreakable Multi-Layer Anti-Debugging System |
| 2025-02-06/a> | Johannes Ullrich | My Very Personal Guidance and Strategies to Protect Network Edge Devices |
| 2025-02-05/a> | Johannes Ullrich | Phishing via "com-" prefix domains |
| 2025-01-30/a> | Guy Bruneau | PCAPs or It Didn't Happen: Exposing an Old Netgear Vulnerability Still Active in 2025 [Guest Diary] |
| 2025-01-29/a> | Xavier Mertens | From PowerShell to a Python Obfuscation Race! |
| 2025-01-28/a> | Xavier Mertens | Fileless Python InfoStealer Targeting Exodus |
| 2025-01-24/a> | Jesse La Grew | [Guest Diary] How Access Brokers Maintain Persistence |
| 2025-01-22/a> | Johannes Ullrich | Catching CARP: Fishing for Firewall States in PFSync Traffic |
| 2025-01-21/a> | Johannes Ullrich | Geolocation and Starlink |
| 2025-01-17/a> | Guy Bruneau | Leveraging Honeypot Data for Offensive Security Operations [Guest Diary] |
| 2025-01-16/a> | Jesse La Grew | Extracting Practical Observations from Impractical Datasets |
| 2025-01-13/a> | Johannes Ullrich | Hikvision Password Reset Brute Forcing |
| 2025-01-09/a> | Guy Bruneau | Examining Redtail Analyzing a Sophisticated Cryptomining Malware and its Advanced Tactics [Guest Diary] |
| 2025-01-07/a> | Yee Ching Tok | PacketCrypt Classic Cryptocurrency Miner on PHP Servers |
| 2025-01-06/a> | Xavier Mertens | Make Malware Happy |
| 2025-01-03/a> | Xavier Mertens | SwaetRAT Delivery Through Python |
| 2025-01-02/a> | Xavier Mertens | Goodware Hash Sets |
| 2024-12-31/a> | Xavier Mertens | No Holiday Season for Attackers |
| 2024-12-27/a> | Guy Bruneau | Phishing for Banking Information |
| 2024-12-26/a> | Jesse La Grew | Capturing Honeypot Data Beyond the Logs |
| 2024-12-24/a> | Xavier Mertens | More SSH Fun! |
| 2024-12-23/a> | Xavier Mertens | Modiloader From Obfuscated Batch File |
| 2024-12-20/a> | Xavier Mertens | Christmas "Gift" Delivered Through SSH |
| 2024-12-18/a> | Jesse La Grew | [Guest Diary] A Deep Dive into TeamTNT and Spinning YARN |
| 2024-12-17/a> | Xavier Mertens | Python Delivering AnyDesk Client as RAT |
| 2024-12-17/a> | Guy Bruneau | Command Injection Exploit For PHPUnit before 4.8.28 and 5.x before 5.6.3 [Guest Diary] |
| 2024-12-15/a> | Johannes Ullrich | Exploit attempts inspired by recent Struts2 File Upload Vulnerability (CVE-2024-53677, CVE-2023-50164) |
| 2024-12-11/a> | Guy Bruneau | Vulnerability Symbiosis: vSphere?s CVE-2024-38812 and CVE-2024-38813 [Guest Diary] |
| 2024-12-11/a> | Johannes Ullrich | Apple Updates Everything (iOS, iPadOS, macOS, watchOS, tvOS, visionOS) |
| 2024-12-10/a> | Johannes Ullrich | Microsoft Patch Tuesday: December 2024 |
| 2024-12-05/a> | Jesse La Grew | [Guest Diary] Business Email Compromise |
| 2024-11-30/a> | Xavier Mertens | From a Regular Infostealer to its Obfuscated Version |
| 2024-11-26/a> | Jesse La Grew | [Guest Diary] Using Zeek, Snort, and Grafana to Detect Crypto Mining Malware |
| 2024-11-26/a> | Guy Bruneau | SANS ISC Internship Setup: AWS DShield Sensor + DShield SIEM [Guest Diary] |
| 2024-11-22/a> | Xavier Mertens | An Infostealer Searching for « BIP-0039 » Data |
| 2024-11-19/a> | Xavier Mertens | Detecting the Presence of a Debugger in Linux |
| 2024-11-18/a> | Johannes Ullrich | Exploit attempts for unpatched Citrix vulnerability |
| 2024-11-17/a> | Johannes Ullrich | Ancient TP-Link Backdoor Discovered by Attackers |
| 2024-11-07/a> | Xavier Mertens | Steam Account Checker Poisoned with Infostealer |
| 2024-11-05/a> | Xavier Mertens | Python RAT with a Nice Screensharing Feature |
| 2024-10-31/a> | Guy Bruneau | October 2024 Activity with Username chenzilong |
| 2024-10-28/a> | Johannes Ullrich | Apple Updates Everything |
| 2024-10-17/a> | Guy Bruneau | Scanning Activity from Subnet 15.184.0.0/16 |
| 2024-10-16/a> | Johannes Ullrich | The Top 10 Not So Common SSH Usernames and Passwords |
| 2024-10-15/a> | Johannes Ullrich | Angular-base64-update Demo Script Exploited (CVE-2024-42640) |
| 2024-10-15/a> | Johannes Ullrich | A Network Nerd's Take on Emergency Preparedness |
| 2024-10-09/a> | Xavier Mertens | From Perfctl to InfoStealer |
| 2024-10-07/a> | Xavier Mertens | macOS Sequoia: System/Network Admins, Hold On! |
| 2024-10-03/a> | Guy Bruneau | Kickstart Your DShield Honeypot [Guest Diary] |
| 2024-09-26/a> | Johannes Ullrich | Patch for Critical CUPS vulnerability: Don't Panic |
| 2024-09-25/a> | Johannes Ullrich | DNS Reflection Update and Odd Corrupted DNS Requests |
| 2024-09-25/a> | Guy Bruneau | OSINT - Image Analysis or More Where, When, and Metadata [Guest Diary] |
| 2024-09-24/a> | Johannes Ullrich | Exploitation of RAISECOM Gateway Devices Vulnerability CVE-2024-7120 |
| 2024-09-18/a> | Guy Bruneau | Time-to-Live Analysis of DShield Data with Vega-Lite |
| 2024-09-18/a> | Xavier Mertens | Python Infostealer Patching Windows Exodus App |
| 2024-09-17/a> | Xavier Mertens | 23:59, Time to Exfiltrate! |
| 2024-09-16/a> | Xavier Mertens | Managing PE Files With Overlays |
| 2024-09-13/a> | Jesse La Grew | Finding Honeypot Data Clusters Using DBSCAN: Part 2 |
| 2024-09-11/a> | Xavier Mertens | Python Libraries Used for Malicious Purposes |
| 2024-09-11/a> | Guy Bruneau | Hygiene, Hygiene, Hygiene! [Guest Diary] |
| 2024-09-06/a> | Jesse La Grew | Enrichment Data: Keeping it Fresh |
| 2024-09-04/a> | Guy Bruneau | Attack Surface [Guest Diary] |
| 2024-08-30/a> | Jesse La Grew | Simulating Traffic With Scapy |
| 2024-08-29/a> | Xavier Mertens | Live Patching DLLs with Python |
| 2024-08-27/a> | Xavier Mertens | Why Is Python so Popular to Infect Windows Hosts? |
| 2024-08-27/a> | Guy Bruneau | Vega-Lite with Kibana to Parse and Display IP Activity over Time |
| 2024-08-26/a> | Xavier Mertens | From Highly Obfuscated Batch File to XWorm and Redline |
| 2024-08-23/a> | Jesse La Grew | Pandas Errors: What encoding are my logs in? |
| 2024-08-22/a> | Johannes Ullrich | OpenAI Scans for Honeypots. Artificially Malicious? Action Abuse? |
| 2024-08-20/a> | Guy Bruneau | Mapping Threats with DNSTwist and the Internet Storm Center [Guest Diary] |
| 2024-08-19/a> | Xavier Mertens | Do you Like Donuts? Here is a Donut Shellcode Delivered Through PowerShell/Python |
| 2024-08-16/a> | Jesse La Grew | [Guest Diary] 7 minutes and 4 steps to a quick win: A write-up on custom tools |
| 2024-08-14/a> | Xavier Mertens | Multiple Malware Dropped Through MSI Package |
| 2024-08-07/a> | Guy Bruneau | Same Scripts, Different Day: What My DShield Honeypot Taught Me About the Importance of Security Fundamentals [Guest Diary] |
| 2024-08-01/a> | Johannes Ullrich | Tracking Proxy Scans with IPv4.Games |
| 2024-07-30/a> | Johannes Ullrich | Apple Patches Everything. July 2024 Edition |
| 2024-07-26/a> | Xavier Mertens | ExelaStealer Delivered "From Russia With Love" |
| 2024-07-25/a> | Xavier Mertens | XWorm Hidden With Process Hollowing |
| 2024-07-24/a> | Xavier Mertens | "Mouse Logger" Malicious Python Script |
| 2024-07-23/a> | Johannes Ullrich | New Exploit Variation Against D-Link NAS Devices (CVE-2024-3273) |
| 2024-07-16/a> | Jan Kopriva | "Reply-chain phishing" with a twist |
| 2024-07-16/a> | Guy Bruneau | Who You Gonna Call? AndroxGh0st Busters! [Guest Diary] |
| 2024-07-13/a> | Didier Stevens | 16-bit Hash Collisions in .xls Spreadsheets |
| 2024-07-10/a> | Jesse La Grew | Finding Honeypot Data Clusters Using DBSCAN: Part 1 |
| 2024-07-09/a> | Johannes Ullrich | Microsoft Patch Tuesday July 2024 |
| 2024-07-08/a> | Xavier Mertens | Kunai: Keep an Eye on your Linux Hosts Activity |
| 2024-06-26/a> | Guy Bruneau | What Setting Live Traps for Cybercriminals Taught Me About Security [Guest Diary] |
| 2024-06-20/a> | Guy Bruneau | No Excuses, Free Tools to Help Secure Authentication in Ubuntu Linux [Guest Diary] |
| 2024-06-17/a> | Xavier Mertens | New NetSupport Campaign Delivered Through MSIX Packages |
| 2024-06-13/a> | Guy Bruneau | The Art of JQ and Command-line Fu [Guest Diary] |
| 2024-06-11/a> | Johannes Ullrich | Microsoft Patch Tuesday June 2024 |
| 2024-06-06/a> | Xavier Mertens | Malicious Python Script with a "Best Before" Date |
| 2024-06-04/a> | Johannes Ullrich | No-Defender, Yes-Defender |
| 2024-06-03/a> | Didier Stevens | A Wireshark Lua Dissector for Fixed Field Length Protocols |
| 2024-05-31/a> | Xavier Mertens | "K1w1" InfoStealer Uses gofile.io for Exfiltration |
| 2024-05-30/a> | Xavier Mertens | Feeding MISP with OSSEC |
| 2024-05-28/a> | Guy Bruneau | Is that It? Finding the Unknown: Correlations Between Honeypot Logs & PCAPs [Guest Diary] |
| 2024-05-27/a> | Jan Kopriva | Files with TXZ extension used as malspam attachments |
| 2024-05-22/a> | Guy Bruneau | Analysis of ?redtail? File Uploads to ICS Honeypot, a Multi-Architecture Coin Miner [Guest Diary] |
| 2024-05-22/a> | Rob VandenBrink | NMAP Scanning without Scanning (Part 2) - The ipinfo API |
| 2024-05-21/a> | Rob VandenBrink | Scanning without Scanning with NMAP (APIs FTW) |
| 2024-05-16/a> | Rob VandenBrink | Why yq? Adventures in XML |
| 2024-05-15/a> | Rob VandenBrink | Got MFA? If not, Now is the Time! |
| 2024-05-08/a> | Xavier Mertens | Analyzing Synology Disks on Linux |
| 2024-05-06/a> | Johannes Ullrich | Detecting XFinity/Comcast DNS Spoofing |
| 2024-04-30/a> | Johannes Ullrich | Another Day, Another NAS: Attacks against Zyxel NAS326 devices CVE-2023-4473, CVE-2023-4474 |
| 2024-04-29/a> | Johannes Ullrich | D-Link NAS Device Backdoor Abused |
| 2024-04-29/a> | Guy Bruneau | Linux Trojan - Xorddos with Filename eyshcjdmzg |
| 2024-04-25/a> | Jesse La Grew | Does it matter if iptables isn't running on my honeypot? |
| 2024-04-22/a> | Jan Kopriva | It appears that the number of industrial devices accessible from the internet has risen by 30 thousand over the past three years |
| 2024-04-17/a> | Xavier Mertens | Malicious PDF File Used As Delivery Mechanism |
| 2024-04-16/a> | Yee Ching Tok | Rolling Back Packages on Ubuntu/Debian |
| 2024-04-15/a> | Johannes Ullrich | Quick Palo Alto Networks Global Protect Vulnerablity Update (CVE-2024-3400) |
| 2024-04-13/a> | Johannes Ullrich | Critical Palo Alto GlobalProtect Vulnerability Exploited (CVE-2024-3400) |
| 2024-04-11/a> | Yee Ching Tok | Evolution of Artificial Intelligence Systems and Ensuring Trustworthiness |
| 2024-04-07/a> | Guy Bruneau | A Use Case for Adding Threat Hunting to Your Security Operations Team. Detecting Adversaries Abusing Legitimate Tools in A Customer Environment. [Guest Diary] |
| 2024-04-01/a> | Bojan Zdrnja | The amazingly scary xz sshd backdoor |
| 2024-03-31/a> | Didier Stevens | Wireshark 4.2.4 Released |
| 2024-03-29/a> | Xavier Mertens | Quick Forensics Analysis of Apache logs |
| 2024-03-28/a> | Xavier Mertens | From JavaScript to AsyncRAT |
| 2024-03-19/a> | Johannes Ullrich | Attacker Hunting Firewalls |
| 2024-03-17/a> | Guy Bruneau | Gamified Learning: Using Capture the Flag Challenges to Supplement Cybersecurity Training [Guest Diary] |
| 2024-03-14/a> | Jan Kopriva | Increase in the number of phishing messages pointing to IPFS and to R2 buckets |
| 2024-03-13/a> | Xavier Mertens | Using ChatGPT to Deobfuscate Malicious Scripts |
| 2024-03-12/a> | Johannes Ullrich | Microsoft Patch Tuesday - March 2024 |
| 2024-03-10/a> | Guy Bruneau | What happens when you accidentally leak your AWS API keys? [Guest Diary] |
| 2024-03-07/a> | Jesse La Grew | [Guest Diary] AWS Deployment Risks - Configuration and Credential File Targeting |
| 2024-03-06/a> | Bojan Zdrnja | Scanning and abusing the QUIC protocol |
| 2024-03-05/a> | Johannes Ullrich | Apple Releases iOS/iPadOS Updates with Zero Day Fixes. |
| 2024-03-03/a> | Guy Bruneau | Capturing DShield Packets with a LAN Tap [Guest Diary] |
| 2024-02-29/a> | Jesse La Grew | [Guest Diary] Dissecting DarkGate: Modular Malware Delivery and Persistence as a Service. |
| 2024-02-28/a> | Johannes Ullrich | Exploit Attempts for Unknown Password Reset Vulnerability |
| 2024-02-25/a> | Guy Bruneau | Utilizing the VirusTotal API to Query Files Uploaded to DShield Honeypot [Guest Diary] |
| 2024-02-22/a> | Johannes Ullrich | Large AT&T Wireless Network Outage #att #outage |
| 2024-02-21/a> | Jan Kopriva | Phishing pages hosted on archive.org |
| 2024-02-20/a> | Xavier Mertens | Python InfoStealer With Dynamic Sandbox Detection |
| 2024-02-18/a> | Guy Bruneau | Mirai-Mirai On The Wall... [Guest Diary] |
| 2024-02-12/a> | Johannes Ullrich | Exploit against Unnamed "Bytevalue" router vulnerability included in Mirai Bot |
| 2024-02-09/a> | Xavier Mertens | MSIX With Heavily Obfuscated PowerShell Script |
| 2024-02-08/a> | Xavier Mertens | A Python MP3 Player with Builtin Keylogger Capability |
| 2024-02-06/a> | Jan Kopriva | Computer viruses are celebrating their 40th birthday (well, 54th, really) |
| 2024-02-05/a> | Jesse La Grew | Public Information and Email Spam |
| 2024-02-03/a> | Guy Bruneau | DShield Sensor Log Collection with Elasticsearch |
| 2024-01-31/a> | Johannes Ullrich | The Fun and Dangers of Top Level Domains (TLDs) |
| 2024-01-29/a> | Johannes Ullrich | Exploit Flare Up Against Older Altassian Confluence Vulnerability |
| 2024-01-26/a> | Xavier Mertens | A Batch File With Multiple Payloads |
| 2024-01-25/a> | Xavier Mertens | Facebook AdsManager Targeted by a Python Infostealer |
| 2024-01-24/a> | Johannes Ullrich | How Bad User Interfaces Make Security Tools Harmful |
| 2024-01-22/a> | Johannes Ullrich | Apple Updates Everything - New 0 Day in WebKit |
| 2024-01-19/a> | Xavier Mertens | macOS Python Script Replacing Wallet Applications with Rogue Apps |
| 2024-01-18/a> | Johannes Ullrich | More Scans for Ivanti Connect "Secure" VPN. Exploits Public |
| 2024-01-17/a> | Jesse La Grew | Number Usage in Passwords |
| 2024-01-16/a> | Johannes Ullrich | Scans for Ivanti Connect "Secure" VPN Vulnerability (CVE-2023-46805, CVE-2024-21887) |
| 2024-01-12/a> | Xavier Mertens | One File, Two Payloads |
| 2024-01-08/a> | Jesse La Grew | What is that User Agent? |
| 2024-01-07/a> | Guy Bruneau | Suspicious Prometei Botnet Activity |
| 2024-01-06/a> | Xavier Mertens | Are you sure of your password? |
| 2024-01-05/a> | Rob VandenBrink | Netstat, but Better and in PowerShell |
| 2024-01-04/a> | Jim Clausing | Wireshark updates |
| 2024-01-03/a> | Jan Kopriva | Interesting large and small malspam attachments from 2023 |
| 2024-01-02/a> | Johannes Ullrich | Fingerprinting SSH Identification Strings |
| 2023-12-31/a> | Tom Webb | Pi-Hole Pi4 Docker Deployment |
| 2023-12-27/a> | Guy Bruneau | Unveiling the Mirai: Insights into Recent DShield Honeypot Activity [Guest Diary] |
| 2023-12-23/a> | Xavier Mertens | Python Keylogger Using Mailtrap.io |
| 2023-12-22/a> | Xavier Mertens | Shall We Play a Game? |
| 2023-12-20/a> | Guy Bruneau | How to Protect your Webserver from Directory Enumeration Attack ? Apache2 [Guest Diary] |
| 2023-12-16/a> | Xavier Mertens | An Example of RocketMQ Exploit Scanner |
| 2023-12-15/a> | Xavier Mertens | CSharp Payload Phoning to a CobaltStrike Server |
| 2023-12-13/a> | Guy Bruneau | T-shooting Terraform for DShield Honeypot in Azure [Guest Diary] |
| 2023-12-12/a> | Johannes Ullrich | Microsoft Patch Tuesday December 2023 |
| 2023-12-11/a> | Rob VandenBrink | What is sitemap.xml, and Why a Pentester Should Care |
| 2023-12-11/a> | Johannes Ullrich | Apple Patches Everything |
| 2023-12-10/a> | Guy Bruneau | Honeypots: From the Skeptical Beginner to the Tactical Enthusiast |
| 2023-12-06/a> | Jan Kopriva | Whose packet is it anyway: a new RFC for attribution of internet probes |
| 2023-12-06/a> | Guy Bruneau | Revealing the Hidden Risks of QR Codes [Guest Diary] |
| 2023-12-05/a> | Didier Stevens | Cobalt Strike's "Runtime Configuration" |
| 2023-11-30/a> | John Bambenek | Prophetic Post by Intern on CVE-2023-1389 Foreshadows Mirai Botnet Expansion Today |
| 2023-11-27/a> | Guy Bruneau | Decoding the Patterns: Analyzing DShield Honeypot Activity [Guest Diary] |
| 2023-11-25/a> | Didier Stevens | OVA Files |
| 2023-11-25/a> | Didier Stevens | Wireshark 4.2.0 Released |
| 2023-11-22/a> | Guy Bruneau | CVE-2023-1389: A New Means to Expand Botnets |
| 2023-11-18/a> | Xavier Mertens | Quasar RAT Delivered Through Updated SharpLoader |
| 2023-11-17/a> | Jan Kopriva | Phishing page with trivial anti-analysis features |
| 2023-11-15/a> | Xavier Mertens | Redline Dropped Through MSIX Package |
| 2023-11-09/a> | Xavier Mertens | Visual Examples of Code Injection |
| 2023-11-09/a> | Guy Bruneau | Routers Targeted for Gafgyt Botnet [Guest Diary] |
| 2023-11-08/a> | Xavier Mertens | Example of Phishing Campaign Project File |
| 2023-11-06/a> | Johannes Ullrich | Exploit Activity for CVE-2023-22518, Atlassian Confluence Data Center and Server |
| 2023-11-01/a> | Xavier Mertens | Malware Dropped Through a ZPAQ Archive |
| 2023-10-31/a> | Xavier Mertens | Multiple Layers of Anti-Sandboxing Techniques |
| 2023-10-29/a> | Guy Bruneau | Spam or Phishing? Looking for Credentials & Passwords |
| 2023-10-28/a> | Xavier Mertens | Size Matters for Many Security Controls |
| 2023-10-25/a> | Johannes Ullrich | Apple Patches Everything. Releases iOS 17.1, MacOS 14.1 and updates for older versions fixing exploited vulnerability |
| 2023-10-23/a> | Johannes Ullrich | How an AppleTV may take down your (#IPv6) network |
| 2023-10-20/a> | Yee Ching Tok | VMware Releases Security Patches for Fusion, Workstation and Aria Operations for Logs |
| 2023-10-18/a> | Jesse La Grew | Hiding in Hex |
| 2023-10-15/a> | Guy Bruneau | Domain Name Used as Password Captured by DShield Sensor |
| 2023-10-10/a> | Johannes Ullrich | October 2023 Microsoft Patch Tuesday Summary |
| 2023-10-09/a> | Didier Stevens | ZIP's DOSTIME & DOSDATE Formats |
| 2023-10-08/a> | Didier Stevens | Wireshark 4.2.0 First Release Candidate |
| 2023-10-07/a> | Jim Clausing | Wireshark releases 2 updates in one day. Mac users especially will want the latest. |
| 2023-09-30/a> | Xavier Mertens | Simple Netcat Backdoor in Python Script |
| 2023-09-29/a> | Xavier Mertens | Are You Still Storing Passwords In Plain Text Files? |
| 2023-09-26/a> | Johannes Ullrich | Apple Releases MacOS Sonoma Including Numerous Security Patches |
| 2023-09-24/a> | Didier Stevens | YARA Support for .LNK Files |
| 2023-09-23/a> | Guy Bruneau | Scanning for Laravel - a PHP Framework for Web Artisants |
| 2023-09-18/a> | Johannes Ullrich | Internet Wide Multi VPN Search From Single /24 Network |
| 2023-09-11/a> | Johannes Ullrich | Apple fixes 0-Day Vulnerability in Older Operating Systems |
| 2023-09-09/a> | Guy Bruneau | ?Anyone get the ASN of the Truck that Hit Me?!?: Creating a PowerShell Function to Make 3rd Party API Calls for Extending Honeypot Information [Guest Diary] |
| 2023-09-07/a> | Johannes Ullrich | Fleezeware/Scareware Advertised via Facebook Tags; Available in Apple App Store |
| 2023-09-07/a> | Johannes Ullrich | Apple Releases iOS/iPadOS 16.6.1, macOS 13.5.2, watchOS 9.6.2 fixing two zeroday vulnerabilities |
| 2023-09-05/a> | Jesse La Grew | Common usernames submitted to honeypots |
| 2023-09-02/a> | Jesse La Grew | What is the origin of passwords submitted to honeypots? |
| 2023-08-31/a> | Guy Bruneau | Potential Weaponizing of Honeypot Logs [Guest Diary] |
| 2023-08-28/a> | Johannes Ullrich | Home Office / Small Business Hurricane Prep |
| 2023-08-26/a> | Xavier Mertens | macOS: Who?s Behind This Network Connection? |
| 2023-08-25/a> | Xavier Mertens | Python Malware Using Postgresql for C2 Communications |
| 2023-08-23/a> | Xavier Mertens | More Exotic Excel Files Dropping AgentTesla |
| 2023-08-23/a> | Guy Bruneau | How I made a qwerty ?keyboard walk? password generator with ChatGPT [Guest Diary] |
| 2023-08-22/a> | Xavier Mertens | Have You Ever Heard of the Fernet Encryption Algorithm? |
| 2023-08-21/a> | Xavier Mertens | Quick Malware Triage With Inotify Tools |
| 2023-08-20/a> | Guy Bruneau | SystemBC Malware Activity |
| 2023-08-18/a> | Xavier Mertens | From a Zalando Phishing to a RAT |
| 2023-08-16/a> | Yee Ching Tok | A Gentle Reminder: The Evolving Nature of Digital Scams |
| 2023-08-12/a> | Guy Bruneau | DShield Sensor Monitoring with a Docker ELK Stack [Guest Diary] |
| 2023-08-11/a> | Xavier Mertens | Show me All Your Windows! |
| 2023-08-10/a> | Bojan Zdrnja | Some things never change ? such as SQL Authentication ?encryption? |
| 2023-08-04/a> | Xavier Mertens | Are Leaked Credentials Dumps Used by Attackers? |
| 2023-08-03/a> | Jan Kopriva | From small LNK to large malicious BAT file with zero VT score |
| 2023-07-29/a> | Xavier Mertens | Do Attackers Pay More Attention to IPv6? |
| 2023-07-28/a> | Xavier Mertens | ShellCode Hidden with Steganography |
| 2023-07-26/a> | Xavier Mertens | Suspicious IP Addresses Avoided by Malware Samples |
| 2023-07-23/a> | Guy Bruneau | Install & Configure Filebeat on Raspberry Pi ARM64 to Parse DShield Sensor Logs |
| 2023-07-21/a> | Rob VandenBrink | Shodan's API For The (Recon) Win! |
| 2023-07-18/a> | Johannes Ullrich | Exploit Attempts for "Stagil navigation for Jira Menus & Themes" CVE-2023-26255 and CVE-2023-26256 |
| 2023-07-13/a> | Jesse La Grew | DShield Honeypot Maintenance and Data Retention |
| 2023-07-12/a> | Brad Duncan | Loader activity for Formbook "QM18" |
| 2023-07-07/a> | Xavier Mertens | DSSuite (Didier's Toolbox) Docker Image Update |
| 2023-07-06/a> | Jesse La Grew | IDS Comparisons with DShield Honeypot Data |
| 2023-07-01/a> | Russ McRee | Sandfly Security |
| 2023-06-29/a> | Brad Duncan | GuLoader- or DBatLoader/ModiLoader-style infection for Remcos RAT |
| 2023-06-28/a> | Jan Kopriva | Kazakhstan - the world's last SSLv2 superpower... and a country with potentially vulnerable last-mile internet infrastructure |
| 2023-06-27/a> | Xavier Mertens | The Importance of Malware Triage |
| 2023-06-24/a> | Guy Bruneau | Email Spam with Attachment Modiloader |
| 2023-06-23/a> | Xavier Mertens | Word Document with an Online Attached Template |
| 2023-06-22/a> | Brad Duncan | Qakbot (Qbot) activity, obama271 distribution tag |
| 2023-06-22/a> | Johannes Ullrich | Apple Patches Exploited Vulnerabilities in iOS/iPadOS, macOS, watchOS and Safari |
| 2023-06-21/a> | Yee Ching Tok | Analyzing a YouTube Sponsorship Phishing Mail and Malware Targeting Content Creators |
| 2023-06-20/a> | Xavier Mertens | Malicious Code Can Be Anywhere |
| 2023-06-19/a> | Xavier Mertens | Malware Delivered Through .inf File |
| 2023-06-17/a> | Brad Duncan | Formbook from Possible ModiLoader (DBatLoader) |
| 2023-06-16/a> | Xavier Mertens | Another RAT Delivered Through VBS |
| 2023-06-15/a> | Yee Ching Tok | Supervision and Verification in Vulnerability Management |
| 2023-06-11/a> | Guy Bruneau | DShield Honeypot Activity for May 2023 |
| 2023-06-09/a> | Xavier Mertens | Undetected PowerShell Backdoor Disguised as a Profile File |
| 2023-06-05/a> | Johannes Ullrich | Brute Forcing Simple Archive Passwords |
| 2023-05-30/a> | Brad Duncan | Malspam pushes ModiLoader (DBatLoader) infection for Remcos RAT |
| 2023-05-30/a> | Johannes Ullrich | Your Business Data and Machine Learning at Risk: Attacks Against Apache NiFi |
| 2023-05-28/a> | Guy Bruneau | We Can no Longer Ignore the Cost of Cybersecurity |
| 2023-05-26/a> | Xavier Mertens | Using DFIR Techniques To Recover From Infrastructure Outages |
| 2023-05-24/a> | Jesse La Grew | More Data Enrichment for Cowrie Logs |
| 2023-05-24/a> | Tom Webb | IR Case/Alert Management |
| 2023-05-22/a> | Johannes Ullrich | Probes for recent ABUS Security Camera Vulnerability: Attackers keep an eye on everything. |
| 2023-05-20/a> | Xavier Mertens | Phishing Kit Collecting Victim's IP Address |
| 2023-05-19/a> | Xavier Mertens | When the Phisher Messes Up With Encoding |
| 2023-05-17/a> | Xavier Mertens | Increase in Malicious RAR SFX files |
| 2023-05-16/a> | Jesse La Grew | Signals Defense With Faraday Bags & Flipper Zero |
| 2023-05-15/a> | Jan Kopriva | Ongoing Facebook phishing campaign without a sender and (almost) without links |
| 2023-05-14/a> | Guy Bruneau | VMware Aria Operations addresses multiple Local Privilege Escalations and a Deserialization issue |
| 2023-05-09/a> | Russ McRee | Exploratory Data Analysis with CISSM Cyber Attacks Database - Part 2 |
| 2023-05-07/a> | Didier Stevens | Quickly Finding Encoded Payloads in Office Documents |
| 2023-05-04/a> | Xavier Mertens | Infostealer Embedded in a Word Document |
| 2023-05-03/a> | Xavier Mertens | Increased Number of Configuration File Scans |
| 2023-04-29/a> | Didier Stevens | Wireshark 4.0.5 Released |
| 2023-04-28/a> | Xavier Mertens | Quick IOC Scan With Docker |
| 2023-04-27/a> | Johannes Ullrich | SANS.edu Research Journal: Volume 3 |
| 2023-04-22/a> | Didier Stevens | YARA v4.3.1 Release |
| 2023-04-19/a> | Rob VandenBrink | Taking a Bite Out of Password Expiry Helpdesk Calls |
| 2023-04-17/a> | Jan Kopriva | The strange case of Great honeypot of China |
| 2023-04-12/a> | Brad Duncan | Recent IcedID (Bokbot) activity |
| 2023-04-09/a> | Didier Stevens | Chrome's Download Tab: Dangerous Files |
| 2023-04-08/a> | Xavier Mertens | Microsoft Netlogon: Potential Upcoming Impacts of CVE-2022-38023 |
| 2023-04-07/a> | Xavier Mertens | Detecting Suspicious API Usage with YARA Rules |
| 2023-04-07/a> | Johannes Ullrich | Apple Patching Two 0-Day Vulnerabilities in iOS and macOS |
| 2023-04-04/a> | Johannes Ullrich | Analyzing the efile.com Malware "efail" |
| 2023-04-03/a> | Johannes Ullrich | Tax Season Risks |
| 2023-04-02/a> | Didier Stevens | YARA v4.3.0 Release |
| 2023-03-31/a> | Jan Kopriva | Use of X-Frame-Options and CSP frame-ancestors security headers on 1 million most popular domains |
| 2023-03-30/a> | Xavier Mertens | Bypassing PowerShell Strong Obfuscation |
| 2023-03-28/a> | Jesse La Grew | Network Data Collector Placement Makes a Difference |
| 2023-03-27/a> | Johannes Ullrich | Apple Updates Everything (including Studio Display) |
| 2023-03-26/a> | Didier Stevens | Extra: "String Obfuscation: Character Pair Reversal" |
| 2023-03-25/a> | Guy Bruneau | Microsoft Released an Update for Windows Snipping Tool Vulnerability |
| 2023-03-22/a> | Didier Stevens | Windows 11 Snipping Tool Privacy Bug: Inspecting PNG Files |
| 2023-03-21/a> | Didier Stevens | String Obfuscation: Character Pair Reversal |
| 2023-03-20/a> | Xavier Mertens | From Phishing Kit To Telegram... or Not! |
| 2023-03-18/a> | Xavier Mertens | Old Backdoor, New Obfuscation |
| 2023-03-16/a> | Xavier Mertens | Simple Shellcode Dissection |
| 2023-03-12/a> | Guy Bruneau | AsynRAT Trojan - Bill Payment (Pago de la factura) |
| 2023-03-11/a> | Xavier Mertens | Overview of a Mirai Payload Generator |
| 2023-03-07/a> | Johannes Ullrich | Hackers Love This VSCode Extension: What You Can Do to Stay Safe |
| 2023-03-02/a> | Didier Stevens | YARA: Detect The Unexpected ... |
| 2023-03-01/a> | Xavier Mertens | Python Infostealer Targeting Gamers |
| 2023-02-28/a> | Brad Duncan | BB17 distribution Qakbot (Qbot) activity |
| 2023-02-25/a> | Didier Stevens | Crypto Inside a Browser |
| 2023-02-24/a> | Brad Duncan | URL files and WebDAV used for IcedID (Bokbot) infection |
| 2023-02-22/a> | Johannes Ullrich | Internet Wide Scan Fingerprinting Confluence Servers |
| 2023-02-21/a> | Xavier Mertens | Phishing Page Branded with Your Corporate Website |
| 2023-02-18/a> | Guy Bruneau | Spear Phishing Handlers for Username/Password |
| 2023-02-15/a> | Rob VandenBrink | DNS Recon Redux - Zone Transfers (plus a time machine) for When You Can't do a Zone Transfer |
| 2023-02-14/a> | Johannes Ullrich | Microsoft February 2023 Patch Tuesday |
| 2023-02-12/a> | Jesse La Grew | PCAP Data Analysis with Zeek |
| 2023-02-10/a> | Xavier Mertens | Obfuscated Deactivation of Script Block Logging |
| 2023-02-09/a> | Xavier Mertens | A Backdoor with Smart Screenshot Capability |
| 2023-02-06/a> | Johannes Ullrich | APIs Used by Bots to Detect Public IP address |
| 2023-02-05/a> | Didier Stevens | Video: Analyzing Malicious OneNote Documents |
| 2023-02-04/a> | Guy Bruneau | Assemblyline as a Malware Analysis Sandbox |
| 2023-02-03/a> | Jim Clausing | VMware workstation 17.0.1 fixes arbitrary file deletion issue - https://www.vmware.com/security/advisories/VMSA-2023-0003.html |
| 2023-02-01/a> | Didier Stevens | Detecting (Malicious) OneNote Files |
| 2023-02-01/a> | Jesse La Grew | Rotating Packet Captures with pfSense |
| 2023-01-31/a> | Jesse La Grew | DShield Honeypot Setup with pfSense |
| 2023-01-28/a> | Didier Stevens | Sysinternals Updates: RDCMan v2.92, Sysmon v14.14, and ZoomIt v6.12 |
| 2023-01-25/a> | Xavier Mertens | A First Malicious OneNote Document |
| 2023-01-24/a> | Johannes Ullrich | Apple Updates (almost) Everything: Patch Overview |
| 2023-01-23/a> | Xavier Mertens | Who's Resolving This Domain? |
| 2023-01-22/a> | Didier Stevens | Wireshark 4.0.3 Released |
| 2023-01-21/a> | Guy Bruneau | DShield Sensor JSON Log to Elasticsearch |
| 2023-01-19/a> | Jan Kopriva | SPF and DMARC use on 100k most popular domains |
| 2023-01-17/a> | Johannes Ullrich | Packet Tuesday: IPv6 Router Advertisements https://www.youtube.com/watch?v=uRWpB_lYIZ8 |
| 2023-01-16/a> | Johannes Ullrich | PSA: Why you must run an ad blocker when using Google |
| 2023-01-15/a> | Johannes Ullrich | Elon Musk Themed Crypto Scams Flooding YouTube Today |
| 2023-01-12/a> | Russ McRee | Prowler v3: AWS & Azure security assessments |
| 2023-01-11/a> | Jan Kopriva | Passive detection of internet-connected systems affected by vulnerabilities from the CISA KEV catalog |
| 2023-01-08/a> | Guy Bruneau | DShield Sensor JSON Log Analysis |
| 2023-01-07/a> | Didier Stevens | YARA v4.3.0-rc1 --skip-larger |
| 2023-01-06/a> | Xavier Mertens | AutoIT Remains Popular in the Malware Landscape |
| 2023-01-05/a> | Brad Duncan | More Brazil malspam pushing Astaroth (Guildma) in January 2023 |
| 2023-01-04/a> | Rob VandenBrink | Update to RTRBK - Diff and File Dates in PowerShell |
| 2023-01-02/a> | Xavier Mertens | NetworkMiner 2.8 Released |
| 2022-12-31/a> | Didier Stevens | YARA v4.3.0-rc1 --print-xor-key |
| 2022-12-30/a> | Jan Kopriva | SPF and DMARC use on GOV domains in different ccTLDs |
| 2022-12-29/a> | Jesse La Grew | Opening the Door for a Knock: Creating a Custom DShield Listener |
| 2022-12-28/a> | Rob VandenBrink | Playing with Powershell and JSON (and Amazon and Firewalls) |
| 2022-12-22/a> | Guy Bruneau | Exchange OWASSRF Exploited for Remote Code Execution |
| 2022-12-21/a> | Guy Bruneau | DShield Sensor Setup in Azure |
| 2022-12-19/a> | Xavier Mertens | Hunting for Mastodon Servers |
| 2022-12-18/a> | Guy Bruneau | Infostealer Malware with Double Extension |
| 2022-12-10/a> | Didier Stevens | Open Now: 2022 SANS Holiday Hack Challenge & KringleCon |
| 2022-12-07/a> | Jim Clausing | Wireshark 4.0.2 and 3.6.10 released |
| 2022-12-05/a> | Didier Stevens | VLC's Check For Updates: No Updates? |
| 2022-12-03/a> | Guy Bruneau | Linux LOLBins Applications Available in Windows |
| 2022-12-02/a> | Brad Duncan | obama224 distribution Qakbot tries .vhd (virtual hard disk) images |
| 2022-11-29/a> | Johannes Ullrich | Identifying Groups of "Bot" Accounts on LinkedIn |
| 2022-11-29/a> | Johannes Ullrich | Packet Tuesday Episode 3: TCP Urgent Flag. https://packettuesday.com |
| 2022-11-28/a> | Johannes Ullrich | Ukraine Themed Twitter Spam Pushing iOS Scareware |
| 2022-11-19/a> | Guy Bruneau | McAfee Fake Antivirus Phishing Campaign is Back! |
| 2022-11-14/a> | Jesse La Grew | Extracting 'HTTP CONNECT' Requests with Python |
| 2022-11-10/a> | Xavier Mertens | Do you collect "Observables" or "IOCs"? |
| 2022-11-09/a> | Xavier Mertens | Another Script-Based Ransomware |
| 2022-11-05/a> | Guy Bruneau | Windows Malware with VHD Extension |
| 2022-11-04/a> | Xavier Mertens | Remcos Downloader with Unicode Obfuscation |
| 2022-11-02/a> | Brad Duncan | Who put the "Dark" in DarkVNC? |
| 2022-11-02/a> | Rob VandenBrink | Breakpoints in Burp |
| 2022-10-31/a> | Rob VandenBrink | NMAP without NMAP - Port Testing and Scanning with PowerShell |
| 2022-10-30/a> | Didier Stevens | Sysinternals Updates: Process Explorer v17.0, Handle v5.0, Process Monitor v3.92 and Sysmon v14.11 |
| 2022-10-27/a> | Tom Webb | Supersizing your DUO and 365 Integration |
| 2022-10-24/a> | Xavier Mertens | C2 Communications Through outlook.com |
| 2022-10-22/a> | Didier Stevens | rtfdump's Find Option |
| 2022-10-21/a> | Brad Duncan | sczriptzzbn inject pushes malware for NetSupport RAT |
| 2022-10-19/a> | Xavier Mertens | Are Internet Scanning Services Good or Bad for You? |
| 2022-10-18/a> | Xavier Mertens | Python Obfuscation for Dummies |
| 2022-10-17/a> | Xavier Mertens | Fileless Powershell Dropper |
| 2022-10-16/a> | Didier Stevens | Video: Analysis of a Malicious HTML File (QBot) |
| 2022-10-15/a> | Guy Bruneau | Malware - Covid Vaccination Supplier Declaration |
| 2022-10-13/a> | Didier Stevens | Analysis of a Malicious HTML File (QBot) |
| 2022-10-11/a> | Johannes Ullrich | October 2022 Microsoft Patch Tuesday |
| 2022-10-10/a> | Didier Stevens | Wireshark: Specifying a Protocol Stack Layer in Display Filters |
| 2022-10-08/a> | Didier Stevens | Wireshark 4.0.0 Released |
| 2022-10-07/a> | Xavier Mertens | Powershell Backdoor with DGA Capability |
| 2022-10-07/a> | Xavier Mertens | Critical Fortinet Vulnerability Ahead |
| 2022-10-04/a> | Johannes Ullrich | Credential Harvesting with Telegram API |
| 2022-09-26/a> | Xavier Mertens | Easy Python Sandbox Detection |
| 2022-09-25/a> | Didier Stevens | Downloading Samples From Takendown Domains |
| 2022-09-24/a> | Didier Stevens | Maldoc Analysis Info On MalwareBazaar |
| 2022-09-23/a> | Xavier Mertens | Kids Like Cookies, Malware Too! |
| 2022-09-22/a> | Xavier Mertens | RAT Delivered Through FODHelper |
| 2022-09-21/a> | Xavier Mertens | Phishing Campaigns Use Free Online Resources |
| 2022-09-19/a> | Russ McRee | Chainsaw: Hunt, search, and extract event log records |
| 2022-09-18/a> | Didier Stevens | Video: Grep & Tail -f With Notepad++ |
| 2022-09-18/a> | Tom Webb | Preventing ISO Malware |
| 2022-09-16/a> | Didier Stevens | Word Maldoc With CustomXML and Renamed VBAProject.bin |
| 2022-09-15/a> | Xavier Mertens | Malicious Word Document with a Frameset |
| 2022-09-14/a> | Xavier Mertens | Easy Process Injection within Python |
| 2022-09-12/a> | Johannes Ullrich | VirusTotal Result Comparisons for Honeypot Malware |
| 2022-09-11/a> | Didier Stevens | Wireshark 3.6.8 and 4.0.0rc1 Released |
| 2022-09-10/a> | Guy Bruneau | Phishing Word Documents with Suspicious URL |
| 2022-09-09/a> | Didier Stevens | Maldoc With Decoy BASE64 |
| 2022-09-07/a> | Johannes Ullrich | PHP Deserialization Exploit attempt |
| 2022-09-06/a> | Didier Stevens | Analysis of an Encoded Cobalt Strike Beacon |
| 2022-09-05/a> | Didier Stevens | Quickie: Grep & Tail -f With Notepad++ |
| 2022-09-04/a> | Didier Stevens | Video: VBA Maldoc & UTF7 (APT-C-35) |
| 2022-09-03/a> | Didier Stevens | Video: James Webb JPEG With Malware |
| 2022-09-02/a> | Didier Stevens | James Webb JPEG With Malware |
| 2022-09-01/a> | Johannes Ullrich | Jolokia Scans: Possible Hunt for Vulnerable Apache Geode Servers (CVE-2022-37021) |
| 2022-08-31/a> | Johannes Ullrich | Underscores and DNS: The Privacy Story |
| 2022-08-30/a> | Johannes Ullrich | Two things that will never die: bash scripts and IRC! |
| 2022-08-29/a> | Didier Stevens | Update: VBA Maldoc & UTF7 (APT-C-35) |
| 2022-08-28/a> | Didier Stevens | Sysinternals Updates: Sysmon v14.0 and ZoomIt v6.01 |
| 2022-08-28/a> | Didier Stevens | Dealing With False Positives when Scanning Memory Dumps for Cobalt Strike Beacons |
| 2022-08-26/a> | Xavier Mertens | Paypal Phishing/Coinbase in One Image |
| 2022-08-26/a> | Guy Bruneau | HTTP/2 Packet Analysis with Wireshark |
| 2022-08-24/a> | Brad Duncan | Monster Libra (TA551/Shathak) --> IcedID (Bokbot) --> Cobalt Strike & DarkVNC |
| 2022-08-22/a> | Xavier Mertens | 32 or 64 bits Malware? |
| 2022-08-20/a> | Didier Stevens | YARA 4.2.3 Released |
| 2022-08-19/a> | Brad Duncan | Brazil malspam pushes Astaroth (Guildma) malware |
| 2022-08-17/a> | Johannes Ullrich | A Quick VoIP Experiment |
| 2022-08-17/a> | Johannes Ullrich | Apple Patches Two Exploited Vulnerabilities |
| 2022-08-16/a> | Didier Stevens | VBA Maldoc & UTF7 (APT-C-35) |
| 2022-08-14/a> | Johannes Ullrich | Realtek SDK SIP ALG Vulnerability: A Big Deal, but not much you can do about it. CVE 2022-27255 |
| 2022-08-13/a> | Guy Bruneau | Phishing HTML Attachment as Voicemail Audio Transcription |
| 2022-08-12/a> | Brad Duncan | Monster Libra (TA551/Shathak) pushes IcedID (Bokbot) with Dark VNC and Cobalt Strike |
| 2022-08-11/a> | Xavier Mertens | InfoStealer Script Based on Curl and NSudo |
| 2022-08-10/a> | Johannes Ullrich | And Here They Come Again: DNS Reflection Attacks |
| 2022-08-03/a> | Johannes Ullrich | l9explore and LeakIX Internet wide recon scans. |
| 2022-08-02/a> | Johannes Ullrich | A Little DDoS in the Morning - Followup |
| 2022-08-02/a> | Johannes Ullrich | Increase in Chinese "Hacktivism" Attacks |
| 2022-08-01/a> | Johannes Ullrich | A Little DDoS In the Morning |
| 2022-07-30/a> | Didier Stevens | Wireshark 3.6.7 Released |
| 2022-07-29/a> | Johannes Ullrich | PDF Analysis Intro and OpenActions Entries |
| 2022-07-28/a> | Johannes Ullrich | Exfiltrating Data With Bookmarks |
| 2022-07-27/a> | Brad Duncan | IcedID (Bokbot) with Dark VNC and Cobalt Strike |
| 2022-07-26/a> | Xavier Mertens | How is Your macOS Security Posture? |
| 2022-07-25/a> | Xavier Mertens | PowerShell Script with Fileless Capability |
| 2022-07-24/a> | Didier Stevens | Video: Maldoc: non-ASCII VBA Identifiers |
| 2022-07-23/a> | Guy Bruneau | Analysis of SSH Honeypot Data with PowerBI |
| 2022-07-22/a> | Yee Ching Tok | An Analysis of a Discerning Phishing Website |
| 2022-07-21/a> | Didier Stevens | Maldoc: non-ASCII VBA Identifiers |
| 2022-07-20/a> | Xavier Mertens | Malicious Python Script Behaving Like a Rubber Ducky |
| 2022-07-20/a> | Johannes Ullrich | Apple Patches Everything Day |
| 2022-07-19/a> | Johannes Ullrich | Requests For beacon.http-get. Help Us Figure Out What They Are Looking For |
| 2022-07-18/a> | Didier Stevens | Adding Your Own Keywords To My PDF Tools |
| 2022-07-13/a> | Xavier Mertens | Using Referers to Detect Phishing Attacks |
| 2022-07-10/a> | Guy Bruneau | Excel 4 Emotet Maldoc Analysis using CyberChef |
| 2022-07-07/a> | Brad Duncan | Emotet infection with Cobalt Strike |
| 2022-07-06/a> | Johannes Ullrich | How Many SANs are Insane? |
| 2022-07-05/a> | Jan Kopriva | EternalBlue 5 years after WannaCry and NotPetya |
| 2022-07-02/a> | Didier Stevens | YARA 4.2.2 Released |
| 2022-06-30/a> | Brad Duncan | Case Study: Cobalt Strike Server Lives on After Its Domain Is Suspended |
| 2022-06-28/a> | Johannes Ullrich | Possible Scans for HiByMusic Devices |
| 2022-06-26/a> | Didier Stevens | My Paste Command |
| 2022-06-26/a> | Didier Stevens | More Decoding Analysis |
| 2022-06-25/a> | Xavier Mertens | Malicious Code Passed to PowerShell via the Clipboard |
| 2022-06-24/a> | Xavier Mertens | Python (ab)using The Windows GUI |
| 2022-06-23/a> | Xavier Mertens | FLOSS 2.0 Has Been Released |
| 2022-06-22/a> | Xavier Mertens | Malicious PowerShell Targeting Cryptocurrency Browser Extensions |
| 2022-06-21/a> | Johannes Ullrich | Experimental New Domain / Domain Age API |
| 2022-06-20/a> | Johannes Ullrich | Odd TCP Fast Open Packets. Anybody understands why? |
| 2022-06-19/a> | Didier Stevens | Wireshark 3.6.6 Released |
| 2022-06-19/a> | Didier Stevens | Video: Decoding Obfuscated BASE64 Statistically |
| 2022-06-18/a> | Didier Stevens | Decoding Obfuscated BASE64 Statistically |
| 2022-06-17/a> | Brad Duncan | Malspam pushes Matanbuchus malware, leads to Cobalt Strike |
| 2022-06-16/a> | Xavier Mertens | Houdini is Back Delivered Through a JavaScript Dropper |
| 2022-06-15/a> | Johannes Ullrich | Terraforming Honeypots. Installing DShield Sensors in the Cloud |
| 2022-06-12/a> | Didier Stevens | Quickie: Follina, RTF & Explorer Preview Pane |
| 2022-06-10/a> | Russ McRee | EPSScall: An Exploit Prediction Scoring System App |
| 2022-06-09/a> | Brad Duncan | TA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt) |
| 2022-06-06/a> | Didier Stevens | "ms-msdt" RTF Maldoc Analysis: oledump Plugins |
| 2022-06-05/a> | Didier Stevens | Analysis Of An "ms-msdt" RTF Maldoc |
| 2022-06-04/a> | Guy Bruneau | Spam Email Contains a Very Large ISO file |
| 2022-06-03/a> | Xavier Mertens | Sandbox Evasion... With Just a Filename! |
| 2022-06-02/a> | Johannes Ullrich | Quick Answers in Incident Response: RECmd.exe |
| 2022-06-01/a> | Jan Kopriva | HTML phishing attachments - now with anti-analysis features |
| 2022-05-31/a> | Xavier Mertens | First Exploitation of Follina Seen in the Wild |
| 2022-05-29/a> | Didier Stevens | Extracting The Overlay Of A PE File |
| 2022-05-28/a> | Didier Stevens | Huge Signed PE File: Keeping The Signature |
| 2022-05-26/a> | Didier Stevens | Huge Signed PE File |
| 2022-05-25/a> | Rob VandenBrink | Using NMAP to Assess Hosts in Load Balanced Clusters |
| 2022-05-23/a> | Johannes Ullrich | Attacker Scanning for jQuery-File-Upload |
| 2022-05-20/a> | Xavier Mertens | A 'Zip Bomb' to Bypass Security Controls & Sandboxes |
| 2022-05-19/a> | Brad Duncan | Bumblebee Malware from TransferXL URLs |
| 2022-05-17/a> | Xavier Mertens | Use Your Browser Internal Password Vault... or Not? |
| 2022-05-16/a> | Johannes Ullrich | Apple Patches Everything |
| 2022-05-15/a> | Didier Stevens | Wireshark 3.6.5 Released |
| 2022-05-13/a> | Johannes Ullrich | From 0-Day to Mirai: 7 days of BIG-IP Exploits |
| 2022-05-11/a> | Brad Duncan | TA578 using thread-hijacked emails to push ISO files for Bumblebee malware |
| 2022-05-10/a> | Renato Marinho | Microsoft May 2022 Patch Tuesday |
| 2022-05-09/a> | Xavier Mertens | Octopus Backdoor is Back with a New Embedded Obfuscated Bat File |
| 2022-05-07/a> | Guy Bruneau | Phishing PDF Received in my ISC Mailbox |
| 2022-05-06/a> | Jan Kopriva | What is the simplest malware in the world? |
| 2022-05-05/a> | Brad Duncan | Password-protected Excel spreadsheet pushes Remcos RAT |
| 2022-05-03/a> | Johannes Ullrich | Some Honeypot Updates |
| 2022-05-03/a> | Rob VandenBrink | Finding the Real "Last Patched" Day (Interim Version) |
| 2022-05-02/a> | Didier Stevens | Detecting VSTO Office Files With ExifTool |
| 2022-04-30/a> | Didier Stevens | YARA 4.2.1 Released |
| 2022-04-29/a> | Rob VandenBrink | Using Passive DNS sources for Reconnaissance and Enumeration |
| 2022-04-27/a> | Jan Kopriva | MITRE ATT&CK v11 - a small update that can help (not just) with detection engineering |
| 2022-04-25/a> | Xavier Mertens | Simple PDF Linking to Malicious Content |
| 2022-04-24/a> | Didier Stevens | Analyzing a Phishing Word Document |
| 2022-04-23/a> | Guy Bruneau | Are Roku Streaming Devices Safe from Exploitation? |
| 2022-04-21/a> | Xavier Mertens | Multi-Cryptocurrency Clipboard Swapper |
| 2022-04-20/a> | Brad Duncan | "aa" distribution Qakbot (Qbot) infection with DarkVNC traffic |
| 2022-04-19/a> | Johannes Ullrich | Resetting Linux Passwords with U-Boot Bootloaders |
| 2022-04-17/a> | Didier Stevens | Video: Office Protects You From Malicious ISO Files |
| 2022-04-16/a> | Didier Stevens | Office Protects You From Malicious ISO Files |
| 2022-04-13/a> | Jan Kopriva | How is Ukrainian internet holding up during the Russian invasion? |
| 2022-04-10/a> | Didier Stevens | Video: Method For String Extraction Filtering |
| 2022-04-09/a> | Didier Stevens | Method For String Extraction Filtering |
| 2022-04-06/a> | Brad Duncan | Windows MetaStealer Malware |
| 2022-04-05/a> | Johannes Ullrich | WebLogic Crypto Miner Malware Disabling Alibaba Cloud Monitoring Tools |
| 2022-04-04/a> | Johannes Ullrich | Emptying the Phishtank: Are WordPress sites the Mosquitoes of the Internet? |
| 2022-03-31/a> | Johannes Ullrich | Spring Vulnerability Update - Exploitation Attempts CVE-2022-22965 |
| 2022-03-31/a> | Johannes Ullrich | Apple Patches Actively Exploited Vulnerability in macOS, iOS and iPadOS, |
| 2022-03-30/a> | Didier Stevens | Quickie: Parsing XLSB Documents |
| 2022-03-30/a> | Johannes Ullrich | Possible new Java Spring Framework Vulnerability (Updated: not a Spring problem) |
| 2022-03-30/a> | Johannes Ullrich | Java Springtime Confusion: What Vulnerability are We Talking About |
| 2022-03-29/a> | Johannes Ullrich | More Fake/Typosquatting Twitter Accounts Asking for Ukraine Crytocurrency Donations |
| 2022-03-27/a> | Didier Stevens | Wireshark 3.6.3 Released |
| 2022-03-27/a> | Didier Stevens | Video: Maldoc Cleaned by Anti-Virus |
| 2022-03-26/a> | Guy Bruneau | Is buying Cyber Insurance a Must Now? |
| 2022-03-25/a> | Xavier Mertens | XLSB Files: Because Binary is Stealthier Than XML |
| 2022-03-24/a> | Xavier Mertens | Malware Delivered Through Free Sharing Tool |
| 2022-03-23/a> | Brad Duncan | Arkei Variants: From Vidar to Mars Stealer |
| 2022-03-22/a> | Johannes Ullrich | Statement by President Biden: What you need to do (or not do) |
| 2022-03-20/a> | Didier Stevens | MGLNDD_* Scans |
| 2022-03-18/a> | Johannes Ullrich | Scans for Movable Type Vulnerability (CVE-2021-20837) |
| 2022-03-16/a> | Brad Duncan | Qakbot infection with Cobalt Strike and VNC activity |
| 2022-03-15/a> | Xavier Mertens | Clean Binaries with Suspicious Behaviour |
| 2022-03-14/a> | Johannes Ullrich | Apple Updates Everything: MacOS 12.3, XCode 13.3, tvOS 15.4, watchOS 8.5, iPadOS 15.4 and more |
| 2022-03-13/a> | Didier Stevens | YARA 4.2.0 Released |
| 2022-03-12/a> | Didier Stevens | ICMP Messages: Original Datagram Field |
| 2022-03-11/a> | Xavier Mertens | Keep an Eye on WebSockets |
| 2022-03-10/a> | Xavier Mertens | Credentials Leaks on VirusTotal |
| 2022-03-09/a> | Xavier Mertens | Infostealer in a Batch File |
| 2022-03-07/a> | Johannes Ullrich | No Bitcoin - No Problem: Follow Up to Last Weeks Donation Scam |
| 2022-03-06/a> | Didier Stevens | Video: TShark & Multiple IP Addresses |
| 2022-03-05/a> | Didier Stevens | oledump's Extra Option |
| 2022-03-04/a> | Johannes Ullrich | Scam E-Mail Impersonating Red Cross |
| 2022-03-02/a> | Johannes Ullrich | The More Often Something is Repeated, the More True It Becomes: Dealing with Social Media |
| 2022-02-28/a> | Didier Stevens | TShark & Multiple IP Addresses |
| 2022-02-26/a> | Guy Bruneau | Using Snort IDS Rules with NetWitness PacketDecoder |
| 2022-02-25/a> | Didier Stevens | Windows, Fixed IPv4 Addresses and APIPA |
| 2022-02-24/a> | Xavier Mertens | Ukraine & Russia Situation From a Domain Names Perspective |
| 2022-02-22/a> | Xavier Mertens | A Good Old Equation Editor Vulnerability Delivering Malware |
| 2022-02-20/a> | Didier Stevens | Video: YARA's Console Module |
| 2022-02-19/a> | Didier Stevens | Wireshark 3.6.2 Released |
| 2022-02-18/a> | Xavier Mertens | Remcos RAT Delivered Through Double Compressed Archive |
| 2022-02-16/a> | Brad Duncan | Astaroth (Guildma) infection |
| 2022-02-15/a> | Xavier Mertens | Who Are Those Bots? |
| 2022-02-13/a> | Guy Bruneau | DHL Spear Phishing to Capture Username/Password |
| 2022-02-11/a> | Xavier Mertens | CinaRAT Delivered Through HTML ID Attributes |
| 2022-02-10/a> | Johannes Ullrich | Zyxel Network Storage Devices Hunted By Mirai Variant |
| 2022-02-10/a> | Johannes Ullrich | iOS/iPadOS and MacOS Update: Single WebKit 0-Day Vulnerability Patched |
| 2022-02-09/a> | Brad Duncan | Example of Cobalt Strike from Emotet infection |
| 2022-02-07/a> | Johannes Ullrich | web3 phishing via self-customizing landing pages |
| 2022-02-05/a> | Didier Stevens | Power over Ethernet and Thermal Imaging |
| 2022-02-03/a> | Johannes Ullrich | Keeping Track of Your Attack Surface for Cheap |
| 2022-02-01/a> | Xavier Mertens | Automation is Nice But Don't Replace Your Knowledge |
| 2022-01-30/a> | Didier Stevens | YARA's Console Module |
| 2022-01-29/a> | Guy Bruneau | SIEM In this Decade, Are They Better than the Last? |
| 2022-01-27/a> | Johannes Ullrich | Apple Patches Everything |
| 2022-01-26/a> | Jan Kopriva | Over 20 thousand servers have their iLO interfaces exposed to the internet, many with outdated and vulnerable versions of FW |
| 2022-01-25/a> | Brad Duncan | Emotet Stops Using 0.0.0.0 in Spambot Traffic |
| 2022-01-22/a> | Xavier Mertens | Mixed VBA & Excel4 Macro In a Targeted Excel Sheet |
| 2022-01-21/a> | Xavier Mertens | Obscure Wininet.dll Feature? |
| 2022-01-20/a> | Xavier Mertens | RedLine Stealer Delivered Through FTP |
| 2022-01-18/a> | Jan Kopriva | Phishing e-mail with...an advertisement? |
| 2022-01-16/a> | Guy Bruneau | 10 Most Popular Targeted Ports in the Past 3 Weeks |
| 2022-01-11/a> | Johannes Ullrich | Microsoft Patch Tuesday - January 2022 |
| 2022-01-09/a> | Didier Stevens | Extracting Cobalt Strike Beacons from MSBuild Scripts |
| 2022-01-08/a> | Didier Stevens | TShark & jq |
| 2022-01-07/a> | Xavier Mertens | Custom Python RAT Builder |
| 2022-01-06/a> | Xavier Mertens | Malicious Python Script Targeting Chinese People |
| 2022-01-05/a> | Xavier Mertens | Code Reuse In the Malware Landscape |
| 2022-01-04/a> | Xavier Mertens | A Simple Batch File That Blocks People |
| 2022-01-03/a> | Xavier Mertens | McAfee Phishing Campaign with a Nice Fake Scan |
| 2022-01-02/a> | Guy Bruneau | Exchange Server - Email Trapped in Transport Queues |
| 2021-12-31/a> | Jan Kopriva | Do you want your Agent Tesla in the 300 MB or 8 kB package? |
| 2021-12-30/a> | Brad Duncan | Agent Tesla Updates SMTP Data Exfiltration Technique |
| 2021-12-28/a> | Russ McRee | LotL Classifier tests for shells, exfil, and miners |
| 2021-12-26/a> | Didier Stevens | Quicktip: TShark's Options -e and -T |
| 2021-12-25/a> | Didier Stevens | TShark Tip: Extracting Field Values From Capture Files |
| 2021-12-22/a> | Brad Duncan | December 2021 Forensic Contest: Answers and Analysis |
| 2021-12-21/a> | Xavier Mertens | More Undetected PowerShell Dropper |
| 2021-12-20/a> | Jan Kopriva | PowerPoint attachments, Agent Tesla and code reuse in malware |
| 2021-12-19/a> | Didier Stevens | Office 2021: VBA Project Version |
| 2021-12-18/a> | Guy Bruneau | VMware Security Update - https://www.vmware.com/security/advisories/VMSA-2021-0030.html |
| 2021-12-17/a> | Rob VandenBrink | DR Automation - Using Public DNS APIs |
| 2021-12-16/a> | Brad Duncan | How the "Contact Forms" campaign tricks people |
| 2021-12-15/a> | Xavier Mertens | Simple but Undetected PowerShell Backdoor |
| 2021-12-08/a> | Brad Duncan | December 2021 Forensic Challenge |
| 2021-12-06/a> | Xavier Mertens | The Importance of Out-of-Band Networks |
| 2021-12-04/a> | Guy Bruneau | A Review of Year 2021 |
| 2021-12-03/a> | Xavier Mertens | The UPX Packer Will Never Die! |
| 2021-12-02/a> | Brad Duncan | TA551 (Shathak) pushes IcedID (Bokbot) |
| 2021-12-01/a> | Xavier Mertens | Info-Stealer Using webhook.site to Exfiltrate Data |
| 2021-11-29/a> | Didier Stevens | Wireshark 3.6.0 Released |
| 2021-11-28/a> | Didier Stevens | Video: YARA Rules for Office Maldocs |
| 2021-11-27/a> | Didier Stevens | Video: SANS Holiday Hack Challenge 2021 Q&A with Ed Skoudis |
| 2021-11-26/a> | Guy Bruneau | Searching for Exposed ASUS Routers Vulnerable to CVE-2021-20090 |
| 2021-11-25/a> | Didier Stevens | YARA's Private Strings |
| 2021-11-23/a> | Didier Stevens | YARA Rule for OOXML Maldocs: Less False Positives |
| 2021-11-21/a> | Didier Stevens | Backdooring PAM |
| 2021-11-20/a> | Guy Bruneau | Hikvision Security Cameras Potentially Exposed to Remote Code Execution |
| 2021-11-19/a> | Xavier Mertens | Downloader Disguised as Excel Add-In (XLL) |
| 2021-11-18/a> | Xavier Mertens | JavaScript Downloader Delivers Agent Tesla Trojan |
| 2021-11-16/a> | Brad Duncan | Emotet Returns |
| 2021-11-15/a> | Rob VandenBrink | Changing your AD Password Using the Clipboard - Not as Easy as You'd Think! |
| 2021-11-14/a> | Didier Stevens | Video: Obfuscated Maldoc: Reversed BASE64 |
| 2021-11-14/a> | Didier Stevens | External Email System FBI Compromised: Sending Out Fake Warnings |
| 2021-11-11/a> | Johannes Ullrich | In Memory of Alan Paller |
| 2021-11-10/a> | Xavier Mertens | Shadow IT Makes People More Vulnerable to Phishing |
| 2021-11-08/a> | Xavier Mertens | (Ab)Using Security Tools & Controls for the Bad |
| 2021-11-07/a> | Didier Stevens | Video: Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory |
| 2021-11-06/a> | Didier Stevens | Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory |
| 2021-11-04/a> | Brad Duncan | October 2021 Forensic Contest: Answers and Analysis |
| 2021-11-04/a> | Tom Webb | Xmount for Disk Images |
| 2021-11-01/a> | Yee Ching Tok | Revisiting BrakTooth: Two Months Later |
| 2021-10-31/a> | Didier Stevens | Sysinternals: Autoruns and Sysmon updates |
| 2021-10-31/a> | Didier Stevens | Video: Phishing ZIP With Malformed Filename |
| 2021-10-30/a> | Guy Bruneau | Remote Desktop Protocol (RDP) Discovery |
| 2021-10-28/a> | Yee Ching Tok | Multiple Apple Patches for October 2021 |
| 2021-10-26/a> | Yee Ching Tok | Hunting for Phishing Sites Masquerading as Outlook Web Access |
| 2021-10-25/a> | Didier Stevens | Decrypting Cobalt Strike Traffic With a "Leaked" Private Key |
| 2021-10-24/a> | Didier Stevens | Phishing ZIP With Malformed Filename |
| 2021-10-22/a> | Brad Duncan | October 2021 Contest: Forensic Challenge |
| 2021-10-21/a> | Brad Duncan | "Stolen Images Evidence" campaign pushes Sliver-based malware |
| 2021-10-20/a> | Xavier Mertens | Thanks to COVID-19, New Types of Documents are Lost in The Wild |
| 2021-10-18/a> | Xavier Mertens | Malicious PowerShell Using Client Certificate Authentication |
| 2021-10-16/a> | Guy Bruneau | Apache is Actively Scan for CVE-2021-41773 & CVE-2021-42013 |
| 2021-10-14/a> | Xavier Mertens | Port-Forwarding with Windows for the Win |
| 2021-10-13/a> | Johannes Ullrich | Please fix your E-Mail Brute forcing tool! |
| 2021-10-10/a> | Didier Stevens | Wireshark 3.4.9 Released |
| 2021-10-09/a> | Guy Bruneau | Scanning for Previous Oracle WebLogic Vulnerabilities |
| 2021-10-08/a> | Rob VandenBrink | Sorting Things Out - Sorting Data by IP Address |
| 2021-10-07/a> | Johannes Ullrich | Who Is Hunting For Your IPTV Set-Top Box? |
| 2021-10-06/a> | Johannes Ullrich | Apache 2.4.49 Directory Traversal Vulnerability (CVE-2021-41773) |
| 2021-10-04/a> | Johannes Ullrich | Boutique "Dark" Botnet Hunting for Crumbs |
| 2021-10-04/a> | Johannes Ullrich | Facebook Outage: Yes, its DNS (sort of). A super quick analysis of what is going on. |
| 2021-10-03/a> | Didier Stevens | Video: CVE-2021-40444 Maldocs: Extracting URLs |
| 2021-10-01/a> | Xavier Mertens | New Tool to Add to Your LOLBAS List: cvtres.exe |
| 2021-09-28/a> | Jan Kopriva | TLS 1.3 and SSL - the current state of affairs |
| 2021-09-25/a> | Didier Stevens | Strings Analysis: VBA & Excel4 Maldoc |
| 2021-09-25/a> | Didier Stevens | Video: Strings Analysis: VBA & Excel4 Maldoc |
| 2021-09-24/a> | Xavier Mertens | Keep an Eye on Your Users Mobile Devices (Simple Inventory) |
| 2021-09-23/a> | Xavier Mertens | Excel Recipe: Some VBA Code with a Touch of Excel4 Macro |
| 2021-09-22/a> | Didier Stevens | An XML-Obfuscated Office Document (CVE-2021-40444) |
| 2021-09-21/a> | Johannes Ullrich | A First Look at Apple's iOS 15 "Private Relay" feature. |
| 2021-09-20/a> | Johannes Ullrich | #OMIGOD Exploits Captured in the Wild. Researchers responsible for half of scans for related ports. |
| 2021-09-19/a> | Didier Stevens | Video: Simple Analysis Of A CVE-2021-40444 .docx Document |
| 2021-09-18/a> | Didier Stevens | Simple Analysis Of A CVE-2021-40444 .docx Document |
| 2021-09-17/a> | Xavier Mertens | Malicious Calendar Subscriptions Are Back? |
| 2021-09-16/a> | Jan Kopriva | Phishing 101: why depend on one suspicious message subject when you can use many? |
| 2021-09-15/a> | Brad Duncan | Hancitor campaign abusing Microsoft's OneDrive |
| 2021-09-14/a> | Renato Marinho | Microsoft September 2021 Patch Tuesday |
| 2021-09-11/a> | Guy Bruneau | Shipping to Elasticsearch Microsoft DNS Logs |
| 2021-09-09/a> | Johannes Ullrich | Updates to Our Datafeeds/API |
| 2021-09-08/a> | Brad Duncan | "Stolen Images Evidence" Campaign Continues Pushing BazarLoader Malware |
| 2021-09-08/a> | Johannes Ullrich | Microsoft Offers Workaround for 0-Day Office Vulnerability (CVE-2021-40444) |
| 2021-09-07/a> | Johannes Ullrich | Why I Gave Up on IPv6. And no, it is not because of security issues. |
| 2021-09-02/a> | Xavier Mertens | Attackers Will Always Abuse Major Events in our Lifes |
| 2021-09-01/a> | Brad Duncan | STRRAT: a Java-based RAT that doesn't care if you have Java |
| 2021-08-31/a> | Yee Ching Tok | BrakTooth: Impacts, Implications and Next Steps |
| 2021-08-30/a> | Xavier Mertens | Cryptocurrency Clipboard Swapper Delivered With Love |
| 2021-08-29/a> | Guy Bruneau | Filter JSON Data by Value with Linux jq |
| 2021-08-24/a> | Johannes Ullrich | Attackers Hunting For Twilio Credentials |
| 2021-08-21/a> | Didier Stevens | New Versions Of Sysinternals Tools |
| 2021-08-20/a> | Xavier Mertens | Waiting for the C2 to Show Up |
| 2021-08-19/a> | Johannes Ullrich | When Lightning Strikes. What works and doesn't work. |
| 2021-08-17/a> | Johannes Ullrich | Laravel (<=v8.4.2) exploit attempts for CVE-2021-3129 (debug mode: Remote code execution) |
| 2021-08-15/a> | Didier Stevens | Simple Tips For Triage Of MALWARE Bazaar's Daily Malware Batches |
| 2021-08-13/a> | Brad Duncan | Example of Danabot distributed through malspam |
| 2021-08-13/a> | Guy Bruneau | Scanning for Microsoft Exchange eDiscovery |
| 2021-08-11/a> | Brad Duncan | TA551 (Shathak) continues pushing BazarLoader, infections lead to Cobalt Strike |
| 2021-08-09/a> | Jan Kopriva | ProxyShell - how many Exchange servers are affected and where are they? |
| 2021-08-07/a> | Didier Stevens | MALWARE Bazaar "Download daily malware batches" |
| 2021-08-06/a> | Xavier Mertens | Malicious Microsoft Word Remains A Key Infection Vector |
| 2021-08-04/a> | Yee Ching Tok | Pivoting and Hunting for Shenanigans from a Reported Phishing Domain |
| 2021-08-03/a> | Johannes Ullrich | Three Problems with Two Factor Authentication |
| 2021-08-02/a> | Didier Stevens | Changing BAT Files On The Fly |
| 2021-08-01/a> | Didier Stevens | procdump Version 10.1 |
| 2021-07-31/a> | Guy Bruneau | Unsolicited DNS Queries |
| 2021-07-30/a> | Xavier Mertens | Infected With a .reg File |
| 2021-07-29/a> | Xavier Mertens | Malicious Content Delivered Through archive.org |
| 2021-07-26/a> | Didier Stevens | Failed Malspam: Recovering The Password |
| 2021-07-25/a> | Didier Stevens | Wireshark 3.4.7 Released |
| 2021-07-24/a> | Bojan Zdrnja | Active Directory Certificate Services (ADCS - PKI) domain admin vulnerability |
| 2021-07-24/a> | Xavier Mertens | Agent.Tesla Dropped via a .daa Image and Talking to Telegram |
| 2021-07-21/a> | Johannes Ullrich | "Summer of SAM": Microsoft Releases Guidance for CVE-2021-36934 |
| 2021-07-20/a> | Bojan Zdrnja | Summer of SAM - incorrect permissions on Windows 10/11 hives |
| 2021-07-18/a> | Didier Stevens | Video: CyberChef BASE85 Decoding |
| 2021-07-17/a> | Didier Stevens | BASE85 Decoding With base64dump.py |
| 2021-07-16/a> | Xavier Mertens | Multiple BaseXX Obfuscations |
| 2021-07-14/a> | Jan Kopriva | One way to fail at malspam - give recipients the wrong password for an encrypted attachment |
| 2021-07-10/a> | Guy Bruneau | Scanning for Microsoft Secure Socket Tunneling Protocol |
| 2021-07-09/a> | Brad Duncan | Hancitor tries XLL as initial malware file |
| 2021-07-06/a> | Xavier Mertens | Python DLL Injection Check |
| 2021-07-04/a> | Didier Stevens | DIY CD/DVD Destruction - Follow Up |
| 2021-07-03/a> | Didier Stevens | Finding Strings With oledump.py |
| 2021-07-02/a> | Xavier Mertens | "inception.py"... Multiple Base64 Encodings |
| 2021-07-02/a> | Xavier Mertens | Kaseya VSA Users Hit by Ransomware |
| 2021-06-30/a> | Johannes Ullrich | CVE-2021-1675: Incomplete Patch and Leaked RCE Exploit |
| 2021-06-30/a> | Brad Duncan | June 2021 Forensic Contest: Answers and Analysis |
| 2021-06-28/a> | Didier Stevens | CFBF Files Strings Analysis |
| 2021-06-27/a> | Didier Stevens | DIY CD/DVD Destruction |
| 2021-06-26/a> | Guy Bruneau | CVE-2019-9670: Zimbra Collaboration Suite XXE vulnerability |
| 2021-06-25/a> | Jim Clausing | Is this traffic bAD? |
| 2021-06-24/a> | Xavier Mertens | Do you Like Cookies? Some are for sale! |
| 2021-06-23/a> | Johannes Ullrich | Standing With Security Researchers Against Misuse of the DMCA |
| 2021-06-21/a> | Rick Wanner | Mitre CWE - Common Weakness Enumeration |
| 2021-06-20/a> | Didier Stevens | Video: oledump Cheat Sheet |
| 2021-06-19/a> | Xavier Mertens | Easy Access to the NIST RDS Database |
| 2021-06-18/a> | Daniel Wesemann | Network Forensics on Azure VMs (Part #2) |
| 2021-06-17/a> | Daniel Wesemann | Network Forensics on Azure VMs (Part #1) |
| 2021-06-15/a> | Johannes Ullrich | Multi Perimeter Device Exploit Mirai Version Hunting For Sonicwall, DLink, Cisco and more |
| 2021-06-12/a> | Guy Bruneau | Fortinet Targeted for Unpatched SSL VPN Discovery Activity |
| 2021-06-11/a> | Xavier Mertens | Keeping an Eye on Dangerous Python Modules |
| 2021-06-11/a> | Xavier Mertens | Sonicwall SRA 4600 Targeted By an Old Vulnerability |
| 2021-06-09/a> | Jan Kopriva | Architecture, compilers and black magic, or "what else affects the ability of AVs to detect malicious files" |
| 2021-06-07/a> | Johannes Ullrich | Amazon Sidewalk: Cutting Through the Hype |
| 2021-06-04/a> | Xavier Mertens | Russian Dolls VBS Obfuscation |
| 2021-06-02/a> | Jim Clausing | Wireshark 3.4.6 (and 3.2.14) released |
| 2021-05-31/a> | Rick Wanner | Quick and dirty Python: nmap |
| 2021-05-30/a> | Didier Stevens | YARA Release v4.1.1 |
| 2021-05-30/a> | Didier Stevens | Sysinternals: Procmon, Sysmon, TcpView and Process Explorer update |
| 2021-05-30/a> | Didier Stevens | Video: Cobalt Strike & DNS - Part 1 |
| 2021-05-29/a> | Guy Bruneau | Spear-phishing Email Targeting Outlook Mail Clients |
| 2021-05-28/a> | Xavier Mertens | Malicious PowerShell Hosted on script.google.com |
| 2021-05-27/a> | Jan Kopriva | All your Base are...nearly equal when it comes to AV evasion, but 64-bit executables are not |
| 2021-05-23/a> | Didier Stevens | Video: Making Sense Of Encrypted Cobalt Strike Traffic |
| 2021-05-22/a> | Xavier Mertens | "Serverless" Phishing Campaign |
| 2021-05-21/a> | Xavier Mertens | Locking Kernel32.dll As Anti-Debugging Technique |
| 2021-05-20/a> | Johannes Ullrich | Are Cookie Banners a Waste of Time or a Complete Waste of Time? |
| 2021-05-19/a> | Brad Duncan | May 2021 Forensic Contest: Answers and Analysis |
| 2021-05-18/a> | Xavier Mertens | From RunDLL32 to JavaScript then PowerShell |
| 2021-05-17/a> | Daniel Wesemann | Ransomware Defenses |
| 2021-05-14/a> | Xavier Mertens | "Open" Access to Industrial Systems Interface is Also Far From Zero |
| 2021-05-12/a> | Jan Kopriva | Number of industrial control systems on the internet is lower then in 2020...but still far from zero |
| 2021-05-10/a> | Johannes Ullrich | Correctly Validating IP Addresses: Why encoding matters for input validation. |
| 2021-05-08/a> | Guy Bruneau | Who is Probing the Internet for Research Purposes? |
| 2021-05-07/a> | Daniel Wesemann | Exposed Azure Storage Containers |
| 2021-05-06/a> | Xavier Mertens | Alternative Ways To Perform Basic Tasks |
| 2021-05-05/a> | Brad Duncan | May 2021 Forensic Contest |
| 2021-05-04/a> | Rick Wanner | Important Apple Updates |
| 2021-05-04/a> | Rick Wanner | Quick and dirty Python: masscan |
| 2021-05-02/a> | Didier Stevens | PuTTY And FileZilla Use The Same Fingerprint Registry Keys |
| 2021-04-29/a> | Xavier Mertens | From Python to .Net |
| 2021-04-28/a> | Xavier Mertens | Deeper Analyzis of my Last Malicious PowerPoint Add-On |
| 2021-04-26/a> | Didier Stevens | CAD: .DGN and .MVBA Files |
| 2021-04-25/a> | Didier Stevens | Wireshark 3.4.5 Released |
| 2021-04-24/a> | Guy Bruneau | Base64 Hashes Used in Web Scanning |
| 2021-04-23/a> | Xavier Mertens | Malicious PowerPoint Add-On: "Small Is Beautiful" |
| 2021-04-22/a> | Xavier Mertens | How Safe Are Your Docker Images? |
| 2021-04-19/a> | Jan Kopriva | Hunting phishing websites with favicon hashes |
| 2021-04-18/a> | Didier Stevens | Decoding Cobalt Strike Traffic |
| 2021-04-16/a> | Xavier Mertens | HTTPS Support for All Internal Services |
| 2021-04-16/a> | Rick Wanner | Querying Spamhaus for IP reputation |
| 2021-04-15/a> | Johannes Ullrich | Why and How You Should be Using an Internal Certificate Authority |
| 2021-04-13/a> | Richard Porter | Microsoft April 2021 Patch Tuesday |
| 2021-04-12/a> | Didier Stevens | Example of Cleartext Cobalt Strike Traffic (Thanks Brad) |
| 2021-04-10/a> | Guy Bruneau | Building an IDS Sensor with Suricata & Zeek with Logs to ELK |
| 2021-04-09/a> | Xavier Mertens | No Python Interpreter? This Simple RAT Installs Its Own Copy |
| 2021-04-08/a> | Xavier Mertens | Simple Powershell Ransomware Creating a 7Z Archive of your Files |
| 2021-04-06/a> | Jan Kopriva | Malspam with Lokibot vs. Outlook and RFCs |
| 2021-04-03/a> | Didier Stevens | Video: YARA and CyberChef |
| 2021-04-02/a> | Xavier Mertens | C2 Activity: Sandboxes or Real Victims? |
| 2021-04-01/a> | Brad Duncan | April 2021 Forensic Quiz |
| 2021-03-31/a> | Xavier Mertens | Quick Analysis of a Modular InfoStealer |
| 2021-03-30/a> | Jan Kopriva | Old TLS versions - gone, but not forgotten... well, not really "gone" either |
| 2021-03-19/a> | Xavier Mertens | Pastebin.com Used As a Simple C2 Channel |
| 2021-03-18/a> | Xavier Mertens | Simple Python Keylogger |
| 2021-03-17/a> | Xavier Mertens | Defenders, Know Your Operating System Like Attackers Do! |
| 2021-03-16/a> | Jan Kopriva | 50 years of malware? Not really. 50 years of computer worms? That's a different story... |
| 2021-03-15/a> | Didier Stevens | Finding Metasploit & Cobalt Strike URLs |
| 2021-03-14/a> | Didier Stevens | Wireshark 3.4.4 Released |
| 2021-03-12/a> | Guy Bruneau | Microsoft DHCP Logs Shipped to ELK |
| 2021-03-11/a> | Johannes Ullrich | Piktochart - Phishing with Infographics |
| 2021-03-10/a> | Rob VandenBrink | SharpRDP - PSExec without PSExec, PSRemoting without PowerShell |
| 2021-03-07/a> | Didier Stevens | PCAPs and Beacons |
| 2021-03-06/a> | Xavier Mertens | Spotting the Red Team on VirusTotal! |
| 2021-03-05/a> | Xavier Mertens | Spam Farm Spotted in the Wild |
| 2021-03-04/a> | Xavier Mertens | From VBS, PowerShell, C Sharp, Process Hollowing to RAT |
| 2021-03-03/a> | Brad Duncan | Qakbot infection with Cobalt Strike |
| 2021-03-03/a> | Johannes Ullrich | Microsoft Releases Exchange Emergency Patch to Fix Actively Exploited Vulnerability |
| 2021-03-02/a> | Russ McRee | Adversary Simulation with Sim |
| 2021-02-28/a> | Didier Stevens | Maldocs: Protection Passwords |
| 2021-02-26/a> | Guy Bruneau | Pretending to be an Outlook Version Update |
| 2021-02-25/a> | Daniel Wesemann | Forensicating Azure VMs |
| 2021-02-25/a> | Jim Clausing | So where did those Satori attacks come from? |
| 2021-02-24/a> | Brad Duncan | Malspam pushes GuLoader for Remcos RAT |
| 2021-02-23/a> | Jan Kopriva | Qakbot in a response to Full Disclosure post |
| 2021-02-22/a> | Didier Stevens | Unprotecting Malicious Documents For Inspection |
| 2021-02-21/a> | Didier Stevens | DDE and oledump |
| 2021-02-20/a> | Didier Stevens | Quickie: Extracting HTTP URLs With tshark |
| 2021-02-19/a> | Xavier Mertens | Dynamic Data Exchange (DDE) is Back in the Wild? |
| 2021-02-17/a> | Xavier Mertens | The new "LinkedInSecureMessage" ? |
| 2021-02-17/a> | Brad Duncan | Malspam pushing Trickbot gtag rob13 |
| 2021-02-16/a> | Jim Clausing | More weirdness on TCP port 26 |
| 2021-02-15/a> | Johannes Ullrich | Securing and Optimizing Networks: Using pfSense Traffic Shaper Limiters to Combat Bufferbloat |
| 2021-02-14/a> | Didier Stevens | Video: tshark & Malware Analysis |
| 2021-02-13/a> | Guy Bruneau | vSphere Replication updates address a command injection vulnerability (CVE-2021-21976) - https://www.vmware.com/security/advisories/VMSA-2021-0001.html |
| 2021-02-13/a> | Guy Bruneau | Using Logstash to Parse IPtables Firewall Logs |
| 2021-02-12/a> | Xavier Mertens | AgentTesla Dropped Through Automatic Click in Microsoft Help File |
| 2021-02-11/a> | Jan Kopriva | Agent Tesla hidden in a historical anti-malware tool |
| 2021-02-10/a> | Brad Duncan | Phishing message to the ISC handlers email distro |
| 2021-02-08/a> | Didier Stevens | Quickie: tshark & Malware Analysis |
| 2021-02-06/a> | Didier Stevens | YARA v4.0.5 |
| 2021-02-05/a> | Xavier Mertens | VBA Macro Trying to Alter the Application Menus |
| 2021-02-04/a> | Bojan Zdrnja | Abusing Google Chrome extension syncing for data exfiltration and C&C |
| 2021-02-03/a> | Brad Duncan | Excel spreadsheets push SystemBC malware |
| 2021-02-02/a> | Xavier Mertens | New Example of XSL Script Processing aka "Mitre T1220" |
| 2021-02-01/a> | Rob VandenBrink | Taking a Shot at Reverse Shell Attacks, CNC Phone Home and Data Exfil from Servers |
| 2021-01-31/a> | Didier Stevens | YARA v4.0.4 |
| 2021-01-30/a> | Guy Bruneau | PacketSifter as Network Parsing and Telemetry Tool |
| 2021-01-30/a> | Guy Bruneau | Wireshark 3.2.11 is now available which contains Bug Fixes - https://www.wireshark.org |
| 2021-01-29/a> | Xavier Mertens | Sensitive Data Shared with Cloud Services |
| 2021-01-27/a> | Jan Kopriva | TriOp - tool for gathering (not just) security-related data from Shodan.io (tool drop) |
| 2021-01-26/a> | Brad Duncan | TA551 (Shathak) Word docs push Qakbot (Qbot) |
| 2021-01-25/a> | Rob VandenBrink | Fun with NMAP NSE Scripts and DOH (DNS over HTTPS) |
| 2021-01-24/a> | Didier Stevens | Video: Doc & RTF Malicious Document |
| 2021-01-23/a> | Didier Stevens | CyberChef: Analyzing OOXML Files for URLs |
| 2021-01-22/a> | Xavier Mertens | Another File Extension to Block in your MTA: .jnlp |
| 2021-01-21/a> | Xavier Mertens | Powershell Dropping a REvil Ransomware |
| 2021-01-20/a> | Brad Duncan | Qakbot activity resumes after holiday break |
| 2021-01-19/a> | Russ McRee | Gordon for fast cyber reputation checks |
| 2021-01-18/a> | Didier Stevens | Doc & RTF Malicious Document |
| 2021-01-18/a> | Rob VandenBrink | The CIS Benchmark for Cisco Nexus (NX-OS) 1.0 went live last week, find it here: https://www.cisecurity.org/cis-benchmarks/ |
| 2021-01-17/a> | Didier Stevens | New Release of Sysmon Adding Detection for Process Tampering |
| 2021-01-14/a> | Bojan Zdrnja | Dynamically analyzing a heavily obfuscated Excel 4 macro malicious file |
| 2021-01-13/a> | Brad Duncan | Hancitor activity resumes after a hoilday break |
| 2021-01-11/a> | Rob VandenBrink | Using the NVD Database and API to Keep Up with Vulnerabilities and Patches - Tool Drop: CVEScan (Part 3 of 3) |
| 2021-01-10/a> | Didier Stevens | Maldoc Analysis With CyberChef |
| 2021-01-09/a> | Didier Stevens | Maldoc Strings Analysis |
| 2021-01-07/a> | Rob VandenBrink | Using the NIST Database and API to Keep Up with Vulnerabilities and Patches (Part 1 of 3) |
| 2021-01-07/a> | Rob VandenBrink | Directly related to today's main story on CPE/CVEs - Code Exec in Cisco Jabber, all platforms https://nvd.nist.gov/vuln/detail/CVE-2020-26085 |
| 2021-01-06/a> | Johannes Ullrich | Scans for Zyxel Backdoors are Commencing. |
| 2021-01-05/a> | Johannes Ullrich | Netfox Detective: An Alternative Open-Source Packet Analysis Tool |
| 2021-01-04/a> | Jan Kopriva | From a small BAT file to Mass Logger infostealer |
| 2021-01-02/a> | Guy Bruneau | Protecting Home Office and Enterprise in 2021 |
| 2020-12-30/a> | Jan Kopriva | TLS 1.3 is now supported by about 1 in every 5 HTTPS servers |
| 2020-12-29/a> | Jan Kopriva | Want to know what's in a folder you don't have a permission to access? Try asking your AV solution... |
| 2020-12-26/a> | Didier Stevens | base64dump.py Supported Encodings |
| 2020-12-24/a> | Xavier Mertens | Malicious Word Document Delivering an Octopus Backdoor |
| 2020-12-22/a> | Xavier Mertens | Malware Victim Selection Through WiFi Identification |
| 2020-12-20/a> | Didier Stevens | Wireshark 3.4.2 Released |
| 2020-12-19/a> | Guy Bruneau | Secure Communication using TLS in Elasticsearch |
| 2020-12-17/a> | Daniel Wesemann | "Amazon" invoice that asks to call 1-866-335-0659 "to cancel" an order that you never made is (obviously) a #scam |
| 2020-12-16/a> | Daniel Wesemann | DNS Logs in Public Clouds |
| 2020-12-15/a> | Didier Stevens | Analyzing FireEye Maldocs |
| 2020-12-14/a> | Johannes Ullrich | SolarWinds Breach Used to Infiltrate Customer Networks (Solarigate) |
| 2020-12-13/a> | Didier Stevens | Wireshark 3.4.1 Released |
| 2020-12-10/a> | Xavier Mertens | Python Backdoor Talking to a C2 Through Ngrok |
| 2020-12-10/a> | John Bambenek | Writing Yara Rules for Fun and Profit: Notes from the FireEye Breach Countermeasures |
| 2020-12-09/a> | Brad Duncan | Recent Qakbot (Qbot) activity |
| 2020-12-08/a> | Johannes Ullrich | December 2020 Microsoft Patch Tuesday: Exchange, Sharepoint, Dynamics and DNS Spoofing |
| 2020-12-07/a> | Didier Stevens | Corrupt BASE64 Strings: Detection and Decoding |
| 2020-12-06/a> | Didier Stevens | oledump's Indicators (video) |
| 2020-12-05/a> | Guy Bruneau | Is IP 91.199.118.137 testing Access to aahwwx.52host.xyz? |
| 2020-12-04/a> | Guy Bruneau | Detecting Actors Activity with Threat Intel |
| 2020-12-03/a> | Brad Duncan | Traffic Analysis Quiz: Mr Natural |
| 2020-11-30/a> | Didier Stevens | Decrypting PowerShell Payloads (video) |
| 2020-11-29/a> | Didier Stevens | Quick Tip: Using JARM With a SOCKS Proxy |
| 2020-11-25/a> | Xavier Mertens | Live Patching Windows API Calls Using PowerShell |
| 2020-11-23/a> | Didier Stevens | Quick Tip: Cobalt Strike Beacon Analysis |
| 2020-11-22/a> | Didier Stevens | Quick Tip: Extracting all VBA Code from a Maldoc - JSON Format |
| 2020-11-21/a> | Guy Bruneau | VMware privilege escalation vulnerabilities (CVE-2020-4004, CVE-2020-4005) - https://www.vmware.com/security/advisories/VMSA-2020-0026.html |
| 2020-11-20/a> | Xavier Mertens | Malicious Python Code and LittleSnitch Detection |
| 2020-11-19/a> | Xavier Mertens | PowerShell Dropper Delivering Formbook |
| 2020-11-18/a> | Xavier Mertens | When Security Controls Lead to Security Issues |
| 2020-11-16/a> | Jan Kopriva | Heartbleed, BlueKeep and other vulnerabilities that didn't disappear just because we don't talk about them anymore |
| 2020-11-15/a> | Didier Stevens | oledump's ! Indicator |
| 2020-11-13/a> | Xavier Mertens | Old Worm But New Obfuscation Technique |
| 2020-11-12/a> | Daniel Wesemann | Exposed Blob Storage in Azure |
| 2020-11-12/a> | Daniel Wesemann | Preventing Exposed Azure Blob Storage |
| 2020-11-11/a> | Brad Duncan | Traffic Analysis Quiz: DESKTOP-FX23IK5 |
| 2020-11-09/a> | Xavier Mertens | How Attackers Brush Up Their Malicious Scripts |
| 2020-11-08/a> | Didier Stevens | Quick Tip: Extracting all VBA Code from a Maldoc |
| 2020-11-06/a> | Johannes Ullrich | Rediscovering Limitations of Stateful Firewalls: "NAT Slipstreaming" ? Implications, Detections and Mitigations |
| 2020-11-05/a> | Xavier Mertens | Did You Spot "Invoke-Expression"? |
| 2020-11-03/a> | Brad Duncan | Emotet -> Qakbot -> more Emotet |
| 2020-10-31/a> | Didier Stevens | More File Selection Gaffes |
| 2020-10-30/a> | Xavier Mertens | Quick Status of the CAA DNS Record Adoption |
| 2020-10-26/a> | Didier Stevens | Excel 4 Macros: "Abnormal Sheet Visibility" |
| 2020-10-25/a> | Didier Stevens | Video: Pascal Strings |
| 2020-10-24/a> | Guy Bruneau | An Alternative to Shodan, Censys with User-Agent CensysInspect/1.1 |
| 2020-10-23/a> | Russ McRee | Sooty: SOC Analyst's All-in-One Tool |
| 2020-10-22/a> | Jan Kopriva | BazarLoader phishing lures: plan a Halloween party, get a bonus and be fired in the same afternoon |
| 2020-10-21/a> | Daniel Wesemann | Shipping dangerous goods |
| 2020-10-20/a> | Xavier Mertens | Mirai-alike Python Scanner |
| 2020-10-14/a> | Brad Duncan | More TA551 (Shathak) Word docs push IcedID (Bokbot) |
| 2020-10-14/a> | Xavier Mertens | Nicely Obfuscated Python RAT |
| 2020-10-09/a> | Jan Kopriva | Phishing kits as far as the eye can see |
| 2020-10-07/a> | Johannes Ullrich | Today, Nobody is Going to Attack You. |
| 2020-10-03/a> | Guy Bruneau | Scanning for SOHO Routers |
| 2020-10-02/a> | Xavier Mertens | Analysis of a Phishing Kit |
| 2020-10-01/a> | Daniel Wesemann | Making sense of Azure AD (AAD) activity logs |
| 2020-09-30/a> | Johannes Ullrich | Scans for FPURL.xml: Reconnaissance or Not? |
| 2020-09-29/a> | Xavier Mertens | Managing Remote Access for Partners & Contractors |
| 2020-09-28/a> | Xavier Mertens | Some Tyler Technologies Customers Targeted with The Installation of a Bomgar Client |
| 2020-09-27/a> | Didier Stevens | Wireshark 3.2.7 Released |
| 2020-09-27/a> | Didier Stevens | Decoding Corrupt BASE64 Strings |
| 2020-09-24/a> | Xavier Mertens | Party in Ibiza with PowerShell |
| 2020-09-23/a> | Xavier Mertens | Malicious Word Document with Dynamic Content |
| 2020-09-21/a> | Jan Kopriva | Slightly broken overlay phishing |
| 2020-09-20/a> | Guy Bruneau | Analysis of a Salesforce Phishing Emails |
| 2020-09-18/a> | Xavier Mertens | A Mix of Python & VBA in a Malicious Word Document |
| 2020-09-17/a> | Xavier Mertens | Suspicious Endpoint Containment with OSSEC |
| 2020-09-16/a> | Johannes Ullrich | Do Vulnerabilities Ever Get Old? Recent "Mirai" Variant Scanning for 20 Year Old Amanda Version? |
| 2020-09-15/a> | Brad Duncan | Traffic Analysis Quiz: Oh No... Another Infection! |
| 2020-09-11/a> | Rob VandenBrink | What's in Your Clipboard? Pillaging and Protecting the Clipboard |
| 2020-09-10/a> | Brad Duncan | Recent Dridex activity |
| 2020-09-09/a> | Johannes Ullrich | A First Look at macOS 11 Big Sur Network Traffic (New! Now with more GREASE!) |
| 2020-09-04/a> | Jan Kopriva | A blast from the past - XXEncoded VB6.0 Trojan |
| 2020-09-03/a> | Xavier Mertens | Sandbox Evasion Using NTP |
| 2020-09-02/a> | Xavier Mertens | Python and Risky Windows API Calls |
| 2020-09-01/a> | Johannes Ullrich | Exposed Windows Domain Controllers Used in CLDAP DDoS Attacks |
| 2020-08-31/a> | Didier Stevens | Finding The Original Maldoc |
| 2020-08-29/a> | Didier Stevens | Malicious Excel Sheet with a NULL VT Score: More Info |
| 2020-08-28/a> | Xavier Mertens | Example of Malicious DLL Injected in PowerShell |
| 2020-08-26/a> | Xavier Mertens | Malicious Excel Sheet with a NULL VT Score |
| 2020-08-25/a> | Xavier Mertens | Keep An Eye on LOLBins |
| 2020-08-24/a> | Xavier Mertens | Tracking A Malware Campaign Through VT |
| 2020-08-22/a> | Guy Bruneau | VMware App Volumes patches address Stored Cross-Site Scripting (XSS) vulnerability - https://www.vmware.com/security/advisories/VMSA-2020-0019.html |
| 2020-08-22/a> | Guy Bruneau | Remote Desktop (TCP/3389) and Telnet (TCP/23), What might they have in Common? |
| 2020-08-20/a> | Rob VandenBrink | Office 365 Mail Forwarding Rules (and other Mail Rules too) |
| 2020-08-19/a> | Xavier Mertens | Example of Word Document Delivering Qakbot |
| 2020-08-18/a> | Rick Wanner | ISC Blocked |
| 2020-08-18/a> | Xavier Mertens | Using API's to Track Attackers |
| 2020-08-16/a> | Didier Stevens | Small Challenge: A Simple Word Maldoc - Part 3 |
| 2020-08-15/a> | Didier Stevens | Wireshark 3.2.6 Released |
| 2020-08-14/a> | Jan Kopriva | Definition of 'overkill' - using 130 MB executable to hide 24 kB malware |
| 2020-08-12/a> | Russ McRee | To the Brim at the Gates of Mordor Pt. 1 |
| 2020-08-10/a> | Bojan Zdrnja | Scoping web application and web service penetration tests |
| 2020-08-08/a> | Guy Bruneau | Scanning Activity Include Netcat Listener |
| 2020-08-07/a> | Brad Duncan | TA551 (Shathak) Word docs push IcedID (Bokbot) |
| 2020-08-06/a> | Xavier Mertens | A Fork of the FTCode Powershell Ransomware |
| 2020-08-05/a> | Brad Duncan | Traffic Analysis Quiz: What's the Malware From This Infection? |
| 2020-08-04/a> | Johannes Ullrich | Reminder: Patch Cisco ASA / FTD Devices (CVE-2020-3452). Exploitation Continues |
| 2020-08-04/a> | Johannes Ullrich | Internet Choke Points: Concentration of Authoritative Name Servers |
| 2020-08-03/a> | Xavier Mertens | Powershell Bot with Multiple C2 Protocols |
| 2020-08-03/a> | Johannes Ullrich | A Word of Caution: Helping Out People Being Stalked Online |
| 2020-08-02/a> | Didier Stevens | Small Challenge: A Simple Word Maldoc |
| 2020-08-01/a> | Jan Kopriva | What pages do bad bots look for? |
| 2020-07-28/a> | Johannes Ullrich | All I want this Tuesday: More Data |
| 2020-07-27/a> | Didier Stevens | Analyzing Metasploit ASP .NET Payloads |
| 2020-07-26/a> | Didier Stevens | Cracking Maldoc VBA Project Passwords |
| 2020-07-25/a> | Didier Stevens | ndisasm Update 2.15 |
| 2020-07-24/a> | Xavier Mertens | Compromized Desktop Applications by Web Technologies |
| 2020-07-21/a> | Jan Kopriva | Couple of interesting Covid-19 related stats |
| 2020-07-19/a> | Guy Bruneau | Scanning Activity for ZeroShell Unauthenticated Access |
| 2020-07-15/a> | Brad Duncan | Word docs with macros for IcedID (Bokbot) |
| 2020-07-13/a> | Didier Stevens | VBA Project Passwords |
| 2020-07-12/a> | Didier Stevens | Maldoc: VBA Purging Example |
| 2020-07-11/a> | Guy Bruneau | VMware XPC Client validation privilege escalation vulnerability - https://www.vmware.com/security/advisories/VMSA-2020-0017.html |
| 2020-07-11/a> | Guy Bruneau | Scanning Home Internet Facing Devices to Exploit |
| 2020-07-10/a> | Brad Duncan | Excel spreasheet macro kicks off Formbook infection |
| 2020-07-08/a> | Xavier Mertens | If You Want Something Done Right, You Have To Do It Yourself... Malware Too! |
| 2020-07-05/a> | Didier Stevens | CVE-2020-5902 F5 BIG-IP Exploitation Attempt |
| 2020-07-04/a> | Russ McRee | Happy FouRth of July from the Internet Storm Center |
| 2020-06-30/a> | Russ McRee | ISC Snapshot: SpectX IP Hitcount Query |
| 2020-06-29/a> | Didier Stevens | Sysmon and Alternate Data Streams |
| 2020-06-27/a> | Didier Stevens | Video: YARA's BASE64 Strings |
| 2020-06-25/a> | Johannes Ullrich | Tech Tuesday Recap / Recordings: Part 2 (Installing the Honeypot) release. |
| 2020-06-19/a> | Remco Verhoef | Sigma rules! The generic signature format for SIEM systems. |
| 2020-06-18/a> | Jan Kopriva | Broken phishing accidentally exploiting Outlook zero-day |
| 2020-06-16/a> | Xavier Mertens | Sextortion to The Next Level |
| 2020-06-16/a> | Johannes Ullrich | Odd "Protest" Spam (Scam?) Targeting Atlanta Police Foundation |
| 2020-06-15/a> | Rick Wanner | VMWare Security Advisory - VMSA-2020-0013 - https://www.vmware.com/security/advisories/VMSA-2020-0013.html |
| 2020-06-14/a> | Didier Stevens | YARA's BASE64 Strings |
| 2020-06-13/a> | Guy Bruneau | Mirai Botnet Activity |
| 2020-06-12/a> | Xavier Mertens | Malicious Excel Delivering Fileless Payload |
| 2020-06-11/a> | Xavier Mertens | Anti-Debugging JavaScript Techniques |
| 2020-06-10/a> | Brad Duncan | Job application-themed malspam pushes ZLoader |
| 2020-06-08/a> | Didier Stevens | Translating BASE64 Obfuscated Scripts |
| 2020-06-04/a> | Xavier Mertens | Anti-Debugging Technique based on Memory Protection |
| 2020-06-01/a> | Jim Clausing | Stackstrings, type 2 |
| 2020-06-01/a> | Didier Stevens | XLMMacroDeobfuscator: An Update |
| 2020-05-31/a> | Guy Bruneau | Windows 10 Built-in Packet Sniffer - PktMon |
| 2020-05-30/a> | Didier Stevens | YARA v4.0.1 |
| 2020-05-29/a> | Johannes Ullrich | The Impact of Researchers on Our Data |
| 2020-05-28/a> | Xavier Mertens | Flashback on CVE-2019-19781 |
| 2020-05-27/a> | Jan Kopriva | Frankenstein's phishing using Google Cloud Storage |
| 2020-05-26/a> | Jim Clausing | Seriously, SHA3 where art thou? |
| 2020-05-24/a> | Didier Stevens | Wireshark 3.2.4 Released |
| 2020-05-24/a> | Didier Stevens | Zloader Maldoc Analysis With xlm-deobfuscator |
| 2020-05-23/a> | Xavier Mertens | AgentTesla Delivered via a Malicious PowerPoint Add-In |
| 2020-05-22/a> | Didier Stevens | Some Strings to Remember |
| 2020-05-21/a> | Xavier Mertens | Malware Triage with FLOSS: API Calls Based Behavior |
| 2020-05-20/a> | Brad Duncan | Microsoft Word document with malicious macro pushes IcedID (Bokbot) |
| 2020-05-19/a> | Rick Wanner | Wireshark Release - 2.6.17, 3.0.11 and 3.2.4 - https://www.wireshark.org/news/20200519.html |
| 2020-05-19/a> | Rick Wanner | VMWare Security Advisory - VMSA-2020-0010 - https://www.vmware.com/security/advisories/VMSA-2020-0010.html |
| 2020-05-18/a> | Rick Wanner | Automating nmap scans |
| 2020-05-16/a> | Guy Bruneau | Scanning for Outlook Web Access (OWA) & Microsoft Exchange Control Panel (ECP) |
| 2020-05-15/a> | Rob VandenBrink | Hashes in PowerShell |
| 2020-05-15/a> | Rob VandenBrink | SHA3 Hashes (on Windows) - Where Art Thou? |
| 2020-05-14/a> | Rob VandenBrink | Patch Tuesday Revisited - CVE-2020-1048 isn't as "Medium" as MS Would Have You Believe |
| 2020-05-13/a> | Brad Duncan | Malspam with links to zip archives pushes Dridex malware |
| 2020-05-10/a> | Didier Stevens | YARA v4.0.0: BASE64 Strings |
| 2020-05-09/a> | Rick Wanner | VMWare vRealize Critical vulnerabilities due to SaltStack - VMSA-2020-0009 |
| 2020-05-09/a> | Rick Wanner | Nmap Basics - The Security Practitioner's Swiss Army Knife |
| 2020-05-08/a> | Xavier Mertens | Using Nmap As a Lightweight Vulnerability Scanner |
| 2020-05-07/a> | Bojan Zdrnja | Scanning with nmap?s NSE scripts |
| 2020-05-06/a> | Xavier Mertens | Keeping an Eye on Malicious Files Life Time |
| 2020-05-05/a> | Russ McRee | Cloud Security Features Don't Replace the Need for Personnel Security Capabilities |
| 2020-05-04/a> | Didier Stevens | Sysmon and File Deletion |
| 2020-05-03/a> | Didier Stevens | ZIP & AES |
| 2020-05-02/a> | Guy Bruneau | Phishing PDF with Unusual Hostname |
| 2020-05-01/a> | Jim Clausing | Attack traffic on TCP port 9673 |
| 2020-04-30/a> | Xavier Mertens | Collecting IOCs from IMAP Folder |
| 2020-04-29/a> | Johannes Ullrich | Privacy Preserving Protocols to Trace Covid19 Exposure |
| 2020-04-28/a> | Jan Kopriva | Agent Tesla delivered by the same phishing campaign for over a year |
| 2020-04-27/a> | Xavier Mertens | Powershell Payload Stored in a PSCredential Object |
| 2020-04-26/a> | Didier Stevens | Video: Malformed .docm File |
| 2020-04-25/a> | Didier Stevens | MALWARE Bazaar |
| 2020-04-24/a> | Xavier Mertens | Malicious Excel With a Strong Obfuscation and Sandbox Evasion |
| 2020-04-21/a> | Russ McRee | SpectX: Log Parser for DFIR |
| 2020-04-20/a> | Didier Stevens | KPOT AutoIt Script: Analysis |
| 2020-04-18/a> | Guy Bruneau | Maldoc Falsely Represented as DOCX Invoice Redirecting to Fake Apple Store |
| 2020-04-17/a> | Xavier Mertens | Weaponized RTF Document Generator & Mailer in PowerShell |
| 2020-04-16/a> | Johannes Ullrich | Using AppLocker to Prevent Living off the Land Attacks |
| 2020-04-13/a> | Jan Kopriva | Look at the same phishing campaign 3 months apart |
| 2020-04-12/a> | Didier Stevens | Reader Analysis: "Dynamic analysis technique to get decrypted KPOT Malware." |
| 2020-04-11/a> | Didier Stevens | Wireshark 3.2.3 Released: Mac Users Pay Attention Please |
| 2020-04-10/a> | Xavier Mertens | PowerShell Sample Extracting Payload From SSL |
| 2020-04-10/a> | Scott Fendley | Critical Vuln in vCenter vmdir (CVE-2020-3952) |
| 2020-04-08/a> | Brad Duncan | German malspam pushes ZLoader malware |
| 2020-04-07/a> | Johannes Ullrich | Increase in RDP Scanning |
| 2020-04-06/a> | Didier Stevens | Password Protected Malicious Excel Files |
| 2020-04-05/a> | Guy Bruneau | Maldoc XLS Invoice with Excel 4 Macros |
| 2020-04-04/a> | Didier Stevens | New Bypass Technique or Corrupt Word Document? |
| 2020-04-03/a> | Xavier Mertens | Obfuscated with a Simple 0x0A |
| 2020-04-01/a> | Brad Duncan | Qakbot malspam sent from an infected Windows host |
| 2020-03-31/a> | Johannes Ullrich | Kwampirs Targeted Attacks Involving Healthcare Sector |
| 2020-03-30/a> | Jan Kopriva | Crashing explorer.exe with(out) a click |
| 2020-03-29/a> | Didier Stevens | Obfuscated Excel 4 Macros |
| 2020-03-28/a> | Didier Stevens | Covid19 Domain Classifier |
| 2020-03-27/a> | Xavier Mertens | Malicious JavaScript Dropping Payload in the Registry |
| 2020-03-27/a> | Johannes Ullrich | Help us classify Covid19 related domains https://isc.sans.edu/covidclassifier.html (login required) |
| 2020-03-26/a> | Xavier Mertens | Very Large Sample as Evasion Technique? |
| 2020-03-25/a> | Brad Duncan | Recent Dridex activity |
| 2020-03-24/a> | Russ McRee | Another Critical COVID-19 Shortage: Digital Security |
| 2020-03-23/a> | Didier Stevens | KPOT Deployed via AutoIt Script |
| 2020-03-23/a> | Didier Stevens | Windows Zeroday Actively Exploited: Type 1 Font Parsing Remote Code Execution Vulnerability |
| 2020-03-22/a> | Didier Stevens | More COVID-19 Themed Malware |
| 2020-03-21/a> | Guy Bruneau | Honeypot - Scanning and Targeting Devices & Services |
| 2020-03-19/a> | Xavier Mertens | COVID-19 Themed Multistage Malware |
| 2020-03-18/a> | Brad Duncan | Trickbot gtag red5 distributed as a DLL file |
| 2020-03-16/a> | Jan Kopriva | Desktop.ini as a post-exploitation tool |
| 2020-03-15/a> | Guy Bruneau | VPN Access and Activity Monitoring |
| 2020-03-14/a> | Didier Stevens | Phishing PDF With Incremental Updates. |
| 2020-03-13/a> | Rob VandenBrink | Not all Ethernet NICs are Created Equal - Trying to Capture Invalid Ethernet Frames |
| 2020-03-12/a> | Xavier Mertens | Critical SMBv3 Vulnerability: Remote Code Execution |
| 2020-03-12/a> | Brad Duncan | Hancitor distributed through coronavirus-themed malspam |
| 2020-03-11/a> | Xavier Mertens | Agent Tesla Delivered via Fake Canon EOS Notification on Free OwnCloud Account |
| 2020-03-10/a> | Johannes Ullrich | Microsoft Patch Tuesday March 2020 |
| 2020-03-09/a> | Didier Stevens | Malicious Spreadsheet With Data Connection and Excel 4 Macros |
| 2020-03-07/a> | Didier Stevens | Wireshark 3.2.2 Released: Windows' Users Pay Attention Please |
| 2020-03-06/a> | Xavier Mertens | A Safe Excel Sheet Not So Safe |
| 2020-03-05/a> | Xavier Mertens | Will You Put Your Password in a Survey? |
| 2020-03-02/a> | Jan Kopriva | Secure vs. cleartext protocols - couple of interesting stats |
| 2020-02-29/a> | Guy Bruneau | Hazelcast IMDG Discover Scan |
| 2020-02-28/a> | Xavier Mertens | Show me Your Clipboard Data! |
| 2020-02-27/a> | Xavier Mertens | Offensive Tools Are For Blue Teams Too |
| 2020-02-25/a> | Jan Kopriva | Quick look at a couple of current online scam campaigns |
| 2020-02-24/a> | Didier Stevens | Maldoc: Excel 4 Macros and VBA, Devil and Angel? |
| 2020-02-23/a> | Didier Stevens | Maldoc: Excel 4 Macros in OOXML Format |
| 2020-02-22/a> | Xavier Mertens | Simple but Efficient VBScript Obfuscation |
| 2020-02-21/a> | Xavier Mertens | Quick Analysis of an Encrypted Compound Document Format |
| 2020-02-18/a> | Jan Kopriva | Discovering contents of folders in Windows without permissions |
| 2020-02-16/a> | Guy Bruneau | SOAR or not to SOAR? |
| 2020-02-15/a> | Didier Stevens | bsdtar on Windows 10 |
| 2020-02-14/a> | Xavier Mertens | Keep an Eye on Command-Line Browsers |
| 2020-02-13/a> | Rob VandenBrink | Auth-mageddon deferred (but not averted), Microsoft LDAP Changes now slated for Q3Q4 2020 |
| 2020-02-12/a> | Brad Duncan | Malpsam pushes Ursnif through Italian language Word docs |
| 2020-02-12/a> | Rob VandenBrink | March Patch Tuesday is Coming - the LDAP Changes will Change Your Life! |
| 2020-02-10/a> | Jan Kopriva | Current PayPal phishing campaign or "give me all your personal information" |
| 2020-02-08/a> | Russell Eubanks | After Action Review |
| 2020-02-07/a> | Xavier Mertens | Sandbox Detection Tricks & Nice Obfuscation in a Single VBScript |
| 2020-02-05/a> | Brad Duncan | Fake browser update pages are "still a thing" |
| 2020-02-03/a> | Jan Kopriva | Analysis of a triple-encrypted AZORult downloader |
| 2020-02-01/a> | Didier Stevens | Wireshark 3.2.1 Released |
| 2020-01-27/a> | Johannes Ullrich | Network Security Perspective on Coronavirus Preparedness |
| 2020-01-25/a> | Guy Bruneau | Is Threat Hunting the new Fad? |
| 2020-01-23/a> | Xavier Mertens | Complex Obfuscation VS Simple Trick |
| 2020-01-22/a> | Brad Duncan | German language malspam pushes Ursnif |
| 2020-01-21/a> | Russ McRee | DeepBlueCLI: Powershell Threat Hunting |
| 2020-01-16/a> | Bojan Zdrnja | Summing up CVE-2020-0601, or the Let?s Decrypt vulnerability |
| 2020-01-16/a> | Jan Kopriva | Picks of 2019 malware - the large, the small and the one full of null bytes |
| 2020-01-15/a> | Johannes Ullrich | CVE-2020-0601 Followup |
| 2020-01-13/a> | Didier Stevens | Citrix ADC Exploits: Overview of Observed Payloads |
| 2020-01-12/a> | Guy Bruneau | ELK Dashboard and Logstash parser for tcp-honeypot Logs |
| 2020-01-11/a> | Johannes Ullrich | Citrix ADC Exploits are Public and Heavily Used. Attempts to Install Backdoor |
| 2020-01-10/a> | Xavier Mertens | More Data Exfiltration |
| 2020-01-09/a> | Xavier Mertens | Quick Analyzis of a(nother) Maldoc |
| 2020-01-07/a> | Johannes Ullrich | A Quick Update on Scanning for CVE-2019-19781 (Citrix ADC / Gateway Vulnerability) |
| 2020-01-05/a> | Didier Stevens | etl2pcapng: Convert .etl Capture Files To .pcapng Format |
| 2020-01-03/a> | Kevin Shortt | CCPA - Quick Overview |
| 2020-01-02/a> | Xavier Mertens | Ransomware in Node.js |
| 2019-12-31/a> | Johannes Ullrich | Some Thoughts About the Critical Citrix ADC/Gateway Vulnerability (CVE-2019-19781) |
| 2019-12-29/a> | Guy Bruneau | ELK Dashboard for Pihole Logs |
| 2019-12-28/a> | Didier Stevens | Corrupt Office Documents |
| 2019-12-26/a> | Xavier Mertens | Bypassing UAC to Install a Cryptominer |
| 2019-12-24/a> | Brad Duncan | Malspam with links to Word docs pushes IcedID (Bokbot) |
| 2019-12-23/a> | Didier Stevens | New oledump.py plugin: plugin_version_vba |
| 2019-12-22/a> | Didier Stevens | Extracting VBA Macros From .DWG Files |
| 2019-12-21/a> | Didier Stevens | Wireshark 3.2.0 Released |
| 2019-12-18/a> | Brad Duncan | Emotet infection with spambot activity |
| 2019-12-16/a> | Didier Stevens | Malicious .DWG Files? |
| 2019-12-15/a> | Didier Stevens | VirusTotal Email Submissions |
| 2019-12-14/a> | Didier Stevens | (Lazy) Sunday Maldoc Analysis: A Bit More ... |
| 2019-12-13/a> | Jan Kopriva | Internet banking sites and their use of TLS... and SSLv3... and SSLv2?! |
| 2019-12-12/a> | Xavier Mertens | Code & Data Reuse in the Malware Ecosystem |
| 2019-12-11/a> | Brad Duncan | German language malspam pushes yet another wave of Trickbot |
| 2019-12-09/a> | Didier Stevens | (Lazy) Sunday Maldoc Analysis |
| 2019-12-08/a> | Didier Stevens | Wireshark 3.0.7 Released |
| 2019-12-07/a> | Guy Bruneau | Integrating Pi-hole Logs in ELK with Logstash |
| 2019-12-06/a> | Jan Kopriva | Phishing with a self-contained credentials-stealing webpage |
| 2019-12-05/a> | Jan Kopriva | E-mail from Agent Tesla |
| 2019-12-04/a> | Jan Kopriva | Analysis of a strangely poetic malware |
| 2019-12-03/a> | Brad Duncan | Ursnif infection with Dridex |
| 2019-11-29/a> | Russ McRee | ISC Snapshot: Search with SauronEye |
| 2019-11-27/a> | Brad Duncan | Finding an Agent Tesla malware sample |
| 2019-11-26/a> | Jan Kopriva | Lessons learned from playing a willing phish |
| 2019-11-23/a> | Guy Bruneau | Local Malware Analysis with Malice |
| 2019-11-22/a> | Xavier Mertens | Abusing Web Filters Misconfiguration for Reconnaissance |
| 2019-11-20/a> | Brad Duncan | Hancitor infection with Pony, Evil Pony, Ursnif, and Cobalt Strike |
| 2019-11-19/a> | Johannes Ullrich | Cheap Chinese JAWS of DVR Exploitability on Port 60001 |
| 2019-11-18/a> | Johannes Ullrich | SMS and 2FA: Another Reason to Move away from It. |
| 2019-11-13/a> | Brad Duncan | An example of malspam pushing Lokibot malware, November 2019 |
| 2019-11-10/a> | Jan Kopriva | Did the recent malicious BlueKeep campaign have any positive impact when it comes to patching? |
| 2019-11-09/a> | Guy Bruneau | Fake Netflix Update Request by Text |
| 2019-11-08/a> | Xavier Mertens | Microsoft Apps Diverted from Their Main Use |
| 2019-11-06/a> | Brad Duncan | More malspam pushing Formbook |
| 2019-11-05/a> | Rick Wanner | Bluekeep exploitation causing Bluekeep vulnerability scan to fail |
| 2019-11-03/a> | Didier Stevens | You Too? "Unusual Activity with Double Base64 Encoding" |
| 2019-11-01/a> | Didier Stevens | Tip: Password Managers and 2FA |
| 2019-10-31/a> | Jan Kopriva | EML attachments in O365 - a recipe for phishing |
| 2019-10-30/a> | Xavier Mertens | Keep an Eye on Remote Access to Mailboxes |
| 2019-10-29/a> | Xavier Mertens | Generating PCAP Files from YAML |
| 2019-10-27/a> | Didier Stevens | Wireshark 3.0.6 Released |
| 2019-10-27/a> | Guy Bruneau | Unusual Activity with Double Base64 Encoding |
| 2019-10-24/a> | Johannes Ullrich | Your Supply Chain Doesn't End At Receiving: How Do You Decommission Network Equipment? |
| 2019-10-20/a> | Guy Bruneau | Scanning Activity for NVMS-9000 Digital Video Recorder |
| 2019-10-19/a> | Russell Eubanks | What Assumptions Are You Making? |
| 2019-10-18/a> | Xavier Mertens | Quick Malicious VBS Analysis |
| 2019-10-17/a> | Jan Kopriva | Phishing e-mail spoofing SPF-enabled domain |
| 2019-10-14/a> | Didier Stevens | YARA's XOR Modifier |
| 2019-10-12/a> | Didier Stevens | YARA v3.11.0 released |
| 2019-10-10/a> | Rob VandenBrink | Mining Live Networks for OUI Data Oddness |
| 2019-10-09/a> | Brad Duncan | What data does Vidar malware steal from an infected host? |
| 2019-10-06/a> | Russ McRee | visNetwork for Network Data |
| 2019-10-03/a> | Xavier Mertens | "Lost_Files" Ransomware |
| 2019-10-03/a> | Jim Clausing | Buffer overflows found in libpcap and tcpdump |
| 2019-10-02/a> | Brad Duncan | A recent example of Emotet malspam |
| 2019-10-01/a> | Johannes Ullrich | A Quick Look at Some Current Comment Spam |
| 2019-09-27/a> | Xavier Mertens | New Scans for Polycom Autoconfiguration Files |
| 2019-09-26/a> | Rob VandenBrink | Mining MAC Address and OUI Information |
| 2019-09-25/a> | Brad Duncan | Malspam pushing Quasar RAT |
| 2019-09-24/a> | Xavier Mertens | Huge Amount of remotewebaccess.com Sites Found in Certificate Transparency Logs |
| 2019-09-21/a> | Didier Stevens | Wireshark 3.0.5 Release: Potential Windows Crash when Updating |
| 2019-09-19/a> | Xavier Mertens | Agent Tesla Trojan Abusing Corporate Email Accounts |
| 2019-09-19/a> | Xavier Mertens | Blocklisting or Whitelisting in the Right Way |
| 2019-09-18/a> | Brad Duncan | Emotet malspam is back |
| 2019-09-17/a> | Rob VandenBrink | Investigating Gaps in your Windows Event Logs |
| 2019-09-07/a> | Guy Bruneau | Unidentified Scanning Activity |
| 2019-09-03/a> | Johannes Ullrich | [Guest Diary] Tricky LNK points to TrickBot |
| 2019-08-30/a> | Xavier Mertens | Malware Dropping a Local Node.js Instance |
| 2019-08-28/a> | Johannes Ullrich | [Guest Diary] Open Redirect: A Small But Very Common Vulnerability |
| 2019-08-28/a> | Xavier Mertens | Malware Samples Compiling Their Next Stage on Premise |
| 2019-08-25/a> | Guy Bruneau | Are there any Advantages of Buying Cyber Security Insurance? |
| 2019-08-22/a> | Xavier Mertens | Simple Mimikatz & RDPWrapper Dropper |
| 2019-08-21/a> | Russ McRee | KAPE: Kroll Artifact Parser and Extractor |
| 2019-08-18/a> | Didier Stevens | Video: Analyzing DAA Files |
| 2019-08-16/a> | Didier Stevens | The DAA File Format |
| 2019-08-15/a> | Didier Stevens | Analysis of a Spearphishing Maldoc |
| 2019-08-14/a> | Brad Duncan | Recent example of MedusaHTTP malware |
| 2019-08-12/a> | Didier Stevens | Malicious .DAA Attachments |
| 2019-08-11/a> | Didier Stevens | Nmap Defcon Release: 7.80 |
| 2019-08-09/a> | Xavier Mertens | 100% JavaScript Phishing Page |
| 2019-08-08/a> | Johannes Ullrich | [Guest Diary] The good, the bad and the non-functional, or "how not to do an attack campaign" |
| 2019-08-07/a> | Bojan Zdrnja | Verifying SSL/TLS configuration (part 2) |
| 2019-08-05/a> | Rick Wanner | Scanning for Bluekeep vulnerable RDP instances |
| 2019-08-01/a> | Johannes Ullrich | What is Listening On Port 9527/TCP? |
| 2019-07-28/a> | Didier Stevens | Video: Analyzing Compressed PowerShell Scripts |
| 2019-07-26/a> | Kevin Shortt | DVRIP Port 34567 - Uptick |
| 2019-07-25/a> | Rob VandenBrink | When Users Attack! Users (and Admins) Thwarting Security Controls |
| 2019-07-24/a> | Xavier Mertens | May People Be Considered as IOC? |
| 2019-07-23/a> | Bojan Zdrnja | Verifying SSL/TLS configuration (part 1) |
| 2019-07-20/a> | Guy Bruneau | Re-evaluating Network Security - It is Increasingly More Complex |
| 2019-07-18/a> | Rob VandenBrink | The Other Side of Critical Control 1: 802.1x Wired Network Access Controls |
| 2019-07-18/a> | Xavier Mertens | Malicious PHP Script Back on Stage? |
| 2019-07-17/a> | Xavier Mertens | Analyzis of DNS TXT Records |
| 2019-07-16/a> | Russ McRee | Commando VM: The Complete Mandiant Offensive VM |
| 2019-07-13/a> | Guy Bruneau | Guidance to Protect DNS Against Hijacking & Scanning for Version.BIND Still a Thing |
| 2019-07-11/a> | Johannes Ullrich | Remembering Mike Assante |
| 2019-07-11/a> | Xavier Mertens | Russian Dolls Malicious Script Delivering Ursnif |
| 2019-07-10/a> | Rob VandenBrink | Samba Project tells us "What's New" - SMBv1 Disabled by Default (finally) |
| 2019-07-10/a> | Rob VandenBrink | Dumping File Contents in Hex (in PowerShell) |
| 2019-07-09/a> | John Bambenek | Solving the WHOIS and Privacy Problem: A Draft of Implementing WHOIS in DNS |
| 2019-07-09/a> | John Bambenek | MSFT July 2019 Patch Tuesday |
| 2019-07-08/a> | Didier Stevens | Machine Code? No! |
| 2019-07-06/a> | Didier Stevens | Malicious XSL Files |
| 2019-07-05/a> | Didier Stevens | A "Stream O" Maldoc |
| 2019-07-04/a> | Didier Stevens | Machine Code? |
| 2019-07-02/a> | Xavier Mertens | Malicious Script With Multiple Payloads |
| 2019-07-01/a> | Didier Stevens | Maldoc: Payloads in User Forms |
| 2019-06-28/a> | Rob VandenBrink | Verifying Running Processes against VirusTotal - Domain-Wide |
| 2019-06-27/a> | Rob VandenBrink | Finding the Gold in a Pile of Pennies - Long Tail Analysis in PowerShell |
| 2019-06-25/a> | Brad Duncan | Rig Exploit Kit sends Pitou.B Trojan |
| 2019-06-24/a> | Johannes Ullrich | Extensive BGP Issues Affecting Cloudflare and possibly others |
| 2019-06-21/a> | Rob VandenBrink | Netstat Local and Remote -new and improved, now with more PowerShell! |
| 2019-06-20/a> | Xavier Mertens | Using a Travel Packing App for Infosec Purpose |
| 2019-06-19/a> | Johannes Ullrich | Critical Actively Exploited WebLogic Flaw Patched CVE-2019-2729 |
| 2019-06-18/a> | Brad Duncan | Malspam with password-protected Word docs pushing Dridex |
| 2019-06-18/a> | Johannes Ullrich | What You Need To Know About TCP "SACK Panic" |
| 2019-06-17/a> | Brad Duncan | An infection from Rig exploit kit |
| 2019-06-14/a> | Jim Clausing | A few Ghidra tips for IDA users, part 4 - function call graphs |
| 2019-06-10/a> | Xavier Mertens | Interesting JavaScript Obfuscation Example |
| 2019-06-06/a> | Xavier Mertens | Keep an Eye on Your WMI Logs |
| 2019-06-03/a> | Didier Stevens | Tip: BASE64 Encoded PowerShell Scripts are Recognizable by the Amount of Letter As |
| 2019-05-31/a> | Didier Stevens | Retrieving Second Stage Payload with Ncat |
| 2019-05-29/a> | Xavier Mertens | Behavioural Malware Analysis with Microsoft ASA |
| 2019-05-28/a> | Didier Stevens | Office Document & BASE64? PowerShell! |
| 2019-05-26/a> | Didier Stevens | Video: nmap Service Detection Customization |
| 2019-05-22/a> | Johannes Ullrich | An Update on the Microsoft Windows RDP "Bluekeep" Vulnerability (CVE-2019-0708) [now with pcaps] |
| 2019-05-21/a> | Tom Webb | Using Shodan Monitoring |
| 2019-05-20/a> | Tom Webb | CVE-2019-0604 Attack |
| 2019-05-19/a> | Guy Bruneau | Is Metadata Only Approach, Good Enough for Network Traffic Analysis? |
| 2019-05-16/a> | Xavier Mertens | The Risk of Authenticated Vulnerability Scans |
| 2019-05-13/a> | Xavier Mertens | From Phishing To Ransomware? |
| 2019-05-06/a> | Didier Stevens | Text and Text |
| 2019-05-03/a> | Jim Clausing | A few Ghidra tips for IDA users, part 3 - conversion, labels, and comments |
| 2019-05-01/a> | Xavier Mertens | Another Day, Another Suspicious UDF File |
| 2019-05-01/a> | Didier Stevens | VBA Office Document: Which Version? |
| 2019-04-27/a> | Didier Stevens | Quick Tip for Dissecting CVE-2017-11882 Exploits |
| 2019-04-26/a> | Rob VandenBrink | Pillaging Passwords from Service Accounts |
| 2019-04-25/a> | Rob VandenBrink | Unpatched Vulnerability Alert - WebLogic Zero Day |
| 2019-04-25/a> | Rob VandenBrink | Service Accounts Redux - Collecting Service Accounts with PowerShell |
| 2019-04-24/a> | Rob VandenBrink | Where have all the Domain Admins gone? Rooting out Unwanted Domain Administrators |
| 2019-04-23/a> | Didier Stevens | Malicious VBA Office Document Without Source Code |
| 2019-04-22/a> | Didier Stevens | .rar Files and ACE Exploit CVE-2018-20250 |
| 2019-04-19/a> | Didier Stevens | Analyzing UDF Files with Python |
| 2019-04-17/a> | Jim Clausing | A few Ghidra tips for IDA users, part 2 - strings and parameters |
| 2019-04-17/a> | Xavier Mertens | Malware Sample Delivered Through UDF Image |
| 2019-04-13/a> | Johannes Ullrich | Configuring MTA-STS and TLS Reporting For Your Domain |
| 2019-04-11/a> | Johannes Ullrich | How to Find Hidden Cameras in your AirBNB |
| 2019-04-08/a> | Jim Clausing | A few Ghidra tips for IDA users, part 1 - the decompiler/unreachable code |
| 2019-04-07/a> | Guy Bruneau | Fake Office 365 Payment Information Update |
| 2019-04-05/a> | Russ McRee | Beagle: Graph transforms for DFIR data & logs |
| 2019-04-04/a> | Xavier Mertens | New Waves of Scans Detected by an Old Rule |
| 2019-04-03/a> | Jim Clausing | A few Ghidra tips for IDA users, part 0 - automatic comments for API call parameters |
| 2019-04-02/a> | Johannes Ullrich | Fake AV is Back: LaCie Network Drives Used to Spread Malware |
| 2019-03-31/a> | Didier Stevens | Maldoc Analysis of the Weekend by a Reader |
| 2019-03-30/a> | Didier Stevens | "404" is not Malware |
| 2019-03-29/a> | Remco Verhoef | Annotating Golang binaries with Cutter and Jupyter |
| 2019-03-27/a> | Xavier Mertens | Running your Own Passive DNS Service |
| 2019-03-25/a> | Didier Stevens | "VelvetSweatshop" Maldocs: Shellcode Analysis |
| 2019-03-23/a> | Didier Stevens | "VelvetSweatshop" Maldocs |
| 2019-03-21/a> | Xavier Mertens | New Wave of Extortion Emails: Central Intelligence Agency Case |
| 2019-03-18/a> | Didier Stevens | Wireshark 3.0.0 and Npcap: Some Remarks |
| 2019-03-17/a> | Didier Stevens | Video: Maldoc Analysis: Excel 4.0 Macro |
| 2019-03-16/a> | Didier Stevens | Maldoc: Excel 4.0 Macros |
| 2019-03-15/a> | Remco Verhoef | Binary Analysis with Jupyter and Radare2 |
| 2019-03-14/a> | Didier Stevens | Tip: Ghidra & ZIP Files |
| 2019-03-13/a> | Brad Duncan | Malspam pushes Emotet with Qakbot as the follow-up malware |
| 2019-03-11/a> | Didier Stevens | Wireshark 3.0.0 and Npcap |
| 2019-03-10/a> | Didier Stevens | Quick and Dirty Malicious HTA Analysis |
| 2019-03-10/a> | Didier Stevens | Malicious HTA Analysis by a Reader |
| 2019-03-09/a> | Guy Bruneau | A Comparison Study of SSH Port Activity - TCP 22 & 2222 |
| 2019-03-08/a> | Remco Verhoef | Analysing meterpreter payload with Ghidra |
| 2019-03-06/a> | Brad Duncan | Malspam with password-protected word docs still pushing IcedID (Bokbot) with Trickbot |
| 2019-03-06/a> | Johannes Ullrich | March Edition of Ouch! Newsletter: Securely Disposing Mobile Devices https://www.sans.org/security-awareness-training/resources/disposing-your-mobile-device |
| 2019-03-06/a> | Xavier Mertens | Keep an Eye on Disposable Email Addresses |
| 2019-03-05/a> | Rob VandenBrink | Powershell, Active Directory and the Windows Host Firewall |
| 2019-02-27/a> | Didier Stevens | Maldoc Analysis by a Reader |
| 2019-02-24/a> | Guy Bruneau | Packet Editor and Builder by Colasoft |
| 2019-02-20/a> | Brad Duncan | More Russian language malspam pushing Shade (Troldesh) ransomware |
| 2019-02-19/a> | Didier Stevens | Identifying Files: Failure Happens |
| 2019-02-18/a> | Didier Stevens | Know What You Are Logging |
| 2019-02-17/a> | Didier Stevens | Video: Finding Property Values in Office Documents |
| 2019-02-16/a> | Didier Stevens | Finding Property Values in Office Documents |
| 2019-02-14/a> | Xavier Mertens | Suspicious PDF Connecting to a Remote SMB Share |
| 2019-02-14/a> | Xavier Mertens | Old H-Worm Delivered Through GitHub |
| 2019-02-11/a> | Didier Stevens | Have You Seen an Email Virus Recently? |
| 2019-02-10/a> | Didier Stevens | Video: Maldoc Analysis of the Weekend |
| 2019-02-09/a> | Didier Stevens | Maldoc Analysis of the Weekend |
| 2019-02-07/a> | Bojan Zdrnja | UAC is not all that bad really |
| 2019-02-07/a> | Xavier Mertens | Phishing Kit with JavaScript Keylogger |
| 2019-02-06/a> | Brad Duncan | Hancitor malspam and infection traffic from Tuesday 2019-02-05 |
| 2019-02-05/a> | Rob VandenBrink | Mitigations against Mimikatz Style Attacks |
| 2019-02-02/a> | Guy Bruneau | Scanning for WebDAV PROPFIND Exploiting CVE-2017-7269 |
| 2019-01-31/a> | Xavier Mertens | Tracking Unexpected DNS Changes |
| 2019-01-30/a> | Russ McRee | CR19-010: The United States vs. Huawei |
| 2019-01-29/a> | Johannes Ullrich | A Not So Well Done Phish (Why Attackers need to Implement IPv6 Now! ;-) ) |
| 2019-01-28/a> | Bojan Zdrnja | Relaying Exchange?s NTLM authentication to domain admin (and more) |
| 2019-01-26/a> | Didier Stevens | Video: Analyzing Encrypted Malicious Office Documents |
| 2019-01-24/a> | Brad Duncan | Malspam with Word docs uses macro to run Powershell script and steal system data |
| 2019-01-22/a> | Xavier Mertens | DNS Firewalling with MISP |
| 2019-01-16/a> | Brad Duncan | Emotet infections and follow-up malware |
| 2019-01-14/a> | Rob VandenBrink | Microsoft LAPS - Blue Team / Red Team |
| 2019-01-12/a> | Guy Bruneau | Snorpy a Web Base Tool to Build Snort/Suricata Rules |
| 2019-01-11/a> | Didier Stevens | Quick Maldoc Analysis |
| 2019-01-10/a> | Brad Duncan | Heartbreaking Emails: "Love You" Malspam |
| 2019-01-09/a> | Russ McRee | gganimate: Animate YouR Security Analysis |
| 2019-01-07/a> | Didier Stevens | Analyzing Encrypted Malicious Office Documents |
| 2019-01-06/a> | Didier Stevens | Malicious .tar Attachments |
| 2019-01-05/a> | Didier Stevens | A Malicious JPEG? Second Example |
| 2019-01-04/a> | Didier Stevens | A Malicious JPEG? |
| 2019-01-02/a> | Didier Stevens | Maldoc with Nonfunctional Shellcode |
| 2019-01-02/a> | Lorna Hutcheson | Gift Card Scams on the rise |
| 2019-01-02/a> | Xavier Mertens | Malicious Script Leaking Data via FTP |
| 2018-12-31/a> | Didier Stevens | Software Crashes: A New Year's Resolution |
| 2018-12-29/a> | Didier Stevens | Video: De-DOSfuscation Example |
| 2018-12-23/a> | Guy Bruneau | Scanning Activity, end Goal is to add Hosts to Mirai Botnet |
| 2018-12-21/a> | Lorna Hutcheson | Phishing Attempts That Bypass 2FA |
| 2018-12-19/a> | Xavier Mertens | Restricting PowerShell Capabilities with NetSh |
| 2018-12-19/a> | Xavier Mertens | Microsoft OOB Patch for Internet Explorer: Scripting Engine Memory Corruption Vulnerability |
| 2018-12-19/a> | Xavier Mertens | Using OSSEC Active-Response as a DFIR Framework |
| 2018-12-18/a> | Brad Duncan | Malspam links to password-protected Word docs that push IcedID (Bokbot) |
| 2018-12-17/a> | Didier Stevens | Password Protected ZIP with Maldoc |
| 2018-12-16/a> | Guy Bruneau | Random Port Scan for Open RDP Backdoor |
| 2018-12-15/a> | Didier Stevens | De-DOSfuscation Example |
| 2018-12-12/a> | Didier Stevens | Yet Another DOSfuscation Sample |
| 2018-12-11/a> | Richard Porter | Microsoft December 2018 Patch Tuesday |
| 2018-12-09/a> | Didier Stevens | Quickie: String Analysis is Still Useful |
| 2018-12-09/a> | Johannes Ullrich | Arrest of Huawei CFO Inspires Advance Fee Scam |
| 2018-12-08/a> | Didier Stevens | Reader Malware Submission: MHT File Inside a ZIP File |
| 2018-12-05/a> | Brad Duncan | Campaign evolution: Hancitor changes its Word macros |
| 2018-12-04/a> | Brad Duncan | Malspam pushing Lokibot malware |
| 2018-12-03/a> | Didier Stevens | Word maldoc: yet another place to hide a command |
| 2018-12-01/a> | Didier Stevens | Wireshark update 2.6.5 available |
| 2018-11-30/a> | Remco Verhoef | CoinMiners searching for hosts |
| 2018-11-29/a> | Brad Duncan | Russian language malspam pushing Shade (Troldesh) ransomware |
| 2018-11-27/a> | Xavier Mertens | More obfuscated shell scripts: Fake MacOS Flash update |
| 2018-11-27/a> | Rob VandenBrink | Data Exfiltration in Penetration Tests |
| 2018-11-26/a> | Russ McRee | ViperMonkey: VBA maldoc deobfuscation |
| 2018-11-26/a> | Xavier Mertens | Obfuscated bash script targeting QNap boxes |
| 2018-11-23/a> | Didier Stevens | Video: Dissecting a CVE-2017-11882 Exploit |
| 2018-11-22/a> | Xavier Mertens | Divided Payload in Multiple Pasties |
| 2018-11-21/a> | Johannes Ullrich | Critical Vulnerability in Flash Player |
| 2018-11-20/a> | Xavier Mertens | Querying DShield from Cortex |
| 2018-11-20/a> | Xavier Mertens | VMware Affected by Dell EMC Avamar Vulnerability |
| 2018-11-19/a> | Xavier Mertens | The Challenge of Managing Your Digital Library |
| 2018-11-18/a> | Guy Bruneau | Multipurpose PCAP Analysis Tool |
| 2018-11-17/a> | Xavier Mertens | Quickly Investigating Websites with Lookyloo |
| 2018-11-16/a> | Xavier Mertens | Basic Obfuscation With Permissive Languages |
| 2018-11-15/a> | Brad Duncan | Emotet infection with IcedID banking Trojan |
| 2018-11-14/a> | Brad Duncan | Day in the life of a researcher: Finding a wave of Trickbot malspam |
| 2018-11-13/a> | Johannes Ullrich | November 2018 Microsoft Patch Tuesday |
| 2018-11-12/a> | Rick Wanner | Using the Neutrino ip-blocklist API to test general badness of an IP |
| 2018-11-11/a> | Pasquale Stirparo | Community contribution: joining forces or multiply solutions? |
| 2018-11-10/a> | Didier Stevens | Video: CyberChef: BASE64/XOR Recipe |
| 2018-11-06/a> | Xavier Mertens | Malicious Powershell Script Dissection |
| 2018-11-05/a> | Johannes Ullrich | Struts 2.3 Vulnerable to Two Year old File Upload Flaw |
| 2018-11-04/a> | Pasquale Stirparo | Beyond good ol' LaunchAgent - part 1 |
| 2018-11-02/a> | Didier Stevens | TriJklcj2HIUCheDES decryption failed? |
| 2018-10-31/a> | Brad Duncan | More malspam using password-protected Word docs |
| 2018-10-30/a> | Brad Duncan | Campaign evolution: Hancitor malspam starts pushing Ursnif this week |
| 2018-10-23/a> | Xavier Mertens | Diving into Malicious AutoIT Code |
| 2018-10-22/a> | Xavier Mertens | Malicious Powershell using a Decoy Picture |
| 2018-10-21/a> | Pasquale Stirparo | Beyond good ol’ LaunchAgent - part 0 |
| 2018-10-18/a> | Russ McRee | Cisco Security Advisories 17 OCT 2018 |
| 2018-10-17/a> | Russ McRee | VMSA-2018-0026 VMware ESXi, Workstation & Fusion updates address out-of-bounds read vulnerability https://www.vmware.com/security/advisories/VMSA-2018-0026.html |
| 2018-10-17/a> | Russ McRee | RedHunt Linux - Adversary Emulation, Threat Hunting & Intelligence |
| 2018-10-16/a> | Didier Stevens | CyberChef: BASE64/XOR Recipe |
| 2018-10-13/a> | Didier Stevens | Maldoc: Once More It's XOR |
| 2018-10-12/a> | Xavier Mertens | More Equation Editor Exploit Waves |
| 2018-10-10/a> | Xavier Mertens | New Campaign Using Old Equation Editor Vulnerability |
| 2018-10-09/a> | Johannes Ullrich | October 2018 Microsoft Patch Tuesday |
| 2018-10-08/a> | Guy Bruneau | Apple Security Updates |
| 2018-10-08/a> | Guy Bruneau | Latest Release of rockNSM 2.1 |
| 2018-10-07/a> | Didier Stevens | YARA XOR Strings: Some Remarks |
| 2018-10-06/a> | Didier Stevens | YARA: XOR Strings |
| 2018-10-05/a> | Jim Clausing | A strange spam |
| 2018-10-01/a> | Didier Stevens | Decoding Custom Substitution Encodings with translate.py |
| 2018-10-01/a> | Didier Stevens | Developing YARA Rules: a Practical Example |
| 2018-09-30/a> | Didier Stevens | When DOSfuscation Helps... |
| 2018-09-28/a> | Xavier Mertens | More Excel DDE Code Injection |
| 2018-09-26/a> | Brad Duncan | One Emotet infection leads to three follow-up malware infections |
| 2018-09-22/a> | Didier Stevens | Suspicious DNS Requests ... Issued by a Firewall |
| 2018-09-20/a> | Xavier Mertens | Hunting for Suspicious Processes with OSSEC |
| 2018-09-19/a> | Rob VandenBrink | Certificates Revisited - SSL VPN Certificates 2 Ways |
| 2018-09-18/a> | Rob VandenBrink | Using Certificate Transparency as an Attack / Defense Tool |
| 2018-09-16/a> | Didier Stevens | 20/20 malware vision |
| 2018-09-13/a> | Xavier Mertens | Malware Delivered Through MHT Files |
| 2018-09-11/a> | Johannes Ullrich | Microsoft September Patch Tuesday Summary |
| 2018-09-07/a> | Xavier Mertens | Crypto Mining in a Windows Headless Browser |
| 2018-09-05/a> | Rob VandenBrink | Where have all my Certificates gone? (And when do they expire?) |
| 2018-09-05/a> | Xavier Mertens | Malicious PowerShell Compiling C# Code on the Fly |
| 2018-09-04/a> | Rob VandenBrink | Let's Trade: You Read My Email, I'll Read Your Password! |
| 2018-08-31/a> | Jim Clausing | Quickie: Using radare2 to disassemble shellcode |
| 2018-08-30/a> | Xavier Mertens | Crypto Mining Is More Popular Than Ever! |
| 2018-08-29/a> | Xavier Mertens | 3D Printers in The Wild, What Can Go Wrong? |
| 2018-08-26/a> | Didier Stevens | "When was this machine infected?" |
| 2018-08-26/a> | Didier Stevens | Identifying numeric obfuscation |
| 2018-08-25/a> | Didier Stevens | Microsoft Publisher malware: static analysis |
| 2018-08-24/a> | Xavier Mertens | Microsoft Publisher Files Delivering Malware |
| 2018-08-23/a> | Xavier Mertens | Simple Phishing Through formcrafts.com |
| 2018-08-22/a> | Deborah Hale | Email/password Frustration |
| 2018-08-21/a> | Xavier Mertens | Malicious DLL Loaded Through AutoIT |
| 2018-08-20/a> | Didier Stevens | OpenSSH user enumeration (CVE-2018-15473) |
| 2018-08-19/a> | Didier Stevens | Video: Peeking into msg files - revisited |
| 2018-08-15/a> | Xavier Mertens | Truncating Payloads and Anonymizing PCAP files |
| 2018-08-15/a> | Brad Duncan | More malspam pushing password-protected Word docs for AZORult and Hermes Ransomware |
| 2018-08-11/a> | Didier Stevens | Peeking into msg files - revisited |
| 2018-08-10/a> | Remco Verhoef | Hunting SSL/TLS clients using JA3 |
| 2018-08-06/a> | Didier Stevens | Numeric obfuscation: another example |
| 2018-08-05/a> | Didier Stevens | Video: Maldoc analysis with standard Linux tools |
| 2018-08-04/a> | Didier Stevens | Dealing with numeric obfuscation in malicious scripts |
| 2018-08-02/a> | Brad Duncan | DHL-themed malspam reveals embedded malware in animated gif |
| 2018-08-01/a> | Johannes Ullrich | When Cameras and Routers attack Phones. Spike in CVE-2014-8361 Exploits Against Port 52869 |
| 2018-07-30/a> | Didier Stevens | Malicious Word documents using DOSfuscation |
| 2018-07-30/a> | Xavier Mertens | Exploiting the Power of Curl |
| 2018-07-29/a> | Guy Bruneau | Using RITA for Threat Analysis |
| 2018-07-27/a> | Brad Duncan | Malspam with password-protected Word docs pushes Hermes ransomware |
| 2018-07-26/a> | Xavier Mertens | Windows Batch File Deobfuscation |
| 2018-07-24/a> | Brad Duncan | Recent Emotet activity |
| 2018-07-23/a> | Didier Stevens | Analyzing MSG files |
| 2018-07-17/a> | Xavier Mertens | Searching for Geographically Improbable Login Attempts |
| 2018-07-17/a> | Scott Fendley | Oracle Critical Patch Update Release |
| 2018-07-15/a> | Didier Stevens | Extracting BTC addresses from emails |
| 2018-07-13/a> | Xavier Mertens | Cryptominer Delivered Though Compromized JavaScript File |
| 2018-07-12/a> | Johannes Ullrich | New Extortion Tricks: Now Including Your Password! |
| 2018-07-11/a> | Remco Verhoef | Well, Hello Again Peppa! |
| 2018-07-09/a> | Renato Marinho | Criminals Don't Read Instructions or Use Strong Passwords |
| 2018-07-04/a> | Didier Stevens | XPS Metadata |
| 2018-07-03/a> | Didier Stevens | Progress indication for scripts on Windows |
| 2018-07-02/a> | Guy Bruneau | VMware ESXi, Workstation, and Fusion address multiple out-of-bounds read vulnerabilities https://www.vmware.com/security/advisories/VMSA-2018-0016.html |
| 2018-07-02/a> | Guy Bruneau | Hello Peppa! - PHP Scans |
| 2018-06-29/a> | Remco Verhoef | Crypto community target of MacOS malware |
| 2018-06-27/a> | Renato Marinho | Silently Profiling Unknown Malware Samples |
| 2018-06-25/a> | Didier Stevens | Guilty by association |
| 2018-06-22/a> | Lorna Hutcheson | XPS Attachment Used for Phishing |
| 2018-06-21/a> | Xavier Mertens | Are Your Hunting Rules Still Working? |
| 2018-06-18/a> | Xavier Mertens | Malicious JavaScript Targeting Mobile Browsers |
| 2018-06-17/a> | Didier Stevens | Encrypted Office Documents |
| 2018-06-16/a> | Russ McRee | Anomaly Detection & Threat Hunting with Anomalize |
| 2018-06-15/a> | Lorna Hutcheson | SMTP Strangeness - Possible C2 |
| 2018-06-13/a> | Xavier Mertens | A Bunch of Compromized Wordpress Sites |
| 2018-06-12/a> | Johannes Ullrich | Microsoft June 2018 Patch Tuesday |
| 2018-06-07/a> | Remco Verhoef | Automated twitter loot collection |
| 2018-06-06/a> | Xavier Mertens | Converting PCAP Web Traffic to Apache Log |
| 2018-06-05/a> | Xavier Mertens | Malicious Post-Exploitation Batch File |
| 2018-06-04/a> | Rob VandenBrink | Digging into Authenticode Certificates |
| 2018-06-01/a> | Remco Verhoef | Binary analysis with Radare2 |
| 2018-05-28/a> | Kevin Liston | Do you hear Laurel or Yanny or is it On-Off Keying? |
| 2018-05-27/a> | Guy Bruneau | Capture and Analysis of User Agents |
| 2018-05-25/a> | Xavier Mertens | Antivirus Evasion? Easy as 1,2,3 |
| 2018-05-24/a> | Xavier Mertens | "Blocked" Does Not Mean "Forget It" |
| 2018-05-23/a> | Remco Verhoef | Track naughty and nice binaries with Google Santa |
| 2018-05-22/a> | Guy Bruneau | VMware updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue - https://www.vmware.com/security/advisories/VMSA-2018-0012.html |
| 2018-05-22/a> | Xavier Mertens | Malware Distributed via .slk Files |
| 2018-05-22/a> | Xavier Mertens | VMware Workstation and Fusion updates address signature bypass and multiple denial-of-service vulnerabilities https://www.vmware.com/security/advisories/VMSA-2018-0013.html |
| 2018-05-19/a> | Xavier Mertens | Malicious Powershell Targeting UK Bank Customers |
| 2018-05-16/a> | Mark Hofman | EFAIL, a weakness in openPGP and S\MIME |
| 2018-05-10/a> | Bojan Zdrnja | Exfiltrating data from (very) isolated environments |
| 2018-05-09/a> | Xavier Mertens | Nice Phishing Sample Delivering Trickbot |
| 2018-05-07/a> | Xavier Mertens | Adding Persistence Via Scheduled Tasks |
| 2018-05-06/a> | Guy Bruneau | Scans Attempting to use PowerShell to Download PHP Script |
| 2018-05-03/a> | Renato Marinho | WebLogic Exploited in the Wild (Again) |
| 2018-05-02/a> | Russ McRee | Windows Commands Reference - An InfoSec Must Have |
| 2018-05-01/a> | Xavier Mertens | Diving into a Simple Maldoc Generator |
| 2018-04-30/a> | Remco Verhoef | Another approach to webapplication fingerprinting |
| 2018-04-27/a> | Tom Webb | More Threat Hunting with User Agent and Drupal Exploits |
| 2018-04-25/a> | Johannes Ullrich | Yet Another Drupal RCE Vulnerability |
| 2018-03-12/a> | Xavier Mertens | Payload delivery via SMB |
| 2018-03-11/a> | Guy Bruneau | rockNSM Configuration & Installation Steps http://handlers.sans.org/gbruneau/rockNSM%20as%20an%20Incident%20Response%20Package.htm |
| 2018-03-08/a> | Xavier Mertens | CRIMEB4NK IRC Bot |
| 2018-03-06/a> | Mark Hofman | The joys of changing Privacy Laws |
| 2018-03-05/a> | Xavier Mertens | Malicious Bash Script with Multiple Features |
| 2018-03-04/a> | Xavier Mertens | The Crypto Miners Fight For CPU Cycles |
| 2018-03-03/a> | Xavier Mertens | Reminder: Beware of the "Cloud" |
| 2018-03-02/a> | Xavier Mertens | Common Patterns Used in Phishing Campaigns Files |
| 2018-03-01/a> | Johannes Ullrich | Why Does Emperor Xi Dislike Winnie the Pooh and Scrambled Eggs? |
| 2018-02-28/a> | Kevin Liston | How did this Memcache thing happen? |
| 2018-02-25/a> | Guy Bruneau | Blackhole Advertising Sites with Pi-hole |
| 2018-02-25/a> | Didier Stevens | Retrieving malware over Tor on Windows |
| 2018-02-02/a> | Xavier Mertens | Simple but Effective Malicious XLS Sheet |
| 2018-02-01/a> | Johannes Ullrich | Adobe Flash 0-Day Used Against South Korean Targets |
| 2018-02-01/a> | Xavier Mertens | Adaptive Phishing Kit |
| 2018-01-31/a> | Tom Webb | Tax Phishing Time |
| 2018-01-29/a> | Didier Stevens | Comment your Packet Captures - Extra! |
| 2018-01-28/a> | Didier Stevens | Is this a pentest? |
| 2018-01-26/a> | Xavier Mertens | Investigating Microsoft BITS Activity |
| 2018-01-25/a> | Xavier Mertens | Ransomware as a Service |
| 2018-01-23/a> | John Bambenek | Life after GDPR: Implications for Cybersecurity |
| 2018-01-23/a> | Johannes Ullrich | Apple Updates Everything, Again |
| 2018-01-22/a> | Didier Stevens | HTTPS on every port? |
| 2018-01-20/a> | Didier Stevens | An RTF phish |
| 2018-01-19/a> | Jim Clausing | Followup to IPv6 brute force and IPv6 blocking |
| 2018-01-18/a> | Xavier Mertens | Comment your Packet Captures! |
| 2018-01-13/a> | Rick Wanner | Flaw in Intel's Active Management Technology (AMT) |
| 2018-01-11/a> | Xavier Mertens | Mining or Nothing! |
| 2018-01-07/a> | Guy Bruneau | SSH Scans by Clients Types |
| 2018-01-03/a> | John Bambenek | Phishing to Rural America Leads to Six-figure Wire Fraud Losses |
| 2018-01-02/a> | Didier Stevens | PDF documents & URLs: video |
| 2018-01-01/a> | Didier Stevens | What is new? |
| 2017-12-31/a> | Didier Stevens | Analyzing TNEF files |
| 2017-12-30/a> | Xavier Mertens | 2017, The Flood of CVEs |
| 2017-12-27/a> | Guy Bruneau | What are your Security Challenges for 2018? |
| 2017-12-25/a> | Didier Stevens | Dealing with obfuscated RTF files |
| 2017-12-24/a> | Didier Stevens | PDF documents & URLs: update |
| 2017-12-23/a> | Didier Stevens | Encrypted PDFs |
| 2017-12-20/a> | Richard Porter | VMWare Security Advisory: VMSA-2017-0021: https://www.vmware.com/security/advisories/VMSA-2017-0021.html |
| 2017-12-19/a> | Xavier Mertens | Example of 'MouseOver' Link in a Powerpoint File |
| 2017-12-18/a> | Didier Stevens | Phish or scam? - Part 2 |
| 2017-12-17/a> | Didier Stevens | Phish or scam? - Part 1 |
| 2017-12-16/a> | Xavier Mertens | Microsoft Office VBA Macro Obfuscation via Metadata |
| 2017-12-14/a> | Russ McRee | Security Planner: Improve your online safety |
| 2017-12-14/a> | Russ McRee | Detection Lab: Visibility & Introspection for Defenders |
| 2017-12-13/a> | Xavier Mertens | Tracking Newly Registered Domains |
| 2017-12-12/a> | Johannes Ullrich | December Microsoft Patch Tuesday Summary |
| 2017-12-09/a> | Didier Stevens | Sometimes it's a dud |
| 2017-12-03/a> | Xavier Mertens | StartSSL: Termination of Services is Now Scheduled |
| 2017-11-30/a> | Brad Duncan | More Malspam pushing Emotet malware |
| 2017-11-29/a> | Xavier Mertens | Fileless Malicious PowerShell Sample |
| 2017-11-28/a> | Xavier Mertens | Apple High Sierra Uses a Passwordless Root Account |
| 2017-11-25/a> | Guy Bruneau | Benefits associated with the use of Open Source Software |
| 2017-11-23/a> | Xavier Mertens | Proactive Malicious Domain Search |
| 2017-11-17/a> | Xavier Mertens | Top-100 Malicious IP STIX Feed |
| 2017-11-16/a> | Xavier Mertens | Suspicious Domains Tracking Dashboard |
| 2017-11-15/a> | Xavier Mertens | If you want something done right, do it yourself! |
| 2017-11-13/a> | Guy Bruneau | jsonrpc Scanning for root account |
| 2017-11-13/a> | Guy Bruneau | VBE Embeded Script (info.zip) |
| 2017-11-11/a> | Xavier Mertens | Keep An Eye on your Root Certificates |
| 2017-11-10/a> | Bojan Zdrnja | Battling e-mail phishing |
| 2017-11-07/a> | Xavier Mertens | Interesting VBA Dropper |
| 2017-11-06/a> | Didier Stevens | Metasploit's Maldoc |
| 2017-11-05/a> | Didier Stevens | Extracting the text from PDF documents |
| 2017-11-04/a> | Didier Stevens | PDF documents & URLs |
| 2017-11-03/a> | Xavier Mertens | Simple Analysis of an Obfuscated JAR File |
| 2017-10-31/a> | Xavier Mertens | Some Powershell Malicious Code |
| 2017-10-30/a> | Johannes Ullrich | Critical Patch For Oracle's Identity Manager |
| 2017-10-29/a> | Didier Stevens | Remember ACE files? |
| 2017-10-27/a> | Renato Marinho | "Catch-All" Google Chrome Malicious Extension Steals All Posted Data |
| 2017-10-24/a> | Xavier Mertens | Stop relying on file extensions |
| 2017-10-24/a> | Xavier Mertens | BadRabbit: New ransomware wave hitting RU & UA |
| 2017-10-20/a> | Rick Wanner | Cisco fixes for KRACKs not complete |
| 2017-10-19/a> | Brad Duncan | HSBC-themed malspam uses ISO attachments to push Loki Bot malware |
| 2017-10-18/a> | Renato Marinho | Baselining Servers to Detect Outliers |
| 2017-10-17/a> | Brad Duncan | Hancitor malspam uses DDE attack |
| 2017-10-16/a> | Johannes Ullrich | WPA2 "KRACK" Attack |
| 2017-10-15/a> | Didier Stevens | Peeking into .msg files |
| 2017-10-12/a> | Xavier Mertens | Version control tools aren't only for Developers |
| 2017-10-06/a> | Johannes Ullrich | What's in a cable? The dangers of unauthorized cables |
| 2017-10-05/a> | Johannes Ullrich | pcap2curl: Turning a pcap file into a set of cURL commands for "replay" |
| 2017-10-02/a> | Xavier Mertens | Investigating Security Incidents with Passive DNS |
| 2017-09-30/a> | Lorna Hutcheson | Who's Borrowing your Resources? |
| 2017-09-29/a> | Lorna Hutcheson | Good Analysis = Understanding(tools + logs + normal) |
| 2017-09-28/a> | Xavier Mertens | The easy way to analyze huge amounts of PCAP data |
| 2017-09-25/a> | Renato Marinho | XPCTRA Malware Steals Banking and Digital Wallet User's Credentials |
| 2017-09-20/a> | Renato Marinho | Ongoing Ykcol (Locky) campaign |
| 2017-09-19/a> | Jim Clausing | New tool: mac-robber.py |
| 2017-09-18/a> | Johannes Ullrich | SANS Securingthehuman posted a follow up to their Equifax breach webcast: https://securingthehuman.sans.org/blog/2017/09/15/equifax-webcast-follow-up |
| 2017-09-18/a> | Xavier Mertens | Getting some intelligence from malspam |
| 2017-09-18/a> | Xavier Mertens | CCleaner 5.33 compromised - http://www.piriform.com/news/release-announcements/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users |
| 2017-09-17/a> | Guy Bruneau | rockNSM as a Incident Response Package |
| 2017-09-16/a> | Guy Bruneau | VMware ESXi, vCenter Server, Fusion and Workstation updates resolve multiple security vulnerabilities - https://www.vmware.com/security/advisories/VMSA-2017-0015.html |
| 2017-09-14/a> | Xavier Mertens | Another webshell, another backdoor! |
| 2017-09-13/a> | Rob VandenBrink | Sysinternals Update: Sysmon v6.10, Process Monitor v3.40, Autoruns v13.80, AccessChk v6.11 - https://blogs.technet.microsoft.com/sysinternals/2017/09/12/sysinternals-update-sysmon-v6-1-process-monitor-v3-4-autoruns-v13-8-accesschk-v6-11/ |
| 2017-09-11/a> | Russ McRee | Windows Auditing with WINspect |
| 2017-09-10/a> | Didier Stevens | It is a resume - Part 3 |
| 2017-09-09/a> | Didier Stevens | Malware analysis output sanitization |
| 2017-09-08/a> | Adrien de Beaupre | YASRV (Yet Another Struts RCE Vulnerability) yes a different one from yesterday |
| 2017-09-06/a> | Adrien de Beaupre | Modern Web Application Penetration Testing , Hash Length Extension Attacks |
| 2017-09-05/a> | Johannes Ullrich | The Mirai Botnet: A Look Back and Ahead At What's Next |
| 2017-09-05/a> | Adrien de Beaupre | Struts vulnerability patch released by apache, patch now |
| 2017-09-02/a> | Xavier Mertens | AutoIT based malware back in the wild |
| 2017-09-01/a> | Brad Duncan | Malspam pushing Locky ransomware tries HoeflerText notifications for Chrome and FireFox |
| 2017-08-29/a> | Renato Marinho | Second Google Chrome Extension Banker Malware in Two Weeks |
| 2017-08-28/a> | Johannes Ullrich | An Update On DVR Malware: A DVR Torture Chamber |
| 2017-08-26/a> | Didier Stevens | Malware analysis: searching for dots |
| 2017-08-25/a> | Xavier Mertens | Malicious AutoIT script delivered in a self-extracting RAR file |
| 2017-08-24/a> | Bojan Zdrnja | Free Bitcoins? Why not? |
| 2017-08-23/a> | Xavier Mertens | Malicious script dropping an executable signed by Avast? |
| 2017-08-22/a> | Xavier Mertens | Defang all the things! |
| 2017-08-20/a> | Didier Stevens | It's Not An Invoice ... |
| 2017-08-18/a> | Guy Bruneau | tshark 2.4 New Feature - Command Line Export Objects |
| 2017-08-18/a> | Renato Marinho | EngineBox Malware Supports 10+ Brazilian Banks |
| 2017-08-17/a> | Xavier Mertens | Maldoc with auto-updated link |
| 2017-08-16/a> | Xavier Mertens | Analysis of a Paypal phishing kit |
| 2017-08-15/a> | Brad Duncan | Malspam pushing Trickbot banking Trojan |
| 2017-08-15/a> | Renato Marinho | (Banker(GoogleChromeExtension)).targeting("Brazil") |
| 2017-08-14/a> | Didier Stevens | Sometimes it's just SPAM |
| 2017-08-13/a> | Didier Stevens | The Good Phishing Email |
| 2017-08-10/a> | Didier Stevens | Maldoc Analysis with ViperMonkey |
| 2017-08-07/a> | Xavier Mertens | Increase of phpMyAdmin scans |
| 2017-08-03/a> | Johannes Ullrich | Using a Raspberry Pi honeypot to contribute data to DShield/ISC |
| 2017-08-01/a> | Rob VandenBrink | Rooting Out Hosts that Support Older Samba Versions |
| 2017-07-30/a> | Renato Marinho | SMBLoris - the new SMB flaw |
| 2017-07-30/a> | Guy Bruneau | Re-release of MS Oulook Security Patches https://portal.msrc.microsoft.com/en-us/security-guidance/summary |
| 2017-07-30/a> | Guy Bruneau | Text Banking Scams |
| 2017-07-29/a> | Didier Stevens | Maldoc Submitted and Analyzed |
| 2017-07-28/a> | Didier Stevens | Static Analysis of Emotet Maldoc |
| 2017-07-26/a> | Brad Duncan | Malspam pushing Emotet malware |
| 2017-07-24/a> | Renato Marinho | Uber drivers new threat: the "passenger" |
| 2017-07-24/a> | Russell Eubanks | Trends Over Time |
| 2017-07-21/a> | Didier Stevens | Malicious .iso Attachments |
| 2017-07-19/a> | Xavier Mertens | Bots Searching for Keys & Config Files |
| 2017-07-16/a> | Renato Marinho | SMS Phishing induces victims to photograph its own token card |
| 2017-07-15/a> | Didier Stevens | Office maldoc + .lnk |
| 2017-07-14/a> | Brad Duncan | NemucodAES and the malspam that distributes it |
| 2017-07-12/a> | Xavier Mertens | Backup Scripts, the FIM of the Poor |
| 2017-07-11/a> | Renato Marinho | July's Microsoft Patch Tuesday |
| 2017-07-10/a> | Didier Stevens | Basic Office maldoc analysis |
| 2017-07-09/a> | Russ McRee | Adversary hunting with SOF-ELK |
| 2017-07-08/a> | Xavier Mertens | A VBScript with Obfuscated Base64 Data |
| 2017-07-07/a> | Renato Marinho | DDoS Extortion E-mail: Yet Another Bluff? |
| 2017-07-05/a> | Didier Stevens | Selecting domains with random names |
| 2017-07-01/a> | Rick Wanner | Using nmap to scan for MS17-010 (CVE-2017-0143 EternalBlue) |
| 2017-06-28/a> | Brad Duncan | Petya? I hardly know ya! - an ISC update on the 2017-06-27 ransomware outbreak |
| 2017-06-28/a> | Brad Duncan | Catching up with Blank Slate: a malspam campaign still going strong |
| 2017-06-22/a> | Xavier Mertens | Obfuscating without XOR |
| 2017-06-17/a> | Guy Bruneau | Mapping Use Cases to Logs. Which Logs are the Most Important to Collect? |
| 2017-06-15/a> | Bojan Zdrnja | Uberscammers |
| 2017-06-10/a> | Russell Eubanks | An Occasional Look in the Rear View Mirror |
| 2017-06-08/a> | Tom Webb | Summer STEM for Kids |
| 2017-06-07/a> | Johannes Ullrich | Deceptive Advertisements: What they do and where they come from |
| 2017-06-06/a> | Didier Stevens | Malware and XOR - Part 2 |
| 2017-06-05/a> | Didier Stevens | Malware and XOR - Part 1 |
| 2017-06-02/a> | Xavier Mertens | Phishing Campaigns Follow Trends |
| 2017-06-01/a> | Xavier Mertens | Sharing Private Data with Webcast Invitations |
| 2017-05-31/a> | Pasquale Stirparo | Analysis of Competing Hypotheses, WCry and Lazarus (ACH part 2) |
| 2017-05-30/a> | Johannes Ullrich | FreeRadius Authentication Bypass |
| 2017-05-28/a> | Pasquale Stirparo | Analysis of Competing Hypotheses (ACH part 1) |
| 2017-05-28/a> | Guy Bruneau | CyberChef a Must Have Tool in your Tool bag! |
| 2017-05-26/a> | Lorna Hutcheson | File2pcap - A new tool for your toolkit! |
| 2017-05-25/a> | Xavier Mertens | Critical Vulnerability in Samba from 3.5.0 onwards |
| 2017-05-24/a> | Brad Duncan | Jaff ransomware gets a makeover |
| 2017-05-23/a> | Rob VandenBrink | What did we Learn from WannaCry? - Oh Wait, We Already Knew That! |
| 2017-05-20/a> | Xavier Mertens | Typosquatting: Awareness and Hunting |
| 2017-05-18/a> | Xavier Mertens | My Little CVE Bot |
| 2017-05-17/a> | Richard Porter | Wait What? We don?t have to change passwords every 90 days? |
| 2017-05-16/a> | Russ McRee | WannaCry? Do your own data analysis. |
| 2017-05-13/a> | Guy Bruneau | Microsoft Released Guidance for WannaCrypt |
| 2017-05-13/a> | Guy Bruneau | Has anyone Tested WannaCry Killswitch? - https://blog.didierstevens.com/2017/05/13/quickpost-wcry-killswitch-check-is-not-proxy-aware/ |
| 2017-05-12/a> | Xavier Mertens | When Bad Guys are Pwning Bad Guys... |
| 2017-05-12/a> | Xavier Mertens | Massive wave of ransomware ongoing |
| 2017-05-10/a> | Johannes Ullrich | Read This If You Are Using a Script to Pull Data From This Site |
| 2017-05-08/a> | Renato Marinho | Exploring a P2P Transient Botnet - From Discovery to Enumeration |
| 2017-05-06/a> | Xavier Mertens | The story of the CFO and CEO... |
| 2017-05-06/a> | Russell Eubanks | What Can You Learn On Your Own? |
| 2017-05-05/a> | Xavier Mertens | HTTP Headers... the Achilles' heel of many applications |
| 2017-05-03/a> | Bojan Zdrnja | Powershelling with exploits |
| 2017-05-03/a> | Bojan Zdrnja | OAUTH phishing against Google Docs ? beware! |
| 2017-05-02/a> | Richard Porter | Do you have Intel AMT? Then you have a problem today! Intel Active Management Technology INTEL-SA-00075 |
| 2017-04-28/a> | Xavier Mertens | Another Day, Another Obfuscation Technique |
| 2017-04-28/a> | Russell Eubanks | KNOW before NO |
| 2017-04-26/a> | Johannes Ullrich | If there are some unexploited MSSQL Servers With Weak Passwords Left: They got you now (again) |
| 2017-04-23/a> | Didier Stevens | Malicious Documents: A Bit Of News |
| 2017-04-22/a> | Jim Clausing | WTF tcp port 81 |
| 2017-04-21/a> | Xavier Mertens | Analysis of a Maldoc with Multiple Layers of Obfuscation |
| 2017-04-20/a> | Xavier Mertens | DNS Query Length... Because Size Does Matter |
| 2017-04-19/a> | Xavier Mertens | Hunting for Malicious Excel Sheets |
| 2017-04-18/a> | Johannes Ullrich | Yet Another Apple Phish and Some DNS Lessons Learned From It |
| 2017-04-14/a> | Rick Wanner | Wireshark 2.2.6 available -> https://www.wireshark.org/docs/relnotes/wireshark-2.2.6.html |
| 2017-04-13/a> | Rob VandenBrink | Packet Captures Filtered by Process |
| 2017-04-12/a> | Brad Duncan | Malspam on 2017-04-11 pushes yet another ransomware variant |
| 2017-04-11/a> | Brad Duncan | Dridex malspam seen on Monday 2017-04-10 |
| 2017-04-10/a> | Didier Stevens | Password History: Insights Shared by a Reader |
| 2017-04-07/a> | Xavier Mertens | Tracking Website Defacers with HTTP Referers |
| 2017-04-05/a> | Xavier Mertens | Whitelists: The Holy Grail of Attackers |
| 2017-04-02/a> | Guy Bruneau | IPFire - A Household Multipurpose Security Gateway |
| 2017-03-30/a> | Xavier Mertens | Diverting built-in features for the bad |
| 2017-03-29/a> | Xavier Mertens | Critical VMware vulnerabilities disclosed |
| 2017-03-28/a> | Xavier Mertens | Logical & Physical Security Correlation |
| 2017-03-25/a> | Russell Eubanks | Distraction as a Service |
| 2017-03-24/a> | Xavier Mertens | Nicely Obfuscated JavaScript Sample |
| 2017-03-19/a> | Xavier Mertens | Searching for Base64-encoded PE Files |
| 2017-03-18/a> | Xavier Mertens | Example of Multiple Stages Dropper |
| 2017-03-14/a> | Johannes Ullrich | February and March Microsoft Patch Tuesday |
| 2017-03-12/a> | Guy Bruneau | Honeypot Logs and Tracking a VBE Script |
| 2017-03-11/a> | Russell Eubanks | What's On Your Not To Do List? |
| 2017-03-10/a> | Xavier Mertens | The Side Effect of GeoIP Filters |
| 2017-03-08/a> | Xavier Mertens | Not All Malware Samples Are Complex |
| 2017-03-06/a> | Renato Marinho | A very convincing Typosquatting + Social Engineering campaign is targeting Santander corporate customers in Brazil |
| 2017-03-05/a> | Didier Stevens | Another example of maldoc string obfuscation, with extra bonus: UAC bypass |
| 2017-03-04/a> | Xavier Mertens | How your pictures may affect your website reputation |
| 2017-03-03/a> | Lorna Hutcheson | BitTorrent or Something Else? |
| 2017-03-01/a> | Bojan Zdrnja | SSL/TLS on port 389. Say what? |
| 2017-02-28/a> | Johannes Ullrich | My Catch Of 4 Months In The Amazon IP Address Space |
| 2017-02-28/a> | Xavier Mertens | Amazon S3 Outage |
| 2017-02-28/a> | Xavier Mertens | Analysis of a Simple PHP Backdoor |
| 2017-02-26/a> | Guy Bruneau | It is Tax Season - Watch out for Suspicious Attachment |
| 2017-02-26/a> | Didier Stevens | CRA Maldoc Analysis |
| 2017-02-24/a> | Rick Wanner | Cloudflare data leak...what does it mean to me? |
| 2017-02-17/a> | Rob VandenBrink | RTRBK - Router / Switch / Firewall Backups in PowerShell (tool drop) |
| 2017-02-15/a> | Xavier Mertens | How was your stay at the Hotel La Playa? |
| 2017-02-14/a> | Johannes Ullrich | Microsoft Patch Tuesday Delayed |
| 2017-02-12/a> | Xavier Mertens | Analysis of a Suspicious Piece of JavaScript |
| 2017-02-10/a> | Brad Duncan | Hancitor/Pony malspam |
| 2017-02-09/a> | Brad Duncan | CryptoShield Ransomware from Rig EK |
| 2017-02-07/a> | Johannes Ullrich | My Password is [taco] Using Emojis for Stronger Passwords |
| 2017-02-05/a> | Xavier Mertens | Many Malware Samples Found on Pastebin |
| 2017-02-04/a> | Xavier Mertens | Detecting Undisclosed Vulnerabilities with Security Tools & Features |
| 2017-02-03/a> | Lorna Hutcheson | Cisco - Issue with Clock Signal Component |
| 2017-02-01/a> | Xavier Mertens | Quick Analysis of Data Left Available by Attackers |
| 2017-01-31/a> | Johannes Ullrich | Malicious Office files using fileless UAC bypass to drop KEYBASE malware |
| 2017-01-31/a> | Johannes Ullrich | VMWare Security Advisory for AirWatch http://www.vmware.com/security/advisories/VMSA-2017-0001.html |
| 2017-01-30/a> | Didier Stevens | py2exe Decompiling - Part 2 |
| 2017-01-28/a> | Lorna Hutcheson | Packet Analysis - Where do you start? |
| 2017-01-26/a> | Xavier Mertens | IOC's: Risks of False Positive Alerts Flood Ahead |
| 2017-01-24/a> | Xavier Mertens | Malicious SVG Files in the Wild |
| 2017-01-18/a> | Rob VandenBrink | Making Windows 10 a bit less "Creepy" - Common Privacy Settings |
| 2017-01-14/a> | Xavier Mertens | Backup Files Are Good but Can Be Evil |
| 2017-01-13/a> | Xavier Mertens | Who's Attacking Me? |
| 2017-01-11/a> | Johannes Ullrich | January 2017 Edition of Ouch! Security Awareness Newsletter Released: https://securingthehuman.sans.org/ouch |
| 2017-01-10/a> | Johannes Ullrich | Realtors Be Aware: You Are a Target |
| 2017-01-10/a> | Johannes Ullrich | Port 37777 "MapTable" Requests |
| 2017-01-10/a> | Johannes Ullrich | January 2017 Microsoft Patch Tuesday |
| 2017-01-06/a> | John Bambenek | Great Misadventures of Security Vendors: Absurd Sandboxing Edition |
| 2017-01-06/a> | John Bambenek | Ransomware Operators Cold Calling UK Schools to Get Malware Through |
| 2017-01-05/a> | John Bambenek | New Year's Resolution: Build Your Own Malware Lab? |
| 2017-01-01/a> | Didier Stevens | py2exe Decompiling - Part 1 |
| 2016-12-31/a> | Xavier Mertens | Ongoing Scans Below the Radar |
| 2016-12-27/a> | Guy Bruneau | Using daemonlogger as a Software Tap |
| 2016-12-26/a> | Russ McRee | Critical security update: PHPMailer 5.2.20 (CVE-2016-10045) |
| 2016-12-24/a> | Didier Stevens | Pinging All The Way |
| 2016-12-19/a> | John Bambenek | UPDATED x1: Mirai Scanning for Port 6789 Looking for New Victims / Now hitting tcp/23231 |
| 2016-12-13/a> | Xavier Mertens | UAC Bypass in JScript Dropper |
| 2016-12-11/a> | Russ McRee | Steganography in Action: Image Steganography & StegExpose |
| 2016-12-10/a> | Didier Stevens | Sleeping VBS Really Wants To Sleep |
| 2016-12-09/a> | Rick Wanner | Mirai - now with DGA |
| 2016-12-07/a> | Xavier Mertens | The Passwords You Should Never Use |
| 2016-12-06/a> | Bojan Zdrnja | Attacking NoSQL applications |
| 2016-12-05/a> | Didier Stevens | Hancitor Maldoc Videos |
| 2016-11-27/a> | Russ McRee | Scapy vs. CozyDuke |
| 2016-11-25/a> | Xavier Mertens | Free Software Quick Security Checklist |
| 2016-11-24/a> | Didier Stevens | Extracting Shellcode From JavaScript |
| 2016-11-23/a> | Tom Webb | Mapping Attack Methodology to Controls |
| 2016-11-23/a> | Tom Webb | Vmware Patches VMSA-2016-0005.5, VMSA-2016-0018.3 and VMSA-2016-0021 |
| 2016-11-22/a> | Didier Stevens | Update:ZIP With Comment |
| 2016-11-20/a> | Pasquale Stirparo | How many “Epoch” times? Epocalypse.py timestamp converter |
| 2016-11-18/a> | Brad Duncan | Wireshark update: version 2.2.2 (stable release) and 2.0.8 (old stable release) - https://www.wireshark.org/download.html |
| 2016-11-18/a> | Didier Stevens | VBA Shellcode and Windows 10 |
| 2016-11-16/a> | Xavier Mertens | Example of Getting Analysts & Researchers Away |
| 2016-11-12/a> | Didier Stevens | VBA Shellcode and EMET |
| 2016-11-11/a> | Rick Wanner | Benevolent malware? reincarna/Linux.Wifatch |
| 2016-11-05/a> | Xavier Mertens | Full Packet Capture for Dummies |
| 2016-11-02/a> | Rob VandenBrink | What Does a Pentest Look Like? |
| 2016-10-30/a> | Pasquale Stirparo | Volatility Bot: Automated Memory Analysis |
| 2016-10-26/a> | Johannes Ullrich | New VMWare Security Advisory: VMSA-2016-0017 Information Disclosure in VMWare Fusion and VMWare Tools https://www.vmware.com/security/advisories/VMSA-2016-0017.html |
| 2016-10-26/a> | Johannes Ullrich | Critical Flash Player Update APSB16-36 |
| 2016-10-25/a> | Xavier Mertens | Another Day, Another Spam... |
| 2016-10-23/a> | Johannes Ullrich | ISC Briefing: Large DDoS Attack Against Dyn |
| 2016-10-19/a> | Xavier Mertens | Spam Delivered via .ICS Files |
| 2016-10-17/a> | Didier Stevens | Maldoc VBA Anti-Analysis: Video |
| 2016-10-16/a> | Didier Stevens | Analyzing Office Maldocs With Decoder.xls |
| 2016-10-15/a> | Didier Stevens | Maldoc VBA Anti-Analysis |
| 2016-10-10/a> | Didier Stevens | Radare2: rahash2 |
| 2016-10-08/a> | Russell Eubanks | Unauthorized Change Detected! |
| 2016-10-07/a> | Rick Wanner | First Hurricane Matthew related Phish |
| 2016-10-02/a> | Guy Bruneau | Is there an Infosec Cybersecurity Talent Shortage? |
| 2016-09-30/a> | Xavier Mertens | Another Day, Another Malicious Behaviour |
| 2016-09-28/a> | Xavier Mertens | SNMP Pwn3ge |
| 2016-09-26/a> | Didier Stevens | VBA and P-code |
| 2016-09-25/a> | Pasquale Stirparo | Defining Threat Intelligence Requirements |
| 2016-09-22/a> | Rick Wanner | YAHDD! (Yet another HUGE data Breach!) |
| 2016-09-15/a> | Xavier Mertens | In Need of a OTP Manager Soon? |
| 2016-09-13/a> | Rob VandenBrink | If it's Free, YOU are the Product |
| 2016-09-13/a> | Rob VandenBrink | Apple iOS 10 and 10.0.1 Released |
| 2016-09-13/a> | Rob VandenBrink | Microsoft Patch Tuesday Analysis |
| 2016-09-10/a> | Xavier Mertens | Ongoing IMAP Scan, Anyone Else? |
| 2016-09-09/a> | Xavier Mertens | Collecting Users Credentials from Locked Devices |
| 2016-09-05/a> | Xavier Mertens | Malware Delivered via '.pub' Files |
| 2016-09-04/a> | Russ McRee | Kali Linux 2016.2 Release: https://www.kali.org/news/kali-linux-20162-release/ |
| 2016-09-02/a> | Johannes Ullrich | Apple Patches "Trident" Vulnerabilities in OS X / Safari |
| 2016-09-01/a> | Xavier Mertens | Maxmind.com (Ab)used As Anti-Analysis Technique |
| 2016-08-31/a> | Deborah Hale | Dropbox Breach |
| 2016-08-31/a> | Deborah Hale | Cisco Security Advisories Issued |
| 2016-08-31/a> | Deborah Hale | Angler Exploit Kits Reported |
| 2016-08-29/a> | Russ McRee | Recommended Reading: Intrusion Detection Using Indicators of Compromise Based on Best Practices and Windows Event Logs |
| 2016-08-28/a> | Guy Bruneau | Spam with Obfuscated Javascript |
| 2016-08-25/a> | Xavier Mertens | Out-of-Band iOS Patch Fixes 0-Day Vulnerabilities |
| 2016-08-24/a> | Xavier Mertens | Example of Targeted Attack Through a Proxy PAC File |
| 2016-08-23/a> | Xavier Mertens | Voice Message Notifications Deliver Ransomware |
| 2016-08-22/a> | Russ McRee | Red Team Tools Updates: hashcat and SpiderFoot |
| 2016-08-21/a> | Rick Wanner | Cisco ASA SNMP Remote Code Execution Vulnerability |
| 2016-08-20/a> | Russell Eubanks | What are YOU doing to give back to the security community? |
| 2016-08-19/a> | Xavier Mertens | Data Classification For the Masses |
| 2016-08-14/a> | Guy Bruneau | vRealize Log Insight directory traversal vulnerability - http://www.vmware.com/security/advisories/VMSA-2016-0011.html |
| 2016-08-11/a> | Pasquale Stirparo | Looking for the insider: Forensic Artifacts on iOS Messaging App |
| 2016-08-06/a> | Didier Stevens | rtfdump |
| 2016-08-01/a> | Daniel Wesemann | Are you getting I-CANNED ? |
| 2016-07-31/a> | Pasquale Stirparo | Sharing (intel) is caring... or not? |
| 2016-07-30/a> | Didier Stevens | rtfobj |
| 2016-07-29/a> | Didier Stevens | Malicious RTF Files |
| 2016-07-27/a> | Xavier Mertens | Analyze of a Linux botnet client source code |
| 2016-07-27/a> | Xavier Mertens | Critical Xen PV guests vulnerabilities |
| 2016-07-26/a> | Johannes Ullrich | Command and Control Channels Using "AAAA" DNS Records |
| 2016-07-25/a> | Didier Stevens | Python Malware - Part 4 |
| 2016-07-21/a> | Didier Stevens | Practice ntds.dit File |
| 2016-07-19/a> | Didier Stevens | Office Maldoc: Let's Focus on the VBA Macros Later... |
| 2016-07-16/a> | Didier Stevens | Python Malware - Part 3 |
| 2016-07-15/a> | Xavier Mertens | Name All the Things! |
| 2016-07-13/a> | Xavier Mertens | Drupal: Patch released today to fix a highly critical RCE in contributed modules |
| 2016-07-12/a> | Johannes Ullrich | Microsoft Patch Tuesday Summary for July 2016 |
| 2016-07-12/a> | Xavier Mertens | Hunting for Malicious Files with MISP + OSSEC |
| 2016-07-08/a> | Mark Hofman | Malware being distributed pretending to be from AU Fedcourts |
| 2016-07-07/a> | Johannes Ullrich | Patchwork: Is it still "Advanced" if all you have to do is Copy/Paste? |
| 2016-07-05/a> | Johannes Ullrich | Apache Update: TLS Certificate Authentication Bypass with HTTP/2 (CVE-2016-4979) |
| 2016-07-03/a> | Guy Bruneau | Is Data Privacy part of your Company's Culture? |
| 2016-06-29/a> | Xavier Mertens | Phishing Campaign with Blurred Images |
| 2016-06-26/a> | Rick Wanner | Bart - a new Ransomware |
| 2016-06-23/a> | Russell Eubanks | An Approach to Vulnerability Management |
| 2016-06-22/a> | Bojan Zdrnja | Security through obscurity never works |
| 2016-06-20/a> | Xavier Mertens | Using Your Password Manager to Monitor Data Leaks |
| 2016-06-20/a> | Xavier Mertens | Ongoing Spam Campaign Related to Swift |
| 2016-06-18/a> | Rob VandenBrink | Controlling JavaScript Malware Before it Runs |
| 2016-06-17/a> | Johannes Ullrich | Critical Adobe Flash Update. Patch Now |
| 2016-06-15/a> | Richard Porter | Warp Speed Ahead, L7 Open Source Packet Generator: Warp17 |
| 2016-06-03/a> | Tom Liston | MySQL is YourSQL |
| 2016-06-01/a> | Xavier Mertens | Docker Containers Logging |
| 2016-05-29/a> | Guy Bruneau | Analysis of a Distributed Denial of Service (DDoS) |
| 2016-05-28/a> | Russell Eubanks | Applied Lessons Learned |
| 2016-05-26/a> | Xavier Mertens | Keeping an Eye on Tor Traffic |
| 2016-05-25/a> | Rick Wanner | VMWare Security Advisories |
| 2016-05-21/a> | Didier Stevens | Python Malware - Part 2 |
| 2016-05-19/a> | Rick Wanner | TeslaCrypt closes down...Releases master decryption key |
| 2016-05-18/a> | Russ McRee | Resources: Windows Auditing & Monitoring, Linux 2FA |
| 2016-05-16/a> | Rick Wanner | An oldie but a goodie - 419 Death Scam |
| 2016-05-15/a> | Didier Stevens | Python Malware - Part 1 |
| 2016-05-14/a> | Guy Bruneau | INetSim as a Basic Honeypot |
| 2016-05-13/a> | Xavier Mertens | MISP - Malware Information Sharing Platform |
| 2016-05-12/a> | Xavier Mertens | Another Day, Another Wave of Phishing Emails |
| 2016-05-12/a> | Xavier Mertens | Adobe Released Updates to Fix Critical Vulnerability |
| 2016-05-08/a> | Jim Clausing | Guest Diary: Linux Capabilities - A friend and foe |
| 2016-05-05/a> | Xavier Mertens | Microsoft BITS Used to Download Payloads |
| 2016-05-02/a> | Rick Wanner | Fake Chrome update for Android |
| 2016-05-02/a> | Rick Wanner | Lean Threat Intelligence |
| 2016-04-29/a> | Rob VandenBrink | Sysinternals Updated today - Updates to Sysmon, Procdump and Sigcheck. https://blogs.technet.microsoft.com/sysinternals/2016/04/28/update-sysmon-v4-procdump-v8-sigcheck-v2-51/ |
| 2016-04-29/a> | Mark Hofman | New release of PCI DSS (version 3.2) is available |
| 2016-04-27/a> | Tom Webb | Kippos Cousin Cowrie |
| 2016-04-25/a> | Guy Bruneau | Highlights from the 2016 HPE Annual Cyber Threat Report |
| 2016-04-21/a> | Daniel Wesemann | Decoding Pseudo-Darkleech (#1) |
| 2016-04-21/a> | Daniel Wesemann | Decoding Pseudo-Darkleech (Part #2) |
| 2016-04-15/a> | Xavier Mertens | Windows Command Line Persistence? |
| 2016-04-11/a> | John Bambenek | Tool Released to Decrypt Petya Ransomware Infected Disks |
| 2016-04-10/a> | Didier Stevens | Handling Malware Samples |
| 2016-04-06/a> | Bojan Zdrnja | YAFP (Yet Another Flash Patch) |
| 2016-04-02/a> | Russell Eubanks | Why Can't We Be Friends? |
| 2016-04-01/a> | John Bambenek | Tips for Stopping Ransomware |
| 2016-03-29/a> | Didier Stevens | VBE: Encoded VBS Script |
| 2016-03-28/a> | Xavier Mertens | Improving Bash Forensics Capabilities |
| 2016-03-23/a> | Bojan Zdrnja | Abusing Oracles |
| 2016-03-09/a> | Rob VandenBrink | A Wall Against Cryptowall? Some Tips for Preventing Ransomware |
| 2016-03-08/a> | Rick Wanner | Critical Adobe Updates - March 2016 |
| 2016-03-07/a> | Xavier Mertens | Another Malicious Document, Another Way to Deliver Malicious Code |
| 2016-03-07/a> | Xavier Mertens | OSX Ransomware Spread via a Rogue BitTorrent Client Installer |
| 2016-03-06/a> | Jim Clausing | Novel method for slowing down Locky on Samba server using fail2ban |
| 2016-02-28/a> | Guy Bruneau | RFC 6598 - Carrier Grade NAT |
| 2016-02-27/a> | Guy Bruneau | Wireshark Fixes Several Bugs and Vulnerabilities |
| 2016-02-27/a> | Guy Bruneau | OpenSSL Security Update Planned for 1 March Release |
| 2016-02-26/a> | Xavier Mertens | Quick Audit of *NIX Systems |
| 2016-02-24/a> | Xavier Mertens | Analyzis of a Malicious .lnk File with an Embedded Payload |
| 2016-02-23/a> | Xavier Mertens | VMware VMSA-2016-0002 |
| 2016-02-22/a> | Xavier Mertens | Reducing False Positives with Open Data Sources |
| 2016-02-21/a> | Didier Stevens | Tip: Quick Analysis of Office Maldoc |
| 2016-02-20/a> | Didier Stevens | Locky: JavaScript Deobfuscation |
| 2016-02-18/a> | Xavier Mertens | Hunting for Executable Code in Windows Environments |
| 2016-02-13/a> | Guy Bruneau | VMware VMSA-2015-0007.3 has been Re-released |
| 2016-02-11/a> | Tom Webb | Tomcat IR with XOR.DDoS |
| 2016-02-09/a> | Johannes Ullrich | Microsoft February 2016 Patch Tuesday |
| 2016-02-09/a> | Johannes Ullrich | Adobe Patch Tuesday - February 2016 |
| 2016-02-07/a> | Xavier Mertens | More Malicious JavaScript Obfuscation |
| 2016-02-03/a> | Xavier Mertens | Automating Vulnerability Scans |
| 2016-02-02/a> | Johannes Ullrich | Targeted IPv6 Scans Using pool.ntp.org . |
| 2016-01-30/a> | Xavier Mertens | All CVE Details at Your Fingertips |
| 2016-01-29/a> | Xavier Mertens | Scripting Web Categorization |
| 2016-01-26/a> | Rob VandenBrink | Pentest Time Machine: NMAP + Powershell + whatever tool is next |
| 2016-01-25/a> | Rob VandenBrink | Assessing Remote Certificates with Powershell |
| 2016-01-24/a> | Didier Stevens | Obfuscated MIME Files |
| 2016-01-23/a> | Didier Stevens | Sigcheck and VirusTotal for Offline Machine |
| 2016-01-21/a> | Jim Clausing | Scanning for Fortinet ssh backdoor |
| 2016-01-20/a> | Xavier Mertens | /tmp, %TEMP%, ~/Desktop, T:\, ... A goldmine for pentesters! |
| 2016-01-15/a> | Xavier Mertens | JavaScript Deobfuscation Tool |
| 2016-01-13/a> | Alex Stanford | You Have Got a New Audio Message - Guest Diary by Pasquale Stirparo |
| 2016-01-12/a> | Alex Stanford | January 2016 Microsoft Patch Tuesday |
| 2016-01-11/a> | Didier Stevens | BlackEnergy .XLS Dropper |
| 2016-01-10/a> | Jim Clausing | VMware security update |
| 2016-01-09/a> | Xavier Mertens | Virtual Bitlocker Containers |
| 2016-01-05/a> | Guy Bruneau | What are you Concerned the Most in 2016? |
| 2016-01-01/a> | Didier Stevens | Failure Is An Option |
| 2015-12-29/a> | Daniel Wesemann | New Years Resolutions |
| 2015-12-28/a> | Rick Wanner | Adobe Flash and Adobe AIR Updates - https://helpx.adobe.com/security/products/flash-player/apsb16-01.html |
| 2015-12-26/a> | Didier Stevens | Malfunctioning Malware |
| 2015-12-24/a> | Xavier Mertens | Unity Makes Strength |
| 2015-12-23/a> | Rob VandenBrink | Libraries and Dependencies - It Really is Turtles All The Way Down! |
| 2015-12-21/a> | Daniel Wesemann | Critical Security Controls: Getting to know the unknown |
| 2015-12-19/a> | Russell Eubanks | VMWare Security Advisory |
| 2015-12-17/a> | Alex Stanford | When Hunting BeEF, Yara rules (Part 2) |
| 2015-12-16/a> | Xavier Mertens | Playing With Sandboxes Like a Boss |
| 2015-12-15/a> | Russ McRee | Security Management vs Chaos: Understanding the Butterfly Effect to Manage Outcomes & Reduce Chaos |
| 2015-12-14/a> | Russ McRee | AD Security's Unofficial Guide to Mimikatz & Command Reference |
| 2015-12-13/a> | Didier Stevens | Use The Privilege |
| 2015-12-12/a> | Russell Eubanks | What Signs Are You Missing? |
| 2015-12-10/a> | Rob VandenBrink | Uninstalling Problem Applications using Powershell |
| 2015-12-10/a> | Rob VandenBrink | New Burp Feature - ClickBandit |
| 2015-12-08/a> | Johannes Ullrich | December 2015 Microsoft Patch Tuesday |
| 2015-12-06/a> | Mark Hofman | Malware SPAM a new run has started. |
| 2015-12-05/a> | Guy Bruneau | Are you looking to setup your own Malware Sandbox? |
| 2015-12-04/a> | Tom Webb | Automating Phishing Analysis using BRO |
| 2015-11-22/a> | Guy Bruneau | OpenDNS Research Used to Predict Threat |
| 2015-11-21/a> | Didier Stevens | Maldoc Social Engineering Trick |
| 2015-11-21/a> | Guy Bruneau | Nmap 7.00 is out! |
| 2015-11-10/a> | Johannes Ullrich | November 2015 Microsoft Patch Tuesday |
| 2015-11-09/a> | John Bambenek | ICYMI: Widespread Unserialize Vulnerability in Java |
| 2015-11-09/a> | John Bambenek | Protecting Users and Enterprises from the Mobile Malware Threat |
| 2015-11-08/a> | Rick Wanner | DNS Reconnaissance using nmap |
| 2015-11-07/a> | Didier Stevens | Ransomware & Entropy: Your Turn -> Solution |
| 2015-11-04/a> | Richard Porter | Application Aware and Critical Control 2 |
| 2015-11-04/a> | Johannes Ullrich | Internet Wide Scanners Wanted |
| 2015-10-30/a> | Didier Stevens | Ransomware & Entropy: Your Turn |
| 2015-10-27/a> | Xavier Mertens | The "Yes, but..." syndrome |
| 2015-10-18/a> | Russell Eubanks | Security Awareness for Security Professionals |
| 2015-10-18/a> | Didier Stevens | Ransomware & Entropy |
| 2015-10-17/a> | Russell Eubanks | CIS Critical Security Controls - Version 6.0 |
| 2015-10-16/a> | Alex Stanford | Adobe Flash Update |
| 2015-10-13/a> | Alex Stanford | October 2015 Microsoft Patch Tuesday |
| 2015-10-13/a> | Alex Stanford | Adobe Updates Acrobat and Adobe Reader |
| 2015-10-12/a> | Guy Bruneau | Data Visualization,What is your Tool of Choice? |
| 2015-10-12/a> | Guy Bruneau | Critical Vulnerability in Multiple Cisco Products - Apache Struts 2 Command Execution http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2 |
| 2015-10-09/a> | Guy Bruneau | Adobe Acrobat and Reader Pre-Announcement |
| 2015-09-29/a> | Pedro Bueno | Tricks for DLL analysis |
| 2015-09-28/a> | Johannes Ullrich | "Transport of London" Malicious E-Mail |
| 2015-09-23/a> | Daniel Wesemann | Making our users unlearn what we taught them |
| 2015-09-21/a> | Xavier Mertens | Detecting XCodeGhost Activity |
| 2015-09-19/a> | Didier Stevens | Don't launch that file Adobe Reader! |
| 2015-09-08/a> | Lenny Zeltser | A Close Look at PayPal Overpayment Scams That Target Craigslist Sellers |
| 2015-09-08/a> | Johannes Ullrich | September 2015 Microsoft Patch Tuesday |
| 2015-09-03/a> | Xavier Mertens | Querying the DShield API from RTIR |
| 2015-09-01/a> | Daniel Wesemann | How to hack |
| 2015-09-01/a> | Daniel Wesemann | Encryption of "data at rest" in servers |
| 2015-09-01/a> | Daniel Wesemann | Gift card from Marriott? |
| 2015-08-31/a> | Xavier Mertens | Detecting file changes on Microsoft systems with FCIV |
| 2015-08-28/a> | Didier Stevens | Test File: PDF With Embedded DOC Dropping EICAR |
| 2015-08-26/a> | Didier Stevens | PDF + maldoc1 = maldoc2 |
| 2015-08-17/a> | Russ McRee | Tool Tip: Kansa Stafford released, PowerShell for DFIR |
| 2015-08-16/a> | Guy Bruneau | Are you a "Hunter"? |
| 2015-08-12/a> | Rob VandenBrink | Windows Service Accounts - Why They're Evil and Why Pentesters Love them! |
| 2015-08-12/a> | Rob VandenBrink | Wireshark 1.12.7 is released, multiple fixes. Find the release notes at: https://www.wireshark.org/docs/relnotes/wireshark-1.12.7.html and the binaries at: https://www.wireshark.org/download.html |
| 2015-08-11/a> | Manuel Humberto Santander Pelaez | August 2015 Microsoft Patch Tuesday |
| 2015-08-07/a> | Tony Carothers | Critical Firefox Update Today |
| 2015-08-06/a> | Didier Stevens | Sigcheck and virustotal-search |
| 2015-07-31/a> | Russ McRee | Tech tip: Invoke a system command in R |
| 2015-07-31/a> | Russ McRee | Tech tip follow-up: Using the data Invoked with R's system command |
| 2015-07-28/a> | Rick Wanner | Android Stagefright multimedia viewer prone to remote exploitation |
| 2015-07-27/a> | Daniel Wesemann | Angler's best friends |
| 2015-07-23/a> | Mark Hofman | Some more 0-days from ZDI |
| 2015-07-21/a> | Didier Stevens | Searching Through the VirusTotal Database |
| 2015-07-18/a> | Russell Eubanks | The Value a "Fresh Set Of Eyes" (FSOE) |
| 2015-07-17/a> | Didier Stevens | Process Explorer and VirusTotal |
| 2015-07-17/a> | Didier Stevens | Autoruns and VirusTotal |
| 2015-07-17/a> | Didier Stevens | Sigcheck and VirusTotal |
| 2015-07-15/a> | Richard Porter | Always Check Your References (Cheat Sheets to the Rescue) |
| 2015-07-14/a> | Johannes Ullrich | Adobe Updates Flash Player, Shockwave and PDF Reader |
| 2015-07-14/a> | Johannes Ullrich | July 2015 Microsoft Patch Tuesday |
| 2015-07-12/a> | Rick Wanner | Another Adobe Flash Zero Day http://www.kb.cert.org/vuls/id/338736 |
| 2015-07-05/a> | Didier Stevens | Working with base64 |
| 2015-07-03/a> | Didier Stevens | Analyzing Quarantine Files |
| 2015-06-29/a> | Rob VandenBrink | The Powershell Diaries 2 - Software Inventory |
| 2015-06-28/a> | Didier Stevens | The EICAR Test File |
| 2015-06-26/a> | Daniel Wesemann | Cisco default credentials - again! |
| 2015-06-24/a> | Rob VandenBrink | The Powershell Diaries - Finding Problem User Accounts in AD |
| 2015-06-23/a> | Kevin Shortt | Adobe Flash Player Update - https://helpx.adobe.com/security/products/flash-player/apsb15-14.html |
| 2015-06-22/a> | Johannes Ullrich | SMTP Brute Forcing |
| 2015-06-18/a> | Johannes Ullrich | OS X and iOS Unauthorized Cross Application Resource Access (XARA) |
| 2015-06-16/a> | John Bambenek | CVE-2014-4114 and an Interesting AV Bypass Technique |
| 2015-06-09/a> | Johannes Ullrich | Microsoft Patch Tuesday Summary for June 2015 |
| 2015-06-02/a> | Alex Stanford | Guest Diary: Xavier Mertens - Playing with IP Reputation with Dshield & OSSEC |
| 2015-06-01/a> | Tom Webb | Submit Dshield ASA Logs |
| 2015-05-29/a> | Russell Eubanks | Trust But Verify |
| 2015-05-27/a> | Tom Webb | SYSINTERNALS Update(AccessChk v6.0, Autoruns v13.4, Process Monitor v3.2, VMMap v3.2) |
| 2015-05-23/a> | Guy Bruneau | Business Value in "Big Data" |
| 2015-05-20/a> | Brad Duncan | Logjam - vulnerabilities in Diffie-Hellman key exchange affect browsers and servers using TLS |
| 2015-05-15/a> | Didier Stevens | Another Maldoc? I'm Afraid So... |
| 2015-05-14/a> | Daniel Wesemann | Oh Bloat! |
| 2015-05-12/a> | Johannes Ullrich | May 2015 Microsoft Patch Tuesday Summary |
| 2015-05-10/a> | Didier Stevens | Wireshark TCP Flags: How To Install On Windows Video |
| 2015-05-09/a> | Didier Stevens | Malicious Word Document: This Time The Maldoc Is A MIME File |
| 2015-05-07/a> | Chris Mohan | Security Awareness? How do you keep your staff safe? |
| 2015-05-03/a> | Russ McRee | VolDiff, for memory image differential analysis |
| 2015-04-30/a> | Brad Duncan | Dalexis/CTB-Locker malspam campaign |
| 2015-04-29/a> | Daniel Wesemann | UDP/3478 to Amazon 54.84.9.242 -- got packets? (solved) |
| 2015-04-28/a> | Daniel Wesemann | Scammy Nepal earthquake donation requests |
| 2015-04-27/a> | Richard Porter | When Prevention Fails, Incident Response Begins |
| 2015-04-24/a> | Basil Alawi S.Taher | Fileless Malware |
| 2015-04-23/a> | Bojan Zdrnja | When automation does not help |
| 2015-04-14/a> | Alex Stanford | Microsoft Patch Tuesday - April 2015 |
| 2015-04-10/a> | Didier Stevens | The Kill Chain: Now With Pastebin |
| 2015-04-09/a> | Brad Duncan | An example of the malicious emails sometimes sent to the ISC handler addresses |
| 2015-04-08/a> | Tom Webb | Is it a breach or not? |
| 2015-04-06/a> | Guy Bruneau | 'Dead Drops' Hidden USB Sticks Around the World |
| 2015-04-05/a> | Didier Stevens | Wireshark TCP Flags |
| 2015-04-04/a> | Didier Stevens | VMware Product Updates Address Critical Information Disclosure Issue In JRE |
| 2015-04-02/a> | Brad Duncan | Angler Exploit Kit - Recent Traffic Patterns |
| 2015-03-30/a> | Didier Stevens | YARA Rules For Shellcode |
| 2015-03-26/a> | Daniel Wesemann | Pin-up on your Smartphone! |
| 2015-03-23/a> | Rick Wanner | Interesting Home Depot Spam |
| 2015-03-21/a> | Russell Eubanks | Have you seen my personal information? It has been lost. Again. |
| 2015-03-18/a> | Daniel Wesemann | New SANS memory forensics poster |
| 2015-03-18/a> | Daniel Wesemann | Pass the hash! |
| 2015-03-17/a> | Didier Stevens | From PEiD To YARA |
| 2015-03-16/a> | Johannes Ullrich | Automatically Documenting Network Connections From New Devices Connected to Home Networks |
| 2015-03-14/a> | Didier Stevens | Maldoc VBA Sandbox/Virtualization Detection |
| 2015-03-13/a> | Guy Bruneau | Blind SQL Injection against WordPress SEO by Yoast |
| 2015-03-12/a> | Johannes Ullrich | Who got the bad SSL Certificate? Using tshark to analyze the SSL handshake. |
| 2015-03-11/a> | Rob VandenBrink | Apple iTunes Store is seeing an extended outage (11 Mar) - watch https://www.apple.com/support/systemstatus/ for status changes. (12 Mar) - service restored, all green! |
| 2015-03-10/a> | Johannes Ullrich | Microsoft March Patch Tuesday |
| 2015-03-08/a> | Brad Duncan | What Happened to You, Asprox Botnet? |
| 2015-03-07/a> | Guy Bruneau | Should it be Mandatory to have an Independent Security Audit after a Breach? |
| 2015-03-01/a> | Rick Wanner | Advisory: Seagate NAS Remote Code Execution |
| 2015-02-27/a> | Rick Wanner | Tails 1.3 released - https://tails.boum.org/news/version_1.3/index.en.html |
| 2015-02-27/a> | Rick Wanner | Let's Encrypt! |
| 2015-02-26/a> | Johannes Ullrich | New Feature: Subnet Report |
| 2015-02-23/a> | Richard Porter | Subscribing to the DShield Top 20 on a Palo Alto Networks Firewall |
| 2015-02-22/a> | Russell Eubanks | Leave Things Better Than When You Found Them |
| 2015-02-20/a> | Tom Webb | Fast analysis of a Tax Scam |
| 2015-02-19/a> | Daniel Wesemann | Macros? Really?! |
| 2015-02-19/a> | Daniel Wesemann | DNS-based DDoS |
| 2015-02-17/a> | Rob VandenBrink | oclHashcat 1.33 Released |
| 2015-02-17/a> | Rob VandenBrink | A Different Kind of Equation |
| 2015-02-13/a> | Johannes Ullrich | Microsoft February Patch Failures Continue: KB3023607 vs. Cisco AnyConnect Client |
| 2015-02-12/a> | Johannes Ullrich | Did You Remove That Debug Code? Netatmo Weather Station Sending WPA Passphrase in the Clear |
| 2015-02-11/a> | Johannes Ullrich | Microsoft Hardens GPO by Fixing Two Serious Vulnerabilities. |
| 2015-02-10/a> | Mark Baggett | Detecting Mimikatz Use On Your Network |
| 2015-02-10/a> | Mark Baggett | Microsoft Update Advisory for February 2015 |
| 2015-02-09/a> | Chris Mohan | Backups are part of the overall business continuity and disaster recovery plan |
| 2015-02-08/a> | Rob VandenBrink | Raising the "Creep Factor" in License Agreements |
| 2015-02-06/a> | Johannes Ullrich | Anthem, TurboTax and How Things "Fit Together" Sometimes |
| 2015-02-05/a> | Johannes Ullrich | Adobe Flash Player Update Released, Fixing CVE 2015-0313 |
| 2015-02-03/a> | Johannes Ullrich | What is using this library? |
| 2015-02-02/a> | Stephen Hall | New Adobe Flash Vulnerability - CVE-2015-0313 |
| 2015-01-31/a> | Guy Bruneau | Beware of Phishing and Spam Super Bowl Fans! |
| 2015-01-27/a> | Johannes Ullrich | New Critical GLibc Vulnerability CVE-2015-0235 (aka GHOST) |
| 2015-01-26/a> | Russ McRee | Adobe updates Security Advisory for Adobe Flash Player, Infocon returns to green |
| 2015-01-23/a> | Johannes Ullrich | Flash 0-Day: Deciphering CVEs and Understanding Patches |
| 2015-01-23/a> | Adrien de Beaupre | Infocon change to yellow for Adobe Flash issues |
| 2015-01-13/a> | Johannes Ullrich | Microsoft Patch Tuesday - January 2015 (Really? Telnet?) |
| 2014-12-23/a> | John Bambenek | How I learned to stop worrying and love malware DGAs.... |
| 2014-12-09/a> | Alex Stanford | Microsoft Patch Tuesday - December 2014 |
| 2014-12-06/a> | Rick Wanner | Google App Engine Java Security Sandbox bypasses |
| 2014-12-05/a> | Basil Alawi S.Taher | VMware new and updated security advisories |
| 2014-12-01/a> | Guy Bruneau | Do you have a Data Breach Response Plan? |
| 2014-11-27/a> | Russ McRee | Syrian Electronic Army attack leads to malvertising |
| 2014-11-25/a> | Adrien de Beaupre | Less is, umm, less? |
| 2014-11-24/a> | Richard Porter | Someone is using this? PoS: Compressor |
| 2014-11-18/a> | Jim Clausing | Microsoft November out-of-cycle patch MS14-068 |
| 2014-11-11/a> | Johannes Ullrich | Adobe Flash Update |
| 2014-11-11/a> | Johannes Ullrich | Microsoft November 2014 Patch Tuesday |
| 2014-11-04/a> | Daniel Wesemann | Whois someone else? |
| 2014-11-04/a> | Daniel Wesemann | 20$ is 999999 Euro |
| 2014-10-23/a> | Russ McRee | Digest: 23 OCT 2014 |
| 2014-10-17/a> | Johannes Ullrich | Apple Updates (not just Yosemite) |
| 2014-10-14/a> | Johannes Ullrich | Microsoft October 2014 Patch Tuesday |
| 2014-10-14/a> | Johannes Ullrich | Adobe October 2014 Bulletins for Flash Player and Coldfusion |
| 2014-10-13/a> | Lorna Hutcheson | For or Against: Port Security for Network Access Control |
| 2014-10-09/a> | Johannes Ullrich | CSAM: My servers started speaking IRC, and that is when I started to listen! |
| 2014-10-06/a> | Johannes Ullrich | CSAM: Patch and get pw0ned (not OR). |
| 2014-10-03/a> | Johannes Ullrich | CSAM: The Power of Virustotal to Turn Harmless Binaries Malicious |
| 2014-10-02/a> | Johannes Ullrich | CSAM: My Storage Array SSHs Outbound! |
| 2014-10-02/a> | Johannes Ullrich | Why is your Mac all for sudden using Bing as a search engine? |
| 2014-10-01/a> | Russ McRee | VMware security advisory: VMSA-2014-0010 http://www.vmware.com/security/advisories/VMSA-2014-0010.html |
| 2014-10-01/a> | Russ McRee | Security Onion news: Updated ShellShock detection scripts for Bro |
| 2014-09-29/a> | Johannes Ullrich | Apple Released Update to Fix Shellshock Vulnerability http://support.apple.com/kb/DL1769 |
| 2014-09-27/a> | Guy Bruneau | What has Bash and Heartbleed Taught Us? |
| 2014-09-26/a> | Richard Porter | Why We Have Moved to InfoCon:Yellow |
| 2014-09-25/a> | Johannes Ullrich | Update on CVE-2014-6271: Vulnerability in bash (shellshock) |
| 2014-09-22/a> | Johannes Ullrich | Cyber Security Awareness Month: What's your favorite/most scary false positive |
| 2014-09-22/a> | Johannes Ullrich | Fake LogMeIn Certificate Update with Bad AV Detection Rate |
| 2014-09-19/a> | Guy Bruneau | Added today in oclhashcat 131 Django [Default Auth] (PBKDF2 SHA256 Rounds Salt) Support - http://hashcat.net/hashcat/ |
| 2014-09-19/a> | Guy Bruneau | Web Scan looking for /info/whitelist.pac |
| 2014-09-18/a> | Johannes Ullrich | Apple Releases OS X 10.9.5 / Safari 6.2 and 7.1 with several security fixes http://support.apple.com/kb/HT1222 |
| 2014-09-17/a> | Daniel Wesemann | Your online background check is now public! |
| 2014-09-16/a> | Daniel Wesemann | https://yourfakebank.support -- TLD confusion starts! |
| 2014-09-16/a> | Mark Hofman | FreeBSD Denial of Service advisory (CVE-2004-0230) |
| 2014-09-12/a> | Chris Mohan | VMware NSX and vCNS product updates address a critical information disclosure vulnerability http://www.vmware.com/security/advisories/VMSA-2014-0009.html |
| 2014-09-12/a> | Chris Mohan | Are credential dumps worth reviewing? |
| 2014-09-10/a> | Johannes Ullrich | Content Security Policy (CSP) is Growing Up. |
| 2014-09-09/a> | Alex Stanford | Microsoft Patch Tuesday - September 2014 |
| 2014-09-07/a> | Johannes Ullrich | Odd Persistent Password Bruteforcing |
| 2014-08-29/a> | Johannes Ullrich | False Positive or Not? Difficult to Analyze Javascript |
| 2014-08-27/a> | Rob VandenBrink | One More Day of Trolling in POS Memory |
| 2014-08-25/a> | Jim Clausing | Unusual CRL traffic? |
| 2014-08-23/a> | Guy Bruneau | NSS Labs Cyber Resilience Report |
| 2014-08-22/a> | Richard Porter | OCLHashCat 1.30 Released |
| 2014-08-22/a> | Richard Porter | PHP 5.4.32 Released http://www.php.net/ChangeLog-5.php#5.4.32 |
| 2014-08-22/a> | Richard Porter | PHP 5.5.16 is available http://www.php.net/ChangeLog-5.php#5.5.16 |
| 2014-08-20/a> | Kevin Shortt | Social Engineering Alive and Well |
| 2014-08-17/a> | Rick Wanner | Part 2: Is your home network unwittingly contributing to NTP DDOS attacks? |
| 2014-08-16/a> | Lenny Zeltser | Web Server Attack Investigation - Installing a Bot and Reverse Shell via a PHP Vulnerability |
| 2014-08-15/a> | Tom Webb | AppLocker Event Logs with OSSEC 2.8 |
| 2014-08-14/a> | Basil Alawi S.Taher | Threats to virtual environments |
| 2014-08-13/a> | Johannes Ullrich | Updates for Apple Safari |
| 2014-08-12/a> | Adrien de Beaupre | Host discovery with nmap |
| 2014-08-12/a> | Alex Stanford | Microsoft Patch Tuesday - August 2014 |
| 2014-08-12/a> | Adrien de Beaupre | Adobe updates for 2014/08 |
| 2014-08-12/a> | Adrien de Beaupre | Sysinternals updates Sysmon v1.0; Updates: Autoruns v12.01, Coreinfo v3.3, Procexp v16.03 http://blogs.technet.com/b/sysinternals/ |
| 2014-08-11/a> | Bojan Zdrnja | Verifying preferred SSL/TLS ciphers with Nmap |
| 2014-08-09/a> | Adrien de Beaupre | Complete application ownage via Multi-POST XSRF |
| 2014-08-06/a> | Johannes Ullrich | All Passwords have been lost: What's next? |
| 2014-08-06/a> | Johannes Ullrich | Exploit Available for Symantec End Point Protection |
| 2014-08-06/a> | Chris Mohan | Free Service to Help CryptoLocker Victims by FireEye and Fox-IT |
| 2014-08-05/a> | Johannes Ullrich | Legal Threat Spam: Sometimes it Gets Personal |
| 2014-08-05/a> | Johannes Ullrich | Center for Internet Security Releases Benchmark for VMWare ESXi 5.5 https://benchmarks.cisecurity.org/downloads/form/index.cfm?download=esxi55.100 |
| 2014-08-04/a> | Russ McRee | Threats & Indicators: A Security Intelligence Lifecycle |
| 2014-08-02/a> | Chris Mohan | All Samba 4.x.x are vulnerable to a remote code execution vulnerability in the nmbd NetBIOS name services daemon |
| 2014-08-01/a> | Chris Mohan | WireShark 1.10.9 and 1.12.0 has been released |
| 2014-07-30/a> | Rick Wanner | Symantec Endpoint Protection Privilege Escalation Zero Day |
| 2014-07-28/a> | Guy Bruneau | Management and Control of Mobile Device Security |
| 2014-07-28/a> | Johannes Ullrich | Interesting HTTP User Agent "chroot-apach0day" |
| 2014-07-26/a> | Chris Mohan | "Internet scanning project" scans |
| 2014-07-24/a> | Bojan Zdrnja | Windows Previous Versions against ransomware |
| 2014-07-22/a> | Daniel Wesemann | Ivan's Order of Magnitude |
| 2014-07-19/a> | Russ McRee | Keeping the RATs out: the trap is sprung - Part 3 |
| 2014-07-18/a> | Russ McRee | Keeping the RATs out: **it happens - Part 2 |
| 2014-07-18/a> | Russ McRee | Gameover Zeus reported as "returned from the dead" |
| 2014-07-16/a> | Russ McRee | Keeping the RATs out: an exercise in building IOCs - Part 1 |
| 2014-07-15/a> | Daniel Wesemann | AOC Cloud |
| 2014-07-15/a> | Daniel Wesemann | Oracle Java: 20 new vulnerabilities patched |
| 2014-07-15/a> | Daniel Wesemann | Oracle July 2014 CPU (patch bundle) |
| 2014-07-14/a> | Johannes Ullrich | The Internet of Things: How do you "on-board" devices? |
| 2014-07-13/a> | Tony Carothers | Oracle July 2014 Update Pre-Notification |
| 2014-07-11/a> | Rob VandenBrink | Apple pushes OS X update to block out of date Flash versions - http://support.apple.com/kb/HT5655 |
| 2014-07-11/a> | Rob VandenBrink | Metasploit Update Alert |
| 2014-07-09/a> | Daniel Wesemann | Who owns your typo? |
| 2014-07-09/a> | Daniel Wesemann | Who inherits your IP address? |
| 2014-07-08/a> | Johannes Ullrich | Hardcoded Netgear Prosafe Switch Password |
| 2014-07-08/a> | Alex Stanford | Microsoft Patch Tuesday - July |
| 2014-07-06/a> | Richard Porter | Physical Access, Point of Sale, Vegas |
| 2014-07-05/a> | Guy Bruneau | Java Support ends for Windows XP |
| 2014-07-05/a> | Guy Bruneau | Malware Analysis with pedump |
| 2014-07-03/a> | Johannes Ullrich | Credit Card Processing in 700 Words or Less |
| 2014-07-02/a> | Johannes Ullrich | July Ouch! Security Awareness Newsletter Released. E-mail Do's and Don'ts http://www.securingthehuman.org/resources/newsletters/ouch/2014#july2014 |
| 2014-07-02/a> | Johannes Ullrich | Cisco Unified Communications Domain Manager Update |
| 2014-07-02/a> | Johannes Ullrich | Simple Javascript Extortion Scheme Advertised via Bing |
| 2014-07-01/a> | Johannes Ullrich | Apple Releases Patches for All Products |
| 2014-06-30/a> | Johannes Ullrich | Should I setup a Honeypot? [SANSFIRE] |
| 2014-06-28/a> | Mark Hofman | No more Microsoft advisory email notifications? |
| 2014-06-23/a> | Russ McRee | Microsoft Interflow announced today at 26th FIRST conference |
| 2014-06-22/a> | Russ McRee | OfficeMalScanner helps identify the source of a compromise |
| 2014-06-17/a> | Rob VandenBrink | Canada's Anti-Spam Legislation (CASL) 2014 |
| 2014-06-17/a> | Rob VandenBrink | New Security Advisories / Updates from Microsoft - Heads up for Next Patch Tuesday! |
| 2014-06-13/a> | Richard Porter | A welcomed response, PF Chang's |
| 2014-06-12/a> | Daniel Wesemann | Made any new friends lately? |
| 2014-06-12/a> | Guy Bruneau | BIND Security Update for CVE-2014-3859 |
| 2014-06-12/a> | Johannes Ullrich | Metasploit now includes module to exploit CVE-2014-0195 (OpenSSL DTLS Fragment Vuln.) |
| 2014-06-11/a> | Daniel Wesemann | Gimme your keys! |
| 2014-06-11/a> | Daniel Wesemann | Help your pilot fly! |
| 2014-06-11/a> | Daniel Wesemann | Pay attention to Cryptowall! |
| 2014-06-10/a> | Alex Stanford | Microsoft Patch Tuesday June 2014 |
| 2014-06-08/a> | Guy Bruneau | efax Spam Containing Malware |
| 2014-06-06/a> | Johannes Ullrich | Microsoft June Patch Tuesday Advance Notification |
| 2014-06-04/a> | Richard Porter | p0f, Got Packets? |
| 2014-06-03/a> | Basil Alawi S.Taher | An Introduction to RSA Netwitness Investigator |
| 2014-06-02/a> | Rick Wanner | Using nmap to scan for DDOS reflectors |
| 2014-06-02/a> | John Bambenek | Gameover Zeus and Cryptolocker Takedowns |
| 2014-06-01/a> | Johannes Ullrich | When was the last time you checked your Comcast cable modem settings? |
| 2014-05-30/a> | Johannes Ullrich | Fake Australian Electric Bill Leads to Cryptolocker |
| 2014-05-28/a> | Rob VandenBrink | Assessing SOAP APIs with Burp |
| 2014-05-27/a> | Kevin Shortt | Avast forums hacked |
| 2014-05-22/a> | Rob VandenBrink | Another Site Breached - Time to Change your Passwords! (If you can that is) |
| 2014-05-22/a> | Johannes Ullrich | Discontinuing Support for ISC Alert Task Bar Icon |
| 2014-05-21/a> | John Bambenek | New, Unpatched IE 0 Day published at ZDI |
| 2014-05-18/a> | Russ McRee | sed and awk will always rock |
| 2014-05-13/a> | Johannes Ullrich | Microsoft May 2014 Patch Tuesday |
| 2014-05-07/a> | Johannes Ullrich | De-Clouding your Life: Things that should not go into the cloud. |
| 2014-05-01/a> | Johannes Ullrich | Microsoft Announces Special Patch for IE 0-day (Win XP included!) |
| 2014-04-30/a> | Russ McRee | UltraDNS DDOS |
| 2014-04-29/a> | Russ McRee | Firefox 29.0 & Thunderbird 24.5 released: http://www.mozilla.org/security/known-vulnerabilities/ |
| 2014-04-28/a> | Russ McRee | Adobe Security Bulletin: Security updates available for Adobe Flash Player http://adobe.ly/QVjO72 |
| 2014-04-27/a> | Tony Carothers | The Dreaded "D" Word of IT |
| 2014-04-26/a> | Guy Bruneau | Android Users - Beware of Bitcoin Mining Malware |
| 2014-04-26/a> | Guy Bruneau | New Project by Linux Foundation - Core Infrastructure Initiative |
| 2014-04-24/a> | Rob VandenBrink | Apple IOS updates to 7.1.1, OSX Security update 2014-002, Airport Updates - http://support.apple.com/kb/HT1222, http://support.apple.com/kb/HT6208, http://support.apple.com/kb/HT6207, http://support.apple.com/kb/HT6203 |
| 2014-04-22/a> | Johannes Ullrich | Apple Patches for OS X, iOS and Apple TV. |
| 2014-04-21/a> | Daniel Wesemann | Allow us to leave! |
| 2014-04-21/a> | Pedro Bueno | Heartbleed hunting |
| 2014-04-21/a> | Daniel Wesemann | OpenSSL Rampage |
| 2014-04-21/a> | Daniel Wesemann | Finding the bleeders |
| 2014-04-17/a> | Manuel Humberto Santander Pelaez | Looking for malicious traffic in electrical SCADA networks - part 2 - solving problems with DNP3 Secure Authentication Version 5 |
| 2014-04-16/a> | Johannes Ullrich | Oracle Critical Patch Update for April 2014 |
| 2014-04-15/a> | Manuel Humberto Santander Pelaez | Looking for malicious traffic in electrical SCADA networks - part 1 |
| 2014-04-15/a> | Richard Porter | VMWare Advisory VMSA-2014-0004 - Updates on OpenSSL HeartBleed http://www.vmware.com/security/advisories/VMSA-2014-0004.html |
| 2014-04-14/a> | Kevin Shortt | INFOCon Green: Heartbleed - on the mend |
| 2014-04-13/a> | Kevin Shortt | Reverse Heartbleed Testing |
| 2014-04-12/a> | Guy Bruneau | Critical Security Update for JetPack WordPress Plugin. Bug has existed since Jetpack 1.9, released in October 2012. - http://jetpack.me/2014/04/10/jetpack-security-update/ |
| 2014-04-12/a> | Guy Bruneau | Interested in a Heartbleed Challenge? |
| 2014-04-11/a> | Rob VandenBrink | The Other Side of Heartbleed - Client Vulnerabilities |
| 2014-04-11/a> | Rob VandenBrink | VMware Security Advisories / Patches released for 2 issues (NOT Heartbleed) - http://www.vmware.com/security/advisories/VMSA-2014-0003.html and http://www.vmware.com/security/advisories/VMSA-2014-0002.html |
| 2014-04-11/a> | Johannes Ullrich | Tonight OpenSSL Webcast #4: Client Side Issues / What to tell your kids & managers about it https://www.sans.org/webcasts/side-heartbleed-client-vulnerabilities-98135 |
| 2014-04-11/a> | Guy Bruneau | Heartbleed Fix Available for Download for Cisco Products |
| 2014-04-08/a> | Richard Porter | April 2014 Microsoft Patches |
| 2014-04-08/a> | Guy Bruneau | OpenSSL CVE-2014-0160 Fixed |
| 2014-04-08/a> | Johannes Ullrich | * Patch Now: OpenSSL "Heartbleed" Vulnerability |
| 2014-04-08/a> | Rick Wanner | Security Updates available for Adobe Flash Player - http://helpx.adobe.com/security/products/flash-player/apsb14-09.html |
| 2014-04-07/a> | Johannes Ullrich | Attack or Bad Link? Your Guess? |
| 2014-04-06/a> | Basil Alawi S.Taher | "Power Worm" PowerShell based Malware |
| 2014-04-05/a> | Jim Clausing | Those strange e-mails with URLs in them can lead to Android malware |
| 2014-04-02/a> | Kevin Shortt | Apple Security Update for Safari 6.1.3/7.0.3: http://support.apple.com/kb/HT6181 |
| 2014-04-01/a> | Basil Alawi S.Taher | Upgrading Your Android, Elevating My Malware |
| 2014-03-27/a> | Alex Stanford | Apple Credential Phishing via appleidconfirm.net |
| 2014-03-24/a> | Johannes Ullrich | Integrating Physical Security Sensors |
| 2014-03-24/a> | Johannes Ullrich | New Microsoft Advisory: Unpatched Word Flaw used in Targeted Attacks |
| 2014-03-22/a> | Guy Bruneau | How the Compromise of a User Account Lead to a Spam Incident |
| 2014-03-21/a> | Johannes Ullrich | Cisco AsyncOS Patch |
| 2014-03-18/a> | Mark Hofman | Call for packets dest 5000 or source 6000 |
| 2014-03-17/a> | Jim Clausing | New Apache web server release |
| 2014-03-17/a> | Johannes Ullrich | Scans for FCKEditor File Manager |
| 2014-03-14/a> | Richard Porter | Word Press Shenanigans? Anyone seeing strange activity today? |
| 2014-03-13/a> | Daniel Wesemann | Web server logs containing RS=^ ? |
| 2014-03-13/a> | Daniel Wesemann | Identification and authentication are hard ... finding out intention is even harder |
| 2014-03-13/a> | Daniel Wesemann | Adobe Shockwave Player critical update: http://helpx.adobe.com/security/products/shockwave/apsb14-10.html |
| 2014-03-12/a> | Johannes Ullrich | Wordpress "Pingback" DDoS Attacks |
| 2014-03-11/a> | Johannes Ullrich | Adobe Updates: Flash Player |
| 2014-03-11/a> | Johannes Ullrich | Microsoft Patch Tuesday March 2014 |
| 2014-03-11/a> | Basil Alawi S.Taher | Introduction to Memory Analysis with Mandiant Redline |
| 2014-03-10/a> | Basil Alawi S.Taher | Sysinternals Process Explorer v16.02, Process Monitor v3.1, PSExec v2.1 and Sigcheck v2.03 update |
| 2014-03-10/a> | Basil Alawi S.Taher | Apple iOS 7.1 |
| 2014-03-08/a> | Guy Bruneau | Microsoft March Patch Pre-Announcement |
| 2014-03-07/a> | Tom Webb | Linux Memory Dump with Rekall |
| 2014-03-06/a> | Mark Baggett | Port 5000 traffic and snort signature |
| 2014-03-04/a> | Daniel Wesemann | XPired! |
| 2014-03-04/a> | Daniel Wesemann | Triple Handshake Cookie Cutter |
| 2014-03-02/a> | Stephen Hall | Sunday Reading |
| 2014-03-02/a> | Stephen Hall | Symantec goes yellow |
| 2014-02-28/a> | Daniel Wesemann | Oversharing |
| 2014-02-28/a> | Daniel Wesemann | Fiesta! |
| 2014-02-27/a> | Richard Porter | Cisco Prime Infrastructure Command Execution Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140226-pi |
| 2014-02-26/a> | Russ McRee | Ongoing NTP Amplification Attacks |
| 2014-02-25/a> | Alex Stanford | Apple releases OS X 10.9.2 patching SSL vulnerability and updates Safari |
| 2014-02-21/a> | Johannes Ullrich | UPS Malware Spam Using Fake SPF Headers |
| 2014-02-21/a> | Jim Clausing | Apple updates iOS and Apple TV |
| 2014-02-20/a> | Stephen Hall | Abobe out of band patch announcement (APSB14-07) |
| 2014-02-19/a> | Russ McRee | Threat modeling in the name of security |
| 2014-02-17/a> | Chris Mohan | NTP reflection attacks continue |
| 2014-02-15/a> | Rob VandenBrink | More on HNAP - What is it, How to Use it, How to Find it |
| 2014-02-14/a> | Chris Mohan | Scanning activity for /siemens/bootstrapping/JnlpBrowser/Development/ |
| 2014-02-14/a> | Chris Mohan | FireEye reports IE 10 zero-day being used in watering hole attack |
| 2014-02-14/a> | Chris Mohan | SYM14-004 Symantec Endpoint Protection Management Vulnerabilities - http://www.symantec.com/business/support/index?page=content&id=TECH214866 |
| 2014-02-13/a> | Johannes Ullrich | Linksys Worm ("TheMoon") Captured |
| 2014-02-12/a> | Johannes Ullrich | Suspected Mass Exploit Against Linksys E1000 / E1200 Routers |
| 2014-02-11/a> | Johannes Ullrich | February 2014 Microsoft Patch Tuesday |
| 2014-02-11/a> | Johannes Ullrich | Adobe February 2014 Patch Tuesday |
| 2014-02-10/a> | Rob VandenBrink | Isn't it About Time to Get Moving on Chip and PIN? |
| 2014-02-10/a> | Rob VandenBrink | A Tale of Two Admins (and no Change Control) |
| 2014-02-09/a> | Basil Alawi S.Taher | Mandiant Highlighter 2 |
| 2014-02-07/a> | Johannes Ullrich | Microsoft Advance Notification for February 2014 |
| 2014-02-07/a> | Rob VandenBrink | Hello Virustotal? It's Microsoft Calling. |
| 2014-02-07/a> | Rob VandenBrink | New ISO Standards on Vulnerability Handling and Disclosure |
| 2014-02-05/a> | Johannes Ullrich | To Merrillville or Sochi: How Dangerous is it to travel? |
| 2014-02-05/a> | Johannes Ullrich | SANS Ouch Security Awareness Newsletter What is Malware http://www.securingthehuman.org/ouch |
| 2014-02-04/a> | Johannes Ullrich | Adobe Flash Player Emergency Patch |
| 2014-02-04/a> | Johannes Ullrich | Odd ICMP Echo Request Payload |
| 2014-02-03/a> | Johannes Ullrich | When an Attack isn't an Attack |
| 2014-01-31/a> | Chris Mohan | Attack on Yahoo mail accounts |
| 2014-01-31/a> | Chris Mohan | Looking for packets from three particular subnets |
| 2014-01-30/a> | Johannes Ullrich | Oracle Reports Vulnerability |
| 2014-01-30/a> | Johannes Ullrich | New gTLDs appearing in the root zone |
| 2014-01-28/a> | Kevin Shortt | Sendmail v8.14.8 released - http://www.sendmail.com/sm/open_source/download/8.14.8/?show_rs=1#RS |
| 2014-01-24/a> | Johannes Ullrich | How to send mass e-mail the right way |
| 2014-01-24/a> | Chris Mohan | Phishing via Social Media |
| 2014-01-24/a> | Chris Mohan | Security Update for OS X for CVE-2014-1252 http://support.apple.com/kb/HT6117 |
| 2014-01-23/a> | Chris Mohan | Learning from the breaches that happens to others Part 2 |
| 2014-01-20/a> | Rob VandenBrink | You Can Run, but You Can't Hide (SSH and other open services) |
| 2014-01-19/a> | Rick Wanner | Anatomy of a Malware distribution campaign |
| 2014-01-17/a> | Russ McRee | Massive RFI scans likely a free web app vuln scanner rather than bots |
| 2014-01-17/a> | Russ McRee | New and updated VMWare security advisories - http://www.vmware.com/security/advisories |
| 2014-01-16/a> | Kevin Shortt | Port 4028 - Interesting Activity |
| 2014-01-14/a> | Chris Mohan | Spamming and scanning botnets - is there something I can do to block them from my site? |
| 2014-01-14/a> | Johannes Ullrich | Microsoft Patch Tuesday January 2014 |
| 2014-01-14/a> | Johannes Ullrich | Adobe Patch Tuesday January 2014 |
| 2014-01-14/a> | Johannes Ullrich | Oracle Critical Patch Update January 2014 |
| 2014-01-13/a> | Johannes Ullrich | Special Webcast today: HTML5, Risky Business or Hidden Security Toolchest? https://www.sans.org/webcasts/html5-risky-business-hidden-security-tool-chest-mobile-web-app-authentication-97650 |
| 2014-01-11/a> | Guy Bruneau | tcpflow 1.4.4 and some of its most Interesting Features |
| 2014-01-10/a> | Basil Alawi S.Taher | Windows Autorun-3 |
| 2014-01-10/a> | Basil Alawi S.Taher | Cisco Small Business Devices backdoor fix |
| 2014-01-09/a> | Johannes Ullrich | Microsoft Security Bulletin Advance Notification for January 2014 http://technet.microsoft.com/en-us/security/bulletin/ms14-jan |
| 2014-01-09/a> | Bojan Zdrnja | Massive PHP RFI scans |
| 2014-01-08/a> | Kevin Shortt | Intercepted Email Attempts to Steal Payments |
| 2014-01-04/a> | Tom Webb | Monitoring Windows Networks Using Syslog (Part One) |
| 2014-01-02/a> | John Bambenek | OpenSSL.org Defaced by Attackers Gaining Access to Hypervisor |
| 2014-01-02/a> | Johannes Ullrich | Scans Increase for New Linksys Backdoor (32764/TCP) |
| 2014-01-01/a> | Russ McRee | Six degrees of celebration: Juniper, ANT, Shodan, Maltego, Cisco, and Tails |
| 2014-01-01/a> | Russ McRee | Happy New Year from the Syrian Electronic Army - Skype’s Social Media Accounts Hacked |
| 2013-12-29/a> | Russ McRee | OpenSSL suffers apparent defacement |
| 2013-12-28/a> | Russ McRee | Weekend Reading List 27 DEC |
| 2013-12-28/a> | Bojan Zdrnja | DRG online challenge(s) |
| 2013-12-24/a> | Daniel Wesemann | Unfriendly crontab additions |
| 2013-12-24/a> | Daniel Wesemann | Mr Jones wants you to appear in court! |
| 2013-12-23/a> | Rob VandenBrink | How-To's for the Holidays - Java Whitelisting using AD Group Policy |
| 2013-12-23/a> | Scott Fendley | VMWare ESX/ESXi Security Advisory |
| 2013-12-23/a> | Daniel Wesemann | Costco, BestBuy, Walmart really want to send you a package! |
| 2013-12-21/a> | Daniel Wesemann | Adobe phishing underway |
| 2013-12-21/a> | Guy Bruneau | Strange DNS Queries - Request for Packets |
| 2013-12-20/a> | Daniel Wesemann | authorized key lime pie |
| 2013-12-19/a> | Rob VandenBrink | Passive Scanning Two Ways - How-Tos for the Holidays |
| 2013-12-19/a> | Rob VandenBrink | Target US - Credit Card Data Breach |
| 2013-12-18/a> | Adrien de Beaupre | Wireshark 1.10.4 and 1.8.12 are available |
| 2013-12-17/a> | Adrien de Beaupre | Apple security updates Mac OS X and Safari |
| 2013-12-16/a> | Tom Webb | The case of Minerd |
| 2013-12-14/a> | Johannes Ullrich | WhatsApp Malware Spam uses Geolocation to Mass Customize Filename |
| 2013-12-11/a> | Johannes Ullrich | Facebook Phishing and Malware via Tumblr Redirects |
| 2013-12-10/a> | Johannes Ullrich | Microsoft December Patch Tuesday |
| 2013-12-10/a> | Rob VandenBrink | Adobe Updates today as well. |
| 2013-12-10/a> | Rob VandenBrink | Those Look Just Like Hashes! |
| 2013-12-09/a> | Rob VandenBrink | Scanning without Scanning |
| 2013-12-07/a> | Guy Bruneau | Suspected Active Rovnix Botnet Controller |
| 2013-12-07/a> | Guy Bruneau | Microsoft December Patch Pre-Announcement |
| 2013-12-05/a> | Mark Hofman | Updated Standards Part 1 - ISO 27001 |
| 2013-12-04/a> | Adrien de Beaupre | VMware Security Advisory VMSA-2013-0014 |
| 2013-12-02/a> | Richard Porter | Reports of higher than normal SSH Attacks |
| 2013-12-01/a> | Richard Porter | BPF, PCAP, Binary, hex, why they matter? |
| 2013-11-29/a> | Russ McRee | MS Exchange update, includes failed backup fix: http://support.microsoft.com/kb/2892464 |
| 2013-11-28/a> | Rob VandenBrink | Microsoft Security Advisory (2914486): Vulnerability in Microsoft Windows Kernel 0 day exploit in wild |
| 2013-11-27/a> | Rob VandenBrink | ATM Traffic + TCPDump + Video = Good or Evil? |
| 2013-11-27/a> | Rob VandenBrink | Apache 2.4.7 is released 11/25. Download: http://httpd.apache.org/download.cgi#apache24 and Readme: http://apache.mirror.iweb.ca//httpd/CHANGES_2.4.7 |
| 2013-11-22/a> | Rick Wanner | Port 0 DDOS |
| 2013-11-22/a> | Rick Wanner | Tales of Password Reuse |
| 2013-11-16/a> | Guy Bruneau | Sagan as a Log Normalizer |
| 2013-11-15/a> | Johannes Ullrich | The Security Impact of HTTP Caching Headers |
| 2013-11-15/a> | Johannes Ullrich | VMWare Security Advisory: http://www.vmware.com/security/advisories/VMSA-2013-0013.html |
| 2013-11-14/a> | Johannes Ullrich | iOS 7.0.4 released. Fixes issue with unauthorized in App purchases http://lists.apple.com/archives/security-announce/2013/Nov/msg00000.html |
| 2013-11-13/a> | Johannes Ullrich | Packet Challenge for the Hivemind: What's happening with this Ethernet header? |
| 2013-11-12/a> | Johannes Ullrich | November 2013 Microsoft Patch Tuesday |
| 2013-11-11/a> | Johannes Ullrich | What Happened to the SANS Ads? |
| 2013-11-10/a> | Rick Wanner | Microsoft and Facebook announce bug bounty |
| 2013-11-09/a> | Guy Bruneau | IE Zero-Day Vulnerability Exploiting msvcrt.dll |
| 2013-11-08/a> | Johannes Ullrich | Microsoft Patch Tuesday Preview |
| 2013-11-05/a> | Daniel Wesemann | Is your vacuum cleaner sending spam? |
| 2013-11-05/a> | Daniel Wesemann | TIFF images in MS-Office documents used in targeted attacks |
| 2013-11-04/a> | Manuel Humberto Santander Pelaez | When attackers use your DNS to check for the sites you are visiting |
| 2013-11-02/a> | Rick Wanner | Protecting Your Family's Computers |
| 2013-11-01/a> | Russ McRee | Secunia's PSI Country Report - Q3 2013 |
| 2013-10-31/a> | Russ McRee | Happy Halloween: The Ghost Really May Be In The Machine |
| 2013-10-30/a> | Russ McRee | SIR v15: Five good reasons to leave Windows XP behind |
| 2013-10-28/a> | Daniel Wesemann | Exploit cocktail (Struts, Java, Windows) going after 3-month old vulnerabilities |
| 2013-10-26/a> | Guy Bruneau | Active Perl/Shellbot Trojan |
| 2013-10-25/a> | Rob VandenBrink | Kaspersky flags TCPIP.SYS as Malware |
| 2013-10-24/a> | Johannes Ullrich | False Positive: php.net Malware Alert |
| 2013-10-22/a> | Richard Porter | Greenbone and OpenVAS Scanner |
| 2013-10-22/a> | John Bambenek | Cryptolocker Update, Request for Info |
| 2013-10-21/a> | Johannes Ullrich | New tricks that may bring DNS spoofing back or: "Why you should enable DNSSEC even if it is a pain to do" |
| 2013-10-18/a> | Rob VandenBrink | CSAM - Why am I seeing DNS Requests to IANA.ORG in my Firewall Logs? |
| 2013-10-17/a> | Adrien de Beaupre | Chrome updated http://googlechromereleases.blogspot.ca/2013/10/stable-channel-update_15.html |
| 2013-10-17/a> | Adrien de Beaupre | Internet wide DNS scanning |
| 2013-10-17/a> | Adrien de Beaupre | New spamming technique - onmicrosoft.com |
| 2013-10-16/a> | Adrien de Beaupre | Access denied and blockliss |
| 2013-10-15/a> | Rob VandenBrink | CSAM: Microsoft Logs - NPS and IAS (RADIUS) |
| 2013-10-15/a> | Rob VandenBrink | Java Quarterly Updates |
| 2013-10-15/a> | Rob VandenBrink | Wireshark 1.11.0 Development Version Released ==> http://www.wireshark.org/download.html (1.10.2 remains the Stable version) |
| 2013-10-12/a> | Richard Porter | Reported Spike in tcp/5901 and tcp/5900 |
| 2013-10-10/a> | Mark Hofman | CSAM Some more unusual scans |
| 2013-10-10/a> | Johannes Ullrich | google.com.my DNS hijack |
| 2013-10-09/a> | Johannes Ullrich | Other Patch Tuesday Updates (Adobe, Apple) |
| 2013-10-09/a> | Johannes Ullrich | CSAM: SSL Request Logs |
| 2013-10-08/a> | Johannes Ullrich | Anti-Virus Company Avira Homepage Defaced |
| 2013-10-08/a> | Johannes Ullrich | CSAM: ANY queries used in reflective DoS attack |
| 2013-10-08/a> | Johannes Ullrich | Microsoft October 2013 Patch Tuesday |
| 2013-10-05/a> | Richard Porter | Adobe Breach Notification, Notifications? |
| 2013-10-04/a> | Johannes Ullrich | The Adobe Breach FAQ |
| 2013-10-04/a> | Pedro Bueno | CSAM: WebHosting BruteForce logs |
| 2013-10-03/a> | Johannes Ullrich | October Patch Tuesday Preview (CVE-2013-3893 patch coming!) |
| 2013-10-02/a> | Johannes Ullrich | CSAM: Misc. DNS Logs |
| 2013-10-02/a> | John Bambenek | Obamacare related domain registration spike, Government shutdown domain registration beginning |
| 2013-10-01/a> | Adrien de Beaupre | CSAM! Send us your logs! |
| 2013-09-30/a> | Adrien de Beaupre | Twitter DM spam/malware |
| 2013-09-24/a> | Tom Webb | IDS, NSM, and Log Management with Security Onion 12.04.3 |
| 2013-09-23/a> | Rob VandenBrink | How do you spell "PSK"? |
| 2013-09-18/a> | Rob VandenBrink | Apple IOS 7 - Brace for Impact! |
| 2013-09-18/a> | Rob VandenBrink | Cisco DCNM Update Released |
| 2013-09-17/a> | John Bambenek | Microsoft Releases Out-of-Band Advisory for all Versions of Internet Explorer |
| 2013-09-13/a> | Rob VandenBrink | Update for Safari to version 5.1.10 is out - http://support.apple.com/kb/HT5921 |
| 2013-09-12/a> | Daniel Wesemann | 37.58.73.42 / 95.156.228.69 / 195.210.43.42, anyone? |
| 2013-09-11/a> | Johannes Ullrich | Reboot Wednesday: Yesterday's Patch Tuesday Aftermath |
| 2013-09-10/a> | Swa Frantzen | Adobe September 2013 Black Tuesday Overview |
| 2013-09-10/a> | Swa Frantzen | Microsoft September 2013 Black Tuesday Overview |
| 2013-09-10/a> | Swa Frantzen | More Black Tuesday workload |
| 2013-09-10/a> | Swa Frantzen | Macs need to patch too! |
| 2013-09-09/a> | Johannes Ullrich | SSL is broken. So what? |
| 2013-09-07/a> | Guy Bruneau | Microsoft September Patch Pre-Announcement |
| 2013-09-05/a> | Rob VandenBrink | Building Your Own GPU Enabled Private Cloud |
| 2013-09-05/a> | Rob VandenBrink | What's Next for IPS? |
| 2013-09-03/a> | Rob VandenBrink | Is "Reputation Backscatter" a Thing? |
| 2013-09-02/a> | Guy Bruneau | Multiple Cisco Security Notice |
| 2013-09-02/a> | Guy Bruneau | Snort IDS Sensor with Sguil New ISO Released |
| 2013-08-30/a> | Kevin Liston | VMware ESXi and ESX address an NFC Protocol Unhandled Exception |
| 2013-08-29/a> | Russ McRee | Suspect Sendori software |
| 2013-08-28/a> | Bojan Zdrnja | MS13-056 (false positive)? alerts |
| 2013-08-26/a> | Alex Stanford | Stop, Drop and File Carve |
| 2013-08-25/a> | Johannes Ullrich | When does your browser send a "Referer" header (or not)? |
| 2013-08-22/a> | Russ McRee | Read of the Week: A Fuzzy Future in Malware Research |
| 2013-08-21/a> | Alex Stanford | Psst. Your Browser Knows All Your Secrets. |
| 2013-08-21/a> | Rob VandenBrink | Fibre Channel Reconnaissance - Reloaded |
| 2013-08-19/a> | Guy Bruneau | Business Risks and Cyber Attacks |
| 2013-08-19/a> | Rob VandenBrink | ZMAP 1.02 released |
| 2013-08-19/a> | Johannes Ullrich | Microsoft re-releases MS13-066: https://technet.microsoft.com/security/bulletin/MS13-066 |
| 2013-08-19/a> | Rob VandenBrink | NMAP 6.40 Released (www.nmap.org), Release Notes at www.nmap.org/changelog.html |
| 2013-08-15/a> | Johannes Ullrich | Microsoft Pulls MS013-061 due to problems with Exchange Server 2013 http://blogs.technet.com/b/exchange/archive/2013/08/14/exchange-2013-security-update-ms13-061-status-update.aspx |
| 2013-08-14/a> | Johannes Ullrich | Imaging LUKS Encrypted Drives |
| 2013-08-13/a> | Swa Frantzen | Microsoft security advisories: RDP and MD5 deprecation in Microsoft root certificates |
| 2013-08-13/a> | Swa Frantzen | Microsoft August 2013 Black Tuesday Overview |
| 2013-08-11/a> | Bojan Zdrnja | XATattacks (attacks on xat.com) |
| 2013-08-09/a> | Kevin Shortt | Copy Machines - Changing Scanned Content |
| 2013-08-07/a> | Johannes Ullrich | New edition of the Ouch! Security Awareness Newsletter is out: http://www.securingthehuman.org/resources/newsletters/ouch/2013 |
| 2013-08-07/a> | Johannes Ullrich | Firefox 23 and Mixed Active Content |
| 2013-08-07/a> | Mark Hofman | DNS servers hijacked in the Netherlands |
| 2013-08-05/a> | Chris Mohan | DMARC: another step forward in the fight against phishing? |
| 2013-08-03/a> | Deborah Hale | What Anti-virus Program Is Right For You? |
| 2013-08-02/a> | Chris Mohan | VMware Security Advisory VMSA-2013-0009 - http://www.vmware.com/security/advisories/VMSA-2013-0009.html |
| 2013-08-02/a> | Chris Mohan | Cisco Security Advisory: OSPF LSA Manipulation Vulnerability in Multiple Cisco Products http://tools.cisco.com/security/center/viewAlert.x?alertId=30210 |
| 2013-08-02/a> | Johannes Ullrich | Fake American Express Alerts |
| 2013-07-29/a> | Adrien de Beaupre | BGP multiple banking addresses hijacked |
| 2013-07-28/a> | Guy Bruneau | Wireshark 1.8.9 and 1.10.1 Security Update |
| 2013-07-27/a> | Scott Fendley | Defending Against Web Server Denial of Service Attacks |
| 2013-07-22/a> | Johannes Ullrich | Apple Developer Site Breach |
| 2013-07-21/a> | Guy Bruneau | Why use Regular Expressions? |
| 2013-07-21/a> | Guy Bruneau | Ubuntu Forums Security Breach |
| 2013-07-20/a> | Manuel Humberto Santander Pelaez | Do you have rogue Internet gateways in your network? Check it with nmap |
| 2013-07-18/a> | Chris Mohan | Blog Spam - annoying junk or a source of intelligence? |
| 2013-07-13/a> | Lenny Zeltser | Decoy Personas for Safeguarding Online Identity Using Deception |
| 2013-07-10/a> | Johannes Ullrich | .NL Registrar Compromisse |
| 2013-07-09/a> | Swa Frantzen | Microsoft July 2013 Black Tuesday Overview |
| 2013-07-09/a> | Swa Frantzen | Adobe July 2013 Black Tuesday Overview |
| 2013-07-08/a> | Richard Porter | Why do we Click? |
| 2013-07-06/a> | Guy Bruneau | Microsoft July Patch Pre-Announcement |
| 2013-07-06/a> | Guy Bruneau | Is Metadata the Magic in Modern Network Security? |
| 2013-07-04/a> | Russ McRee | Celebrating 4th of July With a Malware PCAP Visualization |
| 2013-07-03/a> | Kevin Shortt | Apple Security Update 2013-003 |
| 2013-07-01/a> | Manuel Humberto Santander Pelaez | Using nmap scripts to enhance vulnerability asessment results |
| 2013-06-29/a> | Johannes Ullrich | Instagram "Fruit" Spam |
| 2013-06-27/a> | Tony Carothers | Physical Security in the Cyber World |
| 2013-06-27/a> | Tony Carothers | Ruby Update for SSL Vulnerability |
| 2013-06-26/a> | Adrien de Beaupre | Multiple Cisco security advisories |
| 2013-06-25/a> | Bojan Zdrnja | Mozilla Firefox 22 released, fixes 14 security vulnerabilities, more info at http://www.mozilla.org/en-US/firefox/22.0/releasenotes/ |
| 2013-06-22/a> | Guy Bruneau | Facebook Reports a Potential Leak of User Data |
| 2013-06-21/a> | Guy Bruneau | Sysinternals Updates for Autoruns, Strings & ZoomIt http://blogs.technet.com/b/sysinternals/archive/2013/06/20/updates-autoruns-v11-61-strings-v2-52-zoomit-v4-5.aspx |
| 2013-06-20/a> | Guy Bruneau | HP iLO3/iLO4 Remote Unauthorized Access with Single-Sign-On |
| 2013-06-18/a> | Russ McRee | EMET 4.0 is now available for download |
| 2013-06-18/a> | Russ McRee | Volatility rules...any questions? |
| 2013-06-17/a> | Daniel Wesemann | SANSFIRE 2013 |
| 2013-06-11/a> | Swa Frantzen | Store passwords the right way in your application |
| 2013-06-11/a> | Swa Frantzen | Microsoft June 2013 Black Tuesday Overview |
| 2013-06-11/a> | Swa Frantzen | Adobe June 2013 Black Tuesday Overview |
| 2013-06-11/a> | Swa Frantzen | Other Microsoft Black Tuesday News |
| 2013-06-11/a> | Swa Frantzen | vmware security advisory VMSA-2013-0008 |
| 2013-06-10/a> | Johannes Ullrich | When Google isn't Google |
| 2013-06-07/a> | Daniel Wesemann | 100% Compliant (for 65% of the systems) |
| 2013-06-05/a> | Richard Porter | BIND 9 Update fixing CVE-2013-3919 |
| 2013-06-05/a> | Johannes Ullrich | Apple releases OS 10.8.4 |
| 2013-06-05/a> | Richard Porter | Windows Sysinternals Updated http://technet.microsoft.com/en-us/sysinternals/default.aspx |
| 2013-06-05/a> | Johannes Ullrich | New version of "Ouch", the SANS Securing the Human Newsletter http://www.securingthehuman.org/resources/newsletters/ouch/2013 |
| 2013-06-05/a> | Richard Porter | Wireshark 1.10.0 Stable Released http://www.wireshark.org/download.html |
| 2013-05-31/a> | Chris Mohan | VMware releases new and updated security advisories |
| 2013-05-27/a> | Johannes Ullrich | Nuclear Scientists, Pandas and EMET Keeping Me Honest |
| 2013-05-23/a> | Adrien de Beaupre | Wireshark 1.10.0rc2 is now available http://www.wireshark.org/download.html |
| 2013-05-23/a> | Adrien de Beaupre | MoVP II |
| 2013-05-22/a> | Adrien de Beaupre | Privilege escalation, why should I care? |
| 2013-05-22/a> | Adrien de Beaupre | Wireshark 1.8.7 and 1.6.15 Released http://www.wireshark.org/news/20130517.html |
| 2013-05-22/a> | Adrien de Beaupre | Apple QuickTime 7.7.4 for Windows updated, MANY security vulnerabilities: http://support.apple.com/kb/HT1222 |
| 2013-05-22/a> | Adrien de Beaupre | Chrome 24.0.1312.52 has been updated for Windows, Mac, Linux, and Chrome Frame |
| 2013-05-21/a> | Adrien de Beaupre | Moore, Oklahoma tornado charitable organization scams, malware, and phishing |
| 2013-05-20/a> | Guy Bruneau | Sysinternals Updates for Accesschk, Procdump, RAMMap and Strings http://blogs.technet.com/b/sysinternals/archive/2013/05/17/updates-accesschk-v5-11-procdump-v6-0-rammap-v1-22-strings-v2-51.aspx |
| 2013-05-20/a> | Guy Bruneau | Safe - Tools, Tactics and Techniques |
| 2013-05-19/a> | Kevin Shortt | Port 51616 - Got Packets? |
| 2013-05-17/a> | Daniel Wesemann | e-netprotections.su ? |
| 2013-05-17/a> | Johannes Ullrich | SSL: Another reason not to ignore IPv6 |
| 2013-05-16/a> | Daniel Wesemann | Extracting signatures from Apple .apps |
| 2013-05-14/a> | Jim Clausing | So what passwords are those ssh scanners trying? |
| 2013-05-14/a> | Swa Frantzen | Microsoft May 2013 Black Tuesday Overview |
| 2013-05-14/a> | Swa Frantzen | Firefox & Thunderbird released |
| 2013-05-14/a> | Swa Frantzen | Adobe May 2013 Black Tuesday Overview |
| 2013-05-14/a> | Swa Frantzen | Microsoft Security Advisory 2846338 |
| 2013-05-11/a> | Lenny Zeltser | Extracting Digital Signatures from Signed Malware |
| 2013-05-10/a> | Johannes Ullrich | Microsoft and Adobe Patch Tuesday Pre-Release |
| 2013-05-09/a> | John Bambenek | Adobe Releases 0-day Security Advisory for Coldfusion, Exploit Code Available. Advisory here: http://www.adobe.com/support/security/advisories/apsa13-03.html |
| 2013-05-08/a> | Johannes Ullrich | "De Flashing" the ISC Web Site and Flash XSS issues |
| 2013-05-08/a> | Chris Mohan | Syria drops from Internet 7th May 2013 |
| 2013-05-07/a> | Jim Clausing | Is there an epidemic of typo squatting? |
| 2013-05-04/a> | Kevin Shortt | The Zero-Day Pendulum Swings |
| 2013-05-01/a> | Daniel Wesemann | The cost of cleaning up |
| 2013-04-30/a> | Russ McRee | Apache binary backdoor adds malicious redirect to Blackhole |
| 2013-04-29/a> | Adam Swanger | Report Fake Tech Support Calls submission form reminder |
| 2013-04-26/a> | Russ McRee | What is "up to date anti-virus software"? |
| 2013-04-25/a> | Adam Swanger | SANS 2013 Forensics Survey - https://www.surveymonkey.com/s/2013SANSForensicsSurvey |
| 2013-04-25/a> | Adam Swanger | Guest Diary: Dylan Johnson - A week in the life of some Perimeter Firewalls |
| 2013-04-23/a> | Russ McRee | Microsoft's Security Intelligence Report (SIRv14) released |
| 2013-04-21/a> | John Bambenek | A Chargen-based DDoS? Chargen is still a thing? |
| 2013-04-19/a> | Russ McRee | Java 8 release schedule delayed for renewed focus on security |
| 2013-04-18/a> | John Bambenek | ISC Handler Lenny Zeltser's REMnux v4 Reviewed on Hak5 |
| 2013-04-17/a> | Richard Porter | Apple iTunes Services Outage |
| 2013-04-17/a> | John Bambenek | UPDATEDx1: Boston-Related Malware Campaigns Have Begun - Now with Waco Plant Explosion Fun |
| 2013-04-16/a> | John Bambenek | Fake Boston Marathon Scams Update |
| 2013-04-16/a> | Rob VandenBrink | Java 7 Update 21 is available - Watch for Behaviour Changes ! |
| 2013-04-15/a> | Rob VandenBrink | Oops - You Mean That Deleted Server was a Certificate Authority? |
| 2013-04-15/a> | John Bambenek | Please send any spam (full headers), URLs or other suspicious content scamming off Boston Marathon explosions to handlers@sans.org |
| 2013-04-13/a> | Johannes Ullrich | Protocol 61: Anybody got packets? |
| 2013-04-10/a> | Manuel Humberto Santander Pelaez | Massive Google scam sent by email to Colombian domains |
| 2013-04-09/a> | Swa Frantzen | Microsoft April 2013 Black Tuesday Overview |
| 2013-04-09/a> | Swa Frantzen | Adobe April 2013 Black Tuesday Overview |
| 2013-04-08/a> | Johannes Ullrich | Cleaning Up After the Leak: Hiding exposed web content |
| 2013-04-04/a> | Johannes Ullrich | Microsoft April Patch Tuesday Advance Notification |
| 2013-04-03/a> | Mark Hofman | Firefox 20 and Thunderbird 17.0.5 updates |
| 2013-03-29/a> | Chris Mohan | Does your breach email notification look like a phish? |
| 2013-03-29/a> | Chris Mohan | Fake Link removal requests |
| 2013-03-28/a> | John Bambenek | Where Were You During the Great DDoS Cybergeddon of 2013? |
| 2013-03-26/a> | Daniel Wesemann | How your Webhosting Account is Getting Abused |
| 2013-03-25/a> | Johannes Ullrich | IPv6 Focus Month: IPv6 over IPv4 Preference |
| 2013-03-23/a> | Guy Bruneau | Apple ID Two-step Verification Now Available in some Countries |
| 2013-03-22/a> | Mark Baggett | Wipe the drive! Stealthy Malware Persistence - Part 4 |
| 2013-03-20/a> | Mark Baggett | Wipe the drive! Stealthy Malware Persistence - Part 3 |
| 2013-03-19/a> | Johannes Ullrich | Scam of the day: More fake CNN e-mails |
| 2013-03-19/a> | Johannes Ullrich | IPv6 Focus Month: The warm and fuzzy side of IPv6 |
| 2013-03-19/a> | Johannes Ullrich | Windows 7 SP1 and Windows Server 2008 R2 SP1 Being "pushed" today |
| 2013-03-18/a> | Kevin Shortt | Cisco IOS Type 4 Password Issue: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4 |
| 2013-03-18/a> | Kevin Shortt | Spamhaus DDOS |
| 2013-03-15/a> | Mark Baggett | AVG detect legit file as virus |
| 2013-03-14/a> | Mark Baggett | Wipe the drive! Stealthy Malware Persistence - Part 2 |
| 2013-03-14/a> | Richard Porter | Apple Security Updates: http://support.apple.com/kb/HT1222 |
| 2013-03-13/a> | Mark Baggett | Wipe the drive! Stealthy Malware Persistence Mechanism - Part 1 |
| 2013-03-13/a> | Johannes Ullrich | IPv6 Focus Month: Kaspersky Firewall IPv6 Vulnerability |
| 2013-03-12/a> | Swa Frantzen | Microsoft March 2013 Black Tuesday Overview |
| 2013-03-12/a> | Swa Frantzen | Adobe March 2013 Black Tueday |
| 2013-03-09/a> | Guy Bruneau | IPv6 Focus Month: IPv6 Encapsulation - Protocol 41 |
| 2013-03-08/a> | Johannes Ullrich | IPv6 Focus Month: Filtering ICMPv6 at the Border |
| 2013-03-07/a> | Guy Bruneau | Wireshark Security Updates |
| 2013-03-07/a> | Guy Bruneau | Apple Blocking Java Web plug-in |
| 2013-03-06/a> | Adam Swanger | IPv6 Focus Month: Guest Diary: Stephen Groat - Geolocation Using IPv6 Addresses |
| 2013-03-05/a> | Mark Hofman | IPv6 Focus Month: Device Defaults |
| 2013-03-05/a> | Richard Porter | Java j6u43 update #YAJU http://www.oracle.com/technetwork/java/javase/6u43-relnotes-1915290.html |
| 2013-03-04/a> | Johannes Ullrich | IPv6 Focus Month: Addresses |
| 2013-03-04/a> | Richard Porter | Java 7u17 update #YAJU http://www.oracle.com/technetwork/java/javase/7u17-relnotes-1915289.html |
| 2013-03-03/a> | Richard Porter | Uptick in MSSQL Activity |
| 2013-03-02/a> | Scott Fendley | Evernote Security Issue |
| 2013-03-02/a> | Scott Fendley | Apple Blocks Older Insecure Versions of Flash Player |
| 2013-03-01/a> | Jim Clausing | And the Java 0-days just keep on coming |
| 2013-02-27/a> | Adam Swanger | Guest Diary: Dylan Johnson - There's value in them there logs! |
| 2013-02-27/a> | Adam Swanger | Adobe Flash Player Security Update - http://www.adobe.com/support/security/bulletins/apsb13-08.html |
| 2013-02-26/a> | Rob VandenBrink | All I need Java for is .... |
| 2013-02-25/a> | Johannes Ullrich | Mass-Customized Malware Lures: Don't trust your cat! |
| 2013-02-25/a> | Johannes Ullrich | Trustwave Trustkeeper Phish |
| 2013-02-25/a> | Johannes Ullrich | Punkspider enumerates web application vulnerabilities |
| 2013-02-25/a> | Rob VandenBrink | Silent Traitors - Embedded Devices in your Datacenter |
| 2013-02-22/a> | Johannes Ullrich | Zendesk breach affects Tumblr/Pinterest/Twitter |
| 2013-02-22/a> | Johannes Ullrich | What has Iran been up to lately? |
| 2013-02-22/a> | Chris Mohan | PHP 5.4.12 and PHP 5.3.22 released http://www.php.net/ChangeLog-5.php |
| 2013-02-22/a> | Chris Mohan | Chrome 25.0.1364.87 addresses multiple vulnerabilities http://googlechromereleases.blogspot.com.au/2013/02/stable-channel-update_21.html |
| 2013-02-22/a> | Chris Mohan | VMware releases new and updated security advisories |
| 2013-02-21/a> | Pedro Bueno | NBC site redirecting to Exploit kit |
| 2013-02-20/a> | Manuel Humberto Santander Pelaez | SANS SCADA Summit at Orlando - Bigger problems and so far from getting them solved |
| 2013-02-20/a> | Johannes Ullrich | Update Palooza |
| 2013-02-19/a> | Johannes Ullrich | APT1, Unit 61398 and are state sponsored attacks real |
| 2013-02-19/a> | Johannes Ullrich | Oracle Updates Java (Java 7 Update 15, Java 6 update 41) |
| 2013-02-19/a> | Johannes Ullrich | EDUCAUSE Breach |
| 2013-02-17/a> | Guy Bruneau | HP ArcSight Connector Appliance and Logger Vulnerabilities |
| 2013-02-17/a> | Guy Bruneau | Adobe Acrobat and Reader Security Update Planned this Week |
| 2013-02-16/a> | Lorna Hutcheson | Fedora RedHat Vulnerabilty Released |
| 2013-02-14/a> | Adam Swanger | ISC Monthly Threat Update - February 2013 http://isc.sans.edu/podcastdetail.html?id=3121 |
| 2013-02-14/a> | Bojan Zdrnja | Auditd is your friend |
| 2013-02-13/a> | Swa Frantzen | More adobe reader and acrobat (PDF) trouble |
| 2013-02-12/a> | Swa Frantzen | Adobe Feb 2013 Black Tuesday patches |
| 2013-02-12/a> | Adam Swanger | Microsoft February 2013 Black Tuesday Update - Overview |
| 2013-02-08/a> | Kevin Shortt | Is it Spam or Is it Malware? |
| 2013-02-08/a> | Johannes Ullrich | VMWare Advisories (ESX, Workstation, Fusion...) http://www.vmware.com/security/advisories/VMSA-2013-0002.html |
| 2013-02-08/a> | Johannes Ullrich | Microsoft February Patch Tuesday Advance Notification |
| 2013-02-07/a> | John Bambenek | Adobe Releases Patches for 0-day Vulnerability in Flash Player for Windows and Mac, Upgrade now: http://www.adobe.com/support/security/bulletins/apsb13-04.html |
| 2013-02-06/a> | Adam Swanger | Sysinternals in particular Process Explorer update https://blogs.technet.com/b/sysinternals/?Redirected=true |
| 2013-02-06/a> | Johannes Ullrich | HTTP Range Header and Partial Downloads |
| 2013-02-06/a> | Johannes Ullrich | Are you losing system logging information (and don't know it)? |
| 2013-02-06/a> | Johannes Ullrich | Intel Network Card (82574L) Packet of Death |
| 2013-02-05/a> | Russ McRee | Apple Security Update: OS X Server v.2.2.1 now available http://support.apple.com/kb/HT5644 |
| 2013-02-04/a> | Adam Swanger | SAN Securing The Human Monthly Awareness Video - Advanced Persistent Threat (APT) http://www.securingthehuman.org/resources/ncsam |
| 2013-02-03/a> | Lorna Hutcheson | Is it Really an Attack? |
| 2013-02-01/a> | Jim Clausing | VMware vSphere security updates for the authentication service and third party libraries (see http://www.vmware.com/security/advisories/VMSA-2013-0001.html) |
| 2013-02-01/a> | Jim Clausing | Oracle quitely releases Java 7u13 early |
| 2013-01-30/a> | Richard Porter | Getting Involved with the Local Community |
| 2013-01-28/a> | Johannes Ullrich | iOS 6.1 Released |
| 2013-01-25/a> | Johannes Ullrich | Vulnerability Scans via Search Engines (Request for Logs) |
| 2013-01-22/a> | Richard Porter | Using Metasploit for Patch Sanity Checks |
| 2013-01-19/a> | Guy Bruneau | Java 7 Update 11 Still has a Flaw |
| 2013-01-18/a> | Russ McRee | Interesting reads for Friday 18 JAN 2013 |
| 2013-01-17/a> | Russ McRee | PHP 5.4.11 and PHP 5.3.21 released |
| 2013-01-15/a> | Rob VandenBrink | When Disabling IE6 (or Java, or whatever) is not an Option... |
| 2013-01-15/a> | Russ McRee | Cisco introducing Cisco Security Notices 16 JAN 2013 |
| 2013-01-14/a> | Richard Porter | Microsoft Out of Cycle Patch: IE http://technet.microsoft.com/en-us/security/bulletin/ms13-jan |
| 2013-01-14/a> | Richard Porter | January 2013 Microsoft Out of Cycle Patch |
| 2013-01-13/a> | Stephen Hall | Sysinternals Updates |
| 2013-01-13/a> | Stephen Hall | Java 0-Day patched as Java 7 U 11 released |
| 2013-01-12/a> | Stephen Hall | Java 0-day impact to Java 6 (and beyond?) |
| 2013-01-12/a> | Stephen Hall | Oracle Patch Tuesday Pre-Release |
| 2013-01-10/a> | Johannes Ullrich | Java is still exploitable and is likely going to remain so. |
| 2013-01-10/a> | Rob VandenBrink | What Else runs Telnets? Or, Pentesters Love Video Conferencing Units Too! |
| 2013-01-10/a> | Adam Swanger | ISC Monthly Threat Update New Format |
| 2013-01-09/a> | Rob VandenBrink | SQL Injection Flaw in Ruby on Rails |
| 2013-01-09/a> | Rob VandenBrink | Hotmail seeing some temporary access issues |
| 2013-01-09/a> | Rob VandenBrink | Firefox and Thunderbird Updates |
| 2013-01-09/a> | Rob VandenBrink | Security Updates for Adobe Reader / Acrobat - http://www.adobe.com/support/security/bulletins/apsb13-02.html |
| 2013-01-09/a> | Rob VandenBrink | Security Updates for Adobe Flash - http://www.adobe.com/support/security/bulletins/apsb13-01.html |
| 2013-01-09/a> | Johannes Ullrich | New Format for Monthly Threat Update |
| 2013-01-09/a> | Rob VandenBrink | Security Update - Cisco Prime LMS (cisco-sa-20130109-lms - remote execution as root vulnerability) - advisory at: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-lms |
| 2013-01-09/a> | Rob VandenBrink | Security Update - Cisco 7900 Phones - cisco-sa-20130109-uipphone privilege escallation issue - advisory at: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-uipphone |
| 2013-01-08/a> | Jim Clausing | Cuckoo 0.5 is out and the world didn't end |
| 2013-01-08/a> | Richard Porter | Yahoo Web Interface Report: Compose and Send |
| 2013-01-08/a> | Richard Porter | A picture worth a 1000 barcodes? |
| 2013-01-08/a> | Richard Porter | Microsoft January 2013 Black Tuesday Update - Overview |
| 2013-01-08/a> | Richard Porter | Adobe Security Bulletins http://blogs.adobe.com/psirt/2013/01/adobe-security-bulletins-posted-4.html |
| 2013-01-08/a> | Richard Porter | Firefox 18 Released, Security Fixes http://www.mozilla.org/security/known-vulnerabilities/firefox.html |
| 2013-01-07/a> | Adam Swanger | Please consider participating in our 2013 ISC StormCast survey at http://www.surveymonkey.com/s/stormcast |
| 2013-01-06/a> | Kevin Liston | A Bit About the NVIDIA Vulnerability |
| 2013-01-05/a> | Guy Bruneau | Adobe ColdFusion Security Advisory |
| 2013-01-04/a> | Daniel Wesemann | Blue for Reset? |
| 2013-01-04/a> | Daniel Wesemann | Patch pre-notification from Adobe and Microsoft |
| 2013-01-03/a> | Bojan Zdrnja | Memory acquisition traps |
| 2013-01-03/a> | Manuel Humberto Santander Pelaez | New year and new CA compromised |
| 2013-01-02/a> | Chris Mohan | Starting the New Year on the right foot |
| 2013-01-02/a> | Russ McRee | EMET 3.5: The Value of Looking Through an Attacker's Eyes |
| 2012-12-31/a> | Manuel Humberto Santander Pelaez | How to determine which NAC solutions fits best to your needs |
| 2012-12-27/a> | John Bambenek | It's 3pm 2 days after Christmas, do you know where your unmanaged SSH keys are? |
| 2012-12-22/a> | Guy Bruneau | New Poll - Which of the following issues impacted the most your business in 2012? - https://isc.sans.edu/poll.html |
| 2012-12-20/a> | Daniel Wesemann | White House strategy on security information sharing and safeguarding |
| 2012-12-18/a> | Dan Goldberg | Mitigating the impact of organizational change: a risk assessment |
| 2012-12-18/a> | Rob VandenBrink | All I Want for Christmas is to Not Get Hacked ! |
| 2012-12-14/a> | Adam Swanger | ISC Feature of the Week: Webhoneypot: Web Server Log Project |
| 2012-12-13/a> | Johannes Ullrich | What if Tomorrow Was the Day? |
| 2012-12-11/a> | John Bambenek | Microsoft December 2012 Black Tuesday Update - Overview |
| 2012-12-10/a> | Johannes Ullrich | Your CPA License has not been revoked |
| 2012-12-07/a> | Richard Porter | Reports of Strange TCP Port 443 Behavior |
| 2012-12-07/a> | Adam Swanger | ISC Feature of the Week: Glossary Additions |
| 2012-12-06/a> | Johannes Ullrich | How to identify if you are behind a "Transparent Proxy" |
| 2012-12-06/a> | Daniel Wesemann | Fake tech support calls - revisited |
| 2012-12-06/a> | Daniel Wesemann | Rich Quick Make Money! |
| 2012-12-04/a> | Johannes Ullrich | Where do your backup tapes go to die? |
| 2012-12-03/a> | Kevin Liston | Mobile Malware: Request for Field Reports |
| 2012-12-03/a> | John Bambenek | John McAfee Exposes His Location in Photo About His Being on Run |
| 2012-12-03/a> | Kevin Liston | Recent SSH vulnerabilities |
| 2012-12-02/a> | Guy Bruneau | Collecting Logs from Security Devices at Home |
| 2012-11-30/a> | Daniel Wesemann | Snipping Leaks |
| 2012-11-30/a> | Daniel Wesemann | Nmap 6.25 released - lots of new goodies, see http://nmap.org/changelog.html |
| 2012-11-29/a> | Adam Swanger | ISC Feature of the Week: SSH Scan Reports |
| 2012-11-29/a> | Kevin Shortt | New Apple Security Update: APPLE-SA-2012-11-29-1 Apple TV 5.1.1 |
| 2012-11-28/a> | Mark Hofman | New version of wireshark is available (1.8.4), some security fixes included. |
| 2012-11-28/a> | Mark Hofman | McAfee releases extraDAT for W32/Autorun.worm.aaeb-h |
| 2012-11-27/a> | Chris Mohan | Can users' phish emails be a security admin's catch of the day? |
| 2012-11-26/a> | John Bambenek | Online Shopping for the Holidays? Tips, News and a Fair Warning |
| 2012-11-23/a> | Rob VandenBrink | Risk Assessment Reloaded (thanks PCI ! ) |
| 2012-11-23/a> | Rob VandenBrink | What's in Your Change Control Form? |
| 2012-11-22/a> | Kevin Liston | Greek National Arrested on Suspicion of Theft of 9M Records on Fellow Greeks |
| 2012-11-20/a> | John Bambenek | Behind the Random NTP Bizarreness of Incorrect Year Being Set |
| 2012-11-20/a> | John Bambenek | Firefox v 17.0 just released, more here: http://www.mozilla.org/en-US/firefox/17.0/releasenotes/ |
| 2012-11-19/a> | John Bambenek | MoneyGram fined $100 million for aiding wire fraud - http://krebsonsecurity.com/2012/11/moneygram-fined-100-million-for-wire-fraud/ |
| 2012-11-19/a> | John Bambenek | New Poll: Top 5 Unresolved Security Problems of 2012 |
| 2012-11-18/a> | Guy Bruneau | FreeBSD Project Servers Compromised - http://www.freebsd.org/news/2012-compromise.html |
| 2012-11-17/a> | Manuel Humberto Santander Pelaez | New Sysinternal Updates: AdExplorer v1.44, Contig v1.7, Coreinfo v3.2, Procdump v5.1. See http://blogs.technet.com/b/sysinternals/archive/2012/11/16/updates-adexplorer-v1-44-contig-v1-7-coreinfo-v3-2-procdump-v5-1.aspx?Redirected=true |
| 2012-11-16/a> | Guy Bruneau | VMware security updates for vSphere API and ESX Service Console - http://www.vmware.com/security/advisories/VMSA-2012-0016.html |
| 2012-11-15/a> | Jim Clausing | Another month another password disclosure breach |
| 2012-11-14/a> | Jim Clausing | Skype account hijack vulnerability fixed |
| 2012-11-13/a> | Jim Clausing | Microsoft November 2012 Black Tuesday Update - Overview |
| 2012-11-12/a> | John Bambenek | Request for info: Robocall Phishing Against Local/Regional Banks |
| 2012-11-09/a> | Mark Baggett | Remote Diagnostics with PSR |
| 2012-11-09/a> | Mark Baggett | Fresh batch of Microsoft patches next week |
| 2012-11-08/a> | Daniel Wesemann | Adobe Patches |
| 2012-11-07/a> | Mark Baggett | Help eliminate unquoted path vulnerabilities |
| 2012-11-07/a> | Mark Baggett | Multiple 0-Days Reported! |
| 2012-11-07/a> | Mark Baggett | Cisco TACACS+ Authentication Bypass |
| 2012-11-05/a> | Johannes Ullrich | Reminder: Ongoing SMTP Brute Forcing Attacks |
| 2012-11-05/a> | Johannes Ullrich | Possible Fake-AV Ads from Doubleclick Servers |
| 2012-11-04/a> | Lorna Hutcheson | What's important on your network? |
| 2012-11-02/a> | Daniel Wesemann | The shortcomings of anti-virus software |
| 2012-11-02/a> | Daniel Wesemann | Lamiabiocasa |
| 2012-11-01/a> | Daniel Wesemann | Patched your Java yet? |
| 2012-10-31/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 31 - Business Continuity and Disaster Recovery |
| 2012-10-30/a> | Mark Hofman | Cyber Security Awareness Month - Day 30 - DSD 35 mitigating controls |
| 2012-10-30/a> | Johannes Ullrich | Hurricane Sandy Update |
| 2012-10-30/a> | Richard Porter | Splunk 5.0 SP-CAAAHB4 http://www.splunk.com/view/SP-CAAAHB4 |
| 2012-10-29/a> | Kevin Shortt | Cyber Security Awareness Month - Day 29 - Clear Desk: The Unacquainted Standard |
| 2012-10-28/a> | Tony Carothers | Firefox 16.02 Released |
| 2012-10-26/a> | Adam Swanger | Securing the Human Special Webcast - October 30, 2012 |
| 2012-10-26/a> | Russ McRee | Cyber Security Awareness Month - Day 26 - Attackers use trusted domain to propagate Citadel Zeus variant |
| 2012-10-25/a> | Richard Porter | Cyber Security Awareness Month - Day 25 - Pro Audio & Video Packets on the Wire |
| 2012-10-24/a> | Rob VandenBrink | Time to run Windows Update - - Microsoft Updates KB2755801 for Windows RT / IE10 / Flash Player - http://technet.microsoft.com/en-us/security/advisory/2755801 |
| 2012-10-24/a> | Russ McRee | Cyber Security Awareness Month - Day 24 - A Standard for Information Security Incident Management - ISO 27035 |
| 2012-10-24/a> | Russ McRee | Ongoing Windstream outage in the midwest - https://twitter.com/search?q=windstream |
| 2012-10-23/a> | Rob VandenBrink | Cyber Security Awareness Month - Day 23: Character Encoding Standards - ASCII and Successors |
| 2012-10-21/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 22: Connectors |
| 2012-10-21/a> | Lorna Hutcheson | Potential Phish for Regular Webmail Accounts |
| 2012-10-19/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 19: Standard log formats and CEE. |
| 2012-10-18/a> | Rob VandenBrink | Another Java update! Java SE 1.6.0_37 Available ==> http://www.oracle.com/technetwork/java/javase/releasenotes-136954.html |
| 2012-10-18/a> | Rob VandenBrink | Cyber Security Awareness Month - Day 18 - Vendor Standards: The vSphere Hardening Guide |
| 2012-10-17/a> | Mark Hofman | Oracle Critical Patch Update October |
| 2012-10-17/a> | Mark Hofman | New Acrobat release (including reader) available. Version 11. Some security improvements more here -->http://blogs.adobe.com/adobereader/ |
| 2012-10-17/a> | Rob VandenBrink | Time to update - Java version 7 update 9 (JRE 7u9, JDK 7u9) is out! Release notes here - http://www.oracle.com/technetwork/java/javase/7u9-relnotes-1863279.html |
| 2012-10-17/a> | Rob VandenBrink | Cyber Security Awareness Month - Day 17 - A Standard for Risk Management - ISO 27005 |
| 2012-10-16/a> | Richard Porter | CyberAwareness Month - Day 15, Standards Body Soup (pt2), Same Soup Different Cook. |
| 2012-10-16/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 16: W3C and HTML |
| 2012-10-14/a> | Pedro Bueno | Cyber Security Awareness Month - Day 14 - Poor Man's File Analysis System - Part 1 |
| 2012-10-13/a> | Guy Bruneau | New Poll - Cyber Security Awareness Month Activities 2012 - https://isc.sans.edu/poll.html |
| 2012-10-12/a> | Mark Hofman | Cyber Security Awareness Month - Day 12 PCI DSS |
| 2012-10-11/a> | Rob VandenBrink | Firefox 16 / Thunderbird 16 updates |
| 2012-10-11/a> | Rob VandenBrink | Cyber Security Awareness Month - Day 11 - Vendor Agnostic Standards (Center for Internet Security) |
| 2012-10-10/a> | Kevin Shortt | Facebook Scam Spam |
| 2012-10-10/a> | Kevin Shortt | Cyber Security Awareness Month - Day 10 - Standard Sudo - Part Two |
| 2012-10-09/a> | Johannes Ullrich | Adobe Flash Player update http://www.adobe.com/support/security/bulletins/apsb12-22.html |
| 2012-10-09/a> | Johannes Ullrich | Cyber Security Awreness Month - Day 9 - Request for Comment (RFC) |
| 2012-10-09/a> | Johannes Ullrich | Microsoft October 2012 Black Tuesday Update - Overview |
| 2012-10-08/a> | Mark Hofman | Cyber Security Awareness Month - Day 8 ISO 27001 |
| 2012-10-07/a> | Tony Carothers | Cyber Security Awareness Month - Day 7 - Rollup Review of CSAM Week 1 |
| 2012-10-06/a> | Manuel Humberto Santander Pelaez | Cyber Security Awareness Month - Day 6 - NERC: The standard that enforces security on power SCADA |
| 2012-10-05/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 5: Standards Body Soup, So many Flavors in the bowl. |
| 2012-10-05/a> | Richard Porter | VMWare Security Advisory: VMSA-2012-0014 - http://www.vmware.com/security/advisories/VMSA-2012-0014.html |
| 2012-10-05/a> | Adam Swanger | ISC Feature of the Week: Report Fake Tech Support Call Statistics |
| 2012-10-05/a> | Richard Porter | Reports of a Distributed Injection Scan |
| 2012-10-04/a> | Mark Hofman | And the SHA-3 title goes to .....Keccak |
| 2012-10-04/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 4: Crypto Standards |
| 2012-10-04/a> | Johannes Ullrich | Microsoft October Patch Pre-Announcement |
| 2012-10-03/a> | Kevin Shortt | Fake Support Calls Reported |
| 2012-10-03/a> | Kevin Shortt | Cyber Security Awareness Month - Day 3 - Standard Sudo - Part One |
| 2012-10-02/a> | Russ McRee | Cyber Security Awareness Month - Day 2 - PCI Security Standard: Mobile Payment Acceptance Security Guidelines |
| 2012-10-01/a> | Johannes Ullrich | Cyber Security Awareness Month |
| 2012-09-28/a> | Joel Esler | Adobe certification revocation for October 4th |
| 2012-09-27/a> | Adam Swanger | ISC Feature of the Week: Glossary |
| 2012-09-27/a> | Kevin Shortt | Cisco IOS Security Advisory Bundle - http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep12.html |
| 2012-09-26/a> | Johannes Ullrich | Some Android phones can be reset to factory default by clicking on links |
| 2012-09-26/a> | Johannes Ullrich | More Java Woes |
| 2012-09-23/a> | Tony Carothers | Update for CVE-2012-3132 |
| 2012-09-21/a> | Johannes Ullrich | iOS 6 Security Roundup |
| 2012-09-21/a> | Guy Bruneau | Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10 (2755801) |
| 2012-09-21/a> | Guy Bruneau | Storing your Collection of Malware Samples with Malwarehouse |
| 2012-09-20/a> | Russ McRee | Flash Player update but no announcement, check your version http://www.adobe.com/software/flash/about/ |
| 2012-09-20/a> | Russ McRee | Apple and Cisco Security Advisories 19 SEP 2012 |
| 2012-09-20/a> | Russ McRee | Financial sector advisory: attacks and threats against financial institutions |
| 2012-09-19/a> | Russ McRee | Script kiddie scavenging with Shellbot.S |
| 2012-09-19/a> | Kevin Liston | Volatility: 2.2 is Coming Soon |
| 2012-09-17/a> | Rob VandenBrink | IE Zero Day is "For Real" |
| 2012-09-17/a> | Rob VandenBrink | What's on your iPad? |
| 2012-09-14/a> | Lenny Zeltser | Scam Report - Fake Voice Mail Email Notification Redirects to Malicious Site |
| 2012-09-14/a> | Adam Swanger | ISC Feature of the Week: Privacy Policy |
| 2012-09-14/a> | Lenny Zeltser | Analyzing Malicious RTF Files Using OfficeMalScanner's RTFScan |
| 2012-09-13/a> | Mark Baggett | TCP Fuzzing with Scapy |
| 2012-09-13/a> | Mark Baggett | Microsoft disrupts traffic associated with the Nitol botnet |
| 2012-09-13/a> | Mark Baggett | More SSL trouble |
| 2012-09-11/a> | Adam Swanger | Microsoft September 2012 Black Tuesday Update - Overview |
| 2012-09-10/a> | Johannes Ullrich | Microsoft Patch Tuesday Pre-Release |
| 2012-09-10/a> | Johannes Ullrich | Godaddy DDoS Attack |
| 2012-09-10/a> | donald smith | Blue Toad publishing co compromise lead to UDID release. http://redtape.nbcnews.com/_news/2012/09/10/13781440-exclusive-the-real-source-of-apple-device-ids-leaked-by-anonymous-last-week?lite |
| 2012-09-09/a> | Guy Bruneau | Phishing/Spam Pretending to be from BBB |
| 2012-09-08/a> | Guy Bruneau | Webmin Input Validation Vulnerabilities |
| 2012-09-07/a> | Chris Mohan | Keeping an eye on those BYODs with DHCP |
| 2012-09-06/a> | Johannes Ullrich | SSL Requests sent to port 80 (request for help/input) |
| 2012-09-05/a> | Rob VandenBrink | Auditing a Network for VOIP Call Quality Metrics |
| 2012-09-04/a> | Johannes Ullrich | Another round of "Spot the Exploit E-Mail" |
| 2012-09-02/a> | Lorna Hutcheson | Demonstrating the value of your Intrusion Detection Program and Analysts |
| 2012-09-01/a> | Russ McRee | Blackhole targeting Java vulnerability via fake Microsoft Services Agreement email phish |
| 2012-08-31/a> | Johannes Ullrich | VMware Updates |
| 2012-08-31/a> | Russ McRee | Not so fast: Java 7 Update 7 critical vulnerability discovered in less than 24 hours |
| 2012-08-30/a> | Bojan Zdrnja | Analyzing outgoing network traffic (part 2) |
| 2012-08-30/a> | Johannes Ullrich | Editorial: The Slumlord Approach to Network Security http://isc.sans.edu/j/editorial |
| 2012-08-29/a> | Johannes Ullrich | "Data" URLs used for in-URL phishing |
| 2012-08-27/a> | Johannes Ullrich | The Good, Bad and Ugly about Assigning IPv6 Addresses |
| 2012-08-27/a> | Johannes Ullrich | Malware Spam harvesting Facebook Information |
| 2012-08-27/a> | Kevin Liston | Quick Bits about Today's Java 0-Day |
| 2012-08-26/a> | Lorna Hutcheson | Who ya gonna contact? |
| 2012-08-23/a> | Bojan Zdrnja | Analyzing outgoing network traffic |
| 2012-08-23/a> | Adam Swanger | ISC Feature of the Week: Contact Us |
| 2012-08-22/a> | Adrien de Beaupre | Apple Remote Desktop update fixes no encryption issue |
| 2012-08-22/a> | Adrien de Beaupre | Phishing/spam via SMS |
| 2012-08-21/a> | Adrien de Beaupre | YYABCAFU - Yes Yet Another Bleeping Critical Adobe Flash Update |
| 2012-08-21/a> | Adrien de Beaupre | RuggedCom fails key management 101 on Rugged Operating System (ROS) |
| 2012-08-20/a> | Manuel Humberto Santander Pelaez | Do we need test procedures in our companies before implementing Antivirus signatures? |
| 2012-08-19/a> | Manuel Humberto Santander Pelaez | Authentication Issues between entities during protocol message exchange in SCADA Systems |
| 2012-08-17/a> | Guy Bruneau | Suspicious eFax Spear Phishing Messages |
| 2012-08-16/a> | Johannes Ullrich | A Poor Man's DNS Anomaly Detection Script |
| 2012-08-15/a> | Guy Bruneau | Wireshark Security Update |
| 2012-08-14/a> | Rick Wanner | Backtrack 5 r3 released - http://www.backtrack-linux.org/downloads/ |
| 2012-08-14/a> | Rick Wanner | Microsoft August 2012 Black Tuesday Update - Overview |
| 2012-08-14/a> | Rick Wanner | Adobe Security Bulletins - http://blogs.adobe.com/psirt/2012/08/adobe-security-bulletins-posted-2.html |
| 2012-08-13/a> | Rick Wanner | Interesting scan for medical certification information... |
| 2012-08-12/a> | Tony Carothers | Layers of the Defense-in-Depth Onion |
| 2012-08-12/a> | Tony Carothers | Oracle Security Alert for CVE-2012-3132 |
| 2012-08-10/a> | Adam Swanger | ISC Feature of the Week: Report Fake Tech Support Calls |
| 2012-08-09/a> | Mark Hofman | Zeus/Citadel variant causing issues in the Netherlands |
| 2012-08-09/a> | Mark Hofman | SQL Injection Lilupophilupop style, Part 2 |
| 2012-08-08/a> | Adrien de Beaupre | snort updated to 2.9.3.1 Changelog: http://www.snort.org/downloads/1837 |
| 2012-08-07/a> | Adrien de Beaupre | Who protects small business? |
| 2012-08-05/a> | Daniel Wesemann | Phishing for Payroll with unpatched Java |
| 2012-08-04/a> | Adam Swanger | ISC Feature of the Week: Handler Select News Feed |
| 2012-08-04/a> | Kevin Liston | Vendors: More Patch-Release Options Please |
| 2012-08-03/a> | Guy Bruneau | Flash Player 11.3.300.270 for Windows released to address a crash - http://forums.adobe.com/message/4594596#4594596 |
| 2012-08-02/a> | Guy Bruneau | Opera Security Update |
| 2012-07-30/a> | Guy Bruneau | End of Days for MS-CHAPv2 |
| 2012-07-27/a> | Daniel Wesemann | Cuckoo 0.4 is out - cool new features for malware analysis http://www.cuckoosandbox.org/ |
| 2012-07-26/a> | Adam Swanger | ISC Feature of the Week: The 404Project - now with IP Mask |
| 2012-07-25/a> | Johannes Ullrich | Apple OS X 10.8 (Mountain Lion) released |
| 2012-07-25/a> | Johannes Ullrich | Apple Releases Safari 6 |
| 2012-07-25/a> | Johannes Ullrich | Microsoft Exchange/Sharepoint and others: Oracle Outside In Vulnerability |
| 2012-07-24/a> | Richard Porter | Wireshark 1.8.1 Released http://www.wireshark.org/ |
| 2012-07-24/a> | Richard Porter | Report of spike in DNS Queries gd21.net |
| 2012-07-23/a> | Johannes Ullrich | Most Anti-Privacy Web Browsing Tool Ever? |
| 2012-07-21/a> | Rick Wanner | OpenDNS is looking for a few good malware people! |
| 2012-07-20/a> | Mark Baggett | Syria Internet connection cut? |
| 2012-07-19/a> | Mark Baggett | A Heap of Overflows? |
| 2012-07-19/a> | Mark Baggett | Diagnosing Malware with Resource Monitor |
| 2012-07-18/a> | Rob VandenBrink | Snort Updated today |
| 2012-07-18/a> | Rob VandenBrink | Vote NO to Weak Keys! |
| 2012-07-18/a> | Rob VandenBrink | Vote NO to Weak Encryption! |
| 2012-07-16/a> | Richard Porter | Sysinternals Update @ http://blogs.technet.com/b/sysinternals/archive/2012/07/16/updates-handle-v3-5-process-explorer-v15-22-process-monitor-v3-03-rammap-v1-21-zoomit-v4-3.aspx |
| 2012-07-16/a> | Jim Clausing | An analysis of the Yahoo! passwords |
| 2012-07-15/a> | Guy Bruneau | Oracle July 2012 Critical Patch Pre-Release Announcement |
| 2012-07-14/a> | Tony Carothers | User Awareness and Education |
| 2012-07-13/a> | Richard Porter | Yesterday (not as on the ball as Rob) at SANSFire |
| 2012-07-13/a> | Russ McRee | 2 for 1: SANSFIRE & MSRA presentations |
| 2012-07-13/a> | Russ McRee | VMWare Security Advisory 12 JUL 2012 |
| 2012-07-13/a> | Russ McRee | Yahoo service SQL injection vuln leads to account exposure |
| 2012-07-12/a> | Rick Wanner | Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-cts |
| 2012-07-12/a> | Rick Wanner | Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Manager - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctsman |
| 2012-07-12/a> | Rob VandenBrink | Today at SANSFIRE - Dude Your Car is PWND ! |
| 2012-07-12/a> | Adam Swanger | ISC Feature of the Week: Internet Storm Center Events |
| 2012-07-12/a> | Rick Wanner | Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctms |
| 2012-07-12/a> | Rick Wanner | Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Recording Server - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctrs |
| 2012-07-11/a> | Rick Wanner | Excellent Security Education Resources |
| 2012-07-10/a> | Swa Frantzen | Microsoft July 2012 Black Tuesday Update - Overview |
| 2012-07-10/a> | Rob VandenBrink | Today at SANSFIRE (09 July 2012) - ISC Panel Discussion on the State of the Internet |
| 2012-07-10/a> | Swa Frantzen | Microsoft revoking trust in Microsoft certificates - SA 2728973 |
| 2012-07-10/a> | Swa Frantzen | Microsoft fix-it to disable gadgets - SA 2719662 |
| 2012-07-09/a> | Johannes Ullrich | The FBI will turn off the Internet on Monday (or not) |
| 2012-07-09/a> | Manuel Humberto Santander Pelaez | Internet Storm Center panel tonight at SANSFIRE 2012! |
| 2012-07-05/a> | Adrien de Beaupre | New OS X trojan backdoor MaControl variant reported |
| 2012-07-05/a> | Adrien de Beaupre | Microsoft advanced notification for July 2012 patch Tuesday |
| 2012-07-02/a> | Joel Esler | A rough guide to keeping your website up |
| 2012-07-02/a> | Dan Goldberg | Storms of June 29th 2012 in Mid Atlantic region of the USA |
| 2012-07-02/a> | Joel Esler | Linux & Java leap second bug |
| 2012-06-29/a> | Jim Clausing | Updated SysInternals tools - Autoruns, Process Explorer, Process Monitor, PSKill -- http://blogs.technet.com/b/sysinternals/archive/2012/06/28/updates-autoruns-v11-32-process-explorer-v15-21-process-monitor-v3-02-pskill-v1-15-rammap-v1-2.aspx |
| 2012-06-28/a> | Adam Swanger | ISC Feature of the Week: About the Internet Storm Center |
| 2012-06-28/a> | Chris Mohan | Massive spike in BGP traffic - Possible BGP poisoning? |
| 2012-06-27/a> | Daniel Wesemann | What's up with port 79 ? |
| 2012-06-27/a> | Swa Frantzen | Online Banking Heists |
| 2012-06-26/a> | Daniel Wesemann | Run, Forest! (Update) |
| 2012-06-25/a> | Rick Wanner | Targeted Malware for Industrial Espionage? |
| 2012-06-25/a> | Guy Bruneau | Issues with Windows Update Agent |
| 2012-06-25/a> | Swa Frantzen | Belgian online banking customers hacked. |
| 2012-06-25/a> | Guy Bruneau | Using JSDetox to Analyze and Deobfuscate Javascript |
| 2012-06-24/a> | Rick Wanner | nmap 6.01 released - http://nmap.org/download.html |
| 2012-06-22/a> | Kevin Liston | Updated Poll: Which Patch Delivery Schedule Works the Best for You? |
| 2012-06-22/a> | Adam Swanger | ISC Feature of the Week: Tools->ISC At-A-Glance |
| 2012-06-22/a> | Daniel Wesemann | Run, Forest! |
| 2012-06-21/a> | Russ McRee | Cisco Security Advisories 20 JUN 2012 |
| 2012-06-21/a> | Raul Siles | Print Bomb? (Take 2) |
| 2012-06-21/a> | Russ McRee | Analysis of drive-by attack sample set |
| 2012-06-21/a> | Russ McRee | Wireshark 1.8.0 released 21 JUN 2012 http://www.wireshark.org/download.html |
| 2012-06-20/a> | Raul Siles | Firefox 13.0.1 Update |
| 2012-06-20/a> | Raul Siles | CVE-2012-0217 (from MS12-042) applies to other environments too |
| 2012-06-19/a> | Daniel Wesemann | Vulnerabilityqueerprocessbrittleness |
| 2012-06-18/a> | Guy Bruneau | CVE-2012-1875 exploit is now available |
| 2012-06-15/a> | Johannes Ullrich | Authenticating E-Mail |
| 2012-06-14/a> | Johannes Ullrich | VMWare Security Advisories |
| 2012-06-13/a> | Johannes Ullrich | ICANN "Reveal Day" Lists new TLD Applications |
| 2012-06-13/a> | Johannes Ullrich | Microsoft Certificate Updater |
| 2012-06-12/a> | Scott Fendley | Apple iTunes Security Update |
| 2012-06-12/a> | Swa Frantzen | Adobe June 2012 Black Tuesday patches |
| 2012-06-12/a> | Swa Frantzen | Microsoft June 2012 Black Tuesday Update - Overview |
| 2012-06-12/a> | Swa Frantzen | Java 7u5 and 6u33 released |
| 2012-06-11/a> | Johannes Ullrich | Microsoft Update Security |
| 2012-06-07/a> | Johannes Ullrich | Microsoft June Security Bulletin Advance Notification |
| 2012-06-06/a> | Jim Clausing | Firefox, Thunderbird, and Seamonkey Security Updates |
| 2012-06-06/a> | Jim Clausing | Potential leak of 6.5+ million LinkedIn password hashes |
| 2012-06-05/a> | Adam Swanger | ISC Feature of the Week: IPv6 Preparedness and Tools |
| 2012-06-04/a> | Lenny Zeltser | Decoding Common XOR Obfuscation in Malicious Code |
| 2012-06-04/a> | Rob VandenBrink | vSphere 5.0 Hardening Guide Officially Released |
| 2012-06-04/a> | Johannes Ullrich | Microsoft Emergency Bulletin: Unauthorized Certificate used in "Flame" |
| 2012-06-01/a> | Johannes Ullrich | Apple Releases iOS Security Specs |
| 2012-06-01/a> | Johannes Ullrich | What Does "IPv6 Day" mean to you? |
| 2012-06-01/a> | Adam Swanger | ISC Feature of the Week: Country and Region Report |
| 2012-05-31/a> | Johannes Ullrich | SCADA@Home: Your health is no secret no more! |
| 2012-05-31/a> | Johannes Ullrich | NASA Man-in-the-Middle Attack: Why you should use proper SSL Certificates |
| 2012-05-31/a> | Johannes Ullrich | Why Flame is Lame |
| 2012-05-30/a> | Rob VandenBrink | Too Big to Fail / Too Big to Learn? |
| 2012-05-30/a> | Rob VandenBrink | What's in Your Lab? |
| 2012-05-25/a> | Guy Bruneau | Apple PGP Product Security key update - https://www.apple.com/support/security/pgp/ |
| 2012-05-25/a> | Guy Bruneau | Google Publish Transparency Report |
| 2012-05-25/a> | Guy Bruneau | Technical Analysis of Flash Player CVE-2012-0779 |
| 2012-05-25/a> | Guy Bruneau | VMware vMA Security Advisory VMSA-2012-0010 - http://www.vmware.com/security/advisories/VMSA-2012-0010.html |
| 2012-05-24/a> | Adam Swanger | ISC Feature of the Week: Country Report |
| 2012-05-23/a> | Mark Baggett | IP Fragmentation Attacks |
| 2012-05-23/a> | Mark Baggett | Problems with MS12-035 affecting XP, SBS and Windows 2003? |
| 2012-05-22/a> | Johannes Ullrich | nmap 6 released |
| 2012-05-22/a> | Johannes Ullrich | The "Do Not Track" header |
| 2012-05-22/a> | Johannes Ullrich | When factors collapse and two factor authentication becomes one. |
| 2012-05-21/a> | Kevin Shortt | DNS ANY Request Cannon - Need More Packets |
| 2012-05-18/a> | Johannes Ullrich | ZTE Score M Android Phone backdoor |
| 2012-05-17/a> | Johannes Ullrich | Do Firewalls make sense? |
| 2012-05-17/a> | Johannes Ullrich | New IPv6 Video: IPv6 Router Advertisements https://isc.sans.edu/ipv6videos |
| 2012-05-17/a> | Adam Swanger | ISC Feature of the Week: Tools->Information Gathering |
| 2012-05-16/a> | Johannes Ullrich | Reserved IP Address Space Reminder |
| 2012-05-16/a> | Johannes Ullrich | Avira Antivirus false positives http://forum.avira.com/wbb/index.php?page=Thread&threadID=144875 |
| 2012-05-14/a> | Chris Mohan | Laptops at Security Conferences |
| 2012-05-14/a> | Mark Hofman | Got packets? Interested in TCP/8909, TCP/6666, TCP/9415, TCP/27977 and UDP/7 |
| 2012-05-12/a> | Tony Carothers | Adobe Update to Vulnerabilities |
| 2012-05-11/a> | Adam Swanger | ISC Feature of the Week: Link List |
| 2012-05-10/a> | Kevin Shortt | Safari 5.1.7 - an interesting feature |
| 2012-05-08/a> | Bojan Zdrnja | Windows Firewall Bypass Vulnerability and NetBIOS NS |
| 2012-05-08/a> | Adam Swanger | Microsoft May 2012 Black Tuesday Update - Overview |
| 2012-05-07/a> | Guy Bruneau | iOS 5.1.1 Software Update for iPod, iPhone, iPad |
| 2012-05-05/a> | Tony Carothers | Vulnerability Assessment Program - Discussions |
| 2012-05-05/a> | Tony Carothers | Vulnerability Exploit for Snow Leopard |
| 2012-05-04/a> | Adam Swanger | ISC Feature of the Week: Data/Reports |
| 2012-05-04/a> | Guy Bruneau | Adobe Security Flash Update |
| 2012-05-03/a> | Guy Bruneau | VMware Critical Security Issues Advisory - http://www.vmware.com/security/advisories/VMSA-2012-0009.html |
| 2012-05-02/a> | Bojan Zdrnja | Monitoring VMWare logs |
| 2012-04-30/a> | Rob VandenBrink | FCC posts Enquiry Documents on Google Wardriving |
| 2012-04-30/a> | Rob VandenBrink | Patch for Oracle TNS Listener issue released ! |
| 2012-04-27/a> | Johannes Ullrich | Critical Unpatched Oracle Vulnerability |
| 2012-04-27/a> | Adam Swanger | ISC Feature of the Week: Handler Created Tools |
| 2012-04-26/a> | Richard Porter | Define Irony: A medical device with a Virus? |
| 2012-04-26/a> | Richard Porter | Packetstorm Security and Metasploit have Exploit code for MS12-027 |
| 2012-04-25/a> | Daniel Wesemann | Blacole's obfuscated JavaScript |
| 2012-04-25/a> | Daniel Wesemann | Blacole's shell code |
| 2012-04-23/a> | Russ McRee | Emergency Operations Centers & Security Incident Management: A Correlation |
| 2012-04-21/a> | Guy Bruneau | WordPress Release Security Update |
| 2012-04-18/a> | Kevin Shortt | Sysinternals Updates - 2012 Apr 17 |
| 2012-04-18/a> | Kevin Shortt | Oracle Critical Patch Update Advisory - April 2012: http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html |
| 2012-04-18/a> | Adam Swanger | ISC Feature of the Week: Suspicious Domains |
| 2012-04-16/a> | Mark Baggett | Challenge: What can you do with Funky Directory Names (Part 2) |
| 2012-04-16/a> | Mark Baggett | McAfee DAT troubles |
| 2012-04-15/a> | Rick Wanner | .Net update affects printing from some applications |
| 2012-04-14/a> | Rick Wanner | Flashback Trojan Removal Tool Released |
| 2012-04-13/a> | Daniel Wesemann | VMware ESX/ESXi privilege escalation vuln. advisory: http://www.vmware.com/security/advisories/VMSA-2012-0007.html |
| 2012-04-13/a> | Daniel Wesemann | Oracle CPU Patches announced for Apr 17 |
| 2012-04-13/a> | Adam Swanger | ISC Feature of the Week: Get to know the Handlers |
| 2012-04-13/a> | Daniel Wesemann | Anti-virus scanning exclusions |
| 2012-04-12/a> | Guy Bruneau | HP ProCurve 5400 zl Switch, Flash Cards Infected with Malware |
| 2012-04-12/a> | Guy Bruneau | wicd Privilege Escalation 0day exploit for Backtrack 5 R2 |
| 2012-04-12/a> | Guy Bruneau | Apple Java Updates for Mac OS X |
| 2012-04-11/a> | Mark Baggett | Challenge: What can you do with funky directory names? |
| 2012-04-10/a> | Swa Frantzen | Windows Vista RIP |
| 2012-04-10/a> | Swa Frantzen | Microsoft April 2012 Black Tuesday Update - Overview |
| 2012-04-10/a> | Swa Frantzen | Adobe April 2012 Black Tuesday Update |
| 2012-04-10/a> | Swa Frantzen | SAMBA "root" credential remote code execution. |
| 2012-04-06/a> | Johannes Ullrich | Social Share Privacy |
| 2012-04-06/a> | Johannes Ullrich | Another OS X Java Patch |
| 2012-04-06/a> | Johannes Ullrich | Microsoft April Patch Tuesday Pre-Announcement (6 Patches): http://technet.microsoft.com/en-us/security/bulletin/ms12-apr |
| 2012-04-06/a> | Johannes Ullrich | Adobe Patch Tuesday Prerelease (Reader/Acrobat) http://www.adobe.com/support/security/bulletins/apsb12-08.html |
| 2012-04-05/a> | Johannes Ullrich | Evil hides everywhere: Web Application Exploits in Headers |
| 2012-04-04/a> | Adam Swanger | ISC Feature of the Week: Diary/Infocon/Event Notifications |
| 2012-04-02/a> | Johannes Ullrich | SHA 1-2-3 |
| 2012-03-30/a> | Daniel Wesemann | Fake tech reps calling |
| 2012-03-28/a> | Kevin Shortt | Adobe Flash Player APSB12-07 - 28 March 2012 |
| 2012-03-27/a> | Johannes Ullrich | Firefox 3.6 EOL |
| 2012-03-27/a> | Adam Swanger | ISC Feature of the Week: ISC Poll |
| 2012-03-27/a> | Guy Bruneau | Wireshark 1.6.6 and 1.4.2 Released |
| 2012-03-27/a> | Guy Bruneau | Opera 11.62 for Windows patch several bugs and vulnerabilities - http://www.opera.com/docs/changelogs/windows/1162/ |
| 2012-03-25/a> | Daniel Wesemann | evilcode.class |
| 2012-03-21/a> | Johannes Ullrich | Virus Bulletin Spam Filter Test |
| 2012-03-21/a> | Adam Swanger | ISC Feature of the Week: Presentations and Papers |
| 2012-03-20/a> | Johannes Ullrich | A Reminder: Private Key Security |
| 2012-03-16/a> | Guy Bruneau | VMware New and Updated Security Advisories |
| 2012-03-16/a> | Russ McRee | MS12-020 RDP vulnerabilities: Patch, Mitigate, Detect |
| 2012-03-15/a> | Adam Swanger | ISC Feature of the Week: Infocon |
| 2012-03-13/a> | Lenny Zeltser | March 2012 Microsoft Black Tuesday |
| 2012-03-13/a> | Lenny Zeltser | Please transfer this email to your CEO or appropriate person, thanks |
| 2012-03-12/a> | Johannes Ullrich | Apple Released Safari 5.1.4 |
| 2012-03-12/a> | Guy Bruneau | OpenSSL Security Update |
| 2012-03-11/a> | Johannes Ullrich | An Analysis of Jester's QR Code Attack. (Guest Diary) |
| 2012-03-09/a> | Guy Bruneau | VMware New and Updated Advisories |
| 2012-03-09/a> | Guy Bruneau | Nmap 5.61TEST5 released with 43 new scripts,improved OS & version detection, and more available for download - http://nmap.org/download.html |
| 2012-03-08/a> | Johannes Ullrich | Apple Patches |
| 2012-03-08/a> | Johannes Ullrich | Microsoft March Patch Tuesday Pre-Anouncement out. 6 patches, 1 critical: http://technet.microsoft.com/en-us/security/bulletin/ms12-mar |
| 2012-03-06/a> | Mark Hofman | Websense posted a small article relating to mass injection into wordpress sites (thanks Chris) More info Here --> http://community.websense.com/blogs/securitylabs/archive/2012/03/05/mass-injection-of-wordpress-sites.aspx |
| 2012-03-06/a> | Adam Swanger | ISC Feature of the Week: Follow us on Twitter |
| 2012-03-05/a> | Johannes Ullrich | Flashback Malware now with Twitter C&C |
| 2012-03-05/a> | Johannes Ullrich | Adobe Flash Player Security Update |
| 2012-03-03/a> | Jim Clausing | New automated sandbox for Android malware |
| 2012-03-01/a> | Bojan Zdrnja | Monitoring Remote Desktop Services logs ... or not? |
| 2012-02-29/a> | Johannes Ullrich | COX Network Outage |
| 2012-02-29/a> | Adam Swanger | ISC Feature of the Week: 404Project Reports |
| 2012-02-29/a> | Russ McRee | Cisco Security Advisories - 29FEB2011 |
| 2012-02-27/a> | Johannes Ullrich | Odd Vanishing Signatures in OS X XProtect |
| 2012-02-24/a> | Guy Bruneau | Flashback Trojan in the Wild |
| 2012-02-24/a> | Guy Bruneau | BlackBerry PlayBook tablet Samba file sharing Vulnerability - http://www.blackberry.com/btsc/KB29565 |
| 2012-02-23/a> | donald smith | DNS-Changer "clean DNS" extension requested |
| 2012-02-22/a> | Johannes Ullrich | How to test OS X Mountain Lion's Gatekeeper in Lion |
| 2012-02-22/a> | Johannes Ullrich | Apache 2.4 Features |
| 2012-02-22/a> | Adam Swanger | ISC Feature of the Week: Handler Diaries |
| 2012-02-20/a> | Johannes Ullrich | The Ultimate OS X Hardening Guide Collection |
| 2012-02-20/a> | Pedro Bueno | Simple Malware Research Tools |
| 2012-02-20/a> | Rick Wanner | DNSChanger resolver shutdown deadline is March 8th |
| 2012-02-17/a> | Mark Hofman | Intersting Facebook SPAM |
| 2012-02-16/a> | Johannes Ullrich | Adobe Flash Player Update |
| 2012-02-16/a> | Tony Carothers | Java Update for February |
| 2012-02-15/a> | Adam Swanger | ISC Feature of the Week: XML Feeds |
| 2012-02-14/a> | Johannes Ullrich | Adobe Shockwave Player and RoboHelp for Word Patches |
| 2012-02-14/a> | Johannes Ullrich | February 2012 Microsoft Black Tuesday |
| 2012-02-08/a> | Jim Clausing | Chrome to stop checking Certificate Revocation List (CRL)? |
| 2012-02-07/a> | Adam Swanger | ISC Feature of the Week: Security Dashboard |
| 2012-02-07/a> | Jim Clausing | Book Review: Practical Packet Analysis, 2nd ed |
| 2012-02-07/a> | Johannes Ullrich | Secure E-Mail Access |
| 2012-02-04/a> | Scott Fendley | Apple Security Advisory 2012-001 v1.1 |
| 2012-02-01/a> | Adam Swanger | ISC Feature of the Week: ISC Search |
| 2012-02-01/a> | Russ McRee | Oracle Security Alert: http://www.oracle.com/technetwork/topics/security/alert-cve-2011-5035-1506603.html |
| 2012-01-31/a> | Russ McRee | OSINT tactics: parsing from FOCA for Maltego |
| 2012-01-31/a> | Russ McRee | Firefox 10 and VMWare advisories and updates |
| 2012-01-25/a> | Adam Swanger | ISC Feature of the Week: ISC Link Back |
| 2012-01-25/a> | Bojan Zdrnja | pcAnywhere users – patch now! |
| 2012-01-22/a> | Johannes Ullrich | Javascript DDoS Tool Analysis |
| 2012-01-22/a> | Lorna Hutcheson | Mailbag - "Attacks" |
| 2012-01-18/a> | Adam Swanger | ISC Feature of the Week: The 404Project |
| 2012-01-18/a> | Richard Porter | Oracle Quarterly Released, http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html |
| 2012-01-16/a> | Kevin Shortt | Zappos Breached |
| 2012-01-14/a> | Daniel Wesemann | Hello, Antony! |
| 2012-01-13/a> | Guy Bruneau | Sysinternals Updates - http://blogs.technet.com/b/sysinternals/archive/2012/01/13/updates-autoruns-v11-21-coreinfo-v3-03-portmon-v-3-03-process-explorer-v15-12-mark-s-blog-and-mark-at-rsa-2012.aspx |
| 2012-01-13/a> | Guy Bruneau | Strange DNS Queries - Request Packets/Logs |
| 2012-01-11/a> | Adrien de Beaupre | New wireshark released - 1.6.5 and 1.4.11 - www.wireshark.org/download.html |
| 2012-01-11/a> | Adam Swanger | ISC Feature of the Week: Internet Storm Center / DShield API |
| 2012-01-10/a> | Adrien de Beaupre | January 2012 Microsoft Black Tuesday Summary |
| 2012-01-10/a> | Adrien de Beaupre | Adobe January 2012 Black Tuesday overview |
| 2012-01-06/a> | Guy Bruneau | January 2012 Patch Tuesday Pre-release |
| 2012-01-05/a> | Russ McRee | OpenSSL vulnerability fixes |
| 2012-01-03/a> | Rick Wanner | nmap 5.61TEST4 released |
| 2012-01-03/a> | Rick Wanner | Analysis of the Stratfor Password List |
| 2012-01-03/a> | Bojan Zdrnja | The tale of obfuscated JavaScript continues |
| 2012-01-03/a> | Adam Swanger | ISC Feature of the Week: How to Submit Firewall Logs |
| 2011-12-29/a> | Richard Porter | ASP.Net Vulnerability |
| 2011-12-28/a> | Daniel Wesemann | .nl.ai ? |
| 2011-12-28/a> | Daniel Wesemann | Hash collisions vulnerability in web servers |
| 2011-12-26/a> | Deborah Hale | Badware 2011 |
| 2011-12-25/a> | Deborah Hale | Another Company Falls Victim |
| 2011-12-25/a> | Deborah Hale | Merry Christmas, Happy Holidays |
| 2011-12-21/a> | Chris Mohan | Firefox 9 has been released patching known vulnerabilities http://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox9 |
| 2011-12-21/a> | Chris Mohan | The off switch |
| 2011-12-13/a> | Johannes Ullrich | December 2011 Microsoft Black Tuesday Summary |
| 2011-12-13/a> | Johannes Ullrich | December 2011 Adobe Black Tuesday |
| 2011-12-12/a> | Daniel Wesemann | You won 100$ or a free iPad! |
| 2011-12-12/a> | Daniel Wesemann | Java 6u30 released |
| 2011-12-10/a> | Daniel Wesemann | Unwanted Presents |
| 2011-12-08/a> | Adrien de Beaupre | Newest Adobe Flash 11.1.102.55 and Previous 0 Day Exploit |
| 2011-12-08/a> | Adrien de Beaupre | Microsoft Security Bulletin Advance Notification for December 2011 |
| 2011-12-07/a> | Lenny Zeltser | V8 as an Alternative to SpiderMonkey for JavaScript Deobfuscation |
| 2011-12-07/a> | Lenny Zeltser | Adobe Acrobat Latest Zero-Day Vulnerability Fix Coming to All Platforms by January 10 |
| 2011-12-06/a> | Kevin Shortt | C|Net download.com serving malware with nmap software |
| 2011-12-06/a> | Kevin Shortt | Cain & Abel v4.9.43 Released - http://www.oxid.it/ |
| 2011-12-01/a> | Mark Hofman | SQL Injection Attack happening ATM |
| 2011-11-28/a> | Tom Liston | A Puzzlement... |
| 2011-11-28/a> | Rob VandenBrink | It's Cyber Monday - Click Here! |
| 2011-11-24/a> | Russ McRee | Quick Tip: Pastebin Monitoring & Recon |
| 2011-11-23/a> | Johannes Ullrich | SCADA hacks published on Pastebin |
| 2011-11-22/a> | Pedro Bueno | Updates on ZeroAccess and BlackHole front... |
| 2011-11-19/a> | Pedro Bueno | Dragon Research Group (DRG) announced the white paper entitled "VNC: Threats and Countermeasures" : https://dragonresearchgroup.org/insight/vnc-tac.html |
| 2011-11-18/a> | Kevin Liston | Recent VMWare security advisories |
| 2011-11-16/a> | Adrien de Beaupre | GET BACK TO ME ASAP |
| 2011-11-16/a> | Jason Lam | Potential 0-day on Bind 9 |
| 2011-11-15/a> | Adrien de Beaupre | www.disa.mil down? |
| 2011-11-14/a> | Stephen Hall | Apple update summary |
| 2011-11-11/a> | Rick Wanner | APPLE-SA-2011-11-10-2 Time Capsule and AirPort Base Station (802.11n) Firmware 7.6 update |
| 2011-11-11/a> | Rick Wanner | Adobe Flash update to 11.1.102.55 |
| 2011-11-11/a> | Rick Wanner | Adobe Air updated to 3.1.0.4880 |
| 2011-11-11/a> | Rick Wanner | Yay! More Sysinternals updates! http://technet.microsoft.com/en-us/sysinternals |
| 2011-11-10/a> | Rob VandenBrink | Stuff I Learned Scripting - - Parsing XML in a One-Liner |
| 2011-11-09/a> | Russ McRee | Operation Ghost Click: FBI bags crime ring responsible for $14 million in losses |
| 2011-11-08/a> | Swa Frantzen | Microsoft November 2011 Black Tuesday Overview |
| 2011-11-08/a> | Swa Frantzen | Abobe November 2011 Black Tuesday Overview |
| 2011-11-08/a> | Swa Frantzen | Apple Black Tuesday |
| 2011-11-04/a> | Guy Bruneau | Duqu Mitigation |
| 2011-11-03/a> | Richard Porter | An Apple, Inc. Sandbox to play in. |
| 2011-11-03/a> | Guy Bruneau | November 2011 Patch Tuesday Pre-release |
| 2011-11-02/a> | Russ McRee | Wireshark updates: 1.6.3 and 1.4.10 released |
| 2011-11-01/a> | Russ McRee | Honeynet Project: Android Reverse Engineering (A.R.E.) Virtual Machine released |
| 2011-11-01/a> | Russ McRee | Secure languages & frameworks |
| 2011-10-29/a> | Richard Porter | The Sub Critical Control? Evidence Collection |
| 2011-10-28/a> | Russ McRee | Critical Control 19: Data Recovery Capability |
| 2011-10-28/a> | Daniel Wesemann | Critical Control 20: Security Skills Assessment and Training to fill Gaps |
| 2011-10-27/a> | Mark Baggett | Critical Control 18: Incident Response Capabilities |
| 2011-10-26/a> | Rick Wanner | Critical Control 17:Penetration Tests and Red Team Exercises |
| 2011-10-26/a> | Rob VandenBrink | The Theoretical "SSL Renegotiation" Issue gets a Whole Lot More Real ! |
| 2011-10-23/a> | Guy Bruneau | tcpdump and IPv6 |
| 2011-10-22/a> | Guy Bruneau | Oracle Java SE Critical Patch Update |
| 2011-10-21/a> | Johannes Ullrich | New Flash Click Jacking Exploit |
| 2011-10-20/a> | Johannes Ullrich | Evil Printers Sending Mail |
| 2011-10-19/a> | Pedro Bueno | The old new Stuxnet...DuQu? |
| 2011-10-19/a> | Mark Hofman | Oracle Critical Patch Update |
| 2011-10-19/a> | Johannes Ullrich | House for rent! Observing an Overpayment Scam |
| 2011-10-17/a> | Rob VandenBrink | Critical Control 11: Account Monitoring and Control |
| 2011-10-13/a> | Johannes Ullrich | Critical OS X Vulnerability Patched |
| 2011-10-13/a> | Kevin Shortt | VMware ESXi and ESX updates to third party libraries and ESX Service Console - http://www.vmware.com/security/advisories/VMSA-2011-0012.html |
| 2011-10-13/a> | Guy Bruneau | Critical Control 10: Continuous Vulnerability Assessment and Remediation |
| 2011-10-12/a> | Adam Swanger | We are experiencing technical issues with the webcast. The webcast will start as soon as these issues are resolved. |
| 2011-10-12/a> | Kevin Shortt | Critical Control 8 - Controlled Use of Administrative Privileges |
| 2011-10-11/a> | Swa Frantzen | Microsoft Black Tuesday Overview October 2011 |
| 2011-10-11/a> | Swa Frantzen | Critical Control 7 - Application Software Security |
| 2011-10-11/a> | Swa Frantzen | Apple iTunes 10.5 |
| 2011-10-10/a> | Tom Liston | What's In A Name? |
| 2011-10-10/a> | Jim Clausing | Critical Control 6 - Maintenance, Monitoring, and Analysis of Security Audit Logs |
| 2011-10-07/a> | Mark Hofman | Critical Control 5 - Boundary Defence |
| 2011-10-06/a> | Rob VandenBrink | Apache HTTP Server mod_proxy reverse proxy issue |
| 2011-10-05/a> | Johannes Ullrich | Adobe SSL Certificate Problem (fixed) |
| 2011-10-05/a> | Jim Clausing | VMware Advisory - UDF file system handling |
| 2011-10-04/a> | Rob VandenBrink | Critical Control 2 - Inventory of Authorized and Unauthorized Software |
| 2011-10-04/a> | Johannes Ullrich | Critical Control 3 - Secure Configurations for Hardware and Software on Laptops, Workstations and Servers |
| 2011-10-03/a> | Mark Hofman | Critical Control 1 - Inventory of Authorized and Unauthorized Devices |
| 2011-10-03/a> | Mark Baggett | What are the 20 Critical Controls? |
| 2011-10-03/a> | Bojan Zdrnja | Beauty and the BEAST |
| 2011-10-03/a> | Tom Liston | Security 101 : Security Basics in 140 Characters Or Less |
| 2011-10-02/a> | Mark Hofman | Cyber Security Awareness Month Day 1/2 - Schedule |
| 2011-10-02/a> | Mark Hofman | Cyber Security Awareness Month Day 1/2 - Introduction to the controls |
| 2011-10-01/a> | Mark Hofman | Hot on the heels fo FF, Thunderbird v 7.0.1 and SeaMonkey v 2.4.1 have been updated. |
| 2011-10-01/a> | Mark Hofman | Adobe Photoshop for Windows Vulnerability (CVE-2011-2443) |
| 2011-09-28/a> | Richard Porter | All Along the ARP Tower! |
| 2011-09-27/a> | donald smith | New feature in JUNOS to drop or ignore path attributes. |
| 2011-09-23/a> | Mark Hofman | SSL/TLS Vulnerability Details to be Released Friday (Part 2) |
| 2011-09-22/a> | Rob VandenBrink | TLS 1.2 - Look before you Leap ! |
| 2011-09-21/a> | Swa Frantzen | Emergency patch expected for Flash Player |
| 2011-09-21/a> | Mark Hofman | October 2011 Cyber Security Awareness Month |
| 2011-09-21/a> | Guy Bruneau | Adobe Release Flash Player 10.3.183.10 available at http://get.adobe.com/flashplayer/ |
| 2011-09-20/a> | Swa Frantzen | Diginotar declared bankrupt |
| 2011-09-19/a> | Guy Bruneau | MS Security Advisory Update - Fraudulent DigiNotar Certificates |
| 2011-09-18/a> | Guy Bruneau | Google Chrome Security Updates |
| 2011-09-15/a> | Swa Frantzen | DigiNotar looses their accreditation for qualified certificates |
| 2011-09-15/a> | Johannes Ullrich | SSH Vandals? |
| 2011-09-15/a> | Johannes Ullrich | September OUCH! awareness newsletter released - How to use social networking sites safely. http://bit.ly/ja6TMH |
| 2011-09-13/a> | Swa Frantzen | GlobalSign back in operation |
| 2011-09-13/a> | Swa Frantzen | Microsoft September 2011 Black Tuesday |
| 2011-09-13/a> | Swa Frantzen | Adobe September 2011 Black Tuesday overview |
| 2011-09-13/a> | Swa Frantzen | More DigiNotar intermediate certificates blocklisted at Microsoft |
| 2011-09-09/a> | Rob VandenBrink | Wireshark 1.62 (Newest Stable Release) is out !! ==> http://www.wireshark.org/download.html |
| 2011-09-09/a> | Guy Bruneau | Adobe plan to release critical security updates next Tuesday for Acrobat and Reader http://www.adobe.com/support/security/bulletins/apsb11-24.html |
| 2011-09-09/a> | Johannes Ullrich | Large power outage in Southern California may last until Friday. http://www.sdge.com |
| 2011-09-09/a> | Johannes Ullrich | Early Patch Tuesday Today: Microsoft September 2011 Patches |
| 2011-09-09/a> | Guy Bruneau | Apple Certificate Trust Policy Update |
| 2011-09-09/a> | Guy Bruneau | Adobe Publish its List of Trusted Root Certificate - http://www.adobe.com/security/approved-trust-list.html |
| 2011-09-08/a> | Rob VandenBrink | Should We Still Test Patches? |
| 2011-09-08/a> | Rob VandenBrink | When Good CA's go Bad: Other Things to Check in Your Datacenter |
| 2011-09-08/a> | Mark Hofman | Microsoft has released their advanced notification for patch Tuesday. 15 Vulnerabilities to be addressed. more here --> http://blogs.technet.com/b/msrc/archive/2011/09/08/advanced-notification-for-the-september-2011-bulletin-release.aspx |
| 2011-09-07/a> | Lenny Zeltser | Analyzing Mobile Device Malware - Honeynet Forensic Challenge 9 and Some Tools |
| 2011-09-07/a> | Lenny Zeltser | GlobalSign Temporarily Stops Issuing Certificates to Investigate a Potential Breach |
| 2011-09-06/a> | Swa Frantzen | DigiNotar audit - intermediate report available |
| 2011-09-06/a> | Johannes Ullrich | Microsoft Releases Diginotar Related Patch and Advisory |
| 2011-09-06/a> | Guy Bruneau | Firefox 6.0.2 released to removed trust to DigiNotar certificate authority http://www.mozilla.org/en-US/firefox/6.0.2/releasenotes/ |
| 2011-09-05/a> | Raul Siles | Java 7 Officially Released |
| 2011-09-04/a> | Lorna Hutcheson | Several Sites Defaced |
| 2011-09-01/a> | Swa Frantzen | DigiNotar breach - the story so far |
| 2011-08-31/a> | Johannes Ullrich | Firefox/Thunderbird 6.0.1 released to blocklist bad DigiNotar SSL certificates |
| 2011-08-31/a> | Johannes Ullrich | Phishing e-mail to custom e-mail addresses |
| 2011-08-30/a> | Johannes Ullrich | A Packet Challenge: Help us identify this traffic |
| 2011-08-30/a> | Scott Fendley | Cisco Security Advisory - Apache HTTPd DoS |
| 2011-08-30/a> | Johannes Ullrich | Apache patch out for "byte range" DoS vulnerability http://www.apache.org/dist/httpd/Announcement2.2.html |
| 2011-08-29/a> | Kevin Shortt | Internet Worm in the Wild |
| 2011-08-26/a> | Daniel Wesemann | User Agent 007 |
| 2011-08-26/a> | Johannes Ullrich | SANS Virginia Beach Conference Canceled. Details: http://www.sans.org/virginia-beach-2011/ |
| 2011-08-26/a> | Daniel Wesemann | Adobe Flash stability update to 10.3.183.7. See http://forums.adobe.com/message/3883150 |
| 2011-08-26/a> | Johannes Ullrich | Some Hurricane Technology Tips |
| 2011-08-25/a> | Kevin Shortt | Revival of an Unpatched Apache HTTPD DoS |
| 2011-08-25/a> | Kevin Shortt | Increased Traffic on Port 3389 |
| 2011-08-24/a> | Rob VandenBrink | Disaster Preparedness - Are We Shaken or Stirred? |
| 2011-08-24/a> | Rob VandenBrink | Citrix Access Gateway Cross Site Scripting vulnerability and fix ==> http://support.citrix.com/article/CTX129971 |
| 2011-08-19/a> | Kevin Shortt | Java SE 6 Update 27 released. No security updates, many bug fixes ==> http://www.oracle.com/technetwork/java/javase/6u27-relnotes-444147.html |
| 2011-08-17/a> | Johannes Ullrich | August edition of security awareness newsletter OUCH! released. Focus: Updating your Software http://t.co/ftRVetZ |
| 2011-08-17/a> | Rob VandenBrink | Putting all of Your Eggs in One Basket - or How NOT to do Layoffs |
| 2011-08-17/a> | Rob VandenBrink | Sysinternal updates for ProcDump v4.0, Process Monitor v2.96, Process Explorer v15.02 ==> http://blogs.technet.com/b/sysinternals/ |
| 2011-08-16/a> | Johannes Ullrich | What are the most dangerous web applications and how to secure them? |
| 2011-08-16/a> | Scott Fendley | Firefox 3.6.20 Corrects Several Critical Vulnerabilities |
| 2011-08-15/a> | Mark Hofman | How to find unwanted files on workstations |
| 2011-08-15/a> | Rob VandenBrink | 8 Years since the Eastern Seaboard Blackout - Has it Been that Long? |
| 2011-08-14/a> | Guy Bruneau | FireCAT 2.0 Released |
| 2011-08-11/a> | Guy Bruneau | BlackBerry Enterprise Server Critical Update |
| 2011-08-10/a> | Johannes Ullrich | Theoretical and Practical Password Entropy |
| 2011-08-10/a> | Guy Bruneau | Samba 3.6.0 Released |
| 2011-08-09/a> | Swa Frantzen | abuse handling |
| 2011-08-09/a> | Swa Frantzen | Microsoft August 2011 Black Tuesday Overview |
| 2011-08-09/a> | Swa Frantzen | Adobe August 2011 Black Tuesday Overview |
| 2011-08-05/a> | Johannes Ullrich | Microsoft Patch Tuesday Advance Notification: 13 Bulletins coming http://www.microsoft.com/technet/security/Bulletin/MS11-aug.mspx |
| 2011-08-05/a> | donald smith | New Mac Trojan: BASH/QHost.WB |
| 2011-08-03/a> | Johannes Ullrich | Malicious Images: What's a QR Code |
| 2011-08-02/a> | Mark Hofman | Metsploit 4 hits the downloads |
| 2011-07-30/a> | Deborah Hale | Links on your Facebook Wall |
| 2011-07-29/a> | Richard Porter | Apple Lion talking on TCP 5223 |
| 2011-07-28/a> | Guy Bruneau | XenApp and XenDesktop could result in Arbitrary Code Execution |
| 2011-07-28/a> | Johannes Ullrich | Announcing: The "404 Project" |
| 2011-07-28/a> | Guy Bruneau | Java 7.0 released. Get it here - http://blogs.oracle.com/javase/entry/java_7_has_released |
| 2011-07-27/a> | Daniel Wesemann | OWASP Session Management "Cheat Sheet" |
| 2011-07-25/a> | Johannes Ullrich | Apple released patch for iWork security issue http://support.apple.com/kb/HT1222 |
| 2011-07-25/a> | Bojan Zdrnja | When the FakeAV coder(s) fail |
| 2011-07-25/a> | Johannes Ullrich | iOS 4.3.5 released fixing an SSL certificate verification flaw. http://support.apple.com/kb/HT1222 |
| 2011-07-23/a> | Johannes Ullrich | Apple Battery Firmware Default Password |
| 2011-07-21/a> | Daniel Wesemann | Down the FakeAV rabbit hole |
| 2011-07-21/a> | Mark Hofman | Lion Released |
| 2011-07-21/a> | Johannes Ullrich | Lion: What is new in Security |
| 2011-07-19/a> | Richard Porter | SMS Phishing at the SANSFire 2011 Handler Dinner |
| 2011-07-17/a> | Mark Hofman | SSH Brute Force |
| 2011-07-15/a> | Deborah Hale | Apple Software Updates |
| 2011-07-15/a> | Deborah Hale | What's in a Firewall? |
| 2011-07-14/a> | Guy Bruneau | Blackberry Server Security Update - http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB27258 |
| 2011-07-13/a> | Guy Bruneau | New Sguil HTTPRY Agent |
| 2011-07-13/a> | Guy Bruneau | Are Mobile Devices taking over your Corporate Network? |
| 2011-07-12/a> | Swa Frantzen | Microsoft July 2011 Black Tuesday Overview |
| 2011-07-11/a> | John Bambenek | Another Defense Contractor Hacked in AntiSec Hacktivism Spree |
| 2011-07-10/a> | Raul Siles | Security Testing SSL/TLS (HTTPS) Implementations |
| 2011-07-10/a> | Raul Siles | Jailbreakme Takes Advantage of 0-day PDF Vuln in Apple iOS Devices |
| 2011-07-09/a> | Tony Carothers | Copyright Alert System - What say you? |
| 2011-07-07/a> | Rob VandenBrink | "There's a Patch for that" (or maybe not) |
| 2011-07-06/a> | Rob VandenBrink | "Too Important to Patch" - Wait? What? |
| 2011-07-05/a> | Raul Siles | Helping Developers Understand Security - Spot the Vuln |
| 2011-07-04/a> | Deborah Hale | VSFTP Backdoor in Source Code |
| 2011-06-30/a> | Guy Bruneau | Adobe Release Flash Player 10.3.181.34 available at http://get.adobe.com/flashplayer/ |
| 2011-06-30/a> | Guy Bruneau | Symantec Report - Spam Surge against Social Networks |
| 2011-06-30/a> | Rob VandenBrink | Update for RSA Authentication Manager |
| 2011-06-29/a> | Johannes Ullrich | Random SSL Tips and Tricks |
| 2011-06-28/a> | Johannes Ullrich | Hashing Passwords |
| 2011-06-28/a> | Johannes Ullrich | Update: Opera 11.50 is now available http://www.opera.com/ |
| 2011-06-28/a> | Johannes Ullrich | Update: Google Chrome 12.0.742.112 released http://googlechromereleases.blogspot.com/2011/06/stable-channel-update_28.html |
| 2011-06-28/a> | Johannes Ullrich | Update: Thunderbird 5.0 released. https://www.mozilla.org/en-US/thunderbird/ |
| 2011-06-28/a> | Johannes Ullrich | Update: Java update for OS X fixes security issues http://support.apple.com/kb/HT1222 |
| 2011-06-27/a> | Kevin Shortt | Phishy Spam |
| 2011-06-26/a> | Rick Wanner | Nagios script for ISC threat level http://www.aj-services.com/?p=275 |
| 2011-06-23/a> | Jim Clausing | Apple Security Updates 2011-004 |
| 2011-06-22/a> | Guy Bruneau | WordPress Forces Password Reset |
| 2011-06-22/a> | Guy Bruneau | How Good is your Employee Termination Policy? |
| 2011-06-21/a> | Chris Mohan | StartSSL, a web authentication authority, suspend services after a security breach |
| 2011-06-19/a> | Guy Bruneau | Sega Pass Compromised - 1.29 Million Customers Data Leaked |
| 2011-06-17/a> | Richard Porter | When do you stop owning Technology? |
| 2011-06-15/a> | Pedro Bueno | Hit by MacDefender, Apple Web Security (name your Mac FakeAV here)... |
| 2011-06-15/a> | Johannes Ullrich | Latest issue of "Ouch!" is out http://www.securingthehuman.org/resources/newsletters/ouch |
| 2011-06-14/a> | Swa Frantzen | Adobe releases patches |
| 2011-06-14/a> | Swa Frantzen | Microsoft June 2011 Black Tuesday Overview |
| 2011-06-13/a> | Bojan Zdrnja | Harry Potter and the Rogue anti-virus: Part 1 |
| 2011-06-09/a> | Richard Porter | Chrome Version 12.0.742.91 Released |
| 2011-06-09/a> | Richard Porter | One Browser to Rule them All? |
| 2011-06-08/a> | Johannes Ullrich | Spam from compromised Hotmail accounts |
| 2011-06-07/a> | Johannes Ullrich | RSA Offers to Replace Tokens |
| 2011-06-07/a> | Johannes Ullrich | Oracle Releases Java Version 1.6.0.26 http://java.com/en/download/manual.jsp |
| 2011-06-06/a> | Manuel Humberto Santander Pelaez | Phishing: Same goal, same techniques and people still falling for such scams |
| 2011-06-06/a> | Johannes Ullrich | The Havij SQL Injection Tool |
| 2011-06-06/a> | Johannes Ullrich | Adobe releases Flash Player patch on a Sunday to combat latest 0day http://www.adobe.com/support/security/bulletins/apsb11-13.html |
| 2011-06-04/a> | Rick Wanner | Do you have a personal disaster recovery plan? |
| 2011-06-03/a> | Guy Bruneau | Release of Wireshark 1.6.0rc2 |
| 2011-06-03/a> | Guy Bruneau | Oracle Java SE Critical Patch Update Pre-Release Announcement - June 2011 |
| 2011-06-02/a> | Johannes Ullrich | Some Insight into Apple's Anti-Virus Signatures |
| 2011-06-01/a> | Adrien de Beaupre | Wireshark 1.4.7 and 1.2.17 Released - http://www.wireshark.org/news/20110531.html |
| 2011-06-01/a> | Adrien de Beaupre | Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified IP Phones 7900 Series - http://www.cisco.com/warp/public/707/cisco-sa-20110601-phone.shtml |
| 2011-06-01/a> | Adrien de Beaupre | Cisco Security Advisory: Default Credentials Vulnerability in Cisco Network Registrar - http://www.cisco.com/warp/public/707/cisco-sa-20110601-cnr.shtml |
| 2011-06-01/a> | Adrien de Beaupre | Cisco Security Advisory: Default Credentials for root Account on the Cisco Media Experience Engine 5600 - http://www.cisco.com/warp/public/707/cisco-sa-20110601-mxe.shtml |
| 2011-06-01/a> | Johannes Ullrich | Enabling Privacy Enhanced Addresses for IPv6 |
| 2011-06-01/a> | Adrien de Beaupre | Cisco Security Advisory: Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client - http://www.cisco.com/warp/public/707/cisco-sa-20110601-ac.shtml |
| 2011-05-31/a> | Johannes Ullrich | Skype EasyBits Add-on |
| 2011-05-31/a> | Chris Mohan | Getting the IT security word out there to the rest of the world |
| 2011-05-31/a> | Johannes Ullrich | Apple Improving OS X Anti-Malware Feature |
| 2011-05-30/a> | Johannes Ullrich | Allied Telesis Passwords Leaked |
| 2011-05-30/a> | Johannes Ullrich | Lockheed Martin and RSA Tokens |
| 2011-05-26/a> | Swa Frantzen | MacDefender ups the ante with removing the password need for installation |
| 2011-05-25/a> | Daniel Wesemann | Apple advisory on "MacDefender" malware |
| 2011-05-25/a> | Lenny Zeltser | Monitoring Social Media for Security References to Your Organization |
| 2011-05-25/a> | Daniel Wesemann | Five new Cisco security advisories released. See http://www.cisco.com/go/psirt |
| 2011-05-23/a> | Mark Hofman | Microsoft Support Scam (again) |
| 2011-05-22/a> | Kevin Shortt | Facebook goes two-factor |
| 2011-05-21/a> | Daniel Wesemann | Weekend reading |
| 2011-05-20/a> | Guy Bruneau | Sysinternals Updates, Analyzing Stuxnet Infection with Sysinternals Tools Part 3 |
| 2011-05-19/a> | Daniel Wesemann | Fake AV Bingo |
| 2011-05-18/a> | Bojan Zdrnja | Android, HTTP and authentication tokens |
| 2011-05-16/a> | Jason Lam | Firefox 3.5 forced upgrade coming soon |
| 2011-05-14/a> | Guy Bruneau | Websense Study Claims Canada Next Hotbed for Cybercrime Web Hosting Activity |
| 2011-05-12/a> | Chris Mohan | Reports of another javascript-based spam scam doing the rounds in Facebook |
| 2011-05-12/a> | Johannes Ullrich | ActiveX Flaw Affecting SCADA systems |
| 2011-05-12/a> | Chris Mohan | Security updates available for Flash Player, RoboHelp, Audition, and Flash Media Server |
| 2011-05-10/a> | Swa Frantzen | May 2011 Microsoft Black Tuesday Overview |
| 2011-05-10/a> | Swa Frantzen | Backtrack 5 released |
| 2011-05-10/a> | Swa Frantzen | Changing MO in scamming our users ? |
| 2011-05-10/a> | Swa Frantzen | Time to change your facebook password? |
| 2011-05-09/a> | Rick Wanner | Serious flaw in OpenID |
| 2011-05-08/a> | Lorna Hutcheson | Monitoring Virtual Machines |
| 2011-05-07/a> | Rick Wanner | Belated May 2: Metasploit 3.7.0 released. http://blog.metasploit.com/2011/05/metasploit-framework-370-released.html |
| 2011-05-06/a> | Richard Porter | Updated Exploit Index for Microsoft |
| 2011-05-06/a> | Richard Porter | Unpatched Exploit: Skype for MAC |
| 2011-05-04/a> | Bojan Zdrnja | More on Google image poisoning |
| 2011-05-04/a> | Richard Porter | Microsoft Sysinterals Update |
| 2011-05-03/a> | Johannes Ullrich | Analyzing Teredo with tshark and Wireshark |
| 2011-05-03/a> | Johannes Ullrich | Update on Osama Bin Laden themed Malware |
| 2011-05-02/a> | Johannes Ullrich | Bin Laden Death Related Malware |
| 2011-05-01/a> | Deborah Hale | Another Potentially Malicious Email Making The Rounds |
| 2011-05-01/a> | Deborah Hale | Java 6.25 Is Now Available |
| 2011-05-01/a> | Deborah Hale | Droid MarketPlace Has a New App |
| 2011-04-29/a> | Guy Bruneau | Firefox, Thunderbird and SeaMonkey Security Updates |
| 2011-04-28/a> | Chris Mohan | Cisco Security Advisories |
| 2011-04-28/a> | Guy Bruneau | VMware ESXi 4.1 Security and Firmware Updates |
| 2011-04-28/a> | Chris Mohan | DSL Reports advise 9,000 accounts were compromised |
| 2011-04-26/a> | John Bambenek | Is the Insider Threat Really Over? |
| 2011-04-25/a> | Rob VandenBrink | What's Your (IP) Address Worth? |
| 2011-04-25/a> | Rob VandenBrink | Sony PlayStation Network Outage - Day 5 |
| 2011-04-23/a> | Manuel Humberto Santander Pelaez | Image search can lead to malware download |
| 2011-04-22/a> | Manuel Humberto Santander Pelaez | In-house developed applications: The constant headache for the information security officer |
| 2011-04-22/a> | Manuel Humberto Santander Pelaez | iPhoneMap: iPhoneTracker port to Linux |
| 2011-04-21/a> | Guy Bruneau | Adobe Reader and Acrobat Security Updates |
| 2011-04-20/a> | Daniel Wesemann | Data Breach Investigations Report published by Verizon |
| 2011-04-20/a> | Daniel Wesemann | Virustotal.com hiccup |
| 2011-04-18/a> | John Bambenek | Wordpress.com Security Breach |
| 2011-04-16/a> | Scott Fendley | New Versions of Wireshark released |
| 2011-04-16/a> | Scott Fendley | Oracle Patch Update Pre-Release Announcement |
| 2011-04-14/a> | Johannes Ullrich | Update to Adobe Flash 0-day: Patch will be out soon |
| 2011-04-14/a> | Johannes Ullrich | Apple Security Patches for OS X and iOS |
| 2011-04-14/a> | Adrien de Beaupre | Sysinternals updates, a new blog post, and webcast |
| 2011-04-13/a> | Johannes Ullrich | April issue of SANS Security Awareness Newsletter is out http://www.securingthehuman.org/resources/ouch |
| 2011-04-11/a> | Johannes Ullrich | GMail User Using 2FA Warned of Access From China |
| 2011-04-11/a> | Johannes Ullrich | Layer 2 DoS and other IPv6 Tricks |
| 2011-04-11/a> | Jim Clausing | April 2011 Microsoft Black Tuesday Summary |
| 2011-04-11/a> | Johannes Ullrich | Yet another Adobe Flash/Reader/Acrobat 0 day |
| 2011-04-08/a> | Johannes Ullrich | Dark Black Tuesday Coming Up: 17 Microsoft Bulletins |
| 2011-04-07/a> | Chris Mohan | Being a good internet neighbour |
| 2011-04-04/a> | Mark Hofman | When your service provider has a breach |
| 2011-04-03/a> | Richard Porter | Extreme Disclosure? Not yet but a great trend! |
| 2011-04-02/a> | Rick Wanner | RSA/EMC: Anatomy of a compromise |
| 2011-04-01/a> | John Bambenek | LizaMoon Mass SQL-Injection Attack Infected at least 500k Websites |
| 2011-03-30/a> | Adrien de Beaupre | Two Cisco advisories: cisco-sa-20110330-nac and cisco-sa-20110330-acs |
| 2011-03-29/a> | Daniel Wesemann | Making sense of RSA ACE server audit logs |
| 2011-03-29/a> | Daniel Wesemann | Requesting deletion of "free" email and chat accounts |
| 2011-03-29/a> | Daniel Wesemann | Malware emails with fake cellphone invoice |
| 2011-03-27/a> | Guy Bruneau | Strange Shockwave File with Surprising Attachments |
| 2011-03-25/a> | Kevin Liston | APT Tabletop Exercise |
| 2011-03-25/a> | Rob VandenBrink | The Recent RSA Breach - Imagining the Worst Case, And Why it Isn't Time to Panic (Yet) |
| 2011-03-22/a> | Kevin Shortt | Adobe Reader/Acrobat Security Update - http://www.adobe.com/support/security/bulletins/apsb11-06.html |
| 2011-03-22/a> | Chris Mohan | Read only USB stick trick |
| 2011-03-21/a> | Kevin Shortt | APPLE-SA-2011-03-21-1 Mac OS X v10.6.7 and Security Update 2011-001 |
| 2011-03-21/a> | Kevin Shortt | Port 1434: Sudden Slammer Decline? |
| 2011-03-18/a> | Chris Mohan | RSA Breach Notification |
| 2011-03-17/a> | Kevin Liston | So You Got an AV Alert. Now What? |
| 2011-03-16/a> | Johannes Ullrich | Analyzing HTTP Packet Captures |
| 2011-03-14/a> | Bojan Zdrnja | Tsunami in Japan and self modifying RogueAV code |
| 2011-03-14/a> | Bojan Zdrnja | Adobe Flash 0-day being used in targeted attacks |
| 2011-03-12/a> | Chris Mohan | Apple releases iTunes 10.2.1 - http://support.apple.com/kb/DL1103 |
| 2011-03-11/a> | Guy Bruneau | Snort IDS Sensor with Sguil Framework ISO |
| 2011-03-11/a> | Guy Bruneau | Japan Earthquake: Possible scams / malware |
| 2011-03-10/a> | Bojan Zdrnja | iOS 4.3 released, numerous security vulnerabilities patched |
| 2011-03-09/a> | Chris Mohan | Possible Issue with Forefront Update KB2508823 |
| 2011-03-09/a> | Jim Clausing | Apple updates Java |
| 2011-03-09/a> | Kevin Shortt | AVG Anti-Virus 2011 False Positives - Luhe.Exploit.PDF.B |
| 2011-03-08/a> | Jim Clausing | VMware ESX/ESXi security updates released, see http://www.vmware.com/security/advisories/VMSA-2011-0004.html |
| 2011-03-08/a> | Jim Clausing | March 2011 Microsoft Black Tuesday Summary |
| 2011-03-07/a> | Bojan Zdrnja | Oracle padding attacks (Codegate crypto 400 writeup) |
| 2011-03-07/a> | Lorna Hutcheson | Call for Packets - Unassigned TCP Options |
| 2011-03-04/a> | Mark Hofman | A new version of Seamonkey is available, includes security fixes. More details here http://www.seamonkey-project.org/news#2011-03-02 |
| 2011-03-03/a> | Manuel Humberto Santander Pelaez | Rogue apps inside Android Marketplace |
| 2011-03-02/a> | Chris Mohan | Microsoft’s Autorun update v2.1 now automatically deployed from Windows Update |
| 2011-03-02/a> | Chris Mohan | Updates: Firefox 3.6.14/3.5.17, Thunderbird 3.1.8, Adobe Flash v10.2.152.32 & WireShark 1.4.4 |
| 2011-03-01/a> | Daniel Wesemann | AV software and "sharing samples" |
| 2011-02-28/a> | Deborah Hale | Possible Botnet Scanning |
| 2011-02-25/a> | Johannes Ullrich | Thunderbolt Security Speculations |
| 2011-02-24/a> | Johannes Ullrich | Windows 7 / 2008 R2 Service Pack 1 Problems |
| 2011-02-23/a> | Johannes Ullrich | Windows 7 Service Pack 1 out |
| 2011-02-22/a> | Bojan Zdrnja | HBGary hack: lessons learned |
| 2011-02-21/a> | Adrien de Beaupre | Winamp forums compromised |
| 2011-02-21/a> | Adrien de Beaupre | Kaspersky update servers unreachable |
| 2011-02-19/a> | Guy Bruneau | Snort Data Acquisition Library |
| 2011-02-15/a> | Jason Lam | Oracle Java 6 Update 24 |
| 2011-02-15/a> | Jason Lam | HTTP headers fun |
| 2011-02-14/a> | Lorna Hutcheson | Network Visualization |
| 2011-02-11/a> | Kevin Johnson | Two-Factor Auth: Can we just Google the response? |
| 2011-02-10/a> | Chris Mohan | Linksys WAP610N has Unauthenticated Root Console issue |
| 2011-02-09/a> | Mark Hofman | Adobe Patches (shockwave, Flash, Reader & Coldfusion) |
| 2011-02-09/a> | Mark Hofman | Java Floating point issue (CVE-2010-4476) |
| 2011-02-08/a> | Chris Mohan | VMWare Security Advisory |
| 2011-02-08/a> | Joel Esler | Feburary 2011 Microsoft Black Tuesday Summary |
| 2011-02-07/a> | Pedro Bueno | The Good , the Bad and the Unknown Online Scanners |
| 2011-02-07/a> | Richard Porter | Crime is still Crime! Pt 2 |
| 2011-02-05/a> | Guy Bruneau | OpenSSH Legacy Certificate Information Disclosure Vulnerability |
| 2011-02-04/a> | Daniel Wesemann | Busy patch tuesday ahead |
| 2011-02-04/a> | Daniel Wesemann | Oh, just click "yes" |
| 2011-02-02/a> | Chris Mohan | Default Credentials for Root Account on Cisco Personal Video units |
| 2011-02-01/a> | Lenny Zeltser | The Importance of HTTP Headers When Investigating Malicious Sites |
| 2011-01-30/a> | Richard Porter | The Modern Dark Ages? |
| 2011-01-28/a> | Guy Bruneau | Nmap 5.50 Released |
| 2011-01-27/a> | Chris Carboni | Opera Updates |
| 2011-01-25/a> | Johannes Ullrich | Packet Tricks with xxd |
| 2011-01-25/a> | Chris Mohan | Reviewing our preconceptions |
| 2011-01-24/a> | Rob VandenBrink | Where have all the COM Ports Gone? - How enumerating COM ports led to me finding a “misplaced” Microsoft tool |
| 2011-01-23/a> | Richard Porter | Crime is still Crime! |
| 2011-01-19/a> | Johannes Ullrich | Microsoft's Secure Developer Tools |
| 2011-01-18/a> | Daniel Wesemann | Yet another rogue anti-virus |
| 2011-01-18/a> | Daniel Wesemann | Oracle Patches (Jan2011 CPU) |
| 2011-01-16/a> | Tony Carothers | Facebook User Data Call for 3rd Party Apps |
| 2011-01-15/a> | Jim Clausing | What's up with port 8881? |
| 2011-01-14/a> | Chris Mohan | How does your family backup their memories? |
| 2011-01-13/a> | Rob VandenBrink | Blackberry BES Server Updates for PDF Vulnerabilities |
| 2011-01-12/a> | Richard Porter | How Many Loyalty Cards do you Carry? |
| 2011-01-12/a> | Richard Porter | Has Big Brother gone Global? |
| 2011-01-12/a> | Richard Porter | Yet Another Data Broker? AOL Lifestream. |
| 2011-01-11/a> | Kevin Shortt | January 2011 Microsoft Black Tuesday Summary |
| 2011-01-11/a> | Kevin Shortt | Spam Cannons on Holiday |
| 2011-01-10/a> | Manuel Humberto Santander Pelaez | Facebook virus spreads via photo album chat messages |
| 2011-01-10/a> | Manuel Humberto Santander Pelaez | VirusTotal VTzilla firefox/chrome plugin |
| 2011-01-08/a> | Guy Bruneau | PandaLabs 2010 Annual Report |
| 2011-01-08/a> | Guy Bruneau | January 2011 Patch Tuesday Pre-release |
| 2011-01-06/a> | Johannes Ullrich | Flash Local-with-filesystem Sandbox Bypass |
| 2011-01-06/a> | Johannes Ullrich | OS X 10.6.6 released. Probably some security content but Apple hasn't released details yet. |
| 2011-01-05/a> | Johannes Ullrich | VMWare Security Advisory VMSA-2011-0001 |
| 2011-01-05/a> | Johannes Ullrich | Survey: Software Security Awareness Training |
| 2011-01-04/a> | Johannes Ullrich | Microsoft Advisory: Vulnerability in Graphics Rendering Engine |
| 2010-12-31/a> | Bojan Zdrnja | Android malware enters 2011 |
| 2010-12-30/a> | Rick Wanner | SamuraiWTF Review over at ISSA Toolsmith |
| 2010-12-30/a> | Rick Wanner | Obvious Lessons from the Skype outage |
| 2010-12-29/a> | Daniel Wesemann | Malware Domains 2234.in, 0000002.in & co |
| 2010-12-29/a> | Daniel Wesemann | Beware of strange web sites bearing gifts ... |
| 2010-12-28/a> | John Bambenek | Mozilla Notifies of Relatively Minor Security Breach |
| 2010-12-27/a> | Johannes Ullrich | Various sites "Owned and Exposed" |
| 2010-12-26/a> | Manuel Humberto Santander Pelaez | ISC infocon monitor app for OS X |
| 2010-12-25/a> | Manuel Humberto Santander Pelaez | An interesting vulnerability playground to learn application vulnerabilities |
| 2010-12-24/a> | Daniel Wesemann | A question of class |
| 2010-12-23/a> | Mark Hofman | Skoudis' Annual Xmas Hacking Challenge - The Nightmare Before Charlie Brown's Christmas |
| 2010-12-23/a> | Mark Hofman | IE 0 Day, just in time for Christmas |
| 2010-12-23/a> | Mark Hofman | Older AV Scam Active again. |
| 2010-12-23/a> | Mark Hofman | White house greeting cards |
| 2010-12-22/a> | John Bambenek | IIS 7.5 0-Day DoS (processing FTP requests) |
| 2010-12-21/a> | Rob VandenBrink | Network Reliability, Part 2 - HSRP Attacks and Defenses |
| 2010-12-20/a> | Guy Bruneau | Patch Issues with Outlook 2007 |
| 2010-12-18/a> | Raul Siles | Where are the Wi-Fi Driver Vulnerabilities? |
| 2010-12-15/a> | Manuel Humberto Santander Pelaez | Vulnerability in the PDF distiller of the BlackBerry Attachment Service |
| 2010-12-15/a> | Johannes Ullrich | OpenBSD IPSec "Backdoor" |
| 2010-12-15/a> | Manuel Humberto Santander Pelaez | HP StorageWorks P2000 G3 MSA hardcoded user |
| 2010-12-14/a> | Manuel Humberto Santander Pelaez | December 2010 Microsoft Black Tuesday Summary |
| 2010-12-13/a> | Deborah Hale | Gawker Media Breach of Security |
| 2010-12-13/a> | Deborah Hale | The Week to Top All Weeks |
| 2010-12-12/a> | Raul Siles | New trend regarding web application vulnerabilities? |
| 2010-12-12/a> | Raul Siles | Apple Quickime 7.6.9 was released a few days ago (just in case you missed it): http://support.apple.com/kb/HT1222. Update all your web browser plugins! |
| 2010-12-10/a> | Mark Hofman | EXIM MTA vulnerability |
| 2010-12-10/a> | Mark Hofman | Microsoft patches |
| 2010-12-09/a> | Mark Hofman | Firefox version 3.6.13 is being pushed out, time to update (thanks Vincent). Thunderbird 3.1.7 and 3.0.11 can also be added to the list as well as SeaMonkey 2.0.11. - M |
| 2010-12-08/a> | Rob VandenBrink | How a Tablet Changed My Life |
| 2010-12-08/a> | Rob VandenBrink | Interesting DDOS activity around Wikileaks |
| 2010-12-08/a> | Rob VandenBrink | Java 6, Update 23 is out => http://java.sun.com/javase/6/webnotes/ReleaseNotes.html , http://www.oracle.com/technetwork/java/javase/6u23releasenotes-191058.html , http://www.oracle.com/technetwork/java/javase/2col/6u23bugfixes-191074.html |
| 2010-12-07/a> | Kevin Shortt | You got a sec? |
| 2010-12-05/a> | Jim Clausing | Updates to a couple of Sysinternals tools |
| 2010-12-03/a> | Mark Hofman | T'is the season to be SPAMMY, trallalalaa la la la laaa |
| 2010-12-03/a> | Mark Hofman | AVG Update Bricking windows 7 64 bit |
| 2010-12-02/a> | Kevin Johnson | Robert Hansen and our happiness |
| 2010-12-02/a> | Kevin Johnson | SQL Injection: Wordpress 3.0.2 released |
| 2010-12-02/a> | Kevin Johnson | ProFTPD distribution servers compromised |
| 2010-12-01/a> | Deborah Hale | McAfee Security Bulletin Released |
| 2010-12-01/a> | Deborah Hale | A Gentle Reminder - It is that time of year again |
| 2010-11-30/a> | Joel Esler | VMWare Security Advisory |
| 2010-11-29/a> | Stephen Hall | Sun security updates |
| 2010-11-26/a> | Mark Hofman | Using password cracking as metric/indicator for the organisation's security posture |
| 2010-11-25/a> | Bojan Zdrnja | Secunia's DNS/domain hijacked? |
| 2010-11-24/a> | Bojan Zdrnja | Privilege escalation 0-day in almost all Windows versions |
| 2010-11-24/a> | Jim Clausing | Help with odd port scans |
| 2010-11-22/a> | Lenny Zeltser | Brand Impersonations On-Line: Brandjacking and Social Networks |
| 2010-11-22/a> | Lenny Zeltser | Adobe Acrobat Spam Going Strong - More to Come? |
| 2010-11-19/a> | Jason Lam | Exchanging and sharing of assessment results |
| 2010-11-19/a> | Jason Lam | Adobe Reader X - Sandbox |
| 2010-11-18/a> | Chris Carboni | Stopping the ZeroAccess Rootkit |
| 2010-11-17/a> | Guy Bruneau | Reference on Open Source Digital Forensics |
| 2010-11-17/a> | Guy Bruneau | Conficker B++ Activated on Nov 15 |
| 2010-11-16/a> | Guy Bruneau | Mac OS X Server v10.6.5 (10H575) Security Update: http://support.apple.com/kb/HT4452 |
| 2010-11-16/a> | Guy Bruneau | Acrobat and Adobe Reader Security Update |
| 2010-11-12/a> | Guy Bruneau | Scripting with Unix Date |
| 2010-11-12/a> | Guy Bruneau | Honeynet Forensic Challenge - Analyzing Malicious Portable Destructive Files |
| 2010-11-11/a> | Daniel Wesemann | Java Exploits |
| 2010-11-11/a> | Johannes Ullrich | OS X 10.6.5 released with security patches. Careful: issues with PGP WDE! (see PGP support forums) |
| 2010-11-11/a> | Daniel Wesemann | Fake AV scams via Skype Chat |
| 2010-11-09/a> | Johannes Ullrich | November 2010 Microsoft Black Tuesday Summary |
| 2010-11-08/a> | Manuel Humberto Santander Pelaez | Network Security Perimeter: How to choose the correct firewall and IPS for your environment? |
| 2010-11-08/a> | Manuel Humberto Santander Pelaez | DST to EST error summary |
| 2010-11-04/a> | Johannes Ullrich | Today's Adobe Patches and Vulnerablities |
| 2010-11-04/a> | Johannes Ullrich | Microsoft Patches Pre-Announcement |
| 2010-11-04/a> | Johannes Ullrich | Microsoft Smart Screen False Positivies |
| 2010-11-03/a> | Kevin Liston | SQL Slammer Clean-up: Roundup and Review |
| 2010-11-02/a> | Johannes Ullrich | Limited Malicious Search Engine Poisoning for Election |
| 2010-11-01/a> | Manuel Humberto Santander Pelaez | CVE-2010-3654 exploit in the wild |
| 2010-10-31/a> | Marcus Sachs | Cyber Security Awareness Month - Day 31 - Tying it all together |
| 2010-10-30/a> | Guy Bruneau | Security Update for Shockwave Player |
| 2010-10-30/a> | Guy Bruneau | Cyber Security Awareness Month - Day 30 - Role of the network team |
| 2010-10-29/a> | Kevin Liston | SQL Slammer Clean-up: Contacting CERTs |
| 2010-10-29/a> | Manuel Humberto Santander Pelaez | Cyber Security Awareness Month - Day 29- Role of the office geek |
| 2010-10-28/a> | Rick Wanner | Cyber Security Awareness Month - Day 27 - Social Media use in the office |
| 2010-10-28/a> | Tony Carothers | Cyber Security Awareness Month - Day 28 - Role of the employee |
| 2010-10-28/a> | Manuel Humberto Santander Pelaez | CVE-2010-3654 - New dangerous 0-day authplay library adobe products vulnerability |
| 2010-10-26/a> | Pedro Bueno | Be (even more) careful with public hotspots. Firesheep released yesterday. Brilliant and scary. |
| 2010-10-26/a> | Pedro Bueno | Firefox news |
| 2010-10-26/a> | Pedro Bueno | Cyber Security Awareness Month - Day 26 - Sharing Office Files |
| 2010-10-25/a> | Kevin Shortt | Cyber Security Awareness Month - Day 25 - Using Home Computers for Work |
| 2010-10-25/a> | Kevin Liston | SQL Slammer Clean-up: Switching Viewpoints |
| 2010-10-24/a> | Swa Frantzen | Cyber Security Awarenes Month - Day 24 - Using work computers at home |
| 2010-10-23/a> | Mark Hofman | Cyber Security Awareness Month - Day 23 - The Importance of compliance |
| 2010-10-22/a> | Daniel Wesemann | Cyber Security Awareness Month - Day 22 - Security of removable media |
| 2010-10-22/a> | Manuel Humberto Santander Pelaez | Intypedia project |
| 2010-10-21/a> | Chris Carboni | Cyber Security Awareness Month - Day 21 - Impossible Requests from the Boss |
| 2010-10-20/a> | Jim Clausing | Cyber Security Awareness Month - Day 20 - Securing Mobile Devices |
| 2010-10-20/a> | Jim Clausing | Tools updates - Oct 2010 |
| 2010-10-19/a> | Rob VandenBrink | Cyber Security Awareness Month - Day 19 - Remote Access Tools |
| 2010-10-19/a> | Rob VandenBrink | Cyber Security Awareness Month - Day 19 - Remote User VPN Tunnels - to Split or not to Split? |
| 2010-10-19/a> | Rob VandenBrink | Cyber Security Awareness Month - Day 19 - VPN Architectures – SSL or IPSec? |
| 2010-10-19/a> | Rob VandenBrink | Cyber Security Awareness Month - Day 19 - Remote User VPN Access – Are things getting too easy, or too hard? |
| 2010-10-19/a> | Rob VandenBrink | Cyber Security Awareness Month - Day 19 - VPN and Remote Access Tools |
| 2010-10-19/a> | Kevin Liston | SQL Slammer Clean-up: Picking up the Phone |
| 2010-10-18/a> | Manuel Humberto Santander Pelaez | Cyber Security Awareness Month - Day 18 - What you should tell your boss when there's a crisis |
| 2010-10-17/a> | Stephen Hall | Cyber Security Awareness Month - Day 17 - What a boss should and should not have access to |
| 2010-10-15/a> | Marcus Sachs | Cyber Security Awareness Month - Day 15 - What Teachers Need to Know About Their Students |
| 2010-10-15/a> | Guy Bruneau | Cyber Security Awareness Month - Day 16 - Securing a donated computer |
| 2010-10-14/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 14 - Securing a public computer |
| 2010-10-13/a> | Deborah Hale | Cyber Security Awareness Month - Day 13 - Online Bullying |
| 2010-10-12/a> | Adrien de Beaupre | New version of Opera- Opera 10.63 is a recommended upgrade offering security and stability enhancements: http://www.opera.com/browser/download/ |
| 2010-10-12/a> | Scott Fendley | Cyber Security Awareness Month - Day 12 - Protecting and Managing Your Digital Identity On Social Media Sites |
| 2010-10-12/a> | Adrien de Beaupre | October 2010 Microsoft Black Tuesday Summary |
| 2010-10-12/a> | Scott Fendley | Oracle Critical Updates Released |
| 2010-10-11/a> | Kevin Liston | SQL Slammer Clean-up: Reporting Upstream |
| 2010-10-11/a> | Rick Wanner | Cyber Security Awareness Month - Day 11 - Safe Browsing for Teens |
| 2010-10-11/a> | Adrien de Beaupre | OT: Happy Thanksgiving Day Canada |
| 2010-10-11/a> | Rick Wanner | New version of Wireshark available for download - 1.4.1 - http://www.wireshark.org/download.html |
| 2010-10-10/a> | Kevin Liston | Cyber Security Awareness Month - Day 10 - Safe browsing for pre-teens |
| 2010-10-09/a> | Kevin Shortt | Cyber Security Awareness Month - Day 9 - Disposal of an Old Computer |
| 2010-10-08/a> | Rick Wanner | Patch Tuesday Pre-release -- 16 updates |
| 2010-10-08/a> | Rick Wanner | Cyber Security Awareness Month - Day 8 - Patch Management and System Updates |
| 2010-10-06/a> | Robert Danford | Adobe updates: http://www.adobe.com/support/security/bulletins/apsb10-21.html |
| 2010-10-06/a> | Rob VandenBrink | Cyber Security Awareness Month - Day 7 - Remote Access and Monitoring Tools |
| 2010-10-06/a> | Marcus Sachs | Cyber Security Awareness Month - Day 6 - Computer Monitoring Tools |
| 2010-10-05/a> | Rick Wanner | Cyber Security Awareness Month - Day 5 - Sites you should stay away from |
| 2010-10-04/a> | Daniel Wesemann | Cyber Security Awareness Month - Day 4 - Managing EMail |
| 2010-10-04/a> | Kevin Liston | SQL Slammer Clean-up: How to Report |
| 2010-10-03/a> | Adrien de Beaupre | Cyber Security Awareness Month - Day 3 - Recognizing phishing and online scams |
| 2010-10-03/a> | Adrien de Beaupre | H went down. |
| 2010-10-03/a> | Adrien de Beaupre | Canada's Cyber Security Strategy released today |
| 2010-10-02/a> | Mark Hofman | Cyber Security Awareness Month - Day 2 - Securing the Family Network |
| 2010-10-01/a> | Kevin Liston | Cyber Security Awareness Month Activity: SQL Slammer Clean-up |
| 2010-10-01/a> | Marcus Sachs | Cyber Security Awareness Month - 2010 |
| 2010-10-01/a> | Marcus Sachs | Cyber Security Awareness Month - Day 1 - Securing the Family PC |
| 2010-09-30/a> | Pedro Bueno | MS OOB .NET patch is now also available via Windows Update. |
| 2010-09-28/a> | Daniel Wesemann | Strange packet: "daylight rekick", anyone? |
| 2010-09-28/a> | Daniel Wesemann | Supporting the economy (in Russia and Ukraine) |
| 2010-09-28/a> | Daniel Wesemann | MS10-070 OOB Patch for ASP.NET vulnerability |
| 2010-09-27/a> | Adrien de Beaupre | MS OOB patch tomorrow for Security Advisory 2416728 |
| 2010-09-26/a> | Daniel Wesemann | Egosurfing, the corporate way |
| 2010-09-26/a> | Daniel Wesemann | PDF analysis paper |
| 2010-09-25/a> | Rick Wanner | Guest Diary: Andrew Hunt - Visualizing the Hosting Patterns of Modern Cybercriminals |
| 2010-09-21/a> | Johannes Ullrich | Implementing two Factor Authentication on the Cheap |
| 2010-09-18/a> | Rick Wanner | Microsoft Security Advisory for ASP.NET |
| 2010-09-18/a> | Rick Wanner | I'm fine, thanks! |
| 2010-09-16/a> | Johannes Ullrich | Facebook "Like Pages" |
| 2010-09-16/a> | Johannes Ullrich | A Packet a Day |
| 2010-09-16/a> | Johannes Ullrich | OpenX Ad-Server Vulnerability |
| 2010-09-14/a> | Adrien de Beaupre | Adobe Flash v10.1.82.76 and earlier vulnerability in-the-wild |
| 2010-09-14/a> | Adrien de Beaupre | September 2010 Microsoft Black Tuesday Summary |
| 2010-09-14/a> | Adrien de Beaupre | BlackEnergy DDoS |
| 2010-09-13/a> | Manuel Humberto Santander Pelaez | Adobe SING table parsing exploit (CVE-2010-2883) in the wild |
| 2010-09-13/a> | Manuel Humberto Santander Pelaez | Enhanced Mitigation Experience Toolkit can block Adobe 0-day exploit |
| 2010-09-12/a> | Manuel Humberto Santander Pelaez | Adobe Acrobat pushstring Memory Corruption paper |
| 2010-09-09/a> | Jim Clausing | Opera 10.62 - security (the DLL path issue) and stability upate see http://www.opera.com/docs/changelogs/windows/1062/ |
| 2010-09-09/a> | Marcus Sachs | 'Here You Have' Email |
| 2010-09-08/a> | John Bambenek | Adobe Acrobat/Reader 0-day in Wild, Adobe Issues Advisory |
| 2010-09-04/a> | Kevin Liston | What's not to Like about "Like?" |
| 2010-08-30/a> | Adrien de Beaupre | Apple QuickTime potential vulnerability/backdoor |
| 2010-08-29/a> | Swa Frantzen | Abandoned free email accounts |
| 2010-08-29/a> | Swa Frantzen | DLL hijacking - what are you doing ? |
| 2010-08-27/a> | Mark Hofman | FTP Brute Password guessing attacks |
| 2010-08-25/a> | Pedro Bueno | Adobe released security update for Shockwave player that fix several CVEs: APSB1020 |
| 2010-08-23/a> | Manuel Humberto Santander Pelaez | Firefox plugins to perform penetration testing activities |
| 2010-08-23/a> | Bojan Zdrnja | DLL hijacking vulnerabilities |
| 2010-08-22/a> | Rick Wanner | Failure of controls...Spanair crash caused by a Trojan |
| 2010-08-22/a> | Manuel Humberto Santander Pelaez | SCADA: A big challenge for information security professionals |
| 2010-08-19/a> | Rob VandenBrink | Don points us to multiple Adobe updates (Reader and Acrobat 9.3.4 among them) ==> http://www.adobe.com/support/downloads/new.jsp |
| 2010-08-19/a> | Rob VandenBrink | Change is Good. Change is Bad. Change is Life. |
| 2010-08-18/a> | Guy Bruneau | Adobe out-of-cycle Updates |
| 2010-08-17/a> | Bojan Zdrnja | Do you like Bing? So do the RogueAV guys! |
| 2010-08-16/a> | Raul Siles | The Seven Deadly Sins of Security Vulnerability Reporting |
| 2010-08-16/a> | Raul Siles | DDOS: State of the Art |
| 2010-08-16/a> | Raul Siles | Blind Elephant: A New Web Application Fingerprinting Tool |
| 2010-08-15/a> | Manuel Humberto Santander Pelaez | Obfuscated SQL Injection attacks |
| 2010-08-15/a> | Manuel Humberto Santander Pelaez | Opensolaris project cancelled, replaced by Solaris 11 express |
| 2010-08-15/a> | Manuel Humberto Santander Pelaez | Python to test web application security |
| 2010-08-14/a> | Tony Carothers | Freedom of Information |
| 2010-08-13/a> | Tom Liston | The Strange Case of Doctor Jekyll and Mr. ED |
| 2010-08-13/a> | Guy Bruneau | Shadowserver Binary Whitelisting Service |
| 2010-08-10/a> | Jason Lam | Adobe critical security updates |
| 2010-08-10/a> | Jim Clausing | August 2010 Micrsoft Black Tuesday Summary |
| 2010-08-10/a> | Daniel Wesemann | SSH - new brute force tool? |
| 2010-08-10/a> | Daniel Wesemann | New Apple security updates for iPad/Pod/Phone. See http://support.apple.com/kb/ht1222 |
| 2010-08-09/a> | Jim Clausing | Virtualbox update available - looks like a few stability fixes http://www.virtualbox.org/wiki/Changelog |
| 2010-08-09/a> | Jim Clausing | Free/inexpensive tools for monitoring systems/networks |
| 2010-08-08/a> | Marcus Sachs | Thinking about Cyber Security Awareness Month in October |
| 2010-08-07/a> | Stephen Hall | Countdown to Tuesday... |
| 2010-08-07/a> | Stephen Hall | DnsMadeEasy under a "quite large and unique" ddos. |
| 2010-08-06/a> | Rob VandenBrink | FOXIT PDF Reader update to resolve iPhone/iPad Jailbreak issue ==> http://www.foxitsoftware.com/announcements/2010861227.html |
| 2010-08-05/a> | Manuel Humberto Santander Pelaez | Adobe Acrobat Font Parsing Integer Overflow Vulnerability |
| 2010-08-05/a> | Rob VandenBrink | Access Controls for Network Infrastructure |
| 2010-08-04/a> | Tom Liston | Incident Reporting - Liston's "How-To" Guide |
| 2010-08-04/a> | Adrien de Beaupre | Multiple Cisco Advisories |
| 2010-08-03/a> | Johannes Ullrich | When Lightning Strikes |
| 2010-08-03/a> | Johannes Ullrich | Solar activity may cause problems this week |
| 2010-08-02/a> | Johannes Ullrich | Microsoft Out-of-Band bulletin addresses LNK/Shortcut vulnerability |
| 2010-08-01/a> | Manuel Humberto Santander Pelaez | Evation because IPS fails to validate TCP checksums? |
| 2010-07-30/a> | Guy Bruneau | Wireshark 1.2.10 released |
| 2010-07-30/a> | Guy Bruneau | Cisco Internet Streamer: Web Server Directory Traversal Vulnerability http://www.cisco.com/warp/public/707/cisco-sa-20100721-spcdn.shtml |
| 2010-07-29/a> | Rob VandenBrink | The 2010 Verizon Data Breach Report is Out |
| 2010-07-29/a> | Rob VandenBrink | Snort 2.8.6.1 and Snort 2.9 Beta Released |
| 2010-07-29/a> | Rob VandenBrink | FBI, Slovenian and Spanish Police announce more arrests of Mariposa Botnet Creator, Operators |
| 2010-07-25/a> | Rick Wanner | Updated version of Mandiant's Web Historian |
| 2010-07-24/a> | Manuel Humberto Santander Pelaez | Types of diary: One liners vs full diary |
| 2010-07-24/a> | Manuel Humberto Santander Pelaez | Transmiting logon information unsecured in the network |
| 2010-07-23/a> | Mark Hofman | Some of our favourite sysinternals tools have been updated. TCPview, Autoruns, ProcDump and Disk2vhd have changed. More here http://blogs.technet.com/b/sysinternals/archive/2010/07/22/updates-tcpview-v3-0-autoruns-v10-02-procdump-v1-81-disk2vhd-v1-61.aspx |
| 2010-07-21/a> | Adrien de Beaupre | Update on .LNK vulnerability |
| 2010-07-21/a> | Adrien de Beaupre | Adobe Reader Protected Mode |
| 2010-07-21/a> | Adrien de Beaupre | Dell PowerEdge R410 replacement motherboard firmware contains malware |
| 2010-07-21/a> | Adrien de Beaupre | autorun.inf and .lnk Malware (NOT 'Vulnerability in Windows Shell Could Allow Remote Code Execution' 2286198) |
| 2010-07-20/a> | Manuel Humberto Santander Pelaez | LNK vulnerability now with Metasploit module implementing the WebDAV method |
| 2010-07-20/a> | Manuel Humberto Santander Pelaez | iTunes buffer overflow vulnerability |
| 2010-07-20/a> | Manuel Humberto Santander Pelaez | Lowering infocon back to green |
| 2010-07-18/a> | Manuel Humberto Santander Pelaez | SAGAN: An open-source event correlation system - Part 1: Installation |
| 2010-07-18/a> | Manuel Humberto Santander Pelaez | New metasploit GUI written in Java |
| 2010-07-15/a> | Deborah Hale | Be on the Alert |
| 2010-07-14/a> | Deborah Hale | Secunia Half Year Report for 2010 shows interesting trends |
| 2010-07-13/a> | Jim Clausing | Forensic challenge results |
| 2010-07-13/a> | Jim Clausing | July 2010 Microsoft Black Tuesday Summary |
| 2010-07-13/a> | Jim Clausing | VMware Studio Security Update |
| 2010-07-10/a> | Tony Carothers | Oracle July 2010 Pre-Release Announcement |
| 2010-07-08/a> | Kyle Haugsness | Pirate Bay account database compromised |
| 2010-07-07/a> | Kevin Shortt | Facebook, Facebook, What Do YOU See? |
| 2010-07-06/a> | Rob VandenBrink | Bogus Support Organizations use Live Operators to Install Malware |
| 2010-07-05/a> | Manuel Humberto Santander Pelaez | Apple ITunes account security compromised |
| 2010-07-04/a> | Manuel Humberto Santander Pelaez | New Winpcap Version |
| 2010-07-04/a> | Manuel Humberto Santander Pelaez | Malware inside PDF Files |
| 2010-07-04/a> | Manuel Humberto Santander Pelaez | Interesting analysis of the PHP SplObjectStorage Vulnerability |
| 2010-07-03/a> | Deborah Hale | Delivery Status Failure Notice That Packed A Wallop |
| 2010-07-02/a> | Johannes Ullrich | OISF released version 1.0.0 of Suricata, the open source IDS/IPS engine http://www.openinfosecfoundation.org |
| 2010-07-01/a> | Bojan Zdrnja | Down the RogueAV and Blackhat SEO rabbit hole (part 2) |
| 2010-06-29/a> | Johannes Ullrich | How to be a better spy: Cyber security lessons from the recent russian spy arrests |
| 2010-06-29/a> | donald smith | Interesting idea to help prevent RogueAV from using SEO without being noticed:) |
| 2010-06-29/a> | donald smith | Adobe Reader 9.3.3/8.2.3 addressing CVE-2010-1297 |
| 2010-06-28/a> | Bojan Zdrnja | Down the RogueAV and Blackhat SEO rabbit hole |
| 2010-06-27/a> | Manuel Humberto Santander Pelaez | Study of clickjacking vulerabilities on popular sites |
| 2010-06-26/a> | Guy Bruneau | socat to Simulate a Website |
| 2010-06-24/a> | Jason Lam | Help your competitor - Advise them of vulnerability |
| 2010-06-23/a> | Scott Fendley | Mozilla Firefox Updates |
| 2010-06-23/a> | Scott Fendley | Opera Browser Update |
| 2010-06-21/a> | Adrien de Beaupre | GoDaddy Scam/Phish/Spam |
| 2010-06-20/a> | Marcus Sachs | Father's Day Tips |
| 2010-06-18/a> | Johannes Ullrich | Please take a second and rate the daily podcast (Stormcast): http://www.surveymonkey.com/s/stormcast |
| 2010-06-18/a> | Adrien de Beaupre | End of the road for Cisco CSA |
| 2010-06-18/a> | Adrien de Beaupre | Distributed SSH Brute Force Attempts on the rise again |
| 2010-06-18/a> | Tom Liston | IMPORTANT INFORMATION: Distributed SSH Brute Force Attacks |
| 2010-06-17/a> | Deborah Hale | FYI - Another bogus site |
| 2010-06-17/a> | Deborah Hale | Digital Copy Machines - Security Risk? |
| 2010-06-17/a> | Deborah Hale | Internet Fraud Alert Kicks Off Today |
| 2010-06-16/a> | Kevin Shortt | Maltego 3 |
| 2010-06-16/a> | Kevin Shortt | Adobe Flash Player 10.1 - Security Update Available |
| 2010-06-15/a> | Manuel Humberto Santander Pelaez | TCP evasions for IDS/IPS |
| 2010-06-15/a> | Manuel Humberto Santander Pelaez | Mastercard delivering cards with OTP device included |
| 2010-06-15/a> | Manuel Humberto Santander Pelaez | Apple releases advisory for Mac OS X - Multiple vulnerabilities discovered |
| 2010-06-15/a> | Manuel Humberto Santander Pelaez | iPhone 4 Order Security Breach Exposes Private Information |
| 2010-06-14/a> | Manuel Humberto Santander Pelaez | New way of social engineering on IRC |
| 2010-06-14/a> | Manuel Humberto Santander Pelaez | Another way to get protection for application-level attacks |
| 2010-06-14/a> | Manuel Humberto Santander Pelaez | Metasploit 101 |
| 2010-06-14/a> | Manuel Humberto Santander Pelaez | Small lot of Olympus Stylus Tough 6010 shipped with malware |
| 2010-06-14/a> | Manuel Humberto Santander Pelaez | Rogue facebook application acting like a worm |
| 2010-06-13/a> | Rick Wanner | UnRealCD compromised by Trojan |
| 2010-06-10/a> | Deborah Hale | Wireshark 1.2.9 Now Available |
| 2010-06-10/a> | Deborah Hale | Microsoft Security Advisory 2219475 |
| 2010-06-10/a> | Deborah Hale | iPad Owners Exposed |
| 2010-06-10/a> | Deborah Hale | Another Morning of Fun |
| 2010-06-10/a> | Deborah Hale | Top 5 Social Networking Media Risks |
| 2010-06-09/a> | Deborah Hale | Adobe POC in the Wild |
| 2010-06-09/a> | Deborah Hale | Mass Infection of IIS/ASP Sites |
| 2010-06-09/a> | Deborah Hale | Best Practice to Prevent PDF Attacks |
| 2010-06-08/a> | Mark Hofman | Safari 5.0 is available for all platforms. Addresses some security issues, more here http://support.apple.com/kb/HT4196 |
| 2010-06-08/a> | Manuel Humberto Santander Pelaez | June 2010 Microsoft Black Tuesday Summary |
| 2010-06-07/a> | Manuel Humberto Santander Pelaez | Software Restriction Policy to keep malware away |
| 2010-06-07/a> | Manuel Humberto Santander Pelaez | Internet Storm Center panel tonight at SANSFIRE |
| 2010-06-06/a> | Manuel Humberto Santander Pelaez | Nice OS X exploit tutorial |
| 2010-06-05/a> | Guy Bruneau | Security Advisory for Flash Player, Adobe Reader and Acrobat |
| 2010-06-04/a> | Johannes Ullrich | Changes to Internet Storm Center Host Name |
| 2010-06-04/a> | Rick Wanner | New Honeynet Project Forensic Challenge |
| 2010-06-03/a> | Guy Bruneau | Microsoft Patch Tuesday June 2010 Pre-Release |
| 2010-06-02/a> | Bojan Zdrnja | Clickjacking attacks on Facebook's Like plugin |
| 2010-06-02/a> | Mark Hofman | OpenSSL version 1.0.0a released. This fixes a number of security issues. Don't forget a number of commercial appliances will be using this, so look for vendor updates soon. |
| 2010-06-02/a> | Rob VandenBrink | SPAM pretending to be from Habitat for Humanity |
| 2010-06-02/a> | Rob VandenBrink | New Mac malware - OSX/Onionspy |
| 2010-05-30/a> | Kevin Liston | VMware ESX/ESXi Updates |
| 2010-05-29/a> | G. N. White | Rogue AV Indictment |
| 2010-05-28/a> | Jim Clausing | Wireshark SMB file extraction plug-in |
| 2010-05-27/a> | Kevin Liston | Sasfis Propagation |
| 2010-05-26/a> | Bojan Zdrnja | Malware modularization and AV detection evasion |
| 2010-05-25/a> | donald smith | Face book “joke” leads to firing. |
| 2010-05-23/a> | Manuel Humberto Santander Pelaez | e-mail scam announcing Fidel Castro's funeral ... and nasty malware to your computer. |
| 2010-05-23/a> | Manuel Humberto Santander Pelaez | Oracle Java SE and Java for Business 'MixerSequencer' Remote Code Execution Vulnerability |
| 2010-05-22/a> | Rick Wanner | SANS 2010 Digital Forensics Summit - APT Based Forensic Challenge |
| 2010-05-21/a> | Rick Wanner | IBM distributes malware at AusCERT! |
| 2010-05-21/a> | Rick Wanner | 2010 Digital Forensics and Incident Response Summit |
| 2010-05-19/a> | Jason Lam | EFF paper about browser tracking |
| 2010-05-19/a> | Kyle Haugsness | Metasploit 3.4.0 released |
| 2010-05-18/a> | Johannes Ullrich | Canonical Display Driver Vulnerability |
| 2010-05-16/a> | Rick Wanner | Symantec triggers on World of Warcraft update |
| 2010-05-15/a> | Deborah Hale | Phony Phone Scam |
| 2010-05-15/a> | Deborah Hale | Onboard Computers Subject to Attack? |
| 2010-05-12/a> | Rob VandenBrink | Adobe Shockwave Update |
| 2010-05-12/a> | Rob VandenBrink | Layer 2 Security - Private VLANs (the Story Continues ...) |
| 2010-05-11/a> | Scott Fendley | May 2010 Microsoft Patches |
| 2010-05-08/a> | Guy Bruneau | Microsoft Patch Tuesday May 2010 Pre-Release |
| 2010-05-08/a> | Guy Bruneau | Wireshark DOCSIS Dissector DoS Vulnerability |
| 2010-05-07/a> | Rob VandenBrink | Security Awareness – Many Audiences, Many Messages (Part 2) |
| 2010-05-07/a> | Johannes Ullrich | Stock market "wipe out" may be due to computer error |
| 2010-05-06/a> | Rick Wanner | Learn about web app hacking and defense |
| 2010-05-04/a> | Rick Wanner | SIFT review in the ISSA Toolsmith |
| 2010-05-03/a> | Daniel Wesemann | Social engineering via paper mail |
| 2010-05-02/a> | Mari Nichols | Zbot Social Engineering |
| 2010-04-30/a> | Kevin Liston | The Importance of Small Files |
| 2010-04-30/a> | Johannes Ullrich | Sharepoint XSS Vulnerability |
| 2010-04-30/a> | Kevin Liston | CVE-2010-0817 SharePoint XSS Scorecard |
| 2010-04-29/a> | Bojan Zdrnja | Who needs exploits when you have social engineering? |
| 2010-04-27/a> | Rob VandenBrink | Layer 2 Security - L2TPv3 for Disaster Recovery Sites |
| 2010-04-26/a> | Raul Siles | Vulnerable Sites Database |
| 2010-04-22/a> | Deborah Hale | How McAfee turned a Disaster Exercise Into a REAL Learning Experience for Our Community Disaster Team |
| 2010-04-22/a> | Deborah Hale | Don't Be Fooled by Twitter Spam in Your Inbox |
| 2010-04-22/a> | John Bambenek | Data Redaction: You're Doing it Wrong |
| 2010-04-21/a> | Guy Bruneau | McAfee DAT 5958 Update Issues |
| 2010-04-21/a> | Guy Bruneau | Google Chrome Security Update v4.1.249.1059 Released: http://googlechromereleases.blogspot.com/2010/04/stable-update-security-fixes.html |
| 2010-04-20/a> | Raul Siles | Are You Ready for a Transportation Collapse...? |
| 2010-04-19/a> | Daniel Wesemann | Linked into scams? |
| 2010-04-18/a> | Guy Bruneau | Some NetSol hosted sites breached |
| 2010-04-14/a> | Mark Hofman | Oracle has released 47 critical patches (Includes SUN patches) |
| 2010-04-14/a> | Mark Hofman | ClamAV 0.94 EOL Reminder |
| 2010-04-14/a> | Mark Hofman | And let the patching games continue |
| 2010-04-13/a> | Adrien de Beaupre | Web App Testing Tools |
| 2010-04-13/a> | Johannes Ullrich | More Legal Threat Malware E-Mail |
| 2010-04-13/a> | Johannes Ullrich | Apache.org Bugtracker Breach |
| 2010-04-13/a> | Johannes Ullrich | Microsoft April 2010 Patch Tuesday |
| 2010-04-13/a> | Adrien de Beaupre | Security update available for Adobe Reader and Acrobat |
| 2010-04-11/a> | Marcus Sachs | Network and process forensics toolset |
| 2010-04-10/a> | Andre Ludwig | New bug/exploit for javaws |
| 2010-04-09/a> | Mark Hofman | Adobe launch issue response/work around. |
| 2010-04-09/a> | Mark Hofman | VMware has released the following patch "VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues". Make sure you test before applying to production. |
| 2010-04-09/a> | Mark Hofman | Outage Update - isc.sans.org |
| 2010-04-08/a> | Bojan Zdrnja | JavaScript obfuscation in PDF: Sky is the limit |
| 2010-04-08/a> | Guy Bruneau | Microsoft Patch Tuesday April 2010 Pre-Release |
| 2010-04-07/a> | Rob VandenBrink | The Many Paths to Security Awareness |
| 2010-04-07/a> | Johannes Ullrich | our primary datacenter is currently experiencing a network outage |
| 2010-04-06/a> | Daniel Wesemann | Application Logs |
| 2010-04-04/a> | Mari Nichols | Financial Management of Cyber Risk |
| 2010-04-02/a> | Guy Bruneau | Security Advisory for ESX Service Console |
| 2010-04-02/a> | Guy Bruneau | Apple QuickTime and iTunes Security Update |
| 2010-04-02/a> | Guy Bruneau | Foxit Reader Security Update |
| 2010-04-02/a> | Guy Bruneau | Oracle Java SE and Java for Business Critical Patch Update Advisory |
| 2010-04-01/a> | Jim Clausing | Wireshark 1.2.7 released, bug fixes, doesn't look like any security issues (http://www.wireshark.org/) |
| 2010-03-31/a> | Johannes Ullrich | PDF Arbitrary Code Execution - vulnerable by design. |
| 2010-03-30/a> | Pedro Bueno | VMWare Security Advisories Out |
| 2010-03-30/a> | Pedro Bueno | Sharing the Tools |
| 2010-03-29/a> | Adrien de Beaupre | APPLE-SA-2010-03-29-1 Security Update 2010-002 / Mac OS X v10.6.3 |
| 2010-03-29/a> | Pedro Bueno | Microsoft to release out-of-band security bulletin tomorrow for IE6/IE7 with cumulative fix. |
| 2010-03-29/a> | Adrien de Beaupre | Nmap 5.30BETA1 released |
| 2010-03-29/a> | Adrien de Beaupre | OOB Update for Internet Explorer MS10-018 |
| 2010-03-28/a> | Rick Wanner | Honeynet Project: 2010 Forensic Challenge #3 |
| 2010-03-27/a> | Guy Bruneau | HP-UX Running NFS/ONCplus, Inadvertently Enabled NFS |
| 2010-03-27/a> | Guy Bruneau | Create a Summary of IP Addresses from PCAP Files using Unix Tools |
| 2010-03-26/a> | Daniel Wesemann | Getting the EXE out of the RTF again |
| 2010-03-24/a> | Johannes Ullrich | ".sys" Directories Delivering Driveby Downloads |
| 2010-03-24/a> | Kyle Haugsness | Wikipedia outage |
| 2010-03-22/a> | Guy Bruneau | New Opera 10.51 available with security fixes. More information available at: http://www.opera.com/docs/changelogs/windows/1051/ |
| 2010-03-21/a> | Scott Fendley | Skipfish - Web Application Security Tool |
| 2010-03-17/a> | Deborah Hale | Trojan outbreak on a College Campus |
| 2010-03-17/a> | Deborah Hale | Spam was killing us! Here is what we did to help! |
| 2010-03-15/a> | Adrien de Beaupre | Spamassassin Milter Plugin Remote Root Attack |
| 2010-03-12/a> | Mark Hofman | Firefox 3.6 is being pushed out to users. http://www.mozilla.com/en-US/firefox/3.6/releasenotes/ |
| 2010-03-11/a> | Mark Hofman | A new version of Safari is out. Looks like for Mac and Windows. Plenty of security fixes (mostly for Windows Safari users http://support.apple.com/kb/HT4070 ) |
| 2010-03-10/a> | Rob VandenBrink | What's My Firewall Telling Me? (Part 4) |
| 2010-03-10/a> | Rob VandenBrink | Microsoft Security Advisory 981374 - Remote Code Execution Vulnerability for IE6 and IE7 |
| 2010-03-10/a> | Rob VandenBrink | Microsoft re-release of KB973811 - attacks on Extended Protection for Authentication |
| 2010-03-09/a> | Marcus Sachs | Energizer Malware |
| 2010-03-09/a> | John Bambenek | March 2010 - Microsoft Patch Tuesday Diary |
| 2010-03-08/a> | Raul Siles | Samurai WTF 0.8 |
| 2010-03-08/a> | Raul Siles | Microsoft announced two important bulletins (fixing multiple vulns. affecting Windows and Office) for tomorrow: http://www.microsoft.com/technet/security/Bulletin/MS10-mar.mspx |
| 2010-03-07/a> | Mari Nichols | DHS issues Cybersecurity challenge |
| 2010-03-07/a> | Mari Nichols | Apache releases version 2.2.15 with 5 security fixes including OpenSSL issue. |
| 2010-03-06/a> | Tony Carothers | Integration and the Security of New Technologies |
| 2010-03-05/a> | Kyle Haugsness | Unpatched Opera 10.50 and below code execution vulnerability |
| 2010-03-05/a> | Kyle Haugsness | Javascript obfuscators used in the wild |
| 2010-03-05/a> | Kyle Haugsness | What is your firewall log telling you - responses |
| 2010-03-05/a> | Kyle Haugsness | False scare email proclaiming North Korea nuclear launch against Japan |
| 2010-03-04/a> | Daniel Wesemann | salefale-dot-com is bad |
| 2010-03-03/a> | Mark Hofman | MS10-015 re-released |
| 2010-03-03/a> | Johannes Ullrich | Reports about large number of fake Amazon order confirmations |
| 2010-03-03/a> | Daniel Wesemann | What is your firewall log telling you - Part #2 |
| 2010-03-01/a> | Mark Hofman | AS/NZ "Online Offensive - Fight fraud online" week March 1-7 |
| 2010-03-01/a> | Mark Hofman | Microsoft will drop support for Vista (without any Service Packs) on April 13 and support for XP SP2 ends July 13. (i.e. no more security updates). If you are still running these, it it time to update. |
| 2010-03-01/a> | Mark Hofman | IE 0-day using .hlp files |
| 2010-02-27/a> | Guy Bruneau | PHP 5.2.13 Security Update |
| 2010-02-27/a> | Johannes Ullrich | Search Engine Poisoning: Chile Earthquake |
| 2010-02-26/a> | Rick Wanner | New version of dnsmap |
| 2010-02-25/a> | Chris Carboni | Pass The Hash |
| 2010-02-25/a> | Andre Ludwig | Microsoft, restraining orders, and how a big botnet (waledec) ate curb. |
| 2010-02-23/a> | Mark Hofman | What is your firewall telling you and what is TCP249? |
| 2010-02-22/a> | Rob VandenBrink | New Risks in Penetration Testing |
| 2010-02-22/a> | Rob VandenBrink | Not Every Cloud has a Silver Lining |
| 2010-02-21/a> | Patrick Nolan | Looking for "more useful" malware information? Help develop the format. |
| 2010-02-20/a> | Mari Nichols | Is "Green IT" Defeating Security? |
| 2010-02-17/a> | Rob VandenBrink | Defining Clouds - " A Cloud by any Other Name Would be a Lot Less Confusing" |
| 2010-02-17/a> | Rob VandenBrink | Multiple Security Updates for ESX 3.x and ESXi 3.x |
| 2010-02-17/a> | Rob VandenBrink | Cisco ASA5500 Security Updates - cisco-sa-20100217-asa |
| 2010-02-17/a> | Rob VandenBrink | Cisco Security Agent Security Updates: cisco-sa-20100217-csa |
| 2010-02-16/a> | Johannes Ullrich | Teredo "stray packet" analysis |
| 2010-02-16/a> | Robert Danford | Adobe Updates: http://www.adobe.com/support/security/bulletins/apsb10-07.html http://www.adobe.com/support/security/bulletins/apsb10-06.html |
| 2010-02-15/a> | Johannes Ullrich | New ISC Tool: Whitelist Hash Database |
| 2010-02-15/a> | Johannes Ullrich | Various Olympics Related Dangerous Google Searches |
| 2010-02-13/a> | Lorna Hutcheson | Network Traffic Analysis in Reverse |
| 2010-02-12/a> | G. N. White | Adobe Flash Player 10.0.45.2 and AIR 1.5.3.9130 released to correct vulnerability CVE-2010-0186 Details: http://www.adobe.com/support/security/bulletins/apsb10-06.html |
| 2010-02-12/a> | G. N. White | Time to update those IP Bogon Filters (again) |
| 2010-02-11/a> | Johannes Ullrich | MS10-015 may cause Windows XP to blue screen |
| 2010-02-11/a> | Deborah Hale | The Mysterious Blue Screen |
| 2010-02-11/a> | Deborah Hale | Critical Update for AD RMS |
| 2010-02-10/a> | Johannes Ullrich | Twitpic, EXIF and GPS: I Know Where You Did it Last Summer |
| 2010-02-10/a> | Marcus Sachs | Datacenters and Directory Traversals |
| 2010-02-09/a> | Adrien de Beaupre | When is a 0day not a 0day? Samba symlink bad default config |
| 2010-02-09/a> | Mark Hofman | Oracle has an unscheduled security alert and patch for CVE-2010-0073. The issue affects WebLogic Server and is remotely exploitable. Details and patch are here http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0073.html |
| 2010-02-09/a> | Johannes Ullrich | February 2010 Black Tuesday Overview |
| 2010-02-08/a> | Adrien de Beaupre | When is a 0day not a 0day? Fake OpenSSh exploit, again. |
| 2010-02-07/a> | Rick Wanner | Mandiant Mtrends Report |
| 2010-02-06/a> | Guy Bruneau | Oracle WebLogic Server Security Alert |
| 2010-02-06/a> | Guy Bruneau | LANDesk Management Gateway Vulnerability |
| 2010-02-05/a> | Jim Clausing | Memory Analysis - time to move beyond XP |
| 2010-02-05/a> | Jim Clausing | WordPress iframe injection? |
| 2010-02-04/a> | Johannes Ullrich | Microsoft Patch Tuesday Pre-Release |
| 2010-02-03/a> | Rob VandenBrink | APPLE-SA-2010-02-02-1 iPhone OS 3.1.3 and iPhone OS 3.1.3 for iPod touch |
| 2010-02-03/a> | Johannes Ullrich | Anatomy of a Form Spam Campaign (in progress against isc.sans.org right now) https://blogs.sans.org/appsecstreetfighter/ |
| 2010-02-03/a> | Rob VandenBrink | Support for Legacy Browsers |
| 2010-02-03/a> | Johannes Ullrich | Information Disclosure Vulnerability in Internet Explorer |
| 2010-02-02/a> | Guy Bruneau | Adobe ColdFusion Information Disclosure |
| 2010-02-02/a> | Johannes Ullrich | New IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux) |
| 2010-02-02/a> | Johannes Ullrich | Twitter Mass Password Reset due to Phishing |
| 2010-02-01/a> | Rob VandenBrink | NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care? |
| 2010-01-30/a> | Stephen Hall | New and updated VMWare advisories |
| 2010-01-29/a> | Johannes Ullrich | Analyzing isc.sans.org weblogs, part 2, RFI attacks |
| 2010-01-29/a> | Adrien de Beaupre | Neo-legacy applications |
| 2010-01-27/a> | Raul Siles | European Union Security Challenge (Campus Party 2010) |
| 2010-01-27/a> | Raul Siles | Command Line Kung Fu |
| 2010-01-27/a> | Raul Siles | Nmap 5.21 released (nmap.org): bug-fix only release. |
| 2010-01-27/a> | Raul Siles | Active SEO poisoning attacks for hot topics |
| 2010-01-26/a> | Rob VandenBrink | VMware vSphere Hardening Guide Draft posted for public review |
| 2010-01-25/a> | William Salusky | "Bots and Spiders and Crawlers, be gone!" - or - "New Open Source WebAppSec tools, Huzzah!" |
| 2010-01-24/a> | Pedro Bueno | Outdated client applications |
| 2010-01-22/a> | Mari Nichols | Pass-down for a Successful Incident Response |
| 2010-01-21/a> | Johannes Ullrich | New Microsoft Advisory: Vulnerability in Windows Kernel Privilege Escalation (CVE-2010-0232) |
| 2010-01-21/a> | Chris Carboni | Security Update Available for Shockwave Player |
| 2010-01-21/a> | Chris Carboni | * Microsoft Out Of Band Patch Release |
| 2010-01-21/a> | Johannes Ullrich | Microsoft January Out of Band Patch |
| 2010-01-20/a> | Guy Bruneau | New stable version of Nmap (5.20) available for download: http://nmap.org/download.html |
| 2010-01-19/a> | Jim Clausing | Forensic challenges |
| 2010-01-19/a> | Jim Clausing | Apple Security Update 2010-001 |
| 2010-01-17/a> | Rick Wanner | Buffer overflow in Quicktime |
| 2010-01-14/a> | Bojan Zdrnja | Rogue AV exploiting Haiti earthquake |
| 2010-01-14/a> | Bojan Zdrnja | DRG (Dragon Research Group) Distro available for general release |
| 2010-01-14/a> | Bojan Zdrnja | 0-day vulnerability in Internet Explorer 6, 7 and 8 |
| 2010-01-14/a> | Bojan Zdrnja | PDF Babushka |
| 2010-01-13/a> | Johannes Ullrich | SMS Donations Advertised via Twitter |
| 2010-01-13/a> | Guy Bruneau | Sun Java JRE 6 Update 18 Released |
| 2010-01-12/a> | Adrien de Beaupre | PoC for CVE-2009-0689 MacOS X 10.5/10.6 vulnerability |
| 2010-01-12/a> | Johannes Ullrich | Baidu defaced - Domain Registrar Tampering |
| 2010-01-12/a> | Johannes Ullrich | Microsoft Security Bulletin: January 2010 |
| 2010-01-12/a> | Johannes Ullrich | Microsoft Advices XP Users to Uninstall Flash Player 6 |
| 2010-01-12/a> | Johannes Ullrich | Oracle Patches Relased |
| 2010-01-12/a> | Johannes Ullrich | Pre-Announced Adobe Reader and Acrobat Patch Found! |
| 2010-01-12/a> | Johannes Ullrich | Haiti Earthquake: Possible scams / malware |
| 2010-01-11/a> | Johannes Ullrich | Fake Android Application |
| 2010-01-11/a> | Adrien de Beaupre | BackTrack 4 final released http://www.remote-exploit.org/news.html http://www.backtrack-linux.org/downloads/ |
| 2010-01-10/a> | Johannes Ullrich | 6.5 magnitude earthquake in California causing local poweroutage |
| 2010-01-09/a> | G. N. White | What's Up With All The Port Scanning Using TCP/6000 As A Source Port? |
| 2010-01-08/a> | Rob VandenBrink | Microsoft OfficeOnline, Searching for Trust and Malware |
| 2010-01-07/a> | Daniel Wesemann | Static analysis of malicous PDFs (Part #2) |
| 2010-01-07/a> | Daniel Wesemann | Static analysis of malicious PDFs |
| 2010-01-06/a> | Guy Bruneau | Firefox security and stability update for version 3.5.7 and 3.0.17 available for download |
| 2010-01-06/a> | Guy Bruneau | Secure USB Flaw Exposed |
| 2009-12-29/a> | Rick Wanner | What's up with port 12174? Possible Symantec server compromise? |
| 2009-12-28/a> | Johannes Ullrich | 8 Basic Rules to Implement Secure File Uploads http://jbu.me/48 (inspired by IIS ; bug) |
| 2009-12-27/a> | Patrick Nolan | Pressure increasing for Microsoft to patch IIS 0 day |
| 2009-12-24/a> | Guy Bruneau | Microsoft IIS File Parsing Extension Vulnerability |
| 2009-12-23/a> | Johannes Ullrich | Tell us about your Christmas Family Emergency Kit |
| 2009-12-23/a> | Marcus Sachs | Blackberry Outage |
| 2009-12-19/a> | Deborah Hale | Frustrations of ISP Abuse Handling |
| 2009-12-19/a> | Deborah Hale | Educationing Our Communities |
| 2009-12-18/a> | Stephen Hall | Wireshark 1.2.5 released - including three security fixes |
| 2009-12-17/a> | Daniel Wesemann | overlay.xul is back |
| 2009-12-17/a> | Daniel Wesemann | In caches, danger lurks |
| 2009-12-16/a> | Rob VandenBrink | Seamonkey Update to 2.0.1, find the release notes here ==> http://www.seamonkey-project.org/releases/seamonkey2.0.1 |
| 2009-12-16/a> | Rob VandenBrink | Beware the Attack of the Christmas Greeting Cards ! |
| 2009-12-15/a> | Johannes Ullrich | Adobe 0-day in the wild - again |
| 2009-12-14/a> | Adrien de Beaupre | Anti-forensics, COFEE vs. DECAF |
| 2009-12-09/a> | Swa Frantzen | Adobe flash player and air patched |
| 2009-12-09/a> | Swa Frantzen | OSSEC 2.3 released |
| 2009-12-09/a> | Swa Frantzen | Facebook announces privacy improvements |
| 2009-12-08/a> | Deborah Hale | December 2009 Black Tuesday Overview |
| 2009-12-07/a> | Rick Wanner | Cheat Sheet: Analyzing Malicious Documents |
| 2009-12-07/a> | Rob VandenBrink | Layer 2 Network Protections – reloaded! |
| 2009-12-05/a> | Guy Bruneau | Java JRE Buffer and Integer Overflow |
| 2009-12-04/a> | Daniel Wesemann | Max Power's Malware Paradise |
| 2009-12-04/a> | Daniel Wesemann | The economics of security advice (MSFT research paper) |
| 2009-12-03/a> | Mark Hofman | Avast false positives |
| 2009-12-03/a> | Mark Hofman | Apple released some Java updates today APPLE-SA-2009-12-03-1 & 2 (for 10.5 and 10.6). Fixes a number of security issues so updating is a good idea. |
| 2009-12-03/a> | Mark Hofman | Next week will be a big patch week - Adobe is also releasing patches "Adobe is planning to release an update for Adobe Flash Player 10.0.32.18 and earlier versions, and an update to Adobe AIR 1.5.2 and earlier versions, to resolve critical security issues |
| 2009-12-02/a> | Rob VandenBrink | Microsoft Black Screen of Death - Fact of Fiction? |
| 2009-12-02/a> | Rob VandenBrink | SPAM and Malware taking advantage of H1N1 concerns |
| 2009-12-01/a> | Chris Carboni | Vulnerabilities in the PDF distiller of the BlackBerry Attachment Service |
| 2009-11-29/a> | Patrick Nolan | A Cloudy Weekend |
| 2009-11-25/a> | Jim Clausing | Tool updates |
| 2009-11-25/a> | Jim Clausing | Microsoft Updates requiring reboot |
| 2009-11-25/a> | Jim Clausing | Updates to my GREM Gold scripts and a new script |
| 2009-11-24/a> | Rick Wanner | Microsoft Security Advisory 977981 - IE 6 and IE 7 |
| 2009-11-24/a> | John Bambenek | BIND Security Advisory (DNSSEC only) |
| 2009-11-24/a> | Johannes Ullrich | The ISC and DShield websites will be unavailable on Wednesday Nov 25th from 8-8:30 am EST. |
| 2009-11-22/a> | Marcus Sachs | IE6 and IE7 0-Day Reported |
| 2009-11-21/a> | Mark Hofman | VMware vCenter and ESX updates available http://lists.vmware.com/pipermail/security-announce/2009/000070.html |
| 2009-11-18/a> | Rob VandenBrink | Using a Cisco Router as a “Remote Collector” for tcpdump or Wireshark |
| 2009-11-17/a> | Guy Bruneau | Metasploit Framework 3.3 Released |
| 2009-11-16/a> | G. N. White | Reports of a successful exploit of the SSL Renegotiation Vulnerability? |
| 2009-11-14/a> | Adrien de Beaupre | Microsoft advisory for Windows 7 / Windows Server 2008 R2 Remote SMB DoS Exploit released |
| 2009-11-13/a> | Adrien de Beaupre | Flash Origin Policy Attack |
| 2009-11-13/a> | Adrien de Beaupre | Conficker patch via email? |
| 2009-11-13/a> | Deborah Hale | Pushdo/Cutwail Spambot - A Little Known BIG Problem |
| 2009-11-13/a> | Deborah Hale | It's Never Too Early To Start Teaching Them |
| 2009-11-13/a> | Adrien de Beaupre | TLS & SSLv3 renegotiation vulnerability explained |
| 2009-11-11/a> | Rob VandenBrink | Layer 2 Network Protections against Man in the Middle Attacks |
| 2009-11-11/a> | Rob VandenBrink | Apple Safari 4.0.4 Released |
| 2009-11-10/a> | Swa Frantzen | Microsoft November Black Tuesday Overview |
| 2009-11-09/a> | Chris Carboni | 80's Flashback on Jailbroken iPhones |
| 2009-11-09/a> | Guy Bruneau | Apple Security Update 2009-006 for Mac OS X v10.6.2 |
| 2009-11-08/a> | Kevin Liston | Even More Thoughts on Legacy Systems |
| 2009-11-06/a> | Mark Hofman | A new version of Firefox (3.5.5) just became available. According to the release notes they are stability improvements. |
| 2009-11-05/a> | Swa Frantzen | Legacy systems |
| 2009-11-05/a> | Swa Frantzen | Insider threat: The snapnames case |
| 2009-11-05/a> | Swa Frantzen | TLS Man-in-the-middle on renegotiation vulnerability made public |
| 2009-11-05/a> | Swa Frantzen | RIM fixes random code execution vulnerability |
| 2009-11-03/a> | Bojan Zdrnja | Opachki, from (and to) Russia with love |
| 2009-11-03/a> | Bojan Zdrnja | Adobe released Shockwave Player 11.5.2.602 which fixes several critical security vulnerabilities |
| 2009-11-03/a> | Andre Ludwig | SURBL now posting abuse statistics for TLD's |
| 2009-11-02/a> | Daniel Wesemann | IDN ccTLDs |
| 2009-11-02/a> | Daniel Wesemann | Password rules: Change them every 25 years |
| 2009-11-02/a> | Rob VandenBrink | Microsoft releases v1.02 of Enhanced Mitigation Evaluation Toolkit (EMET) |
| 2009-10-31/a> | Rick Wanner | Cyber Security Awareness Month - Day 31, ident |
| 2009-10-30/a> | Rob VandenBrink | Cyber Security Awareness Month - Day 30 - The "Common" IPSEC VPN Protocols - IKE / ISAKMP (500/udp), ESP (IP Protocol 50), NAT-T-IKE (500/udp, 4500/udp), PPTP (tcp/1723), GRE (IP Protocol 47) |
| 2009-10-30/a> | Rob VandenBrink | ICANN Strategic Planning (2010-2013) Consultation |
| 2009-10-30/a> | Rob VandenBrink | New version of NIST 800-41, Firewalls and Firewall Policy Guidelines |
| 2009-10-29/a> | Kyle Haugsness | Cyber Security Awareness Month - Day 29 - dns port 53 |
| 2009-10-28/a> | Johannes Ullrich | Sniffing SSL: RFC 4366 and TLS Extensions |
| 2009-10-28/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 28 - ntp (123/udp) |
| 2009-10-28/a> | Johannes Ullrich | Firefox 3.5.4 released. Lots of security bug fixes. (thanks Gilbert!) |
| 2009-10-27/a> | Rob VandenBrink | New VMware Desktop Products Released (Workstation, Fusion, ACE) |
| 2009-10-25/a> | Lorna Hutcheson | Cyber Security Awareness Month - Day 25 - Port 80 and 443 |
| 2009-10-23/a> | Johannes Ullrich | Little new tool: reversing md5/sha1 hashes http://isc.sans.org/tools/reversehash.html |
| 2009-10-22/a> | Adrien de Beaupre | Sysinternals updates: Disk2vhd v1.1, ZoomIt v4.1, Coreinfo v2.0, VMMap v2.4 |
| 2009-10-22/a> | Adrien de Beaupre | Cyber Security Awareness Month - Day 22 port 502 TCP - Modbus |
| 2009-10-21/a> | Pedro Bueno | Cyber Security Awareness Month - Day 21 - Port 135 |
| 2009-10-20/a> | Raul Siles | Oracle Critical Patch Update (CPU) - October 2009 |
| 2009-10-20/a> | Raul Siles | WASC 2008 Statistics |
| 2009-10-19/a> | Daniel Wesemann | Cyber Security Awareness Month - Day 19 - ICMP |
| 2009-10-19/a> | Daniel Wesemann | Backed up, lately ? |
| 2009-10-19/a> | Daniel Wesemann | Scam Email |
| 2009-10-18/a> | Mari Nichols | Computer Security Awareness Month - Day 18 - Telnet an oldie but a goodie |
| 2009-10-17/a> | Rick Wanner | Cyber Security Awareness Month - Day 17 - Port 22/SSH |
| 2009-10-17/a> | Rick Wanner | Unusual traffic from Loopback to Unused ARIN address |
| 2009-10-16/a> | Stephen Hall | VMWare updates ESX |
| 2009-10-16/a> | Adrien de Beaupre | Cyber Security Awareness Month - Day 16 - Port 1521 - Oracle TNS Listener |
| 2009-10-16/a> | Adrien de Beaupre | Disable MS09-054 patch, or Firefox Plugin? |
| 2009-10-15/a> | Deborah Hale | Cyber Security Awareness Month - Day 15 - Ports 995, 465, and 993 - Secure Email |
| 2009-10-14/a> | Johannes Ullrich | Odd Apache/MSIE issue with downloads from ISC |
| 2009-10-13/a> | Johannes Ullrich | Microsoft October 2009 Black Tuesday Overview |
| 2009-10-13/a> | Daniel Wesemann | Adobe Reader and Acrobat - Black Tuesday continues |
| 2009-10-12/a> | Mark Hofman | Some interesting SSL SPAM |
| 2009-10-11/a> | Mark Hofman | Cyber Security Awareness Month - Day 12 Ports 161/162 Simple Network Management Protocol (SNMP) |
| 2009-10-09/a> | Rob VandenBrink | Cyber Security Awareness Month - Day 9 - Port 3389/tcp (RDP) |
| 2009-10-09/a> | Rob VandenBrink | THAWTE to discontinue free Email Certificate Services and Web of Trust Service |
| 2009-10-08/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 8 - Port 25 - SMTP |
| 2009-10-08/a> | Johannes Ullrich | New Adobe Vulnerability Exploited in Targeted Attacks |
| 2009-10-07/a> | Joel Esler | Spam rate increase is seen |
| 2009-10-06/a> | Adrien de Beaupre | Cyber Security Awareness Month - Day 6 ports 67&68 udp - bootp and dhcp |
| 2009-10-05/a> | Adrien de Beaupre | Cyber Security Awareness Month - Day 5 port 31337 |
| 2009-10-05/a> | Adrien de Beaupre | Time to change your hotmail/gmail/yahoo password |
| 2009-10-04/a> | Guy Bruneau | Samba Security Information Disclosure and DoS |
| 2009-10-02/a> | Stephen Hall | Cyber Security Awareness Month - Day 2 - Port 0 |
| 2009-10-02/a> | Stephen Hall | New SysInternal fun for the weekend |
| 2009-10-02/a> | Stephen Hall | VMware Fusion updates to fixes a couple of bugs |
| 2009-09-27/a> | Stephen Hall | Use Emerging Threats signatures? READ THIS! |
| 2009-09-25/a> | Lenny Zeltser | Categories of Common Malware Traits |
| 2009-09-25/a> | Deborah Hale | Conficker Continues to Impact Networks |
| 2009-09-25/a> | Deborah Hale | Malware delivered over Google and Yahoo Ad's? |
| 2009-09-24/a> | Jim Clausing | A couple more tools |
| 2009-09-22/a> | Jason Lam | ESTA scam |
| 2009-09-20/a> | Mari Nichols | Insider Threat and Security Awareness |
| 2009-09-19/a> | Rick Wanner | Sysinternals Tools Updates |
| 2009-09-17/a> | Bojan Zdrnja | Why is Rogue/Fake AV so successful? |
| 2009-09-16/a> | Raul Siles | Wireshark 1.2.2 (and 1.0.9) is out! |
| 2009-09-16/a> | Raul Siles | Review the security controls of your Web Applications... all them! |
| 2009-09-15/a> | Johannes Ullrich | SANS releases new Cyber Security Risk Report |
| 2009-09-12/a> | Jim Clausing | Apple Updates |
| 2009-09-10/a> | Johannes Ullrich | Healthcare Spam |
| 2009-09-10/a> | Guy Bruneau | Firefox 3.5.3 and 3.0.14 has been released |
| 2009-09-08/a> | Guy Bruneau | Bug Fixes in Sun SDK 5 and Java SE 6 |
| 2009-09-08/a> | Adrien de Beaupre | Microsoft Security Advisory 975191 Revised |
| 2009-09-08/a> | Guy Bruneau | Microsoft September 2009 Black Tuesday Overview |
| 2009-09-07/a> | Jim Clausing | Seclists.org is finally back |
| 2009-09-07/a> | Lorna Hutcheson | Encrypting Data |
| 2009-09-05/a> | Mark Hofman | Critical Infrastructure and dependencies |
| 2009-09-04/a> | Adrien de Beaupre | Vulnerabilities (plural) in MS IIS FTP Service 5.0, 5.1. 6.0, 7.0 |
| 2009-09-04/a> | Adrien de Beaupre | Fake anti-virus |
| 2009-09-04/a> | Adrien de Beaupre | So, you updated your Flash did you? |
| 2009-09-04/a> | Adrien de Beaupre | SeaMonkey Security Update |
| 2009-09-01/a> | Guy Bruneau | Opera 10 with Security Fixes |
| 2009-09-01/a> | Guy Bruneau | Gmail Down |
| 2009-08-31/a> | Pedro Bueno | Microsoft IIS 5/6 FTP 0Day released |
| 2009-08-30/a> | Tony Carothers | How do I recover from.....? |
| 2009-08-29/a> | Guy Bruneau | Immunet Protect - Cloud and Community Malware Protection |
| 2009-08-28/a> | Adrien de Beaupre | WPA with TKIP done |
| 2009-08-28/a> | Adrien de Beaupre | apache.org compromised |
| 2009-08-26/a> | Johannes Ullrich | Cisco over-the-air-provisioning skyjacking exploit |
| 2009-08-26/a> | Johannes Ullrich | Malicious CD ROMs mailed to banks |
| 2009-08-25/a> | Bojan Zdrnja | Flash attack vectors (and worms) |
| 2009-08-21/a> | Rick Wanner | Updates to VMWare Products |
| 2009-08-19/a> | Daniel Wesemann | Checking your protection |
| 2009-08-18/a> | Deborah Hale | Domain tcpdump.org unavailable |
| 2009-08-18/a> | Deborah Hale | Security Bulletin for ColdFusion and JRun |
| 2009-08-18/a> | Deborah Hale | Sysinternals Procdump Updated |
| 2009-08-17/a> | Adrien de Beaupre | YAMWD: Yet Another Mass Web Defacement |
| 2009-08-16/a> | Mari Nichols | Surviving a third party onsite audit |
| 2009-08-13/a> | Johannes Ullrich | CA eTrust update crashes systems |
| 2009-08-13/a> | Jim Clausing | Tools for extracting files from pcaps |
| 2009-08-11/a> | Swa Frantzen | Microsoft August 2009 Black Tuesday Overview |
| 2009-08-11/a> | Swa Frantzen | Safari 4.0.3 |
| 2009-08-05/a> | donald smith | Security Update 2009-003 / Mac OS X v10.5.8 |
| 2009-08-04/a> | donald smith | Java Security Update |
| 2009-08-03/a> | Mark Hofman | Switch hardening on your network |
| 2009-07-31/a> | Deborah Hale | Don't forget to tell your SysAdmin Thanks |
| 2009-07-31/a> | Deborah Hale | The iPhone patch is out |
| 2009-07-31/a> | Deborah Hale | Adobe Patch is out |
| 2009-07-30/a> | Mark Hofman | Happy patching day |
| 2009-07-30/a> | Deborah Hale | iPhone Hijack |
| 2009-07-28/a> | Adrien de Beaupre | YYAMCCBA |
| 2009-07-28/a> | Adrien de Beaupre | MS released two OOB bulletins and an advisory |
| 2009-07-28/a> | Adrien de Beaupre | Twitter spam/phish |
| 2009-07-27/a> | Raul Siles | Filemon and Regmon are dead, long life to Procmon! |
| 2009-07-27/a> | Raul Siles | New Hacker Challenge: Prison Break - Breaking, Entering & Decoding |
| 2009-07-26/a> | Jim Clausing | New Volatility plugins |
| 2009-07-24/a> | Rick Wanner | Microsoft Out of Band Patch |
| 2009-07-23/a> | John Bambenek | Missouri Passes Breach Notification Law: Gap Still Exists for Banking Account Information |
| 2009-07-22/a> | Bojan Zdrnja | YA0D (Yet Another 0-Day) in Adobe Flash player |
| 2009-07-20/a> | Stephen Hall | Wireshark Release 1.2.1 |
| 2009-07-18/a> | Patrick Nolan | Chrome update contains Security fixes |
| 2009-07-17/a> | Bojan Zdrnja | A new fascinating Linux kernel vulnerability |
| 2009-07-17/a> | John Bambenek | Cross-Platform, Cross-Browser DoS Vulnerability |
| 2009-07-16/a> | Guy Bruneau | Changes in Windows Security Center |
| 2009-07-16/a> | Bojan Zdrnja | Nmap 5.0 released |
| 2009-07-15/a> | Bojan Zdrnja | Make sure you update that Java |
| 2009-07-14/a> | Swa Frantzen | Microsoft July Black Tuesday Overview |
| 2009-07-14/a> | Swa Frantzen | ISC DHCP client updated |
| 2009-07-14/a> | Swa Frantzen | Oracle Black Tuesday |
| 2009-07-13/a> | Adrien de Beaupre | Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution |
| 2009-07-13/a> | Adrien de Beaupre | * Infocon raised to yellow for Excel Web Components ActiveX vulnerability |
| 2009-07-13/a> | Adrien de Beaupre | Security Update available for Wyse Device Manager |
| 2009-07-12/a> | Mari Nichols | CA Apologizes for False Positive |
| 2009-07-11/a> | Rick Wanner | VMWare Security Advisories |
| 2009-07-11/a> | Marcus Sachs | Imageshack |
| 2009-07-10/a> | Guy Bruneau | WordPress Fixes Multiple vulnerabilities |
| 2009-07-09/a> | John Bambenek | Latest Updates on Ongoing DDoS on Governmental/Commercial Websites in USA and S. Korea |
| 2009-07-08/a> | Andre Ludwig | Safari 4.0.2 update published |
| 2009-07-06/a> | Stephen Hall | 0-day in Microsoft DirectShow (msvidctl.dll) used in drive-by attacks |
| 2009-07-05/a> | Bojan Zdrnja | More on ColdFusion hacks |
| 2009-07-03/a> | Adrien de Beaupre | Happy 4th of July! |
| 2009-07-02/a> | Daniel Wesemann | Getting the EXE out of the RTF |
| 2009-07-02/a> | Daniel Wesemann | Time to update updating on PCs for 3rd party apps |
| 2009-07-02/a> | Daniel Wesemann | Unpatched Bloatware on new PCs |
| 2009-07-02/a> | Bojan Zdrnja | Cold Fusion web sites getting compromised |
| 2009-07-01/a> | Bojan Zdrnja | Mobile phone trojans |
| 2009-07-01/a> | Bojan Zdrnja | New VMWare Security Advisory |
| 2009-06-30/a> | Chris Carboni | Obfuscated Code |
| 2009-06-30/a> | Chris Carboni | De-Obfuscation Submissions |
| 2009-06-28/a> | Guy Bruneau | IP Address Range Search with libpcap |
| 2009-06-27/a> | Tony Carothers | New NIAP Strategy on the Horizon |
| 2009-06-26/a> | Mark Hofman | PHPMYADMIN scans |
| 2009-06-25/a> | Mark Hofman | Michael J & Farrah F death SPAM |
| 2009-06-24/a> | Kyle Haugsness | Adobe Shockwave Player Update |
| 2009-06-24/a> | Kyle Haugsness | Exploit tools are publicly available for phpMyAdmin |
| 2009-06-24/a> | Kyle Haugsness | TCP scanning increase for 4899 |
| 2009-06-23/a> | Bojan Zdrnja | Slowloris and Iranian DDoS attacks |
| 2009-06-23/a> | Bojan Zdrnja | New Thunderbird out, patches couple of vulnerabilities |
| 2009-06-21/a> | Scott Fendley | phpMyAdmin Scans |
| 2009-06-21/a> | Bojan Zdrnja | Apache HTTP DoS tool mitigation |
| 2009-06-20/a> | Mark Hofman | G'day from Sansfire2009 |
| 2009-06-20/a> | Scott Fendley | Situational Awareness: Spam Crisis and China |
| 2009-06-18/a> | Bojan Zdrnja | Apache HTTP DoS tool released |
| 2009-06-17/a> | Guy Bruneau | Wireshark 1.2.0 released |
| 2009-06-16/a> | Bojan Zdrnja | Iranian hacktivism |
| 2009-06-16/a> | John Bambenek | Iran Internet Blackout: Using Twitter for Operational Intelligence |
| 2009-06-16/a> | John Bambenek | URL Shortening Service Cligs Hacked |
| 2009-06-15/a> | Daniel Wesemann | Drive-by Blackouting ? |
| 2009-06-14/a> | Guy Bruneau | SANSFIRE 2009 Starts Tomorrow |
| 2009-06-12/a> | Adrien de Beaupre | Google updates for Chrome |
| 2009-06-12/a> | Adrien de Beaupre | Green Dam |
| 2009-06-11/a> | Rick Wanner | WHO Declares Flu A(H1N1) a Pandemic |
| 2009-06-10/a> | Rick Wanner | SysInternals Survey |
| 2009-06-10/a> | Swa Frantzen | Java 6 update 14 released |
| 2009-06-09/a> | Swa Frantzen | Safari 4.0 released - contains security fixes |
| 2009-06-09/a> | Swa Frantzen | Microsoft June Black Tuesday Overview |
| 2009-06-09/a> | Swa Frantzen | Adobe June Black Tuesday upgrades |
| 2009-06-06/a> | Patrick Nolan | ARRA/HIPAA Breach Reporting Dates Approaching |
| 2009-06-04/a> | Raul Siles | New version (v 1.4.3.1) of BASE available |
| 2009-06-04/a> | Raul Siles | Malware targetting banks ATM's |
| 2009-06-04/a> | Raul Siles | Targeted e-mail attacks asking to verify wire transfer details |
| 2009-06-02/a> | Deborah Hale | Another Quicktime Update |
| 2009-06-01/a> | G. N. White | Yet another "Digital Certificate" malware campaign |
| 2009-05-31/a> | Tony Carothers | L0phtcrack is Back! |
| 2009-05-29/a> | Lorna Hutcheson | Blackberry Server Vulnerability |
| 2009-05-29/a> | Lorna Hutcheson | VMWare Patches Released |
| 2009-05-28/a> | Jim Clausing | More new volatility plugins |
| 2009-05-28/a> | Jim Clausing | Stego in TCP retransmissions |
| 2009-05-28/a> | Stephen Hall | Microsoft DirectShow vulnerability |
| 2009-05-27/a> | donald smith | Host file black lists |
| 2009-05-27/a> | donald smith | WebDAV write-up |
| 2009-05-26/a> | Jason Lam | A new Web application security blog |
| 2009-05-26/a> | Jason Lam | Vista & Win2K8 SP2 available |
| 2009-05-25/a> | Jim Clausing | Wireshark-1.0.8 released |
| 2009-05-25/a> | Jim Clausing | NTPD autokey vulnerability |
| 2009-05-24/a> | Raul Siles | IIS admins, help finding WebDAV remotely using nmap |
| 2009-05-24/a> | Raul Siles | Analyzing malicious PDF documents |
| 2009-05-24/a> | Raul Siles | Facebook phising using Belgium (.be) domains |
| 2009-05-22/a> | Mark Hofman | Patching and Adobe |
| 2009-05-22/a> | Mark Hofman | Patching and Apple - Java issue |
| 2009-05-21/a> | Adrien de Beaupre | Gumblar analysis and writeup |
| 2009-05-21/a> | Adrien de Beaupre | IIS admins, help finding WebDAV |
| 2009-05-20/a> | Tom Liston | Web Toolz |
| 2009-05-20/a> | Pedro Bueno | Cyber Warfare and Kylin thoughts |
| 2009-05-19/a> | Rick Wanner | New Version of Mandiant Highlighter |
| 2009-05-19/a> | Bojan Zdrnja | Advanced blind SQL injection (with Oracle examples) |
| 2009-05-18/a> | Rick Wanner | Cisco SAFE Security Reference Guide Updated |
| 2009-05-18/a> | Rick Wanner | JSRedir-R/Gumblar badness |
| 2009-05-15/a> | Daniel Wesemann | Warranty void if seal shredded? |
| 2009-05-12/a> | Swa Frantzen | MSFT's version of responsible disclosure |
| 2009-05-12/a> | Swa Frantzen | May Black Tuesday Overview |
| 2009-05-12/a> | Swa Frantzen | Apple patches and updates |
| 2009-05-12/a> | Swa Frantzen | Adobe Acrobat (reader) patches released |
| 2009-05-11/a> | Mari Nichols | Sysinternals Updates 3 Applications |
| 2009-05-10/a> | Mari Nichols | Is your Symantec Antivirus Alerting working correctly? |
| 2009-05-09/a> | Patrick Nolan | Unusable, Unreadable, or Indecipherable? No Breach reporting required |
| 2009-05-07/a> | Jim Clausing | A packet challenge and how I solved it |
| 2009-05-07/a> | Deborah Hale | Malicious Content on the Web |
| 2009-05-05/a> | Bojan Zdrnja | Health database breached |
| 2009-05-04/a> | Tom Liston | Facebook phishing malware |
| 2009-05-04/a> | Tom Liston | Adobe Reader/Acrobat Critical Vulnerability |
| 2009-05-02/a> | Rick Wanner | More Swine/Mexican/H1N1 related domains |
| 2009-05-01/a> | Adrien de Beaupre | Odd packets |
| 2009-05-01/a> | Adrien de Beaupre | Adobe Flash Media Server privilege escalation security bulletin |
| 2009-05-01/a> | Adrien de Beaupre | Incident Management |
| 2009-05-01/a> | Adrien de Beaupre | Password != secure |
| 2009-04-30/a> | Marcus Sachs | ARIN Notification Concerning IPv6 |
| 2009-04-29/a> | Jason Lam | Two Adobe 0-day vulnerabilities |
| 2009-04-28/a> | Deborah Hale | RSA Conference Social Security Awards |
| 2009-04-27/a> | Johannes Ullrich | Swine Flu (Mexican Flu) related domains |
| 2009-04-26/a> | Johannes Ullrich | Pandemic Preparation - Swine Flu |
| 2009-04-24/a> | John Bambenek | Data Leak Prevention: Proactive Security Requirements of Breach Notification Laws |
| 2009-04-24/a> | Pedro Bueno | Did you check your conference goodies? |
| 2009-04-22/a> | Jason Lam | OAuth vulnerability |
| 2009-04-21/a> | Bojan Zdrnja | Web application vulnerabilities |
| 2009-04-20/a> | Jason Lam | Digital Content on TV |
| 2009-04-19/a> | Mari Nichols | Providing Accurate Risk Assessments |
| 2009-04-17/a> | Joel Esler | Internet Storm Center Podcast Episode Number Fourteen |
| 2009-04-16/a> | Adrien de Beaupre | Incident Response vs. Incident Handling |
| 2009-04-16/a> | Adrien de Beaupre | Some conficker lessons learned |
| 2009-04-15/a> | Marcus Sachs | 2009 Data Breach Investigation Report |
| 2009-04-14/a> | Swa Frantzen | VMware exploits - just how bad is it ? |
| 2009-04-14/a> | Swa Frantzen | April Black Tuesday Overview |
| 2009-04-14/a> | Swa Frantzen | Oracle quarterly patches |
| 2009-04-10/a> | Stephen Hall | Firefox 3 updates now in Seamonkey |
| 2009-04-10/a> | Stephen Hall | Patches for critical VMWare vulnerability |
| 2009-04-10/a> | Stephen Hall | Hosted javascript leading to .cn PDF malware |
| 2009-04-09/a> | Jim Clausing | Wireshark 1.0.7 released |
| 2009-04-09/a> | Johannes Ullrich | Conficker update with payload |
| 2009-04-07/a> | Johannes Ullrich | Common Apache Misconception |
| 2009-04-07/a> | Bojan Zdrnja | Advanced JavaScript obfuscation (or why signature scanning is a failure) |
| 2009-04-07/a> | Johannes Ullrich | Tax Season Scams |
| 2009-04-07/a> | Johannes Ullrich | SSH scanning from compromised mail servers |
| 2009-04-06/a> | Adrien de Beaupre | Abuse addresses |
| 2009-04-04/a> | Tony Carothers | Recent VMware Updates Available |
| 2009-04-03/a> | Johannes Ullrich | Cyber Security Act of 2009 |
| 2009-04-02/a> | Bojan Zdrnja | JavaScript insertion and log deletion attack tools |
| 2009-04-02/a> | Handlers | A view from the CWG Trenches |
| 2009-03-28/a> | Rick Wanner | New Beta release of Nmap |
| 2009-03-26/a> | Mark Hofman | Sanitising media |
| 2009-03-25/a> | David Goldsmith | Java Runtime Environment 6.0 Update 13 Released |
| 2009-03-24/a> | G. N. White | CanSecWest Pwn2Own: Would IE8 have been exploitable had the event waited one more day? |
| 2009-03-22/a> | Mari Nichols | Dealing with Security Challenges |
| 2009-03-20/a> | Stephen Hall | Making the most of your runbooks |
| 2009-03-20/a> | donald smith | Stealthier then a MBR rootkit, more powerful then ring 0 control, it’s the soon to be developed SMM root kit. |
| 2009-03-19/a> | Mark Hofman | Brace yourselves - IE8 reported to be released |
| 2009-03-19/a> | Mark Hofman | Browsers Tumble at CanSecWest |
| 2009-03-18/a> | Adrien de Beaupre | Adobe Security Bulletin Adobe Reader and Acrobat |
| 2009-03-17/a> | Johannes Ullrich | Identifying applications using UDP payload |
| 2009-03-16/a> | Johannes Ullrich | new rogue-DHCP server malware |
| 2009-03-13/a> | Bojan Zdrnja | When web application security, Microsoft and the AV vendors all fail |
| 2009-03-11/a> | Bojan Zdrnja | Massive ARP spoofing attacks on web sites |
| 2009-03-10/a> | Swa Frantzen | Browser plug-ins, transparent proxies and same origin policies |
| 2009-03-10/a> | Swa Frantzen | conspiracy fodder: pifts.exe |
| 2009-03-10/a> | Swa Frantzen | March black Tuesday overview |
| 2009-03-10/a> | Swa Frantzen | Adobe Acrobat 9.1 released |
| 2009-03-08/a> | Marcus Sachs | Behind the Estonia Cyber Attacks |
| 2009-03-04/a> | Deborah Hale | Wireshark 1.0.6 Released |
| 2009-03-03/a> | Kyle Haugsness | Opera browser security updates |
| 2009-03-02/a> | Swa Frantzen | Obama's leaked chopper blueprints: anything we can learn? |
| 2009-03-01/a> | Jim Clausing | Cool combination of tools |
| 2009-02-25/a> | Andre Ludwig | Adobe Acrobat pdf 0-day exploit, No JavaScript needed! |
| 2009-02-25/a> | Andre Ludwig | Adobe flash player patch |
| 2009-02-25/a> | Andre Ludwig | Preview/Iphone/Linux pdf issues |
| 2009-02-25/a> | Swa Frantzen | Targeted link diversion attempts |
| 2009-02-25/a> | donald smith | AutoRun disabling patch released |
| 2009-02-24/a> | G. N. White | Gmail Access Issues Early This AM |
| 2009-02-23/a> | Daniel Wesemann | Turf War |
| 2009-02-23/a> | Daniel Wesemann | And the Oscar goes to... |
| 2009-02-22/a> | Mari Nichols | The Internet Safety Act of 2009 |
| 2009-02-19/a> | Joel Esler | Internet Storm Center Podcast Episode Number Thirteen |
| 2009-02-14/a> | Deborah Hale | Debit Card Compromise Letter |
| 2009-02-13/a> | Andre Ludwig | Third party information on conficker |
| 2009-02-12/a> | Mark Hofman | Australian Bushfires |
| 2009-02-11/a> | Robert Danford | ProFTPd SQL Authentication Vulnerability exploit activity |
| 2009-02-10/a> | Bojan Zdrnja | More tricks from Conficker and VM detection |
| 2009-02-10/a> | Swa Frantzen | February Black Tuesday Overview |
| 2009-02-10/a> | Swa Frantzen | Java up to date ? |
| 2009-02-09/a> | Bojan Zdrnja | Some tricks from Conficker's bag |
| 2009-02-09/a> | Johannes Ullrich | New ISC Feature: Micro Podcasts |
| 2009-02-08/a> | Mari Nichols | Are we becoming desensitized to data breaches? |
| 2009-02-06/a> | Adrien de Beaupre | Time to patch your HP printers |
| 2009-02-06/a> | Adrien de Beaupre | Other patches and updates du jour... |
| 2009-02-06/a> | Adrien de Beaupre | Fake stimulus payments |
| 2009-02-05/a> | Rick Wanner | Mandiant Memoryze review, Hilighter, other Mandiant tools! |
| 2009-02-04/a> | Daniel Wesemann | Firefox 3.0.6 |
| 2009-02-04/a> | Daniel Wesemann | Titan Shields up! |
| 2009-02-03/a> | Swa Frantzen | On the importance of patching fast |
| 2009-02-02/a> | Stephen Hall | How do you audit your production code? |
| 2009-02-01/a> | Chris Carboni | Scanning for Trixbox vulnerabilities |
| 2009-01-31/a> | Swa Frantzen | VMware updates |
| 2009-01-31/a> | John Bambenek | Google Search Engine's Malware Detection Broken |
| 2009-01-31/a> | Swa Frantzen | Windows 7 - not so secure ? |
| 2009-01-30/a> | Mark Hofman | We all "Love" USB drives |
| 2009-01-30/a> | Mark Hofman | Request for info - Scan and webmail |
| 2009-01-25/a> | Rick Wanner | Twam?? Twammers? |
| 2009-01-24/a> | Pedro Bueno | Identifying and Removing the iWork09 Trojan |
| 2009-01-21/a> | Raul Siles | NMAP Trivia ANSWERS: Mastering Network Mapping and Scanning |
| 2009-01-21/a> | Raul Siles | Traffic increase for port UDP/8247 |
| 2009-01-21/a> | Raul Siles | Vulnerabilities on Cisco and Apple products |
| 2009-01-20/a> | Adrien de Beaupre | Obamamania |
| 2009-01-18/a> | Maarten Van Horenbeeck | Targeted social engineering |
| 2009-01-18/a> | Daniel Wesemann | 3322. org |
| 2009-01-16/a> | G. N. White | ...and all that SPAM - Evolution of Spam Bots in 2009 |
| 2009-01-16/a> | G. N. White | Conficker.B/Downadup.B/Kido: F-Secure publishes details pertaining to their counting methodology of compromised machines |
| 2009-01-15/a> | Bojan Zdrnja | Conficker's autorun and social engineering |
| 2009-01-13/a> | Johannes Ullrich | January Black Tuesday Overview |
| 2009-01-12/a> | William Salusky | Web Application Firewalls (WAF) - Have you deployed WAF technology? |
| 2009-01-12/a> | William Salusky | Downadup / Conficker - MS08-067 exploit and Windows domain account lockout |
| 2009-01-11/a> | Deborah Hale | The Frustration of Phishing Attacks |
| 2009-01-07/a> | Bojan Zdrnja | An Israeli patriot program or a trojan |
| 2009-01-04/a> | Rick Wanner | Twitter/Facebook Phishing Attempt |
| 2009-01-03/a> | Rick Wanner | RAID != Backup |
| 2009-01-03/a> | Rick Wanner | Gaza<->Israel Defacements/Hacks |
| 2009-01-02/a> | Rick Wanner | Tools on my Christmas list. |
| 2009-01-02/a> | Mark Hofman | Blocking access to MD5 signed certs |
| 2008-12-28/a> | Raul Siles | NMAP Trivia: Mastering Network Mapping and Scanning |
| 2008-12-28/a> | Raul Siles | Level3 Outage? |
| 2008-12-28/a> | Raul Siles | AT&T Wireless Outage |
| 2008-12-25/a> | Maarten Van Horenbeeck | Merry Christmas, and beware of digital hitchhikers! |
| 2008-12-25/a> | Maarten Van Horenbeeck | Christmas Ecard Malware |
| 2008-12-23/a> | Patrick Nolan | MS ACK's Vulnerability in SQL Server which Could Allow Remote Code Execution |
| 2008-12-17/a> | donald smith | Opera 9.6.3 released with security fixes |
| 2008-12-17/a> | donald smith | Internet Explorer 960714 is released |
| 2008-12-17/a> | donald smith | Team CYMRU's Malware Hash Registry |
| 2008-12-16/a> | donald smith | Microsoft announces an out of band patch for IE zero day |
| 2008-12-16/a> | donald smith | Cisco's Annual Security report has been released. |
| 2008-12-13/a> | Jim Clausing | Followup from last shift and some research to do. |
| 2008-12-12/a> | Johannes Ullrich | MSIE 0-day Spreading Via SQL Injection |
| 2008-12-12/a> | Kevin Liston | IE7 0day expanded to include IE6 and IE8(beta) |
| 2008-12-12/a> | Joel Esler | Internet Storm Center Podcast Episode Twelve |
| 2008-12-12/a> | Swa Frantzen | Browser Security Handbook |
| 2008-12-10/a> | Bojan Zdrnja | 0-day exploit for Internet Explorer in the wild |
| 2008-12-10/a> | Mark Hofman | Microsoft wordpad text converter issue |
| 2008-12-09/a> | Swa Frantzen | December Black Tuesday Overview |
| 2008-12-09/a> | Swa Frantzen | Contacting us might be hard today |
| 2008-12-05/a> | Daniel Wesemann | Been updatin' your Flash player lately? |
| 2008-12-05/a> | Daniel Wesemann | Baby, baby! |
| 2008-12-04/a> | Bojan Zdrnja | Finjan blocking access to isc.sans.org |
| 2008-12-04/a> | Bojan Zdrnja | Rogue DHCP servers |
| 2008-12-03/a> | Andre Ludwig | New ISC Poll! Has your organization suffered a DDoS (Distributed Denial of Service) attack in the last year? |
| 2008-12-02/a> | Deborah Hale | Sonicwall License Manager Failure |
| 2008-11-30/a> | Mari Nichols | Rejected Email Issues |
| 2008-11-29/a> | Pedro Bueno | Possible Mumbai Scams? |
| 2008-11-29/a> | Pedro Bueno | Ubuntu users: Time to update! |
| 2008-11-25/a> | Andre Ludwig | OS X Dns Changers part three |
| 2008-11-25/a> | Andre Ludwig | Tmobile G1 handsets having DNS problems? |
| 2008-11-25/a> | Andre Ludwig | The beginnings of a collaborative approach to IDS |
| 2008-11-22/a> | G. N. White | Picture Printing Kiosks & Flash Memory Devices |
| 2008-11-20/a> | Jason Lam | Large quantity SQL Injection mitigation |
| 2008-11-17/a> | Jim Clausing | A new cheat sheet and a contest |
| 2008-11-17/a> | Marcus Sachs | New Tool: NetWitness Investigator |
| 2008-11-17/a> | Jim Clausing | Finding stealth injected DLLs |
| 2008-11-17/a> | Jim Clausing | Critical update to Adobe AIR |
| 2008-11-16/a> | Maarten Van Horenbeeck | Detection of Trojan control channels |
| 2008-11-14/a> | Stephen Hall | More updated tools |
| 2008-11-13/a> | Jim Clausing | Some recently updated tools |
| 2008-11-12/a> | John Bambenek | Thoughts on Security Intelligence (McColo Corp alleged spam/malware host knocked offline) |
| 2008-11-11/a> | Swa Frantzen | Acrobat continued activity in the wild |
| 2008-11-11/a> | Swa Frantzen | Phishing for Google adwords |
| 2008-11-11/a> | Swa Frantzen | November Black Tuesday Overview |
| 2008-11-10/a> | Stephen Hall | Apple breathing iLife into 10.4 |
| 2008-11-10/a> | Stephen Hall | Adobe Reader Vulnerability - part 2 |
| 2008-11-06/a> | Joel Esler | More Adobe Updates |
| 2008-11-05/a> | donald smith | hacking the election |
| 2008-11-05/a> | donald smith | If you missed President Elect Obamas speech have some malware instead |
| 2008-11-04/a> | Marcus Sachs | Cyber Security Awareness Month 2008 - Summary and Links |
| 2008-11-03/a> | Joel Esler | Day 34 -- Feeding The Lessons Learned Back to the Preparation Phase |
| 2008-11-02/a> | Mari Nichols | Day 33 - Working with Management to Improve Processes |
| 2008-11-02/a> | Adrien de Beaupre | Daylight saving time |
| 2008-11-01/a> | Koon Yaw Tan | Day 32 - What Should I Make Public? |
| 2008-10-31/a> | Rick Wanner | Day 31 - Legal Awareness |
| 2008-10-30/a> | Kevin Liston | Day 30 - Applying Patches and Updates |
| 2008-10-30/a> | Kevin Liston | Opera 9.62 available - security update |
| 2008-10-29/a> | Deborah Hale | Day 29 - Should I Switch Software Vendors? |
| 2008-10-28/a> | Jason Lam | Day 28 - Avoiding Finger Pointing and the Blame Game |
| 2008-10-27/a> | Johannes Ullrich | Day 27 - Validation via Vulnerability Scanning |
| 2008-10-25/a> | Koon Yaw Tan | Day 25 - Finding and Removing Hidden Files and Directories |
| 2008-10-25/a> | Rick Wanner | Day 26 - Restoring Systems from Backup |
| 2008-10-24/a> | Stephen Hall | Day 24 - Cleaning Email Servers and Clients |
| 2008-10-23/a> | Mark Hofman | Microsoft out-of-band patch - Severity Critical |
| 2008-10-22/a> | Johannes Ullrich | Day 22 - Wiping Disks and Media |
| 2008-10-22/a> | Joel Esler | Podcast Episode Eleven Posted |
| 2008-10-22/a> | Mari Nichols | Opera 9.6.1 Released |
| 2008-10-22/a> | Chris Carboni | Day 23 - Turning off Unused Services |
| 2008-10-21/a> | Johannes Ullrich | Wireshark 1.0.4 released |
| 2008-10-21/a> | Johannes Ullrich | Day 21 - Removing Bots, Keyloggers, and Spyware |
| 2008-10-20/a> | Johannes Ullrich | Fraudulent ATM Reactivation Phone Calls. |
| 2008-10-20/a> | Raul Siles | Day 20 - Eradicating a Rootkit |
| 2008-10-19/a> | Lorna Hutcheson | Day 19 - Eradication: Forensic Analysis Tools - What Happened? |
| 2008-10-18/a> | Rick Wanner | Updates to SysInternals tools! |
| 2008-10-17/a> | Patrick Nolan | Day 17 - Containing a DNS Hijacking |
| 2008-10-17/a> | Rick Wanner | Day 18 - Containing Other Incidents |
| 2008-10-16/a> | Mark Hofman | Day 16 - Containing a Malware Outbreak |
| 2008-10-15/a> | Rick Wanner | Day 15 - Containing the Damage From a Lost or Stolen Laptop |
| 2008-10-15/a> | Mari Nichols | Adobe Flash 10 Released |
| 2008-10-14/a> | Swa Frantzen | Day 14 - Containment: a Personal IdentityTheft Incident |
| 2008-10-14/a> | Swa Frantzen | October Black Tuesday Overview |
| 2008-10-14/a> | Swa Frantzen | Oracle quarterly patches on black tuesday |
| 2008-10-13/a> | Adrien de Beaupre | Day 13 - Containment: Containing on Production Systems Such as a Web Server |
| 2008-10-12/a> | Mari Nichols | Day 12 Containment: Gathering Evidence That Can be Used in Court |
| 2008-10-11/a> | Stephen Hall | Day 11 - Identification: Other Methods of Identifying an Incident |
| 2008-10-10/a> | Marcus Sachs | Day 10 - Identification: Using Your Help Desk to Identify Security Incidents |
| 2008-10-10/a> | Marcus Sachs | Fake Microsoft Update Email |
| 2008-10-09/a> | Marcus Sachs | Day 9 - Identification: Log and Audit Analysis |
| 2008-10-09/a> | Bojan Zdrnja | Watch that .htaccess file on your web site |
| 2008-10-08/a> | Johannes Ullrich | Day 8 - Global Incident Awareness |
| 2008-10-08/a> | Johannes Ullrich | Domaincontrol (GoDaddy) Nameservers DNS Poisoning |
| 2008-10-07/a> | Kyle Haugsness | Day 7 - Identification: Host-based Intrusion Detection Systems |
| 2008-10-07/a> | Kyle Haugsness | Good reading and a malware challenge |
| 2008-10-06/a> | Jim Clausing | Day 6 - Network-based Intrusion Detection Systems |
| 2008-10-05/a> | Stephen Hall | Day 5 - Identification: Events versus Incidents |
| 2008-10-04/a> | Marcus Sachs | Day 4 - Preparation: What Goes Into a Response Kit |
| 2008-10-03/a> | Jason Lam | Day 3 - Preparation: Building Checklists |
| 2008-10-02/a> | Marcus Sachs | Day 2 - Preparation: Building a Response Team |
| 2008-10-01/a> | Marcus Sachs | Day 1 - Preparation: Policies, Management Support, and User Awareness |
| 2008-10-01/a> | Rick Wanner | Handler Mailbag |
| 2008-09-30/a> | Marcus Sachs | Cyber Security Awareness Month - Daily Topics |
| 2008-09-29/a> | Daniel Wesemann | ASPROX mutant |
| 2008-09-29/a> | Daniel Wesemann | Patchbag: WinZip / MPlayer / RealWin SCADA vuln |
| 2008-09-24/a> | Deborah Hale | Flurry of Security Advisories from CISCO |
| 2008-09-22/a> | Maarten Van Horenbeeck | Data exfiltration and the use of anonymity providers |
| 2008-09-22/a> | Jim Clausing | Lessons learned from the Palin (and other) account hijacks |
| 2008-09-22/a> | Jim Clausing | More on tools/resources/blogs |
| 2008-09-21/a> | Mari Nichols | You still have time! |
| 2008-09-20/a> | Rick Wanner | New (to me) nmap Features |
| 2008-09-19/a> | Bojan Zdrnja | VMWare ESX(i) 3.5 security patches |
| 2008-09-18/a> | Bojan Zdrnja | Monitoring HTTP User-Agent fields |
| 2008-09-16/a> | Joel Esler | Apple Updates you may have missed in the past week |
| 2008-09-16/a> | donald smith | Don't open that invoice.zip file its not from UPS |
| 2008-09-15/a> | donald smith | Fake antivirus 2009 and search engine results |
| 2008-09-11/a> | David Goldsmith | CookieMonster is coming to Pown (err, Town) |
| 2008-09-10/a> | Adrien de Beaupre | Mailbag: OSSEC 1.6 released, NMAP 4.75 released |
| 2008-09-10/a> | Adrien de Beaupre | Apple updates iPod Touch + Bonjour for Windows |
| 2008-09-09/a> | Swa Frantzen | wordpress upgrade |
| 2008-09-09/a> | Swa Frantzen | Apple updates iTunes+QuickTime |
| 2008-09-09/a> | Swa Frantzen | The complaint that's an attack |
| 2008-09-09/a> | Swa Frantzen | Google Chrome being polished |
| 2008-09-09/a> | Swa Frantzen | Evil side economy: $1 for breaking 1000 CAPTCHAs |
| 2008-09-09/a> | Swa Frantzen | September 2008 Black Tuesday Overview |
| 2008-09-08/a> | Raul Siles | CitectSCADA ODBC service exploit published |
| 2008-09-08/a> | Raul Siles | Quick Analysis of the 2007 Web Application Security Statistics |
| 2008-09-07/a> | Lorna Hutcheson | Malware Analysis: Tools are only so good |
| 2008-09-07/a> | Daniel Wesemann | Staying current, but not too current |
| 2008-09-04/a> | Chris Carboni | Wireshark 1.0.3 released |
| 2008-09-03/a> | Daniel Wesemann | Static analysis of Shellcode |
| 2008-09-03/a> | Daniel Wesemann | Static analysis of Shellcode - Part 2 |
| 2008-09-03/a> | donald smith | New bgp hijack isn't very new. |
| 2008-09-01/a> | John Bambenek | The Number of Machines Controlled by Botnets Has Jumped 4x in Last 3 Months |
| 2008-08-26/a> | Joel Esler | Podcast Episode X Record Notice |
| 2008-08-26/a> | John Bambenek | Active attacks using stolen SSH keys (UPDATED) |
| 2008-08-25/a> | John Bambenek | Thoughts on the Best Western Compromise |
| 2008-08-20/a> | Adrien de Beaupre | From the mailbag, Opera 9.52... |
| 2008-08-16/a> | Marcus Sachs | Another Infected Digital Photo Frame |
| 2008-08-15/a> | Jim Clausing | Joomla user password reset vulnerability being actively exploited |
| 2008-08-15/a> | Jim Clausing | Another MS update that may have escaped notice |
| 2008-08-15/a> | Jim Clausing | WebEx ActiveX buffer overflow |
| 2008-08-14/a> | Mari Nichols | SBC Outage? |
| 2008-08-13/a> | Adrien de Beaupre | CNN switched to MSNBC |
| 2008-08-12/a> | Johannes Ullrich | VMWare ESX 3.5u2 Errors |
| 2008-08-12/a> | Stephen Hall | August 2008 Black Tuesday Overview |
| 2008-08-10/a> | Stephen Hall | Fake IE 7 update spam doing the rounds |
| 2008-08-10/a> | Stephen Hall | From lolly pops to afterglow |
| 2008-08-09/a> | Deborah Hale | Cleveland Outage |
| 2008-08-06/a> | Bojan Zdrnja | When spammers use your own e-mails |
| 2008-08-05/a> | Daniel Wesemann | The news update you never asked for |
| 2008-08-03/a> | Deborah Hale | Securing A Network - Lessons Learned |
| 2008-08-02/a> | Maarten Van Horenbeeck | A little of that human touch |
| 2008-08-01/a> | Swa Frantzen | Apple's Security Update 2008-005: DNS workaround finally included |
| 2008-07-30/a> | David Goldsmith | Serious 0-Day Flaw in Oracle -- Patch Released |
| 2008-07-24/a> | Bojan Zdrnja | What's brewing in Danmec's pot? |
| 2008-07-24/a> | Bojan Zdrnja | Mozilla releases Thunderbrid 2.0.0.16, fixes security vulnerabilities |
| 2008-07-24/a> | Kyle Haugsness | DNS cache poisoning vulnerability details confirmed |
| 2008-07-20/a> | Kevin Liston | Malware Intelligence: Making it Actionable |
| 2008-07-19/a> | William Salusky | A twist in fluxnet operations. Enter Hydraflux |
| 2008-07-18/a> | Adrien de Beaupre | Exit process? |
| 2008-07-17/a> | Mari Nichols | Firefox Releases 3.0.1 and fixes 3 security vulnerabilities |
| 2008-07-17/a> | Mari Nichols | Adobe Reader 9 Released |
| 2008-07-16/a> | Maarten Van Horenbeeck | Firefox 2.0.0.16 fixes two security vulnerabilities |
| 2008-07-15/a> | Maarten Van Horenbeeck | Extracting scripts and data from suspect PDF files |
| 2008-07-15/a> | Maarten Van Horenbeeck | Oracle (and BEA, Hyperion and TimesTen) critical patch update July 15th, 2008 |
| 2008-07-15/a> | Maarten Van Horenbeeck | BlackBerry PDF parsing vulnerability |
| 2008-07-14/a> | Daniel Wesemann | Obfuscated JavaScript Redux |
| 2008-07-14/a> | Daniel Wesemann | DR/BCM lessons from the Vancouver fire |
| 2008-07-11/a> | Raul Siles | How to Determine if Adobe Acrobat or Reader 8.1.2 Security Update 1 is Installed? |
| 2008-07-11/a> | Jim Clausing | Updates to some of our favorite tools |
| 2008-07-11/a> | Jim Clausing | Handling the load |
| 2008-07-11/a> | Jim Clausing | And you thought the DNS issue was an old one... |
| 2008-07-09/a> | Johannes Ullrich | Unpatched Word Vulnerability |
| 2008-07-09/a> | Johannes Ullrich | Java Update |
| 2008-07-08/a> | Swa Frantzen | Security implications in HVAC equipment |
| 2008-07-08/a> | Swa Frantzen | July 2008 black tuesday overview |
| 2008-07-08/a> | Joel Esler | Podcast Episode Eight Record Notice |
| 2008-07-07/a> | Scott Fendley | Microsoft Snapshot Viewer Security Advisory |
| 2008-07-07/a> | Pedro Bueno | Bad url classification |
| 2008-07-03/a> | Bojan Zdrnja | Detecting scripts in ASF files (part 2) |
| 2008-07-03/a> | Bojan Zdrnja | New Opera v9.51 fixes couple of security issues |
| 2008-07-01/a> | Joel Esler | Apple Posts 10.5.4, Security Update 2008-004, Time Machine + Apple Base Station Upgrades, and Safari upgrade for 10.4.11 |
| 2008-06-30/a> | Marcus Sachs | More SQL Injection with Fast Flux hosting |
| 2008-06-25/a> | Deborah Hale | Report of Coreflood.dr Infection |
| 2008-06-24/a> | Jason Lam | SQL Injection mitigation in ASP |
| 2008-06-24/a> | Jason Lam | Adobe Reader and Acrobat 8.1.2 Security Update |
| 2008-06-24/a> | Joel Esler | Podcast Episode Seven Record Notice |
| 2008-06-19/a> | William Stearns | Firefox vunerability |
| 2008-06-18/a> | Marcus Sachs | Olympics Part II |
| 2008-06-18/a> | Chris Carboni | Cisco Security Advisory |
| 2008-06-16/a> | Kevin Liston | Opera 9.5 is Available |
| 2008-06-16/a> | Marcus Sachs | Firefox 3.0 to be Released on Tuesday |
| 2008-06-14/a> | Lorna Hutcheson | Malware Detection - Take the Blinders Off |
| 2008-06-13/a> | Joel Esler | Podcast Episode Six |
| 2008-06-13/a> | Johannes Ullrich | Floods: More of the same (2) |
| 2008-06-12/a> | Bojan Zdrnja | Safari on Windows - not looking good |
| 2008-06-11/a> | John Bambenek | CitectSCADA Buffer Overflow Vulnerability |
| 2008-06-10/a> | Swa Frantzen | Ransomware keybreaking |
| 2008-06-10/a> | Swa Frantzen | Upgrade to QuickTime 7.5 |
| 2008-06-10/a> | Swa Frantzen | June 2008 Black Tuesday Overview |
| 2008-06-07/a> | Jim Clausing | What's going on with these ports? Got packets? |
| 2008-06-02/a> | Jim Clausing | Emergingthreats.net and ThePlanet |
| 2008-06-01/a> | Mark Hofman | Free Yahoo email account! Sign me up, Ok well maybe not. |
| 2008-06-01/a> | Mari Nichols | Updates to VMware resolve critical security issues |
| 2008-06-01/a> | Swa Frantzen | The Planet outage - what can we all learn from it? |
| 2008-05-29/a> | Joel Esler | Apple Update 10.5.3 and Apple Security Update 2008-003 |
| 2008-05-29/a> | Joel Esler | Creative Software AutoUpdate Engine ActiveX stack buffer overflow |
| 2008-05-28/a> | Joel Esler | Podcast Episode Five has been released |
| 2008-05-28/a> | Jim Clausing | Followup to Flash/swf stories |
| 2008-05-28/a> | Adrien de Beaupre | Another example of malicious SWF |
| 2008-05-27/a> | Adrien de Beaupre | Adobe flash player vuln |
| 2008-05-27/a> | Adrien de Beaupre | Malicious swf files? |
| 2008-05-26/a> | Marcus Sachs | Predictable Response |
| 2008-05-26/a> | Marcus Sachs | Port 1533 on the Rise |
| 2008-05-23/a> | Mike Poor | Cisco IOS Rootkit thoughts |
| 2008-05-22/a> | Chris Carboni | From the mailbag |
| 2008-05-20/a> | Raul Siles | List of malicious domains inserted through SQL injection |
| 2008-05-20/a> | Joel Esler | Podcast Episode Four has been released |
| 2008-05-20/a> | Raul Siles | Java 6 Update 6 has been released |
| 2008-05-19/a> | Maarten Van Horenbeeck | Text message and telephone aid scams |
| 2008-05-19/a> | Maarten Van Horenbeeck | Route filtering and its impact on the DNS fabric |
| 2008-05-17/a> | Jim Clausing | Disaster donation scams continue |
| 2008-05-16/a> | Daniel Wesemann | INFOcon back to green |
| 2008-05-15/a> | Bojan Zdrnja | INFOCon yellow: update your Debian generated keys/certs ASAP |
| 2008-05-14/a> | Bojan Zdrnja | War of the worlds? |
| 2008-05-13/a> | Swa Frantzen | May 2008 black tuesday overview |
| 2008-05-12/a> | Scott Fendley | Adobe Releases Security Updates |
| 2008-05-08/a> | Joel Esler | COMPROMISED FILE IN VIETNAMESE LANGUAGE PACK FOR FIREFOX 2 |
| 2008-05-07/a> | Jim Clausing | More on automated exploit generation |
| 2008-05-06/a> | Marcus Sachs | Industrial Control Systems Vulnerability |
| 2008-05-05/a> | John Bambenek | Defenses Against Automated Patch-Based Exploit Generation |
| 2008-05-03/a> | Deborah Hale | Windows Vista Update Causing Loss of Audio on Some Systems |
| 2008-05-02/a> | Adrien de Beaupre | Hi, remember me?... |
| 2008-05-01/a> | Joel Esler | ISC Podcast Episode Number 3 |
| 2008-04-30/a> | Bojan Zdrnja | (Minor) evolution in Mac DNS changer malware |
| 2008-04-29/a> | Bojan Zdrnja | Scripts in ASF files |
| 2008-04-27/a> | Marcus Sachs | What's With Port 20329? |
| 2008-04-25/a> | Joel Esler | Hey, where is the podcast? |
| 2008-04-25/a> | Joel Esler | Some packets perhaps? |
| 2008-04-24/a> | Maarten Van Horenbeeck | Targeted attacks using malicious PDF files |
| 2008-04-24/a> | donald smith | Hundreds of thousands of SQL injections |
| 2008-04-22/a> | donald smith | Spam to your calendar via Google agenda? |
| 2008-04-22/a> | donald smith | Symantec decomposer rar bypass allowed malicious content. |
| 2008-04-22/a> | donald smith | Maximus root kit downloads via MySpace social engineering trick. |
| 2008-04-20/a> | Joel Esler | Software Update -- Did Apple Do Enough? |
| 2008-04-18/a> | John Bambenek | EV SSL Certificates - Just once, why can't one of our poorly considered quick fixes work? |
| 2008-04-18/a> | John Bambenek | The Patch Window is Gone: Automated Patch-Based Exploit Generation |
| 2008-04-17/a> | Chris Carboni | Safari 3.1.1 Released |
| 2008-04-16/a> | Bojan Zdrnja | The 10.000 web sites infection mystery solved |
| 2008-04-16/a> | William Stearns | Passer, a aassive machine and service sniffer |
| 2008-04-15/a> | Johannes Ullrich | SRI Malware Threat Center |
| 2008-04-14/a> | John Bambenek | A Federal Subpoena or Just Some More Spam & Malware? |
| 2008-04-11/a> | John Bambenek | ADSL Router / Cable Modem / Home Wireless AP Hardening in 5 Steps |
| 2008-04-10/a> | Deborah Hale | Abuse Contacts |
| 2008-04-09/a> | Raul Siles | Critical vulnerabilities in Adobe Flash Player |
| 2008-04-09/a> | Joel Esler | ISC Podcast Episode Number 2 |
| 2008-04-08/a> | Swa Frantzen | Symantec's Global Internet Security Threat Report |
| 2008-04-08/a> | Swa Frantzen | April 2008 - Black Tuesday Overview |
| 2008-04-08/a> | Swa Frantzen | Notes file viewer vulnerabilities |
| 2008-04-07/a> | John Bambenek | HP USB Keys Shipped with Malware for your Proliant Server |
| 2008-04-07/a> | John Bambenek | Got Kraken? |
| 2008-04-07/a> | John Bambenek | Kraken Technical Details: UPDATED x3 |
| 2008-04-06/a> | Tony Carothers | Happenings in the Northeast US |
| 2008-04-06/a> | Daniel Wesemann | Advanced obfuscated JavaScript analysis |
| 2008-04-04/a> | Daniel Wesemann | Tax day scams |
| 2008-04-04/a> | Daniel Wesemann | nmidahena |
| 2008-04-03/a> | Bojan Zdrnja | Mixed (VBScript and JavaScript) obfuscation |
| 2008-04-03/a> | Bojan Zdrnja | VB detection: is it so difficult? |
| 2008-04-03/a> | Bojan Zdrnja | Opera fixes vulnerabilities and Microsoft announces April's fixes |
| 2008-04-02/a> | Adrien de Beaupre | When is a DMG file not a DMG file |
| 2008-03-30/a> | Mark Hofman | Mail Anyone? |
| 2008-03-27/a> | Johannes Ullrich | Internet Storm Center Podcast |
| 2008-03-27/a> | Pedro Bueno | Freedom of Speech...or not? |
| 2008-03-27/a> | Maarten Van Horenbeeck | Guarding the guardians: a story of PGP key ring theft |
| 2008-03-26/a> | Raul Siles | ORDB.org blocklisting all IP addresses |
| 2008-03-25/a> | Raul Siles | New Security Challenge - It Happened One Friday |
| 2008-03-23/a> | Johannes Ullrich | Finding hidden gems (easter eggs) in your logs (packet challenge!) |
| 2008-03-22/a> | Koon Yaw Tan | Microsoft Security Advisory Released (950627) |
| 2008-03-20/a> | Joel Esler | APPLE-SA-2008-03-19 AirPort Extreme Base Station Firmware 7.3.1 |
| 2008-03-20/a> | Joel Esler | Potential Vulnerability in Flash CS3 Professional, Flash Professional 8 and Flash Basic 8? |
| 2008-03-19/a> | Raul Siles | VMware updates resolve critical security issues (VMSA-2008-0005) |
| 2008-03-12/a> | Joel Esler | Don't use G-Archiver |
| 2008-03-12/a> | Joel Esler | Adobe security updates |
| 2008-03-11/a> | Swa Frantzen | March Black Tuesday Overview |
| 2008-02-12/a> | Swa Frantzen | February Black Tuesday Overview |
| 2008-01-08/a> | Swa Frantzen | January Black Tuesday overview |
| 2007-12-11/a> | Swa Frantzen | December black tuesday overview |
| 2007-11-13/a> | Swa Frantzen | november black tuesday overview |
| 2007-10-09/a> | Swa Frantzen | October Black Tuesday overview |
| 2007-09-11/a> | Swa Frantzen | September microsoft patch overview |
| 2007-08-14/a> | Swa Frantzen | August 'Black Tuesday' overview |
| 2007-07-10/a> | Swa Frantzen | July 'Black Tuesday' overview |
| 2007-06-12/a> | Johannes Ullrich | June 2007, Microsoft Patch Tuesday Overview. |
| 2007-05-08/a> | Swa Frantzen | May 2007, Black Tuesday patch overview |
| 2007-04-10/a> | Swa Frantzen | Microsoft black Tuesday patches - April 2007 |
| 2007-04-03/a> | Swa Frantzen | * Microsoft out of cycle patch |
| 2007-02-13/a> | Swa Frantzen | Microsoft Black Tuesday patches - February 2007 |
| 2007-01-09/a> | Swa Frantzen | Microsoft Patches - January 2007 - overview |
| 2007-01-03/a> | Toby Kohlenberg | VLC Media Player udp URL handler Format String Vulnerability |
| 2006-12-26/a> | Swa Frantzen | Vista: better security [Y/N] ? |
| 2006-12-18/a> | Toby Kohlenberg | ORDB Shutting down |
| 2006-12-12/a> | Swa Frantzen | Microsoft Black Tuesday - December 2006 overview |
| 2006-12-12/a> | Robert Danford | MS06-078: 2 Windows Media Format Vulnerabilities (CVE-2006-4702, CVE-2006-6134) |
| 2006-12-12/a> | Swa Frantzen | Microsoft Office 2004 - Mac OS X updated |
| 2006-12-12/a> | Swa Frantzen | Offline Microsoft Patching |
| 2006-12-12/a> | Swa Frantzen | The missing Microsoft patches |
| 2006-12-08/a> | Jim Clausing | nmap-4.20 released |
| 2006-11-29/a> | Toby Kohlenberg | New Vulnerability Announcement and patches from Apple |
| 2006-11-29/a> | Toby Kohlenberg | Week of Oracle bugs cancelled |
| 2006-11-29/a> | Toby Kohlenberg | New Adobe vulnerability |
| 2006-11-14/a> | Swa Frantzen | Microsoft Black Tuesday Overview |
| 2006-11-14/a> | Swa Frantzen | Adobe Flash update available |
| 2006-11-14/a> | Jim Clausing | MS06-069: Adobe Flash Player |
| 2006-10-30/a> | William Salusky | ToD - Configuration Management - maintaining security awareness |
| 2006-10-18/a> | Robert Danford | Oracle Quarterly Critical Patch Update (Oct 2006) |
| 2006-10-17/a> | Arrigo Triulzi | Hacking Tor, the anonymity onion routing network |
| 2006-10-09/a> | Swa Frantzen | Microsoft black tuesday - October 2006 STATUS |
| 2006-10-08/a> | Swa Frantzen | Spam Backscatter |
| 2006-10-05/a> | John Bambenek | There are no more Passive Exploits |
| 2006-10-02/a> | Jim Clausing | Reader's tip of the day: ratios vs. raw counts |
| 2006-09-30/a> | Robert Danford | *WebViewFolderIcon ActiveX control exploit(s) in the wild |
| 2006-09-28/a> | Swa Frantzen | Powerpoint, yet another new vulnerability |
| 2006-09-28/a> | Swa Frantzen | MSIE: One patched, one pops up again (setslice) |
| 2006-09-26/a> | Jim Clausing | MS06-049 re-release |
| 2006-09-22/a> | Swa Frantzen | Yellow: MSIE VML exploit spreading |
| 2006-09-21/a> | Johannes Ullrich | Apple updates Airport Drivers |
| 2006-09-19/a> | Swa Frantzen | Yet another MSIE 0-day: VML |
| 2006-09-18/a> | Jim Clausing | Log analysis follow up |
| 2006-09-15/a> | Swa Frantzen | MSIE DirectAnimation ActiveX 0-day update |
| 2006-09-13/a> | Swa Frantzen | PHP - shared hosters, take note. |
| 2006-09-12/a> | Swa Frantzen | Apple Quicktime 7.1.3 released |
| 2006-09-12/a> | Swa Frantzen | Microsoft security patches for September 2006 |
| 2006-09-12/a> | Swa Frantzen | Adobe Flash player upgrade time |
| 2006-09-09/a> | Jim Clausing | Log Analysis tips? |
| 2006-09-09/a> | Jim Clausing | New feature at isc.sans.org |
| 2006-09-09/a> | Jim Clausing | A few preliminary log analysis thoughts |
| 2006-09-06/a> | Johannes Ullrich | Updated Packet Attack flash animation |
| 2006-09-01/a> | Joel Esler | CA eTrust Antivirus [was] flagging lsass.e x e |
| 2006-08-31/a> | Joel Esler | Contacting the ISC, good practices for response |
| 2006-08-31/a> | Swa Frantzen | NT botnet submitted |
| 2006-08-31/a> | Swa Frantzen | Mailbag grab |
| 2006-08-17/a> | Swa Frantzen | Microsoft August 2006 Patches: STATUS |
| 2000-01-02/a> | Deborah Hale | 2010 A Look Back - 2011 A Look Ahead |
| 2000-01-01/a> | Manuel Humberto Santander Pelaez | Happy New Year 2011!!! |
0DAY |
| 2025-03-11/a> | Johannes Ullrich | Apple Fixes Exploited WebKit Vulnerability in iOS, MacOS, visionOS and Safari |
| 2024-03-05/a> | Johannes Ullrich | Apple Releases iOS/iPadOS Updates with Zero Day Fixes. |
| 2024-01-22/a> | Johannes Ullrich | Apple Updates Everything - New 0 Day in WebKit |
| 2023-09-07/a> | Johannes Ullrich | Apple Releases iOS/iPadOS 16.6.1, macOS 13.5.2, watchOS 9.6.2 fixing two zeroday vulnerabilities |
| 2023-06-22/a> | Johannes Ullrich | Apple Patches Exploited Vulnerabilities in iOS/iPadOS, macOS, watchOS and Safari |
| 2023-04-07/a> | Johannes Ullrich | Apple Patching Two 0-Day Vulnerabilities in iOS and macOS |
| 2022-08-17/a> | Johannes Ullrich | Apple Patches Two Exploited Vulnerabilities |
| 2022-02-10/a> | Johannes Ullrich | iOS/iPadOS and MacOS Update: Single WebKit 0-Day Vulnerability Patched |
| 2021-03-03/a> | Johannes Ullrich | Microsoft Releases Exchange Emergency Patch to Fix Actively Exploited Vulnerability |
| 2018-02-01/a> | Johannes Ullrich | Adobe Flash 0-Day Used Against South Korean Targets |
| 2016-08-25/a> | Xavier Mertens | Out-of-Band iOS Patch Fixes 0-Day Vulnerabilities |
| 2016-04-06/a> | Bojan Zdrnja | YAFP (Yet Another Flash Patch) |
| 2015-02-05/a> | Johannes Ullrich | Adobe Flash Player Update Released, Fixing CVE 2015-0313 |
| 2015-01-23/a> | Adrien de Beaupre | Infocon change to yellow for Adobe Flash issues |
| 2014-07-28/a> | Johannes Ullrich | Interesting HTTP User Agent "chroot-apach0day" |
| 2014-05-21/a> | John Bambenek | New, Unpatched IE 0 Day published at ZDI |
| 2013-08-28/a> | Bojan Zdrnja | MS13-056 (false positive)? alerts |
| 2013-05-09/a> | John Bambenek | Adobe Releases 0-day Security Advisory for Coldfusion, Exploit Code Available. Advisory here: http://www.adobe.com/support/security/advisories/apsa13-03.html |
| 2013-02-07/a> | John Bambenek | Adobe Releases Patches for 0-day Vulnerability in Flash Player for Windows and Mac, Upgrade now: http://www.adobe.com/support/security/bulletins/apsb13-04.html |
| 2011-12-29/a> | Richard Porter | ASP.Net Vulnerability |
| 2011-11-16/a> | Jason Lam | Potential 0-day on Bind 9 |
| 2011-05-06/a> | Richard Porter | Unpatched Exploit: Skype for MAC |
| 2010-12-22/a> | John Bambenek | IIS 7.5 0-Day DoS (processing FTP requests) |
| 2010-11-24/a> | Bojan Zdrnja | Privilege escalation 0-day in almost all Windows versions |
| 2010-11-01/a> | Manuel Humberto Santander Pelaez | CVE-2010-3654 exploit in the wild |
| 2010-10-28/a> | Manuel Humberto Santander Pelaez | CVE-2010-3654 - New dangerous 0-day authplay library adobe products vulnerability |
| 2010-10-26/a> | Pedro Bueno | Firefox news |
| 2010-03-01/a> | Mark Hofman | IE 0-day using .hlp files |
| 2010-02-09/a> | Adrien de Beaupre | When is a 0day not a 0day? Samba symlink bad default config |
| 2010-01-14/a> | Bojan Zdrnja | 0-day vulnerability in Internet Explorer 6, 7 and 8 |
| 2010-01-12/a> | Johannes Ullrich | Pre-Announced Adobe Reader and Acrobat Patch Found! |
| 2010-01-07/a> | Daniel Wesemann | Static analysis of malicious PDFs |
| 2010-01-07/a> | Daniel Wesemann | Static analysis of malicous PDFs (Part #2) |
| 2009-12-27/a> | Patrick Nolan | Pressure increasing for Microsoft to patch IIS 0 day |
| 2009-12-15/a> | Johannes Ullrich | Adobe 0-day in the wild - again |
| 2009-11-22/a> | Marcus Sachs | IE6 and IE7 0-Day Reported |
| 2009-09-08/a> | Adrien de Beaupre | Microsoft Security Advisory 975191 Revised |
| 2009-09-04/a> | Adrien de Beaupre | Vulnerabilities (plural) in MS IIS FTP Service 5.0, 5.1. 6.0, 7.0 |
| 2009-08-31/a> | Pedro Bueno | Microsoft IIS 5/6 FTP 0Day released |
| 2009-07-22/a> | Bojan Zdrnja | YA0D (Yet Another 0-Day) in Adobe Flash player |
| 2009-07-17/a> | Bojan Zdrnja | A new fascinating Linux kernel vulnerability |
| 2009-04-29/a> | Jason Lam | Two Adobe 0-day vulnerabilities |
| 2009-03-18/a> | Adrien de Beaupre | Adobe Security Bulletin Adobe Reader and Acrobat |
| 2009-02-25/a> | Andre Ludwig | Adobe Acrobat pdf 0-day exploit, No JavaScript needed! |
| 2008-12-12/a> | Johannes Ullrich | MSIE 0-day Spreading Via SQL Injection |
| 2008-12-12/a> | Kevin Liston | IE7 0day expanded to include IE6 and IE8(beta) |
| 2008-12-10/a> | Bojan Zdrnja | 0-day exploit for Internet Explorer in the wild |
| 2006-11-29/a> | Toby Kohlenberg | Week of Oracle bugs cancelled |
| 2006-09-28/a> | Swa Frantzen | Powerpoint, yet another new vulnerability |
| 2006-09-28/a> | Swa Frantzen | MSIE: One patched, one pops up again (setslice) |
| 2006-09-22/a> | Swa Frantzen | Yellow: MSIE VML exploit spreading |
| 2006-09-19/a> | Swa Frantzen | Yet another MSIE 0-day: VML |
| 2006-09-15/a> | Swa Frantzen | MSIE DirectAnimation ActiveX 0-day update |
SERIES |
| 2013-01-09/a> | Richard Porter | The 80's called - They Want Their Mainframe Back! |
| 2010-02-09/a> | Adrien de Beaupre | When is a 0day not a 0day? Samba symlink bad default config |
