IIS ASP INJECTION |
| 2010-06-09 | Deborah Hale | Mass Infection of IIS/ASP Sites |
IIS |
| 2015-04-15/a> | Johannes Ullrich | MS15-034: HTTP.sys (IIS) DoS And Possible Remote Code Execution. PATCH NOW |
| 2010-12-22/a> | John Bambenek | IIS 7.5 0-Day DoS (processing FTP requests) |
| 2010-06-09/a> | Deborah Hale | Mass Infection of IIS/ASP Sites |
| 2009-12-29/a> | Rick Wanner | Microsoft responds to possible IIS 6 0-day |
| 2009-12-28/a> | Johannes Ullrich | 8 Basic Rules to Implement Secure File Uploads http://jbu.me/48 (inspired by IIS ; bug) |
| 2009-12-27/a> | Patrick Nolan | Pressure increasing for Microsoft to patch IIS 0 day |
| 2009-12-24/a> | Guy Bruneau | Microsoft IIS File Parsing Extension Vulnerability |
| 2009-09-08/a> | Adrien de Beaupre | Microsoft Security Advisory 975191 Revised |
| 2009-09-04/a> | Adrien de Beaupre | Vulnerabilities (plural) in MS IIS FTP Service 5.0, 5.1. 6.0, 7.0 |
| 2009-05-24/a> | Raul Siles | IIS admins, help finding WebDAV remotely using nmap |
| 2009-05-21/a> | Adrien de Beaupre | IIS admins, help finding WebDAV |
| 2009-05-15/a> | Daniel Wesemann | IIS6.0 WebDav Remote Auth Bypass |
| 2009-01-12/a> | William Salusky | Web Application Firewalls (WAF) - Have you deployed WAF technology? |
| 2008-04-18/a> | John Bambenek | IIS Vulnerability Documented by Microsoft - Includes Workarounds |
ASP |
| 2022-08-30/a> | Johannes Ullrich | Two things that will never die: bash scripts and IRC! |
| 2022-05-03/a> | Johannes Ullrich | Some Honeypot Updates |
| 2021-03-15/a> | Didier Stevens | Finding Metasploit & Cobalt Strike URLs |
| 2020-07-27/a> | Didier Stevens | Analyzing Metasploit ASP .NET Payloads |
| 2020-06-25/a> | Johannes Ullrich | Tech Tuesday Recap / Recordings: Part 2 (Installing the Honeypot) release. |
| 2020-02-27/a> | Xavier Mertens | Offensive Tools Are For Blue Teams Too |
| 2019-08-28/a> | Johannes Ullrich | [Guest Diary] Open Redirect: A Small But Very Common Vulnerability |
| 2019-08-05/a> | Rick Wanner | Scanning for Bluekeep vulnerable RDP instances |
| 2017-11-06/a> | Didier Stevens | Metasploit's Maldoc |
| 2017-08-03/a> | Johannes Ullrich | Using a Raspberry Pi honeypot to contribute data to DShield/ISC |
| 2017-05-03/a> | Bojan Zdrnja | Powershelling with exploits |
| 2015-03-08/a> | Brad Duncan | What Happened to You, Asprox Botnet? |
| 2015-02-17/a> | Rob VandenBrink | A Different Kind of Equation |
| 2014-09-10/a> | Johannes Ullrich | Content Security Policy (CSP) is Growing Up. |
| 2014-07-11/a> | Rob VandenBrink | Metasploit Update Alert |
| 2014-06-12/a> | Johannes Ullrich | Metasploit now includes module to exploit CVE-2014-0195 (OpenSSL DTLS Fragment Vuln.) |
| 2013-10-25/a> | Rob VandenBrink | Kaspersky flags TCPIP.SYS as Malware |
| 2013-05-27/a> | Johannes Ullrich | Nuclear Scientists, Pandas and EMET Keeping Me Honest |
| 2013-03-13/a> | Johannes Ullrich | IPv6 Focus Month: Kaspersky Firewall IPv6 Vulnerability |
| 2013-01-22/a> | Richard Porter | Using Metasploit for Patch Sanity Checks |
| 2013-01-02/a> | Russ McRee | EMET 3.5: The Value of Looking Through an Attacker's Eyes |
| 2012-07-13/a> | Russ McRee | 2 for 1: SANSFIRE & MSRA presentations |
| 2012-06-18/a> | Guy Bruneau | CVE-2012-1875 exploit is now available |
| 2012-04-26/a> | Richard Porter | Packetstorm Security and Metasploit have Exploit code for MS12-027 |
| 2011-12-29/a> | Richard Porter | ASP.Net Vulnerability |
| 2011-11-01/a> | Russ McRee | Secure languages & frameworks |
| 2011-08-02/a> | Mark Hofman | Metsploit 4 hits the downloads |
| 2011-07-27/a> | Daniel Wesemann | OWASP Session Management "Cheat Sheet" |
| 2011-05-07/a> | Rick Wanner | Belated May 2: Metasploit 3.7.0 released. http://blog.metasploit.com/2011/05/metasploit-framework-370-released.html |
| 2011-02-21/a> | Adrien de Beaupre | Kaspersky update servers unreachable |
| 2010-09-28/a> | Daniel Wesemann | MS10-070 OOB Patch for ASP.NET vulnerability |
| 2010-09-27/a> | Adrien de Beaupre | MS OOB patch tomorrow for Security Advisory 2416728 |
| 2010-09-18/a> | Rick Wanner | Microsoft Security Advisory for ASP.NET |
| 2010-07-20/a> | Manuel Humberto Santander Pelaez | LNK vulnerability now with Metasploit module implementing the WebDAV method |
| 2010-07-18/a> | Manuel Humberto Santander Pelaez | New metasploit GUI written in Java |
| 2010-06-14/a> | Manuel Humberto Santander Pelaez | Metasploit 101 |
| 2010-06-09/a> | Deborah Hale | Mass Infection of IIS/ASP Sites |
| 2010-05-19/a> | Kyle Haugsness | Metasploit 3.4.0 released |
| 2009-12-28/a> | Johannes Ullrich | 8 Basic Rules to Implement Secure File Uploads http://jbu.me/48 (inspired by IIS ; bug) |
| 2009-11-17/a> | Guy Bruneau | Metasploit Framework 3.3 Released |
| 2008-06-10/a> | Swa Frantzen | Ransomware keybreaking |
INJECTION |
| 2024-12-17/a> | Guy Bruneau | Command Injection Exploit For PHPUnit before 4.8.28 and 5.x before 5.6.3 [Guest Diary] |
| 2024-07-25/a> | Xavier Mertens | XWorm Hidden With Process Hollowing |
| 2024-04-29/a> | Johannes Ullrich | D-Link NAS Device Backdoor Abused |
| 2023-11-09/a> | Xavier Mertens | Visual Examples of Code Injection |
| 2022-09-14/a> | Xavier Mertens | Easy Process Injection within Python |
| 2022-02-10/a> | Johannes Ullrich | Zyxel Network Storage Devices Hunted By Mirai Variant |
| 2022-01-20/a> | Xavier Mertens | RedLine Stealer Delivered Through FTP |
| 2021-12-21/a> | Xavier Mertens | More Undetected PowerShell Dropper |
| 2021-12-10/a> | Xavier Mertens | Python Shellcode Injection From JSON Data |
| 2021-11-20/a> | Guy Bruneau | Hikvision Security Cameras Potentially Exposed to Remote Code Execution |
| 2021-07-06/a> | Xavier Mertens | Python DLL Injection Check |
| 2021-06-12/a> | Guy Bruneau | Fortinet Targeted for Unpatched SSL VPN Discovery Activity |
| 2021-04-29/a> | Xavier Mertens | From Python to .Net |
| 2021-02-13/a> | Guy Bruneau | vSphere Replication updates address a command injection vulnerability (CVE-2021-21976) - https://www.vmware.com/security/advisories/VMSA-2021-0001.html |
| 2020-11-19/a> | Xavier Mertens | PowerShell Dropper Delivering Formbook |
| 2020-09-24/a> | Xavier Mertens | Party in Ibiza with PowerShell |
| 2020-08-28/a> | Xavier Mertens | Example of Malicious DLL Injected in PowerShell |
| 2020-07-30/a> | Johannes Ullrich | Python Developers: Prepare!!! |
| 2018-09-28/a> | Xavier Mertens | More Excel DDE Code Injection |
| 2018-09-05/a> | Xavier Mertens | Malicious PowerShell Compiling C# Code on the Fly |
| 2017-05-05/a> | Xavier Mertens | HTTP Headers... the Achilles' heel of many applications |
| 2016-02-15/a> | Bojan Zdrnja | Exploiting (pretty) blind SQL injections |
| 2013-10-19/a> | Johannes Ullrich | Yet Another WHMCS SQL Injection Exploit |
| 2013-07-16/a> | Johannes Ullrich | Why don't we see more examples of web app attacks via POST? |
| 2013-02-17/a> | Guy Bruneau | HP ArcSight Connector Appliance and Logger Vulnerabilities |
| 2013-01-25/a> | Johannes Ullrich | Vulnerability Scans via Search Engines (Request for Logs) |
| 2013-01-09/a> | Rob VandenBrink | SQL Injection Flaw in Ruby on Rails |
| 2012-10-05/a> | Richard Porter | Reports of a Distributed Injection Scan |
| 2012-07-31/a> | Daniel Wesemann | SQL injection, lilupophilupop-style |
| 2011-12-01/a> | Mark Hofman | SQL Injection Attack happening ATM |
| 2011-06-06/a> | Johannes Ullrich | The Havij SQL Injection Tool |
| 2011-04-19/a> | Bojan Zdrnja | SQL injection: why can’t we learn? |
| 2011-04-01/a> | John Bambenek | LizaMoon Mass SQL-Injection Attack Infected at least 500k Websites |
| 2010-12-02/a> | Kevin Johnson | SQL Injection: Wordpress 3.0.2 released |
| 2010-08-15/a> | Manuel Humberto Santander Pelaez | Obfuscated SQL Injection attacks |
| 2010-06-09/a> | Deborah Hale | Mass Infection of IIS/ASP Sites |
| 2010-02-06/a> | Guy Bruneau | LANDesk Management Gateway Vulnerability |
| 2009-07-16/a> | Bojan Zdrnja | OWC exploits used in SQL injection attacks |
| 2009-05-19/a> | Bojan Zdrnja | Advanced blind SQL injection (with Oracle examples) |
| 2009-05-09/a> | Patrick Nolan | Shared SQL Injection Lessons Learned blog item |
| 2009-04-21/a> | Bojan Zdrnja | Web application vulnerabilities |
| 2009-02-11/a> | Robert Danford | ProFTPd SQL Authentication Vulnerability exploit activity |
| 2008-12-12/a> | Johannes Ullrich | MSIE 0-day Spreading Via SQL Injection |
| 2008-12-01/a> | Jason Lam | Input filtering and escaping in SQL injection mitigation |
| 2008-11-20/a> | Jason Lam | Large quantity SQL Injection mitigation |
| 2008-09-29/a> | Daniel Wesemann | ASPROX mutant |
| 2008-09-01/a> | John Bambenek | The Number of Machines Controlled by Botnets Has Jumped 4x in Last 3 Months |
| 2008-08-23/a> | Mark Hofman | SQL injections - an update |
| 2008-08-08/a> | Mark Hofman | More SQL Injections - very active right now |
| 2008-07-24/a> | Bojan Zdrnja | What's brewing in Danmec's pot? |
| 2008-06-30/a> | Marcus Sachs | More SQL Injection with Fast Flux hosting |
| 2008-06-24/a> | Jason Lam | SQL Injection mitigation in ASP |
| 2008-06-24/a> | Jason Lam | Microsoft SQL Injection Prevention Strategy |
| 2008-06-23/a> | donald smith | Preventing SQL injection |
| 2008-06-13/a> | Johannes Ullrich | SQL Injection: More of the same |
| 2008-05-20/a> | Raul Siles | List of malicious domains inserted through SQL injection |
| 2008-04-24/a> | donald smith | Hundreds of thousands of SQL injections |
| 2008-04-16/a> | Bojan Zdrnja | The 10.000 web sites infection mystery solved |
| 2008-03-14/a> | Kevin Liston | 2117966.net-- mass iframe injection |
| 2008-01-09/a> | Bojan Zdrnja | Mass exploits with SQL Injection |
| 2007-02-24/a> | Jason Lam | Prepared Statements and SQL injections |
