INFO STEALER |
| 2025-01-28 | Xavier Mertens | Fileless Python InfoStealer Targeting Exodus |
| 2021-12-01 | Xavier Mertens | Info-Stealer Using webhook.site to Exfiltrate Data |
| 2019-11-27 | Brad Duncan | Finding an Agent Tesla malware sample |
INFO |
| 2025-10-23/a> | Xavier Mertens | Infostealer Targeting Android Devices |
| 2025-10-15/a> | Xavier Mertens | Clipboard Pictures Exfiltration in Python Infostealer |
| 2025-05-06/a> | Xavier Mertens | Python InfoStealer with Embedded Phishing Webserver |
| 2025-05-05/a> | Johannes Ullrich | "Mirai" Now Exploits Samsung MagicINFO CMS (CVE-2024-7399) |
| 2025-04-15/a> | Xavier Mertens | Online Services Again Abused to Exfiltrate Data |
| 2025-01-29/a> | Xavier Mertens | From PowerShell to a Python Obfuscation Race! |
| 2025-01-28/a> | Xavier Mertens | Fileless Python InfoStealer Targeting Exodus |
| 2024-11-30/a> | Xavier Mertens | From a Regular Infostealer to its Obfuscated Version |
| 2024-11-22/a> | Xavier Mertens | An Infostealer Searching for « BIP-0039 » Data |
| 2024-11-07/a> | Xavier Mertens | Steam Account Checker Poisoned with Infostealer |
| 2024-10-31/a> | Guy Bruneau | October 2024 Activity with Username chenzilong |
| 2024-10-09/a> | Xavier Mertens | From Perfctl to InfoStealer |
| 2024-09-18/a> | Guy Bruneau | Time-to-Live Analysis of DShield Data with Vega-Lite |
| 2024-09-18/a> | Xavier Mertens | Python Infostealer Patching Windows Exodus App |
| 2024-08-27/a> | Xavier Mertens | Why Is Python so Popular to Infect Windows Hosts? |
| 2024-05-31/a> | Xavier Mertens | "K1w1" InfoStealer Uses gofile.io for Exfiltration |
| 2024-05-22/a> | Rob VandenBrink | NMAP Scanning without Scanning (Part 2) - The ipinfo API |
| 2024-02-20/a> | Xavier Mertens | Python InfoStealer With Dynamic Sandbox Detection |
| 2024-01-25/a> | Xavier Mertens | Facebook AdsManager Targeted by a Python Infostealer |
| 2023-12-22/a> | Xavier Mertens | Shall We Play a Game? |
| 2023-09-29/a> | Xavier Mertens | Are You Still Storing Passwords In Plain Text Files? |
| 2023-05-04/a> | Xavier Mertens | Infostealer Embedded in a Word Document |
| 2023-03-12/a> | Guy Bruneau | AsynRAT Trojan - Bill Payment (Pago de la factura) |
| 2023-03-01/a> | Xavier Mertens | Python Infostealer Targeting Gamers |
| 2023-02-18/a> | Guy Bruneau | Spear Phishing Handlers for Username/Password |
| 2023-02-04/a> | Guy Bruneau | Assemblyline as a Malware Analysis Sandbox |
| 2023-01-21/a> | Guy Bruneau | DShield Sensor JSON Log to Elasticsearch |
| 2023-01-08/a> | Guy Bruneau | DShield Sensor JSON Log Analysis |
| 2022-12-21/a> | Guy Bruneau | DShield Sensor Setup in Azure |
| 2022-12-18/a> | Guy Bruneau | Infostealer Malware with Double Extension |
| 2022-08-13/a> | Guy Bruneau | Phishing HTML Attachment as Voicemail Audio Transcription |
| 2022-08-11/a> | Xavier Mertens | InfoStealer Script Based on Curl and NSudo |
| 2022-03-23/a> | Brad Duncan | Arkei Variants: From Vidar to Mars Stealer |
| 2022-03-09/a> | Xavier Mertens | Infostealer in a Batch File |
| 2022-02-13/a> | Guy Bruneau | DHL Spear Phishing to Capture Username/Password |
| 2021-12-21/a> | Xavier Mertens | More Undetected PowerShell Dropper |
| 2021-12-14/a> | Johannes Ullrich | Log4j: Getting ready for the long haul (CVE-2021-44228) |
| 2021-12-01/a> | Xavier Mertens | Info-Stealer Using webhook.site to Exfiltrate Data |
| 2021-05-08/a> | Guy Bruneau | Who is Probing the Internet for Research Purposes? |
| 2021-04-06/a> | Jan Kopriva | Malspam with Lokibot vs. Outlook and RFCs |
| 2021-03-31/a> | Xavier Mertens | Quick Analysis of a Modular InfoStealer |
| 2021-03-12/a> | Guy Bruneau | Microsoft DHCP Logs Shipped to ELK |
| 2020-12-29/a> | Jan Kopriva | Want to know what's in a folder you don't have a permission to access? Try asking your AV solution... |
| 2019-11-27/a> | Brad Duncan | Finding an Agent Tesla malware sample |
| 2019-10-09/a> | Brad Duncan | What data does Vidar malware steal from an infected host? |
| 2019-01-24/a> | Brad Duncan | Malspam with Word docs uses macro to run Powershell script and steal system data |
| 2018-11-11/a> | Pasquale Stirparo | Community contribution: joining forces or multiply solutions? |
| 2017-05-06/a> | Xavier Mertens | The story of the CFO and CEO... |
| 2016-10-02/a> | Guy Bruneau | Is there an Infosec Cybersecurity Talent Shortage? |
| 2015-01-23/a> | Adrien de Beaupre | Infocon change to yellow for Adobe Flash issues |
| 2014-09-26/a> | Richard Porter | Why We Have Moved to InfoCon:Yellow |
| 2014-05-22/a> | Johannes Ullrich | Discontinuing Support for ISC Alert Task Bar Icon |
| 2014-04-14/a> | Kevin Shortt | INFOCon Green: Heartbleed - on the mend |
| 2013-02-17/a> | Guy Bruneau | HP ArcSight Connector Appliance and Logger Vulnerabilities |
| 2012-03-16/a> | Swa Frantzen | INFOCON Yellow - Microsoft RDP - MS12-020 |
| 2012-01-19/a> | Chris Mohan | WHOIS contacts are your friends |
| 2012-01-13/a> | Guy Bruneau | Sysinternals Updates - http://blogs.technet.com/b/sysinternals/archive/2012/01/13/updates-autoruns-v11-21-coreinfo-v3-03-portmon-v-3-03-process-explorer-v15-12-mark-s-blog-and-mark-at-rsa-2012.aspx |
| 2011-02-05/a> | Guy Bruneau | OpenSSH Legacy Certificate Information Disclosure Vulnerability |
| 2011-01-12/a> | Richard Porter | How Many Loyalty Cards do you Carry? |
| 2010-12-26/a> | Manuel Humberto Santander Pelaez | ISC infocon monitor app for OS X |
| 2010-10-22/a> | Manuel Humberto Santander Pelaez | Intypedia project |
| 2010-07-24/a> | Manuel Humberto Santander Pelaez | Transmiting logon information unsecured in the network |
| 2010-07-20/a> | Manuel Humberto Santander Pelaez | Lowering infocon back to green |
| 2010-06-15/a> | Manuel Humberto Santander Pelaez | iPhone 4 Order Security Breach Exposes Private Information |
| 2010-04-21/a> | Guy Bruneau | Google Chrome Security Update v4.1.249.1059 Released: http://googlechromereleases.blogspot.com/2010/04/stable-update-security-fixes.html |
| 2010-03-27/a> | Guy Bruneau | HP-UX Running NFS/ONCplus, Inadvertently Enabled NFS |
| 2010-01-17/a> | Mark Hofman | Why not Yellow? |
| 2009-11-29/a> | Patrick Nolan | A Cloudy Weekend |
| 2009-10-22/a> | Adrien de Beaupre | Sysinternals updates: Disk2vhd v1.1, ZoomIt v4.1, Coreinfo v2.0, VMMap v2.4 |
| 2009-10-04/a> | Guy Bruneau | Samba Security Information Disclosure and DoS |
| 2009-10-02/a> | Stephen Hall | New SysInternal fun for the weekend |
| 2009-07-13/a> | Adrien de Beaupre | * Infocon raised to yellow for Excel Web Components ActiveX vulnerability |
| 2009-07-10/a> | Guy Bruneau | WordPress Fixes Multiple vulnerabilities |
| 2009-07-07/a> | Marcus Sachs | * INFOCON Status - staying green |
| 2009-06-11/a> | Rick Wanner | MIR-ROR Motile Incident Response - Respond Objectively Remediate |
| 2009-03-02/a> | Swa Frantzen | Obama's leaked chopper blueprints: anything we can learn? |
| 2008-09-11/a> | David Goldsmith | CookieMonster is coming to Pown (err, Town) |
| 2008-08-12/a> | Johannes Ullrich | Upcoming Infocon Test and new Color |
| 2008-07-02/a> | Jim Clausing | Another little script I threw together |
| 2008-04-07/a> | John Bambenek | HP USB Keys Shipped with Malware for your Proliant Server |
| 2006-10-02/a> | Jim Clausing | Back to green, but the exploits are still running wild |
STEALER |
| 2025-10-23/a> | Xavier Mertens | Infostealer Targeting Android Devices |
| 2025-10-15/a> | Xavier Mertens | Clipboard Pictures Exfiltration in Python Infostealer |
| 2025-05-06/a> | Xavier Mertens | Python InfoStealer with Embedded Phishing Webserver |
| 2025-04-15/a> | Xavier Mertens | Online Services Again Abused to Exfiltrate Data |
| 2025-01-29/a> | Xavier Mertens | From PowerShell to a Python Obfuscation Race! |
| 2025-01-28/a> | Xavier Mertens | Fileless Python InfoStealer Targeting Exodus |
| 2024-11-30/a> | Xavier Mertens | From a Regular Infostealer to its Obfuscated Version |
| 2024-11-22/a> | Xavier Mertens | An Infostealer Searching for « BIP-0039 » Data |
| 2024-11-07/a> | Xavier Mertens | Steam Account Checker Poisoned with Infostealer |
| 2024-10-09/a> | Xavier Mertens | From Perfctl to InfoStealer |
| 2024-09-18/a> | Xavier Mertens | Python Infostealer Patching Windows Exodus App |
| 2024-08-27/a> | Xavier Mertens | Why Is Python so Popular to Infect Windows Hosts? |
| 2024-07-26/a> | Xavier Mertens | ExelaStealer Delivered "From Russia With Love" |
| 2024-05-31/a> | Xavier Mertens | "K1w1" InfoStealer Uses gofile.io for Exfiltration |
| 2024-02-20/a> | Xavier Mertens | Python InfoStealer With Dynamic Sandbox Detection |
| 2024-01-25/a> | Xavier Mertens | Facebook AdsManager Targeted by a Python Infostealer |
| 2023-12-22/a> | Xavier Mertens | Shall We Play a Game? |
| 2023-09-29/a> | Xavier Mertens | Are You Still Storing Passwords In Plain Text Files? |
| 2023-05-04/a> | Xavier Mertens | Infostealer Embedded in a Word Document |
| 2023-03-01/a> | Xavier Mertens | Python Infostealer Targeting Gamers |
| 2022-12-18/a> | Guy Bruneau | Infostealer Malware with Double Extension |
| 2022-08-11/a> | Xavier Mertens | InfoStealer Script Based on Curl and NSudo |
| 2022-04-06/a> | Brad Duncan | Windows MetaStealer Malware |
| 2022-03-23/a> | Brad Duncan | Arkei Variants: From Vidar to Mars Stealer |
| 2022-03-09/a> | Xavier Mertens | Infostealer in a Batch File |
| 2021-12-21/a> | Xavier Mertens | More Undetected PowerShell Dropper |
| 2021-12-01/a> | Xavier Mertens | Info-Stealer Using webhook.site to Exfiltrate Data |
| 2021-07-09/a> | Brad Duncan | Hancitor tries XLL as initial malware file |
| 2021-06-30/a> | Brad Duncan | June 2021 Forensic Contest: Answers and Analysis |
| 2021-04-06/a> | Jan Kopriva | Malspam with Lokibot vs. Outlook and RFCs |
| 2021-03-31/a> | Xavier Mertens | Quick Analysis of a Modular InfoStealer |
| 2019-11-27/a> | Brad Duncan | Finding an Agent Tesla malware sample |
| 2019-10-09/a> | Brad Duncan | What data does Vidar malware steal from an infected host? |
| 2019-01-24/a> | Brad Duncan | Malspam with Word docs uses macro to run Powershell script and steal system data |
| 2017-03-08/a> | Xavier Mertens | Not All Malware Samples Are Complex |
