| 2023-07-26 | Xavier Mertens | Suspicious IP Addresses Avoided by Malware Samples |
| 2022-07-17 | Didier Stevens | Python: Files In Use By Another Process |
| 2022-01-04 | Xavier Mertens | A Simple Batch File That Blocks People |
| 2021-05-21 | Xavier Mertens | Locking Kernel32.dll As Anti-Debugging Technique |
| 2020-08-18 | Rick Wanner | ISC Blocked |
| 2020-07-23 | Xavier Mertens | Simple Blocklisting with MISP & pfSense |
| 2020-04-16 | Johannes Ullrich | Using AppLocker to Prevent Living off the Land Attacks |
| 2019-09-19 | Xavier Mertens | Blocklisting or Whitelisting in the Right Way |
| 2018-12-26 | Didier Stevens | Bitcoin "Blocklists" |
| 2018-11-13 | Johannes Ullrich | November 2018 Microsoft Patch Tuesday |
| 2018-11-12 | Rick Wanner | Using the Neutrino ip-blocklist API to test general badness of an IP |
| 2018-06-19 | Xavier Mertens | PowerShell: ScriptBlock Logging... Or Not? |
| 2018-05-30 | Bojan Zdrnja | The end of the lock icon |
| 2018-05-24 | Xavier Mertens | "Blocked" Does Not Mean "Forget It" |
| 2018-02-25 | Guy Bruneau | Blackhole Advertising Sites with Pi-hole |
| 2017-09-20 | Renato Marinho | Ongoing Ykcol (Locky) campaign |
| 2017-09-01 | Brad Duncan | Malspam pushing Locky ransomware tries HoeflerText notifications for Chrome and FireFox |
| 2017-06-02 | Xavier Mertens | Phishing Campaigns Follow Trends |
| 2017-04-05 | Xavier Mertens | Whitelists: The Holy Grail of Attackers |
| 2016-03-06 | Jim Clausing | Novel method for slowing down Locky on Samba server using fail2ban |
| 2016-02-20 | Didier Stevens | Locky: JavaScript Deobfuscation |
| 2016-01-09 | Xavier Mertens | Virtual Bitlocker Containers |
| 2015-04-30 | Brad Duncan | Dalexis/CTB-Locker malspam campaign |
| 2015-02-23 | Richard Porter | Subscribing to the DShield Top 20 on a Palo Alto Networks Firewall |
| 2014-08-15 | Tom Webb | AppLocker Event Logs with OSSEC 2.8 |
| 2014-08-05 | Johannes Ullrich | Synolocker: Why OFFLINE Backups are important |
| 2014-06-02 | John Bambenek | Gameover Zeus and Cryptolocker Takedowns |
| 2014-05-30 | Johannes Ullrich | Fake Australian Electric Bill Leads to Cryptolocker |
| 2014-02-18 | Johannes Ullrich | More Details About "TheMoon" Linksys Worm |
| 2014-01-04 | Tom Webb | Monitoring Windows Networks Using Syslog (Part One) |
| 2013-11-02 | Rick Wanner | Protecting Your Family's Computers |
| 2013-10-22 | John Bambenek | Cryptolocker Update, Request for Info |
| 2013-10-16 | Adrien de Beaupre | Access denied and blockliss |
| 2013-09-03 | Rob VandenBrink | Is "Reputation Backscatter" a Thing? |
| 2013-04-30 | Russ McRee | Apache binary backdoor adds malicious redirect to Blackhole |
| 2013-04-23 | Russ McRee | Microsoft's Security Intelligence Report (SIRv14) released |
| 2013-03-07 | Guy Bruneau | Apple Blocking Java Web plug-in |
| 2012-09-01 | Russ McRee | Blackhole targeting Java vulnerability via fake Microsoft Services Agreement email phish |
| 2012-06-26 | Daniel Wesemann | Run, Forest! (Update) |
| 2012-04-25 | Daniel Wesemann | Blacole's obfuscated JavaScript |
| 2012-04-25 | Daniel Wesemann | Blacole's shell code |
| 2011-12-06 | Pedro Bueno | The RedRet connection... |
| 2011-11-22 | Pedro Bueno | Updates on ZeroAccess and BlackHole front... |
| 2011-11-03 | Richard Porter | An Apple, Inc. Sandbox to play in. |
| 2011-05-30 | Johannes Ullrich | Lockheed Martin and RSA Tokens |
| 2009-01-12 | William Salusky | Downadup / Conficker - MS08-067 exploit and Windows domain account lockout |
| 2008-05-28 | Johannes Ullrich | Reminder: Proper use of DShield data |
| 2006-12-18 | Toby Kohlenberg | ORDB Shutting down |
