PE ANALYSIS |
| 2014-07-05 | Guy Bruneau | Malware Analysis with pedump |
PE |
| 2025-04-02/a> | Johannes Ullrich | Surge in Scans for Juniper "t128" Default User |
| 2025-02-12/a> | Yee Ching Tok | An ontology for threats, cybercrime and digital forensic investigation on Smart City Infrastructure |
| 2024-10-24/a> | Johannes Ullrich | Development Features Enabled in Prodcution |
| 2024-10-09/a> | Xavier Mertens | From Perfctl to InfoStealer |
| 2024-09-16/a> | Xavier Mertens | Managing PE Files With Overlays |
| 2024-08-22/a> | Johannes Ullrich | OpenAI Scans for Honeypots. Artificially Malicious? Action Abuse? |
| 2024-08-14/a> | Xavier Mertens | Multiple Malware Dropped Through MSI Package |
| 2024-06-20/a> | Guy Bruneau | No Excuses, Free Tools to Help Secure Authentication in Ubuntu Linux [Guest Diary] |
| 2024-02-29/a> | Jesse La Grew | [Guest Diary] Dissecting DarkGate: Modular Malware Delivery and Persistence as a Service. |
| 2023-11-16/a> | Johannes Ullrich | Beyond -n: Optimizing tcpdump performance |
| 2023-06-27/a> | Xavier Mertens | The Importance of Malware Triage |
| 2023-06-24/a> | Guy Bruneau | Email Spam with Attachment Modiloader |
| 2023-06-19/a> | Xavier Mertens | Malware Delivered Through .inf File |
| 2023-05-26/a> | Xavier Mertens | Using DFIR Techniques To Recover From Infrastructure Outages |
| 2023-05-16/a> | Jesse La Grew | Signals Defense With Faraday Bags & Flipper Zero |
| 2023-05-14/a> | Guy Bruneau | VMware Aria Operations addresses multiple Local Privilege Escalations and a Deserialization issue |
| 2023-02-25/a> | Didier Stevens | Crypto Inside a Browser |
| 2022-11-02/a> | Rob VandenBrink | Breakpoints in Burp |
| 2022-10-17/a> | Xavier Mertens | Fileless Powershell Dropper |
| 2022-09-22/a> | Xavier Mertens | RAT Delivered Through FODHelper |
| 2022-09-03/a> | Didier Stevens | Video: James Webb JPEG With Malware |
| 2022-09-02/a> | Didier Stevens | James Webb JPEG With Malware |
| 2022-08-22/a> | Xavier Mertens | 32 or 64 bits Malware? |
| 2022-07-05/a> | Jan Kopriva | EternalBlue 5 years after WannaCry and NotPetya |
| 2022-06-20/a> | Johannes Ullrich | Odd TCP Fast Open Packets. Anybody understands why? |
| 2022-05-29/a> | Didier Stevens | Extracting The Overlay Of A PE File |
| 2022-05-28/a> | Didier Stevens | Huge Signed PE File: Keeping The Signature |
| 2022-05-26/a> | Didier Stevens | Huge Signed PE File |
| 2022-04-11/a> | Johannes Ullrich | Spring: It isn't just about Spring4Shell. Spring Cloud Function Vulnerabilities are being probed too. |
| 2022-03-30/a> | Johannes Ullrich | Java Springtime Confusion: What Vulnerability are We Talking About |
| 2022-03-18/a> | Johannes Ullrich | Scans for Movable Type Vulnerability (CVE-2021-20837) |
| 2022-03-04/a> | Johannes Ullrich | Scam E-Mail Impersonating Red Cross |
| 2022-03-03/a> | Johannes Ullrich | Attackers Search For Exposed "LuCI" Folders: Help me understand this attack |
| 2022-02-11/a> | Xavier Mertens | CinaRAT Delivered Through HTML ID Attributes |
| 2022-01-31/a> | Xavier Mertens | Be careful with RPMSG files |
| 2021-12-31/a> | Jan Kopriva | Do you want your Agent Tesla in the 300 MB or 8 kB package? |
| 2021-12-21/a> | Xavier Mertens | More Undetected PowerShell Dropper |
| 2021-10-30/a> | Guy Bruneau | Remote Desktop Protocol (RDP) Discovery |
| 2021-08-04/a> | Yee Ching Tok | Pivoting and Hunting for Shenanigans from a Reported Phishing Domain |
| 2021-07-24/a> | Bojan Zdrnja | Active Directory Certificate Services (ADCS - PKI) domain admin vulnerability |
| 2021-07-20/a> | Bojan Zdrnja | Summer of SAM - incorrect permissions on Windows 10/11 hives |
| 2021-06-18/a> | Daniel Wesemann | Open redirects ... and why Phishers love them |
| 2021-05-29/a> | Guy Bruneau | Spear-phishing Email Targeting Outlook Mail Clients |
| 2021-05-14/a> | Xavier Mertens | "Open" Access to Industrial Systems Interface is Also Far From Zero |
| 2021-04-22/a> | Xavier Mertens | How Safe Are Your Docker Images? |
| 2021-03-16/a> | Jan Kopriva | 50 years of malware? Not really. 50 years of computer worms? That's a different story... |
| 2021-03-04/a> | Xavier Mertens | From VBS, PowerShell, C Sharp, Process Hollowing to RAT |
| 2021-01-11/a> | Rob VandenBrink | Using the NVD Database and API to Keep Up with Vulnerabilities and Patches - Tool Drop: CVEScan (Part 3 of 3) |
| 2021-01-07/a> | Rob VandenBrink | Using the NIST Database and API to Keep Up with Vulnerabilities and Patches (Part 1 of 3) |
| 2020-12-29/a> | Jan Kopriva | Want to know what's in a folder you don't have a permission to access? Try asking your AV solution... |
| 2020-11-19/a> | Xavier Mertens | PowerShell Dropper Delivering Formbook |
| 2020-08-25/a> | Xavier Mertens | Keep An Eye on LOLBins |
| 2020-08-10/a> | Bojan Zdrnja | Scoping web application and web service penetration tests |
| 2020-06-30/a> | Russ McRee | ISC Snapshot: SpectX IP Hitcount Query |
| 2020-06-11/a> | Xavier Mertens | Anti-Debugging JavaScript Techniques |
| 2020-05-15/a> | Rob VandenBrink | SHA3 Hashes (on Windows) - Where Art Thou? |
| 2020-04-21/a> | Russ McRee | SpectX: Log Parser for DFIR |
| 2020-03-26/a> | Xavier Mertens | Very Large Sample as Evasion Technique? |
| 2020-03-15/a> | Guy Bruneau | VPN Access and Activity Monitoring |
| 2019-12-04/a> | Jan Kopriva | Analysis of a strangely poetic malware |
| 2019-11-29/a> | Russ McRee | ISC Snapshot: Search with SauronEye |
| 2019-10-22/a> | Bojan Zdrnja | Testing TLSv1.3 and supported ciphers |
| 2019-08-28/a> | Johannes Ullrich | [Guest Diary] Open Redirect: A Small But Very Common Vulnerability |
| 2019-08-22/a> | Xavier Mertens | Simple Mimikatz & RDPWrapper Dropper |
| 2019-08-21/a> | Russ McRee | KAPE: Kroll Artifact Parser and Extractor |
| 2019-08-15/a> | Didier Stevens | Analysis of a Spearphishing Maldoc |
| 2019-07-24/a> | Xavier Mertens | May People Be Considered as IOC? |
| 2019-05-16/a> | Xavier Mertens | The Risk of Authenticated Vulnerability Scans |
| 2019-04-26/a> | Rob VandenBrink | Pillaging Passwords from Service Accounts |
| 2019-04-01/a> | Didier Stevens | Analysis of PDFs Created with OpenOffice/LibreOffice |
| 2019-03-15/a> | Remco Verhoef | Binary Analysis with Jupyter and Radare2 |
| 2019-02-17/a> | Didier Stevens | Video: Finding Property Values in Office Documents |
| 2019-02-16/a> | Didier Stevens | Finding Property Values in Office Documents |
| 2019-01-05/a> | Didier Stevens | A Malicious JPEG? Second Example |
| 2019-01-04/a> | Didier Stevens | A Malicious JPEG? |
| 2018-11-27/a> | Xavier Mertens | More obfuscated shell scripts: Fake MacOS Flash update |
| 2018-11-26/a> | Russ McRee | ViperMonkey: VBA maldoc deobfuscation |
| 2018-11-04/a> | Pasquale Stirparo | Beyond good ol' LaunchAgent - part 1 |
| 2018-10-26/a> | Xavier Mertens | Dissecting Malicious Office Documents with Linux |
| 2018-10-21/a> | Pasquale Stirparo | Beyond good ol’ LaunchAgent - part 0 |
| 2018-10-08/a> | Guy Bruneau | Latest Release of rockNSM 2.1 |
| 2018-08-20/a> | Didier Stevens | OpenSSH user enumeration (CVE-2018-15473) |
| 2018-07-11/a> | Remco Verhoef | Well, Hello Again Peppa! |
| 2018-06-07/a> | Remco Verhoef | Automated twitter loot collection |
| 2018-05-24/a> | Xavier Mertens | "Blocked" Does Not Mean "Forget It" |
| 2018-05-07/a> | Xavier Mertens | Adding Persistence Via Scheduled Tasks |
| 2018-04-28/a> | Rick Wanner | Microsoft Security Update for Spectre V2 |
| 2018-01-28/a> | Didier Stevens | Is this a pentest? |
| 2018-01-10/a> | Russ McRee | GitHub InfoSec Threepeat: HELK, ptf, and VulnWhisperer |
| 2018-01-08/a> | Bojan Zdrnja | Meltdown and Spectre: clearing up the confusion |
| 2017-11-25/a> | Guy Bruneau | Benefits associated with the use of Open Source Software |
| 2017-11-07/a> | Xavier Mertens | Interesting VBA Dropper |
| 2017-10-30/a> | Didier Stevens | PE files and debug info |
| 2017-10-08/a> | Didier Stevens | A strange JPEG file |
| 2017-09-10/a> | Didier Stevens | Analyzing JPEG files |
| 2017-09-06/a> | Adrien de Beaupre | Modern Web Application Penetration Testing , Hash Length Extension Attacks |
| 2017-08-10/a> | Didier Stevens | Maldoc Analysis with ViperMonkey |
| 2017-07-02/a> | Didier Stevens | PE Section Name Descriptions |
| 2017-06-28/a> | Brad Duncan | Petya? I hardly know ya! - an ISC update on the 2017-06-27 ransomware outbreak |
| 2017-05-18/a> | Xavier Mertens | My Little CVE Bot |
| 2017-05-05/a> | Xavier Mertens | HTTP Headers... the Achilles' heel of many applications |
| 2017-04-02/a> | Guy Bruneau | IPFire - A Household Multipurpose Security Gateway |
| 2016-11-25/a> | Xavier Mertens | Free Software Quick Security Checklist |
| 2016-11-02/a> | Rob VandenBrink | What Does a Pentest Look Like? |
| 2016-09-28/a> | Xavier Mertens | SNMP Pwn3ge |
| 2016-09-04/a> | Russ McRee | Kali Linux 2016.2 Release: https://www.kali.org/news/kali-linux-20162-release/ |
| 2016-07-28/a> | Bojan Zdrnja | Verifying SSL/TLS certificates manually |
| 2016-07-27/a> | Xavier Mertens | Critical Xen PV guests vulnerabilities |
| 2016-06-15/a> | Richard Porter | Warp Speed Ahead, L7 Open Source Packet Generator: Warp17 |
| 2016-05-21/a> | Didier Stevens | Python Malware - Part 2 |
| 2016-05-03/a> | Rick Wanner | OpenSSL Updates |
| 2016-04-25/a> | Guy Bruneau | Highlights from the 2016 HPE Annual Cyber Threat Report |
| 2016-02-27/a> | Guy Bruneau | OpenSSL Security Update Planned for 1 March Release |
| 2016-02-22/a> | Xavier Mertens | Reducing False Positives with Open Data Sources |
| 2016-02-18/a> | Xavier Mertens | Hunting for Executable Code in Windows Environments |
| 2016-02-03/a> | Xavier Mertens | Automating Vulnerability Scans |
| 2016-01-31/a> | Guy Bruneau | OpenSSL 1.0.2 Advisory and Update |
| 2016-01-30/a> | Xavier Mertens | All CVE Details at Your Fingertips |
| 2016-01-20/a> | Xavier Mertens | /tmp, %TEMP%, ~/Desktop, T:\, ... A goldmine for pentesters! |
| 2015-12-23/a> | Rob VandenBrink | Libraries and Dependencies - It Really is Turtles All The Way Down! |
| 2015-12-22/a> | Rick Wanner | The other Juniper vulnerability - CVE-2015-7756 |
| 2015-11-22/a> | Guy Bruneau | OpenDNS Research Used to Predict Threat |
| 2015-11-09/a> | John Bambenek | ICYMI: Widespread Unserialize Vulnerability in Java |
| 2015-10-27/a> | Xavier Mertens | The "Yes, but..." syndrome |
| 2015-03-17/a> | Didier Stevens | From PEiD To YARA |
| 2015-02-17/a> | Rob VandenBrink | A Different Kind of Equation |
| 2014-08-23/a> | Guy Bruneau | NSS Labs Cyber Resilience Report |
| 2014-08-12/a> | Adrien de Beaupre | Host discovery with nmap |
| 2014-08-09/a> | Adrien de Beaupre | Complete application ownage via Multi-POST XSRF |
| 2014-08-06/a> | Chris Mohan | OpenSSL Security Advisories http://www.openssl.org/news/secadv_20140806.txt |
| 2014-08-04/a> | Russ McRee | Threats & Indicators: A Security Intelligence Lifecycle |
| 2014-07-05/a> | Guy Bruneau | Malware Analysis with pedump |
| 2014-06-12/a> | Johannes Ullrich | Metasploit now includes module to exploit CVE-2014-0195 (OpenSSL DTLS Fragment Vuln.) |
| 2014-06-05/a> | Johannes Ullrich | Critical OpenSSL Patch Available. Patch Now! |
| 2014-06-05/a> | Johannes Ullrich | Internet Storm Center Briefing on OpenSSL Vulnerabilities today at 12pm ET (8am PT/4pm UTC) https://www.sans.org/webcasts/98445 |
| 2014-06-05/a> | Johannes Ullrich | More Details Regarding CVE-2014-0195 (DTLS arbitrary code execution) |
| 2014-06-05/a> | Johannes Ullrich | Updated OpenSSL Patch Presentation |
| 2014-04-26/a> | Guy Bruneau | New Project by Linux Foundation - Core Infrastructure Initiative |
| 2014-04-21/a> | Daniel Wesemann | OpenSSL Rampage |
| 2014-04-21/a> | Daniel Wesemann | Finding the bleeders |
| 2014-04-15/a> | Richard Porter | VMWare Advisory VMSA-2014-0004 - Updates on OpenSSL HeartBleed http://www.vmware.com/security/advisories/VMSA-2014-0004.html |
| 2014-04-14/a> | Kevin Shortt | INFOCon Green: Heartbleed - on the mend |
| 2014-04-11/a> | Johannes Ullrich | Tonight OpenSSL Webcast #4: Client Side Issues / What to tell your kids & managers about it https://www.sans.org/webcasts/side-heartbleed-client-vulnerabilities-98135 |
| 2014-04-08/a> | Guy Bruneau | OpenSSL CVE-2014-0160 Fixed |
| 2014-04-08/a> | Johannes Ullrich | * Patch Now: OpenSSL "Heartbleed" Vulnerability |
| 2014-04-01/a> | Basil Alawi S.Taher | Upgrading Your Android, Elevating My Malware |
| 2014-01-02/a> | John Bambenek | OpenSSL.org Defaced by Attackers Gaining Access to Hypervisor |
| 2014-01-01/a> | Russ McRee | Six degrees of celebration: Juniper, ANT, Shodan, Maltego, Cisco, and Tails |
| 2014-01-01/a> | Russ McRee | Happy New Year from the Syrian Electronic Army - Skype’s Social Media Accounts Hacked |
| 2013-12-29/a> | Russ McRee | OpenSSL suffers apparent defacement |
| 2013-12-21/a> | Guy Bruneau | Strange DNS Queries - Request for Packets |
| 2013-12-19/a> | Rob VandenBrink | Target US - Credit Card Data Breach |
| 2013-12-16/a> | Tom Webb | The case of Minerd |
| 2013-12-01/a> | Richard Porter | BPF, PCAP, Binary, hex, why they matter? |
| 2013-11-13/a> | Johannes Ullrich | Packet Challenge for the Hivemind: What's happening with this Ethernet header? |
| 2013-10-26/a> | Guy Bruneau | Active Perl/Shellbot Trojan |
| 2013-10-25/a> | Rob VandenBrink | Kaspersky flags TCPIP.SYS as Malware |
| 2013-10-22/a> | Richard Porter | Greenbone and OpenVAS Scanner |
| 2013-09-05/a> | Rob VandenBrink | Building Your Own GPU Enabled Private Cloud |
| 2013-08-21/a> | Rob VandenBrink | Fibre Channel Reconnaissance - Reloaded |
| 2013-05-20/a> | Guy Bruneau | Safe - Tools, Tactics and Techniques |
| 2013-04-25/a> | Adam Swanger | Guest Diary: Dylan Johnson - A week in the life of some Perimeter Firewalls |
| 2013-03-18/a> | Kevin Shortt | Cisco IOS Type 4 Password Issue: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4 |
| 2013-03-13/a> | Johannes Ullrich | IPv6 Focus Month: Kaspersky Firewall IPv6 Vulnerability |
| 2013-02-25/a> | Johannes Ullrich | Trustwave Trustkeeper Phish |
| 2013-02-25/a> | Johannes Ullrich | Punkspider enumerates web application vulnerabilities |
| 2013-02-11/a> | John Bambenek | OpenSSL 1.0.1e Released with Corrected fix for CVE-2013-1069, more here: http://www.openssl.org/ |
| 2013-02-04/a> | Adam Swanger | SAN Securing The Human Monthly Awareness Video - Advanced Persistent Threat (APT) http://www.securingthehuman.org/resources/ncsam |
| 2013-01-15/a> | Rob VandenBrink | When Disabling IE6 (or Java, or whatever) is not an Option... |
| 2012-12-06/a> | Johannes Ullrich | How to identify if you are behind a "Transparent Proxy" |
| 2012-12-04/a> | Johannes Ullrich | Where do your backup tapes go to die? |
| 2012-11-14/a> | Jim Clausing | Skype account hijack vulnerability fixed |
| 2012-09-19/a> | Russ McRee | Script kiddie scavenging with Shellbot.S |
| 2012-08-17/a> | Guy Bruneau | Suspicious eFax Spear Phishing Messages |
| 2012-08-02/a> | Guy Bruneau | Opera Security Update |
| 2012-07-21/a> | Rick Wanner | OpenDNS is looking for a few good malware people! |
| 2012-05-06/a> | Jim Clausing | Tool updates and Win 8 |
| 2012-05-01/a> | Rob VandenBrink | Are Open SSIDs in decline? |
| 2012-04-24/a> | Russ McRee | OpenSSL reissues fix for ASN1 BIO vulnerability |
| 2012-04-19/a> | Kevin Shortt | OpenSSL Security Advisory - CVE-2012-2110 |
| 2012-03-27/a> | Guy Bruneau | Opera 11.62 for Windows patch several bugs and vulnerabilities - http://www.opera.com/docs/changelogs/windows/1162/ |
| 2012-03-12/a> | Guy Bruneau | OpenSSL Security Update |
| 2012-01-13/a> | Guy Bruneau | Strange DNS Queries - Request Packets/Logs |
| 2012-01-07/a> | Scott Fendley | Updated OpenDLP |
| 2011-11-07/a> | Rob VandenBrink | Stuff I Learned Scripting - Evaluating a Remote SSL Certificate |
| 2011-11-07/a> | Rob VandenBrink | Juniper BGP issues causing locallized Internet Problems |
| 2011-11-04/a> | Guy Bruneau | Duqu Mitigation |
| 2011-10-26/a> | Rick Wanner | Critical Control 17:Penetration Tests and Red Team Exercises |
| 2011-08-26/a> | Daniel Wesemann | User Agent 007 |
| 2011-07-19/a> | Richard Porter | SMS Phishing at the SANSFire 2011 Handler Dinner |
| 2011-06-28/a> | Johannes Ullrich | Update: Opera 11.50 is now available http://www.opera.com/ |
| 2011-06-04/a> | Rick Wanner | Do you have a personal disaster recovery plan? |
| 2011-05-31/a> | Johannes Ullrich | Skype EasyBits Add-on |
| 2011-05-09/a> | Rick Wanner | Serious flaw in OpenID |
| 2011-05-09/a> | Rick Wanner | VUPEN Security pwns Google Chrome |
| 2011-05-06/a> | Richard Porter | Unpatched Exploit: Skype for MAC |
| 2011-04-18/a> | John Bambenek | Wordpress.com Security Breach |
| 2011-03-16/a> | Johannes Ullrich | Analyzing HTTP Packet Captures |
| 2011-02-21/a> | Adrien de Beaupre | Kaspersky update servers unreachable |
| 2011-02-19/a> | Guy Bruneau | Snort Data Acquisition Library |
| 2011-02-05/a> | Guy Bruneau | OpenSSH Legacy Certificate Information Disclosure Vulnerability |
| 2011-01-28/a> | Guy Bruneau | OpenOffice Security Fixes |
| 2011-01-27/a> | Chris Carboni | Opera Updates |
| 2011-01-12/a> | Richard Porter | How Many Loyalty Cards do you Carry? |
| 2010-12-30/a> | Rick Wanner | Obvious Lessons from the Skype outage |
| 2010-12-15/a> | Johannes Ullrich | OpenBSD IPSec "Backdoor" |
| 2010-11-19/a> | Jason Lam | Exchanging and sharing of assessment results |
| 2010-11-16/a> | Guy Bruneau | OpenSSL TLS Extension Parsing Race Condition |
| 2010-11-08/a> | Manuel Humberto Santander Pelaez | Network Security Perimeter: How to choose the correct firewall and IPS for your environment? |
| 2010-10-22/a> | Manuel Humberto Santander Pelaez | Intypedia project |
| 2010-10-12/a> | Adrien de Beaupre | New version of Opera- Opera 10.63 is a recommended upgrade offering security and stability enhancements: http://www.opera.com/browser/download/ |
| 2010-09-16/a> | Johannes Ullrich | OpenX Ad-Server Vulnerability |
| 2010-09-09/a> | Jim Clausing | Opera 10.62 - security (the DLL path issue) and stability upate see http://www.opera.com/docs/changelogs/windows/1062/ |
| 2010-08-23/a> | Manuel Humberto Santander Pelaez | Firefox plugins to perform penetration testing activities |
| 2010-08-19/a> | Daniel Wesemann | Casper the unfriendly ghost |
| 2010-08-16/a> | Raul Siles | Blind Elephant: A New Web Application Fingerprinting Tool |
| 2010-08-15/a> | Manuel Humberto Santander Pelaez | Opensolaris project cancelled, replaced by Solaris 11 express |
| 2010-08-05/a> | Manuel Humberto Santander Pelaez | Adobe Acrobat Font Parsing Integer Overflow Vulnerability |
| 2010-07-24/a> | Manuel Humberto Santander Pelaez | Types of diary: One liners vs full diary |
| 2010-06-23/a> | Scott Fendley | Opera Browser Update |
| 2010-06-06/a> | Manuel Humberto Santander Pelaez | Nice OS X exploit tutorial |
| 2010-06-05/a> | Guy Bruneau | OpenOffice.org 3.2.1 Fixes Bugs and Vulnerabilities |
| 2010-06-02/a> | Mark Hofman | OpenSSL version 1.0.0a released. This fixes a number of security issues. Don't forget a number of commercial appliances will be using this, so look for vendor updates soon. |
| 2010-05-22/a> | Rick Wanner | SANS 2010 Digital Forensics Summit - APT Based Forensic Challenge |
| 2010-04-25/a> | Raul Siles | Manual Verification of SSL/TLS Certificate Trust Chains using Openssl |
| 2010-04-13/a> | Adrien de Beaupre | Web App Testing Tools |
| 2010-03-29/a> | Adrien de Beaupre | OpenSSL V 1.0.0 released! |
| 2010-03-24/a> | Kyle Haugsness | Wikipedia outage |
| 2010-03-22/a> | Guy Bruneau | New Opera 10.51 available with security fixes. More information available at: http://www.opera.com/docs/changelogs/windows/1051/ |
| 2010-03-11/a> | donald smith | Cert write up on Skype IMBot Logic and Functionality. |
| 2010-03-05/a> | Kyle Haugsness | Unpatched Opera 10.50 and below code execution vulnerability |
| 2010-02-26/a> | Rick Wanner | OpenSSL 0.9.8m released. |
| 2010-02-22/a> | Rob VandenBrink | Multiple Security Updates for OpenOffice ==> http://www.openoffice.org/security/bulletin.html |
| 2010-02-22/a> | Rob VandenBrink | New Risks in Penetration Testing |
| 2010-02-01/a> | Rob VandenBrink | NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care? |
| 2010-01-27/a> | Raul Siles | European Union Security Challenge (Campus Party 2010) |
| 2010-01-19/a> | Jim Clausing | Apple Security Update 2010-001 |
| 2009-11-17/a> | Guy Bruneau | OpenVPN Fixed OpenSSL Session Renegotiation Issue |
| 2009-11-06/a> | Andre Ludwig | New version of OpenSSL released - OpenSSL 0.9.8l |
| 2009-10-26/a> | Johannes Ullrich | Today: ISC Login bugfix day. If you have issues logging in using OpenID, please email a copy of your OpenID URL to jullrich\at\sans.edu |
| 2009-10-02/a> | Stephen Hall | New version of OpenSSH released |
| 2009-09-01/a> | Guy Bruneau | Opera 10 with Security Fixes |
| 2009-07-27/a> | Raul Siles | New Hacker Challenge: Prison Break - Breaking, Entering & Decoding |
| 2009-07-09/a> | Bojan Zdrnja | OpenSSH 0day FUD |
| 2009-07-07/a> | Marcus Sachs | OpenSSH Rumors |
| 2009-07-03/a> | Adrien de Beaupre | Happy 4th of July! |
| 2009-05-31/a> | Tony Carothers | L0phtcrack is Back! |
| 2009-05-25/a> | Jim Clausing | More tools for (US) Memorial Day |
| 2009-05-01/a> | Adrien de Beaupre | OpenBSD 4.5 |
| 2009-04-26/a> | Johannes Ullrich | Odd DNS Resolution for Google via OpenDNS |
| 2009-04-21/a> | Bojan Zdrnja | Web application vulnerabilities |
| 2009-04-07/a> | Johannes Ullrich | Common Apache Misconception |
| 2009-03-03/a> | Kyle Haugsness | Opera browser security updates |
| 2009-03-01/a> | Jim Clausing | Cool combination of tools |
| 2009-01-08/a> | Kyle Haugsness | BIND OpenSSL follow-up |
| 2008-12-17/a> | donald smith | Opera 9.6.3 released with security fixes |
| 2008-11-05/a> | donald smith | If you missed President Elect Obamas speech have some malware instead |
| 2008-10-31/a> | Rick Wanner | Sprint-Cogent Peering Issue |
| 2008-10-30/a> | Kevin Liston | Opera 9.62 available - security update |
| 2008-10-22/a> | Mari Nichols | Opera 9.6.1 Released |
| 2008-10-07/a> | Kyle Haugsness | Cogent peering problems |
| 2008-09-20/a> | Rick Wanner | New (to me) nmap Features |
| 2008-08-20/a> | Adrien de Beaupre | From the mailbag, Opera 9.52... |
| 2008-07-11/a> | Jim Clausing | Handling the load |
| 2008-07-03/a> | Bojan Zdrnja | New Opera v9.51 fixes couple of security issues |
| 2008-07-02/a> | Jim Clausing | Another little script I threw together |
| 2008-06-16/a> | Kevin Liston | Opera 9.5 is Available |
| 2008-06-10/a> | Swa Frantzen | Ransomware keybreaking |
| 2008-06-09/a> | Scott Fendley | So Where Are Those OpenSSH Key-based Attacks? |
| 2008-05-16/a> | Daniel Wesemann | INFOcon back to green |
| 2008-05-15/a> | Bojan Zdrnja | Debian and Ubuntu users: fix your keys/certificates NOW |
| 2008-05-15/a> | Bojan Zdrnja | INFOCon yellow: update your Debian generated keys/certs ASAP |
| 2008-05-13/a> | Swa Frantzen | OpenSSH: Predictable PRNG in debian and ubuntu Linux |
| 2008-04-23/a> | Mari Nichols | What's New, Old and Morphing? |
| 2008-04-14/a> | John Bambenek | A Federal Subpoena or Just Some More Spam & Malware? |
| 2008-04-03/a> | Bojan Zdrnja | Opera fixes vulnerabilities and Microsoft announces April's fixes |
| 2006-12-18/a> | Toby Kohlenberg | Skype worm |
| 2006-11-29/a> | Toby Kohlenberg | New Vulnerability Announcement and patches from Apple |
| 2006-09-13/a> | Swa Frantzen | PHP - shared hosters, take note. |
ANALYSIS |
| 2025-04-02/a> | Guy Bruneau | Exploring Statistical Measures to Predict URLs as Legitimate or Intrusive [Guest Diary] |
| 2025-03-06/a> | Guy Bruneau | DShield Traffic Analysis using ELK |
| 2025-01-09/a> | Guy Bruneau | Examining Redtail Analyzing a Sophisticated Cryptomining Malware and its Advanced Tactics [Guest Diary] |
| 2024-12-17/a> | Guy Bruneau | Command Injection Exploit For PHPUnit before 4.8.28 and 5.x before 5.6.3 [Guest Diary] |
| 2024-12-11/a> | Guy Bruneau | Vulnerability Symbiosis: vSphere?s CVE-2024-38812 and CVE-2024-38813 [Guest Diary] |
| 2024-10-17/a> | Guy Bruneau | Scanning Activity from Subnet 15.184.0.0/16 |
| 2024-09-25/a> | Guy Bruneau | OSINT - Image Analysis or More Where, When, and Metadata [Guest Diary] |
| 2024-09-18/a> | Guy Bruneau | Time-to-Live Analysis of DShield Data with Vega-Lite |
| 2024-09-11/a> | Guy Bruneau | Hygiene, Hygiene, Hygiene! [Guest Diary] |
| 2024-08-27/a> | Guy Bruneau | Vega-Lite with Kibana to Parse and Display IP Activity over Time |
| 2024-08-16/a> | Jesse La Grew | [Guest Diary] 7 minutes and 4 steps to a quick win: A write-up on custom tools |
| 2024-06-13/a> | Guy Bruneau | The Art of JQ and Command-line Fu [Guest Diary] |
| 2024-05-28/a> | Guy Bruneau | Is that It? Finding the Unknown: Correlations Between Honeypot Logs & PCAPs [Guest Diary] |
| 2024-04-29/a> | Guy Bruneau | Linux Trojan - Xorddos with Filename eyshcjdmzg |
| 2024-03-29/a> | Xavier Mertens | Quick Forensics Analysis of Apache logs |
| 2024-02-25/a> | Guy Bruneau | Utilizing the VirusTotal API to Query Files Uploaded to DShield Honeypot [Guest Diary] |
| 2024-02-03/a> | Guy Bruneau | DShield Sensor Log Collection with Elasticsearch |
| 2023-11-17/a> | Jan Kopriva | Phishing page with trivial anti-analysis features |
| 2023-02-04/a> | Guy Bruneau | Assemblyline as a Malware Analysis Sandbox |
| 2023-01-21/a> | Guy Bruneau | DShield Sensor JSON Log to Elasticsearch |
| 2023-01-08/a> | Guy Bruneau | DShield Sensor JSON Log Analysis |
| 2022-07-29/a> | Johannes Ullrich | PDF Analysis Intro and OpenActions Entries |
| 2022-07-18/a> | Didier Stevens | Adding Your Own Keywords To My PDF Tools |
| 2022-06-01/a> | Jan Kopriva | HTML phishing attachments - now with anti-analysis features |
| 2021-04-10/a> | Guy Bruneau | Building an IDS Sensor with Suricata & Zeek with Logs to ELK |
| 2021-04-06/a> | Jan Kopriva | Malspam with Lokibot vs. Outlook and RFCs |
| 2021-01-30/a> | Guy Bruneau | PacketSifter as Network Parsing and Telemetry Tool |
| 2021-01-14/a> | Bojan Zdrnja | Dynamically analyzing a heavily obfuscated Excel 4 macro malicious file |
| 2020-12-03/a> | Brad Duncan | Traffic Analysis Quiz: Mr Natural |
| 2020-11-11/a> | Brad Duncan | Traffic Analysis Quiz: DESKTOP-FX23IK5 |
| 2020-10-01/a> | Daniel Wesemann | Making sense of Azure AD (AAD) activity logs |
| 2020-09-20/a> | Guy Bruneau | Analysis of a Salesforce Phishing Emails |
| 2020-06-01/a> | Jim Clausing | Stackstrings, type 2 |
| 2020-05-02/a> | Guy Bruneau | Phishing PDF with Unusual Hostname |
| 2020-01-25/a> | Guy Bruneau | Is Threat Hunting the new Fad? |
| 2020-01-12/a> | Guy Bruneau | ELK Dashboard and Logstash parser for tcp-honeypot Logs |
| 2019-12-29/a> | Guy Bruneau | ELK Dashboard for Pihole Logs |
| 2019-12-07/a> | Guy Bruneau | Integrating Pi-hole Logs in ELK with Logstash |
| 2019-11-23/a> | Guy Bruneau | Local Malware Analysis with Malice |
| 2019-10-18/a> | Xavier Mertens | Quick Malicious VBS Analysis |
| 2019-06-27/a> | Rob VandenBrink | Finding the Gold in a Pile of Pennies - Long Tail Analysis in PowerShell |
| 2019-06-14/a> | Jim Clausing | A few Ghidra tips for IDA users, part 4 - function call graphs |
| 2019-04-17/a> | Jim Clausing | A few Ghidra tips for IDA users, part 2 - strings and parameters |
| 2019-04-08/a> | Jim Clausing | A few Ghidra tips for IDA users, part 1 - the decompiler/unreachable code |
| 2019-04-03/a> | Jim Clausing | A few Ghidra tips for IDA users, part 0 - automatic comments for API call parameters |
| 2019-03-31/a> | Didier Stevens | Maldoc Analysis of the Weekend by a Reader |
| 2019-02-27/a> | Didier Stevens | Maldoc Analysis by a Reader |
| 2018-11-18/a> | Guy Bruneau | Multipurpose PCAP Analysis Tool |
| 2018-10-21/a> | Pasquale Stirparo | Beyond good ol’ LaunchAgent - part 0 |
| 2018-08-31/a> | Jim Clausing | Quickie: Using radare2 to disassemble shellcode |
| 2018-06-01/a> | Remco Verhoef | Binary analysis with Radare2 |
| 2017-09-29/a> | Lorna Hutcheson | Good Analysis = Understanding(tools + logs + normal) |
| 2017-07-09/a> | Russ McRee | Adversary hunting with SOF-ELK |
| 2017-04-28/a> | Russell Eubanks | KNOW before NO |
| 2017-01-28/a> | Lorna Hutcheson | Packet Analysis - Where do you start? |
| 2016-12-24/a> | Didier Stevens | Pinging All The Way |
| 2016-10-30/a> | Pasquale Stirparo | Volatility Bot: Automated Memory Analysis |
| 2016-10-17/a> | Didier Stevens | Maldoc VBA Anti-Analysis: Video |
| 2016-10-15/a> | Didier Stevens | Maldoc VBA Anti-Analysis |
| 2016-05-14/a> | Guy Bruneau | INetSim as a Basic Honeypot |
| 2016-04-21/a> | Daniel Wesemann | Decoding Pseudo-Darkleech (Part #2) |
| 2015-05-03/a> | Russ McRee | VolDiff, for memory image differential analysis |
| 2014-07-05/a> | Guy Bruneau | Malware Analysis with pedump |
| 2014-04-21/a> | Daniel Wesemann | Finding the bleeders |
| 2014-03-13/a> | Daniel Wesemann | Web server logs containing RS=^ ? |
| 2014-01-14/a> | Chris Mohan | Spamming and scanning botnets - is there something I can do to block them from my site? |
| 2013-10-28/a> | Daniel Wesemann | Exploit cocktail (Struts, Java, Windows) going after 3-month old vulnerabilities |
| 2013-06-18/a> | Russ McRee | Volatility rules...any questions? |
| 2013-05-11/a> | Lenny Zeltser | Extracting Digital Signatures from Signed Malware |
| 2013-03-09/a> | Guy Bruneau | IPv6 Focus Month: IPv6 Encapsulation - Protocol 41 |
| 2013-02-03/a> | Lorna Hutcheson | Is it Really an Attack? |
| 2013-01-08/a> | Jim Clausing | Cuckoo 0.5 is out and the world didn't end |
| 2012-12-02/a> | Guy Bruneau | Collecting Logs from Security Devices at Home |
| 2012-09-19/a> | Kevin Liston | Volatility: 2.2 is Coming Soon |
| 2012-09-14/a> | Lenny Zeltser | Analyzing Malicious RTF Files Using OfficeMalScanner's RTFScan |
| 2012-06-21/a> | Russ McRee | Analysis of drive-by attack sample set |
| 2012-06-04/a> | Lenny Zeltser | Decoding Common XOR Obfuscation in Malicious Code |
| 2012-05-23/a> | Mark Baggett | IP Fragmentation Attacks |
| 2012-03-03/a> | Jim Clausing | New automated sandbox for Android malware |
| 2012-02-07/a> | Jim Clausing | Book Review: Practical Packet Analysis, 2nd ed |
| 2011-05-20/a> | Guy Bruneau | Sysinternals Updates, Analyzing Stuxnet Infection with Sysinternals Tools Part 3 |
| 2011-04-14/a> | Adrien de Beaupre | Sysinternals updates, a new blog post, and webcast |
| 2011-02-01/a> | Lenny Zeltser | The Importance of HTTP Headers When Investigating Malicious Sites |
| 2010-08-09/a> | Jim Clausing | Free/inexpensive tools for monitoring systems/networks |
| 2010-07-21/a> | Adrien de Beaupre | autorun.inf and .lnk Malware (NOT 'Vulnerability in Windows Shell Could Allow Remote Code Execution' 2286198) |
| 2010-05-26/a> | Bojan Zdrnja | Malware modularization and AV detection evasion |
| 2010-04-11/a> | Marcus Sachs | Network and process forensics toolset |
| 2010-03-26/a> | Daniel Wesemann | Getting the EXE out of the RTF again |
| 2010-02-13/a> | Lorna Hutcheson | Network Traffic Analysis in Reverse |
| 2010-01-14/a> | Bojan Zdrnja | PDF Babushka |
| 2010-01-07/a> | Daniel Wesemann | Static analysis of malicious PDFs |
| 2010-01-07/a> | Daniel Wesemann | Static analysis of malicous PDFs (Part #2) |
| 2009-11-25/a> | Jim Clausing | Updates to my GREM Gold scripts and a new script |
| 2009-11-03/a> | Bojan Zdrnja | Opachki, from (and to) Russia with love |
| 2009-09-25/a> | Lenny Zeltser | Categories of Common Malware Traits |
| 2009-07-26/a> | Jim Clausing | New Volatility plugins |
| 2009-07-02/a> | Daniel Wesemann | Getting the EXE out of the RTF |
| 2009-04-15/a> | Marcus Sachs | 2009 Data Breach Investigation Report |
| 2009-03-13/a> | Bojan Zdrnja | When web application security, Microsoft and the AV vendors all fail |
| 2009-02-10/a> | Bojan Zdrnja | More tricks from Conficker and VM detection |
| 2009-02-09/a> | Bojan Zdrnja | Some tricks from Conficker's bag |
| 2009-01-18/a> | Daniel Wesemann | 3322. org |
| 2009-01-15/a> | Bojan Zdrnja | Conficker's autorun and social engineering |
| 2009-01-07/a> | Bojan Zdrnja | An Israeli patriot program or a trojan |
| 2009-01-02/a> | Rick Wanner | Tools on my Christmas list. |
| 2008-12-13/a> | Jim Clausing | Followup from last shift and some research to do. |
| 2008-11-17/a> | Marcus Sachs | New Tool: NetWitness Investigator |
| 2008-11-17/a> | Jim Clausing | Finding stealth injected DLLs |
| 2008-09-03/a> | Daniel Wesemann | Static analysis of Shellcode - Part 2 |
| 2008-07-07/a> | Pedro Bueno | Bad url classification |
| 2006-10-02/a> | Jim Clausing | Reader's tip of the day: ratios vs. raw counts |
| 2006-09-18/a> | Jim Clausing | Log analysis follow up |
| 2006-09-09/a> | Jim Clausing | Log Analysis tips? |
| 2006-09-09/a> | Jim Clausing | A few preliminary log analysis thoughts |
