Internet Storm Center
Sign In
Sign Up
Handler on Duty:
Didier Stevens
Threat Level:
green
Date
Author
Title
RUBY ON RAILS
2013-06-27
Tony Carothers
Ruby Update for SSL Vulnerability
2013-01-09
Rob VandenBrink
SQL Injection Flaw in Ruby on Rails
RUBY
2021-06-15/a>
Johannes Ullrich
Multi Perimeter Device Exploit Mirai Version Hunting For Sonicwall, DLink, Cisco and more
2013-06-27/a>
Tony Carothers
Ruby Update for SSL Vulnerability
2013-01-09/a>
Rob VandenBrink
SQL Injection Flaw in Ruby on Rails
ON
2024-11-19/a>
Xavier Mertens
Detecting the Presence of a Debugger in Linux
2024-11-07/a>
Xavier Mertens
Steam Account Checker Poisoned with Infostealer
2024-11-06/a>
Jesse La Grew
[Guest Diary] Insights from August Web Traffic Surge
2024-11-05/a>
Xavier Mertens
Python RAT with a Nice Screensharing Feature
2024-10-31/a>
Guy Bruneau
October 2024 Activity with Username chenzilong
2024-10-07/a>
Xavier Mertens
macOS Sequoia: System/Network Admins, Hold On!
2024-09-25/a>
Johannes Ullrich
DNS Reflection Update and Odd Corrupted DNS Requests
2024-09-18/a>
Xavier Mertens
Python Infostealer Patching Windows Exodus App
2024-09-17/a>
Xavier Mertens
23:59, Time to Exfiltrate!
2024-09-16/a>
Xavier Mertens
Managing PE Files With Overlays
2024-09-13/a>
Jesse La Grew
Finding Honeypot Data Clusters Using DBSCAN: Part 2
2024-09-11/a>
Xavier Mertens
Python Libraries Used for Malicious Purposes
2024-09-06/a>
Jesse La Grew
Enrichment Data: Keeping it Fresh
2024-08-30/a>
Jesse La Grew
Simulating Traffic With Scapy
2024-08-29/a>
Xavier Mertens
Live Patching DLLs with Python
2024-08-27/a>
Xavier Mertens
Why Is Python so Popular to Infect Windows Hosts?
2024-08-26/a>
Xavier Mertens
From Highly Obfuscated Batch File to XWorm and Redline
2024-08-23/a>
Jesse La Grew
Pandas Errors: What encoding are my logs in?
2024-08-19/a>
Xavier Mertens
Do you Like Donuts? Here is a Donut Shellcode Delivered Through PowerShell/Python
2024-08-16/a>
Jesse La Grew
[Guest Diary] 7 minutes and 4 steps to a quick win: A write-up on custom tools
2024-07-26/a>
Xavier Mertens
ExelaStealer Delivered "From Russia With Love"
2024-07-25/a>
Xavier Mertens
XWorm Hidden With Process Hollowing
2024-07-24/a>
Xavier Mertens
"Mouse Logger" Malicious Python Script
2024-07-10/a>
Jesse La Grew
Finding Honeypot Data Clusters Using DBSCAN: Part 1
2024-07-08/a>
Xavier Mertens
Kunai: Keep an Eye on your Linux Hosts Activity
2024-07-01/a>
Johannes Ullrich
SSH "regreSSHion" Remote Code Execution Vulnerability in OpenSSH.
2024-06-15/a>
Didier Stevens
Overview of My Tools That Handle JSON Data
2024-06-13/a>
Guy Bruneau
The Art of JQ and Command-line Fu [Guest Diary]
2024-06-06/a>
Xavier Mertens
Malicious Python Script with a "Best Before" Date
2024-05-31/a>
Xavier Mertens
"K1w1" InfoStealer Uses gofile.io for Exfiltration
2024-05-30/a>
Xavier Mertens
Feeding MISP with OSSEC
2024-04-29/a>
Johannes Ullrich
D-Link NAS Device Backdoor Abused
2024-04-25/a>
Jesse La Grew
Does it matter if iptables isn't running on my honeypot?
2024-04-22/a>
Jan Kopriva
It appears that the number of industrial devices accessible from the internet has risen by 30 thousand over the past three years
2024-04-17/a>
Xavier Mertens
Malicious PDF File Used As Delivery Mechanism
2024-04-17/a>
Rob VandenBrink
The CVE's They are A-Changing!
2024-03-28/a>
Xavier Mertens
From JavaScript to AsyncRAT
2024-03-13/a>
Xavier Mertens
Using ChatGPT to Deobfuscate Malicious Scripts
2024-03-10/a>
Guy Bruneau
What happens when you accidentally leak your AWS API keys? [Guest Diary]
2024-03-07/a>
Jesse La Grew
[Guest Diary] AWS Deployment Risks - Configuration and Credential File Targeting
2024-03-03/a>
Guy Bruneau
Capturing DShield Packets with a LAN Tap [Guest Diary]
2024-02-28/a>
Johannes Ullrich
Exploit Attempts for Unknown Password Reset Vulnerability
2024-02-25/a>
Guy Bruneau
Utilizing the VirusTotal API to Query Files Uploaded to DShield Honeypot [Guest Diary]
2024-02-20/a>
Xavier Mertens
Python InfoStealer With Dynamic Sandbox Detection
2024-02-18/a>
Guy Bruneau
Mirai-Mirai On The Wall... [Guest Diary]
2024-02-15/a>
Jesse La Grew
[Guest Diary] Learning by doing: Iterative adventures in troubleshooting
2024-02-09/a>
Xavier Mertens
MSIX With Heavily Obfuscated PowerShell Script
2024-02-08/a>
Xavier Mertens
A Python MP3 Player with Builtin Keylogger Capability
2024-02-03/a>
Guy Bruneau
DShield Sensor Log Collection with Elasticsearch
2024-01-30/a>
Johannes Ullrich
What did I say to make you stop talking to me?
2024-01-29/a>
Johannes Ullrich
Exploit Flare Up Against Older Altassian Confluence Vulnerability
2024-01-26/a>
Xavier Mertens
A Batch File With Multiple Payloads
2024-01-25/a>
Xavier Mertens
Facebook AdsManager Targeted by a Python Infostealer
2024-01-19/a>
Xavier Mertens
macOS Python Script Replacing Wallet Applications with Rogue Apps
2024-01-17/a>
Jesse La Grew
Number Usage in Passwords
2024-01-12/a>
Xavier Mertens
One File, Two Payloads
2024-01-08/a>
Jesse La Grew
What is that User Agent?
2024-01-02/a>
Johannes Ullrich
Fingerprinting SSH Identification Strings
2023-12-27/a>
Guy Bruneau
Unveiling the Mirai: Insights into Recent DShield Honeypot Activity [Guest Diary]
2023-12-23/a>
Xavier Mertens
Python Keylogger Using Mailtrap.io
2023-12-22/a>
Xavier Mertens
Shall We Play a Game?
2023-12-20/a>
Guy Bruneau
How to Protect your Webserver from Directory Enumeration Attack ? Apache2 [Guest Diary]
2023-12-16/a>
Xavier Mertens
An Example of RocketMQ Exploit Scanner
2023-12-13/a>
Guy Bruneau
T-shooting Terraform for DShield Honeypot in Azure [Guest Diary]
2023-12-10/a>
Guy Bruneau
Honeypots: From the Skeptical Beginner to the Tactical Enthusiast
2023-11-30/a>
John Bambenek
Prophetic Post by Intern on CVE-2023-1389 Foreshadows Mirai Botnet Expansion Today
2023-11-27/a>
Guy Bruneau
Decoding the Patterns: Analyzing DShield Honeypot Activity [Guest Diary]
2023-11-22/a>
Guy Bruneau
CVE-2023-1389: A New Means to Expand Botnets
2023-11-20/a>
Jesse La Grew
Overflowing Web Honeypot Logs
2023-11-09/a>
Xavier Mertens
Visual Examples of Code Injection
2023-10-31/a>
Xavier Mertens
Multiple Layers of Anti-Sandboxing Techniques
2023-10-29/a>
Guy Bruneau
Spam or Phishing? Looking for Credentials & Passwords
2023-10-15/a>
Guy Bruneau
Domain Name Used as Password Captured by DShield Sensor
2023-10-03/a>
Tom Webb
Are Local LLMs Useful in Incident Response?
2023-09-30/a>
Xavier Mertens
Simple Netcat Backdoor in Python Script
2023-09-26/a>
Johannes Ullrich
Apple Releases MacOS Sonoma Including Numerous Security Patches
2023-09-14/a>
Jesse La Grew
DShield and qemu Sitting in a Tree: L-O-G-G-I-N-G
2023-09-09/a>
Guy Bruneau
?Anyone get the ASN of the Truck that Hit Me?!?: Creating a PowerShell Function to Make 3rd Party API Calls for Extending Honeypot Information [Guest Diary]
2023-09-05/a>
Jesse La Grew
Common usernames submitted to honeypots
2023-09-02/a>
Jesse La Grew
What is the origin of passwords submitted to honeypots?
2023-08-31/a>
Guy Bruneau
Potential Weaponizing of Honeypot Logs [Guest Diary]
2023-08-25/a>
Xavier Mertens
Python Malware Using Postgresql for C2 Communications
2023-08-23/a>
Xavier Mertens
More Exotic Excel Files Dropping AgentTesla
2023-08-23/a>
Guy Bruneau
How I made a qwerty ?keyboard walk? password generator with ChatGPT [Guest Diary]
2023-08-22/a>
Xavier Mertens
Have You Ever Heard of the Fernet Encryption Algorithm?
2023-08-21/a>
Xavier Mertens
Quick Malware Triage With Inotify Tools
2023-08-17/a>
Jesse La Grew
Command Line Parsing - Are These Really Unique Strings?
2023-08-12/a>
Guy Bruneau
DShield Sensor Monitoring with a Docker ELK Stack [Guest Diary]
2023-08-11/a>
Xavier Mertens
Show me All Your Windows!
2023-07-28/a>
Xavier Mertens
ShellCode Hidden with Steganography
2023-07-26/a>
Xavier Mertens
Suspicious IP Addresses Avoided by Malware Samples
2023-07-23/a>
Guy Bruneau
Install & Configure Filebeat on Raspberry Pi ARM64 to Parse DShield Sensor Logs
2023-07-13/a>
Jesse La Grew
DShield Honeypot Maintenance and Data Retention
2023-07-06/a>
Jesse La Grew
IDS Comparisons with DShield Honeypot Data
2023-07-01/a>
Russ McRee
Sandfly Security
2023-06-27/a>
Xavier Mertens
The Importance of Malware Triage
2023-06-20/a>
Xavier Mertens
Malicious Code Can Be Anywhere
2023-06-16/a>
Xavier Mertens
Another RAT Delivered Through VBS
2023-06-11/a>
Guy Bruneau
DShield Honeypot Activity for May 2023
2023-06-09/a>
Xavier Mertens
Undetected PowerShell Backdoor Disguised as a Profile File
2023-05-28/a>
Guy Bruneau
We Can no Longer Ignore the Cost of Cybersecurity
2023-05-20/a>
Xavier Mertens
Phishing Kit Collecting Victim's IP Address
2023-05-17/a>
Xavier Mertens
Increase in Malicious RAR SFX files
2023-05-14/a>
Guy Bruneau
VMware Aria Operations addresses multiple Local Privilege Escalations and a Deserialization issue
2023-05-14/a>
Guy Bruneau
DShield Sensor Update
2023-05-09/a>
Russ McRee
Exploratory Data Analysis with CISSM Cyber Attacks Database - Part 2
2023-05-03/a>
Xavier Mertens
Increased Number of Configuration File Scans
2023-04-28/a>
Xavier Mertens
Quick IOC Scan With Docker
2023-04-17/a>
Jan Kopriva
The strange case of Great honeypot of China
2023-04-08/a>
Xavier Mertens
Microsoft Netlogon: Potential Upcoming Impacts of CVE-2022-38023
2023-04-05/a>
Jesse La Grew
Exploration of DShield Cowrie Data with jq
2023-03-31/a>
Jan Kopriva
Use of X-Frame-Options and CSP frame-ancestors security headers on 1 million most popular domains
2023-03-30/a>
Xavier Mertens
Bypassing PowerShell Strong Obfuscation
2023-03-29/a>
Didier Stevens
Extracting Multiple Streams From OLE Files
2023-03-28/a>
Jesse La Grew
Network Data Collector Placement Makes a Difference
2023-03-21/a>
Didier Stevens
String Obfuscation: Character Pair Reversal
2023-03-18/a>
Xavier Mertens
Old Backdoor, New Obfuscation
2023-03-11/a>
Xavier Mertens
Overview of a Mirai Payload Generator
2023-03-02/a>
Didier Stevens
YARA: Detect The Unexpected ...
2023-03-01/a>
Xavier Mertens
Python Infostealer Targeting Gamers
2023-02-22/a>
Johannes Ullrich
Internet Wide Scan Fingerprinting Confluence Servers
2023-02-15/a>
Rob VandenBrink
DNS Recon Redux - Zone Transfers (plus a time machine) for When You Can't do a Zone Transfer
2023-02-10/a>
Xavier Mertens
Obfuscated Deactivation of Script Block Logging
2023-02-09/a>
Xavier Mertens
A Backdoor with Smart Screenshot Capability
2023-02-05/a>
Didier Stevens
Video: Analyzing Malicious OneNote Documents
2023-02-04/a>
Guy Bruneau
Assemblyline as a Malware Analysis Sandbox
2023-02-01/a>
Didier Stevens
Detecting (Malicious) OneNote Files
2023-01-31/a>
Jesse La Grew
DShield Honeypot Setup with pfSense
2023-01-26/a>
Tom Webb
Live Linux IR with UAC
2023-01-25/a>
Xavier Mertens
A First Malicious OneNote Document
2023-01-23/a>
Xavier Mertens
Who's Resolving This Domain?
2023-01-21/a>
Guy Bruneau
DShield Sensor JSON Log to Elasticsearch
2023-01-08/a>
Guy Bruneau
DShield Sensor JSON Log Analysis
2022-12-29/a>
Jesse La Grew
Opening the Door for a Knock: Creating a Custom DShield Listener
2022-12-28/a>
Rob VandenBrink
Playing with Powershell and JSON (and Amazon and Firewalls)
2022-12-21/a>
Guy Bruneau
DShield Sensor Setup in Azure
2022-12-20/a>
Xavier Mertens
Linux File System Monitoring & Actions
2022-12-19/a>
Xavier Mertens
Hunting for Mastodon Servers
2022-12-03/a>
Guy Bruneau
Linux LOLBins Applications Available in Windows
2022-11-14/a>
Jesse La Grew
Extracting 'HTTP CONNECT' Requests with Python
2022-11-05/a>
Guy Bruneau
Windows Malware with VHD Extension
2022-11-04/a>
Xavier Mertens
Remcos Downloader with Unicode Obfuscation
2022-10-24/a>
Xavier Mertens
C2 Communications Through outlook.com
2022-10-22/a>
Didier Stevens
rtfdump's Find Option
2022-10-19/a>
Xavier Mertens
Are Internet Scanning Services Good or Bad for You?
2022-10-18/a>
Xavier Mertens
Python Obfuscation for Dummies
2022-10-08/a>
Didier Stevens
Sysmon v14.1 Release
2022-09-26/a>
Xavier Mertens
Easy Python Sandbox Detection
2022-09-14/a>
Xavier Mertens
Easy Process Injection within Python
2022-09-12/a>
Johannes Ullrich
VirusTotal Result Comparisons for Honeypot Malware
2022-09-07/a>
Johannes Ullrich
PHP Deserialization Exploit attempt
2022-08-28/a>
Didier Stevens
Sysinternals Updates: Sysmon v14.0 and ZoomIt v6.01
2022-08-26/a>
Xavier Mertens
Paypal Phishing/Coinbase in One Image
2022-08-24/a>
Brad Duncan
Monster Libra (TA551/Shathak) --> IcedID (Bokbot) --> Cobalt Strike & DarkVNC
2022-08-19/a>
Johannes Ullrich
Windows Security Blocks UPX Compressed (packed) Binaries
2022-08-18/a>
Johannes Ullrich
Honeypot Attack Summaries with Python
2022-08-08/a>
Johannes Ullrich
JSON All the Logs!
2022-07-28/a>
Johannes Ullrich
Exfiltrating Data With Bookmarks
2022-07-20/a>
Xavier Mertens
Malicious Python Script Behaving Like a Rubber Ducky
2022-07-19/a>
Johannes Ullrich
Requests For beacon.http-get. Help Us Figure Out What They Are Looking For
2022-06-24/a>
Xavier Mertens
Python (ab)using The Windows GUI
2022-06-22/a>
Xavier Mertens
Malicious PowerShell Targeting Cryptocurrency Browser Extensions
2022-06-19/a>
Didier Stevens
Video: Decoding Obfuscated BASE64 Statistically
2022-06-18/a>
Didier Stevens
Decoding Obfuscated BASE64 Statistically
2022-06-16/a>
Xavier Mertens
Houdini is Back Delivered Through a JavaScript Dropper
2022-06-15/a>
Johannes Ullrich
Terraforming Honeypots. Installing DShield Sensors in the Cloud
2022-06-03/a>
Xavier Mertens
Sandbox Evasion... With Just a Filename!
2022-06-02/a>
Johannes Ullrich
Quick Answers in Incident Response: RECmd.exe
2022-06-01/a>
Jan Kopriva
HTML phishing attachments - now with anti-analysis features
2022-05-30/a>
Xavier Mertens
New Microsoft Office Attack Vector via "ms-msdt" Protocol Scheme (CVE-2022-30190)
2022-05-24/a>
Yee Ching Tok
ctx Python Library Updated with "Extra" Features
2022-05-03/a>
Johannes Ullrich
Some Honeypot Updates
2022-05-03/a>
Rob VandenBrink
Finding the Real "Last Patched" Day (Interim Version)
2022-04-29/a>
Rob VandenBrink
Using Passive DNS sources for Reconnaissance and Enumeration
2022-04-21/a>
Xavier Mertens
Multi-Cryptocurrency Clipboard Swapper
2022-04-19/a>
Johannes Ullrich
Resetting Linux Passwords with U-Boot Bootloaders
2022-04-03/a>
Didier Stevens
jo
2022-04-02/a>
Didier Stevens
curl 7.82.0 Adds --json Option
2022-03-31/a>
Johannes Ullrich
Spring Vulnerability Update - Exploitation Attempts CVE-2022-22965
2022-03-29/a>
Johannes Ullrich
More Fake/Typosquatting Twitter Accounts Asking for Ukraine Crytocurrency Donations
2022-03-23/a>
Brad Duncan
Arkei Variants: From Vidar to Mars Stealer
2022-03-13/a>
Didier Stevens
YARA 4.2.0 Released
2022-03-09/a>
Xavier Mertens
Infostealer in a Batch File
2022-03-04/a>
Johannes Ullrich
Scam E-Mail Impersonating Red Cross
2022-02-22/a>
Xavier Mertens
A Good Old Equation Editor Vulnerability Delivering Malware
2022-02-20/a>
Didier Stevens
Video: YARA's Console Module
2022-02-10/a>
Johannes Ullrich
Zyxel Network Storage Devices Hunted By Mirai Variant
2022-02-03/a>
Johannes Ullrich
Keeping Track of Your Attack Surface for Cheap
2022-02-01/a>
Xavier Mertens
Automation is Nice But Don't Replace Your Knowledge
2022-01-31/a>
Xavier Mertens
Be careful with RPMSG files
2022-01-30/a>
Didier Stevens
YARA's Console Module
2022-01-20/a>
Xavier Mertens
RedLine Stealer Delivered Through FTP
2022-01-07/a>
Xavier Mertens
Custom Python RAT Builder
2022-01-06/a>
Xavier Mertens
Malicious Python Script Targeting Chinese People
2022-01-01/a>
Didier Stevens
Expect Regressions
2021-12-28/a>
Russ McRee
LotL Classifier tests for shells, exfil, and miners
2021-12-21/a>
Xavier Mertens
More Undetected PowerShell Dropper
2021-12-18/a>
Guy Bruneau
VMware Security Update - https://www.vmware.com/security/advisories/VMSA-2021-0030.html
2021-12-16/a>
Brad Duncan
How the "Contact Forms" campaign tricks people
2021-12-14/a>
Johannes Ullrich
Log4j: Getting ready for the long haul (CVE-2021-44228)
2021-12-10/a>
Xavier Mertens
Python Shellcode Injection From JSON Data
2021-12-06/a>
Xavier Mertens
The Importance of Out-of-Band Networks
2021-12-01/a>
Xavier Mertens
Info-Stealer Using webhook.site to Exfiltrate Data
2021-11-20/a>
Guy Bruneau
Hikvision Security Cameras Potentially Exposed to Remote Code Execution
2021-11-18/a>
Xavier Mertens
JavaScript Downloader Delivers Agent Tesla Trojan
2021-11-14/a>
Didier Stevens
Video: Obfuscated Maldoc: Reversed BASE64
2021-11-10/a>
Xavier Mertens
Shadow IT Makes People More Vulnerable to Phishing
2021-11-08/a>
Xavier Mertens
(Ab)Using Security Tools & Controls for the Bad
2021-10-18/a>
Xavier Mertens
Malicious PowerShell Using Client Certificate Authentication
2021-09-24/a>
Xavier Mertens
Keep an Eye on Your Users Mobile Devices (Simple Inventory)
2021-09-22/a>
Didier Stevens
An XML-Obfuscated Office Document (CVE-2021-40444)
2021-09-17/a>
Xavier Mertens
Malicious Calendar Subscriptions Are Back?
2021-09-15/a>
Brad Duncan
Hancitor campaign abusing Microsoft's OneDrive
2021-08-30/a>
Xavier Mertens
Cryptocurrency Clipboard Swapper Delivered With Love
2021-08-29/a>
Guy Bruneau
Filter JSON Data by Value with Linux jq
2021-08-19/a>
Johannes Ullrich
When Lightning Strikes. What works and doesn't work.
2021-08-17/a>
Johannes Ullrich
Laravel (<=v8.4.2) exploit attempts for CVE-2021-3129 (debug mode: Remote code execution)
2021-08-13/a>
Guy Bruneau
Scanning for Microsoft Exchange eDiscovery
2021-07-31/a>
Guy Bruneau
Unsolicited DNS Queries
2021-07-28/a>
Jan Kopriva
A sextortion e-mail from...IT support?!
2021-07-20/a>
Bojan Zdrnja
Summer of SAM - incorrect permissions on Windows 10/11 hives
2021-07-16/a>
Xavier Mertens
Multiple BaseXX Obfuscations
2021-07-14/a>
Jan Kopriva
One way to fail at malspam - give recipients the wrong password for an encrypted attachment
2021-07-08/a>
Xavier Mertens
Using Sudo with Python For More Security Controls
2021-07-06/a>
Xavier Mertens
Python DLL Injection Check
2021-07-04/a>
Didier Stevens
DIY CD/DVD Destruction - Follow Up
2021-07-02/a>
Xavier Mertens
"inception.py"... Multiple Base64 Encodings
2021-06-27/a>
Didier Stevens
DIY CD/DVD Destruction
2021-06-24/a>
Xavier Mertens
Do you Like Cookies? Some are for sale!
2021-06-21/a>
Rick Wanner
Mitre CWE - Common Weakness Enumeration
2021-06-15/a>
Johannes Ullrich
Multi Perimeter Device Exploit Mirai Version Hunting For Sonicwall, DLink, Cisco and more
2021-06-12/a>
Guy Bruneau
Fortinet Targeted for Unpatched SSL VPN Discovery Activity
2021-06-11/a>
Xavier Mertens
Keeping an Eye on Dangerous Python Modules
2021-06-11/a>
Xavier Mertens
Sonicwall SRA 4600 Targeted By an Old Vulnerability
2021-06-07/a>
Johannes Ullrich
Amazon Sidewalk: Cutting Through the Hype
2021-06-04/a>
Xavier Mertens
Russian Dolls VBS Obfuscation
2021-05-31/a>
Rick Wanner
Quick and dirty Python: nmap
2021-05-30/a>
Didier Stevens
Sysinternals: Procmon, Sysmon, TcpView and Process Explorer update
2021-05-23/a>
Didier Stevens
Video: Making Sense Of Encrypted Cobalt Strike Traffic
2021-05-12/a>
Jan Kopriva
Number of industrial control systems on the internet is lower then in 2020...but still far from zero
2021-05-10/a>
Johannes Ullrich
Correctly Validating IP Addresses: Why encoding matters for input validation.
2021-05-08/a>
Guy Bruneau
Who is Probing the Internet for Research Purposes?
2021-05-04/a>
Rick Wanner
Quick and dirty Python: masscan
2021-04-29/a>
Xavier Mertens
From Python to .Net
2021-04-25/a>
Didier Stevens
Sysinternals: Procmon and Sysmon update
2021-04-22/a>
Xavier Mertens
How Safe Are Your Docker Images?
2021-04-19/a>
Jan Kopriva
Hunting phishing websites with favicon hashes
2021-04-18/a>
Didier Stevens
Decoding Cobalt Strike Traffic
2021-04-12/a>
Didier Stevens
Example of Cleartext Cobalt Strike Traffic (Thanks Brad)
2021-04-09/a>
Xavier Mertens
No Python Interpreter? This Simple RAT Installs Its Own Copy
2021-04-02/a>
Xavier Mertens
C2 Activity: Sandboxes or Real Victims?
2021-03-31/a>
Xavier Mertens
Quick Analysis of a Modular InfoStealer
2021-03-18/a>
Xavier Mertens
Simple Python Keylogger
2021-03-10/a>
Rob VandenBrink
SharpRDP - PSExec without PSExec, PSRemoting without PowerShell
2021-03-07/a>
Didier Stevens
PCAPs and Beacons
2021-03-02/a>
Russ McRee
Adversary Simulation with Sim
2021-02-28/a>
Didier Stevens
Maldocs: Protection Passwords
2021-02-26/a>
Guy Bruneau
Pretending to be an Outlook Version Update
2021-02-22/a>
Didier Stevens
Unprotecting Malicious Documents For Inspection
2021-02-13/a>
Guy Bruneau
vSphere Replication updates address a command injection vulnerability (CVE-2021-21976) - https://www.vmware.com/security/advisories/VMSA-2021-0001.html
2021-02-04/a>
Bojan Zdrnja
Abusing Google Chrome extension syncing for data exfiltration and C&C
2021-02-01/a>
Rob VandenBrink
Taking a Shot at Reverse Shell Attacks, CNC Phone Home and Data Exfil from Servers
2021-01-22/a>
Xavier Mertens
Another File Extension to Block in your MTA: .jnlp
2021-01-19/a>
Russ McRee
Gordon for fast cyber reputation checks
2021-01-18/a>
Didier Stevens
Doc & RTF Malicious Document
2021-01-17/a>
Didier Stevens
New Release of Sysmon Adding Detection for Process Tampering
2021-01-15/a>
Guy Bruneau
Obfuscated DNS Queries
2021-01-04/a>
Jan Kopriva
From a small BAT file to Mass Logger infostealer
2021-01-02/a>
Guy Bruneau
Protecting Home Office and Enterprise in 2021
2020-12-29/a>
Jan Kopriva
Want to know what's in a folder you don't have a permission to access? Try asking your AV solution...
2020-12-22/a>
Xavier Mertens
Malware Victim Selection Through WiFi Identification
2020-12-19/a>
Guy Bruneau
Secure Communication using TLS in Elasticsearch
2020-12-17/a>
Daniel Wesemann
"Amazon" invoice that asks to call 1-866-335-0659 "to cancel" an order that you never made is (obviously) a #scam
2020-12-13/a>
Didier Stevens
KringleCon 2020
2020-12-10/a>
Xavier Mertens
Python Backdoor Talking to a C2 Through Ngrok
2020-12-04/a>
Guy Bruneau
Detecting Actors Activity with Threat Intel
2020-11-30/a>
Didier Stevens
Decrypting PowerShell Payloads (video)
2020-11-22/a>
Didier Stevens
Quick Tip: Extracting all VBA Code from a Maldoc - JSON Format
2020-11-21/a>
Guy Bruneau
VMware privilege escalation vulnerabilities (CVE-2020-4004, CVE-2020-4005) - https://www.vmware.com/security/advisories/VMSA-2020-0026.html
2020-11-20/a>
Xavier Mertens
Malicious Python Code and LittleSnitch Detection
2020-11-19/a>
Xavier Mertens
PowerShell Dropper Delivering Formbook
2020-11-13/a>
Xavier Mertens
Old Worm But New Obfuscation Technique
2020-11-09/a>
Xavier Mertens
How Attackers Brush Up Their Malicious Scripts
2020-11-07/a>
Guy Bruneau
Cryptojacking Targeting WebLogic TCP/7001
2020-11-05/a>
Xavier Mertens
Did You Spot "Invoke-Expression"?
2020-10-24/a>
Guy Bruneau
An Alternative to Shodan, Censys with User-Agent CensysInspect/1.1
2020-10-20/a>
Xavier Mertens
Mirai-alike Python Scanner
2020-10-14/a>
Xavier Mertens
Nicely Obfuscated Python RAT
2020-09-30/a>
Johannes Ullrich
Scans for FPURL.xml: Reconnaissance or Not?
2020-09-29/a>
Xavier Mertens
Managing Remote Access for Partners & Contractors
2020-09-24/a>
Xavier Mertens
Party in Ibiza with PowerShell
2020-09-20/a>
Guy Bruneau
Analysis of a Salesforce Phishing Emails
2020-09-18/a>
Xavier Mertens
A Mix of Python & VBA in a Malicious Word Document
2020-09-17/a>
Xavier Mertens
Suspicious Endpoint Containment with OSSEC
2020-09-04/a>
Jan Kopriva
A blast from the past - XXEncoded VB6.0 Trojan
2020-09-03/a>
Xavier Mertens
Sandbox Evasion Using NTP
2020-09-02/a>
Xavier Mertens
Python and Risky Windows API Calls
2020-08-28/a>
Xavier Mertens
Example of Malicious DLL Injected in PowerShell
2020-08-19/a>
Xavier Mertens
Example of Word Document Delivering Qakbot
2020-08-18/a>
Xavier Mertens
Using API's to Track Attackers
2020-08-16/a>
Didier Stevens
Small Challenge: A Simple Word Maldoc - Part 3
2020-08-10/a>
Bojan Zdrnja
Scoping web application and web service penetration tests
2020-08-04/a>
Johannes Ullrich
Internet Choke Points: Concentration of Authoritative Name Servers
2020-07-30/a>
Johannes Ullrich
Python Developers: Prepare!!!
2020-07-27/a>
Johannes Ullrich
In Memory of Donald Smith
2020-07-24/a>
Xavier Mertens
Compromized Desktop Applications by Web Technologies
2020-07-20/a>
Rick Wanner
Sextortion Update: The Final Final Chapter
2020-07-11/a>
Guy Bruneau
VMware XPC Client validation privilege escalation vulnerability - https://www.vmware.com/security/advisories/VMSA-2020-0017.html
2020-07-08/a>
Xavier Mertens
If You Want Something Done Right, You Have To Do It Yourself... Malware Too!
2020-07-01/a>
Jim Clausing
Setting up the Dshield honeypot and tcp-honeypot.py
2020-06-29/a>
Didier Stevens
Sysmon and Alternate Data Streams
2020-06-28/a>
Guy Bruneau
tcp-honeypot.py Logstash Parser & Dashboard Update
2020-06-25/a>
Johannes Ullrich
Tech Tuesday Recap / Recordings: Part 2 (Installing the Honeypot) release.
2020-06-20/a>
Tom Webb
Pi Zero HoneyPot
2020-06-16/a>
Xavier Mertens
Sextortion to The Next Level
2020-06-05/a>
Remco Verhoef
Not so FastCGI!
2020-06-04/a>
Xavier Mertens
Anti-Debugging Technique based on Memory Protection
2020-05-31/a>
Guy Bruneau
Windows 10 Built-in Packet Sniffer - PktMon
2020-05-29/a>
Johannes Ullrich
The Impact of Researchers on Our Data
2020-05-04/a>
Didier Stevens
Sysmon and File Deletion
2020-05-01/a>
Jim Clausing
Attack traffic on TCP port 9673
2020-04-27/a>
Xavier Mertens
Powershell Payload Stored in a PSCredential Object
2020-04-24/a>
Xavier Mertens
Malicious Excel With a Strong Obfuscation and Sandbox Evasion
2020-04-03/a>
Xavier Mertens
Obfuscated with a Simple 0x0A
2020-03-23/a>
Didier Stevens
Windows Zeroday Actively Exploited: Type 1 Font Parsing Remote Code Execution Vulnerability
2020-03-15/a>
Guy Bruneau
VPN Access and Activity Monitoring
2020-03-11/a>
Xavier Mertens
Agent Tesla Delivered via Fake Canon EOS Notification on Free OwnCloud Account
2020-02-27/a>
Xavier Mertens
Offensive Tools Are For Blue Teams Too
2020-02-22/a>
Xavier Mertens
Simple but Efficient VBScript Obfuscation
2020-02-16/a>
Guy Bruneau
SOAR or not to SOAR?
2020-02-14/a>
Xavier Mertens
Keep an Eye on Command-Line Browsers
2020-02-08/a>
Russell Eubanks
After Action Review
2020-02-07/a>
Xavier Mertens
Sandbox Detection Tricks & Nice Obfuscation in a Single VBScript
2020-01-27/a>
Johannes Ullrich
Network Security Perspective on Coronavirus Preparedness
2020-01-23/a>
Xavier Mertens
Complex Obfuscation VS Simple Trick
2020-01-16/a>
Jan Kopriva
Picks of 2019 malware - the large, the small and the one full of null bytes
2020-01-12/a>
Guy Bruneau
ELK Dashboard and Logstash parser for tcp-honeypot Logs
2020-01-10/a>
Xavier Mertens
More Data Exfiltration
2020-01-04/a>
Didier Stevens
KringleCon 2019
2019-12-23/a>
Didier Stevens
New oledump.py plugin: plugin_version_vba
2019-11-29/a>
Russ McRee
ISC Snapshot: Search with SauronEye
2019-11-22/a>
Xavier Mertens
Abusing Web Filters Misconfiguration for Reconnaissance
2019-11-20/a>
Brad Duncan
Hancitor infection with Pony, Evil Pony, Ursnif, and Cobalt Strike
2019-11-11/a>
Johannes Ullrich
Are We Going Back to TheMoon (and How is Liquor Involved)?
2019-11-09/a>
Guy Bruneau
Fake Netflix Update Request by Text
2019-11-03/a>
Didier Stevens
You Too? "Unusual Activity with Double Base64 Encoding"
2019-10-29/a>
Xavier Mertens
Generating PCAP Files from YAML
2019-10-24/a>
Johannes Ullrich
Your Supply Chain Doesn't End At Receiving: How Do You Decommission Network Equipment?
2019-10-19/a>
Russell Eubanks
What Assumptions Are You Making?
2019-10-18/a>
Xavier Mertens
Quick Malicious VBS Analysis
2019-10-16/a>
Xavier Mertens
Security Monitoring: At Network or Host Level?
2019-09-27/a>
Xavier Mertens
New Scans for Polycom Autoconfiguration Files
2019-09-22/a>
Didier Stevens
Video: Encrypted Sextortion PDFs
2019-09-19/a>
Xavier Mertens
Agent Tesla Trojan Abusing Corporate Email Accounts
2019-09-19/a>
Xavier Mertens
Blocklisting or Whitelisting in the Right Way
2019-09-17/a>
Rob VandenBrink
Investigating Gaps in your Windows Event Logs
2019-09-16/a>
Didier Stevens
Encrypted Sextortion PDFs
2019-08-25/a>
Guy Bruneau
Are there any Advantages of Buying Cyber Security Insurance?
2019-08-09/a>
Xavier Mertens
100% JavaScript Phishing Page
2019-08-05/a>
Rick Wanner
Sextortion: Follow the Money - The Final Chapter
2019-07-28/a>
Didier Stevens
Video: Analyzing Compressed PowerShell Scripts
2019-07-25/a>
Rob VandenBrink
When Users Attack! Users (and Admins) Thwarting Security Controls
2019-07-18/a>
Rob VandenBrink
The Other Side of Critical Control 1: 802.1x Wired Network Access Controls
2019-07-13/a>
Guy Bruneau
Guidance to Protect DNS Against Hijacking & Scanning for Version.BIND Still a Thing
2019-07-11/a>
Xavier Mertens
Russian Dolls Malicious Script Delivering Ursnif
2019-07-02/a>
Xavier Mertens
Malicious Script With Multiple Payloads
2019-06-27/a>
Rob VandenBrink
Finding the Gold in a Pile of Pennies - Long Tail Analysis in PowerShell
2019-06-20/a>
Xavier Mertens
Using a Travel Packing App for Infosec Purpose
2019-06-19/a>
Johannes Ullrich
Critical Actively Exploited WebLogic Flaw Patched CVE-2019-2729
2019-06-16/a>
Didier Stevens
Sysmon Version 10: DNS Logging
2019-06-10/a>
Xavier Mertens
Interesting JavaScript Obfuscation Example
2019-06-09/a>
Didier Stevens
Tip: Sysmon Will Log DNS Queries
2019-05-16/a>
Xavier Mertens
The Risk of Authenticated Vulnerability Scans
2019-04-26/a>
Rob VandenBrink
Pillaging Passwords from Service Accounts
2019-04-25/a>
Rob VandenBrink
Unpatched Vulnerability Alert - WebLogic Zero Day
2019-04-13/a>
Johannes Ullrich
Configuring MTA-STS and TLS Reporting For Your Domain
2019-04-05/a>
Russ McRee
Beagle: Graph transforms for DFIR data & logs
2019-03-25/a>
Didier Stevens
"VelvetSweatshop" Maldocs: Shellcode Analysis
2019-03-24/a>
Didier Stevens
Decoding QR Codes with Python
2019-03-23/a>
Didier Stevens
"VelvetSweatshop" Maldocs
2019-03-21/a>
Xavier Mertens
New Wave of Extortion Emails: Central Intelligence Agency Case
2019-03-20/a>
Rob VandenBrink
Using AD to find hosts that aren't in AD - fun with the [IPAddress] construct!
2019-03-06/a>
Xavier Mertens
Keep an Eye on Disposable Email Addresses
2019-02-25/a>
Didier Stevens
Sextortion Email Variant: With QR Code
2019-02-24/a>
Guy Bruneau
Packet Editor and Builder by Colasoft
2019-02-06/a>
Brad Duncan
Hancitor malspam and infection traffic from Tuesday 2019-02-05
2019-02-05/a>
Rob VandenBrink
Mitigations against Mimikatz Style Attacks
2019-02-01/a>
Rick Wanner
Sextortion: Follow the Money Part 3 - The cashout begins!
2019-01-31/a>
Xavier Mertens
Tracking Unexpected DNS Changes
2019-01-18/a>
John Bambenek
Sextortion Bitcoin on the Move
2018-12-31/a>
Didier Stevens
Software Crashes: A New Year's Resolution
2018-12-29/a>
Didier Stevens
Video: De-DOSfuscation Example
2018-12-22/a>
Didier Stevens
KringleCon 2018
2018-12-19/a>
Xavier Mertens
Using OSSEC Active-Response as a DFIR Framework
2018-12-15/a>
Didier Stevens
De-DOSfuscation Example
2018-12-14/a>
Rick Wanner
Bombstortion?? Boomstortion??
2018-12-12/a>
Didier Stevens
Yet Another DOSfuscation Sample
2018-11-27/a>
Xavier Mertens
More obfuscated shell scripts: Fake MacOS Flash update
2018-11-27/a>
Rob VandenBrink
Data Exfiltration in Penetration Tests
2018-11-26/a>
Xavier Mertens
Obfuscated bash script targeting QNap boxes
2018-11-26/a>
Russ McRee
ViperMonkey: VBA maldoc deobfuscation
2018-11-16/a>
Xavier Mertens
Basic Obfuscation With Permissive Languages
2018-11-09/a>
Tom Webb
Playing with T-POT
2018-11-06/a>
Xavier Mertens
Malicious Powershell Script Dissection
2018-11-05/a>
Johannes Ullrich
Struts 2.3 Vulnerable to Two Year old File Upload Flaw
2018-10-23/a>
Xavier Mertens
Diving into Malicious AutoIT Code
2018-10-21/a>
Didier Stevens
MSG Files: Compressed RTF
2018-10-17/a>
Russ McRee
RedHunt Linux - Adversary Emulation, Threat Hunting & Intelligence
2018-10-12/a>
Xavier Mertens
More Equation Editor Exploit Waves
2018-10-10/a>
Xavier Mertens
New Campaign Using Old Equation Editor Vulnerability
2018-10-01/a>
Didier Stevens
Decoding Custom Substitution Encodings with translate.py
2018-09-30/a>
Didier Stevens
When DOSfuscation Helps...
2018-09-28/a>
Xavier Mertens
More Excel DDE Code Injection
2018-09-19/a>
Rob VandenBrink
Certificates Revisited - SSL VPN Certificates 2 Ways
2018-09-05/a>
Rob VandenBrink
Where have all my Certificates gone? (And when do they expire?)
2018-09-05/a>
Xavier Mertens
Malicious PowerShell Compiling C# Code on the Fly
2018-09-04/a>
Rob VandenBrink
Let's Trade: You Read My Email, I'll Read Your Password!
2018-08-30/a>
Xavier Mertens
Crypto Mining Is More Popular Than Ever!
2018-08-13/a>
Didier Stevens
New Extortion Tricks: Now Including Your (Partial) Phone Number!
2018-07-30/a>
Didier Stevens
Malicious Word documents using DOSfuscation
2018-07-26/a>
Xavier Mertens
Windows Batch File Deobfuscation
2018-07-24/a>
Tom Webb
Cell Phone Monitoring. Who is Watching the Watchers?
2018-07-15/a>
Didier Stevens
Video: Retrieving and processing JSON data (BTC example)
2018-07-14/a>
Didier Stevens
Retrieving and processing JSON data (BTC example)
2018-07-12/a>
Johannes Ullrich
New Extortion Tricks: Now Including Your Password!
2018-07-02/a>
Guy Bruneau
VMware ESXi, Workstation, and Fusion address multiple out-of-bounds read vulnerabilities https://www.vmware.com/security/advisories/VMSA-2018-0016.html
2018-06-18/a>
Xavier Mertens
Malicious JavaScript Targeting Mobile Browsers
2018-06-17/a>
Didier Stevens
Encrypted Office Documents
2018-06-15/a>
Lorna Hutcheson
SMTP Strangeness - Possible C2
2018-06-05/a>
Xavier Mertens
Malicious Post-Exploitation Batch File
2018-05-30/a>
Bojan Zdrnja
The end of the lock icon
2018-05-28/a>
Kevin Liston
Do you hear Laurel or Yanny or is it On-Off Keying?
2018-05-27/a>
Guy Bruneau
Capture and Analysis of User Agents
2018-05-25/a>
Xavier Mertens
Antivirus Evasion? Easy as 1,2,3
2018-05-22/a>
Guy Bruneau
VMware updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue - https://www.vmware.com/security/advisories/VMSA-2018-0012.html
2018-05-20/a>
Didier Stevens
DASAN GPON home routers exploits in-the-wild
2018-05-19/a>
Xavier Mertens
Malicious Powershell Targeting UK Bank Customers
2018-05-16/a>
Mark Hofman
EFAIL, a weakness in openPGP and S\MIME
2018-05-10/a>
Bojan Zdrnja
Exfiltrating data from (very) isolated environments
2018-04-30/a>
Remco Verhoef
Another approach to webapplication fingerprinting
2018-04-25/a>
Johannes Ullrich
Yet Another Drupal RCE Vulnerability
2018-03-12/a>
Xavier Mertens
Payload delivery via SMB
2017-12-27/a>
Guy Bruneau
What are your Security Challenges for 2018?
2017-12-23/a>
Didier Stevens
Encrypted PDFs
2017-12-14/a>
Russ McRee
Security Planner: Improve your online safety
2017-12-14/a>
Russ McRee
Detection Lab: Visibility & Introspection for Defenders
2017-12-13/a>
Xavier Mertens
Tracking Newly Registered Domains
2017-12-05/a>
Tom Webb
IR using the Hive Project.
2017-11-25/a>
Guy Bruneau
Exim Remote Code Exploit
2017-11-23/a>
Xavier Mertens
Proactive Malicious Domain Search
2017-11-13/a>
Guy Bruneau
jsonrpc Scanning for root account
2017-11-03/a>
Xavier Mertens
Simple Analysis of an Obfuscated JAR File
2017-10-30/a>
Johannes Ullrich
Critical Patch For Oracle's Identity Manager
2017-10-27/a>
Renato Marinho
"Catch-All" Google Chrome Malicious Extension Steals All Posted Data
2017-10-25/a>
Mark Hofman
DUHK attack, continuing a week of named issues
2017-10-24/a>
Xavier Mertens
Stop relying on file extensions
2017-10-12/a>
Xavier Mertens
Version control tools aren't only for Developers
2017-10-05/a>
Johannes Ullrich
pcap2curl: Turning a pcap file into a set of cURL commands for "replay"
2017-10-02/a>
Xavier Mertens
Investigating Security Incidents with Passive DNS
2017-09-30/a>
Lorna Hutcheson
Who's Borrowing your Resources?
2017-09-17/a>
Guy Bruneau
rockNSM as a Incident Response Package
2017-09-16/a>
Guy Bruneau
VMware ESXi, vCenter Server, Fusion and Workstation updates resolve multiple security vulnerabilities - https://www.vmware.com/security/advisories/VMSA-2017-0015.html
2017-09-09/a>
Didier Stevens
Malware analysis output sanitization
2017-09-06/a>
Adrien de Beaupre
Modern Web Application Penetration Testing , Hash Length Extension Attacks
2017-08-29/a>
Renato Marinho
Second Google Chrome Extension Banker Malware in Two Weeks
2017-08-22/a>
Xavier Mertens
Defang all the things!
2017-08-15/a>
Renato Marinho
(Banker(GoogleChromeExtension)).targeting("Brazil")
2017-08-10/a>
Didier Stevens
Maldoc Analysis with ViperMonkey
2017-08-03/a>
Johannes Ullrich
Using a Raspberry Pi honeypot to contribute data to DShield/ISC
2017-08-01/a>
Rob VandenBrink
Rooting Out Hosts that Support Older Samba Versions
2017-07-27/a>
Xavier Mertens
TinyPot, My Small Honeypot
2017-07-24/a>
Russell Eubanks
Trends Over Time
2017-07-08/a>
Xavier Mertens
A VBScript with Obfuscated Base64 Data
2017-07-07/a>
Renato Marinho
DDoS Extortion E-mail: Yet Another Bluff?
2017-06-22/a>
Xavier Mertens
Obfuscating without XOR
2017-06-17/a>
Guy Bruneau
Mapping Use Cases to Logs. Which Logs are the Most Important to Collect?
2017-06-10/a>
Russell Eubanks
An Occasional Look in the Rear View Mirror
2017-05-28/a>
Guy Bruneau
CyberChef a Must Have Tool in your Tool bag!
2017-05-16/a>
Russ McRee
WannaCry? Do your own data analysis.
2017-05-06/a>
Russell Eubanks
What Can You Learn On Your Own?
2017-05-06/a>
Xavier Mertens
The story of the CFO and CEO...
2017-05-05/a>
Xavier Mertens
HTTP Headers... the Achilles' heel of many applications
2017-04-28/a>
Xavier Mertens
Another Day, Another Obfuscation Technique
2017-04-21/a>
Xavier Mertens
Analysis of a Maldoc with Multiple Layers of Obfuscation
2017-04-20/a>
Xavier Mertens
DNS Query Length... Because Size Does Matter
2017-04-19/a>
Xavier Mertens
Hunting for Malicious Excel Sheets
2017-04-13/a>
Rob VandenBrink
Packet Captures Filtered by Process
2017-03-30/a>
Xavier Mertens
Diverting built-in features for the bad
2017-03-25/a>
Russell Eubanks
Distraction as a Service
2017-03-24/a>
Xavier Mertens
Nicely Obfuscated JavaScript Sample
2017-03-18/a>
Xavier Mertens
Example of Multiple Stages Dropper
2017-03-15/a>
Xavier Mertens
Retro Hunting!
2017-03-12/a>
Guy Bruneau
Honeypot Logs and Tracking a VBE Script
2017-03-10/a>
Xavier Mertens
The Side Effect of GeoIP Filters
2017-03-08/a>
Richard Porter
What is really being proxied?
2017-03-04/a>
Xavier Mertens
How your pictures may affect your website reputation
2017-02-28/a>
Xavier Mertens
Analysis of a Simple PHP Backdoor
2017-02-28/a>
Johannes Ullrich
My Catch Of 4 Months In The Amazon IP Address Space
2017-02-28/a>
Xavier Mertens
Amazon S3 Outage
2017-02-21/a>
Jim Clausing
Quick and dirty generic listener
2017-02-13/a>
Rob VandenBrink
Stuff I Learned Decrypting
2017-02-12/a>
Xavier Mertens
Analysis of a Suspicious Piece of JavaScript
2017-02-10/a>
Brad Duncan
Hancitor/Pony malspam
2017-01-28/a>
Lorna Hutcheson
Packet Analysis - Where do you start?
2017-01-13/a>
Xavier Mertens
Who's Attacking Me?
2017-01-12/a>
Mark Baggett
System Resource Utilization Monitor
2017-01-01/a>
Didier Stevens
py2exe Decompiling - Part 1
2016-12-31/a>
Xavier Mertens
Ongoing Scans Below the Radar
2016-12-27/a>
Guy Bruneau
Using daemonlogger as a Software Tap
2016-12-10/a>
Didier Stevens
Sleeping VBS Really Wants To Sleep
2016-12-06/a>
Bojan Zdrnja
Attacking NoSQL applications
2016-11-27/a>
Russ McRee
Scapy vs. CozyDuke
2016-11-23/a>
Tom Webb
Mapping Attack Methodology to Controls
2016-11-16/a>
Xavier Mertens
Example of Getting Analysts & Researchers Away
2016-11-13/a>
Guy Bruneau
Bitcoin Miner File Upload via FTP
2016-10-26/a>
Johannes Ullrich
New VMWare Security Advisory: VMSA-2016-0017 Information Disclosure in VMWare Fusion and VMWare Tools https://www.vmware.com/security/advisories/VMSA-2016-0017.html
2016-10-25/a>
Xavier Mertens
Another Day, Another Spam...
2016-10-08/a>
Russell Eubanks
Unauthorized Change Detected!
2016-09-15/a>
Xavier Mertens
In Need of a OTP Manager Soon?
2016-09-13/a>
Rob VandenBrink
If it's Free, YOU are the Product
2016-09-04/a>
Russ McRee
Kali Linux 2016.2 Release: https://www.kali.org/news/kali-linux-20162-release/
2016-08-29/a>
Russ McRee
Recommended Reading: Intrusion Detection Using Indicators of Compromise Based on Best Practices and Windows Event Logs
2016-08-28/a>
Guy Bruneau
Spam with Obfuscated Javascript
2016-08-24/a>
Tom Webb
Stay on Track During IR
2016-08-21/a>
Rick Wanner
Cisco ASA SNMP Remote Code Execution Vulnerability
2016-08-20/a>
Russell Eubanks
What are YOU doing to give back to the security community?
2016-08-19/a>
Xavier Mertens
Data Classification For the Masses
2016-07-27/a>
Xavier Mertens
Critical Xen PV guests vulnerabilities
2016-07-26/a>
Johannes Ullrich
Command and Control Channels Using "AAAA" DNS Records
2016-07-25/a>
Didier Stevens
Python Malware - Part 4
2016-07-16/a>
Didier Stevens
Python Malware - Part 3
2016-07-15/a>
Xavier Mertens
Name All the Things!
2016-07-07/a>
Johannes Ullrich
Patchwork: Is it still "Advanced" if all you have to do is Copy/Paste?
2016-06-22/a>
Bojan Zdrnja
Security through obscurity never works
2016-06-03/a>
Tom Liston
MySQL is YourSQL
2016-06-01/a>
Xavier Mertens
Docker Containers Logging
2016-05-28/a>
Russell Eubanks
Applied Lessons Learned
2016-05-18/a>
Russ McRee
Resources: Windows Auditing & Monitoring, Linux 2FA
2016-05-15/a>
Didier Stevens
Python Malware - Part 1
2016-05-14/a>
Guy Bruneau
INetSim as a Basic Honeypot
2016-04-28/a>
Rob VandenBrink
DNS and DHCP Recon using Powershell
2016-04-27/a>
Tom Webb
Kippos Cousin Cowrie
2016-04-02/a>
Russell Eubanks
Why Can't We Be Friends?
2016-03-30/a>
Xavier Mertens
What to watch with your FIM?
2016-03-23/a>
Bojan Zdrnja
Abusing Oracles
2016-03-15/a>
Xavier Mertens
Dockerized DShield SSH Honeypot
2016-03-13/a>
Xavier Mertens
SSH Honeypots (Ab)used as Proxy
2016-03-13/a>
Guy Bruneau
A Look at the Mandiant M-Trends 2016 Report
2016-02-23/a>
Xavier Mertens
VMware VMSA-2016-0002
2016-02-20/a>
Didier Stevens
Locky: JavaScript Deobfuscation
2016-02-15/a>
Bojan Zdrnja
Exploiting (pretty) blind SQL injections
2016-02-11/a>
Tom Webb
Tomcat IR with XOR.DDoS
2016-02-07/a>
Xavier Mertens
More Malicious JavaScript Obfuscation
2016-02-03/a>
Xavier Mertens
Automating Vulnerability Scans
2016-01-31/a>
Guy Bruneau
Windows 10 and System Protection for DATA Default is OFF
2016-01-29/a>
Xavier Mertens
Scripting Web Categorization
2016-01-15/a>
Xavier Mertens
JavaScript Deobfuscation Tool
2016-01-09/a>
Xavier Mertens
Virtual Bitlocker Containers
2016-01-05/a>
Guy Bruneau
What are you Concerned the Most in 2016?
2016-01-01/a>
Didier Stevens
Failure Is An Option
2015-12-29/a>
Daniel Wesemann
New Years Resolutions
2015-12-24/a>
Xavier Mertens
Unity Makes Strength
2015-12-21/a>
Daniel Wesemann
Critical Security Controls: Getting to know the unknown
2015-12-12/a>
Russell Eubanks
What Signs Are You Missing?
2015-12-04/a>
Tom Webb
Automating Phishing Analysis using BRO
2015-11-04/a>
Richard Porter
Application Aware and Critical Control 2
2015-10-17/a>
Russell Eubanks
CIS Critical Security Controls - Version 6.0
2015-10-12/a>
Guy Bruneau
Data Visualization,What is your Tool of Choice?
2015-10-12/a>
Guy Bruneau
Critical Vulnerability in Multiple Cisco Products - Apache Struts 2 Command Execution http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2
2015-09-28/a>
Johannes Ullrich
"Transport of London" Malicious E-Mail
2015-09-03/a>
Xavier Mertens
Querying the DShield API from RTIR
2015-09-01/a>
Daniel Wesemann
Encryption of "data at rest" in servers
2015-07-31/a>
Russ McRee
Tech tip follow-up: Using the data Invoked with R's system command
2015-07-18/a>
Russell Eubanks
The Value a "Fresh Set Of Eyes" (FSOE)
2015-06-02/a>
Alex Stanford
Guest Diary: Xavier Mertens - Playing with IP Reputation with Dshield & OSSEC
2015-05-29/a>
Russell Eubanks
Trust But Verify
2015-04-29/a>
Daniel Wesemann
UDP/3478 to Amazon 54.84.9.242 -- got packets? (solved)
2015-04-28/a>
Daniel Wesemann
Scammy Nepal earthquake donation requests
2015-04-19/a>
Didier Stevens
Handling Special PDF Compression Methods
2015-04-14/a>
Johannes Ullrich
Odd POST Request To Web Honeypot
2015-04-08/a>
Tom Webb
Is it a breach or not?
2015-03-07/a>
Guy Bruneau
Should it be Mandatory to have an Independent Security Audit after a Breach?
2015-02-22/a>
Russell Eubanks
Leave Things Better Than When You Found Them
2015-02-17/a>
Rob VandenBrink
A Different Kind of Equation
2015-02-11/a>
Johannes Ullrich
Did PCI Just Kill E-Commerce By Saying SSL is Not Sufficient For Payment Info ? (spoiler: TLS!=SSL)
2015-02-10/a>
Mark Baggett
Detecting Mimikatz Use On Your Network
2015-01-23/a>
Adrien de Beaupre
Infocon change to yellow for Adobe Flash issues
2014-12-24/a>
Rick Wanner
Incident Response at Sony
2014-12-04/a>
Mark Baggett
Automating Incident data collection with Python
2014-12-01/a>
Guy Bruneau
Do you have a Data Breach Response Plan?
2014-11-27/a>
Russ McRee
Syrian Electronic Army attack leads to malvertising
2014-11-19/a>
Rob VandenBrink
"Big Data" Needs a Trip to the Security Chiropracter!
2014-10-13/a>
Lorna Hutcheson
For or Against: Port Security for Network Access Control
2014-10-01/a>
Russ McRee
Security Onion news: Updated ShellShock detection scripts for Bro
2014-09-27/a>
Guy Bruneau
What has Bash and Heartbleed Taught Us?
2014-09-26/a>
Richard Porter
Why We Have Moved to InfoCon:Yellow
2014-09-19/a>
Guy Bruneau
CipherShed Fork from TrueCrypt Project, Support Windows, Mac OS and Linux - https://ciphershed.org
2014-08-17/a>
Rick Wanner
Part 1: Is your home network unwittingly contributing to NTP DDOS attacks?
2014-08-17/a>
Rick Wanner
Part 2: Is your home network unwittingly contributing to NTP DDOS attacks?
2014-08-09/a>
Adrien de Beaupre
Complete application ownage via Multi-POST XSRF
2014-07-31/a>
Chris Mohan
A Honeypot for home: Raspberry Pi
2014-07-30/a>
Rick Wanner
Symantec Endpoint Protection Privilege Escalation Zero Day
2014-07-28/a>
Guy Bruneau
Management and Control of Mobile Device Security
2014-07-22/a>
Daniel Wesemann
App "telemetry"
2014-07-14/a>
Johannes Ullrich
The Internet of Things: How do you "on-board" devices?
2014-07-02/a>
Johannes Ullrich
Simple Javascript Extortion Scheme Advertised via Bing
2014-06-30/a>
Johannes Ullrich
Should I setup a Honeypot? [SANSFIRE]
2014-06-28/a>
Mark Hofman
No more Microsoft advisory email notifications?
2014-06-24/a>
Kevin Shortt
NTP DDoS Counts Have Dropped
2014-06-11/a>
Daniel Wesemann
Help your pilot fly!
2014-05-22/a>
Johannes Ullrich
Discontinuing Support for ISC Alert Task Bar Icon
2014-05-01/a>
Johannes Ullrich
Busybox Honeypot Fingerprinting and a new DVR scanner
2014-04-26/a>
Guy Bruneau
Android Users - Beware of Bitcoin Mining Malware
2014-04-21/a>
Daniel Wesemann
Allow us to leave!
2014-04-14/a>
Kevin Shortt
INFOCon Green: Heartbleed - on the mend
2014-04-11/a>
Guy Bruneau
Heartbleed Fix Available for Download for Cisco Products
2014-04-04/a>
Rob VandenBrink
Dealing with Disaster - A Short Malware Incident Response
2014-03-25/a>
Johannes Ullrich
A few updates on "The Moon" worm
2014-03-13/a>
Daniel Wesemann
Identification and authentication are hard ... finding out intention is even harder
2014-03-06/a>
Mark Baggett
Port 5000 traffic and snort signature
2014-03-04/a>
Daniel Wesemann
Triple Handshake Cookie Cutter
2014-02-26/a>
Russ McRee
Ongoing NTP Amplification Attacks
2014-02-18/a>
Johannes Ullrich
More Details About "TheMoon" Linksys Worm
2014-02-10/a>
Rob VandenBrink
A Tale of Two Admins (and no Change Control)
2014-02-09/a>
Basil Alawi S.Taher
Mandiant Highlighter 2
2014-01-23/a>
Chris Mohan
Learning from the breaches that happens to others Part 2
2014-01-22/a>
Chris Mohan
Learning from the breaches that happens to others
2014-01-17/a>
Russ McRee
Massive RFI scans likely a free web app vuln scanner rather than bots
2014-01-11/a>
Guy Bruneau
tcpflow 1.4.4 and some of its most Interesting Features
2014-01-01/a>
Russ McRee
Happy New Year from the Syrian Electronic Army - Skype’s Social Media Accounts Hacked
2013-12-29/a>
Russ McRee
OpenSSL suffers apparent defacement
2013-12-20/a>
Daniel Wesemann
authorized key lime pie
2013-12-16/a>
Tom Webb
The case of Minerd
2013-12-01/a>
Richard Porter
BPF, PCAP, Binary, hex, why they matter?
2013-11-22/a>
Rick Wanner
Port 0 DDOS
2013-11-10/a>
Rick Wanner
Microsoft and Facebook announce bug bounty
2013-10-22/a>
Richard Porter
Greenbone and OpenVAS Scanner
2013-10-21/a>
Johannes Ullrich
New tricks that may bring DNS spoofing back or: "Why you should enable DNSSEC even if it is a pain to do"
2013-10-19/a>
Johannes Ullrich
Yet Another WHMCS SQL Injection Exploit
2013-10-05/a>
Richard Porter
Adobe Breach Notification, Notifications?
2013-10-04/a>
Johannes Ullrich
The Adobe Breach FAQ
2013-10-01/a>
Adrien de Beaupre
CSAM! Send us your logs!
2013-09-24/a>
Tom Webb
IDS, NSM, and Log Management with Security Onion 12.04.3
2013-09-18/a>
Rob VandenBrink
Cisco DCNM Update Released
2013-09-09/a>
Johannes Ullrich
SSL is broken. So what?
2013-09-02/a>
Guy Bruneau
Multiple Cisco Security Notice
2013-08-21/a>
Rob VandenBrink
Fibre Channel Reconnaissance - Reloaded
2013-08-19/a>
Johannes Ullrich
Running Snort on ESXi using the Distributed Switch
2013-08-14/a>
Johannes Ullrich
Imaging LUKS Encrypted Drives
2013-07-27/a>
Scott Fendley
Defending Against Web Server Denial of Service Attacks
2013-07-25/a>
Johannes Ullrich
A Couple of SSH Brute Force Compromises
2013-07-23/a>
Bojan Zdrnja
Sessions with(out) cookies
2013-07-21/a>
Guy Bruneau
Why use Regular Expressions?
2013-07-17/a>
Johannes Ullrich
Network Solutions Outage
2013-07-16/a>
Johannes Ullrich
Why don't we see more examples of web app attacks via POST?
2013-07-13/a>
Lenny Zeltser
Decoy Personas for Safeguarding Online Identity Using Deception
2013-07-06/a>
Guy Bruneau
Is Metadata the Magic in Modern Network Security?
2013-07-04/a>
Russ McRee
Celebrating 4th of July With a Malware PCAP Visualization
2013-06-27/a>
Tony Carothers
Ruby Update for SSL Vulnerability
2013-06-18/a>
Russ McRee
EMET 4.0 is now available for download
2013-05-22/a>
Adrien de Beaupre
Privilege escalation, why should I care?
2013-05-09/a>
John Bambenek
Adobe Releases 0-day Security Advisory for Coldfusion, Exploit Code Available. Advisory here: http://www.adobe.com/support/security/advisories/apsa13-03.html
2013-05-01/a>
Daniel Wesemann
The cost of cleaning up
2013-04-25/a>
Adam Swanger
Guest Diary: Dylan Johnson - A week in the life of some Perimeter Firewalls
2013-04-17/a>
John Bambenek
UPDATEDx1: Boston-Related Malware Campaigns Have Begun - Now with Waco Plant Explosion Fun
2013-04-16/a>
John Bambenek
Fake Boston Marathon Scams Update
2013-04-15/a>
John Bambenek
Please send any spam (full headers), URLs or other suspicious content scamming off Boston Marathon explosions to handlers@sans.org
2013-04-04/a>
Johannes Ullrich
Microsoft April Patch Tuesday Advance Notification
2013-03-29/a>
Chris Mohan
Does your breach email notification look like a phish?
2013-03-27/a>
Adam Swanger
IPv6 Focus Month: Guest Diary: Stephen Groat - IPv6 moving target defense
2013-03-25/a>
Johannes Ullrich
IPv6 Focus Month: IPv6 over IPv4 Preference
2013-03-23/a>
Guy Bruneau
Apple ID Two-step Verification Now Available in some Countries
2013-03-19/a>
Johannes Ullrich
IPv6 Focus Month: The warm and fuzzy side of IPv6
2013-03-18/a>
Johannes Ullrich
IPv6 Focus Month: What is changing with DHCP
2013-03-18/a>
Kevin Shortt
Cisco IOS Type 4 Password Issue: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4
2013-03-13/a>
Mark Baggett
Wipe the drive! Stealthy Malware Persistence Mechanism - Part 1
2013-03-11/a>
Richard Porter
IPv6 Focus Month: Traffic Testing, Firewalls, ACLs, pt 1
2013-03-09/a>
Guy Bruneau
IPv6 Focus Month: IPv6 Encapsulation - Protocol 41
2013-03-08/a>
Johannes Ullrich
IPv6 Focus Month: Filtering ICMPv6 at the Border
2013-03-06/a>
Adam Swanger
IPv6 Focus Month: Guest Diary: Stephen Groat - Geolocation Using IPv6 Addresses
2013-03-05/a>
Mark Hofman
IPv6 Focus Month: Device Defaults
2013-03-04/a>
Johannes Ullrich
IPv6 Focus Month: Addresses
2013-03-02/a>
Scott Fendley
Evernote Security Issue
2013-02-25/a>
Johannes Ullrich
Punkspider enumerates web application vulnerabilities
2013-02-17/a>
Guy Bruneau
HP ArcSight Connector Appliance and Logger Vulnerabilities
2013-02-16/a>
Lorna Hutcheson
Fedora RedHat Vulnerabilty Released
2013-02-14/a>
Adam Swanger
ISC Monthly Threat Update - February 2013 http://isc.sans.edu/podcastdetail.html?id=3121
2013-02-08/a>
Kevin Shortt
Is it Spam or Is it Malware?
2013-02-04/a>
Adam Swanger
SAN Securing The Human Monthly Awareness Video - Advanced Persistent Threat (APT) http://www.securingthehuman.org/resources/ncsam
2013-01-25/a>
Johannes Ullrich
Vulnerability Scans via Search Engines (Request for Logs)
2013-01-10/a>
Rob VandenBrink
What Else runs Telnets? Or, Pentesters Love Video Conferencing Units Too!
2013-01-10/a>
Adam Swanger
ISC Monthly Threat Update New Format
2013-01-09/a>
Rob VandenBrink
SQL Injection Flaw in Ruby on Rails
2013-01-09/a>
Johannes Ullrich
New Format for Monthly Threat Update
2013-01-09/a>
Rob VandenBrink
Security Update - Cisco 7900 Phones - cisco-sa-20130109-uipphone privilege escallation issue - advisory at: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-uipphone
2013-01-05/a>
Guy Bruneau
Adobe ColdFusion Security Advisory
2013-01-03/a>
Bojan Zdrnja
Memory acquisition traps
2012-12-31/a>
Manuel Humberto Santander Pelaez
How to determine which NAC solutions fits best to your needs
2012-12-27/a>
John Bambenek
It's 3pm 2 days after Christmas, do you know where your unmanaged SSH keys are?
2012-12-18/a>
Dan Goldberg
Mitigating the impact of organizational change: a risk assessment
2012-12-04/a>
Johannes Ullrich
Where do your backup tapes go to die?
2012-12-03/a>
John Bambenek
John McAfee Exposes His Location in Photo About His Being on Run
2012-11-26/a>
John Bambenek
Online Shopping for the Holidays? Tips, News and a Fair Warning
2012-11-23/a>
Rob VandenBrink
What's in Your Change Control Form?
2012-11-16/a>
Guy Bruneau
VMware security updates for vSphere API and ESX Service Console - http://www.vmware.com/security/advisories/VMSA-2012-0016.html
2012-11-16/a>
Manuel Humberto Santander Pelaez
Information Security Incidents are now a concern for colombian government
2012-11-08/a>
Daniel Wesemann
Get a 40% discount on your hotel room!
2012-11-06/a>
Johannes Ullrich
What to watch out For on Election Day
2012-10-30/a>
Mark Hofman
Cyber Security Awareness Month - Day 30 - DSD 35 mitigating controls
2012-10-29/a>
Kevin Shortt
Cyber Security Awareness Month - Day 29 - Clear Desk: The Unacquainted Standard
2012-10-26/a>
Russ McRee
Cyber Security Awareness Month - Day 26 - Attackers use trusted domain to propagate Citadel Zeus variant
2012-10-25/a>
Richard Porter
Cyber Security Awareness Month - Day 25 - Pro Audio & Video Packets on the Wire
2012-10-24/a>
Russ McRee
Cyber Security Awareness Month - Day 24 - A Standard for Information Security Incident Management - ISO 27035
2012-10-23/a>
Rob VandenBrink
Cyber Security Awareness Month - Day 23: Character Encoding Standards - ASCII and Successors
2012-10-21/a>
Johannes Ullrich
Cyber Security Awareness Month - Day 22: Connectors
2012-10-19/a>
Johannes Ullrich
Cyber Security Awareness Month - Day 19: Standard log formats and CEE.
2012-10-18/a>
Rob VandenBrink
Cyber Security Awareness Month - Day 18 - Vendor Standards: The vSphere Hardening Guide
2012-10-17/a>
Rob VandenBrink
Cyber Security Awareness Month - Day 17 - A Standard for Risk Management - ISO 27005
2012-10-16/a>
Richard Porter
CyberAwareness Month - Day 15, Standards Body Soup (pt2), Same Soup Different Cook.
2012-10-16/a>
Johannes Ullrich
Cyber Security Awareness Month - Day 16: W3C and HTML
2012-10-14/a>
Pedro Bueno
Cyber Security Awareness Month - Day 14 - Poor Man's File Analysis System - Part 1
2012-10-13/a>
Guy Bruneau
New Poll - Cyber Security Awareness Month Activities 2012 - https://isc.sans.edu/poll.html
2012-10-12/a>
Mark Hofman
Cyber Security Awareness Month - Day 12 PCI DSS
2012-10-11/a>
Rob VandenBrink
Cyber Security Awareness Month - Day 11 - Vendor Agnostic Standards (Center for Internet Security)
2012-10-10/a>
Kevin Shortt
Cyber Security Awareness Month - Day 10 - Standard Sudo - Part Two
2012-10-09/a>
Johannes Ullrich
Cyber Security Awreness Month - Day 9 - Request for Comment (RFC)
2012-10-08/a>
Mark Hofman
Cyber Security Awareness Month - Day 8 ISO 27001
2012-10-07/a>
Tony Carothers
Cyber Security Awareness Month - Day 7 - Rollup Review of CSAM Week 1
2012-10-06/a>
Manuel Humberto Santander Pelaez
Cyber Security Awareness Month - Day 6 - NERC: The standard that enforces security on power SCADA
2012-10-05/a>
Johannes Ullrich
Cyber Security Awareness Month - Day 5: Standards Body Soup, So many Flavors in the bowl.
2012-10-05/a>
Richard Porter
Reports of a Distributed Injection Scan
2012-10-04/a>
Johannes Ullrich
Cyber Security Awareness Month - Day 4: Crypto Standards
2012-10-03/a>
Kevin Shortt
Fake Support Calls Reported
2012-10-03/a>
Kevin Shortt
Cyber Security Awareness Month - Day 3 - Standard Sudo - Part One
2012-10-02/a>
Russ McRee
Cyber Security Awareness Month - Day 2 - PCI Security Standard: Mobile Payment Acceptance Security Guidelines
2012-10-01/a>
Johannes Ullrich
Cyber Security Awareness Month
2012-09-08/a>
Guy Bruneau
Webmin Input Validation Vulnerabilities
2012-09-02/a>
Lorna Hutcheson
Demonstrating the value of your Intrusion Detection Program and Analysts
2012-08-30/a>
Bojan Zdrnja
Analyzing outgoing network traffic (part 2)
2012-08-23/a>
Bojan Zdrnja
Analyzing outgoing network traffic
2012-08-16/a>
Johannes Ullrich
A Poor Man's DNS Anomaly Detection Script
2012-07-31/a>
Daniel Wesemann
SQL injection, lilupophilupop-style
2012-07-25/a>
Johannes Ullrich
Apple OS X 10.8 (Mountain Lion) released
2012-07-18/a>
Rob VandenBrink
Vote NO to Weak Encryption!
2012-07-14/a>
Tony Carothers
User Awareness and Education
2012-07-05/a>
Adrien de Beaupre
Microsoft advanced notification for July 2012 patch Tuesday
2012-07-02/a>
Dan Goldberg
Storms of June 29th 2012 in Mid Atlantic region of the USA
2012-06-25/a>
Rick Wanner
Targeted Malware for Industrial Espionage?
2012-06-20/a>
Raul Siles
CVE-2012-0217 (from MS12-042) applies to other environments too
2012-06-14/a>
Johannes Ullrich
Spot the Phish: Verizon Wireless
2012-06-12/a>
Swa Frantzen
Adobe June 2012 Black Tuesday patches
2012-05-22/a>
Johannes Ullrich
nmap 6 released
2012-05-07/a>
Guy Bruneau
iOS 5.1.1 Software Update for iPod, iPhone, iPad
2012-04-26/a>
Richard Porter
Define Irony: A medical device with a Virus?
2012-04-23/a>
Russ McRee
Emergency Operations Centers & Security Incident Management: A Correlation
2012-04-21/a>
Guy Bruneau
WordPress Release Security Update
2012-03-16/a>
Swa Frantzen
INFOCON Yellow - Microsoft RDP - MS12-020
2012-03-16/a>
Russ McRee
MS12-020 RDP vulnerabilities: Patch, Mitigate, Detect
2012-03-11/a>
Johannes Ullrich
An Analysis of Jester's QR Code Attack. (Guest Diary)
2012-03-03/a>
Jim Clausing
New automated sandbox for Android malware
2012-02-23/a>
donald smith
DNS-Changer "clean DNS" extension requested
2012-02-22/a>
Johannes Ullrich
How to test OS X Mountain Lion's Gatekeeper in Lion
2012-01-27/a>
Mark Hofman
CISCO Ironport C & M Series telnet vulnerability
2012-01-22/a>
Johannes Ullrich
Javascript DDoS Tool Analysis
2012-01-13/a>
Guy Bruneau
Sysinternals Updates - http://blogs.technet.com/b/sysinternals/archive/2012/01/13/updates-autoruns-v11-21-coreinfo-v3-03-portmon-v-3-03-process-explorer-v15-12-mark-s-blog-and-mark-at-rsa-2012.aspx
2012-01-03/a>
Bojan Zdrnja
The tale of obfuscated JavaScript continues
2011-12-13/a>
Johannes Ullrich
December 2011 Adobe Black Tuesday
2011-12-08/a>
Adrien de Beaupre
Microsoft Security Bulletin Advance Notification for December 2011
2011-12-07/a>
Lenny Zeltser
V8 as an Alternative to SpiderMonkey for JavaScript Deobfuscation
2011-12-01/a>
Mark Hofman
SQL Injection Attack happening ATM
2011-11-03/a>
Richard Porter
An Apple, Inc. Sandbox to play in.
2011-11-01/a>
Russ McRee
Honeynet Project: Android Reverse Engineering (A.R.E.) Virtual Machine released
2011-11-01/a>
Russ McRee
Secure languages & frameworks
2011-10-29/a>
Richard Porter
The Sub Critical Control? Evidence Collection
2011-10-28/a>
Russ McRee
Critical Control 19: Data Recovery Capability
2011-10-28/a>
Daniel Wesemann
Critical Control 20: Security Skills Assessment and Training to fill Gaps
2011-10-27/a>
Mark Baggett
Critical Control 18: Incident Response Capabilities
2011-10-26/a>
Rick Wanner
Critical Control 17:Penetration Tests and Red Team Exercises
2011-10-26/a>
Rob VandenBrink
The Theoretical "SSL Renegotiation" Issue gets a Whole Lot More Real !
2011-10-17/a>
Rob VandenBrink
Critical Control 11: Account Monitoring and Control
2011-10-13/a>
Guy Bruneau
Critical Control 10: Continuous Vulnerability Assessment and Remediation
2011-10-12/a>
Kevin Shortt
Critical Control 8 - Controlled Use of Administrative Privileges
2011-10-11/a>
Swa Frantzen
Critical Control 7 - Application Software Security
2011-10-10/a>
Jim Clausing
Critical Control 6 - Maintenance, Monitoring, and Analysis of Security Audit Logs
2011-10-07/a>
Mark Hofman
Critical Control 5 - Boundary Defence
2011-10-04/a>
Rob VandenBrink
Critical Control 2 - Inventory of Authorized and Unauthorized Software
2011-10-04/a>
Johannes Ullrich
Critical Control 3 - Secure Configurations for Hardware and Software on Laptops, Workstations and Servers
2011-10-03/a>
Mark Hofman
Critical Control 1 - Inventory of Authorized and Unauthorized Devices
2011-10-03/a>
Mark Baggett
What are the 20 Critical Controls?
2011-10-03/a>
Tom Liston
Security 101 : Security Basics in 140 Characters Or Less
2011-10-02/a>
Mark Hofman
Cyber Security Awareness Month Day 1/2 - Schedule
2011-10-02/a>
Mark Hofman
Cyber Security Awareness Month Day 1/2 - Introduction to the controls
2011-10-01/a>
Mark Hofman
Hot on the heels fo FF, Thunderbird v 7.0.1 and SeaMonkey v 2.4.1 have been updated.
2011-09-28/a>
Richard Porter
All Along the ARP Tower!
2011-09-21/a>
Mark Hofman
October 2011 Cyber Security Awareness Month
2011-09-05/a>
Bojan Zdrnja
Bitcoin – crypto currency of future or heaven for criminals?
2011-08-26/a>
Johannes Ullrich
SANS Virginia Beach Conference Canceled. Details: http://www.sans.org/virginia-beach-2011/
2011-08-26/a>
Johannes Ullrich
Some Hurricane Technology Tips
2011-08-17/a>
Rob VandenBrink
Putting all of Your Eggs in One Basket - or How NOT to do Layoffs
2011-08-16/a>
Johannes Ullrich
What are the most dangerous web applications and how to secure them?
2011-08-14/a>
Guy Bruneau
FireCAT 2.0 Released
2011-08-13/a>
Rick Wanner
MoonSols Dumpit released...for free!
2011-08-11/a>
Guy Bruneau
BlackBerry Enterprise Server Critical Update
2011-07-30/a>
Deborah Hale
Data Encryption Ban? Really?
2011-07-29/a>
Richard Porter
Apple Lion talking on TCP 5223
2011-07-28/a>
Johannes Ullrich
Announcing: The "404 Project"
2011-07-27/a>
Johannes Ullrich
Internet Storm Center iPhone App now available. Feedback/Feature Requests welcome. Search App Store for "ISC Reader"
2011-07-25/a>
Chris Mohan
Monday morning incident handler practice
2011-07-21/a>
Mark Hofman
Lion Released
2011-07-21/a>
Johannes Ullrich
Lion: What is new in Security
2011-07-19/a>
Richard Porter
SMS Phishing at the SANSFire 2011 Handler Dinner
2011-07-11/a>
John Bambenek
Another Defense Contractor Hacked in AntiSec Hacktivism Spree
2011-07-09/a>
Chris Mohan
Safer Windows Incident Response
2011-07-05/a>
Raul Siles
Helping Developers Understand Security - Spot the Vuln
2011-07-03/a>
Deborah Hale
Business Continuation in the Face of Disaster
2011-06-22/a>
Guy Bruneau
How Good is your Employee Termination Policy?
2011-06-21/a>
Chris Mohan
StartSSL, a web authentication authority, suspend services after a security breach
2011-06-17/a>
Richard Porter
When do you stop owning Technology?
2011-06-12/a>
Mark Hofman
Cloud thoughts
2011-06-09/a>
Richard Porter
One Browser to Rule them All?
2011-06-06/a>
Johannes Ullrich
The Havij SQL Injection Tool
2011-06-04/a>
Rick Wanner
Do you have a personal disaster recovery plan?
2011-05-18/a>
Bojan Zdrnja
Android, HTTP and authentication tokens
2011-04-29/a>
Guy Bruneau
Firefox, Thunderbird and SeaMonkey Security Updates
2011-04-28/a>
Chris Mohan
DSL Reports advise 9,000 accounts were compromised
2011-04-26/a>
John Bambenek
Is the Insider Threat Really Over?
2011-04-25/a>
Rob VandenBrink
Sony PlayStation Network Outage - Day 5
2011-04-22/a>
Manuel Humberto Santander Pelaez
In-house developed applications: The constant headache for the information security officer
2011-04-22/a>
Manuel Humberto Santander Pelaez
iPhoneMap: iPhoneTracker port to Linux
2011-04-20/a>
Daniel Wesemann
Data Breach Investigations Report published by Verizon
2011-04-20/a>
Johannes Ullrich
iPhone GPS Data Storage
2011-04-19/a>
Bojan Zdrnja
SQL injection: why can’t we learn?
2011-04-05/a>
Mark Hofman
Sony DDOS
2011-04-04/a>
Mark Hofman
When your service provider has a breach
2011-04-03/a>
Richard Porter
Extreme Disclosure? Not yet but a great trend!
2011-04-01/a>
John Bambenek
LizaMoon Mass SQL-Injection Attack Infected at least 500k Websites
2011-03-25/a>
Kevin Liston
APT Tabletop Exercise
2011-03-11/a>
Guy Bruneau
Snort IDS Sensor with Sguil Framework ISO
2011-03-09/a>
Chris Mohan
Possible Issue with Forefront Update KB2508823
2011-03-07/a>
Lorna Hutcheson
Call for Packets - Unassigned TCP Options
2011-03-04/a>
Mark Hofman
A new version of Seamonkey is available, includes security fixes. More details here http://www.seamonkey-project.org/news#2011-03-02
2011-02-21/a>
Adrien de Beaupre
What’s New, it's Python 3.2
2011-02-14/a>
Lorna Hutcheson
Network Visualization
2011-02-09/a>
Mark Hofman
Adobe Patches (shockwave, Flash, Reader & Coldfusion)
2011-02-07/a>
Richard Porter
Crime is still Crime! Pt 2
2011-02-05/a>
Guy Bruneau
OpenSSH Legacy Certificate Information Disclosure Vulnerability
2011-01-12/a>
Richard Porter
How Many Loyalty Cards do you Carry?
2011-01-12/a>
Richard Porter
Yet Another Data Broker? AOL Lifestream.
2011-01-03/a>
Johannes Ullrich
What Will Matter in 2011
2010-12-26/a>
Manuel Humberto Santander Pelaez
ISC infocon monitor app for OS X
2010-12-25/a>
Manuel Humberto Santander Pelaez
An interesting vulnerability playground to learn application vulnerabilities
2010-12-12/a>
Raul Siles
New trend regarding web application vulnerabilities?
2010-12-02/a>
Kevin Johnson
SQL Injection: Wordpress 3.0.2 released
2010-11-29/a>
Stephen Hall
iPhone phishing - What you see, isn't what you get
2010-11-24/a>
Bojan Zdrnja
Privilege escalation 0-day in almost all Windows versions
2010-11-17/a>
Guy Bruneau
Conficker B++ Activated on Nov 15
2010-11-17/a>
Guy Bruneau
Cisco Unified Videoconferencing Affected by Multiple Vulnerabilities
2010-11-05/a>
Adrien de Beaupre
Bot honeypot
2010-11-02/a>
Johannes Ullrich
Limited Malicious Search Engine Poisoning for Election
2010-10-31/a>
Marcus Sachs
Cyber Security Awareness Month - Day 31 - Tying it all together
2010-10-30/a>
Guy Bruneau
Cyber Security Awareness Month - Day 30 - Role of the network team
2010-10-29/a>
Manuel Humberto Santander Pelaez
Cyber Security Awareness Month - Day 29- Role of the office geek
2010-10-28/a>
Rick Wanner
Cyber Security Awareness Month - Day 27 - Social Media use in the office
2010-10-28/a>
Tony Carothers
Cyber Security Awareness Month - Day 28 - Role of the employee
2010-10-26/a>
Pedro Bueno
Cyber Security Awareness Month - Day 26 - Sharing Office Files
2010-10-25/a>
Kevin Shortt
Cyber Security Awareness Month - Day 25 - Using Home Computers for Work
2010-10-24/a>
Swa Frantzen
Cyber Security Awarenes Month - Day 24 - Using work computers at home
2010-10-23/a>
Mark Hofman
Cyber Security Awareness Month - Day 23 - The Importance of compliance
2010-10-22/a>
Daniel Wesemann
Cyber Security Awareness Month - Day 22 - Security of removable media
2010-10-22/a>
Manuel Humberto Santander Pelaez
Intypedia project
2010-10-21/a>
Chris Carboni
Cyber Security Awareness Month - Day 21 - Impossible Requests from the Boss
2010-10-20/a>
Jim Clausing
Cyber Security Awareness Month - Day 20 - Securing Mobile Devices
2010-10-19/a>
Rob VandenBrink
Cyber Security Awareness Month - Day 19 - VPN Architectures – SSL or IPSec?
2010-10-19/a>
Rob VandenBrink
Cyber Security Awareness Month - Day 19 - Remote User VPN Access – Are things getting too easy, or too hard?
2010-10-19/a>
Rob VandenBrink
Cyber Security Awareness Month - Day 19 - VPN and Remote Access Tools
2010-10-19/a>
Rob VandenBrink
Cyber Security Awareness Month - Day 19 - Remote Access Tools
2010-10-19/a>
Rob VandenBrink
Cyber Security Awareness Month - Day 19 - Remote User VPN Tunnels - to Split or not to Split?
2010-10-18/a>
Manuel Humberto Santander Pelaez
Cyber Security Awareness Month - Day 18 - What you should tell your boss when there's a crisis
2010-10-17/a>
Stephen Hall
Cyber Security Awareness Month - Day 17 - What a boss should and should not have access to
2010-10-15/a>
Marcus Sachs
Cyber Security Awareness Month - Day 15 - What Teachers Need to Know About Their Students
2010-10-15/a>
Guy Bruneau
Cyber Security Awareness Month - Day 16 - Securing a donated computer
2010-10-14/a>
Johannes Ullrich
Cyber Security Awareness Month - Day 14 - Securing a public computer
2010-10-13/a>
Deborah Hale
Cyber Security Awareness Month - Day 13 - Online Bullying
2010-10-12/a>
Scott Fendley
Cyber Security Awareness Month - Day 12 - Protecting and Managing Your Digital Identity On Social Media Sites
2010-10-11/a>
Rick Wanner
Cyber Security Awareness Month - Day 11 - Safe Browsing for Teens
2010-10-10/a>
Kevin Liston
Cyber Security Awareness Month - Day 10 - Safe browsing for pre-teens
2010-10-09/a>
Kevin Shortt
Cyber Security Awareness Month - Day 9 - Disposal of an Old Computer
2010-10-08/a>
Rick Wanner
Cyber Security Awareness Month - Day 8 - Patch Management and System Updates
2010-10-06/a>
Rob VandenBrink
Cyber Security Awareness Month - Day 7 - Remote Access and Monitoring Tools
2010-10-06/a>
Marcus Sachs
Cyber Security Awareness Month - Day 6 - Computer Monitoring Tools
2010-10-05/a>
Rick Wanner
Cyber Security Awareness Month - Day 5 - Sites you should stay away from
2010-10-04/a>
Daniel Wesemann
Cyber Security Awareness Month - Day 4 - Managing EMail
2010-10-04/a>
Mark Hofman
Online Voting
2010-10-03/a>
Adrien de Beaupre
Cyber Security Awareness Month - Day 3 - Recognizing phishing and online scams
2010-10-02/a>
Mark Hofman
Cyber Security Awareness Month - Day 2 - Securing the Family Network
2010-10-01/a>
Marcus Sachs
Cyber Security Awareness Month - 2010
2010-10-01/a>
Marcus Sachs
Cyber Security Awareness Month - Day 1 - Securing the Family PC
2010-09-26/a>
Daniel Wesemann
Egosurfing, the corporate way
2010-09-25/a>
Rick Wanner
Guest Diary: Andrew Hunt - Visualizing the Hosting Patterns of Modern Cybercriminals
2010-09-21/a>
Johannes Ullrich
Implementing two Factor Authentication on the Cheap
2010-09-04/a>
Kevin Liston
Investigating Malicious Website Reports
2010-08-23/a>
Manuel Humberto Santander Pelaez
Firefox plugins to perform penetration testing activities
2010-08-22/a>
Rick Wanner
Failure of controls...Spanair crash caused by a Trojan
2010-08-19/a>
Rob VandenBrink
Change is Good. Change is Bad. Change is Life.
2010-08-16/a>
Raul Siles
Blind Elephant: A New Web Application Fingerprinting Tool
2010-08-15/a>
Manuel Humberto Santander Pelaez
Obfuscated SQL Injection attacks
2010-08-15/a>
Manuel Humberto Santander Pelaez
Python to test web application security
2010-08-08/a>
Marcus Sachs
Thinking about Cyber Security Awareness Month in October
2010-08-06/a>
Rob VandenBrink
FOXIT PDF Reader update to resolve iPhone/iPad Jailbreak issue ==> http://www.foxitsoftware.com/announcements/2010861227.html
2010-08-05/a>
Manuel Humberto Santander Pelaez
Adobe Acrobat Font Parsing Integer Overflow Vulnerability
2010-08-05/a>
Rob VandenBrink
Access Controls for Network Infrastructure
2010-08-03/a>
Johannes Ullrich
When Lightning Strikes
2010-08-01/a>
Manuel Humberto Santander Pelaez
Evation because IPS fails to validate TCP checksums?
2010-07-29/a>
Rob VandenBrink
The 2010 Verizon Data Breach Report is Out
2010-07-24/a>
Manuel Humberto Santander Pelaez
Transmiting logon information unsecured in the network
2010-07-20/a>
Manuel Humberto Santander Pelaez
Lowering infocon back to green
2010-07-18/a>
Manuel Humberto Santander Pelaez
SAGAN: An open-source event correlation system - Part 1: Installation
2010-07-13/a>
Jim Clausing
VMware Studio Security Update
2010-06-29/a>
Johannes Ullrich
How to be a better spy: Cyber security lessons from the recent russian spy arrests
2010-06-23/a>
Johannes Ullrich
IPv6 Support in iOS 4
2010-06-15/a>
Manuel Humberto Santander Pelaez
TCP evasions for IDS/IPS
2010-06-15/a>
Manuel Humberto Santander Pelaez
iPhone 4 Order Security Breach Exposes Private Information
2010-06-14/a>
Manuel Humberto Santander Pelaez
Rogue facebook application acting like a worm
2010-06-14/a>
Manuel Humberto Santander Pelaez
Another way to get protection for application-level attacks
2010-06-14/a>
Manuel Humberto Santander Pelaez
Python on a microcontroller?
2010-06-09/a>
Deborah Hale
Mass Infection of IIS/ASP Sites
2010-06-07/a>
Manuel Humberto Santander Pelaez
Software Restriction Policy to keep malware away
2010-06-06/a>
Manuel Humberto Santander Pelaez
Nice OS X exploit tutorial
2010-06-04/a>
Rick Wanner
New Honeynet Project Forensic Challenge
2010-06-02/a>
Mark Hofman
OpenSSL version 1.0.0a released. This fixes a number of security issues. Don't forget a number of commercial appliances will be using this, so look for vendor updates soon.
2010-06-02/a>
Rob VandenBrink
New Mac malware - OSX/Onionspy
2010-05-22/a>
Rick Wanner
SANS 2010 Digital Forensics Summit - APT Based Forensic Challenge
2010-05-15/a>
Deborah Hale
Phony Phone Scam
2010-05-12/a>
Rob VandenBrink
Adobe Shockwave Update
2010-04-22/a>
John Bambenek
Data Redaction: You're Doing it Wrong
2010-04-21/a>
Guy Bruneau
Google Chrome Security Update v4.1.249.1059 Released: http://googlechromereleases.blogspot.com/2010/04/stable-update-security-fixes.html
2010-04-20/a>
Raul Siles
Are You Ready for a Transportation Collapse...?
2010-04-18/a>
Guy Bruneau
Some NetSol hosted sites breached
2010-04-13/a>
Adrien de Beaupre
Web App Testing Tools
2010-04-12/a>
Adrien de Beaupre
Get yer bogons out!
2010-04-08/a>
Bojan Zdrnja
JavaScript obfuscation in PDF: Sky is the limit
2010-04-06/a>
Daniel Wesemann
Application Logs
2010-04-04/a>
Mari Nichols
Financial Management of Cyber Risk
2010-04-02/a>
Guy Bruneau
Firefox 3.6.3 fix for CVE-2010-1121 http://www.mozilla.org/security/announce/2010/mfsa2010-25.html
2010-04-02/a>
Guy Bruneau
Security Advisory for ESX Service Console
2010-03-30/a>
Marcus Sachs
Zigbee Analysis Tools
2010-03-28/a>
Rick Wanner
Honeynet Project: 2010 Forensic Challenge #3
2010-03-27/a>
Guy Bruneau
HP-UX Running NFS/ONCplus, Inadvertently Enabled NFS
2010-03-25/a>
Kevin Liston
Responding to "Copyright Lawsuit filed against you"
2010-03-21/a>
Scott Fendley
Skipfish - Web Application Security Tool
2010-03-21/a>
Chris Carboni
Responding To The Unexpected
2010-03-10/a>
Rob VandenBrink
Microsoft Security Advisory 981374 - Remote Code Execution Vulnerability for IE6 and IE7
2010-03-10/a>
Rob VandenBrink
Microsoft re-release of KB973811 - attacks on Extended Protection for Authentication
2010-03-08/a>
Raul Siles
Samurai WTF 0.8
2010-03-07/a>
Mari Nichols
DHS issues Cybersecurity challenge
2010-03-06/a>
Tony Carothers
Integration and the Security of New Technologies
2010-03-05/a>
Kyle Haugsness
Javascript obfuscators used in the wild
2010-03-03/a>
Johannes Ullrich
Reports about large number of fake Amazon order confirmations
2010-02-22/a>
Rob VandenBrink
New Risks in Penetration Testing
2010-02-21/a>
Patrick Nolan
Looking for "more useful" malware information? Help develop the format.
2010-02-20/a>
Mari Nichols
Is "Green IT" Defeating Security?
2010-02-17/a>
Rob VandenBrink
Defining Clouds - " A Cloud by any Other Name Would be a Lot Less Confusing"
2010-02-17/a>
Rob VandenBrink
Multiple Security Updates for ESX 3.x and ESXi 3.x
2010-02-15/a>
Johannes Ullrich
Various Olympics Related Dangerous Google Searches
2010-02-06/a>
Guy Bruneau
LANDesk Management Gateway Vulnerability
2010-02-03/a>
Rob VandenBrink
APPLE-SA-2010-02-02-1 iPhone OS 3.1.3 and iPhone OS 3.1.3 for iPod touch
2010-02-02/a>
Guy Bruneau
Adobe ColdFusion Information Disclosure
2010-01-29/a>
Adrien de Beaupre
Neo-legacy applications
2010-01-27/a>
Raul Siles
European Union Security Challenge (Campus Party 2010)
2010-01-24/a>
Pedro Bueno
Outdated client applications
2010-01-22/a>
Mari Nichols
Pass-down for a Successful Incident Response
2010-01-17/a>
Mark Hofman
Why not Yellow?
2010-01-08/a>
Rob VandenBrink
Microsoft OfficeOnline, Searching for Trust and Malware
2009-12-21/a>
Marcus Sachs
iPhone Botnet Analysis
2009-12-19/a>
Deborah Hale
Educationing Our Communities
2009-12-16/a>
Rob VandenBrink
Seamonkey Update to 2.0.1, find the release notes here ==> http://www.seamonkey-project.org/releases/seamonkey2.0.1
2009-12-07/a>
Rob VandenBrink
Layer 2 Network Protections – reloaded!
2009-12-02/a>
Rob VandenBrink
SPAM and Malware taking advantage of H1N1 concerns
2009-11-29/a>
Patrick Nolan
A Cloudy Weekend
2009-11-25/a>
Jim Clausing
Updates to my GREM Gold scripts and a new script
2009-11-24/a>
John Bambenek
BIND Security Advisory (DNSSEC only)
2009-11-13/a>
Adrien de Beaupre
TLS & SSLv3 renegotiation vulnerability explained
2009-11-13/a>
Adrien de Beaupre
Conficker patch via email?
2009-11-11/a>
Rob VandenBrink
Layer 2 Network Protections against Man in the Middle Attacks
2009-11-09/a>
Chris Carboni
80's Flashback on Jailbroken iPhones
2009-11-08/a>
Bojan Zdrnja
iPhone worm in the wild
2009-11-02/a>
Rob VandenBrink
Microsoft releases v1.02 of Enhanced Mitigation Evaluation Toolkit (EMET)
2009-10-30/a>
Rob VandenBrink
New version of NIST 800-41, Firewalls and Firewall Policy Guidelines
2009-10-29/a>
Kyle Haugsness
Cyber Security Awareness Month - Day 29 - dns port 53
2009-10-28/a>
Johannes Ullrich
Cyber Security Awareness Month - Day 28 - ntp (123/udp)
2009-10-27/a>
Rob VandenBrink
New VMware Desktop Products Released (Workstation, Fusion, ACE)
2009-10-26/a>
Johannes Ullrich
Web honeypot Update
2009-10-25/a>
Lorna Hutcheson
Cyber Security Awareness Month - Day 25 - Port 80 and 443
2009-10-22/a>
Adrien de Beaupre
Cyber Security Awareness Month - Day 22 port 502 TCP - Modbus
2009-10-20/a>
Raul Siles
WASC 2008 Statistics
2009-10-19/a>
Daniel Wesemann
Cyber Security Awareness Month - Day 19 - ICMP
2009-10-18/a>
Mari Nichols
Computer Security Awareness Month - Day 18 - Telnet an oldie but a goodie
2009-10-17/a>
Rick Wanner
Unusual traffic from Loopback to Unused ARIN address
2009-10-16/a>
Adrien de Beaupre
Cyber Security Awareness Month - Day 16 - Port 1521 - Oracle TNS Listener
2009-10-15/a>
Deborah Hale
Yet another round of Viral Spam
2009-10-11/a>
Mark Hofman
Cyber Security Awareness Month - Day 12 Ports 161/162 Simple Network Management Protocol (SNMP)
2009-10-09/a>
Rob VandenBrink
Cyber Security Awareness Month - Day 9 - Port 3389/tcp (RDP)
2009-10-09/a>
Rob VandenBrink
AT&T Cell Phone Phish
2009-10-06/a>
Adrien de Beaupre
Cyber Security Awareness Month - Day 6 ports 67&68 udp - bootp and dhcp
2009-10-05/a>
Adrien de Beaupre
Cyber Security Awareness Month - Day 5 port 31337
2009-10-04/a>
Guy Bruneau
Samba Security Information Disclosure and DoS
2009-10-02/a>
Stephen Hall
Cyber Security Awareness Month - Day 2 - Port 0
2009-10-02/a>
Stephen Hall
VMware Fusion updates to fixes a couple of bugs
2009-10-02/a>
Stephen Hall
Verizon New York area issues
2009-09-26/a>
Kyle Haugsness
Conficker detection hints
2009-09-25/a>
Deborah Hale
Conficker Continues to Impact Networks
2009-09-23/a>
Marcus Sachs
Addendum to SRI's Conficker C Analysis Published
2009-09-19/a>
Rick Wanner
Sysinternals Tools Updates
2009-09-18/a>
Jason Lam
Results from Webhoneypot project
2009-09-16/a>
Raul Siles
Review the security controls of your Web Applications... all them!
2009-09-12/a>
Jim Clausing
Apple Updates
2009-09-07/a>
Lorna Hutcheson
Encrypting Data
2009-09-04/a>
Adrien de Beaupre
SeaMonkey Security Update
2009-08-29/a>
Guy Bruneau
Immunet Protect - Cloud and Community Malware Protection
2009-08-28/a>
Adrien de Beaupre
WPA with TKIP done
2009-08-13/a>
Jim Clausing
Tools for extracting files from pcaps
2009-08-08/a>
Guy Bruneau
XML Libraries Data Parsing Vulnerabilities
2009-08-01/a>
Deborah Hale
Website Warnings
2009-07-31/a>
Deborah Hale
Don't forget to tell your SysAdmin Thanks
2009-07-31/a>
Deborah Hale
The iPhone patch is out
2009-07-30/a>
Deborah Hale
iPhone Hijack
2009-07-28/a>
Adrien de Beaupre
YYAMCCBA
2009-07-27/a>
Raul Siles
New Hacker Challenge: Prison Break - Breaking, Entering & Decoding
2009-07-23/a>
John Bambenek
Missouri Passes Breach Notification Law: Gap Still Exists for Banking Account Information
2009-07-18/a>
Patrick Nolan
Chrome update contains Security fixes
2009-07-16/a>
Bojan Zdrnja
OWC exploits used in SQL injection attacks
2009-07-13/a>
Adrien de Beaupre
* Infocon raised to yellow for Excel Web Components ActiveX vulnerability
2009-07-10/a>
Guy Bruneau
WordPress Fixes Multiple vulnerabilities
2009-07-07/a>
Marcus Sachs
* INFOCON Status - staying green
2009-07-05/a>
Bojan Zdrnja
More on ColdFusion hacks
2009-07-03/a>
Adrien de Beaupre
FCKEditor advisory
2009-07-02/a>
Bojan Zdrnja
Cold Fusion web sites getting compromised
2009-06-30/a>
Chris Carboni
Obfuscated Code
2009-06-30/a>
Chris Carboni
De-Obfuscation Submissions
2009-06-27/a>
Tony Carothers
New NIAP Strategy on the Horizon
2009-06-21/a>
Bojan Zdrnja
Apache HTTP DoS tool mitigation
2009-06-16/a>
John Bambenek
Iran Internet Blackout: Using Twitter for Operational Intelligence
2009-06-11/a>
Rick Wanner
MIR-ROR Motile Incident Response - Respond Objectively Remediate
2009-06-11/a>
Rick Wanner
WHO Declares Flu A(H1N1) a Pandemic
2009-06-11/a>
Jason Lam
Dshield Web Honeypot going beta
2009-05-29/a>
Lorna Hutcheson
VMWare Patches Released
2009-05-26/a>
Jason Lam
A new Web application security blog
2009-05-25/a>
Jim Clausing
More tools for (US) Memorial Day
2009-05-20/a>
Tom Liston
Web Toolz
2009-05-19/a>
Bojan Zdrnja
Advanced blind SQL injection (with Oracle examples)
2009-05-15/a>
Daniel Wesemann
Warranty void if seal shredded?
2009-05-09/a>
Patrick Nolan
Shared SQL Injection Lessons Learned blog item
2009-05-01/a>
Adrien de Beaupre
Incident Management
2009-04-24/a>
John Bambenek
Data Leak Prevention: Proactive Security Requirements of Breach Notification Laws
2009-04-21/a>
Bojan Zdrnja
Web application vulnerabilities
2009-04-20/a>
Jason Lam
Digital Content on TV
2009-04-16/a>
Adrien de Beaupre
Incident Response vs. Incident Handling
2009-04-16/a>
Adrien de Beaupre
Some conficker lessons learned
2009-04-10/a>
Stephen Hall
Firefox 3 updates now in Seamonkey
2009-04-09/a>
Johannes Ullrich
Conficker update with payload
2009-04-09/a>
Jim Clausing
Conficker Working Group site down
2009-04-07/a>
Bojan Zdrnja
Advanced JavaScript obfuscation (or why signature scanning is a failure)
2009-04-05/a>
Marcus Sachs
Open Source Conficker-C Scanner/Detector Released
2009-04-02/a>
Handlers
A view from the CWG Trenches
2009-03-30/a>
Daniel Wesemann
Locate Conficker infected hosts with a network scan!
2009-03-29/a>
Chris Carboni
April 1st - What Will Really Happen?
2009-03-26/a>
Mark Hofman
Sanitising media
2009-03-26/a>
Mark Hofman
Webhoneypot fun
2009-03-20/a>
Stephen Hall
Making the most of your runbooks
2009-03-10/a>
Swa Frantzen
conspiracy fodder: pifts.exe
2009-03-08/a>
Marcus Sachs
Behind the Estonia Cyber Attacks
2009-03-02/a>
Swa Frantzen
Obama's leaked chopper blueprints: anything we can learn?
2009-02-25/a>
Andre Ludwig
Preview/Iphone/Linux pdf issues
2009-02-25/a>
Swa Frantzen
Targeted link diversion attempts
2009-02-17/a>
Jason Lam
DShield Web Honeypot - Alpha Preview Release
2009-02-13/a>
Andre Ludwig
Third party information on conficker
2009-02-12/a>
Mark Hofman
Australian Bushfires
2009-02-11/a>
Robert Danford
ProFTPd SQL Authentication Vulnerability exploit activity
2009-02-10/a>
Bojan Zdrnja
More tricks from Conficker and VM detection
2009-02-09/a>
Bojan Zdrnja
Some tricks from Conficker's bag
2009-01-25/a>
Rick Wanner
Twam?? Twammers?
2009-01-20/a>
Adrien de Beaupre
Obamamania
2009-01-16/a>
G. N. White
Conficker.B/Downadup.B/Kido: F-Secure publishes details pertaining to their counting methodology of compromised machines
2009-01-15/a>
Bojan Zdrnja
Conficker's autorun and social engineering
2009-01-12/a>
William Salusky
Downadup / Conficker - MS08-067 exploit and Windows domain account lockout
2009-01-12/a>
William Salusky
Web Application Firewalls (WAF) - Have you deployed WAF technology?
2009-01-07/a>
William Salusky
BIND 9.x security patch - resolves potentially new DNS poisoning vector
2008-12-12/a>
Johannes Ullrich
MSIE 0-day Spreading Via SQL Injection
2008-12-09/a>
Swa Frantzen
Contacting us might be hard today
2008-12-02/a>
Deborah Hale
Sonicwall License Manager Failure
2008-12-01/a>
Jason Lam
Call for volunteers - Web Honeypot Project
2008-12-01/a>
Jason Lam
Input filtering and escaping in SQL injection mitigation
2008-11-25/a>
Andre Ludwig
The beginnings of a collaborative approach to IDS
2008-11-20/a>
Jason Lam
Large quantity SQL Injection mitigation
2008-11-17/a>
Jim Clausing
A new cheat sheet and a contest
2008-11-16/a>
Maarten Van Horenbeeck
Detection of Trojan control channels
2008-11-02/a>
Mari Nichols
Day 33 - Working with Management to Improve Processes
2008-10-17/a>
Rick Wanner
Day 18 - Containing Other Incidents
2008-10-15/a>
Rick Wanner
Day 15 - Containing the Damage From a Lost or Stolen Laptop
2008-10-12/a>
Mari Nichols
Day 12 Containment: Gathering Evidence That Can be Used in Court
2008-09-29/a>
Daniel Wesemann
ASPROX mutant
2008-09-22/a>
Maarten Van Horenbeeck
Data exfiltration and the use of anonymity providers
2008-09-22/a>
Jim Clausing
Lessons learned from the Palin (and other) account hijacks
2008-09-21/a>
Mari Nichols
You still have time!
2008-09-20/a>
Rick Wanner
New (to me) nmap Features
2008-09-11/a>
David Goldsmith
CookieMonster is coming to Pown (err, Town)
2008-09-10/a>
Adrien de Beaupre
Apple updates iPod Touch + Bonjour for Windows
2008-09-09/a>
Swa Frantzen
Evil side economy: $1 for breaking 1000 CAPTCHAs
2008-09-07/a>
Daniel Wesemann
Staying current, but not too current
2008-09-03/a>
Daniel Wesemann
Static analysis of Shellcode - Part 2
2008-09-03/a>
donald smith
New bgp hijack isn't very new.
2008-09-01/a>
John Bambenek
The Number of Machines Controlled by Botnets Has Jumped 4x in Last 3 Months
2008-08-23/a>
Mark Hofman
SQL injections - an update
2008-08-12/a>
Johannes Ullrich
Upcoming Infocon Test and new Color
2008-08-10/a>
Stephen Hall
From lolly pops to afterglow
2008-08-08/a>
Mark Hofman
More SQL Injections - very active right now
2008-08-03/a>
Deborah Hale
Securing A Network - Lessons Learned
2008-07-24/a>
Bojan Zdrnja
What's brewing in Danmec's pot?
2008-07-17/a>
Mari Nichols
Adobe Reader 9 Released
2008-07-14/a>
Daniel Wesemann
Obfuscated JavaScript Redux
2008-07-11/a>
Jim Clausing
Handling the load
2008-06-30/a>
Marcus Sachs
More SQL Injection with Fast Flux hosting
2008-06-25/a>
Deborah Hale
Report of Coreflood.dr Infection
2008-06-24/a>
Jason Lam
SQL Injection mitigation in ASP
2008-06-24/a>
Jason Lam
Microsoft SQL Injection Prevention Strategy
2008-06-23/a>
donald smith
Preventing SQL injection
2008-06-13/a>
Johannes Ullrich
SQL Injection: More of the same
2008-06-13/a>
Johannes Ullrich
Floods: More of the same (2)
2008-06-07/a>
Jim Clausing
Followup to 'How do you monitor your website?'
2008-05-26/a>
Marcus Sachs
Predictable Response
2008-05-20/a>
Raul Siles
List of malicious domains inserted through SQL injection
2008-05-17/a>
Jim Clausing
Disaster donation scams continue
2008-04-24/a>
donald smith
Hundreds of thousands of SQL injections
2008-04-16/a>
Bojan Zdrnja
The 10.000 web sites infection mystery solved
2008-04-07/a>
John Bambenek
HP USB Keys Shipped with Malware for your Proliant Server
2008-04-07/a>
John Bambenek
Network Solutions Technical Difficulties? Enom too
2008-04-06/a>
Daniel Wesemann
Advanced obfuscated JavaScript analysis
2008-04-03/a>
Bojan Zdrnja
Mixed (VBScript and JavaScript) obfuscation
2008-03-30/a>
Mark Hofman
Mail Anyone?
2008-03-14/a>
Kevin Liston
2117966.net-- mass iframe injection
2008-01-09/a>
Bojan Zdrnja
Mass exploits with SQL Injection
2007-02-24/a>
Jason Lam
Prepared Statements and SQL injections
2006-10-02/a>
Jim Clausing
Back to green, but the exploits are still running wild
2006-09-30/a>
Swa Frantzen
Yellow: WebViewFolderIcon setslice exploit spreading
RAILS
2013-06-27/a>
Tony Carothers
Ruby Update for SSL Vulnerability
2013-01-09/a>
Rob VandenBrink
SQL Injection Flaw in Ruby on Rails
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Contact Us
Contact Us
About Us
Handlers
About Us
Slack Channel
Mastodon
Bluesky
X
Subscribe to the Internet Storm Center
YouTube Channel