Date Author Title
2025-04-25Xavier MertensExample of a Payload Delivered Through Steganography
2025-04-16Guy BruneauRedTail, Remnux and Malware Management [Guest Diary]
2025-04-09Xavier MertensObfuscated Malicious Python Scripts with PyArmor
2025-04-02Guy BruneauExploring Statistical Measures to Predict URLs as Legitimate or Intrusive [Guest Diary]
2025-03-20Johannes UllrichSome new Data Feeds, and a little "incident".
2025-03-12Guy BruneauFile Hashes Analysis with Power BI from Data Stored in DShield SIEM
2025-03-10Xavier MertensShellcode Encoded in UUIDs
2025-02-20Guy BruneauUsing ES|QL in Kibana to Queries DShield Honeypot Logs
2025-02-19Xavier MertensXWorm Cocktail: A Mix of PE data with PowerShell Code
2025-02-17Russ McReeModelScan - Protection Against Model Serialization Attacks
2025-02-15Xavier MertensThe Danger of IP Volatility
2025-02-06Xavier MertensThe Unbreakable Multi-Layer Anti-Debugging System
2025-01-29Xavier MertensFrom PowerShell to a Python Obfuscation Race!
2025-01-21Johannes UllrichGeolocation and Starlink
2025-01-06Xavier MertensMake Malware Happy
2024-12-27Guy BruneauPhishing for Banking Information
2024-12-23Xavier MertensModiloader From Obfuscated Batch File
2024-12-17Guy BruneauCommand Injection Exploit For PHPUnit before 4.8.28 and 5.x before 5.6.3 [Guest Diary]
2024-11-30Xavier MertensFrom a Regular Infostealer to its Obfuscated Version
2024-11-19Xavier MertensDetecting the Presence of a Debugger in Linux
2024-10-07Xavier MertensmacOS Sequoia: System/Network Admins, Hold On!
2024-10-03Guy BruneauKickstart Your DShield Honeypot [Guest Diary]
2024-09-26Johannes UllrichPatch for Critical CUPS vulnerability: Don't Panic
2024-09-25Johannes UllrichDNS Reflection Update and Odd Corrupted DNS Requests
2024-09-25Guy BruneauOSINT - Image Analysis or More Where, When, and Metadata [Guest Diary]
2024-09-18Guy BruneauTime-to-Live Analysis of DShield Data with Vega-Lite
2024-09-16Xavier MertensManaging PE Files With Overlays
2024-09-11Guy BruneauHygiene, Hygiene, Hygiene! [Guest Diary]
2024-09-04Guy Bruneau Attack Surface [Guest Diary]
2024-08-30Jesse La GrewSimulating Traffic With Scapy
2024-08-27Guy BruneauVega-Lite with Kibana to Parse and Display IP Activity over Time
2024-08-26Xavier MertensFrom Highly Obfuscated Batch File to XWorm and Redline
2024-08-20Guy BruneauMapping Threats with DNSTwist and the Internet Storm Center [Guest Diary]
2024-08-07Guy BruneauSame Scripts, Different Day: What My DShield Honeypot Taught Me About the Importance of Security Fundamentals [Guest Diary]
2024-07-25Xavier MertensXWorm Hidden With Process Hollowing
2024-07-16Guy BruneauWho You Gonna Call? AndroxGh0st Busters! [Guest Diary]
2024-06-26Guy BruneauWhat Setting Live Traps for Cybercriminals Taught Me About Security [Guest Diary]
2024-06-20Guy BruneauNo Excuses, Free Tools to Help Secure Authentication in Ubuntu Linux [Guest Diary]
2024-06-13Guy BruneauThe Art of JQ and Command-line Fu [Guest Diary]
2024-06-06Xavier MertensMalicious Python Script with a "Best Before" Date
2024-05-31Xavier Mertens"K1w1" InfoStealer Uses gofile.io for Exfiltration
2024-05-28Guy BruneauIs that It? Finding the Unknown: Correlations Between Honeypot Logs & PCAPs [Guest Diary]
2024-05-22Guy BruneauAnalysis of ?redtail? File Uploads to ICS Honeypot, a Multi-Architecture Coin Miner [Guest Diary]
2024-05-15Rob VandenBrinkGot MFA? If not, Now is the Time!
2024-04-29Johannes UllrichD-Link NAS Device Backdoor Abused
2024-04-29Guy BruneauLinux Trojan - Xorddos with Filename eyshcjdmzg
2024-04-17Xavier MertensMalicious PDF File Used As Delivery Mechanism
2024-04-11Yee Ching TokEvolution of Artificial Intelligence Systems and Ensuring Trustworthiness
2024-04-07Guy BruneauA Use Case for Adding Threat Hunting to Your Security Operations Team. Detecting Adversaries Abusing Legitimate Tools in A Customer Environment. [Guest Diary]
2024-03-28Xavier MertensFrom JavaScript to AsyncRAT
2024-03-19Johannes UllrichAttacker Hunting Firewalls
2024-03-13Xavier MertensUsing ChatGPT to Deobfuscate Malicious Scripts
2024-03-10Guy BruneauWhat happens when you accidentally leak your AWS API keys? [Guest Diary]
2024-03-07Jesse La Grew[Guest Diary] AWS Deployment Risks - Configuration and Credential File Targeting
2024-02-28Johannes UllrichExploit Attempts for Unknown Password Reset Vulnerability
2024-02-20Xavier MertensPython InfoStealer With Dynamic Sandbox Detection
2024-02-15Jesse La Grew[Guest Diary] Learning by doing: Iterative adventures in troubleshooting
2024-02-09Xavier MertensMSIX With Heavily Obfuscated PowerShell Script
2024-02-03Guy BruneauDShield Sensor Log Collection with Elasticsearch
2024-01-26Xavier MertensA Batch File With Multiple Payloads
2024-01-24Johannes UllrichHow Bad User Interfaces Make Security Tools Harmful
2024-01-18Johannes UllrichMore Scans for Ivanti Connect "Secure" VPN. Exploits Public
2024-01-16Johannes UllrichScans for Ivanti Connect "Secure" VPN Vulnerability (CVE-2023-46805, CVE-2024-21887)
2024-01-12Xavier MertensOne File, Two Payloads
2024-01-02Johannes UllrichFingerprinting SSH Identification Strings
2023-12-31Tom WebbPi-Hole Pi4 Docker Deployment
2023-12-23Xavier MertensPython Keylogger Using Mailtrap.io
2023-12-20Guy BruneauHow to Protect your Webserver from Directory Enumeration Attack ? Apache2 [Guest Diary]
2023-11-27Guy BruneauDecoding the Patterns: Analyzing DShield Honeypot Activity [Guest Diary]
2023-11-22Guy BruneauCVE-2023-1389: A New Means to Expand Botnets
2023-11-17Jan KoprivaPhishing page with trivial anti-analysis features
2023-11-09Xavier MertensVisual Examples of Code Injection
2023-10-31Xavier MertensMultiple Layers of Anti-Sandboxing Techniques
2023-10-29Guy BruneauSpam or Phishing? Looking for Credentials & Passwords
2023-10-09Didier StevensZIP's DOSTIME & DOSDATE Formats
2023-09-26Johannes UllrichApple Releases MacOS Sonoma Including Numerous Security Patches
2023-09-07Johannes UllrichApple Releases iOS/iPadOS 16.6.1, macOS 13.5.2, watchOS 9.6.2 fixing two zeroday vulnerabilities
2023-08-22Xavier MertensHave You Ever Heard of the Fernet Encryption Algorithm?
2023-08-21Xavier MertensQuick Malware Triage With Inotify Tools
2023-08-12Guy BruneauDShield Sensor Monitoring with a Docker ELK Stack [Guest Diary]
2023-08-11Xavier MertensShow me All Your Windows!
2023-08-04Xavier MertensAre Leaked Credentials Dumps Used by Attackers?
2023-07-23Guy BruneauInstall & Configure Filebeat on Raspberry Pi ARM64 to Parse DShield Sensor Logs
2023-07-01Russ McReeSandfly Security
2023-06-16Xavier MertensAnother RAT Delivered Through VBS
2023-06-11Guy BruneauDShield Honeypot Activity for May 2023
2023-06-09Xavier MertensUndetected PowerShell Backdoor Disguised as a Profile File
2023-05-28Guy BruneauWe Can no Longer Ignore the Cost of Cybersecurity
2023-05-20Xavier MertensPhishing Kit Collecting Victim's IP Address
2023-05-17Xavier MertensIncrease in Malicious RAR SFX files
2023-05-14Guy BruneauVMware Aria Operations addresses multiple Local Privilege Escalations and a Deserialization issue
2023-05-09Russ McReeExploratory Data Analysis with CISSM Cyber Attacks Database - Part 2
2023-05-03Xavier MertensIncreased Number of Configuration File Scans
2023-03-31Jan KoprivaUse of X-Frame-Options and CSP frame-ancestors security headers on 1 million most popular domains
2023-03-30Xavier MertensBypassing PowerShell Strong Obfuscation
2023-03-21Didier StevensString Obfuscation: Character Pair Reversal
2023-03-18Xavier MertensOld Backdoor, New Obfuscation
2023-02-10Xavier MertensObfuscated Deactivation of Script Block Logging
2023-02-04Guy BruneauAssemblyline as a Malware Analysis Sandbox
2023-01-25Xavier MertensA First Malicious OneNote Document
2023-01-21Guy BruneauDShield Sensor JSON Log to Elasticsearch
2023-01-17Johannes UllrichPacket Tuesday: IPv6 Router Advertisements https://www.youtube.com/watch?v=uRWpB_lYIZ8
2023-01-08Guy BruneauDShield Sensor JSON Log Analysis
2022-12-21Guy BruneauDShield Sensor Setup in Azure
2022-12-20Xavier MertensLinux File System Monitoring & Actions
2022-12-19Xavier MertensHunting for Mastodon Servers
2022-11-05Guy BruneauWindows Malware with VHD Extension
2022-11-04Xavier MertensRemcos Downloader with Unicode Obfuscation
2022-10-22Didier Stevensrtfdump's Find Option
2022-10-18Xavier MertensPython Obfuscation for Dummies
2022-10-07Xavier MertensCritical Fortinet Vulnerability Ahead
2022-10-04Johannes UllrichCredential Harvesting with Telegram API
2022-09-26Xavier MertensEasy Python Sandbox Detection
2022-09-19Russ McReeChainsaw: Hunt, search, and extract event log records
2022-09-14Xavier MertensEasy Process Injection within Python
2022-09-07Johannes UllrichPHP Deserialization Exploit attempt
2022-08-22Xavier Mertens32 or 64 bits Malware?
2022-08-10Johannes UllrichAnd Here They Come Again: DNS Reflection Attacks
2022-08-02Johannes UllrichIncrease in Chinese "Hacktivism" Attacks
2022-07-28Johannes UllrichExfiltrating Data With Bookmarks
2022-07-09Didier Stevens7-Zip Editing & MoW
2022-07-06Johannes UllrichHow Many SANs are Insane?
2022-06-24Xavier MertensPython (ab)using The Windows GUI
2022-06-19Didier StevensVideo: Decoding Obfuscated BASE64 Statistically
2022-06-18Didier StevensDecoding Obfuscated BASE64 Statistically
2022-06-16Xavier MertensHoudini is Back Delivered Through a JavaScript Dropper
2022-06-10Russ McReeEPSScall: An Exploit Prediction Scoring System App
2022-06-01Jan KoprivaHTML phishing attachments - now with anti-analysis features
2022-05-30Xavier MertensNew Microsoft Office Attack Vector via "ms-msdt" Protocol Scheme (CVE-2022-30190)
2022-05-19Brad DuncanBumblebee Malware from TransferXL URLs
2022-05-03Rob VandenBrinkFinding the Real "Last Patched" Day (Interim Version)
2022-04-19Johannes UllrichResetting Linux Passwords with U-Boot Bootloaders
2022-03-29Johannes UllrichMore Fake/Typosquatting Twitter Accounts Asking for Ukraine Crytocurrency Donations
2022-03-27Didier StevensVideo: Maldoc Cleaned by Anti-Virus
2022-03-23Brad DuncanArkei Variants: From Vidar to Mars Stealer
2022-03-10Xavier MertensCredentials Leaks on VirusTotal
2022-03-09Xavier MertensInfostealer in a Batch File
2022-03-04Johannes UllrichScam E-Mail Impersonating Red Cross
2022-03-02Johannes UllrichThe More Often Something is Repeated, the More True It Becomes: Dealing with Social Media
2022-02-22Xavier MertensA Good Old Equation Editor Vulnerability Delivering Malware
2022-02-10Johannes UllrichZyxel Network Storage Devices Hunted By Mirai Variant
2022-02-01Xavier MertensAutomation is Nice But Don't Replace Your Knowledge
2022-01-29Guy BruneauSIEM In this Decade, Are They Better than the Last?
2022-01-20Xavier MertensRedLine Stealer Delivered Through FTP
2021-12-28Russ McReeLotL Classifier tests for shells, exfil, and miners
2021-12-21Xavier MertensMore Undetected PowerShell Dropper
2021-12-10Xavier MertensPython Shellcode Injection From JSON Data
2021-12-01Xavier MertensInfo-Stealer Using webhook.site to Exfiltrate Data
2021-11-20Guy BruneauHikvision Security Cameras Potentially Exposed to Remote Code Execution
2021-11-18Xavier MertensJavaScript Downloader Delivers Agent Tesla Trojan
2021-11-14Didier StevensVideo: Obfuscated Maldoc: Reversed BASE64
2021-11-08Xavier Mertens(Ab)Using Security Tools & Controls for the Bad
2021-11-01Yee Ching TokRevisiting BrakTooth: Two Months Later
2021-10-18Xavier MertensMalicious PowerShell Using Client Certificate Authentication
2021-09-24Xavier MertensKeep an Eye on Your Users Mobile Devices (Simple Inventory)
2021-09-22Didier StevensAn XML-Obfuscated Office Document (CVE-2021-40444)
2021-09-17Xavier MertensMalicious Calendar Subscriptions Are Back?
2021-09-11Guy BruneauShipping to Elasticsearch Microsoft DNS Logs
2021-09-09Johannes UllrichUpdates to Our Datafeeds/API
2021-09-08Johannes UllrichMicrosoft Offers Workaround for 0-Day Office Vulnerability (CVE-2021-40444)
2021-08-31Yee Ching TokBrakTooth: Impacts, Implications and Next Steps
2021-08-29Guy BruneauFilter JSON Data by Value with Linux jq
2021-08-19Johannes UllrichWhen Lightning Strikes. What works and doesn't work.
2021-08-17Johannes UllrichLaravel (<=v8.4.2) exploit attempts for CVE-2021-3129 (debug mode: Remote code execution)
2021-07-31Guy BruneauUnsolicited DNS Queries
2021-07-28Jan KoprivaA sextortion e-mail from...IT support?!
2021-07-24Bojan ZdrnjaActive Directory Certificate Services (ADCS - PKI) domain admin vulnerability
2021-07-14Jan KoprivaOne way to fail at malspam - give recipients the wrong password for an encrypted attachment
2021-07-06Xavier MertensPython DLL Injection Check
2021-07-04Didier StevensDIY CD/DVD Destruction - Follow Up
2021-07-02Xavier Mertens"inception.py"... Multiple Base64 Encodings
2021-06-27Didier StevensDIY CD/DVD Destruction
2021-06-25Jim ClausingIs this traffic bAD?
2021-06-24Xavier MertensDo you Like Cookies? Some are for sale!
2021-06-21Rick WannerMitre CWE - Common Weakness Enumeration
2021-06-12Guy BruneauFortinet Targeted for Unpatched SSL VPN Discovery Activity
2021-06-04Xavier MertensRussian Dolls VBS Obfuscation
2021-05-29Guy BruneauSpear-phishing Email Targeting Outlook Mail Clients
2021-05-21Xavier MertensLocking Kernel32.dll As Anti-Debugging Technique
2021-05-10Johannes UllrichCorrectly Validating IP Addresses: Why encoding matters for input validation.
2021-05-08Guy BruneauWho is Probing the Internet for Research Purposes?
2021-04-29Xavier MertensFrom Python to .Net
2021-04-10Guy BruneauBuilding an IDS Sensor with Suricata & Zeek with Logs to ELK
2021-04-09Xavier MertensNo Python Interpreter? This Simple RAT Installs Its Own Copy
2021-04-02Xavier MertensC2 Activity: Sandboxes or Real Victims?
2021-03-31Xavier MertensQuick Analysis of a Modular InfoStealer
2021-03-17Xavier MertensDefenders, Know Your Operating System Like Attackers Do!
2021-03-10Rob VandenBrinkSharpRDP - PSExec without PSExec, PSRemoting without PowerShell
2021-03-02Russ McReeAdversary Simulation with Sim
2021-02-28Didier StevensMaldocs: Protection Passwords
2021-02-26Guy BruneauPretending to be an Outlook Version Update
2021-02-22Didier StevensUnprotecting Malicious Documents For Inspection
2021-02-13Guy BruneauvSphere Replication updates address a command injection vulnerability (CVE-2021-21976) - https://www.vmware.com/security/advisories/VMSA-2021-0001.html
2021-02-13Guy BruneauUsing Logstash to Parse IPtables Firewall Logs
2021-02-04Bojan ZdrnjaAbusing Google Chrome extension syncing for data exfiltration and C&C
2021-01-30Guy BruneauPacketSifter as Network Parsing and Telemetry Tool
2021-01-29Xavier MertensSensitive Data Shared with Cloud Services
2021-01-18Didier StevensDoc & RTF Malicious Document
2021-01-04Jan KoprivaFrom a small BAT file to Mass Logger infostealer
2021-01-02Guy BruneauProtecting Home Office and Enterprise in 2021
2020-12-29Jan KoprivaWant to know what's in a folder you don't have a permission to access? Try asking your AV solution...
2020-12-22Xavier MertensMalware Victim Selection Through WiFi Identification
2020-12-19Guy BruneauSecure Communication using TLS in Elasticsearch
2020-11-30Didier StevensDecrypting PowerShell Payloads (video)
2020-11-25Xavier MertensLive Patching Windows API Calls Using PowerShell
2020-11-21Guy BruneauVMware privilege escalation vulnerabilities (CVE-2020-4004, CVE-2020-4005) - https://www.vmware.com/security/advisories/VMSA-2020-0026.html
2020-11-20Xavier MertensMalicious Python Code and LittleSnitch Detection
2020-11-19Xavier MertensPowerShell Dropper Delivering Formbook
2020-11-18Xavier MertensWhen Security Controls Lead to Security Issues
2020-11-13Xavier MertensOld Worm But New Obfuscation Technique
2020-11-05Xavier MertensDid You Spot "Invoke-Expression"?
2020-10-30Xavier MertensQuick Status of the CAA DNS Record Adoption
2020-10-24Guy BruneauAn Alternative to Shodan, Censys with User-Agent CensysInspect/1.1
2020-10-14Xavier MertensNicely Obfuscated Python RAT
2020-10-07Johannes UllrichToday, Nobody is Going to Attack You.
2020-10-01Daniel WesemannMaking sense of Azure AD (AAD) activity logs
2020-09-30Johannes UllrichScans for FPURL.xml: Reconnaissance or Not?
2020-09-24Xavier MertensParty in Ibiza with PowerShell
2020-09-20Guy BruneauAnalysis of a Salesforce Phishing Emails
2020-09-04Jan KoprivaA blast from the past - XXEncoded VB6.0 Trojan
2020-08-31Didier StevensFinding The Original Maldoc
2020-08-30Johannes UllrichCenturyLink Outage Causing Internet Wide Problems
2020-08-29Didier StevensMalicious Excel Sheet with a NULL VT Score: More Info
2020-08-28Xavier MertensExample of Malicious DLL Injected in PowerShell
2020-08-25Xavier MertensKeep An Eye on LOLBins
2020-08-24Xavier MertensTracking A Malware Campaign Through VT
2020-08-19Xavier MertensExample of Word Document Delivering Qakbot
2020-08-18Xavier MertensUsing API's to Track Attackers
2020-08-16Didier StevensSmall Challenge: A Simple Word Maldoc - Part 3
2020-08-10Bojan ZdrnjaScoping web application and web service penetration tests
2020-08-04Johannes UllrichInternet Choke Points: Concentration of Authoritative Name Servers
2020-08-01Jan KoprivaWhat pages do bad bots look for?
2020-07-30Johannes UllrichPython Developers: Prepare!!!
2020-07-24Xavier MertensCompromized Desktop Applications by Web Technologies
2020-07-20Rick WannerSextortion Update: The Final Final Chapter
2020-07-11Guy BruneauVMware XPC Client validation privilege escalation vulnerability - https://www.vmware.com/security/advisories/VMSA-2020-0017.html
2020-07-08Xavier MertensIf You Want Something Done Right, You Have To Do It Yourself... Malware Too!
2020-06-16Xavier MertensSextortion to The Next Level
2020-06-08Didier StevensTranslating BASE64 Obfuscated Scripts
2020-06-04Xavier MertensAnti-Debugging Technique based on Memory Protection
2020-05-14Rob VandenBrinkPatch Tuesday Revisited - CVE-2020-1048 isn't as "Medium" as MS Would Have You Believe
2020-05-06Xavier MertensKeeping an Eye on Malicious Files Life Time
2020-05-04Didier StevensSysmon and File Deletion
2020-04-27Xavier MertensPowershell Payload Stored in a PSCredential Object
2020-04-24Xavier MertensMalicious Excel With a Strong Obfuscation and Sandbox Evasion
2020-04-16Johannes UllrichUsing AppLocker to Prevent Living off the Land Attacks
2020-04-10Xavier MertensPowerShell Sample Extracting Payload From SSL
2020-04-03Xavier MertensObfuscated with a Simple 0x0A
2020-03-21Guy BruneauHoneypot - Scanning and Targeting Devices & Services
2020-03-15Guy BruneauVPN Access and Activity Monitoring
2020-03-02Jan KoprivaSecure vs. cleartext protocols - couple of interesting stats
2020-02-22Xavier MertensSimple but Efficient VBScript Obfuscation
2020-02-16Guy BruneauSOAR or not to SOAR?
2020-02-07Xavier MertensSandbox Detection Tricks & Nice Obfuscation in a Single VBScript
2020-01-27Johannes UllrichNetwork Security Perspective on Coronavirus Preparedness
2020-01-25Guy BruneauIs Threat Hunting the new Fad?
2020-01-23Xavier MertensComplex Obfuscation VS Simple Trick
2020-01-21Russ McReeDeepBlueCLI: Powershell Threat Hunting
2020-01-15Johannes UllrichCVE-2020-0601 Followup
2020-01-11Johannes UllrichCitrix ADC Exploits are Public and Heavily Used. Attempts to Install Backdoor
2020-01-10Xavier MertensMore Data Exfiltration
2019-12-12Xavier MertensCode & Data Reuse in the Malware Ecosystem
2019-11-22Xavier MertensAbusing Web Filters Misconfiguration for Reconnaissance
2019-10-19Russell EubanksWhat Assumptions Are You Making?
2019-10-18Xavier MertensQuick Malicious VBS Analysis
2019-10-10Rob VandenBrinkMining Live Networks for OUI Data Oddness
2019-09-27Xavier MertensNew Scans for Polycom Autoconfiguration Files
2019-09-22Didier StevensVideo: Encrypted Sextortion PDFs
2019-09-19Xavier MertensAgent Tesla Trojan Abusing Corporate Email Accounts
2019-09-19Xavier MertensBlocklisting or Whitelisting in the Right Way
2019-09-17Rob VandenBrinkInvestigating Gaps in your Windows Event Logs
2019-09-16Didier StevensEncrypted Sextortion PDFs
2019-08-09Xavier Mertens100% JavaScript Phishing Page
2019-08-05Rick WannerSextortion: Follow the Money - The Final Chapter
2019-07-25Rob VandenBrinkWhen Users Attack! Users (and Admins) Thwarting Security Controls
2019-07-20Guy BruneauRe-evaluating Network Security - It is Increasingly More Complex
2019-07-18Rob VandenBrinkThe Other Side of Critical Control 1: 802.1x Wired Network Access Controls
2019-07-17Xavier MertensAnalyzis of DNS TXT Records
2019-07-11Xavier MertensRussian Dolls Malicious Script Delivering Ursnif
2019-07-02Xavier MertensMalicious Script With Multiple Payloads
2019-06-20Xavier MertensUsing a Travel Packing App for Infosec Purpose
2019-06-19Johannes UllrichCritical Actively Exploited WebLogic Flaw Patched CVE-2019-2729
2019-06-10Xavier MertensInteresting JavaScript Obfuscation Example
2019-04-26Rob VandenBrinkPillaging Passwords from Service Accounts
2019-04-25Rob VandenBrinkUnpatched Vulnerability Alert - WebLogic Zero Day
2019-04-13Johannes UllrichConfiguring MTA-STS and TLS Reporting For Your Domain
2019-04-05Russ McReeBeagle: Graph transforms for DFIR data & logs
2019-03-27Xavier MertensRunning your Own Passive DNS Service
2019-03-25Didier Stevens"VelvetSweatshop" Maldocs: Shellcode Analysis
2019-03-24Didier StevensDecoding QR Codes with Python
2019-03-23Didier Stevens"VelvetSweatshop" Maldocs
2019-03-21Xavier MertensNew Wave of Extortion Emails: Central Intelligence Agency Case
2019-03-06Xavier MertensKeep an Eye on Disposable Email Addresses
2019-02-25Didier StevensSextortion Email Variant: With QR Code
2019-02-24Guy BruneauPacket Editor and Builder by Colasoft
2019-02-05Rob VandenBrinkMitigations against Mimikatz Style Attacks
2019-02-01Rick WannerSextortion: Follow the Money Part 3 - The cashout begins!
2019-01-18John BambenekSextortion Bitcoin on the Move
2018-12-31Didier StevensSoftware Crashes: A New Year's Resolution
2018-12-29Didier StevensVideo: De-DOSfuscation Example
2018-12-19Xavier MertensUsing OSSEC Active-Response as a DFIR Framework
2018-12-16Guy BruneauRandom Port Scan for Open RDP Backdoor
2018-12-15Didier StevensDe-DOSfuscation Example
2018-12-14Rick WannerBombstortion?? Boomstortion??
2018-12-12Didier StevensYet Another DOSfuscation Sample
2018-11-30Remco VerhoefCoinMiners searching for hosts
2018-11-27Xavier MertensMore obfuscated shell scripts: Fake MacOS Flash update
2018-11-27Rob VandenBrinkData Exfiltration in Penetration Tests
2018-11-26Xavier MertensObfuscated bash script targeting QNap boxes
2018-11-20Xavier MertensQuerying DShield from Cortex
2018-11-16Xavier MertensBasic Obfuscation With Permissive Languages
2018-11-06Xavier MertensMalicious Powershell Script Dissection
2018-11-05Johannes UllrichStruts 2.3 Vulnerable to Two Year old File Upload Flaw
2018-10-23Xavier MertensDiving into Malicious AutoIT Code
2018-10-17Russ McReeRedHunt Linux - Adversary Emulation, Threat Hunting & Intelligence
2018-10-12Xavier MertensMore Equation Editor Exploit Waves
2018-10-10Xavier MertensNew Campaign Using Old Equation Editor Vulnerability
2018-10-01Didier StevensDecoding Custom Substitution Encodings with translate.py
2018-09-30Didier StevensWhen DOSfuscation Helps...
2018-09-28Xavier MertensMore Excel DDE Code Injection
2018-09-20Xavier MertensHunting for Suspicious Processes with OSSEC
2018-09-19Rob VandenBrinkCertificates Revisited - SSL VPN Certificates 2 Ways
2018-09-18Rob VandenBrinkUsing Certificate Transparency as an Attack / Defense Tool
2018-09-05Rob VandenBrinkWhere have all my Certificates gone? (And when do they expire?)
2018-09-05Xavier MertensMalicious PowerShell Compiling C# Code on the Fly
2018-08-13Didier StevensNew Extortion Tricks: Now Including Your (Partial) Phone Number!
2018-08-10Remco VerhoefHunting SSL/TLS clients using JA3
2018-07-30Didier StevensMalicious Word documents using DOSfuscation
2018-07-29Guy BruneauUsing RITA for Threat Analysis
2018-07-26Xavier MertensWindows Batch File Deobfuscation
2018-07-24Tom WebbCell Phone Monitoring. Who is Watching the Watchers?
2018-07-12Johannes UllrichNew Extortion Tricks: Now Including Your Password!
2018-07-02Guy BruneauVMware ESXi, Workstation, and Fusion address multiple out-of-bounds read vulnerabilities https://www.vmware.com/security/advisories/VMSA-2018-0016.html
2018-07-02Guy BruneauHello Peppa! - PHP Scans
2018-06-25Didier StevensGuilty by association
2018-06-21Xavier MertensAre Your Hunting Rules Still Working?
2018-06-18Xavier MertensMalicious JavaScript Targeting Mobile Browsers
2018-06-17Didier StevensEncrypted Office Documents
2018-06-15Lorna HutchesonSMTP Strangeness - Possible C2
2018-06-13Remco VerhoefFrom Microtik with Love
2018-06-05Xavier MertensMalicious Post-Exploitation Batch File
2018-06-04Rob VandenBrinkDigging into Authenticode Certificates
2018-05-25Xavier MertensAntivirus Evasion? Easy as 1,2,3
2018-05-22Guy BruneauVMware updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue - https://www.vmware.com/security/advisories/VMSA-2018-0012.html
2018-05-19Xavier MertensMalicious Powershell Targeting UK Bank Customers
2018-05-16Mark HofmanEFAIL, a weakness in openPGP and S\MIME
2018-05-10Bojan ZdrnjaExfiltrating data from (very) isolated environments
2018-04-30Remco VerhoefAnother approach to webapplication fingerprinting
2018-02-25Guy BruneauBlackhole Advertising Sites with Pi-hole
2018-02-02Xavier MertensSimple but Effective Malicious XLS Sheet
2017-12-30Xavier Mertens2017, The Flood of CVEs
2017-12-27Guy BruneauWhat are your Security Challenges for 2018?
2017-12-23Didier StevensEncrypted PDFs
2017-12-14Russ McReeDetection Lab: Visibility & Introspection for Defenders
2017-12-13Xavier MertensTracking Newly Registered Domains
2017-12-02Xavier MertensUsing Bad Material for the Good
2017-11-25Guy BruneauExim Remote Code Exploit
2017-11-23Xavier MertensProactive Malicious Domain Search
2017-11-17Xavier MertensTop-100 Malicious IP STIX Feed
2017-11-11Xavier MertensKeep An Eye on your Root Certificates
2017-11-03Xavier MertensSimple Analysis of an Obfuscated JAR File
2017-10-30Johannes UllrichCritical Patch For Oracle's Identity Manager
2017-10-25Mark HofmanDUHK attack, continuing a week of named issues
2017-10-18Renato MarinhoBaselining Servers to Detect Outliers
2017-10-02Xavier MertensInvestigating Security Incidents with Passive DNS
2017-09-30Lorna HutchesonWho's Borrowing your Resources?
2017-09-22Russell EubanksWhat is the State of Your Union?
2017-09-19Jim ClausingNew tool: mac-robber.py
2017-09-16Guy BruneauVMware ESXi, vCenter Server, Fusion and Workstation updates resolve multiple security vulnerabilities - https://www.vmware.com/security/advisories/VMSA-2017-0015.html
2017-09-11Russ McReeWindows Auditing with WINspect
2017-09-09Didier StevensMalware analysis output sanitization
2017-09-06Adrien de BeaupreModern Web Application Penetration Testing , Hash Length Extension Attacks
2017-09-02Xavier MertensAutoIT based malware back in the wild
2017-07-24Russell EubanksTrends Over Time
2017-07-08Xavier MertensA VBScript with Obfuscated Base64 Data
2017-07-07Renato MarinhoDDoS Extortion E-mail: Yet Another Bluff?
2017-06-22Xavier MertensObfuscating without XOR
2017-06-17Guy BruneauMapping Use Cases to Logs. Which Logs are the Most Important to Collect?
2017-06-10Russell EubanksAn Occasional Look in the Rear View Mirror
2017-05-28Pasquale StirparoAnalysis of Competing Hypotheses (ACH part 1)
2017-05-28Guy BruneauCyberChef a Must Have Tool in your Tool bag!
2017-05-20Xavier MertensTyposquatting: Awareness and Hunting
2017-05-16Russ McReeWannaCry? Do your own data analysis.
2017-05-13Guy BruneauHas anyone Tested WannaCry Killswitch? - https://blog.didierstevens.com/2017/05/13/quickpost-wcry-killswitch-check-is-not-proxy-aware/
2017-05-05Xavier MertensHTTP Headers... the Achilles' heel of many applications
2017-05-02Richard PorterDo you have Intel AMT? Then you have a problem today! Intel Active Management Technology INTEL-SA-00075
2017-04-28Xavier MertensAnother Day, Another Obfuscation Technique
2017-04-21Xavier MertensAnalysis of a Maldoc with Multiple Layers of Obfuscation
2017-04-20Xavier MertensDNS Query Length... Because Size Does Matter
2017-04-19Xavier MertensHunting for Malicious Excel Sheets
2017-04-02Guy BruneauIPFire - A Household Multipurpose Security Gateway
2017-03-30Xavier MertensDiverting built-in features for the bad
2017-03-25Russell EubanksDistraction as a Service
2017-03-24Xavier MertensNicely Obfuscated JavaScript Sample
2017-03-18Xavier MertensExample of Multiple Stages Dropper
2017-03-15Xavier MertensRetro Hunting!
2017-03-10Xavier MertensThe Side Effect of GeoIP Filters
2017-03-08Richard PorterWhat is really being proxied?
2017-03-06Renato MarinhoA very convincing Typosquatting + Social Engineering campaign is targeting Santander corporate customers in Brazil
2017-03-04Xavier MertensHow your pictures may affect your website reputation
2017-02-28Xavier MertensAnalysis of a Simple PHP Backdoor
2017-02-13Rob VandenBrinkStuff I Learned Decrypting
2017-02-12Xavier MertensAnalysis of a Suspicious Piece of JavaScript
2017-02-09Brad DuncanTicketbleed vulnerability affects some f5 appliances
2017-01-28Lorna HutchesonPacket Analysis - Where do you start?
2016-12-27Guy BruneauUsing daemonlogger as a Software Tap
2016-12-24Didier StevensPinging All The Way
2016-11-20Pasquale StirparoHow many “Epoch” times? Epocalypse.py timestamp converter
2016-10-30Pasquale StirparoVolatility Bot: Automated Memory Analysis
2016-10-17Didier StevensMaldoc VBA Anti-Analysis: Video
2016-10-15Didier StevensMaldoc VBA Anti-Analysis
2016-09-15Xavier MertensIn Need of a OTP Manager Soon?
2016-09-09Xavier MertensCollecting Users Credentials from Locked Devices
2016-09-04Russ McReeKali Linux 2016.2 Release: https://www.kali.org/news/kali-linux-20162-release/
2016-08-29Russ McReeRecommended Reading: Intrusion Detection Using Indicators of Compromise Based on Best Practices and Windows Event Logs
2016-08-28Guy BruneauSpam with Obfuscated Javascript
2016-08-21Rick WannerCisco ASA SNMP Remote Code Execution Vulnerability
2016-08-19Xavier MertensData Classification For the Masses
2016-07-27Xavier MertensCritical Xen PV guests vulnerabilities
2016-07-26Johannes UllrichCommand and Control Channels Using "AAAA" DNS Records
2016-07-15Xavier MertensName All the Things!
2016-07-12Xavier MertensHunting for Malicious Files with MISP + OSSEC
2016-07-07Johannes UllrichPatchwork: Is it still "Advanced" if all you have to do is Copy/Paste?
2016-07-03Guy BruneauIs Data Privacy part of your Company's Culture?
2016-06-22Bojan ZdrnjaSecurity through obscurity never works
2016-06-03Tom ListonMySQL is YourSQL
2016-05-18Russ McReeResources: Windows Auditing & Monitoring, Linux 2FA
2016-05-08Jim ClausingGuest Diary: Linux Capabilities - A friend and foe
2016-04-02Russell EubanksWhy Can't We Be Friends?
2016-03-23Bojan ZdrnjaAbusing Oracles
2016-03-13Guy BruneauA Look at the Mandiant M-Trends 2016 Report
2016-03-07Xavier MertensAnother Malicious Document, Another Way to Deliver Malicious Code
2016-02-23Xavier MertensVMware VMSA-2016-0002
2016-02-22Xavier MertensReducing False Positives with Open Data Sources
2016-02-20Didier StevensLocky: JavaScript Deobfuscation
2016-02-15Bojan ZdrnjaExploiting (pretty) blind SQL injections
2016-02-07Xavier MertensMore Malicious JavaScript Obfuscation
2016-02-03Xavier MertensAutomating Vulnerability Scans
2016-01-31Guy BruneauWindows 10 and System Protection for DATA Default is OFF
2016-01-30Xavier MertensAll CVE Details at Your Fingertips
2016-01-29Xavier MertensScripting Web Categorization
2016-01-25Rob VandenBrinkAssessing Remote Certificates with Powershell
2016-01-21Jim ClausingScanning for Fortinet ssh backdoor
2016-01-20Xavier Mertens/tmp, %TEMP%, ~/Desktop, T:\, ... A goldmine for pentesters!
2016-01-15Xavier MertensJavaScript Deobfuscation Tool
2016-01-05Guy BruneauWhat are you Concerned the Most in 2016?
2015-12-29Daniel WesemannNew Years Resolutions
2015-12-24Xavier MertensUnity Makes Strength
2015-12-21Daniel WesemannCritical Security Controls: Getting to know the unknown
2015-12-05Guy BruneauAre you looking to setup your own Malware Sandbox?
2015-11-09John BambenekICYMI: Widespread Unserialize Vulnerability in Java
2015-11-04Richard PorterApplication Aware and Critical Control 2
2015-10-17Russell EubanksCIS Critical Security Controls - Version 6.0
2015-10-12Guy BruneauData Visualization,What is your Tool of Choice?
2015-10-12Guy BruneauCritical Vulnerability in Multiple Cisco Products - Apache Struts 2 Command Execution http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2
2015-09-03Xavier MertensQuerying the DShield API from RTIR
2015-09-01Daniel WesemannEncryption of "data at rest" in servers
2015-08-29Tom WebbAutomating Metrics using RTIR REST API
2015-07-31Russ McReeTech tip follow-up: Using the data Invoked with R's system command
2015-07-03Didier StevensAnalyzing Quarantine Files
2015-06-28Didier StevensThe EICAR Test File
2015-06-24Rob VandenBrinkThe Powershell Diaries - Finding Problem User Accounts in AD
2015-06-02Alex StanfordGuest Diary: Xavier Mertens - Playing with IP Reputation with Dshield & OSSEC
2015-05-29Russell EubanksTrust But Verify
2015-05-20Brad DuncanLogjam - vulnerabilities in Diffie-Hellman key exchange affect browsers and servers using TLS
2015-05-03Russ McReeVolDiff, for memory image differential analysis
2015-04-28Daniel WesemannScammy Nepal earthquake donation requests
2015-04-08Tom WebbIs it a breach or not?
2015-03-26Daniel WesemannPin-up on your Smartphone!
2015-03-18Daniel WesemannPass the hash!
2015-02-27Rick WannerLet's Encrypt!
2015-02-17Rob VandenBrinkA Different Kind of Equation
2015-02-11Johannes UllrichDid PCI Just Kill E-Commerce By Saying SSL is Not Sufficient For Payment Info ? (spoiler: TLS!=SSL)
2015-02-10Mark BaggettDetecting Mimikatz Use On Your Network
2015-01-31Guy BruneauBeware of Phishing and Spam Super Bowl Fans!
2014-11-27Russ McReeSyrian Electronic Army attack leads to malvertising
2014-09-27Guy BruneauWhat has Bash and Heartbleed Taught Us?
2014-09-19Guy BruneauCipherShed Fork from TrueCrypt Project, Support Windows, Mac OS and Linux - https://ciphershed.org
2014-09-12Chris MohanAre credential dumps worth reviewing?
2014-08-29Johannes UllrichFalse Positive or Not? Difficult to Analyze Javascript
2014-08-25Jim ClausingUDP port 1900 DDoS traffic
2014-08-25Jim ClausingUnusual CRL traffic?
2014-08-09Adrien de BeaupreComplete application ownage via Multi-POST XSRF
2014-08-04Russ McReeThreats & Indicators: A Security Intelligence Lifecycle
2014-07-30Rick WannerSymantec Endpoint Protection Privilege Escalation Zero Day
2014-07-26Chris Mohan"Internet scanning project" scans
2014-07-09Daniel WesemannWho owns your typo?
2014-07-02Johannes UllrichSimple Javascript Extortion Scheme Advertised via Bing
2014-06-28Mark HofmanNo more Microsoft advisory email notifications?
2014-06-24Kevin ShorttNTP DDoS Counts Have Dropped
2014-05-27Kevin ShorttAvast forums hacked
2014-05-23Richard PorterHighlights from Cisco Live 2014 - The Internet of Everything
2014-05-01Johannes UllrichBusybox Honeypot Fingerprinting and a new DVR scanner
2014-04-26Guy BruneauNew Project by Linux Foundation - Core Infrastructure Initiative
2014-04-21Daniel WesemannAllow us to leave!
2014-04-12Guy BruneauCritical Security Update for JetPack WordPress Plugin. Bug has existed since Jetpack 1.9, released in October 2012. - http://jetpack.me/2014/04/10/jetpack-security-update/
2014-03-14Richard PorterWord Press Shenanigans? Anyone seeing strange activity today?
2014-03-13Daniel WesemannIdentification and authentication are hard ... finding out intention is even harder
2014-03-07Tom WebbLinux Memory Dump with Rekall
2014-03-04Daniel WesemannTriple Handshake Cookie Cutter
2014-02-26Russ McReeOngoing NTP Amplification Attacks
2014-02-14Chris MohanScanning activity for /siemens/bootstrapping/JnlpBrowser/Development/
2014-02-14Chris MohanSYM14-004 Symantec Endpoint Protection Management Vulnerabilities - http://www.symantec.com/business/support/index?page=content&id=TECH214866
2014-02-03Johannes UllrichWhen an Attack isn't an Attack
2014-01-31Chris MohanLooking for packets from three particular subnets
2014-01-17Russ McReeMassive RFI scans likely a free web app vuln scanner rather than bots
2014-01-11Guy Bruneautcpflow 1.4.4 and some of its most Interesting Features
2013-12-23Rob VandenBrinkHow-To's for the Holidays - Java Whitelisting using AD Group Policy
2013-12-20Daniel Wesemannauthorized key lime pie
2013-12-16Tom WebbThe case of Minerd
2013-12-10Rob VandenBrinkThose Look Just Like Hashes!
2013-11-19Johannes UllrichvBulletin.com Compromise - Possible 0-day
2013-10-25Rob VandenBrinkKaspersky flags TCPIP.SYS as Malware
2013-10-24Johannes UllrichFalse Positive: php.net Malware Alert
2013-10-21Johannes UllrichNew tricks that may bring DNS spoofing back or: "Why you should enable DNSSEC even if it is a pain to do"
2013-10-19Johannes UllrichYet Another WHMCS SQL Injection Exploit
2013-10-12Richard PorterReported Spike in tcp/5901 and tcp/5900
2013-10-05Richard PorterAdobe Breach Notification, Notifications?
2013-10-04Pedro BuenoCSAM: WebHosting BruteForce logs
2013-09-18Rob VandenBrinkCisco DCNM Update Released
2013-09-09Johannes UllrichSSL is broken. So what?
2013-08-19Johannes UllrichRunning Snort on ESXi using the Distributed Switch
2013-08-14Johannes UllrichImaging LUKS Encrypted Drives
2013-08-13Swa FrantzenMicrosoft security advisories: RDP and MD5 deprecation in Microsoft root certificates
2013-08-03Deborah HaleWhat Anti-virus Program Is Right For You?
2013-07-27Scott FendleyDefending Against Web Server Denial of Service Attacks
2013-07-17Johannes UllrichNetwork Solutions Outage
2013-07-16Johannes UllrichWhy don't we see more examples of web app attacks via POST?
2013-07-06Guy BruneauIs Metadata the Magic in Modern Network Security?
2013-07-04Russ McReeCelebrating 4th of July With a Malware PCAP Visualization
2013-07-01Manuel Humberto Santander PelaezUsing nmap scripts to enhance vulnerability asessment results
2013-06-18Russ McReeEMET 4.0 is now available for download
2013-06-18Russ McReeVolatility rules...any questions?
2013-06-07Daniel Wesemann100% Compliant (for 65% of the systems)
2013-05-23Adrien de BeaupreMoVP II
2013-05-22Adrien de BeauprePrivilege escalation, why should I care?
2013-05-22Adrien de BeaupreApple QuickTime 7.7.4 for Windows updated, MANY security vulnerabilities: http://support.apple.com/kb/HT1222
2013-05-17Johannes UllrichSSL: Another reason not to ignore IPv6
2013-05-11Lenny ZeltserExtracting Digital Signatures from Signed Malware
2013-05-07Jim ClausingIs there an epidemic of typo squatting?
2013-04-26Russ McReeWhat is "up to date anti-virus software"?
2013-04-25Adam SwangerGuest Diary: Dylan Johnson - A week in the life of some Perimeter Firewalls
2013-04-17John BambenekUPDATEDx1: Boston-Related Malware Campaigns Have Begun - Now with Waco Plant Explosion Fun
2013-04-16John BambenekFake Boston Marathon Scams Update
2013-04-15Rob VandenBrinkOops - You Mean That Deleted Server was a Certificate Authority?
2013-04-04Johannes UllrichMicrosoft April Patch Tuesday Advance Notification
2013-03-29Chris MohanDoes your breach email notification look like a phish?
2013-03-23Guy BruneauApple ID Two-step Verification Now Available in some Countries
2013-03-07Guy BruneauApple Blocking Java Web plug-in
2013-03-03Richard PorterUptick in MSSQL Activity
2013-02-17Guy BruneauHP ArcSight Connector Appliance and Logger Vulnerabilities
2013-02-16Lorna HutchesonFedora RedHat Vulnerabilty Released
2013-02-11John BambenekIs This Chinese Registrar Really Trying to XSS Me?
2013-02-08Kevin ShorttIs it Spam or Is it Malware?
2013-02-06Johannes UllrichAre you losing system logging information (and don't know it)?
2013-02-04Russ McReeAn expose of a recent SANS GIAC XSS vulnerability
2013-01-25Johannes UllrichVulnerability Scans via Search Engines (Request for Logs)
2013-01-15Russ McReeCisco introducing Cisco Security Notices 16 JAN 2013
2013-01-09Rob VandenBrinkSQL Injection Flaw in Ruby on Rails
2013-01-03Bojan ZdrnjaMemory acquisition traps
2013-01-03Manuel Humberto Santander PelaezNew year and new CA compromised
2012-12-27John BambenekIt's 3pm 2 days after Christmas, do you know where your unmanaged SSH keys are?
2012-12-18Dan GoldbergMitigating the impact of organizational change: a risk assessment
2012-12-04Johannes UllrichWhere do your backup tapes go to die?
2012-12-03John BambenekJohn McAfee Exposes His Location in Photo About His Being on Run
2012-12-03Kevin ListonRecent SSH vulnerabilities
2012-12-02Guy BruneauCollecting Logs from Security Devices at Home
2012-11-06Johannes UllrichWhat to watch out For on Election Day
2012-11-02Daniel WesemannThe shortcomings of anti-virus software
2012-10-30Mark HofmanCyber Security Awareness Month - Day 30 - DSD 35 mitigating controls
2012-10-05Richard PorterReports of a Distributed Injection Scan
2012-09-19Kevin ListonVolatility: 2.2 is Coming Soon
2012-09-11Adam SwangerMicrosoft September 2012 Black Tuesday Update - Overview
2012-09-08Guy BruneauWebmin Input Validation Vulnerabilities
2012-09-02Lorna HutchesonDemonstrating the value of your Intrusion Detection Program and Analysts
2012-08-21Adrien de BeaupreYYABCAFU - Yes Yet Another Bleeping Critical Adobe Flash Update
2012-08-16Johannes UllrichA Poor Man's DNS Anomaly Detection Script
2012-08-14Rick WannerMicrosoft August 2012 Black Tuesday Update - Overview
2012-07-31Daniel WesemannSQL injection, lilupophilupop-style
2012-07-21Rick WannerTippingPoint DNS Version Request increase
2012-07-18Rob VandenBrinkVote NO to Weak Keys!
2012-07-18Rob VandenBrinkVote NO to Weak Encryption!
2012-07-14Tony CarothersUser Awareness and Education
2012-07-12Rob VandenBrinkToday at SANSFIRE - Dude Your Car is PWND !
2012-07-05Adrien de BeaupreMicrosoft advanced notification for July 2012 patch Tuesday
2012-07-02Dan GoldbergStorms of June 29th 2012 in Mid Atlantic region of the USA
2012-06-22Kevin ListonInvestigator's Tool-kit: Timeline
2012-06-20Raul SilesCVE-2012-0217 (from MS12-042) applies to other environments too
2012-06-19Daniel Wesemann Vulnerabilityqueerprocessbrittleness
2012-06-13Johannes UllrichMicrosoft Certificate Updater
2012-05-22Johannes Ullrichnmap 6 released
2012-05-21Kevin ShorttDNS ANY Request Cannon - Need More Packets
2012-05-17Johannes UllrichNew IPv6 Video: IPv6 Router Advertisements https://isc.sans.edu/ipv6videos
2012-05-16Johannes UllrichAvira Antivirus false positives http://forum.avira.com/wbb/index.php?page=Thread&threadID=144875
2012-05-07Guy BruneauiOS 5.1.1 Software Update for iPod, iPhone, iPad
2012-04-26Richard PorterDefine Irony: A medical device with a Virus?
2012-04-21Guy BruneauWordPress Release Security Update
2012-04-13Daniel WesemannAnti-virus scanning exclusions
2012-03-16Russ McReeMS12-020 RDP vulnerabilities: Patch, Mitigate, Detect
2012-03-03Jim ClausingNew automated sandbox for Android malware
2012-02-08Jim ClausingChrome to stop checking Certificate Revocation List (CRL)?
2012-01-12Rob VandenBrinkStuff I Learned Scripting - Fun with STDERR
2012-01-05Russ McReeOpenSSL vulnerability fixes
2012-01-03Bojan ZdrnjaThe tale of obfuscated JavaScript continues
2011-12-25Deborah HaleMerry Christmas, Happy Holidays
2011-12-21Chris MohanThe off switch
2011-12-12Daniel WesemannYou won 100$ or a free iPad!
2011-12-08Adrien de BeaupreMicrosoft Security Bulletin Advance Notification for December 2011
2011-12-01Mark HofmanSQL Injection Attack happening ATM
2011-11-11Rick WannerAPPLE-SA-2011-11-10-2 Time Capsule and AirPort Base Station (802.11n) Firmware 7.6 update
2011-11-10Rob VandenBrinkStuff I Learned Scripting - - Parsing XML in a One-Liner
2011-11-07Rob VandenBrinkStuff I Learned Scripting - Evaluating a Remote SSL Certificate
2011-11-03Richard PorterAn Apple, Inc. Sandbox to play in.
2011-11-01Russ McReeSecure languages & frameworks
2011-10-29Richard PorterThe Sub Critical Control? Evidence Collection
2011-10-28Russ McReeCritical Control 19: Data Recovery Capability
2011-10-28Daniel WesemannCritical Control 20: Security Skills Assessment and Training to fill Gaps
2011-10-27Mark BaggettCritical Control 18: Incident Response Capabilities
2011-10-26Rick WannerCritical Control 17:Penetration Tests and Red Team Exercises
2011-10-26Rob VandenBrinkThe Theoretical "SSL Renegotiation" Issue gets a Whole Lot More Real !
2011-10-25Chris MohanRecurring reporting made easy?
2011-10-17Rob VandenBrinkCritical Control 11: Account Monitoring and Control
2011-10-02Mark HofmanCyber Security Awareness Month Day 1/2 - Schedule
2011-10-02Mark HofmanCyber Security Awareness Month Day 1/2 - Introduction to the controls
2011-09-19Guy BruneauMS Security Advisory Update - Fraudulent DigiNotar Certificates
2011-09-09Guy BruneauApple Certificate Trust Policy Update
2011-09-09Guy BruneauAdobe Publish its List of Trusted Root Certificate - http://www.adobe.com/security/approved-trust-list.html
2011-09-08Rob VandenBrinkWhen Good CA's go Bad: Other Things to Check in Your Datacenter
2011-09-05Bojan ZdrnjaBitcoin – crypto currency of future or heaven for criminals?
2011-08-26Daniel WesemannUser Agent 007
2011-08-24Rob VandenBrinkCitrix Access Gateway Cross Site Scripting vulnerability and fix ==> http://support.citrix.com/article/CTX129971
2011-08-17Rob VandenBrinkPutting all of Your Eggs in One Basket - or How NOT to do Layoffs
2011-08-16Johannes UllrichWhat are the most dangerous web applications and how to secure them?
2011-08-15Rob VandenBrink8 Years since the Eastern Seaboard Blackout - Has it Been that Long?
2011-08-11Guy BruneauBlackBerry Enterprise Server Critical Update
2011-08-04Jim ClausingApple release Quicktime 7.7 fixes 14 CVEs, see http://support.apple.com/kb/HT1222
2011-07-30Deborah HaleData Encryption Ban? Really?
2011-07-29Richard PorterApple Lion talking on TCP 5223
2011-07-28Johannes UllrichAnnouncing: The "404 Project"
2011-07-11John BambenekAnother Defense Contractor Hacked in AntiSec Hacktivism Spree
2011-07-05Raul SilesHelping Developers Understand Security - Spot the Vuln
2011-07-03Deborah HaleBusiness Continuation in the Face of Disaster
2011-06-22Guy BruneauHow Good is your Employee Termination Policy?
2011-06-21Chris MohanStartSSL, a web authentication authority, suspend services after a security breach
2011-06-12Mark HofmanCloud thoughts
2011-06-09Richard PorterOne Browser to Rule them All?
2011-06-06Johannes UllrichThe Havij SQL Injection Tool
2011-06-02Johannes UllrichSome Insight into Apple's Anti-Virus Signatures
2011-05-31Johannes UllrichApple Improving OS X Anti-Malware Feature
2011-05-30Johannes UllrichLockheed Martin and RSA Tokens
2011-05-19Daniel WesemannFake AV Bingo
2011-05-18Bojan ZdrnjaAndroid, HTTP and authentication tokens
2011-05-12Johannes UllrichActiveX Flaw Affecting SCADA systems
2011-04-28Chris MohanDSL Reports advise 9,000 accounts were compromised
2011-04-25Rob VandenBrinkSony PlayStation Network Outage - Day 5
2011-04-22Manuel Humberto Santander PelaezIn-house developed applications: The constant headache for the information security officer
2011-04-19Bojan ZdrnjaSQL injection: why can’t we learn?
2011-04-03Richard PorterExtreme Disclosure? Not yet but a great trend!
2011-04-01John BambenekLizaMoon Mass SQL-Injection Attack Infected at least 500k Websites
2011-03-17Kevin ListonSo You Got an AV Alert. Now What?
2011-03-09Kevin ShorttAVG Anti-Virus 2011 False Positives - Luhe.Exploit.PDF.B
2011-03-07Lorna HutchesonCall for Packets - Unassigned TCP Options
2011-03-01Daniel WesemannAV software and "sharing samples"
2011-02-14Lorna HutchesonNetwork Visualization
2011-02-08Johannes UllrichTippingpoint Releases Details on Unpatched Bugs
2011-02-05Guy BruneauOpenSSH Legacy Certificate Information Disclosure Vulnerability
2011-02-04Daniel WesemannOh, just click "yes"
2011-01-25Chris MohanReviewing our preconceptions
2011-01-24Rob VandenBrinkWhere have all the COM Ports Gone? - How enumerating COM ports led to me finding a “misplaced” Microsoft tool
2011-01-18Daniel WesemannYet another rogue anti-virus
2011-01-12Richard PorterHow Many Loyalty Cards do you Carry?
2011-01-12Richard PorterYet Another Data Broker? AOL Lifestream.
2011-01-03Johannes UllrichWhat Will Matter in 2011
2010-12-25Manuel Humberto Santander PelaezAn interesting vulnerability playground to learn application vulnerabilities
2010-12-18Raul SilesWhere are the Wi-Fi Driver Vulnerabilities?
2010-12-15Manuel Humberto Santander PelaezVulnerability in the PDF distiller of the BlackBerry Attachment Service
2010-12-12Raul SilesNew trend regarding web application vulnerabilities?
2010-12-12Raul SilesApple Quickime 7.6.9 was released a few days ago (just in case you missed it): http://support.apple.com/kb/HT1222. Update all your web browser plugins!
2010-12-02Kevin JohnsonSQL Injection: Wordpress 3.0.2 released
2010-11-24Bojan ZdrnjaPrivilege escalation 0-day in almost all Windows versions
2010-11-11Daniel WesemannFake AV scams via Skype Chat
2010-11-07Adrien de BeaupreChange your clocks?
2010-11-04Johannes UllrichMicrosoft Smart Screen False Positivies
2010-11-02Johannes UllrichLimited Malicious Search Engine Poisoning for Election
2010-10-22Manuel Humberto Santander PelaezIntypedia project
2010-10-04Mark HofmanOnline Voting
2010-09-26Daniel WesemannEgosurfing, the corporate way
2010-09-25Rick WannerGuest Diary: Andrew Hunt - Visualizing the Hosting Patterns of Modern Cybercriminals
2010-09-21Johannes UllrichImplementing two Factor Authentication on the Cheap
2010-08-30Adrien de BeaupreApple QuickTime potential vulnerability/backdoor
2010-08-23Manuel Humberto Santander PelaezFirefox plugins to perform penetration testing activities
2010-08-16Raul SilesThe Seven Deadly Sins of Security Vulnerability Reporting
2010-08-16Raul SilesBlind Elephant: A New Web Application Fingerprinting Tool
2010-08-15Manuel Humberto Santander PelaezObfuscated SQL Injection attacks
2010-08-15Manuel Humberto Santander PelaezPython to test web application security
2010-08-13Guy BruneauQuickTime Security Updates
2010-08-13Guy BruneauShadowserver Binary Whitelisting Service
2010-08-03Johannes UllrichWhen Lightning Strikes
2010-07-24Manuel Humberto Santander PelaezTransmiting logon information unsecured in the network
2010-07-23Mark HofmanvBulletin vB 3.8.6 vulnerability
2010-07-18Manuel Humberto Santander PelaezSAGAN: An open-source event correlation system - Part 1: Installation
2010-07-13Jim ClausingVMware Studio Security Update
2010-06-29Johannes UllrichHow to be a better spy: Cyber security lessons from the recent russian spy arrests
2010-06-27Manuel Humberto Santander PelaezStudy of clickjacking vulerabilities on popular sites
2010-06-18Tom ListonIMPORTANT INFORMATION: Distributed SSH Brute Force Attacks
2010-06-15Manuel Humberto Santander PelaezTCP evasions for IDS/IPS
2010-06-15Manuel Humberto Santander PelaeziPhone 4 Order Security Breach Exposes Private Information
2010-06-14Manuel Humberto Santander PelaezAnother way to get protection for application-level attacks
2010-06-14Manuel Humberto Santander PelaezRogue facebook application acting like a worm
2010-06-09Deborah HaleMass Infection of IIS/ASP Sites
2010-06-07Manuel Humberto Santander PelaezSoftware Restriction Policy to keep malware away
2010-06-06Manuel Humberto Santander PelaezNice OS X exploit tutorial
2010-05-26Bojan ZdrnjaMalware modularization and AV detection evasion
2010-05-12Rob VandenBrinkAdobe Shockwave Update
2010-05-04Rick WannerSIFT review in the ISSA Toolsmith
2010-04-26Raul SilesVulnerable Sites Database
2010-04-22John BambenekData Redaction: You're Doing it Wrong
2010-04-21Guy BruneauMcAfee DAT 5958 Update Issues
2010-04-21Guy BruneauGoogle Chrome Security Update v4.1.249.1059 Released: http://googlechromereleases.blogspot.com/2010/04/stable-update-security-fixes.html
2010-04-20Raul SilesAre You Ready for a Transportation Collapse...?
2010-04-18Guy BruneauSome NetSol hosted sites breached
2010-04-13Adrien de BeaupreWeb App Testing Tools
2010-04-08Bojan ZdrnjaJavaScript obfuscation in PDF: Sky is the limit
2010-04-06Daniel WesemannApplication Logs
2010-04-04Mari NicholsFinancial Management of Cyber Risk
2010-04-02Guy BruneauFirefox 3.6.3 fix for CVE-2010-1121 http://www.mozilla.org/security/announce/2010/mfsa2010-25.html
2010-04-02Guy BruneauSecurity Advisory for ESX Service Console
2010-04-02Guy BruneauApple QuickTime and iTunes Security Update
2010-04-02Guy BruneauOracle Java SE and Java for Business Critical Patch Update Advisory
2010-03-30Pedro BuenoVMWare Security Advisories Out
2010-03-29Adrien de BeaupreOOB Update for Internet Explorer MS10-018
2010-03-27Guy BruneauHP-UX Running NFS/ONCplus, Inadvertently Enabled NFS
2010-03-21Scott FendleySkipfish - Web Application Security Tool
2010-03-10Rob VandenBrinkMicrosoft Security Advisory 981374 - Remote Code Execution Vulnerability for IE6 and IE7
2010-03-10Rob VandenBrinkMicrosoft re-release of KB973811 - attacks on Extended Protection for Authentication
2010-03-08Raul SilesSamurai WTF 0.8
2010-03-06Tony CarothersIntegration and the Security of New Technologies
2010-03-05Kyle HaugsnessJavascript obfuscators used in the wild
2010-02-22Rob VandenBrinkNew Risks in Penetration Testing
2010-02-21Patrick Nolan Looking for "more useful" malware information? Help develop the format.
2010-02-20Mari NicholsIs "Green IT" Defeating Security?
2010-02-17Rob VandenBrinkDefining Clouds - " A Cloud by any Other Name Would be a Lot Less Confusing"
2010-02-15Johannes UllrichVarious Olympics Related Dangerous Google Searches
2010-02-11Deborah HaleCritical Update for AD RMS
2010-02-06Guy BruneauLANDesk Management Gateway Vulnerability
2010-01-29Adrien de BeaupreNeo-legacy applications
2010-01-24Pedro BuenoOutdated client applications
2010-01-17Rick WannerBuffer overflow in Quicktime
2010-01-14Bojan ZdrnjaRogue AV exploiting Haiti earthquake
2010-01-13Johannes UllrichSMS Donations Advertised via Twitter
2010-01-12Johannes UllrichHaiti Earthquake: Possible scams / malware
2009-12-19Deborah HaleEducationing Our Communities
2009-12-16Rob VandenBrinkBeware the Attack of the Christmas Greeting Cards !
2009-12-14Adrien de BeaupreAnti-forensics, COFEE vs. DECAF
2009-12-07Rob VandenBrinkLayer 2 Network Protections – reloaded!
2009-12-05Guy BruneauJava JRE Buffer and Integer Overflow
2009-12-03Mark HofmanAvast false positives
2009-12-02Rob VandenBrinkSPAM and Malware taking advantage of H1N1 concerns
2009-11-29Patrick Nolan A Cloudy Weekend
2009-11-25Jim ClausingUpdates to my GREM Gold scripts and a new script
2009-11-13Adrien de BeaupreTLS & SSLv3 renegotiation vulnerability explained
2009-11-11Rob VandenBrinkLayer 2 Network Protections against Man in the Middle Attacks
2009-11-02Rob VandenBrinkMicrosoft releases v1.02 of Enhanced Mitigation Evaluation Toolkit (EMET)
2009-10-30Rob VandenBrinkNew version of NIST 800-41, Firewalls and Firewall Policy Guidelines
2009-10-27Rob VandenBrinkNew VMware Desktop Products Released (Workstation, Fusion, ACE)
2009-10-20Raul SilesWASC 2008 Statistics
2009-10-09Rob VandenBrinkTHAWTE to discontinue free Email Certificate Services and Web of Trust Service
2009-10-04Guy BruneauSamba Security Information Disclosure and DoS
2009-10-02Stephen HallCyber Security Awareness Month - Day 2 - Port 0
2009-09-25Lenny ZeltserCategories of Common Malware Traits
2009-09-17Bojan ZdrnjaWhy is Rogue/Fake AV so successful?
2009-09-16Raul SilesReview the security controls of your Web Applications... all them!
2009-09-12Jim ClausingApple Updates
2009-09-07Lorna HutchesonEncrypting Data
2009-09-05Mark HofmanCritical Infrastructure and dependencies
2009-09-04Adrien de BeaupreFake anti-virus
2009-08-29Guy BruneauImmunet Protect - Cloud and Community Malware Protection
2009-08-28Adrien de BeaupreWPA with TKIP done
2009-08-19Daniel WesemannChecking your protection
2009-08-18Deborah HaleWebsite compromises - what's happening?
2009-08-13Johannes UllrichCA eTrust update crashes systems
2009-08-13Jim ClausingTools for extracting files from pcaps
2009-08-08Guy BruneauXML Libraries Data Parsing Vulnerabilities
2009-08-01Deborah HaleWebsite Warnings
2009-07-31Deborah HaleDon't forget to tell your SysAdmin Thanks
2009-07-28Adrien de BeaupreYYAMCCBA
2009-07-27Raul SilesNew Hacker Challenge: Prison Break - Breaking, Entering & Decoding
2009-07-26Jim ClausingNew Volatility plugins
2009-07-23John BambenekMissouri Passes Breach Notification Law: Gap Still Exists for Banking Account Information
2009-07-16Bojan ZdrnjaOWC exploits used in SQL injection attacks
2009-07-13Adrien de BeaupreVulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution
2009-07-13Adrien de Beaupre* Infocon raised to yellow for Excel Web Components ActiveX vulnerability
2009-07-12Mari NicholsCA Apologizes for False Positive
2009-07-11Marcus SachsImageshack
2009-07-10Guy BruneauWordPress Fixes Multiple vulnerabilities
2009-06-30Chris CarboniObfuscated Code
2009-06-30Chris CarboniDe-Obfuscation Submissions
2009-06-27Tony CarothersNew NIAP Strategy on the Horizon
2009-06-21Bojan ZdrnjaApache HTTP DoS tool mitigation
2009-06-16Bojan ZdrnjaIranian hacktivism
2009-06-16John BambenekIran Internet Blackout: Using Twitter for Operational Intelligence
2009-06-11Rick WannerMIR-ROR Motile Incident Response - Respond Objectively Remediate
2009-06-11Rick WannerWHO Declares Flu A(H1N1) a Pandemic
2009-06-02Deborah HaleAnother Quicktime Update
2009-05-29Lorna HutchesonVMWare Patches Released
2009-05-28Jim ClausingMore new volatility plugins
2009-05-26Jason LamA new Web application security blog
2009-05-20Tom ListonWeb Toolz
2009-05-19Bojan ZdrnjaAdvanced blind SQL injection (with Oracle examples)
2009-05-15Daniel WesemannWarranty void if seal shredded?
2009-05-09Patrick NolanShared SQL Injection Lessons Learned blog item
2009-04-24John BambenekData Leak Prevention: Proactive Security Requirements of Breach Notification Laws
2009-04-21Bojan ZdrnjaWeb application vulnerabilities
2009-04-07Bojan ZdrnjaAdvanced JavaScript obfuscation (or why signature scanning is a failure)
2009-03-26Mark HofmanSanitising media
2009-03-22Mari NicholsDealing with Security Challenges
2009-03-20Stephen HallMaking the most of your runbooks
2009-03-10Swa FrantzenTinyURL and security
2009-03-02Swa FrantzenObama's leaked chopper blueprints: anything we can learn?
2009-03-01Jim ClausingCool combination of tools
2009-02-14Deborah HaleMicrosoft Time Sync Appears to Down
2009-02-12Mark HofmanAustralian Bushfires
2009-02-11Robert DanfordProFTPd SQL Authentication Vulnerability exploit activity
2009-02-06Adrien de BeaupreFake stimulus payments
2009-01-25Rick WannerTwam?? Twammers?
2009-01-20Adrien de BeaupreObamamania
2009-01-12William SaluskyWeb Application Firewalls (WAF) - Have you deployed WAF technology?
2009-01-02Mark HofmanBlocking access to MD5 signed certs
2008-12-12Johannes UllrichMSIE 0-day Spreading Via SQL Injection
2008-12-04Bojan ZdrnjaFinjan blocking access to isc.sans.org
2008-12-01Jason LamInput filtering and escaping in SQL injection mitigation
2008-11-25Andre LudwigThe beginnings of a collaborative approach to IDS
2008-11-20Jason LamLarge quantity SQL Injection mitigation
2008-11-17Jim ClausingFinding stealth injected DLLs
2008-11-16Maarten Van HorenbeeckDetection of Trojan control channels
2008-11-02Adrien de BeaupreDaylight saving time
2008-09-29Daniel WesemannASPROX mutant
2008-09-22Maarten Van HorenbeeckData exfiltration and the use of anonymity providers
2008-09-22Jim ClausingLessons learned from the Palin (and other) account hijacks
2008-09-21Mari NicholsYou still have time!
2008-09-20Rick WannerNew (to me) nmap Features
2008-09-15donald smithFake antivirus 2009 and search engine results
2008-09-11David GoldsmithCookieMonster is coming to Pown (err, Town)
2008-09-09Swa FrantzenApple updates iTunes+QuickTime
2008-09-08Raul SilesQuick Analysis of the 2007 Web Application Security Statistics
2008-09-07Daniel WesemannStaying current, but not too current
2008-09-03Daniel WesemannStatic analysis of Shellcode - Part 2
2008-09-01John BambenekThe Number of Machines Controlled by Botnets Has Jumped 4x in Last 3 Months
2008-08-23Mark HofmanSQL injections - an update
2008-08-15Jim ClausingAnother MS update that may have escaped notice
2008-08-15Jim ClausingWebEx ActiveX buffer overflow
2008-08-10Stephen HallFrom lolly pops to afterglow
2008-08-08Mark HofmanMore SQL Injections - very active right now
2008-08-03Deborah HaleSecuring A Network - Lessons Learned
2008-08-02Maarten Van HorenbeeckA little of that human touch
2008-07-24Bojan ZdrnjaWhat's brewing in Danmec's pot?
2008-07-22Mari Nichols‘Cold Boot’ Attack Utility Tools
2008-07-14Daniel WesemannObfuscated JavaScript Redux
2008-07-07Scott FendleyMicrosoft Snapshot Viewer Security Advisory
2008-07-07Pedro BuenoBad url classification
2008-06-30Marcus SachsMore SQL Injection with Fast Flux hosting
2008-06-25Deborah HaleReport of Coreflood.dr Infection
2008-06-24Jason LamSQL Injection mitigation in ASP
2008-06-24Jason LamMicrosoft SQL Injection Prevention Strategy
2008-06-23donald smithPreventing SQL injection
2008-06-13Johannes UllrichSQL Injection: More of the same
2008-06-13Johannes UllrichFloods: More of the same (2)
2008-06-10Swa FrantzenUpgrade to QuickTime 7.5
2008-06-01Mark HofmanFree Yahoo email account! Sign me up, Ok well maybe not.
2008-05-29Joel EslerCreative Software AutoUpdate Engine ActiveX stack buffer overflow
2008-05-26Marcus SachsPredictable Response
2008-05-23Mike PoorCisco IOS Rootkit thoughts
2008-05-20Raul SilesList of malicious domains inserted through SQL injection
2008-05-17Jim ClausingDisaster donation scams continue
2008-04-24donald smithHundreds of thousands of SQL injections
2008-04-16Bojan ZdrnjaThe 10.000 web sites infection mystery solved
2008-04-07John BambenekHP USB Keys Shipped with Malware for your Proliant Server
2008-04-07John BambenekNetwork Solutions Technical Difficulties? Enom too
2008-04-06Daniel WesemannAdvanced obfuscated JavaScript analysis
2008-04-03Bojan ZdrnjaMixed (VBScript and JavaScript) obfuscation
2008-04-03Bojan ZdrnjaA bag of vulnerabilities (and fixes) in QuickTime
2008-03-29Patrick NolanTwo ITIL v3 Resources
2008-03-27Maarten Van HorenbeeckGuarding the guardians: a story of PGP key ring theft
2008-03-24Maarten Van HorenbeeckOverview of cyber attacks against Tibetan communities
2008-03-21Maarten Van HorenbeeckCyber attacks against Tibetan communities
2008-03-14Kevin Liston2117966.net-- mass iframe injection
2008-03-12Joel EslerDon't use G-Archiver
2008-01-09Bojan ZdrnjaMass exploits with SQL Injection
2007-02-24Jason LamPrepared Statements and SQL injections
2006-10-30William SaluskyToD - Configuration Management - maintaining security awareness
2006-09-29Kevin ListonA Report from the Field
2006-09-15Swa FrantzenMSIE DirectAnimation ActiveX 0-day update
2006-09-12Swa FrantzenApple Quicktime 7.1.3 released