Date Author Title

LAYER 2 NETWORK PROTECTIONS BROADCAST MACOF FLOOD MAC

2009-12-07Rob VandenBrinkLayer 2 Network Protections – reloaded!

LAYER

2019-10-10/a>Rob VandenBrinkMining Live Networks for OUI Data Oddness
2019-09-26/a>Rob VandenBrinkMining MAC Address and OUI Information
2016-10-26/a>Johannes UllrichCritical Flash Player Update APSB16-36
2015-01-23/a>Adrien de BeaupreInfocon change to yellow for Adobe Flash issues
2014-04-28/a>Russ McReeAdobe Security Bulletin: Security updates available for Adobe Flash Player http://adobe.ly/QVjO72
2013-03-02/a>Scott FendleyApple Blocks Older Insecure Versions of Flash Player
2012-11-08/a>Daniel WesemannAdobe Patches
2012-10-24/a>Rob VandenBrinkTime to run Windows Update - - Microsoft Updates KB2755801 for Windows RT / IE10 / Flash Player - http://technet.microsoft.com/en-us/security/advisory/2755801
2012-10-09/a>Johannes UllrichAdobe Flash Player update http://www.adobe.com/support/security/bulletins/apsb12-22.html
2012-09-20/a>Russ McReeFlash Player update but no announcement, check your version http://www.adobe.com/software/flash/about/
2012-08-03/a>Guy BruneauFlash Player 11.3.300.270 for Windows released to address a crash - http://forums.adobe.com/message/4594596#4594596
2012-03-28/a>Kevin ShorttAdobe Flash Player APSB12-07 - 28 March 2012
2012-03-05/a>Johannes UllrichAdobe Flash Player Security Update
2012-02-16/a>Johannes UllrichAdobe Flash Player Update
2011-04-11/a>Johannes UllrichLayer 2 DoS and other IPv6 Tricks
2010-11-01/a>Manuel Humberto Santander PelaezCVE-2010-3654 exploit in the wild
2010-10-30/a>Guy BruneauSecurity Update for Shockwave Player
2010-08-25/a>Pedro BuenoAdobe released security update for Shockwave player that fix several CVEs: APSB1020
2010-06-16/a>Kevin ShorttAdobe Flash Player 10.1 - Security Update Available
2010-06-05/a>Guy BruneauSecurity Advisory for Flash Player, Adobe Reader and Acrobat
2010-05-12/a>Rob VandenBrinkLayer 2 Security - Private VLANs (the Story Continues ...)
2010-02-12/a>G. N. WhiteAdobe Flash Player 10.0.45.2 and AIR 1.5.3.9130 released to correct vulnerability CVE-2010-0186 Details: http://www.adobe.com/support/security/bulletins/apsb10-06.html
2010-01-12/a>Johannes UllrichMicrosoft Advices XP Users to Uninstall Flash Player 6
2009-12-07/a>Rob VandenBrinkLayer 2 Network Protections – reloaded!
2009-11-11/a>Rob VandenBrinkLayer 2 Network Protections against Man in the Middle Attacks
2009-01-21/a>Raul SilesTraffic increase for port UDP/8247
2008-05-27/a>Adrien de BeaupreAdobe flash player vuln
2006-12-12/a>Robert DanfordMS06-078: 2 Windows Media Format Vulnerabilities (CVE-2006-4702, CVE-2006-6134)

2

2024-08-20/a>Johannes UllrichWhere are we with CVE-2024-38063: Microsoft IPv6 Vulnerability
2024-04-23/a>Johannes UllrichStruts "devmode": Still a problem ten years later?
2024-03-14/a>Jan KoprivaIncrease in the number of phishing messages pointing to IPFS and to R2 buckets
2023-12-20/a>Guy BruneauHow to Protect your Webserver from Directory Enumeration Attack ? Apache2 [Guest Diary]
2023-11-30/a>John BambenekProphetic Post by Intern on CVE-2023-1389 Foreshadows Mirai Botnet Expansion Today
2023-11-22/a>Guy BruneauCVE-2023-1389: A New Means to Expand Botnets
2023-11-06/a>Johannes UllrichExploit Activity for CVE-2023-22518, Atlassian Confluence Data Center and Server
2023-08-28/a>Didier StevensAnalysis of RAR Exploit Files (CVE-2023-38831)
2023-08-25/a>Xavier MertensPython Malware Using Postgresql for C2 Communications
2023-07-12/a>Brad DuncanLoader activity for Formbook "QM18"
2023-06-22/a>Brad DuncanQakbot (Qbot) activity, obama271 distribution tag
2023-06-17/a>Brad DuncanFormbook from Possible ModiLoader (DBatLoader)
2023-05-14/a>Guy BruneauVMware Aria Operations addresses multiple Local Privilege Escalations and a Deserialization issue
2023-05-09/a>Russ McReeExploratory Data Analysis with CISSM Cyber Attacks Database - Part 2
2023-03-25/a>Guy BruneauMicrosoft Released an Update for Windows Snipping Tool Vulnerability
2023-02-22/a>Johannes UllrichInternet Wide Scan Fingerprinting Confluence Servers
2022-12-22/a>Guy BruneauExchange OWASSRF Exploited for Remote Code Execution
2022-12-16/a>Guy BruneauVMware Security Updates
2022-12-10/a>Didier StevensOpen Now: 2022 SANS Holiday Hack Challenge & KringleCon
2022-10-24/a>Xavier MertensC2 Communications Through outlook.com
2022-10-15/a>Guy BruneauMalware - Covid Vaccination Supplier Declaration
2022-10-07/a>Xavier MertensPowershell Backdoor with DGA Capability
2022-08-26/a>Guy BruneauHTTP/2 Packet Analysis with Wireshark
2022-08-22/a>Xavier Mertens32 or 64 bits Malware?
2022-08-14/a>Johannes UllrichRealtek SDK SIP ALG Vulnerability: A Big Deal, but not much you can do about it. CVE 2022-27255
2022-07-23/a>Guy BruneauAnalysis of SSH Honeypot Data with PowerBI
2022-06-09/a>Brad DuncanTA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt)
2022-05-13/a>Johannes UllrichFrom 0-Day to Mirai: 7 days of BIG-IP Exploits
2022-04-28/a>Johannes UllrichA Day of SMB: What does our SMB/RPC Honeypot see? CVE-2022-26809
2022-04-14/a>Johannes UllrichAn Update on CVE-2022-26809 - MSRPC Vulnerabliity - PATCH NOW
2022-01-12/a>Johannes UllrichA Quick CVE-2022-21907 FAQ
2022-01-02/a>Guy BruneauExchange Server - Email Trapped in Transport Queues
2021-12-19/a>Didier StevensOffice 2021: VBA Project Version
2021-12-18/a>Guy BruneauVMware Security Update - https://www.vmware.com/security/advisories/VMSA-2021-0030.html
2021-12-14/a>Johannes UllrichLog4j: Getting ready for the long haul (CVE-2021-44228)
2021-12-11/a>Johannes UllrichLog4j / Log4Shell Followup: What we see and how to defend (and how to access our data)
2021-11-26/a>Guy BruneauSearching for Exposed ASUS Routers Vulnerable to CVE-2021-20090
2021-11-20/a>Guy BruneauHikvision Security Cameras Potentially Exposed to Remote Code Execution
2021-11-07/a>Didier StevensVideo: Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory
2021-11-06/a>Didier StevensDecrypting Cobalt Strike Traffic With Keys Extracted From Process Memory
2021-10-30/a>Guy BruneauRemote Desktop Protocol (RDP) Discovery
2021-10-25/a>Didier StevensDecrypting Cobalt Strike Traffic With a "Leaked" Private Key
2021-10-16/a>Guy BruneauApache is Actively Scan for CVE-2021-41773 & CVE-2021-42013
2021-10-06/a>Johannes UllrichApache 2.4.49 Directory Traversal Vulnerability (CVE-2021-41773)
2021-08-20/a>Xavier MertensWaiting for the C2 to Show Up
2021-08-03/a>Johannes UllrichThree Problems with Two Factor Authentication
2021-06-30/a>Johannes UllrichCVE-2021-1675: Incomplete Patch and Leaked RCE Exploit
2021-06-26/a>Guy BruneauCVE-2019-9670: Zimbra Collaboration Suite XXE vulnerability
2021-05-28/a>Xavier MertensMalicious PowerShell Hosted on script.google.com
2021-05-21/a>Xavier MertensLocking Kernel32.dll As Anti-Debugging Technique
2021-05-18/a>Xavier MertensFrom RunDLL32 to JavaScript then PowerShell
2021-04-02/a>Xavier MertensC2 Activity: Sandboxes or Real Victims?
2021-03-19/a>Xavier MertensPastebin.com Used As a Simple C2 Channel
2021-02-25/a>Jim ClausingSo where did those Satori attacks come from?
2021-02-24/a>Brad DuncanMalspam pushes GuLoader for Remcos RAT
2021-02-16/a>Jim ClausingMore weirdness on TCP port 26
2021-02-02/a>Xavier MertensNew Example of XSL Script Processing aka "Mitre T1220"
2020-12-18/a>Jan KoprivaA slightly optimistic tale of how patching went for CVE-2019-19781
2020-12-13/a>Didier StevensKringleCon 2020
2020-12-10/a>Xavier MertensPython Backdoor Talking to a C2 Through Ngrok
2020-11-21/a>Guy BruneauVMware privilege escalation vulnerabilities (CVE-2020-4004, CVE-2020-4005) - https://www.vmware.com/security/advisories/VMSA-2020-0026.html
2020-10-29/a>Johannes UllrichPATCH NOW: CVE-2020-14882 Weblogic Actively Exploited Against Honeypots
2020-10-28/a>Jan KoprivaSMBGhost - the critical vulnerability many seem to have forgotten to patch
2020-08-08/a>Guy BruneauScanning Activity Include Netcat Listener
2020-08-04/a>Johannes UllrichReminder: Patch Cisco ASA / FTD Devices (CVE-2020-3452). Exploitation Continues
2020-07-22/a>Rick WannerA few IoCs related to CVE-2020-5902
2020-07-15/a>Johannes UllrichPATCH NOW - SIGRed - CVE-2020-1350 - Microsoft DNS Server Vulnerability
2020-07-06/a>Johannes UllrichSummary of CVE-2020-5902 F5 BIG-IP RCE Vulnerability Exploits
2020-05-19/a>Rick WannerWhat is up on Port 62234?
2020-05-14/a>Rob VandenBrinkPatch Tuesday Revisited - CVE-2020-1048 isn't as "Medium" as MS Would Have You Believe
2020-04-29/a>Johannes UllrichPrivacy Preserving Protocols to Trace Covid19 Exposure
2020-02-21/a>Xavier MertensQuick Analysis of an Encrypted Compound Document Format
2020-02-18/a>Jan KoprivaDiscovering contents of folders in Windows without permissions
2020-01-16/a>Bojan ZdrnjaSumming up CVE-2020-0601, or the Let?s Decrypt vulnerability
2020-01-15/a>Johannes UllrichCVE-2020-0601 Followup
2020-01-13/a>Didier StevensCitrix ADC Exploits: Overview of Observed Payloads
2020-01-11/a>Johannes UllrichCitrix ADC Exploits are Public and Heavily Used. Attempts to Install Backdoor
2020-01-07/a>Johannes UllrichA Quick Update on Scanning for CVE-2019-19781 (Citrix ADC / Gateway Vulnerability)
2019-12-02/a>Jim ClausingNext up, what's up with TCP port 26?
2019-11-18/a>Johannes UllrichSMS and 2FA: Another Reason to Move away from It.
2019-11-06/a>Brad DuncanMore malspam pushing Formbook
2019-11-01/a>Didier StevensTip: Password Managers and 2FA
2019-10-10/a>Rob VandenBrinkMining Live Networks for OUI Data Oddness
2019-09-26/a>Rob VandenBrinkMining MAC Address and OUI Information
2019-08-01/a>Johannes UllrichWhat is Listening On Port 9527/TCP?
2019-07-18/a>Rob VandenBrinkThe Other Side of Critical Control 1: 802.1x Wired Network Access Controls
2019-06-19/a>Johannes UllrichCritical Actively Exploited WebLogic Flaw Patched CVE-2019-2729
2019-05-22/a>Johannes UllrichAn Update on the Microsoft Windows RDP "Bluekeep" Vulnerability (CVE-2019-0708) [now with pcaps]
2019-04-28/a>Johannes UllrichUpdate about Weblogic CVE-2019-2725 (Exploits Used in the Wild, Patch Status)
2019-04-02/a>Johannes UllrichFake AV is Back: LaCie Network Drives Used to Spread Malware
2019-03-29/a>Remco VerhoefAnnotating Golang binaries with Cutter and Jupyter
2019-03-15/a>Remco VerhoefBinary Analysis with Jupyter and Radare2
2019-03-09/a>Guy BruneauA Comparison Study of SSH Port Activity - TCP 22 & 2222
2019-02-02/a>Guy BruneauScanning for WebDAV PROPFIND Exploiting CVE-2017-7269
2019-01-09/a>Russ McReegganimate: Animate YouR Security Analysis
2018-12-21/a>Lorna HutchesonPhishing Attempts That Bypass 2FA
2018-10-10/a>Xavier MertensNew Campaign Using Old Equation Editor Vulnerability
2018-10-08/a>Guy BruneauLatest Release of rockNSM 2.1
2018-08-31/a>Jim ClausingQuickie: Using radare2 to disassemble shellcode
2018-08-20/a>Didier StevensOpenSSH user enumeration (CVE-2018-15473)
2018-06-27/a>Renato MarinhoSilently Profiling Unknown Malware Samples
2018-06-15/a>Lorna HutchesonSMTP Strangeness - Possible C2
2018-06-01/a>Remco VerhoefBinary analysis with Radare2
2018-05-22/a>Guy BruneauVMware updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue - https://www.vmware.com/security/advisories/VMSA-2018-0012.html
2018-01-19/a>Jim ClausingFollowup to IPv6 brute force and IPv6 blocking
2017-12-27/a>Guy BruneauWhat are your Security Challenges for 2018?
2017-10-16/a>Johannes UllrichWPA2 "KRACK" Attack
2017-09-08/a>Adrien de BeaupreYASRV (Yet Another Struts RCE Vulnerability) yes a different one from yesterday
2017-09-05/a>Johannes UllrichThe Mirai Botnet: A Look Back and Ahead At What's Next
2017-05-26/a>Lorna HutchesonFile2pcap - A new tool for your toolkit!
2017-05-13/a>Guy BruneauMicrosoft Released Guidance for WannaCrypt
2017-01-30/a>Didier Stevenspy2exe Decompiling - Part 2
2016-10-22/a>Guy BruneauRequest for Packets TCP 4786 - CVE-2016-6385
2016-10-10/a>Didier StevensRadare2: rahash2
2016-09-15/a>Xavier MertensIn Need of a OTP Manager Soon?
2016-07-17/a>Guy BruneauJuniper -> Junos: Self-signed certificate with spoofed trusted Issuer CN accepted as valid - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10755&actp=search
2016-07-05/a>Johannes UllrichApache Update: TLS Certificate Authentication Bypass with HTTP/2 (CVE-2016-4979)
2016-05-18/a>Russ McReeResources: Windows Auditing & Monitoring, Linux 2FA
2016-03-13/a>Guy BruneauA Look at the Mandiant M-Trends 2016 Report
2016-03-06/a>Jim ClausingNovel method for slowing down Locky on Samba server using fail2ban
2016-02-13/a>Guy BruneauVMware VMSA-2015-0007.3 has been Re-released
2016-01-31/a>Guy BruneauOpenSSL 1.0.2 Advisory and Update
2016-01-05/a>Guy BruneauWhat are you Concerned the Most in 2016?
2015-10-12/a>Guy BruneauCritical Vulnerability in Multiple Cisco Products - Apache Struts 2 Command Execution http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2
2015-08-12/a>Rob VandenBrinkWireshark 1.12.7 is released, multiple fixes. Find the release notes at: https://www.wireshark.org/docs/relnotes/wireshark-1.12.7.html and the binaries at: https://www.wireshark.org/download.html
2015-07-12/a>Guy BruneauPHP 5.x Security Updates
2015-06-16/a>John BambenekCVE-2014-4114 and an Interesting AV Bypass Technique
2015-04-15/a>Johannes UllrichMS15-034: HTTP.sys (IIS) DoS And Possible Remote Code Execution. PATCH NOW
2015-02-05/a>Johannes UllrichAdobe Flash Player Update Released, Fixing CVE 2015-0313
2015-01-27/a>Johannes UllrichNew Critical GLibc Vulnerability CVE-2015-0235 (aka GHOST)
2014-09-25/a>Johannes UllrichUpdate on CVE-2014-6271: Vulnerability in bash (shellshock)
2014-09-24/a>Pedro BuenoAttention *NIX admins, time to patch!
2014-09-22/a>Johannes UllrichCyber Security Awareness Month: What's your favorite/most scary false positive
2014-08-23/a>Guy BruneauNSS Labs Cyber Resilience Report
2014-07-07/a>Johannes UllrichMulti Platform *Coin Miner Attacking Routers on Port 32764
2014-06-30/a>Johannes UllrichShould I setup a Honeypot? [SANSFIRE]
2014-06-12/a>Johannes UllrichMetasploit now includes module to exploit CVE-2014-0195 (OpenSSL DTLS Fragment Vuln.)
2014-05-23/a>Richard PorterHighlights from Cisco Live 2014 - The Internet of Everything
2014-04-08/a>Guy BruneauOpenSSL CVE-2014-0160 Fixed
2014-03-24/a>Johannes UllrichNew Microsoft Advisory: Unpatched Word Flaw used in Targeted Attacks
2014-03-02/a>Stephen HallSymantec goes yellow
2014-02-27/a>Richard PorterDDoS and BCP 38
2014-02-07/a>Rob VandenBrinkNew ISO Standards on Vulnerability Handling and Disclosure
2013-12-05/a>Mark HofmanUpdated Standards Part 1 - ISO 27001
2013-11-28/a>Rob VandenBrinkMicrosoft Security Advisory (2914486): Vulnerability in Microsoft Windows Kernel 0 day exploit in wild
2013-10-25/a>Rob VandenBrinkKaspersky flags TCPIP.SYS as Malware
2013-10-15/a>Rob VandenBrinkCSAM: Microsoft Logs - NPS and IAS (RADIUS)
2013-10-10/a>Mark HofmanCSAM Some more unusual scans
2013-10-09/a>Johannes UllrichCSAM: SSL Request Logs
2013-10-02/a>Johannes UllrichCSAM: Misc. DNS Logs
2013-10-01/a>John Bambenek*Metaspoit Releases Module to Exploit Unpatched IE Vuln CVE-2013-3893
2013-10-01/a>Adrien de BeaupreCSAM! Send us your logs!
2013-09-20/a>Russ McReeThreat Level Yellow: Protection recommendations regarding Internet Explorer exploits in the wild
2013-09-18/a>Rob VandenBrinkCisco DCNM Update Released
2013-09-17/a>John BambenekMicrosoft Releases Out-of-Band Advisory for all Versions of Internet Explorer
2013-08-16/a>Kevin ListonCVE-2013-2251 Apache Struts 2.X OGNL Vulnerability
2013-08-09/a>Kevin ShorttCopy Machines - Changing Scanned Content
2013-07-06/a>Guy BruneauMicrosoft July Patch Pre-Announcement
2013-06-01/a>Guy BruneauExploit Sample for Win32/CVE-2012-0158
2013-05-20/a>Guy BruneauSafe - Tools, Tactics and Techniques
2013-05-09/a>Johannes UllrichMicrosoft released a Fix-it for the Internet Explorer 8 Vulnerability http://support.microsoft.com/kb/2847140
2013-04-25/a>Adam SwangerSANS 2013 Forensics Survey - https://www.surveymonkey.com/s/2013SANSForensicsSurvey
2013-04-16/a>Rob VandenBrinkJava 7 Update 21 is available - Watch for Behaviour Changes !
2013-03-25/a>Johannes UllrichIPv6 Focus Month: IPv6 over IPv4 Preference
2013-02-22/a>Chris MohanPHP 5.4.12 and PHP 5.3.22 released http://www.php.net/ChangeLog-5.php
2013-02-11/a>John BambenekOpenSSL 1.0.1e Released with Corrected fix for CVE-2013-1069, more here: http://www.openssl.org/
2013-01-19/a>Guy BruneauJava 7 Update 11 Still has a Flaw
2013-01-10/a>Rob VandenBrinkWhat Else runs Telnets? Or, Pentesters Love Video Conferencing Units Too!
2013-01-09/a>Richard PorterThe 80's called - They Want Their Mainframe Back!
2013-01-07/a>Adam SwangerPlease consider participating in our 2013 ISC StormCast survey at http://www.surveymonkey.com/s/stormcast
2013-01-04/a>Guy Bruneau"FixIt" Patch for CVE-2012-4792 Bypassed
2012-10-30/a>Mark HofmanCyber Security Awareness Month - Day 30 - DSD 35 mitigating controls
2012-10-29/a>Kevin ShorttCyber Security Awareness Month - Day 29 - Clear Desk: The Unacquainted Standard
2012-10-26/a>Russ McReeCyber Security Awareness Month - Day 26 - Attackers use trusted domain to propagate Citadel Zeus variant
2012-10-25/a>Richard PorterCyber Security Awareness Month - Day 25 - Pro Audio & Video Packets on the Wire
2012-10-24/a>Russ McReeCyber Security Awareness Month - Day 24 - A Standard for Information Security Incident Management - ISO 27035
2012-10-23/a>Rob VandenBrinkCyber Security Awareness Month - Day 23: Character Encoding Standards - ASCII and Successors
2012-10-21/a>Johannes UllrichCyber Security Awareness Month - Day 22: Connectors
2012-10-19/a>Johannes UllrichCyber Security Awareness Month - Day 19: Standard log formats and CEE.
2012-10-18/a>Rob VandenBrinkCyber Security Awareness Month - Day 18 - Vendor Standards: The vSphere Hardening Guide
2012-10-17/a>Rob VandenBrinkCyber Security Awareness Month - Day 17 - A Standard for Risk Management - ISO 27005
2012-10-16/a>Richard PorterCyberAwareness Month - Day 15, Standards Body Soup (pt2), Same Soup Different Cook.
2012-10-16/a>Johannes UllrichCyber Security Awareness Month - Day 16: W3C and HTML
2012-10-14/a>Pedro BuenoCyber Security Awareness Month - Day 14 - Poor Man's File Analysis System - Part 1
2012-10-13/a>Guy BruneauNew Poll - Cyber Security Awareness Month Activities 2012 - https://isc.sans.edu/poll.html
2012-10-12/a>Mark HofmanCyber Security Awareness Month - Day 12 PCI DSS
2012-10-11/a>Rob VandenBrinkCyber Security Awareness Month - Day 11 - Vendor Agnostic Standards (Center for Internet Security)
2012-10-10/a>Kevin ShorttCyber Security Awareness Month - Day 10 - Standard Sudo - Part Two
2012-10-09/a>Johannes UllrichCyber Security Awreness Month - Day 9 - Request for Comment (RFC)
2012-10-08/a>Mark HofmanCyber Security Awareness Month - Day 8 ISO 27001
2012-10-07/a>Tony CarothersCyber Security Awareness Month - Day 7 - Rollup Review of CSAM Week 1
2012-10-06/a>Manuel Humberto Santander PelaezCyber Security Awareness Month - Day 6 - NERC: The standard that enforces security on power SCADA
2012-10-05/a>Johannes UllrichCyber Security Awareness Month - Day 5: Standards Body Soup, So many Flavors in the bowl.
2012-10-04/a>Johannes UllrichCyber Security Awareness Month - Day 4: Crypto Standards
2012-10-03/a>Kevin ShorttCyber Security Awareness Month - Day 3 - Standard Sudo - Part One
2012-10-02/a>Russ McReeCyber Security Awareness Month - Day 2 - PCI Security Standard: Mobile Payment Acceptance Security Guidelines
2012-10-01/a>Johannes UllrichCyber Security Awareness Month
2012-09-23/a>Tony CarothersUpdate for CVE-2012-3132
2012-09-21/a>Guy BruneauUpdate for Vulnerabilities in Adobe Flash Player in Internet Explorer 10 (2755801)
2012-09-21/a>Guy BruneauIE Cumulative Updates MS12-063 - KB2744842
2012-09-09/a>Guy BruneauPhishing/Spam Pretending to be from BBB
2012-07-30/a>Guy BruneauEnd of Days for MS-CHAPv2
2012-07-18/a>Rob VandenBrinkVote NO to Weak Keys!
2012-07-15/a>Guy BruneauOracle July 2012 Critical Patch Pre-Release Announcement
2012-07-10/a>Rob VandenBrinkToday at SANSFIRE (09 July 2012) - ISC Panel Discussion on the State of the Internet
2012-06-18/a>Guy BruneauCVE-2012-1875 exploit is now available
2012-05-25/a>Guy BruneauTechnical Analysis of Flash Player CVE-2012-0779
2012-05-16/a>Johannes UllrichGot Packets? Odd duplicate DNS replies from 10.x IP Addresses
2012-05-05/a>Tony CarothersVulnerability Exploit for Snow Leopard
2012-04-27/a>Mark HofmanMicrosoft has added MSSQL 2008 R2 SP1 to the list of affected software for MS12-027 (Thanks Ryan). More info here --> http://technet.microsoft.com/security/bulletin/ms12-027
2012-04-19/a>Kevin ShorttOpenSSL Security Advisory - CVE-2012-2110
2012-04-12/a>Guy Bruneauwicd Privilege Escalation 0day exploit for Backtrack 5 R2
2012-02-03/a>Guy BruneauSophos 2012 Security Threat Report
2012-01-12/a>Rob VandenBrinkPHP 5.39 was release on the 10th, amongst other things, it addresses CVE-2011-4885 (prevents attacks based on hash collisions) and CVE-2011-4566 (integer overflow when parsing invalid exif header)
2011-12-21/a>Johannes UllrichNew Vulnerability in Windows 7 64 bit
2011-10-29/a>Richard PorterThe Sub Critical Control? Evidence Collection
2011-10-28/a>Russ McReeCritical Control 19: Data Recovery Capability
2011-10-28/a>Daniel WesemannCritical Control 20: Security Skills Assessment and Training to fill Gaps
2011-10-27/a>Mark BaggettCritical Control 18: Incident Response Capabilities
2011-10-26/a>Rick WannerCritical Control 17:Penetration Tests and Red Team Exercises
2011-10-17/a>Rob VandenBrinkCritical Control 11: Account Monitoring and Control
2011-10-13/a>Guy BruneauCritical Control 10: Continuous Vulnerability Assessment and Remediation
2011-10-12/a>Kevin ShorttCritical Control 8 - Controlled Use of Administrative Privileges
2011-10-11/a>Swa FrantzenCritical Control 7 - Application Software Security
2011-10-10/a>Jim ClausingCritical Control 6 - Maintenance, Monitoring, and Analysis of Security Audit Logs
2011-10-07/a>Mark HofmanCritical Control 5 - Boundary Defence
2011-10-06/a>Rob VandenBrinkApache HTTP Server mod_proxy reverse proxy issue
2011-10-04/a>Rob VandenBrinkCritical Control 2 - Inventory of Authorized and Unauthorized Software
2011-10-04/a>Johannes UllrichCritical Control 3 - Secure Configurations for Hardware and Software on Laptops, Workstations and Servers
2011-10-03/a>Mark BaggettWhat are the 20 Critical Controls?
2011-10-03/a>Tom ListonSecurity 101 : Security Basics in 140 Characters Or Less
2011-10-03/a>Mark HofmanCritical Control 1 - Inventory of Authorized and Unauthorized Devices
2011-10-02/a>Mark HofmanCyber Security Awareness Month Day 1/2 - Schedule
2011-10-02/a>Mark HofmanCyber Security Awareness Month Day 1/2 - Introduction to the controls
2011-09-21/a>Mark HofmanOctober 2011 Cyber Security Awareness Month
2011-08-30/a>Johannes UllrichA Packet Challenge: Help us identify this traffic
2011-08-15/a>Rob VandenBrink8 Years since the Eastern Seaboard Blackout - Has it Been that Long?
2011-08-10/a>Guy BruneauSamba 3.6.0 Released
2011-06-30/a>Rob VandenBrinkUpdate for RSA Authentication Manager
2011-05-22/a>Kevin ShorttFacebook goes two-factor
2011-04-28/a>Chris MohanGathering and use of location information fears - or is it all a bit too late
2011-04-21/a>Guy BruneauSilverlight Update Available
2011-04-18/a>John BambenekWordpress.com Security Breach
2011-04-15/a>Kevin ListonMS11-020 (KB2508429) Upgrading from Critical to PATCH NOW
2011-04-11/a>Johannes UllrichLayer 2 DoS and other IPv6 Tricks
2011-02-23/a>Manuel Humberto Santander PelaezBind DOS vulnerability (CVE-2011-0414)
2011-02-21/a>Adrien de BeaupreWhat’s New, it's Python 3.2
2011-01-08/a>Guy BruneauPandaLabs 2010 Annual Report
2011-01-03/a>Johannes UllrichWhat Will Matter in 2011
2010-12-20/a>Guy BruneauHighlight of Survey Related to Issues Affecting Businesses in 2010
2010-12-20/a>Guy BruneauPatch Issues with Outlook 2007
2010-12-15/a>Manuel Humberto Santander PelaezHP StorageWorks P2000 G3 MSA hardcoded user
2010-11-16/a>Guy Bruneau OpenSSL TLS Extension Parsing Race Condition
2010-10-31/a>Marcus SachsCyber Security Awareness Month - Day 31 - Tying it all together
2010-10-30/a>Guy BruneauSecurity Update for Shockwave Player
2010-10-30/a>Guy BruneauCyber Security Awareness Month - Day 30 - Role of the network team
2010-10-29/a>Manuel Humberto Santander PelaezCyber Security Awareness Month - Day 29- Role of the office geek
2010-10-28/a>Rick WannerCyber Security Awareness Month - Day 27 - Social Media use in the office
2010-10-28/a>Tony CarothersCyber Security Awareness Month - Day 28 - Role of the employee
2010-10-28/a>Manuel Humberto Santander PelaezCVE-2010-3654 - New dangerous 0-day authplay library adobe products vulnerability
2010-10-26/a>Pedro BuenoCyber Security Awareness Month - Day 26 - Sharing Office Files
2010-10-25/a>Kevin ShorttCyber Security Awareness Month - Day 25 - Using Home Computers for Work
2010-10-24/a>Swa FrantzenCyber Security Awarenes Month - Day 24 - Using work computers at home
2010-10-23/a>Mark HofmanCyber Security Awareness Month - Day 23 - The Importance of compliance
2010-10-22/a>Daniel WesemannCyber Security Awareness Month - Day 22 - Security of removable media
2010-10-21/a>Chris CarboniCyber Security Awareness Month - Day 21 - Impossible Requests from the Boss
2010-10-20/a>Jim ClausingCyber Security Awareness Month - Day 20 - Securing Mobile Devices
2010-10-19/a>Rob VandenBrinkCyber Security Awareness Month - Day 19 - Remote Access Tools
2010-10-19/a>Rob VandenBrinkCyber Security Awareness Month - Day 19 - Remote User VPN Tunnels - to Split or not to Split?
2010-10-19/a>Rob VandenBrinkCyber Security Awareness Month - Day 19 - VPN Architectures – SSL or IPSec?
2010-10-19/a>Rob VandenBrinkCyber Security Awareness Month - Day 19 - Remote User VPN Access – Are things getting too easy, or too hard?
2010-10-19/a>Rob VandenBrinkCyber Security Awareness Month - Day 19 - VPN and Remote Access Tools
2010-10-18/a>Manuel Humberto Santander PelaezCyber Security Awareness Month - Day 18 - What you should tell your boss when there's a crisis
2010-10-17/a>Stephen HallCyber Security Awareness Month - Day 17 - What a boss should and should not have access to
2010-10-15/a>Marcus SachsCyber Security Awareness Month - Day 15 - What Teachers Need to Know About Their Students
2010-10-15/a>Guy BruneauCyber Security Awareness Month - Day 16 - Securing a donated computer
2010-10-14/a>Johannes UllrichCyber Security Awareness Month - Day 14 - Securing a public computer
2010-10-13/a>Deborah HaleCyber Security Awareness Month - Day 13 - Online Bullying
2010-10-12/a>Scott FendleyCyber Security Awareness Month - Day 12 - Protecting and Managing Your Digital Identity On Social Media Sites
2010-10-11/a>Rick WannerCyber Security Awareness Month - Day 11 - Safe Browsing for Teens
2010-10-10/a>Kevin ListonCyber Security Awareness Month - Day 10 - Safe browsing for pre-teens
2010-10-09/a>Kevin ShorttCyber Security Awareness Month - Day 9 - Disposal of an Old Computer
2010-10-08/a>Rick WannerCyber Security Awareness Month - Day 8 - Patch Management and System Updates
2010-10-06/a>Rob VandenBrinkCyber Security Awareness Month - Day 7 - Remote Access and Monitoring Tools
2010-10-06/a>Marcus SachsCyber Security Awareness Month - Day 6 - Computer Monitoring Tools
2010-10-05/a>Rick WannerCyber Security Awareness Month - Day 5 - Sites you should stay away from
2010-10-04/a>Daniel WesemannCyber Security Awareness Month - Day 4 - Managing EMail
2010-10-03/a>Adrien de Beaupre Cyber Security Awareness Month - Day 3 - Recognizing phishing and online scams
2010-10-02/a>Mark HofmanCyber Security Awareness Month - Day 2 - Securing the Family Network
2010-10-01/a>Marcus SachsCyber Security Awareness Month - 2010
2010-10-01/a>Marcus SachsCyber Security Awareness Month - Day 1 - Securing the Family PC
2010-09-17/a>Robert DanfordCirca 2007 Linux Kernel Vulnerability Resurfaces (Was CVE-2007-4573, Now CVE-2010-3301)
2010-09-13/a>Manuel Humberto Santander PelaezAdobe SING table parsing exploit (CVE-2010-2883) in the wild
2010-09-12/a>Manuel Humberto Santander PelaezAdobe Acrobat pushstring Memory Corruption paper
2010-09-08/a>John BambenekAdobe Acrobat/Reader 0-day in Wild, Adobe Issues Advisory
2010-08-25/a>Pedro BuenoAdobe released security update for Shockwave player that fix several CVEs: APSB1020
2010-08-22/a>Manuel Humberto Santander PelaezSCADA: A big challenge for information security professionals
2010-07-29/a>Rob VandenBrinkSnort 2.8.6.1 and Snort 2.9 Beta Released
2010-07-26/a>Guy BruneauSophosLabs Released Free Tool to Validate Microsoft Shortcut
2010-07-20/a>Manuel Humberto Santander PelaezLNK vulnerability now with Metasploit module implementing the WebDAV method
2010-07-20/a>Manuel Humberto Santander PelaeziTunes buffer overflow vulnerability
2010-07-10/a>Tony CarothersOracle July 2010 Pre-Release Announcement
2010-06-15/a>Manuel Humberto Santander PelaezMicrosoft Windows Help and Support Center vulnerability (CVE 2010-1885) exploit in the wild
2010-05-12/a>Rob VandenBrinkLayer 2 Security - Private VLANs (the Story Continues ...)
2010-04-27/a>Rob VandenBrinkLayer 2 Security - L2TPv3 for Disaster Recovery Sites
2010-04-22/a>Guy BruneauMS10-025 Security Update has been Pulled
2010-04-16/a>G. N. WhiteMS10-021: Encountering A Failed WinXP Update
2010-03-28/a>Rick WannerHoneynet Project: 2010 Forensic Challenge #3
2010-03-10/a>Rob VandenBrinkMicrosoft re-release of KB973811 - attacks on Extended Protection for Authentication
2010-03-01/a>Mark HofmanMicrosoft will drop support for Vista (without any Service Packs) on April 13 and support for XP SP2 ends July 13. (i.e. no more security updates). If you are still running these, it it time to update.
2010-02-23/a>Mark HofmanWhat is your firewall telling you and what is TCP249?
2010-02-21/a>Tony CarothersTCP Port 12174 Request For Packets
2010-02-17/a>Rob VandenBrinkDefining Clouds - " A Cloud by any Other Name Would be a Lot Less Confusing"
2010-02-01/a>Rob VandenBrinkNMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?
2010-01-19/a>Jim ClausingThe IE saga continues, out-of-cycle patch coming soon
2010-01-15/a>Kevin ListonExploit code available for CVE-2010-0249
2010-01-12/a>Adrien de BeauprePoC for CVE-2009-0689 MacOS X 10.5/10.6 vulnerability
2010-01-04/a>Bojan ZdrnjaSophisticated, targeted malicious PDF documents exploiting CVE-2009-4324
2009-12-29/a>Rick WannerWhat's up with port 12174? Possible Symantec server compromise?
2009-12-07/a>Rob VandenBrinkLayer 2 Network Protections – reloaded!
2009-11-14/a>Adrien de BeaupreMicrosoft advisory for Windows 7 / Windows Server 2008 R2 Remote SMB DoS Exploit released
2009-11-12/a>Rob VandenBrinkWindows 7 / Windows Server 2008 Remote SMB Exploit
2009-11-11/a>Rob VandenBrinkLayer 2 Network Protections against Man in the Middle Attacks
2009-10-31/a>Rick WannerCyber Security Awareness Month - Day 31, ident
2009-10-30/a>Rob VandenBrinkCyber Security Awareness Month - Day 30 - The "Common" IPSEC VPN Protocols - IKE / ISAKMP (500/udp), ESP (IP Protocol 50), NAT-T-IKE (500/udp, 4500/udp), PPTP (tcp/1723), GRE (IP Protocol 47)
2009-10-29/a>Kyle HaugsnessCyber Security Awareness Month - Day 29 - dns port 53
2009-10-28/a>Johannes UllrichCyber Security Awareness Month - Day 28 - ntp (123/udp)
2009-10-25/a>Lorna HutchesonCyber Security Awareness Month - Day 25 - Port 80 and 443
2009-10-22/a>Adrien de BeaupreCyber Security Awareness Month - Day 22 port 502 TCP - Modbus
2009-10-22/a>Adrien de BeaupreSysinternals updates: Disk2vhd v1.1, ZoomIt v4.1, Coreinfo v2.0, VMMap v2.4
2009-10-19/a>Daniel WesemannCyber Security Awareness Month - Day 19 - ICMP
2009-10-17/a>Rick WannerCyber Security Awareness Month - Day 17 - Port 22/SSH
2009-10-16/a>Adrien de BeaupreCyber Security Awareness Month - Day 16 - Port 1521 - Oracle TNS Listener
2009-10-11/a>Mark HofmanCyber Security Awareness Month - Day 12 Ports 161/162 Simple Network Management Protocol (SNMP)
2009-10-09/a>Rob VandenBrinkCyber Security Awareness Month - Day 9 - Port 3389/tcp (RDP)
2009-10-08/a>Johannes UllrichCyber Security Awareness Month - Day 8 - Port 25 - SMTP
2009-10-06/a>Adrien de BeaupreCyber Security Awareness Month - Day 6 ports 67&68 udp - bootp and dhcp
2009-10-05/a>Adrien de BeaupreCyber Security Awareness Month - Day 5 port 31337
2009-09-16/a>Bojan ZdrnjaSMB2 remote exploit released
2009-09-08/a>Guy BruneauVista/2008/Windows 7 SMB2 BSOD 0Day
2009-09-07/a>Jim ClausingRequest for packets
2009-08-28/a>Adrien de BeaupreWPA with TKIP done
2009-08-08/a>Kevin ListonSun OpenSSO Enterprise/Sun Access Manager XML Vulnerabilities
2009-07-12/a>Mari NicholsCA Apologizes for False Positive
2009-06-20/a>Mark HofmanG'day from Sansfire2009
2009-06-14/a>Guy BruneauSANSFIRE 2009 Starts Tomorrow
2009-05-28/a>Stephen HallMicrosoft DirectShow vulnerability
2009-05-27/a>donald smithWebDAV write-up
2009-05-26/a>Jason LamVista & Win2K8 SP2 available
2009-05-02/a>Rick WannerSignificant increase in port 2967 traffic
2009-03-24/a>G. N. WhiteCanSecWest Pwn2Own: Would IE8 have been exploitable had the event waited one more day?
2009-02-19/a>Bojan ZdrnjaMS09-002, XML/DOC and initial infection vector
2009-02-17/a>Bojan ZdrnjaMS09-002 exploit in the wild
2009-01-31/a>Swa FrantzenVMware updates
2008-11-04/a>Marcus SachsCyber Security Awareness Month 2008 - Summary and Links
2008-11-03/a>Joel EslerDay 34 -- Feeding The Lessons Learned Back to the Preparation Phase
2008-11-02/a>Mari NicholsDay 33 - Working with Management to Improve Processes
2008-11-01/a>Koon Yaw TanDay 32 - What Should I Make Public?
2008-10-31/a>Rick WannerDay 31 - Legal Awareness
2008-10-30/a>Kevin ListonDay 30 - Applying Patches and Updates
2008-10-29/a>Deborah HaleDay 29 - Should I Switch Software Vendors?
2008-10-28/a>Jason LamDay 28 - Avoiding Finger Pointing and the Blame Game
2008-10-27/a>Johannes UllrichDay 27 - Validation via Vulnerability Scanning
2008-10-25/a>Koon Yaw TanDay 25 - Finding and Removing Hidden Files and Directories
2008-10-25/a>Rick WannerDay 26 - Restoring Systems from Backup
2008-10-24/a>Stephen HallDay 24 - Cleaning Email Servers and Clients
2008-10-22/a>Johannes UllrichDay 22 - Wiping Disks and Media
2008-10-22/a>Chris CarboniDay 23 - Turning off Unused Services
2008-10-21/a>Johannes UllrichDay 21 - Removing Bots, Keyloggers, and Spyware
2008-10-20/a>Raul SilesDay 20 - Eradicating a Rootkit
2008-10-19/a>Lorna HutchesonDay 19 - Eradication: Forensic Analysis Tools - What Happened?
2008-10-17/a>Patrick NolanDay 17 - Containing a DNS Hijacking
2008-10-17/a>Rick WannerDay 18 - Containing Other Incidents
2008-10-16/a>Mark HofmanDay 16 - Containing a Malware Outbreak
2008-10-15/a>Rick WannerDay 15 - Containing the Damage From a Lost or Stolen Laptop
2008-10-14/a>Swa FrantzenDay 14 - Containment: a Personal IdentityTheft Incident
2008-10-13/a>Adrien de BeaupreDay 13 - Containment: Containing on Production Systems Such as a Web Server
2008-10-12/a>Mari NicholsDay 12 Containment: Gathering Evidence That Can be Used in Court
2008-10-11/a>Stephen HallDay 11 - Identification: Other Methods of Identifying an Incident
2008-10-10/a>Marcus SachsDay 10 - Identification: Using Your Help Desk to Identify Security Incidents
2008-10-09/a>Marcus SachsDay 9 - Identification: Log and Audit Analysis
2008-10-08/a>Johannes UllrichDay 8 - Global Incident Awareness
2008-10-07/a>Kyle HaugsnessDay 7 - Identification: Host-based Intrusion Detection Systems
2008-10-06/a>Jim ClausingDay 6 - Network-based Intrusion Detection Systems
2008-10-05/a>Stephen HallDay 5 - Identification: Events versus Incidents
2008-10-04/a>Marcus SachsDay 4 - Preparation: What Goes Into a Response Kit
2008-10-03/a>Jason LamDay 3 - Preparation: Building Checklists
2008-10-02/a>Marcus SachsDay 2 - Preparation: Building a Response Team
2008-10-01/a>Marcus SachsDay 1 - Preparation: Policies, Management Support, and User Awareness
2008-09-30/a>Marcus SachsCyber Security Awareness Month - Daily Topics
2008-09-15/a>donald smithFake antivirus 2009 and search engine results
2008-08-26/a>John BambenekActive attacks using stolen SSH keys (UPDATED)
2008-08-15/a>Jim ClausingAnother MS update that may have escaped notice
2008-04-27/a>Marcus SachsWhat's With Port 20329?
2008-04-22/a>donald smithXP SP3 RC2 Available
2008-04-10/a>Deborah HaleSymantec Threatcon Level 2
2006-09-19/a>Swa FrantzenYet another MSIE 0-day: VML
2006-09-15/a>Swa FrantzenMSIE DirectAnimation ActiveX 0-day update
2006-09-12/a>Swa FrantzenMicrosoft security patches for September 2006
2000-01-02/a>Deborah Hale2010 A Look Back - 2011 A Look Ahead
2000-01-01/a>Manuel Humberto Santander PelaezHappy New Year 2011!!!

NETWORK

2023-08-26/a>Xavier MertensmacOS: Who?s Behind This Network Connection?
2023-01-02/a>Xavier MertensNetworkMiner 2.8 Released
2022-01-25/a>Brad DuncanEmotet Stops Using 0.0.0.0 in Spambot Traffic
2021-12-06/a>Xavier MertensThe Importance of Out-of-Band Networks
2021-06-18/a>Daniel WesemannNetwork Forensics on Azure VMs (Part #2)
2021-06-17/a>Daniel Wesemann Network Forensics on Azure VMs (Part #1)
2021-01-30/a>Guy BruneauPacketSifter as Network Parsing and Telemetry Tool
2019-10-16/a>Xavier MertensSecurity Monitoring: At Network or Host Level?
2019-10-06/a>Russ McReevisNetwork for Network Data
2019-07-20/a>Guy BruneauRe-evaluating Network Security - It is Increasingly More Complex
2019-03-27/a>Xavier MertensRunning your Own Passive DNS Service
2018-06-06/a>Xavier MertensConverting PCAP Web Traffic to Apache Log
2017-12-02/a>Xavier MertensUsing Bad Material for the Good
2017-09-28/a>Xavier MertensThe easy way to analyze huge amounts of PCAP data
2017-02-17/a>Rob VandenBrinkRTRBK - Router / Switch / Firewall Backups in PowerShell (tool drop)
2017-01-13/a>Xavier MertensWho's Attacking Me?
2017-01-12/a>Mark BaggettSome tools updates
2016-05-26/a>Xavier MertensKeeping an Eye on Tor Traffic
2015-04-17/a>Didier StevensMemory Forensics Of Network Devices
2015-03-16/a>Johannes UllrichAutomatically Documenting Network Connections From New Devices Connected to Home Networks
2014-10-13/a>Lorna HutchesonFor or Against: Port Security for Network Access Control
2014-06-03/a>Basil Alawi S.TaherAn Introduction to RSA Netwitness Investigator
2014-01-24/a>Chris MohanPhishing via Social Media
2013-11-30/a>Russ McReeA review of Tubes, A Journey to the Center of the Internet
2013-07-17/a>Johannes UllrichNetwork Solutions Outage
2013-07-13/a>Lenny ZeltserDecoy Personas for Safeguarding Online Identity Using Deception
2013-02-03/a>Lorna HutchesonIs it Really an Attack?
2012-12-31/a>Manuel Humberto Santander PelaezHow to determine which NAC solutions fits best to your needs
2012-08-30/a>Bojan ZdrnjaAnalyzing outgoing network traffic (part 2)
2012-08-23/a>Bojan ZdrnjaAnalyzing outgoing network traffic
2012-04-06/a>Johannes UllrichSocial Share Privacy
2011-08-05/a>Johannes UllrichMicrosoft Patch Tuesday Advance Notification: 13 Bulletins coming http://www.microsoft.com/technet/security/Bulletin/MS11-aug.mspx
2011-05-25/a>Lenny ZeltserMonitoring Social Media for Security References to Your Organization
2011-02-14/a>Lorna HutchesonNetwork Visualization
2011-01-23/a>Richard PorterCrime is still Crime!
2010-12-21/a>Rob VandenBrinkNetwork Reliability, Part 2 - HSRP Attacks and Defenses
2010-11-22/a>Lenny ZeltserBrand Impersonations On-Line: Brandjacking and Social Networks
2010-11-08/a>Manuel Humberto Santander PelaezNetwork Security Perimeter: How to choose the correct firewall and IPS for your environment?
2010-09-16/a>Johannes UllrichFacebook "Like Pages"
2010-08-05/a>Rob VandenBrinkAccess Controls for Network Infrastructure
2010-07-07/a>Kevin ShorttFacebook, Facebook, What Do YOU See?
2010-06-10/a>Deborah HaleTop 5 Social Networking Media Risks
2010-04-18/a>Guy BruneauSome NetSol hosted sites breached
2009-12-07/a>Rob VandenBrinkLayer 2 Network Protections – reloaded!
2009-11-25/a>Jim ClausingTool updates
2009-11-11/a>Rob VandenBrinkLayer 2 Network Protections against Man in the Middle Attacks
2009-08-13/a>Jim ClausingNew and updated cheat sheets
2009-08-03/a>Mark HofmanSwitch hardening on your network
2009-07-28/a>Adrien de BeaupreYYAMCCBA
2009-05-28/a>Jim ClausingStego in TCP retransmissions
2009-05-18/a>Rick WannerCisco SAFE Security Reference Guide Updated
2008-04-07/a>John BambenekNetwork Solutions Technical Difficulties? Enom too

PROTECTIONS

2009-12-07/a>Rob VandenBrinkLayer 2 Network Protections – reloaded!
2009-11-11/a>Rob VandenBrinkLayer 2 Network Protections against Man in the Middle Attacks
2009-10-30/a>Rob VandenBrinkNew version of NIST 800-41, Firewalls and Firewall Policy Guidelines

BROADCAST

2009-12-07/a>Rob VandenBrinkLayer 2 Network Protections – reloaded!

MACOF

2009-12-07/a>Rob VandenBrinkLayer 2 Network Protections – reloaded!

FLOOD

2009-12-07/a>Rob VandenBrinkLayer 2 Network Protections – reloaded!
2008-07-15/a>Maarten Van HorenbeeckBot controller mimicry
2008-06-13/a>Johannes UllrichFloods: More of the same (2)

MAC

2024-10-28/a>Johannes UllrichApple Updates Everything
2024-10-07/a>Xavier MertensmacOS Sequoia: System/Network Admins, Hold On!
2024-07-30/a>Johannes UllrichApple Patches Everything. July 2024 Edition
2024-07-10/a>Jesse La GrewFinding Honeypot Data Clusters Using DBSCAN: Part 1
2024-01-22/a>Johannes UllrichApple Updates Everything - New 0 Day in WebKit
2024-01-19/a>Xavier MertensmacOS Python Script Replacing Wallet Applications with Rogue Apps
2023-12-11/a>Johannes UllrichApple Patches Everything
2023-09-26/a>Johannes UllrichApple Releases MacOS Sonoma Including Numerous Security Patches
2023-09-11/a>Johannes UllrichApple fixes 0-Day Vulnerability in Older Operating Systems
2023-09-07/a>Johannes UllrichApple Releases iOS/iPadOS 16.6.1, macOS 13.5.2, watchOS 9.6.2 fixing two zeroday vulnerabilities
2023-08-26/a>Xavier MertensmacOS: Who?s Behind This Network Connection?
2023-06-22/a>Johannes UllrichApple Patches Exploited Vulnerabilities in iOS/iPadOS, macOS, watchOS and Safari
2023-04-07/a>Johannes UllrichApple Patching Two 0-Day Vulnerabilities in iOS and macOS
2023-03-27/a>Johannes UllrichApple Updates Everything (including Studio Display)
2022-07-26/a>Xavier MertensHow is Your macOS Security Posture?
2022-07-20/a>Johannes UllrichApple Patches Everything Day
2022-04-20/a>Brad Duncan"aa" distribution Qakbot (Qbot) infection with DarkVNC traffic
2022-03-31/a>Johannes UllrichApple Patches Actively Exploited Vulnerability in macOS, iOS and iPadOS,
2022-03-25/a>Xavier MertensXLSB Files: Because Binary is Stealthier Than XML
2022-03-14/a>Johannes UllrichApple Updates Everything: MacOS 12.3, XCode 13.3, tvOS 15.4, watchOS 8.5, iPadOS 15.4 and more
2022-02-10/a>Johannes UllrichiOS/iPadOS and MacOS Update: Single WebKit 0-Day Vulnerability Patched
2022-01-27/a>Johannes UllrichApple Patches Everything
2022-01-22/a>Xavier MertensMixed VBA & Excel4 Macro In a Targeted Excel Sheet
2021-12-28/a>Russ McReeLotL Classifier tests for shells, exfil, and miners
2021-12-20/a>Jan KoprivaPowerPoint attachments, Agent Tesla and code reuse in malware
2021-12-02/a>Brad DuncanTA551 (Shathak) pushes IcedID (Bokbot)
2021-09-23/a>Xavier MertensExcel Recipe: Some VBA Code with a Touch of Excel4 Macro
2021-09-01/a>Brad DuncanSTRRAT: a Java-based RAT that doesn't care if you have Java
2021-08-06/a>Xavier MertensMalicious Microsoft Word Remains A Key Infection Vector
2021-04-23/a>Xavier MertensMalicious PowerPoint Add-On: "Small Is Beautiful"
2021-03-12/a>Guy BruneauMicrosoft DHCP Logs Shipped to ELK
2021-03-03/a>Brad DuncanQakbot infection with Cobalt Strike
2021-02-25/a>Daniel WesemannForensicating Azure VMs
2021-02-23/a>Jan KoprivaQakbot in a response to Full Disclosure post
2021-02-05/a>Xavier MertensVBA Macro Trying to Alter the Application Menus
2021-02-03/a>Brad DuncanExcel spreadsheets push SystemBC malware
2021-02-02/a>Xavier MertensNew Example of XSL Script Processing aka "Mitre T1220"
2021-01-26/a>Brad DuncanTA551 (Shathak) Word docs push Qakbot (Qbot)
2021-01-20/a>Brad DuncanQakbot activity resumes after holiday break
2021-01-14/a>Bojan ZdrnjaDynamically analyzing a heavily obfuscated Excel 4 macro malicious file
2021-01-13/a>Brad DuncanHancitor activity resumes after a hoilday break
2020-12-22/a>Xavier MertensMalware Victim Selection Through WiFi Identification
2020-12-09/a>Brad DuncanRecent Qakbot (Qbot) activity
2020-11-20/a>Xavier MertensMalicious Python Code and LittleSnitch Detection
2020-11-09/a>Xavier MertensHow Attackers Brush Up Their Malicious Scripts
2020-10-26/a>Didier StevensExcel 4 Macros: "Abnormal Sheet Visibility"
2020-10-14/a>Brad DuncanMore TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-09-23/a>Xavier MertensMalicious Word Document with Dynamic Content
2020-09-18/a>Xavier MertensA Mix of Python & VBA in a Malicious Word Document
2020-09-10/a>Brad DuncanRecent Dridex activity
2020-09-09/a>Johannes UllrichA First Look at macOS 11 Big Sur Network Traffic (New! Now with more GREASE!)
2020-08-26/a>Xavier MertensMalicious Excel Sheet with a NULL VT Score
2020-08-19/a>Xavier MertensExample of Word Document Delivering Qakbot
2020-08-07/a>Brad DuncanTA551 (Shathak) Word docs push IcedID (Bokbot)
2020-08-06/a>Xavier MertensA Fork of the FTCode Powershell Ransomware
2020-08-03/a>Xavier MertensPowershell Bot with Multiple C2 Protocols
2020-07-15/a>Brad DuncanWord docs with macros for IcedID (Bokbot)
2020-07-11/a>Guy BruneauVMware XPC Client validation privilege escalation vulnerability - https://www.vmware.com/security/advisories/VMSA-2020-0017.html
2020-07-10/a>Brad DuncanExcel spreasheet macro kicks off Formbook infection
2020-07-04/a>Russ McReeHappy FouRth of July from the Internet Storm Center
2020-06-12/a>Xavier MertensMalicious Excel Delivering Fileless Payload
2020-06-10/a>Brad DuncanJob application-themed malspam pushes ZLoader
2020-06-01/a>Didier StevensXLMMacroDeobfuscator: An Update
2020-05-20/a>Brad DuncanMicrosoft Word document with malicious macro pushes IcedID (Bokbot)
2020-04-05/a>Guy BruneauMaldoc XLS Invoice with Excel 4 Macros
2020-03-29/a>Didier StevensObfuscated Excel 4 Macros
2020-03-18/a>Brad DuncanTrickbot gtag red5 distributed as a DLL file
2020-03-09/a>Didier StevensMalicious Spreadsheet With Data Connection and Excel 4 Macros
2020-03-06/a>Xavier MertensA Safe Excel Sheet Not So Safe
2020-02-24/a>Didier StevensMaldoc: Excel 4 Macros and VBA, Devil and Angel?
2020-02-23/a>Didier StevensMaldoc: Excel 4 Macros in OOXML Format
2020-02-21/a>Xavier MertensQuick Analysis of an Encrypted Compound Document Format
2020-01-22/a>Brad DuncanGerman language malspam pushes Ursnif
2020-01-09/a>Xavier MertensQuick Analyzis of a(nother) Maldoc
2019-12-11/a>Brad DuncanGerman language malspam pushes yet another wave of Trickbot
2019-12-04/a>Jan KoprivaAnalysis of a strangely poetic malware
2019-10-02/a>Brad DuncanA recent example of Emotet malspam
2019-09-26/a>Rob VandenBrinkMining MAC Address and OUI Information
2019-09-18/a>Brad DuncanEmotet malspam is back
2019-07-08/a>Didier StevensMachine Code? No!
2019-07-04/a>Didier StevensMachine Code?
2019-06-18/a>Brad DuncanMalspam with password-protected Word docs pushing Dridex
2019-03-17/a>Didier StevensVideo: Maldoc Analysis: Excel 4.0 Macro
2019-03-16/a>Didier StevensMaldoc: Excel 4.0 Macros
2019-03-13/a>Brad DuncanMalspam pushes Emotet with Qakbot as the follow-up malware
2019-01-24/a>Brad DuncanMalspam with Word docs uses macro to run Powershell script and steal system data
2018-12-18/a>Brad DuncanMalspam links to password-protected Word docs that push IcedID (Bokbot)
2018-11-27/a>Xavier MertensMore obfuscated shell scripts: Fake MacOS Flash update
2018-11-15/a>Brad DuncanEmotet infection with IcedID banking Trojan
2018-11-04/a>Pasquale StirparoBeyond good ol' LaunchAgent - part 1
2018-10-21/a>Pasquale StirparoBeyond good ol’ LaunchAgent - part 0
2018-08-24/a>Xavier MertensMicrosoft Publisher Files Delivering Malware
2018-06-29/a>Remco VerhoefCrypto community target of MacOS malware
2018-05-25/a>Xavier MertensAntivirus Evasion? Easy as 1,2,3
2018-05-23/a>Remco VerhoefTrack naughty and nice binaries with Google Santa
2018-05-01/a>Xavier MertensDiving into a Simple Maldoc Generator
2017-12-19/a>Xavier MertensExample of 'MouseOver' Link in a Powerpoint File
2017-12-16/a>Xavier MertensMicrosoft Office VBA Macro Obfuscation via Metadata
2017-11-15/a>Xavier MertensIf you want something done right, do it yourself!
2017-09-19/a>Jim ClausingNew tool: mac-robber.py
2017-02-26/a>Guy BruneauIt is Tax Season - Watch out for Suspicious Attachment
2016-09-30/a>Xavier MertensAnother Day, Another Malicious Behaviour
2015-02-19/a>Daniel WesemannMacros? Really?!
2014-01-24/a>Chris MohanSecurity Update for OS X for CVE-2014-1252 http://support.apple.com/kb/HT6117
2013-12-17/a>Adrien de BeaupreApple security updates Mac OS X and Safari
2013-10-22/a>Richard PorterGreenbone and OpenVAS Scanner
2013-10-02/a>John BambenekObamacare related domain registration spike, Government shutdown domain registration beginning
2013-09-10/a>Swa FrantzenMacs need to patch too!
2013-08-09/a>Kevin ShorttCopy Machines - Changing Scanned Content
2013-03-02/a>Scott FendleyApple Blocks Older Insecure Versions of Flash Player
2012-07-05/a>Adrien de BeaupreNew OS X trojan backdoor MaControl variant reported
2012-05-05/a>Tony CarothersVulnerability Exploit for Snow Leopard
2012-04-12/a>Guy BruneauApple Java Updates for Mac OS X
2012-02-24/a>Guy BruneauFlashback Trojan in the Wild
2012-02-04/a>Scott FendleyApple Security Advisory 2012-001 v1.1
2011-08-05/a>donald smithNew Mac Trojan: BASH/QHost.WB
2011-06-23/a>Jim ClausingApple Security Updates 2011-004
2011-06-15/a>Pedro BuenoHit by MacDefender, Apple Web Security (name your Mac FakeAV here)...
2011-05-26/a>Swa FrantzenMacDefender ups the ante with removing the password need for installation
2011-05-06/a>Richard PorterUnpatched Exploit: Skype for MAC
2010-11-16/a>Guy BruneauMac OS X Server v10.6.5 (10H575) Security Update: http://support.apple.com/kb/HT4452
2010-06-17/a>Deborah HaleDigital Copy Machines - Security Risk?
2010-06-15/a>Manuel Humberto Santander PelaezApple releases advisory for Mac OS X - Multiple vulnerabilities discovered
2010-03-29/a>Adrien de BeaupreAPPLE-SA-2010-03-29-1 Security Update 2010-002 / Mac OS X v10.6.3
2010-02-05/a>Jim ClausingMemory Analysis - time to move beyond XP
2010-01-12/a>Adrien de BeauprePoC for CVE-2009-0689 MacOS X 10.5/10.6 vulnerability
2009-12-07/a>Rob VandenBrinkLayer 2 Network Protections – reloaded!
2009-11-09/a>Guy BruneauApple Security Update 2009-006 for Mac OS X v10.6.2
2009-01-24/a>Pedro BuenoIdentifying and Removing the iWork09 Trojan
2008-07-17/a>Mari NicholsFirefox Releases 3.0.1 and fixes 3 security vulnerabilities
2008-04-30/a>Bojan Zdrnja(Minor) evolution in Mac DNS changer malware
2008-04-02/a>Adrien de BeaupreWhen is a DMG file not a DMG file
2006-12-12/a>Swa FrantzenMicrosoft Office 2004 - Mac OS X updated
2006-11-29/a>Toby KohlenbergNew Vulnerability Announcement and patches from Apple