- Slightly broken overlay phishing
- A blast from the past - XXEncoded VB6.0 Trojan
- Security.txt - one small file for an admin, one giant help to a security researcher
- Definition of 'overkill' - using 130 MB executable to hide 24 kB malware
- What pages do bad bots look for?
- Couple of interesting Covid-19 related stats
- Using Shell Links as zero-touch downloaders and to initiate network connections
- VMware security advisory VMSA-2020-0015
- Broken phishing accidentally exploiting Outlook zero-day
- Frankenstein's phishing using Google Cloud Storage
- Agent Tesla delivered by the same phishing campaign for over a year
- Look at the same phishing campaign 3 months apart
- Crashing explorer.exe with(out) a click
- Desktop.ini as a post-exploitation tool
- Secure vs. cleartext protocols - couple of interesting stats
- Quick look at a couple of current online scam campaigns
- Discovering contents of folders in Windows without permissions
- Current PayPal phishing campaign or "give me all your personal information"
- Analysis of a triple-encrypted AZORult downloader
- Picks of 2019 malware - the large, the small and the one full of null bytes
- Internet banking sites and their use of TLS... and SSLv3... and SSLv2?!
- Phishing with a self-contained credentials-stealing webpage
- E-mail from Agent Tesla
- Analysis of a strangely poetic malware
- Lessons learned from playing a willing phish
- Did the recent malicious BlueKeep campaign have any positive impact when it comes to patching?
- EML attachments in O365 - a recipe for phishing
- Phishing e-mail spoofing SPF-enabled domain
Threat Level: green
Handler on Duty: Johannes Ullrich
SANS ISC: ISC Handlers ISC Handlers
Questions? Feedback?
Use our contact form or
report bugs here
For interactive help and to chat with other users, try our Slack group.
Use our contact form or
report bugs here
For interactive help and to chat with other users, try our Slack group.
This site is powered by your submissions, so tell us what you see happening
