Date Author Title
2024-02-22Johannes UllrichLarge AT&T Wireless Network Outage #att #outage
2024-02-03Guy BruneauDShield Sensor Log Collection with Elasticsearch
2024-01-25Xavier MertensFacebook AdsManager Targeted by a Python Infostealer
2024-01-08Jesse La GrewWhat is that User Agent?
2023-11-15Xavier MertensRedline Dropped Through MSIX Package
2023-08-23Xavier MertensMore Exotic Excel Files Dropping AgentTesla
2023-08-21Xavier MertensQuick Malware Triage With Inotify Tools
2023-07-07Xavier MertensDSSuite (Didier's Toolbox) Docker Image Update
2023-07-01Russ McReeSandfly Security
2023-06-27Xavier MertensThe Importance of Malware Triage
2023-05-30Brad DuncanMalspam pushes ModiLoader (DBatLoader) infection for Remcos RAT
2023-05-24Tom WebbIR Case/Alert Management
2023-04-07Xavier MertensDetecting Suspicious API Usage with YARA Rules
2022-01-06Xavier MertensMalicious Python Script Targeting Chinese People
2021-12-31Jan KoprivaDo you want your Agent Tesla in the 300 MB or 8 kB package?
2021-12-30Brad DuncanAgent Tesla Updates SMTP Data Exfiltration Technique
2021-12-20Jan KoprivaPowerPoint attachments, Agent Tesla and code reuse in malware
2021-12-16Brad DuncanHow the "Contact Forms" campaign tricks people
2021-12-06Xavier MertensThe Importance of Out-of-Band Networks
2021-11-18Xavier MertensJavaScript Downloader Delivers Agent Tesla Trojan
2021-11-04Tom WebbXmount for Disk Images
2021-10-21Brad Duncan"Stolen Images Evidence" campaign pushes Sliver-based malware
2021-09-24Xavier MertensKeep an Eye on Your Users Mobile Devices (Simple Inventory)
2021-06-30Brad DuncanJune 2021 Forensic Contest: Answers and Analysis
2021-05-07Daniel WesemannExposed Azure Storage Containers
2021-04-22Xavier MertensHow Safe Are Your Docker Images?
2021-03-17Xavier MertensDefenders, Know Your Operating System Like Attackers Do!
2021-02-12Xavier MertensAgentTesla Dropped Through Automatic Click in Microsoft Help File
2021-02-11Jan KoprivaAgent Tesla hidden in a historical anti-malware tool
2020-11-12Daniel WesemannExposed Blob Storage in Azure
2020-11-12Daniel WesemannPreventing Exposed Azure Blob Storage
2020-10-21Daniel WesemannShipping dangerous goods
2020-05-23Xavier MertensAgentTesla Delivered via a Malicious PowerPoint Add-In
2020-05-21Xavier MertensMalware Triage with FLOSS: API Calls Based Behavior
2020-05-06Xavier MertensKeeping an Eye on Malicious Files Life Time
2020-04-28Jan KoprivaAgent Tesla delivered by the same phishing campaign for over a year
2020-03-11Xavier MertensAgent Tesla Delivered via Fake Canon EOS Notification on Free OwnCloud Account
2019-11-27Brad DuncanFinding an Agent Tesla malware sample
2019-11-01Didier StevensTip: Password Managers and 2FA
2019-09-19Xavier MertensAgent Tesla Trojan Abusing Corporate Email Accounts
2019-09-19Xavier MertensBlocklisting or Whitelisting in the Right Way
2018-12-19Xavier MertensUsing OSSEC Active-Response as a DFIR Framework
2018-11-19Xavier MertensThe Challenge of Managing Your Digital Library
2018-08-02Brad DuncanDHL-themed malspam reveals embedded malware in animated gif
2018-07-30Xavier MertensExploiting the Power of Curl
2018-05-27Guy BruneauCapture and Analysis of User Agents
2018-01-01Didier StevensWhat is new?
2017-12-27Guy BruneauWhat are your Security Challenges for 2018?
2017-10-30Johannes UllrichCritical Patch For Oracle's Identity Manager
2017-04-13Rob VandenBrinkPacket Captures Filtered by Process
2017-02-28Xavier MertensAmazon S3 Outage
2017-01-24Xavier MertensMalicious SVG Files in the Wild
2017-01-06John BambenekGreat Misadventures of Security Vendors: Absurd Sandboxing Edition
2016-12-11Russ McReeSteganography in Action: Image Steganography & StegExpose
2016-06-20Xavier MertensUsing Your Password Manager to Monitor Data Leaks
2016-01-05Guy BruneauWhat are you Concerned the Most in 2016?
2015-07-28Rick WannerAndroid Stagefright multimedia viewer prone to remote exploitation
2015-07-18Russell EubanksThe Value a "Fresh Set Of Eyes" (FSOE)
2015-03-11Rob VandenBrinkApple iTunes Store is seeing an extended outage (11 Mar) - watch https://www.apple.com/support/systemstatus/ for status changes. (12 Mar) - service restored, all green!
2014-04-05Jim ClausingThose strange e-mails with URLs in them can lead to Android malware
2014-03-17Johannes UllrichScans for FCKEditor File Manager
2014-01-23Chris MohanLearning from the breaches that happens to others Part 2
2014-01-14Chris MohanSpamming and scanning botnets - is there something I can do to block them from my site?
2014-01-11Guy Bruneautcpflow 1.4.4 and some of its most Interesting Features
2013-11-05Daniel WesemannTIFF images in MS-Office documents used in targeted attacks
2013-09-24Tom WebbIDS, NSM, and Log Management with Security Onion 12.04.3
2013-04-17Richard PorterApple iTunes Services Outage
2013-02-25Rob VandenBrinkSilent Traitors - Embedded Devices in your Datacenter
2013-01-15Rob VandenBrinkWhen Disabling IE6 (or Java, or whatever) is not an Option...
2013-01-09Rob VandenBrinkHotmail seeing some temporary access issues
2012-12-27John BambenekIt's 3pm 2 days after Christmas, do you know where your unmanaged SSH keys are?
2012-09-21Guy BruneauStoring your Collection of Malware Samples with Malwarehouse
2012-08-21Adrien de BeaupreRuggedCom fails key management 101 on Rugged Operating System (ROS)
2012-06-25Rick WannerTargeted Malware for Industrial Espionage?
2012-06-25Guy BruneauIssues with Windows Update Agent
2012-04-23Russ McReeEmergency Operations Centers & Security Incident Management: A Correlation
2012-04-05Johannes UllrichEvil hides everywhere: Web Application Exploits in Headers
2012-02-29Johannes UllrichCOX Network Outage
2011-10-28Russ McReeCritical Control 19: Data Recovery Capability
2011-09-27donald smithNew feature in JUNOS to drop or ignore path attributes.
2011-09-09Johannes UllrichLarge power outage in Southern California may last until Friday. http://www.sdge.com
2011-08-26Daniel WesemannUser Agent 007
2011-08-15Rob VandenBrink8 Years since the Eastern Seaboard Blackout - Has it Been that Long?
2011-08-03Johannes UllrichMalicious Images: What's a QR Code
2011-07-13Guy BruneauNew Sguil HTTPRY Agent
2011-04-25Rob VandenBrinkSony PlayStation Network Outage - Day 5
2011-04-23Manuel Humberto Santander PelaezImage search can lead to malware download
2011-04-03Richard PorterExtreme Disclosure? Not yet but a great trend!
2011-01-30Richard PorterThe Modern Dark Ages?
2011-01-12Richard PorterYet Another Data Broker? AOL Lifestream.
2010-12-30Rick WannerObvious Lessons from the Skype outage
2010-12-15Manuel Humberto Santander PelaezHP StorageWorks P2000 G3 MSA hardcoded user
2010-08-19Rob VandenBrinkChange is Good. Change is Bad. Change is Life.
2010-07-04Manuel Humberto Santander PelaezInteresting analysis of the PHP SplObjectStorage Vulnerability
2010-06-15Manuel Humberto Santander PelaeziPhone 4 Order Security Breach Exposes Private Information
2010-04-09Mark HofmanOutage Update - isc.sans.org
2010-04-07Johannes Ullrichour primary datacenter is currently experiencing a network outage
2010-03-24Kyle HaugsnessWikipedia outage
2010-02-17Rob VandenBrinkCisco Security Agent Security Updates: cisco-sa-20100217-csa
2009-11-24Johannes UllrichThe ISC and DShield websites will be unavailable on Wednesday Nov 25th from 8-8:30 am EST.
2009-08-18Deborah HaleDomain tcpdump.org unavailable
2009-07-13Adrien de BeaupreSecurity Update available for Wyse Device Manager
2009-07-11Marcus SachsImageshack
2009-05-01Adrien de BeaupreIncident Management
2009-04-10Stephen HallHosted javascript leading to .cn PDF malware
2009-03-20donald smithStealthier then a MBR rootkit, more powerful then ring 0 control, it’s the soon to be developed SMM root kit.
2008-12-28Raul SilesLevel3 Outage?
2008-12-28Raul SilesAT&T Wireless Outage
2008-09-18Bojan ZdrnjaMonitoring HTTP User-Agent fields
2008-08-14Mari NicholsSBC Outage?
2008-08-09Deborah HaleCleveland Outage
2008-06-01Swa FrantzenThe Planet outage - what can we all learn from it?
2008-04-06Tony CarothersHappenings in the Northeast US