Date Author Title
2025-03-31Johannes UllrichApache Camel Exploit Attempt by Vulnerability Scan (CVE-2025-27636, CVE-2025-29891)
2025-03-10Xavier MertensShellcode Encoded in UUIDs
2025-02-19Xavier MertensXWorm Cocktail: A Mix of PE data with PowerShell Code
2025-02-17Russ McReeModelScan - Protection Against Model Serialization Attacks
2025-02-12Yee Ching TokAn ontology for threats, cybercrime and digital forensic investigation on Smart City Infrastructure
2025-01-30Guy BruneauPCAPs or It Didn't Happen: Exposing an Old Netgear Vulnerability Still Active in 2025 [Guest Diary]
2025-01-29Xavier MertensFrom PowerShell to a Python Obfuscation Race!
2025-01-22Johannes UllrichCatching CARP: Fishing for Firewall States in PFSync Traffic
2025-01-21Johannes UllrichGeolocation and Starlink
2024-12-26Jesse La GrewCapturing Honeypot Data Beyond the Logs
2024-12-23Xavier MertensModiloader From Obfuscated Batch File
2024-11-30Xavier MertensFrom a Regular Infostealer to its Obfuscated Version
2024-10-15Johannes UllrichA Network Nerd's Take on Emergency Preparedness
2024-09-25Johannes UllrichDNS Reflection Update and Odd Corrupted DNS Requests
2024-09-13Jesse La GrewFinding Honeypot Data Clusters Using DBSCAN: Part 2
2024-08-30Jesse La GrewSimulating Traffic With Scapy
2024-08-29Xavier MertensLive Patching DLLs with Python
2024-08-26Xavier MertensFrom Highly Obfuscated Batch File to XWorm and Redline
2024-08-22Johannes UllrichOpenAI Scans for Honeypots. Artificially Malicious? Action Abuse?
2024-07-16Guy BruneauWho You Gonna Call? AndroxGh0st Busters! [Guest Diary]
2024-07-10Jesse La GrewFinding Honeypot Data Clusters Using DBSCAN: Part 1
2024-07-08Xavier MertensKunai: Keep an Eye on your Linux Hosts Activity
2024-06-20Guy BruneauNo Excuses, Free Tools to Help Secure Authentication in Ubuntu Linux [Guest Diary]
2024-06-17Xavier MertensNew NetSupport Campaign Delivered Through MSIX Packages
2024-06-13Guy BruneauThe Art of JQ and Command-line Fu [Guest Diary]
2024-05-06Johannes UllrichDetecting XFinity/Comcast DNS Spoofing
2024-04-22Jan KoprivaIt appears that the number of industrial devices accessible from the internet has risen by 30 thousand over the past three years
2024-03-28Xavier MertensFrom JavaScript to AsyncRAT
2024-03-17Guy BruneauGamified Learning: Using Capture the Flag Challenges to Supplement Cybersecurity Training [Guest Diary]
2024-03-13Xavier MertensUsing ChatGPT to Deobfuscate Malicious Scripts
2024-03-10Guy BruneauWhat happens when you accidentally leak your AWS API keys? [Guest Diary]
2024-03-06Bojan ZdrnjaScanning and abusing the QUIC protocol
2024-03-03Guy BruneauCapturing DShield Packets with a LAN Tap [Guest Diary]
2024-02-20Xavier MertensPython InfoStealer With Dynamic Sandbox Detection
2024-02-09Xavier MertensMSIX With Heavily Obfuscated PowerShell Script
2024-02-03Guy BruneauDShield Sensor Log Collection with Elasticsearch
2024-01-26Xavier MertensA Batch File With Multiple Payloads
2024-01-24Johannes UllrichHow Bad User Interfaces Make Security Tools Harmful
2024-01-12Xavier MertensOne File, Two Payloads
2024-01-02Johannes UllrichFingerprinting SSH Identification Strings
2023-12-16Xavier MertensAn Example of RocketMQ Exploit Scanner
2023-12-06Jan KoprivaWhose packet is it anyway: a new RFC for attribution of internet probes
2023-11-08Xavier MertensExample of Phishing Campaign Project File
2023-09-30Xavier MertensSimple Netcat Backdoor in Python Script
2023-09-23Guy BruneauScanning for Laravel - a PHP Framework for Web Artisants
2023-09-07Johannes UllrichFleezeware/Scareware Advertised via Facebook Tags; Available in Apple App Store
2023-08-28Johannes UllrichHome Office / Small Business Hurricane Prep
2023-08-20Guy BruneauSystemBC Malware Activity
2023-08-16Yee Ching TokA Gentle Reminder: The Evolving Nature of Digital Scams
2023-07-06Jesse La GrewIDS Comparisons with DShield Honeypot Data
2023-06-16Xavier MertensAnother RAT Delivered Through VBS
2023-06-09Xavier MertensUndetected PowerShell Backdoor Disguised as a Profile File
2023-05-26Xavier MertensUsing DFIR Techniques To Recover From Infrastructure Outages
2023-05-22Johannes UllrichProbes for recent ABUS Security Camera Vulnerability: Attackers keep an eye on everything.
2023-05-17Xavier MertensIncrease in Malicious RAR SFX files
2023-05-14Guy BruneauVMware Aria Operations addresses multiple Local Privilege Escalations and a Deserialization issue
2023-05-03Xavier MertensIncreased Number of Configuration File Scans
2023-04-28Xavier MertensQuick IOC Scan With Docker
2023-04-07Xavier MertensDetecting Suspicious API Usage with YARA Rules
2023-03-30Xavier MertensBypassing PowerShell Strong Obfuscation
2023-03-28Jesse La GrewNetwork Data Collector Placement Makes a Difference
2023-03-21Didier StevensString Obfuscation: Character Pair Reversal
2023-03-18Xavier MertensOld Backdoor, New Obfuscation
2023-02-12Jesse La GrewPCAP Data Analysis with Zeek
2023-02-10Xavier MertensObfuscated Deactivation of Script Block Logging
2023-02-04Guy BruneauAssemblyline as a Malware Analysis Sandbox
2023-02-01Didier StevensDetecting (Malicious) OneNote Files
2023-01-25Xavier MertensA First Malicious OneNote Document
2023-01-15Johannes UllrichElon Musk Themed Crypto Scams Flooding YouTube Today
2023-01-02Xavier MertensNetworkMiner 2.8 Released
2022-12-29Jesse La GrewOpening the Door for a Knock: Creating a Custom DShield Listener
2022-11-28Johannes UllrichUkraine Themed Twitter Spam Pushing iOS Scareware
2022-11-19Guy BruneauMcAfee Fake Antivirus Phishing Campaign is Back!
2022-11-14Jesse La GrewExtracting 'HTTP CONNECT' Requests with Python
2022-11-05Guy BruneauWindows Malware with VHD Extension
2022-11-04Xavier MertensRemcos Downloader with Unicode Obfuscation
2022-11-02Brad DuncanWho put the "Dark" in DarkVNC?
2022-10-31Rob VandenBrinkNMAP without NMAP - Port Testing and Scanning with PowerShell
2022-10-19Xavier MertensAre Internet Scanning Services Good or Bad for You?
2022-10-18Xavier MertensPython Obfuscation for Dummies
2022-09-21Xavier MertensPhishing Campaigns Use Free Online Resources
2022-08-26Xavier MertensPaypal Phishing/Coinbase in One Image
2022-08-26Guy BruneauHTTP/2 Packet Analysis with Wireshark
2022-08-22Xavier Mertens32 or 64 bits Malware?
2022-07-23Guy BruneauAnalysis of SSH Honeypot Data with PowerBI
2022-07-20Johannes UllrichApple Patches Everything Day
2022-07-06Johannes UllrichHow Many SANs are Insane?
2022-06-24Xavier MertensPython (ab)using The Windows GUI
2022-06-19Didier StevensVideo: Decoding Obfuscated BASE64 Statistically
2022-06-18Didier StevensDecoding Obfuscated BASE64 Statistically
2022-06-16Xavier MertensHoudini is Back Delivered Through a JavaScript Dropper
2022-06-01Jan KoprivaHTML phishing attachments - now with anti-analysis features
2022-05-09Xavier MertensOctopus Backdoor is Back with a New Embedded Obfuscated Bat File
2022-05-07Guy BruneauPhishing PDF Received in my ISC Mailbox
2022-03-29Johannes UllrichMore Fake/Typosquatting Twitter Accounts Asking for Ukraine Crytocurrency Donations
2022-03-20Didier StevensMGLNDD_* Scans
2022-03-07Johannes UllrichNo Bitcoin - No Problem: Follow Up to Last Weeks Donation Scam
2022-03-04Johannes UllrichScam E-Mail Impersonating Red Cross
2022-02-15Xavier MertensWho Are Those Bots?
2022-02-13Guy BruneauDHL Spear Phishing to Capture Username/Password
2022-02-01Xavier MertensAutomation is Nice But Don't Replace Your Knowledge
2022-01-16Guy Bruneau10 Most Popular Targeted Ports in the Past 3 Weeks
2022-01-03Xavier MertensMcAfee Phishing Campaign with a Nice Fake Scan
2021-12-22Brad DuncanDecember 2021 Forensic Contest: Answers and Analysis
2021-12-08Brad DuncanDecember 2021 Forensic Challenge
2021-11-26Guy BruneauSearching for Exposed ASUS Routers Vulnerable to CVE-2021-20090
2021-11-20Guy BruneauHikvision Security Cameras Potentially Exposed to Remote Code Execution
2021-11-18Xavier MertensJavaScript Downloader Delivers Agent Tesla Trojan
2021-11-14Didier StevensVideo: Obfuscated Maldoc: Reversed BASE64
2021-11-08Xavier Mertens(Ab)Using Security Tools & Controls for the Bad
2021-11-04Brad DuncanOctober 2021 Forensic Contest: Answers and Analysis
2021-10-30Guy BruneauRemote Desktop Protocol (RDP) Discovery
2021-10-22Brad DuncanOctober 2021 Contest: Forensic Challenge
2021-10-18Xavier MertensMalicious PowerShell Using Client Certificate Authentication
2021-10-09Guy BruneauScanning for Previous Oracle WebLogic Vulnerabilities
2021-09-22Didier StevensAn XML-Obfuscated Office Document (CVE-2021-40444)
2021-09-17Xavier MertensMalicious Calendar Subscriptions Are Back?
2021-09-07Johannes UllrichWhy I Gave Up on IPv6. And no, it is not because of security issues.
2021-09-02Xavier MertensAttackers Will Always Abuse Major Events in our Lifes
2021-08-13Guy BruneauScanning for Microsoft Exchange eDiscovery
2021-07-31Guy BruneauUnsolicited DNS Queries
2021-07-10Guy BruneauScanning for Microsoft Secure Socket Tunneling Protocol
2021-06-30Brad DuncanJune 2021 Forensic Contest: Answers and Analysis
2021-06-26Guy BruneauCVE-2019-9670: Zimbra Collaboration Suite XXE vulnerability
2021-06-24Xavier MertensDo you Like Cookies? Some are for sale!
2021-06-23Johannes UllrichStanding With Security Researchers Against Misuse of the DMCA
2021-06-17Daniel Wesemann Network Forensics on Azure VMs (Part #1)
2021-06-12Guy BruneauFortinet Targeted for Unpatched SSL VPN Discovery Activity
2021-06-04Xavier MertensRussian Dolls VBS Obfuscation
2021-05-31Rick WannerQuick and dirty Python: nmap
2021-05-29Guy BruneauSpear-phishing Email Targeting Outlook Mail Clients
2021-05-23Didier StevensVideo: Making Sense Of Encrypted Cobalt Strike Traffic
2021-05-19Brad DuncanMay 2021 Forensic Contest: Answers and Analysis
2021-05-12Jan KoprivaNumber of industrial control systems on the internet is lower then in 2020...but still far from zero
2021-05-08Guy BruneauWho is Probing the Internet for Research Purposes?
2021-05-05Brad DuncanMay 2021 Forensic Contest
2021-05-04Rick WannerQuick and dirty Python: masscan
2021-04-26Didier StevensCAD: .DGN and .MVBA Files
2021-04-24Guy BruneauBase64 Hashes Used in Web Scanning
2021-04-18Didier StevensDecoding Cobalt Strike Traffic
2021-04-12Didier StevensExample of Cleartext Cobalt Strike Traffic (Thanks Brad)
2021-04-10Guy BruneauBuilding an IDS Sensor with Suricata & Zeek with Logs to ELK
2021-04-01Brad DuncanApril 2021 Forensic Quiz
2021-03-17Xavier MertensDefenders, Know Your Operating System Like Attackers Do!
2021-03-07Didier StevensPCAPs and Beacons
2021-02-26Guy BruneauPretending to be an Outlook Version Update
2021-02-13Guy BruneauUsing Logstash to Parse IPtables Firewall Logs
2021-01-30Guy BruneauPacketSifter as Network Parsing and Telemetry Tool
2021-01-11Rob VandenBrinkUsing the NVD Database and API to Keep Up with Vulnerabilities and Patches - Tool Drop: CVEScan (Part 3 of 3)
2021-01-05Johannes UllrichNetfox Detective: An Alternative Open-Source Packet Analysis Tool
2021-01-04Jan KoprivaFrom a small BAT file to Mass Logger infostealer
2020-12-22Xavier MertensMalware Victim Selection Through WiFi Identification
2020-12-17Daniel Wesemann"Amazon" invoice that asks to call 1-866-335-0659 "to cancel" an order that you never made is (obviously) a #scam
2020-12-06Didier Stevensoledump's Indicators (video)
2020-12-05Guy BruneauIs IP 91.199.118.137 testing Access to aahwwx.52host.xyz?
2020-12-04Guy BruneauDetecting Actors Activity with Threat Intel
2020-12-03Brad DuncanTraffic Analysis Quiz: Mr Natural
2020-11-19Xavier MertensPowerShell Dropper Delivering Formbook
2020-11-13Xavier MertensOld Worm But New Obfuscation Technique
2020-11-11Brad DuncanTraffic Analysis Quiz: DESKTOP-FX23IK5
2020-11-05Xavier MertensDid You Spot "Invoke-Expression"?
2020-10-30Xavier MertensQuick Status of the CAA DNS Record Adoption
2020-10-25Didier StevensVideo: Pascal Strings
2020-10-24Guy BruneauAn Alternative to Shodan, Censys with User-Agent CensysInspect/1.1
2020-10-20Xavier MertensMirai-alike Python Scanner
2020-10-14Xavier MertensNicely Obfuscated Python RAT
2020-10-03Guy BruneauScanning for SOHO Routers
2020-09-20Guy BruneauAnalysis of a Salesforce Phishing Emails
2020-09-15Brad DuncanTraffic Analysis Quiz: Oh No... Another Infection!
2020-09-04Jan KoprivaA blast from the past - XXEncoded VB6.0 Trojan
2020-08-22Guy BruneauRemote Desktop (TCP/3389) and Telnet (TCP/23), What might they have in Common?
2020-08-19Xavier MertensExample of Word Document Delivering Qakbot
2020-08-16Didier StevensSmall Challenge: A Simple Word Maldoc - Part 3
2020-08-08Guy BruneauScanning Activity Include Netcat Listener
2020-08-05Brad DuncanTraffic Analysis Quiz: What's the Malware From This Infection?
2020-07-24Xavier MertensCompromized Desktop Applications by Web Technologies
2020-07-19Guy BruneauScanning Activity for ZeroShell Unauthenticated Access
2020-07-15Brad DuncanWord docs with macros for IcedID (Bokbot)
2020-07-11Guy BruneauVMware XPC Client validation privilege escalation vulnerability - https://www.vmware.com/security/advisories/VMSA-2020-0017.html
2020-07-11Guy BruneauScanning Home Internet Facing Devices to Exploit
2020-07-08Xavier MertensIf You Want Something Done Right, You Have To Do It Yourself... Malware Too!
2020-06-16Johannes UllrichOdd "Protest" Spam (Scam?) Targeting Atlanta Police Foundation
2020-06-13Guy BruneauMirai Botnet Activity
2020-06-08Didier StevensTranslating BASE64 Obfuscated Scripts
2020-05-31Guy BruneauWindows 10 Built-in Packet Sniffer - PktMon
2020-05-28Xavier MertensFlashback on CVE-2019-19781
2020-05-20Brad DuncanMicrosoft Word document with malicious macro pushes IcedID (Bokbot)
2020-05-16Guy BruneauScanning for Outlook Web Access (OWA) & Microsoft Exchange Control Panel (ECP)
2020-05-08Xavier MertensUsing Nmap As a Lightweight Vulnerability Scanner
2020-04-27Xavier MertensPowershell Payload Stored in a PSCredential Object
2020-04-24Xavier MertensMalicious Excel With a Strong Obfuscation and Sandbox Evasion
2020-04-10Xavier MertensPowerShell Sample Extracting Payload From SSL
2020-04-08Brad DuncanGerman malspam pushes ZLoader malware
2020-04-07Johannes UllrichIncrease in RDP Scanning
2020-04-03Xavier MertensObfuscated with a Simple 0x0A
2020-04-01Brad DuncanQakbot malspam sent from an infected Windows host
2020-03-31Johannes UllrichKwampirs Targeted Attacks Involving Healthcare Sector
2020-03-21Guy BruneauHoneypot - Scanning and Targeting Devices & Services
2020-03-11Xavier MertensAgent Tesla Delivered via Fake Canon EOS Notification on Free OwnCloud Account
2020-02-29Guy BruneauHazelcast IMDG Discover Scan
2020-02-25Jan KoprivaQuick look at a couple of current online scam campaigns
2020-02-22Xavier MertensSimple but Efficient VBScript Obfuscation
2020-02-07Xavier MertensSandbox Detection Tricks & Nice Obfuscation in a Single VBScript
2020-01-23Xavier MertensComplex Obfuscation VS Simple Trick
2020-01-15Johannes UllrichCVE-2020-0601 Followup
2020-01-13Didier StevensCitrix ADC Exploits: Overview of Observed Payloads
2020-01-11Johannes UllrichCitrix ADC Exploits are Public and Heavily Used. Attempts to Install Backdoor
2020-01-07Johannes UllrichA Quick Update on Scanning for CVE-2019-19781 (Citrix ADC / Gateway Vulnerability)
2020-01-05Didier Stevensetl2pcapng: Convert .etl Capture Files To .pcapng Format
2019-12-31Johannes UllrichSome Thoughts About the Critical Citrix ADC/Gateway Vulnerability (CVE-2019-19781)
2019-12-24Brad DuncanMalspam with links to Word docs pushes IcedID (Bokbot)
2019-12-22Didier StevensExtracting VBA Macros From .DWG Files
2019-12-16Didier StevensMalicious .DWG Files?
2019-12-03Brad DuncanUrsnif infection with Dridex
2019-11-27Brad DuncanFinding an Agent Tesla malware sample
2019-11-23Guy BruneauLocal Malware Analysis with Malice
2019-11-22Xavier MertensAbusing Web Filters Misconfiguration for Reconnaissance
2019-11-18Johannes UllrichSMS and 2FA: Another Reason to Move away from It.
2019-11-09Guy BruneauFake Netflix Update Request by Text
2019-11-05Rick WannerBluekeep exploitation causing Bluekeep vulnerability scan to fail
2019-11-03Didier StevensYou Too? "Unusual Activity with Double Base64 Encoding"
2019-10-30Xavier MertensKeep an Eye on Remote Access to Mailboxes
2019-10-29Xavier MertensGenerating PCAP Files from YAML
2019-10-20Guy BruneauScanning Activity for NVMS-9000 Digital Video Recorder
2019-10-19Russell EubanksWhat Assumptions Are You Making?
2019-10-18Xavier MertensQuick Malicious VBS Analysis
2019-10-09Brad DuncanWhat data does Vidar malware steal from an infected host?
2019-10-03Jim ClausingBuffer overflows found in libpcap and tcpdump
2019-09-27Xavier MertensNew Scans for Polycom Autoconfiguration Files
2019-09-07Guy BruneauUnidentified Scanning Activity
2019-08-09Xavier Mertens100% JavaScript Phishing Page
2019-08-05Rick WannerScanning for Bluekeep vulnerable RDP instances
2019-08-01Johannes UllrichWhat is Listening On Port 9527/TCP?
2019-07-25Rob VandenBrinkWhen Users Attack! Users (and Admins) Thwarting Security Controls
2019-07-18Rob VandenBrinkThe Other Side of Critical Control 1: 802.1x Wired Network Access Controls
2019-07-11Xavier MertensRussian Dolls Malicious Script Delivering Ursnif
2019-07-02Xavier MertensMalicious Script With Multiple Payloads
2019-06-20Xavier MertensUsing a Travel Packing App for Infosec Purpose
2019-06-10Xavier MertensInteresting JavaScript Obfuscation Example
2019-05-31Didier StevensRetrieving Second Stage Payload with Ncat
2019-05-22Johannes UllrichAn Update on the Microsoft Windows RDP "Bluekeep" Vulnerability (CVE-2019-0708) [now with pcaps]
2019-05-16Xavier MertensThe Risk of Authenticated Vulnerability Scans
2019-04-11Johannes UllrichHow to Find Hidden Cameras in your AirBNB
2019-04-04Xavier MertensNew Waves of Scans Detected by an Old Rule
2019-03-18Didier StevensWireshark 3.0.0 and Npcap: Some Remarks
2019-03-11Didier StevensWireshark 3.0.0 and Npcap
2019-03-09Guy BruneauA Comparison Study of SSH Port Activity - TCP 22 & 2222
2019-03-08Remco VerhoefAnalysing meterpreter payload with Ghidra
2019-02-18Didier StevensKnow What You Are Logging
2019-02-02Guy BruneauScanning for WebDAV PROPFIND Exploiting CVE-2017-7269
2019-01-12Guy BruneauSnorpy a Web Base Tool to Build Snort/Suricata Rules
2019-01-02Lorna HutchesonGift Card Scams on the rise
2018-12-31Didier StevensSoftware Crashes: A New Year's Resolution
2018-12-29Didier StevensVideo: De-DOSfuscation Example
2018-12-23Guy BruneauScanning Activity, end Goal is to add Hosts to Mirai Botnet
2018-12-16Guy BruneauRandom Port Scan for Open RDP Backdoor
2018-12-15Didier StevensDe-DOSfuscation Example
2018-12-12Didier StevensYet Another DOSfuscation Sample
2018-12-09Johannes UllrichArrest of Huawei CFO Inspires Advance Fee Scam
2018-11-27Xavier MertensMore obfuscated shell scripts: Fake MacOS Flash update
2018-11-26Xavier MertensObfuscated bash script targeting QNap boxes
2018-11-18Guy BruneauMultipurpose PCAP Analysis Tool
2018-11-16Xavier MertensBasic Obfuscation With Permissive Languages
2018-11-14Brad DuncanDay in the life of a researcher: Finding a wave of Trickbot malspam
2018-11-06Xavier MertensMalicious Powershell Script Dissection
2018-10-23Xavier MertensDiving into Malicious AutoIT Code
2018-10-08Guy BruneauLatest Release of rockNSM 2.1
2018-09-30Didier StevensWhen DOSfuscation Helps...
2018-09-19Rob VandenBrinkCertificates Revisited - SSL VPN Certificates 2 Ways
2018-09-18Rob VandenBrinkUsing Certificate Transparency as an Attack / Defense Tool
2018-09-05Rob VandenBrinkWhere have all my Certificates gone? (And when do they expire?)
2018-09-04Rob VandenBrinkLet's Trade: You Read My Email, I'll Read Your Password!
2018-08-15Xavier MertensTruncating Payloads and Anonymizing PCAP files
2018-07-30Didier StevensMalicious Word documents using DOSfuscation
2018-07-26Xavier MertensWindows Batch File Deobfuscation
2018-07-03Didier StevensProgress indication for scripts on Windows
2018-07-02Guy BruneauHello Peppa! - PHP Scans
2018-06-18Xavier MertensMalicious JavaScript Targeting Mobile Browsers
2018-06-06Xavier MertensConverting PCAP Web Traffic to Apache Log
2018-05-25Xavier MertensAntivirus Evasion? Easy as 1,2,3
2018-05-06Guy BruneauScans Attempting to use PowerShell to Download PHP Script
2018-04-30Remco VerhoefAnother approach to webapplication fingerprinting
2018-03-11Guy BruneaurockNSM Configuration & Installation Steps http://handlers.sans.org/gbruneau/rockNSM%20as%20an%20Incident%20Response%20Package.htm
2018-03-08Xavier MertensCRIMEB4NK IRC Bot
2018-02-28Kevin ListonHow did this Memcache thing happen?
2018-01-23John BambenekLife after GDPR: Implications for Cybersecurity
2018-01-18Xavier MertensComment your Packet Captures!
2018-01-07Guy BruneauSSH Scans by Clients Types
2017-12-18Didier StevensPhish or scam? - Part 2
2017-12-17Didier StevensPhish or scam? - Part 1
2017-11-23Xavier MertensProactive Malicious Domain Search
2017-11-13Guy Bruneaujsonrpc Scanning for root account
2017-11-11Xavier MertensKeep An Eye on your Root Certificates
2017-11-03Xavier MertensSimple Analysis of an Obfuscated JAR File
2017-10-27Renato Marinho"Catch-All" Google Chrome Malicious Extension Steals All Posted Data
2017-10-06Johannes UllrichWhat's in a cable? The dangers of unauthorized cables
2017-10-05Johannes Ullrichpcap2curl: Turning a pcap file into a set of cURL commands for "replay"
2017-09-30Lorna HutchesonWho's Borrowing your Resources?
2017-09-28Xavier MertensThe easy way to analyze huge amounts of PCAP data
2017-09-17Guy BruneaurockNSM as a Incident Response Package
2017-08-24Bojan ZdrnjaFree Bitcoins? Why not?
2017-07-30Guy BruneauText Banking Scams
2017-07-24Renato MarinhoUber drivers new threat: the "passenger"
2017-07-24Russell EubanksTrends Over Time
2017-07-19Xavier MertensBots Searching for Keys & Config Files
2017-07-08Xavier MertensA VBScript with Obfuscated Base64 Data
2017-06-22Xavier MertensObfuscating without XOR
2017-06-17Guy BruneauMapping Use Cases to Logs. Which Logs are the Most Important to Collect?
2017-06-15Bojan ZdrnjaUberscammers
2017-06-10Russell EubanksAn Occasional Look in the Rear View Mirror
2017-06-01Xavier MertensSharing Private Data with Webcast Invitations
2017-05-28Pasquale StirparoAnalysis of Competing Hypotheses (ACH part 1)
2017-05-26Lorna HutchesonFile2pcap - A new tool for your toolkit!
2017-05-18Xavier MertensMy Little CVE Bot
2017-05-02Richard PorterDo you have Intel AMT? Then you have a problem today! Intel Active Management Technology INTEL-SA-00075
2017-04-28Xavier MertensAnother Day, Another Obfuscation Technique
2017-04-22Jim ClausingWTF tcp port 81
2017-04-21Xavier MertensAnalysis of a Maldoc with Multiple Layers of Obfuscation
2017-04-19Xavier MertensHunting for Malicious Excel Sheets
2017-04-13Rob VandenBrinkPacket Captures Filtered by Process
2017-03-30Xavier MertensDiverting built-in features for the bad
2017-03-25Russell EubanksDistraction as a Service
2017-03-24Xavier MertensNicely Obfuscated JavaScript Sample
2017-03-18Xavier MertensExample of Multiple Stages Dropper
2017-03-10Xavier MertensThe Side Effect of GeoIP Filters
2017-02-28Xavier MertensAnalysis of a Simple PHP Backdoor
2017-02-12Xavier MertensAnalysis of a Suspicious Piece of JavaScript
2017-01-28Lorna HutchesonPacket Analysis - Where do you start?
2017-01-26Xavier MertensIOC's: Risks of False Positive Alerts Flood Ahead
2017-01-14Xavier MertensBackup Files Are Good but Can Be Evil
2017-01-13Xavier MertensWho's Attacking Me?
2016-12-31Xavier MertensOngoing Scans Below the Radar
2016-11-27Russ McReeScapy vs. CozyDuke
2016-11-11Rick WannerBenevolent malware? reincarna/Linux.Wifatch
2016-11-05Xavier MertensFull Packet Capture for Dummies
2016-11-02Rob VandenBrinkWhat Does a Pentest Look Like?
2016-10-25Xavier MertensAnother Day, Another Spam...
2016-10-19Xavier MertensSpam Delivered via .ICS Files
2016-10-07Rick WannerFirst Hurricane Matthew related Phish
2016-09-15Xavier MertensIn Need of a OTP Manager Soon?
2016-09-10Xavier MertensOngoing IMAP Scan, Anyone Else?
2016-08-29Russ McReeRecommended Reading: Intrusion Detection Using Indicators of Compromise Based on Best Practices and Windows Event Logs
2016-08-28Guy BruneauSpam with Obfuscated Javascript
2016-08-22Russ McReeRed Team Tools Updates: hashcat and SpiderFoot
2016-08-19Xavier MertensData Classification For the Masses
2016-08-01Daniel WesemannAre you getting I-CANNED ?
2016-07-08Mark HofmanMalware being distributed pretending to be from AU Fedcourts
2016-06-29Xavier MertensPhishing Campaign with Blurred Images
2016-06-22Bojan ZdrnjaSecurity through obscurity never works
2016-06-03Tom ListonMySQL is YourSQL
2016-05-26Xavier MertensKeeping an Eye on Tor Traffic
2016-05-08Jim ClausingGuest Diary: Linux Capabilities - A friend and foe
2016-02-20Didier StevensLocky: JavaScript Deobfuscation
2016-02-11Tom WebbTomcat IR with XOR.DDoS
2016-02-07Xavier MertensMore Malicious JavaScript Obfuscation
2016-02-03Xavier MertensAutomating Vulnerability Scans
2016-02-02Johannes UllrichTargeted IPv6 Scans Using pool.ntp.org .
2016-01-29Xavier MertensScripting Web Categorization
2016-01-25Rob VandenBrinkAssessing Remote Certificates with Powershell
2016-01-15Xavier MertensJavaScript Deobfuscation Tool
2015-12-21Daniel WesemannCritical Security Controls: Getting to know the unknown
2015-11-04Richard PorterApplication Aware and Critical Control 2
2015-11-04Johannes UllrichInternet Wide Scanners Wanted
2015-09-08Lenny ZeltserA Close Look at PayPal Overpayment Scams That Target Craigslist Sellers
2015-08-28Didier StevensTest File: PDF With Embedded DOC Dropping EICAR
2015-06-28Didier StevensThe EICAR Test File
2015-05-29Russell EubanksTrust But Verify
2015-04-28Daniel WesemannScammy Nepal earthquake donation requests
2015-04-23Bojan ZdrnjaWhen automation does not help
2015-04-08Tom WebbIs it a breach or not?
2015-03-26Daniel WesemannPin-up on your Smartphone!
2015-02-27Rick WannerLet's Encrypt!
2015-02-17Rob VandenBrinkoclHashcat 1.33 Released
2014-11-24Richard PorterSomeone is using this? PoS: Compressor
2014-11-04Daniel Wesemann20$ is 999999 Euro
2014-10-06Johannes UllrichCSAM: Patch and get pw0ned (not OR).
2014-09-19Guy BruneauAdded today in oclhashcat 131 Django [Default Auth] (PBKDF2 SHA256 Rounds Salt) Support - http://hashcat.net/hashcat/
2014-09-19Guy BruneauWeb Scan looking for /info/whitelist.pac
2014-09-16Daniel Wesemannhttps://yourfakebank.support -- TLD confusion starts!
2014-09-10Johannes UllrichContent Security Policy (CSP) is Growing Up.
2014-08-27Rob VandenBrinkOne More Day of Trolling in POS Memory
2014-08-25Jim ClausingUnusual CRL traffic?
2014-08-09Adrien de BeaupreComplete application ownage via Multi-POST XSRF
2014-07-30Rick WannerSymantec Endpoint Protection Privilege Escalation Zero Day
2014-07-26Chris Mohan"Internet scanning project" scans
2014-07-06Richard PorterPhysical Access, Point of Sale, Vegas
2014-07-03Johannes UllrichCredit Card Processing in 700 Words or Less
2014-06-28Mark HofmanNo more Microsoft advisory email notifications?
2014-06-22Russ McReeOfficeMalScanner helps identify the source of a compromise
2014-06-17Rob VandenBrinkCanada's Anti-Spam Legislation (CASL) 2014
2014-06-13Richard PorterA welcomed response, PF Chang's
2014-06-11Daniel WesemannGimme your keys!
2014-06-04Richard Porterp0f, Got Packets?
2014-06-01Johannes UllrichWhen was the last time you checked your Comcast cable modem settings?
2014-05-22Johannes UllrichDiscontinuing Support for ISC Alert Task Bar Icon
2014-04-17Manuel Humberto Santander PelaezLooking for malicious traffic in electrical SCADA networks - part 2 - solving problems with DNP3 Secure Authentication Version 5
2014-04-15Manuel Humberto Santander PelaezLooking for malicious traffic in electrical SCADA networks - part 1
2014-04-12Guy BruneauCritical Security Update for JetPack WordPress Plugin. Bug has existed since Jetpack 1.9, released in October 2012. - http://jetpack.me/2014/04/10/jetpack-security-update/
2014-03-24Johannes UllrichIntegrating Physical Security Sensors
2014-03-13Daniel WesemannIdentification and authentication are hard ... finding out intention is even harder
2014-03-06Mark BaggettPort 5000 traffic and snort signature
2014-02-26Russ McReeOngoing NTP Amplification Attacks
2014-02-15Rob VandenBrinkMore on HNAP - What is it, How to Use it, How to Find it
2014-02-14Chris MohanScanning activity for /siemens/bootstrapping/JnlpBrowser/Development/
2014-02-13Johannes UllrichLinksys Worm ("TheMoon") Captured
2014-02-12Johannes UllrichSuspected Mass Exploit Against Linksys E1000 / E1200 Routers
2014-01-31Chris MohanLooking for packets from three particular subnets
2014-01-30Johannes UllrichNew gTLDs appearing in the root zone
2014-01-17Russ McReeMassive RFI scans likely a free web app vuln scanner rather than bots
2014-01-13Johannes UllrichSpecial Webcast today: HTML5, Risky Business or Hidden Security Toolchest? https://www.sans.org/webcasts/html5-risky-business-hidden-security-tool-chest-mobile-web-app-authentication-97650
2014-01-11Guy Bruneautcpflow 1.4.4 and some of its most Interesting Features
2014-01-09Bojan ZdrnjaMassive PHP RFI scans
2014-01-08Kevin ShorttIntercepted Email Attempts to Steal Payments
2013-12-28Russ McReeWeekend Reading List 27 DEC
2013-12-24Daniel WesemannMr Jones wants you to appear in court!
2013-12-23Daniel WesemannCostco, BestBuy, Walmart really want to send you a package!
2013-12-21Daniel WesemannAdobe phishing underway
2013-12-20Daniel Wesemannauthorized key lime pie
2013-12-19Rob VandenBrinkPassive Scanning Two Ways - How-Tos for the Holidays
2013-12-19Rob VandenBrinkTarget US - Credit Card Data Breach
2013-12-10Rob VandenBrinkThose Look Just Like Hashes!
2013-12-09Rob VandenBrinkScanning without Scanning
2013-12-01Richard PorterBPF, PCAP, Binary, hex, why they matter?
2013-11-15Johannes UllrichThe Security Impact of HTTP Caching Headers
2013-11-04Manuel Humberto Santander PelaezWhen attackers use your DNS to check for the sites you are visiting
2013-10-22Richard PorterGreenbone and OpenVAS Scanner
2013-10-21Johannes UllrichNew tricks that may bring DNS spoofing back or: "Why you should enable DNSSEC even if it is a pain to do"
2013-10-17Adrien de BeaupreInternet wide DNS scanning
2013-10-12Richard PorterReported Spike in tcp/5901 and tcp/5900
2013-10-05Richard PorterAdobe Breach Notification, Notifications?
2013-10-02John BambenekObamacare related domain registration spike, Government shutdown domain registration beginning
2013-09-18Rob VandenBrinkCisco DCNM Update Released
2013-09-05Rob VandenBrinkBuilding Your Own GPU Enabled Private Cloud
2013-09-05Rob VandenBrinkWhat's Next for IPS?
2013-09-03Rob VandenBrinkIs "Reputation Backscatter" a Thing?
2013-08-26Alex StanfordStop, Drop and File Carve
2013-08-19Rob VandenBrinkZMAP 1.02 released
2013-08-13Swa FrantzenMicrosoft security advisories: RDP and MD5 deprecation in Microsoft root certificates
2013-08-02Johannes UllrichFake American Express Alerts
2013-07-27Scott FendleyDefending Against Web Server Denial of Service Attacks
2013-07-13Lenny ZeltserDecoy Personas for Safeguarding Online Identity Using Deception
2013-07-01Manuel Humberto Santander PelaezUsing nmap scripts to enhance vulnerability asessment results
2013-06-27Tony CarothersPhysical Security in the Cyber World
2013-06-05Richard PorterWireshark 1.10.0 Stable Released http://www.wireshark.org/download.html
2013-05-22Adrien de BeauprePrivilege escalation, why should I care?
2013-05-21Adrien de BeaupreMoore, Oklahoma tornado charitable organization scams, malware, and phishing
2013-05-17Johannes UllrichSSL: Another reason not to ignore IPv6
2013-05-11Lenny ZeltserExtracting Digital Signatures from Signed Malware
2013-04-29Adam SwangerReport Fake Tech Support Calls submission form reminder
2013-04-17John BambenekUPDATEDx1: Boston-Related Malware Campaigns Have Begun - Now with Waco Plant Explosion Fun
2013-04-15Rob VandenBrinkOops - You Mean That Deleted Server was a Certificate Authority?
2013-04-10Manuel Humberto Santander PelaezMassive Google scam sent by email to Colombian domains
2013-04-04Johannes UllrichMicrosoft April Patch Tuesday Advance Notification
2013-03-29Chris MohanDoes your breach email notification look like a phish?
2013-03-23Guy BruneauApple ID Two-step Verification Now Available in some Countries
2013-03-19Johannes UllrichIPv6 Focus Month: The warm and fuzzy side of IPv6
2013-03-06Adam SwangerIPv6 Focus Month: Guest Diary: Stephen Groat - Geolocation Using IPv6 Addresses
2013-03-03Richard PorterUptick in MSSQL Activity
2013-02-20Manuel Humberto Santander PelaezSANS SCADA Summit at Orlando - Bigger problems and so far from getting them solved
2013-02-19Johannes UllrichEDUCAUSE Breach
2013-02-14Adam SwangerISC Monthly Threat Update - February 2013 http://isc.sans.edu/podcastdetail.html?id=3121
2013-02-08Kevin ShorttIs it Spam or Is it Malware?
2013-02-06Johannes UllrichIntel Network Card (82574L) Packet of Death
2013-02-03Lorna HutchesonIs it Really an Attack?
2013-01-25Johannes UllrichVulnerability Scans via Search Engines (Request for Logs)
2013-01-18Russ McReeInteresting reads for Friday 18 JAN 2013
2013-01-10Adam SwangerISC Monthly Threat Update New Format
2013-01-07Adam SwangerPlease consider participating in our 2013 ISC StormCast survey at http://www.surveymonkey.com/s/stormcast
2013-01-03Manuel Humberto Santander PelaezNew year and new CA compromised
2012-12-18Dan GoldbergMitigating the impact of organizational change: a risk assessment
2012-12-06Daniel WesemannFake tech support calls - revisited
2012-12-06Daniel WesemannRich Quick Make Money!
2012-12-03John BambenekJohn McAfee Exposes His Location in Photo About His Being on Run
2012-11-30Daniel WesemannNmap 6.25 released - lots of new goodies, see http://nmap.org/changelog.html
2012-10-26Adam SwangerSecuring the Human Special Webcast - October 30, 2012
2012-10-10Kevin ShorttFacebook Scam Spam
2012-10-06Manuel Humberto Santander PelaezCyber Security Awareness Month - Day 6 - NERC: The standard that enforces security on power SCADA
2012-10-03Kevin ShorttFake Support Calls Reported
2012-09-13Mark BaggettTCP Fuzzing with Scapy
2012-09-05Rob VandenBrinkAuditing a Network for VOIP Call Quality Metrics
2012-08-21Adrien de BeaupreYYABCAFU - Yes Yet Another Bleeping Critical Adobe Flash Update
2012-08-13Rick WannerInteresting scan for medical certification information...
2012-07-18Rob VandenBrinkVote NO to Weak Keys!
2012-07-14Tony CarothersUser Awareness and Education
2012-07-05Adrien de BeaupreMicrosoft advanced notification for July 2012 patch Tuesday
2012-06-27Daniel WesemannWhat's up with port 79 ?
2012-06-25Guy BruneauUsing JSDetox to Analyze and Deobfuscate Javascript
2012-06-20Raul SilesCVE-2012-0217 (from MS12-042) applies to other environments too
2012-06-13Johannes UllrichICANN "Reveal Day" Lists new TLD Applications
2012-06-13Johannes UllrichMicrosoft Certificate Updater
2012-06-04Johannes UllrichMicrosoft Emergency Bulletin: Unauthorized Certificate used in "Flame"
2012-05-31Johannes UllrichSCADA@Home: Your health is no secret no more!
2012-05-22Johannes Ullrichnmap 6 released
2012-04-26Richard PorterDefine Irony: A medical device with a Virus?
2012-04-21Guy BruneauWordPress Release Security Update
2012-04-16Mark BaggettMcAfee DAT troubles
2012-03-30Daniel WesemannFake tech reps calling
2012-03-13Lenny ZeltserPlease transfer this email to your CEO or appropriate person, thanks
2012-02-08Jim ClausingChrome to stop checking Certificate Revocation List (CRL)?
2012-01-31Russ McReeOSINT tactics: parsing from FOCA for Maltego
2012-01-25Bojan ZdrnjapcAnywhere users – patch now!
2012-01-03Bojan ZdrnjaThe tale of obfuscated JavaScript continues
2011-12-12Daniel WesemannYou won 100$ or a free iPad!
2011-12-08Adrien de BeaupreMicrosoft Security Bulletin Advance Notification for December 2011
2011-12-06Kevin ShorttCain & Abel v4.9.43 Released - http://www.oxid.it/
2011-11-23Johannes UllrichSCADA hacks published on Pastebin
2011-11-16Adrien de BeaupreGET BACK TO ME ASAP
2011-11-11Rick WannerAPPLE-SA-2011-11-10-2 Time Capsule and AirPort Base Station (802.11n) Firmware 7.6 update
2011-11-03Richard PorterAn Apple, Inc. Sandbox to play in.
2011-11-01Russ McReeSecure languages & frameworks
2011-10-29Richard PorterThe Sub Critical Control? Evidence Collection
2011-10-28Daniel WesemannCritical Control 20: Security Skills Assessment and Training to fill Gaps
2011-10-27Mark BaggettCritical Control 18: Incident Response Capabilities
2011-10-26Rick WannerCritical Control 17:Penetration Tests and Red Team Exercises
2011-10-23Guy Bruneautcpdump and IPv6
2011-10-19Pedro BuenoThe old new Stuxnet...DuQu?
2011-10-19Johannes UllrichHouse for rent! Observing an Overpayment Scam
2011-10-17Rob VandenBrinkCritical Control 11: Account Monitoring and Control
2011-10-12Adam SwangerWe are experiencing technical issues with the webcast. The webcast will start as soon as these issues are resolved.
2011-09-28Richard PorterAll Along the ARP Tower!
2011-09-19Guy BruneauMS Security Advisory Update - Fraudulent DigiNotar Certificates
2011-09-09Guy BruneauApple Certificate Trust Policy Update
2011-09-09Guy BruneauAdobe Publish its List of Trusted Root Certificate - http://www.adobe.com/security/approved-trust-list.html
2011-09-08Rob VandenBrinkWhen Good CA's go Bad: Other Things to Check in Your Datacenter
2011-08-26Johannes UllrichSANS Virginia Beach Conference Canceled. Details: http://www.sans.org/virginia-beach-2011/
2011-08-26Johannes UllrichSome Hurricane Technology Tips
2011-08-16Johannes UllrichWhat are the most dangerous web applications and how to secure them?
2011-08-15Rob VandenBrink8 Years since the Eastern Seaboard Blackout - Has it Been that Long?
2011-08-14Guy BruneauFireCAT 2.0 Released
2011-07-29Richard PorterApple Lion talking on TCP 5223
2011-07-28Johannes UllrichAnnouncing: The "404 Project"
2011-07-17Mark HofmanSSH Brute Force
2011-07-05Raul SilesHelping Developers Understand Security - Spot the Vuln
2011-06-21Chris MohanStartSSL, a web authentication authority, suspend services after a security breach
2011-05-23Mark HofmanMicrosoft Support Scam (again)
2011-05-18Bojan ZdrnjaAndroid, HTTP and authentication tokens
2011-05-12Johannes UllrichActiveX Flaw Affecting SCADA systems
2011-05-10Swa FrantzenChanging MO in scamming our users ?
2011-04-28Chris MohanDSL Reports advise 9,000 accounts were compromised
2011-04-22Manuel Humberto Santander PelaezIn-house developed applications: The constant headache for the information security officer
2011-04-03Richard PorterExtreme Disclosure? Not yet but a great trend!
2011-03-27Guy BruneauStrange Shockwave File with Surprising Attachments
2011-02-28Deborah HalePossible Botnet Scanning
2011-02-07Pedro BuenoThe Good , the Bad and the Unknown Online Scanners
2011-02-04Daniel WesemannOh, just click "yes"
2011-01-10Manuel Humberto Santander PelaezFacebook virus spreads via photo album chat messages
2010-12-27Johannes UllrichVarious sites "Owned and Exposed"
2010-12-25Manuel Humberto Santander PelaezAn interesting vulnerability playground to learn application vulnerabilities
2010-12-23Mark HofmanOlder AV Scam Active again.
2010-12-21Rob VandenBrinkNetwork Reliability, Part 2 - HSRP Attacks and Defenses
2010-12-13Deborah HaleThe Week to Top All Weeks
2010-12-12Raul SilesNew trend regarding web application vulnerabilities?
2010-12-08Rob VandenBrinkInteresting DDOS activity around Wikileaks
2010-12-01Deborah HaleMcAfee Security Bulletin Released
2010-12-01Deborah HaleA Gentle Reminder - It is that time of year again
2010-11-24Bojan ZdrnjaPrivilege escalation 0-day in almost all Windows versions
2010-11-24Jim ClausingHelp with odd port scans
2010-10-11Adrien de BeaupreOT: Happy Thanksgiving Day Canada
2010-10-03Adrien de BeaupreCanada's Cyber Security Strategy released today
2010-09-21Johannes UllrichImplementing two Factor Authentication on the Cheap
2010-08-22Manuel Humberto Santander PelaezSCADA: A big challenge for information security professionals
2010-08-16Raul SilesBlind Elephant: A New Web Application Fingerprinting Tool
2010-08-15Manuel Humberto Santander PelaezObfuscated SQL Injection attacks
2010-08-15Manuel Humberto Santander PelaezPython to test web application security
2010-08-10Daniel WesemannSSH - new brute force tool?
2010-07-13Jim ClausingVMware Studio Security Update
2010-07-04Manuel Humberto Santander PelaezNew Winpcap Version
2010-07-02Johannes UllrichOISF released version 1.0.0 of Suricata, the open source IDS/IPS engine http://www.openinfosecfoundation.org
2010-06-26Guy Bruneausocat to Simulate a Website
2010-06-21Adrien de BeaupreGoDaddy Scam/Phish/Spam
2010-06-18Johannes UllrichPlease take a second and rate the daily podcast (Stormcast): http://www.surveymonkey.com/s/stormcast
2010-06-15Manuel Humberto Santander PelaezMastercard delivering cards with OTP device included
2010-06-14Manuel Humberto Santander PelaezAnother way to get protection for application-level attacks
2010-06-14Manuel Humberto Santander PelaezSmall lot of Olympus Stylus Tough 6010 shipped with malware
2010-06-14Manuel Humberto Santander PelaezRogue facebook application acting like a worm
2010-06-06Manuel Humberto Santander PelaezNice OS X exploit tutorial
2010-05-29G. N. WhiteRogue AV Indictment
2010-05-23Manuel Humberto Santander Pelaeze-mail scam announcing Fidel Castro's funeral ... and nasty malware to your computer.
2010-05-15Deborah HalePhony Phone Scam
2010-04-22Deborah HaleHow McAfee turned a Disaster Exercise Into a REAL Learning Experience for Our Community Disaster Team
2010-04-21Guy BruneauMcAfee DAT 5958 Update Issues
2010-04-13Adrien de BeaupreWeb App Testing Tools
2010-04-08Bojan ZdrnjaJavaScript obfuscation in PDF: Sky is the limit
2010-04-06Daniel WesemannApplication Logs
2010-04-02Guy BruneauOracle Java SE and Java for Business Critical Patch Update Advisory
2010-03-27Guy BruneauCreate a Summary of IP Addresses from PCAP Files using Unix Tools
2010-03-21Scott FendleySkipfish - Web Application Security Tool
2010-03-17Deborah HaleTrojan outbreak on a College Campus
2010-03-10Rob VandenBrinkMicrosoft re-release of KB973811 - attacks on Extended Protection for Authentication
2010-03-08Raul SilesSamurai WTF 0.8
2010-03-05Kyle HaugsnessJavascript obfuscators used in the wild
2010-03-01Mark HofmanAS/NZ "Online Offensive - Fight fraud online" week March 1-7
2010-02-20Mari NicholsIs "Green IT" Defeating Security?
2010-02-10Johannes UllrichTwitpic, EXIF and GPS: I Know Where You Did it Last Summer
2010-02-02Johannes UllrichNew IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux)
2010-02-01Rob VandenBrinkNMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?
2010-01-29Adrien de BeaupreNeo-legacy applications
2010-01-24Pedro BuenoOutdated client applications
2010-01-09G. N. WhiteWhat's Up With All The Port Scanning Using TCP/6000 As A Source Port?
2009-12-19Deborah HaleEducationing Our Communities
2009-12-16Rob VandenBrinkBeware the Attack of the Christmas Greeting Cards !
2009-12-14Adrien de BeaupreAnti-forensics, COFEE vs. DECAF
2009-12-07Rob VandenBrinkLayer 2 Network Protections – reloaded!
2009-11-25Jim ClausingUpdates to my GREM Gold scripts and a new script
2009-11-24John BambenekBIND Security Advisory (DNSSEC only)
2009-11-18Rob VandenBrinkUsing a Cisco Router as a “Remote Collector” for tcpdump or Wireshark
2009-11-13Deborah HaleIt's Never Too Early To Start Teaching Them
2009-11-03Andre LudwigSURBL now posting abuse statistics for TLD's
2009-11-02Daniel WesemannIDN ccTLDs
2009-10-30Rob VandenBrinkICANN Strategic Planning (2010-2013) Consultation
2009-10-22Adrien de BeaupreCyber Security Awareness Month - Day 22 port 502 TCP - Modbus
2009-10-20Raul SilesWASC 2008 Statistics
2009-10-19Daniel WesemannScam Email
2009-10-09Rob VandenBrinkTHAWTE to discontinue free Email Certificate Services and Web of Trust Service
2009-09-22Jason LamESTA scam
2009-09-16Raul SilesReview the security controls of your Web Applications... all them!
2009-09-10Johannes UllrichHealthcare Spam
2009-09-05Mark HofmanCritical Infrastructure and dependencies
2009-08-28Adrien de BeaupreWPA with TKIP done
2009-08-17Adrien de BeaupreYAMWD: Yet Another Mass Web Defacement
2009-08-13Johannes UllrichCA eTrust update crashes systems
2009-08-13Jim ClausingTools for extracting files from pcaps
2009-07-28Adrien de BeaupreYYAMCCBA
2009-07-23John BambenekMissouri Passes Breach Notification Law: Gap Still Exists for Banking Account Information
2009-07-12Mari NicholsCA Apologizes for False Positive
2009-06-30Chris CarboniObfuscated Code
2009-06-30Chris CarboniDe-Obfuscation Submissions
2009-06-28Guy BruneauIP Address Range Search with libpcap
2009-06-26Mark HofmanPHPMYADMIN scans
2009-06-24Kyle HaugsnessTCP scanning increase for 4899
2009-06-15Daniel WesemannDrive-by Blackouting ?
2009-05-26Jason LamA new Web application security blog
2009-05-20Tom ListonWeb Toolz
2009-05-02Rick WannerMore Swine/Mexican/H1N1 related domains
2009-04-24John BambenekData Leak Prevention: Proactive Security Requirements of Breach Notification Laws
2009-04-21Bojan ZdrnjaWeb application vulnerabilities
2009-04-17Joel EslerInternet Storm Center Podcast Episode Number Fourteen
2009-04-07Bojan ZdrnjaAdvanced JavaScript obfuscation (or why signature scanning is a failure)
2009-04-03Johannes UllrichCyber Security Act of 2009
2009-03-24G. N. WhiteCanSecWest Pwn2Own: Would IE8 have been exploitable had the event waited one more day?
2009-03-19Mark HofmanBrowsers Tumble at CanSecWest
2009-03-02Swa FrantzenObama's leaked chopper blueprints: anything we can learn?
2009-02-19Joel EslerInternet Storm Center Podcast Episode Number Thirteen
2009-02-14Deborah HaleDebit Card Compromise Letter
2009-02-13Andre LudwigThird party information on conficker
2009-02-09Johannes UllrichNew ISC Feature: Micro Podcasts
2009-02-01Chris CarboniScanning for Trixbox vulnerabilities
2009-01-30Mark HofmanRequest for info - Scan and webmail
2009-01-12William SaluskyWeb Application Firewalls (WAF) - Have you deployed WAF technology?
2009-01-02Mark HofmanBlocking access to MD5 signed certs
2008-12-25Maarten Van HorenbeeckChristmas Ecard Malware
2008-12-12Joel EslerInternet Storm Center Podcast Episode Twelve
2008-11-29Pedro BuenoPossible Mumbai Scams?
2008-11-20Jason LamLarge quantity SQL Injection mitigation
2008-10-22Joel EslerPodcast Episode Eleven Posted
2008-09-29Daniel WesemannPatchbag: WinZip / MPlayer / RealWin SCADA vuln
2008-09-09Swa FrantzenEvil side economy: $1 for breaking 1000 CAPTCHAs
2008-09-08Raul SilesCitectSCADA ODBC service exploit published
2008-09-07Daniel WesemannStaying current, but not too current
2008-09-03Daniel WesemannStatic analysis of Shellcode - Part 2
2008-08-26Joel EslerPodcast Episode X Record Notice
2008-08-03Deborah HaleSecuring A Network - Lessons Learned
2008-07-14Daniel WesemannObfuscated JavaScript Redux
2008-07-08Joel EslerPodcast Episode Eight Record Notice
2008-06-24Joel EslerPodcast Episode Seven Record Notice
2008-06-13Joel EslerPodcast Episode Six
2008-06-13Johannes UllrichFloods: More of the same (2)
2008-06-11John BambenekCitectSCADA Buffer Overflow Vulnerability
2008-06-01Mark HofmanFree Yahoo email account! Sign me up, Ok well maybe not.
2008-05-28Joel EslerPodcast Episode Five has been released
2008-05-26Marcus SachsPredictable Response
2008-05-20Joel EslerPodcast Episode Four has been released
2008-05-19Maarten Van HorenbeeckText message and telephone aid scams
2008-05-17Jim ClausingDisaster donation scams continue
2008-05-06Marcus SachsIndustrial Control Systems Vulnerability
2008-05-01Joel EslerISC Podcast Episode Number 3
2008-04-25Joel EslerHey, where is the podcast?
2008-04-22donald smithSpam to your calendar via Google agenda?
2008-04-16William StearnsPasser, a aassive machine and service sniffer
2008-04-09Joel EslerISC Podcast Episode Number 2
2008-04-06Daniel WesemannAdvanced obfuscated JavaScript analysis
2008-04-03Bojan ZdrnjaMixed (VBScript and JavaScript) obfuscation
2008-03-27Johannes UllrichInternet Storm Center Podcast
2006-09-01Joel EslerCA eTrust Antivirus [was] flagging lsass.e x e