| 2022-08-24 | Brad Duncan | Monster Libra (TA551/Shathak) --> IcedID (Bokbot) --> Cobalt Strike & DarkVNC |
| 2022-07-07 | Brad Duncan | Emotet infection with Cobalt Strike |
| 2022-04-06 | Brad Duncan | Windows MetaStealer Malware |
| 2022-01-21 | Xavier Mertens | Obscure Wininet.dll Feature? |
| 2021-12-22 | Brad Duncan | December 2021 Forensic Contest: Answers and Analysis |
| 2021-12-02 | Brad Duncan | TA551 (Shathak) pushes IcedID (Bokbot) |
| 2021-11-19 | Xavier Mertens | Downloader Disguised as Excel Add-In (XLL) |
| 2021-11-16 | Brad Duncan | Emotet Returns |
| 2021-10-21 | Brad Duncan | "Stolen Images Evidence" campaign pushes Sliver-based malware |
| 2021-09-08 | Brad Duncan | "Stolen Images Evidence" Campaign Continues Pushing BazarLoader Malware |
| 2021-07-06 | Xavier Mertens | Python DLL Injection Check |
| 2021-06-04 | Xavier Mertens | Russian Dolls VBS Obfuscation |
| 2021-05-21 | Xavier Mertens | Locking Kernel32.dll As Anti-Debugging Technique |
| 2021-05-18 | Xavier Mertens | From RunDLL32 to JavaScript then PowerShell |
| 2021-03-31 | Xavier Mertens | Quick Analysis of a Modular InfoStealer |
| 2021-03-03 | Brad Duncan | Qakbot infection with Cobalt Strike |
| 2021-02-17 | Brad Duncan | Malspam pushing Trickbot gtag rob13 |
| 2021-02-11 | Jan Kopriva | Agent Tesla hidden in a historical anti-malware tool |
| 2021-01-26 | Brad Duncan | TA551 (Shathak) Word docs push Qakbot (Qbot) |
| 2021-01-20 | Brad Duncan | Qakbot activity resumes after holiday break |
| 2020-09-10 | Brad Duncan | Recent Dridex activity |
| 2020-08-28 | Xavier Mertens | Example of Malicious DLL Injected in PowerShell |
| 2020-06-10 | Brad Duncan | Job application-themed malspam pushes ZLoader |
| 2020-05-13 | Brad Duncan | Malspam with links to zip archives pushes Dridex malware |
| 2020-04-08 | Brad Duncan | German malspam pushes ZLoader malware |
| 2020-03-25 | Brad Duncan | Recent Dridex activity |
| 2018-11-06 | Xavier Mertens | Malicious Powershell Script Dissection |
| 2018-08-21 | Xavier Mertens | Malicious DLL Loaded Through AutoIT |
| 2016-06-03 | Tom Liston | MySQL is YourSQL |
| 2015-09-29 | Pedro Bueno | Tricks for DLL analysis |
| 2013-11-09 | Guy Bruneau | IE Zero-Day Vulnerability Exploiting msvcrt.dll |
| 2010-12-01 | Deborah Hale | McAfee Security Bulletin Released |
| 2010-08-23 | Bojan Zdrnja | DLL hijacking vulnerabilities |
| 2010-08-05 | Manuel Humberto Santander Pelaez | Adobe Acrobat Font Parsing Integer Overflow Vulnerability |
| 2006-09-19 | Swa Frantzen | Yet another MSIE 0-day: VML |
https://www.sans.edu
