| 2022-06-16 | Xavier Mertens | Houdini is Back Delivered Through a JavaScript Dropper |
| 2022-06-04 | Guy Bruneau | Spam Email Contains a Very Large ISO file |
| 2022-05-20 | Xavier Mertens | A 'Zip Bomb' to Bypass Security Controls & Sandboxes |
| 2022-05-05 | Brad Duncan | Password-protected Excel spreadsheet pushes Remcos RAT |
| 2022-05-03 | Rob VandenBrink | Finding the Real "Last Patched" Day (Interim Version) |
| 2022-03-11 | Xavier Mertens | Keep an Eye on WebSockets |
| 2022-03-09 | Xavier Mertens | Infostealer in a Batch File |
| 2022-02-18 | Xavier Mertens | Remcos RAT Delivered Through Double Compressed Archive |
| 2022-02-11 | Xavier Mertens | CinaRAT Delivered Through HTML ID Attributes |
| 2022-01-07 | Xavier Mertens | Custom Python RAT Builder |
| 2021-12-01 | Xavier Mertens | Info-Stealer Using webhook.site to Exfiltrate Data |
| 2021-11-04 | Brad Duncan | October 2021 Forensic Contest: Answers and Analysis |
| 2021-09-01 | Brad Duncan | STRRAT: a Java-based RAT that doesn't care if you have Java |
| 2021-06-21 | Rick Wanner | Mitre CWE - Common Weakness Enumeration |
| 2021-04-09 | Xavier Mertens | No Python Interpreter? This Simple RAT Installs Its Own Copy |
| 2021-03-31 | Xavier Mertens | Quick Analysis of a Modular InfoStealer |
| 2021-03-04 | Xavier Mertens | From VBS, PowerShell, C Sharp, Process Hollowing to RAT |
| 2021-02-24 | Brad Duncan | Malspam pushes GuLoader for Remcos RAT |
| 2021-02-04 | Bojan Zdrnja | Abusing Google Chrome extension syncing for data exfiltration and C&C |
| 2020-10-14 | Xavier Mertens | Nicely Obfuscated Python RAT |
| 2020-09-30 | Johannes Ullrich | Scans for FPURL.xml: Reconnaissance or Not? |
| 2020-09-28 | Xavier Mertens | Some Tyler Technologies Customers Targeted with The Installation of a Bomgar Client |
| 2020-08-25 | Xavier Mertens | Keep An Eye on LOLBins |
| 2020-08-18 | Xavier Mertens | Using API's to Track Attackers |
| 2020-08-10 | Bojan Zdrnja | Scoping web application and web service penetration tests |
| 2020-08-04 | Johannes Ullrich | Internet Choke Points: Concentration of Authoritative Name Servers |
| 2020-05-14 | Rob VandenBrink | Patch Tuesday Revisited - CVE-2020-1048 isn't as "Medium" as MS Would Have You Believe |
| 2020-04-17 | Xavier Mertens | Weaponized RTF Document Generator & Mailer in PowerShell |
| 2020-02-05 | Brad Duncan | Fake browser update pages are "still a thing" |
| 2020-01-10 | Xavier Mertens | More Data Exfiltration |
| 2019-10-29 | Xavier Mertens | Generating PCAP Files from YAML |
| 2019-09-27 | Xavier Mertens | New Scans for Polycom Autoconfiguration Files |
| 2019-09-25 | Brad Duncan | Malspam pushing Quasar RAT |
| 2019-09-19 | Xavier Mertens | Agent Tesla Trojan Abusing Corporate Email Accounts |
| 2019-09-19 | Xavier Mertens | Blocklisting or Whitelisting in the Right Way |
| 2019-04-26 | Rob VandenBrink | Pillaging Passwords from Service Accounts |
| 2019-04-24 | Rob VandenBrink | Where have all the Domain Admins gone? Rooting out Unwanted Domain Administrators |
| 2019-03-06 | Xavier Mertens | Keep an Eye on Disposable Email Addresses |
| 2018-11-27 | Rob VandenBrink | Data Exfiltration in Penetration Tests |
| 2018-09-19 | Rob VandenBrink | Certificates Revisited - SSL VPN Certificates 2 Ways |
| 2018-09-05 | Rob VandenBrink | Where have all my Certificates gone? (And when do they expire?) |
| 2018-08-24 | Xavier Mertens | Microsoft Publisher Files Delivering Malware |
| 2018-06-15 | Lorna Hutcheson | SMTP Strangeness - Possible C2 |
| 2018-05-19 | Xavier Mertens | Malicious Powershell Targeting UK Bank Customers |
| 2018-05-10 | Bojan Zdrnja | Exfiltrating data from (very) isolated environments |
| 2017-12-13 | Xavier Mertens | Tracking Newly Registered Domains |
| 2017-11-03 | Xavier Mertens | Simple Analysis of an Obfuscated JAR File |
| 2017-08-17 | Xavier Mertens | Maldoc with auto-updated link |
| 2017-06-08 | Tom Webb | Summer STEM for Kids |
| 2017-05-10 | Johannes Ullrich | Read This If You Are Using a Script to Pull Data From This Site |
| 2017-04-20 | Xavier Mertens | DNS Query Length... Because Size Does Matter |
| 2016-09-04 | Russ McRee | Kali Linux 2016.2 Release: https://www.kali.org/news/kali-linux-20162-release/ |
| 2016-07-26 | Johannes Ullrich | Command and Control Channels Using "AAAA" DNS Records |
| 2016-06-15 | Richard Porter | Warp Speed Ahead, L7 Open Source Packet Generator: Warp17 |
| 2016-04-02 | Russell Eubanks | Why Can't We Be Friends? |
| 2015-12-24 | Xavier Mertens | Unity Makes Strength |
| 2015-11-09 | John Bambenek | Protecting Users and Enterprises from the Mobile Malware Threat |
| 2015-09-03 | Xavier Mertens | Querying the DShield API from RTIR |
| 2014-08-22 | Richard Porter | OCLHashCat 1.30 Released |
| 2014-08-09 | Adrien de Beaupre | Complete application ownage via Multi-POST XSRF |
| 2014-07-19 | Russ McRee | Keeping the RATs out: the trap is sprung - Part 3 |
| 2014-07-18 | Russ McRee | Keeping the RATs out: **it happens - Part 2 |
| 2014-07-16 | Russ McRee | Keeping the RATs out: an exercise in building IOCs - Part 1 |
| 2014-03-13 | Daniel Wesemann | Identification and authentication are hard ... finding out intention is even harder |
| 2013-06-18 | Russ McRee | Volatility rules...any questions? |
| 2013-04-25 | Adam Swanger | Guest Diary: Dylan Johnson - A week in the life of some Perimeter Firewalls |
| 2013-04-17 | John Bambenek | UPDATEDx1: Boston-Related Malware Campaigns Have Begun - Now with Waco Plant Explosion Fun |
| 2013-04-16 | John Bambenek | Fake Boston Marathon Scams Update |
| 2013-04-15 | John Bambenek | Please send any spam (full headers), URLs or other suspicious content scamming off Boston Marathon explosions to handlers@sans.org |
| 2013-03-03 | Richard Porter | Uptick in MSSQL Activity |
| 2013-02-06 | Johannes Ullrich | Are you losing system logging information (and don't know it)? |
| 2012-10-30 | Mark Hofman | Cyber Security Awareness Month - Day 30 - DSD 35 mitigating controls |
| 2012-05-22 | Johannes Ullrich | nmap 6 released |
| 2012-01-03 | Rick Wanner | Analysis of the Stratfor Password List |
| 2011-12-25 | Deborah Hale | Another Company Falls Victim |
| 2011-10-26 | Rick Wanner | Critical Control 17:Penetration Tests and Red Team Exercises |
| 2010-10-03 | Adrien de Beaupre | Canada's Cyber Security Strategy released today |
| 2010-08-23 | Manuel Humberto Santander Pelaez | Firefox plugins to perform penetration testing activities |
| 2010-08-16 | Raul Siles | Blind Elephant: A New Web Application Fingerprinting Tool |
| 2010-07-08 | Kyle Haugsness | Pirate Bay account database compromised |
| 2010-06-06 | Manuel Humberto Santander Pelaez | Nice OS X exploit tutorial |
| 2010-04-13 | Adrien de Beaupre | Web App Testing Tools |
| 2010-03-06 | Tony Carothers | Integration and the Security of New Technologies |
| 2010-02-22 | Rob VandenBrink | New Risks in Penetration Testing |
| 2009-07-27 | Raul Siles | New Hacker Challenge: Prison Break - Breaking, Entering & Decoding |
| 2009-04-21 | Bojan Zdrnja | Web application vulnerabilities |
| 2009-01-20 | Adrien de Beaupre | Obamamania |
| 2008-11-25 | Andre Ludwig | The beginnings of a collaborative approach to IDS |
| 2008-09-20 | Rick Wanner | New (to me) nmap Features |
| 2008-07-18 | Adrien de Beaupre | Exit process? |
| 2008-03-30 | Mark Hofman | Mail Anyone? |
https://www.sans.edu
