RED TEAM |
| 2019-11-29 | Russ McRee | ISC Snapshot: Search with SauronEye |
| 2019-08-21 | Russ McRee | KAPE: Kroll Artifact Parser and Extractor |
| 2019-07-16 | Russ McRee | Commando VM: The Complete Mandiant Offensive VM |
| 2019-04-05 | Russ McRee | Beagle: Graph transforms for DFIR data & logs |
| 2018-10-17 | Russ McRee | RedHunt Linux - Adversary Emulation, Threat Hunting & Intelligence |
RED |
| 2025-01-09/a> | Guy Bruneau | Examining Redtail Analyzing a Sophisticated Cryptomining Malware and its Advanced Tactics [Guest Diary] |
| 2024-12-27/a> | Guy Bruneau | Phishing for Banking Information |
| 2024-08-26/a> | Xavier Mertens | From Highly Obfuscated Batch File to XWorm and Redline |
| 2024-08-14/a> | Xavier Mertens | Multiple Malware Dropped Through MSI Package |
| 2024-05-22/a> | Guy Bruneau | Analysis of ?redtail? File Uploads to ICS Honeypot, a Multi-Architecture Coin Miner [Guest Diary] |
| 2024-05-15/a> | Rob VandenBrink | Got MFA? If not, Now is the Time! |
| 2024-03-10/a> | Guy Bruneau | What happens when you accidentally leak your AWS API keys? [Guest Diary] |
| 2024-03-07/a> | Jesse La Grew | [Guest Diary] AWS Deployment Risks - Configuration and Credential File Targeting |
| 2023-11-15/a> | Xavier Mertens | Redline Dropped Through MSIX Package |
| 2023-10-29/a> | Guy Bruneau | Spam or Phishing? Looking for Credentials & Passwords |
| 2023-08-04/a> | Xavier Mertens | Are Leaked Credentials Dumps Used by Attackers? |
| 2022-10-04/a> | Johannes Ullrich | Credential Harvesting with Telegram API |
| 2022-09-15/a> | Xavier Mertens | Malicious Word Document with a Frameset |
| 2022-07-08/a> | Johannes Ullrich | ISC Website Redesign |
| 2022-03-10/a> | Xavier Mertens | Credentials Leaks on VirusTotal |
| 2022-03-07/a> | Johannes Ullrich | No Bitcoin - No Problem: Follow Up to Last Weeks Donation Scam |
| 2022-03-04/a> | Johannes Ullrich | Scam E-Mail Impersonating Red Cross |
| 2022-01-20/a> | Xavier Mertens | RedLine Stealer Delivered Through FTP |
| 2022-01-16/a> | Guy Bruneau | 10 Most Popular Targeted Ports in the Past 3 Weeks |
| 2021-11-08/a> | Xavier Mertens | (Ab)Using Security Tools & Controls for the Bad |
| 2021-06-18/a> | Daniel Wesemann | Open redirects ... and why Phishers love them |
| 2021-05-29/a> | Guy Bruneau | Spear-phishing Email Targeting Outlook Mail Clients |
| 2021-03-06/a> | Xavier Mertens | Spotting the Red Team on VirusTotal! |
| 2020-11-18/a> | Xavier Mertens | When Security Controls Lead to Security Issues |
| 2020-07-16/a> | John Bambenek | Hunting for SigRed Exploitation |
| 2020-07-15/a> | Johannes Ullrich | PATCH NOW - SIGRed - CVE-2020-1350 - Microsoft DNS Server Vulnerability |
| 2020-04-27/a> | Xavier Mertens | Powershell Payload Stored in a PSCredential Object |
| 2020-02-27/a> | Xavier Mertens | Offensive Tools Are For Blue Teams Too |
| 2020-02-25/a> | Jan Kopriva | Quick look at a couple of current online scam campaigns |
| 2019-11-29/a> | Russ McRee | ISC Snapshot: Search with SauronEye |
| 2019-11-09/a> | Guy Bruneau | Fake Netflix Update Request by Text |
| 2019-11-08/a> | Xavier Mertens | Microsoft Apps Diverted from Their Main Use |
| 2019-08-28/a> | Johannes Ullrich | [Guest Diary] Open Redirect: A Small But Very Common Vulnerability |
| 2019-08-21/a> | Russ McRee | KAPE: Kroll Artifact Parser and Extractor |
| 2019-07-16/a> | Russ McRee | Commando VM: The Complete Mandiant Offensive VM |
| 2019-04-05/a> | Russ McRee | Beagle: Graph transforms for DFIR data & logs |
| 2018-10-17/a> | Russ McRee | RedHunt Linux - Adversary Emulation, Threat Hunting & Intelligence |
| 2018-03-08/a> | Xavier Mertens | CRIMEB4NK IRC Bot |
| 2017-12-27/a> | Guy Bruneau | What are your Security Challenges for 2018? |
| 2016-09-09/a> | Xavier Mertens | Collecting Users Credentials from Locked Devices |
| 2016-06-29/a> | Xavier Mertens | Phishing Campaign with Blurred Images |
| 2016-01-05/a> | Guy Bruneau | What are you Concerned the Most in 2016? |
| 2015-05-23/a> | Guy Bruneau | Business Value in "Big Data" |
| 2015-03-18/a> | Daniel Wesemann | Pass the hash! |
| 2015-01-31/a> | Guy Bruneau | Beware of Phishing and Spam Super Bowl Fans! |
| 2014-11-24/a> | Richard Porter | Someone is using this? PoS: Compressor |
| 2014-09-12/a> | Chris Mohan | Are credential dumps worth reviewing? |
| 2014-07-03/a> | Johannes Ullrich | Credit Card Processing in 700 Words or Less |
| 2014-06-13/a> | Richard Porter | A welcomed response, PF Chang's |
| 2013-12-19/a> | Rob VandenBrink | Target US - Credit Card Data Breach |
| 2013-09-23/a> | Rob VandenBrink | How do you spell "PSK"? |
| 2013-07-12/a> | Johannes Ullrich | DNS resolution is failing for Microsofts Teredo server (teredo.ipv6.microsoft.com) |
| 2013-07-12/a> | Johannes Ullrich | Microsoft Teredo Server "Sunset" |
| 2013-03-09/a> | Guy Bruneau | IPv6 Focus Month: IPv6 Encapsulation - Protocol 41 |
| 2013-02-21/a> | Pedro Bueno | NBC site redirecting to Exploit kit |
| 2011-05-03/a> | Johannes Ullrich | Analyzing Teredo with tshark and Wireshark |
| 2011-01-03/a> | Johannes Ullrich | What Will Matter in 2011 |
| 2010-07-24/a> | Manuel Humberto Santander Pelaez | Transmiting logon information unsecured in the network |
| 2010-06-15/a> | Manuel Humberto Santander Pelaez | Mastercard delivering cards with OTP device included |
| 2010-04-22/a> | John Bambenek | Data Redaction: You're Doing it Wrong |
| 2010-02-16/a> | Jim Clausing | Teredo request for packets |
| 2010-02-16/a> | Johannes Ullrich | Teredo "stray packet" analysis |
| 2009-07-28/a> | Adrien de Beaupre | YYAMCCBA |
| 2009-05-18/a> | Rick Wanner | JSRedir-R/Gumblar badness |
TEAM |
| 2024-12-18/a> | Jesse La Grew | [Guest Diary] A Deep Dive into TeamTNT and Spinning YARN |
| 2024-11-07/a> | Xavier Mertens | Steam Account Checker Poisoned with Infostealer |
| 2023-07-01/a> | Russ McRee | Sandfly Security |
| 2023-05-09/a> | Russ McRee | Exploratory Data Analysis with CISSM Cyber Attacks Database - Part 2 |
| 2022-09-23/a> | Xavier Mertens | Kids Like Cookies, Malware Too! |
| 2022-09-19/a> | Russ McRee | Chainsaw: Hunt, search, and extract event log records |
| 2022-06-10/a> | Russ McRee | EPSScall: An Exploit Prediction Scoring System App |
| 2021-12-28/a> | Russ McRee | LotL Classifier tests for shells, exfil, and miners |
| 2021-03-06/a> | Xavier Mertens | Spotting the Red Team on VirusTotal! |
| 2021-03-02/a> | Russ McRee | Adversary Simulation with Sim |
| 2021-01-19/a> | Russ McRee | Gordon for fast cyber reputation checks |
| 2020-10-23/a> | Russ McRee | Sooty: SOC Analyst's All-in-One Tool |
| 2020-08-12/a> | Russ McRee | To the Brim at the Gates of Mordor Pt. 1 |
| 2020-06-30/a> | Russ McRee | ISC Snapshot: SpectX IP Hitcount Query |
| 2020-04-21/a> | Russ McRee | SpectX: Log Parser for DFIR |
| 2020-02-27/a> | Xavier Mertens | Offensive Tools Are For Blue Teams Too |
| 2020-01-21/a> | Russ McRee | DeepBlueCLI: Powershell Threat Hunting |
| 2019-11-29/a> | Russ McRee | ISC Snapshot: Search with SauronEye |
| 2019-11-08/a> | Xavier Mertens | Microsoft Apps Diverted from Their Main Use |
| 2019-10-06/a> | Russ McRee | visNetwork for Network Data |
| 2019-08-21/a> | Russ McRee | KAPE: Kroll Artifact Parser and Extractor |
| 2019-07-16/a> | Russ McRee | Commando VM: The Complete Mandiant Offensive VM |
| 2019-04-05/a> | Russ McRee | Beagle: Graph transforms for DFIR data & logs |
| 2019-02-05/a> | Rob VandenBrink | Mitigations against Mimikatz Style Attacks |
| 2018-10-17/a> | Russ McRee | RedHunt Linux - Adversary Emulation, Threat Hunting & Intelligence |
| 2018-06-16/a> | Russ McRee | Anomaly Detection & Threat Hunting with Anomalize |
| 2012-04-23/a> | Russ McRee | Emergency Operations Centers & Security Incident Management: A Correlation |
| 2011-03-25/a> | Kevin Liston | APT Tabletop Exercise |
| 2010-01-22/a> | Mari Nichols | Pass-down for a Successful Incident Response |
| 2010-01-14/a> | Bojan Zdrnja | DRG (Dragon Research Group) Distro available for general release |
| 2009-03-22/a> | Mari Nichols | Dealing with Security Challenges |
