Date Author Title

RUBY ON RAILS

2013-06-27Tony CarothersRuby Update for SSL Vulnerability
2013-01-09Rob VandenBrinkSQL Injection Flaw in Ruby on Rails

RUBY

2021-06-15/a>Johannes UllrichMulti Perimeter Device Exploit Mirai Version Hunting For Sonicwall, DLink, Cisco and more
2013-06-27/a>Tony CarothersRuby Update for SSL Vulnerability
2013-01-09/a>Rob VandenBrinkSQL Injection Flaw in Ruby on Rails

ON

2024-11-19/a>Xavier MertensDetecting the Presence of a Debugger in Linux
2024-11-07/a>Xavier MertensSteam Account Checker Poisoned with Infostealer
2024-11-06/a>Jesse La Grew[Guest Diary] Insights from August Web Traffic Surge
2024-11-05/a>Xavier MertensPython RAT with a Nice Screensharing Feature
2024-10-31/a>Guy BruneauOctober 2024 Activity with Username chenzilong
2024-10-07/a>Xavier MertensmacOS Sequoia: System/Network Admins, Hold On!
2024-09-25/a>Johannes UllrichDNS Reflection Update and Odd Corrupted DNS Requests
2024-09-18/a>Xavier MertensPython Infostealer Patching Windows Exodus App
2024-09-17/a>Xavier Mertens23:59, Time to Exfiltrate!
2024-09-16/a>Xavier MertensManaging PE Files With Overlays
2024-09-13/a>Jesse La GrewFinding Honeypot Data Clusters Using DBSCAN: Part 2
2024-09-11/a>Xavier MertensPython Libraries Used for Malicious Purposes
2024-09-06/a>Jesse La GrewEnrichment Data: Keeping it Fresh
2024-08-30/a>Jesse La GrewSimulating Traffic With Scapy
2024-08-29/a>Xavier MertensLive Patching DLLs with Python
2024-08-27/a>Xavier MertensWhy Is Python so Popular to Infect Windows Hosts?
2024-08-26/a>Xavier MertensFrom Highly Obfuscated Batch File to XWorm and Redline
2024-08-23/a>Jesse La GrewPandas Errors: What encoding are my logs in?
2024-08-19/a>Xavier MertensDo you Like Donuts? Here is a Donut Shellcode Delivered Through PowerShell/Python
2024-08-16/a>Jesse La Grew[Guest Diary] 7 minutes and 4 steps to a quick win: A write-up on custom tools
2024-07-26/a>Xavier MertensExelaStealer Delivered "From Russia With Love"
2024-07-25/a>Xavier MertensXWorm Hidden With Process Hollowing
2024-07-24/a>Xavier Mertens"Mouse Logger" Malicious Python Script
2024-07-10/a>Jesse La GrewFinding Honeypot Data Clusters Using DBSCAN: Part 1
2024-07-08/a>Xavier MertensKunai: Keep an Eye on your Linux Hosts Activity
2024-07-01/a>Johannes UllrichSSH "regreSSHion" Remote Code Execution Vulnerability in OpenSSH.
2024-06-15/a>Didier StevensOverview of My Tools That Handle JSON Data
2024-06-13/a>Guy BruneauThe Art of JQ and Command-line Fu [Guest Diary]
2024-06-06/a>Xavier MertensMalicious Python Script with a "Best Before" Date
2024-05-31/a>Xavier Mertens"K1w1" InfoStealer Uses gofile.io for Exfiltration
2024-05-30/a>Xavier MertensFeeding MISP with OSSEC
2024-04-29/a>Johannes UllrichD-Link NAS Device Backdoor Abused
2024-04-25/a>Jesse La GrewDoes it matter if iptables isn't running on my honeypot?
2024-04-22/a>Jan KoprivaIt appears that the number of industrial devices accessible from the internet has risen by 30 thousand over the past three years
2024-04-17/a>Xavier MertensMalicious PDF File Used As Delivery Mechanism
2024-04-17/a>Rob VandenBrinkThe CVE's They are A-Changing!
2024-03-28/a>Xavier MertensFrom JavaScript to AsyncRAT
2024-03-13/a>Xavier MertensUsing ChatGPT to Deobfuscate Malicious Scripts
2024-03-10/a>Guy BruneauWhat happens when you accidentally leak your AWS API keys? [Guest Diary]
2024-03-07/a>Jesse La Grew[Guest Diary] AWS Deployment Risks - Configuration and Credential File Targeting
2024-03-03/a>Guy BruneauCapturing DShield Packets with a LAN Tap [Guest Diary]
2024-02-28/a>Johannes UllrichExploit Attempts for Unknown Password Reset Vulnerability
2024-02-25/a>Guy BruneauUtilizing the VirusTotal API to Query Files Uploaded to DShield Honeypot [Guest Diary]
2024-02-20/a>Xavier MertensPython InfoStealer With Dynamic Sandbox Detection
2024-02-18/a>Guy BruneauMirai-Mirai On The Wall... [Guest Diary]
2024-02-15/a>Jesse La Grew[Guest Diary] Learning by doing: Iterative adventures in troubleshooting
2024-02-09/a>Xavier MertensMSIX With Heavily Obfuscated PowerShell Script
2024-02-08/a>Xavier MertensA Python MP3 Player with Builtin Keylogger Capability
2024-02-03/a>Guy BruneauDShield Sensor Log Collection with Elasticsearch
2024-01-30/a>Johannes UllrichWhat did I say to make you stop talking to me?
2024-01-29/a>Johannes UllrichExploit Flare Up Against Older Altassian Confluence Vulnerability
2024-01-26/a>Xavier MertensA Batch File With Multiple Payloads
2024-01-25/a>Xavier MertensFacebook AdsManager Targeted by a Python Infostealer
2024-01-19/a>Xavier MertensmacOS Python Script Replacing Wallet Applications with Rogue Apps
2024-01-17/a>Jesse La GrewNumber Usage in Passwords
2024-01-12/a>Xavier MertensOne File, Two Payloads
2024-01-08/a>Jesse La GrewWhat is that User Agent?
2024-01-02/a>Johannes UllrichFingerprinting SSH Identification Strings
2023-12-27/a>Guy BruneauUnveiling the Mirai: Insights into Recent DShield Honeypot Activity [Guest Diary]
2023-12-23/a>Xavier MertensPython Keylogger Using Mailtrap.io
2023-12-22/a>Xavier MertensShall We Play a Game?
2023-12-20/a>Guy BruneauHow to Protect your Webserver from Directory Enumeration Attack ? Apache2 [Guest Diary]
2023-12-16/a>Xavier MertensAn Example of RocketMQ Exploit Scanner
2023-12-13/a>Guy BruneauT-shooting Terraform for DShield Honeypot in Azure [Guest Diary]
2023-12-10/a>Guy BruneauHoneypots: From the Skeptical Beginner to the Tactical Enthusiast
2023-11-30/a>John BambenekProphetic Post by Intern on CVE-2023-1389 Foreshadows Mirai Botnet Expansion Today
2023-11-27/a>Guy BruneauDecoding the Patterns: Analyzing DShield Honeypot Activity [Guest Diary]
2023-11-22/a>Guy BruneauCVE-2023-1389: A New Means to Expand Botnets
2023-11-20/a>Jesse La GrewOverflowing Web Honeypot Logs
2023-11-09/a>Xavier MertensVisual Examples of Code Injection
2023-10-31/a>Xavier MertensMultiple Layers of Anti-Sandboxing Techniques
2023-10-29/a>Guy BruneauSpam or Phishing? Looking for Credentials & Passwords
2023-10-15/a>Guy BruneauDomain Name Used as Password Captured by DShield Sensor
2023-10-03/a>Tom WebbAre Local LLMs Useful in Incident Response?
2023-09-30/a>Xavier MertensSimple Netcat Backdoor in Python Script
2023-09-26/a>Johannes UllrichApple Releases MacOS Sonoma Including Numerous Security Patches
2023-09-14/a>Jesse La GrewDShield and qemu Sitting in a Tree: L-O-G-G-I-N-G
2023-09-09/a>Guy Bruneau?Anyone get the ASN of the Truck that Hit Me?!?: Creating a PowerShell Function to Make 3rd Party API Calls for Extending Honeypot Information [Guest Diary]
2023-09-05/a>Jesse La GrewCommon usernames submitted to honeypots
2023-09-02/a>Jesse La GrewWhat is the origin of passwords submitted to honeypots?
2023-08-31/a>Guy BruneauPotential Weaponizing of Honeypot Logs [Guest Diary]
2023-08-25/a>Xavier MertensPython Malware Using Postgresql for C2 Communications
2023-08-23/a>Xavier MertensMore Exotic Excel Files Dropping AgentTesla
2023-08-23/a>Guy BruneauHow I made a qwerty ?keyboard walk? password generator with ChatGPT [Guest Diary]
2023-08-22/a>Xavier MertensHave You Ever Heard of the Fernet Encryption Algorithm?
2023-08-21/a>Xavier MertensQuick Malware Triage With Inotify Tools
2023-08-17/a>Jesse La GrewCommand Line Parsing - Are These Really Unique Strings?
2023-08-12/a>Guy BruneauDShield Sensor Monitoring with a Docker ELK Stack [Guest Diary]
2023-08-11/a>Xavier MertensShow me All Your Windows!
2023-07-28/a>Xavier MertensShellCode Hidden with Steganography
2023-07-26/a>Xavier MertensSuspicious IP Addresses Avoided by Malware Samples
2023-07-23/a>Guy BruneauInstall & Configure Filebeat on Raspberry Pi ARM64 to Parse DShield Sensor Logs
2023-07-13/a>Jesse La GrewDShield Honeypot Maintenance and Data Retention
2023-07-06/a>Jesse La GrewIDS Comparisons with DShield Honeypot Data
2023-07-01/a>Russ McReeSandfly Security
2023-06-27/a>Xavier MertensThe Importance of Malware Triage
2023-06-20/a>Xavier MertensMalicious Code Can Be Anywhere
2023-06-16/a>Xavier MertensAnother RAT Delivered Through VBS
2023-06-11/a>Guy BruneauDShield Honeypot Activity for May 2023
2023-06-09/a>Xavier MertensUndetected PowerShell Backdoor Disguised as a Profile File
2023-05-28/a>Guy BruneauWe Can no Longer Ignore the Cost of Cybersecurity
2023-05-20/a>Xavier MertensPhishing Kit Collecting Victim's IP Address
2023-05-17/a>Xavier MertensIncrease in Malicious RAR SFX files
2023-05-14/a>Guy BruneauVMware Aria Operations addresses multiple Local Privilege Escalations and a Deserialization issue
2023-05-14/a>Guy BruneauDShield Sensor Update
2023-05-09/a>Russ McReeExploratory Data Analysis with CISSM Cyber Attacks Database - Part 2
2023-05-03/a>Xavier MertensIncreased Number of Configuration File Scans
2023-04-28/a>Xavier MertensQuick IOC Scan With Docker
2023-04-17/a>Jan KoprivaThe strange case of Great honeypot of China
2023-04-08/a>Xavier MertensMicrosoft Netlogon: Potential Upcoming Impacts of CVE-2022-38023
2023-04-05/a>Jesse La GrewExploration of DShield Cowrie Data with jq
2023-03-31/a>Jan KoprivaUse of X-Frame-Options and CSP frame-ancestors security headers on 1 million most popular domains
2023-03-30/a>Xavier MertensBypassing PowerShell Strong Obfuscation
2023-03-29/a>Didier StevensExtracting Multiple Streams From OLE Files
2023-03-28/a>Jesse La GrewNetwork Data Collector Placement Makes a Difference
2023-03-21/a>Didier StevensString Obfuscation: Character Pair Reversal
2023-03-18/a>Xavier MertensOld Backdoor, New Obfuscation
2023-03-11/a>Xavier MertensOverview of a Mirai Payload Generator
2023-03-02/a>Didier StevensYARA: Detect The Unexpected ...
2023-03-01/a>Xavier MertensPython Infostealer Targeting Gamers
2023-02-22/a>Johannes UllrichInternet Wide Scan Fingerprinting Confluence Servers
2023-02-15/a>Rob VandenBrinkDNS Recon Redux - Zone Transfers (plus a time machine) for When You Can't do a Zone Transfer
2023-02-10/a>Xavier MertensObfuscated Deactivation of Script Block Logging
2023-02-09/a>Xavier MertensA Backdoor with Smart Screenshot Capability
2023-02-05/a>Didier StevensVideo: Analyzing Malicious OneNote Documents
2023-02-04/a>Guy BruneauAssemblyline as a Malware Analysis Sandbox
2023-02-01/a>Didier StevensDetecting (Malicious) OneNote Files
2023-01-31/a>Jesse La GrewDShield Honeypot Setup with pfSense
2023-01-26/a>Tom WebbLive Linux IR with UAC
2023-01-25/a>Xavier MertensA First Malicious OneNote Document
2023-01-23/a>Xavier MertensWho's Resolving This Domain?
2023-01-21/a>Guy BruneauDShield Sensor JSON Log to Elasticsearch
2023-01-08/a>Guy BruneauDShield Sensor JSON Log Analysis
2022-12-29/a>Jesse La GrewOpening the Door for a Knock: Creating a Custom DShield Listener
2022-12-28/a>Rob VandenBrinkPlaying with Powershell and JSON (and Amazon and Firewalls)
2022-12-21/a>Guy BruneauDShield Sensor Setup in Azure
2022-12-20/a>Xavier MertensLinux File System Monitoring & Actions
2022-12-19/a>Xavier MertensHunting for Mastodon Servers
2022-12-03/a>Guy BruneauLinux LOLBins Applications Available in Windows
2022-11-14/a>Jesse La GrewExtracting 'HTTP CONNECT' Requests with Python
2022-11-05/a>Guy BruneauWindows Malware with VHD Extension
2022-11-04/a>Xavier MertensRemcos Downloader with Unicode Obfuscation
2022-10-24/a>Xavier MertensC2 Communications Through outlook.com
2022-10-22/a>Didier Stevensrtfdump's Find Option
2022-10-19/a>Xavier MertensAre Internet Scanning Services Good or Bad for You?
2022-10-18/a>Xavier MertensPython Obfuscation for Dummies
2022-10-08/a>Didier StevensSysmon v14.1 Release
2022-09-26/a>Xavier MertensEasy Python Sandbox Detection
2022-09-14/a>Xavier MertensEasy Process Injection within Python
2022-09-12/a>Johannes UllrichVirusTotal Result Comparisons for Honeypot Malware
2022-09-07/a>Johannes UllrichPHP Deserialization Exploit attempt
2022-08-28/a>Didier StevensSysinternals Updates: Sysmon v14.0 and ZoomIt v6.01
2022-08-26/a>Xavier MertensPaypal Phishing/Coinbase in One Image
2022-08-24/a>Brad DuncanMonster Libra (TA551/Shathak) --> IcedID (Bokbot) --> Cobalt Strike & DarkVNC
2022-08-19/a>Johannes UllrichWindows Security Blocks UPX Compressed (packed) Binaries
2022-08-18/a>Johannes UllrichHoneypot Attack Summaries with Python
2022-08-08/a>Johannes UllrichJSON All the Logs!
2022-07-28/a>Johannes UllrichExfiltrating Data With Bookmarks
2022-07-20/a>Xavier MertensMalicious Python Script Behaving Like a Rubber Ducky
2022-07-19/a>Johannes UllrichRequests For beacon.http-get. Help Us Figure Out What They Are Looking For
2022-06-24/a>Xavier MertensPython (ab)using The Windows GUI
2022-06-22/a>Xavier MertensMalicious PowerShell Targeting Cryptocurrency Browser Extensions
2022-06-19/a>Didier StevensVideo: Decoding Obfuscated BASE64 Statistically
2022-06-18/a>Didier StevensDecoding Obfuscated BASE64 Statistically
2022-06-16/a>Xavier MertensHoudini is Back Delivered Through a JavaScript Dropper
2022-06-15/a>Johannes UllrichTerraforming Honeypots. Installing DShield Sensors in the Cloud
2022-06-03/a>Xavier MertensSandbox Evasion... With Just a Filename!
2022-06-02/a>Johannes UllrichQuick Answers in Incident Response: RECmd.exe
2022-06-01/a>Jan KoprivaHTML phishing attachments - now with anti-analysis features
2022-05-30/a>Xavier MertensNew Microsoft Office Attack Vector via "ms-msdt" Protocol Scheme (CVE-2022-30190)
2022-05-24/a>Yee Ching Tokctx Python Library Updated with "Extra" Features
2022-05-03/a>Johannes UllrichSome Honeypot Updates
2022-05-03/a>Rob VandenBrinkFinding the Real "Last Patched" Day (Interim Version)
2022-04-29/a>Rob VandenBrinkUsing Passive DNS sources for Reconnaissance and Enumeration
2022-04-21/a>Xavier MertensMulti-Cryptocurrency Clipboard Swapper
2022-04-19/a>Johannes UllrichResetting Linux Passwords with U-Boot Bootloaders
2022-04-03/a>Didier Stevensjo
2022-04-02/a>Didier Stevenscurl 7.82.0 Adds --json Option
2022-03-31/a>Johannes UllrichSpring Vulnerability Update - Exploitation Attempts CVE-2022-22965
2022-03-29/a>Johannes UllrichMore Fake/Typosquatting Twitter Accounts Asking for Ukraine Crytocurrency Donations
2022-03-23/a>Brad DuncanArkei Variants: From Vidar to Mars Stealer
2022-03-13/a>Didier StevensYARA 4.2.0 Released
2022-03-09/a>Xavier MertensInfostealer in a Batch File
2022-03-04/a>Johannes UllrichScam E-Mail Impersonating Red Cross
2022-02-22/a>Xavier MertensA Good Old Equation Editor Vulnerability Delivering Malware
2022-02-20/a>Didier StevensVideo: YARA's Console Module
2022-02-10/a>Johannes UllrichZyxel Network Storage Devices Hunted By Mirai Variant
2022-02-03/a>Johannes UllrichKeeping Track of Your Attack Surface for Cheap
2022-02-01/a>Xavier MertensAutomation is Nice But Don't Replace Your Knowledge
2022-01-31/a>Xavier MertensBe careful with RPMSG files
2022-01-30/a>Didier StevensYARA's Console Module
2022-01-20/a>Xavier MertensRedLine Stealer Delivered Through FTP
2022-01-07/a>Xavier MertensCustom Python RAT Builder
2022-01-06/a>Xavier MertensMalicious Python Script Targeting Chinese People
2022-01-01/a>Didier StevensExpect Regressions
2021-12-28/a>Russ McReeLotL Classifier tests for shells, exfil, and miners
2021-12-21/a>Xavier MertensMore Undetected PowerShell Dropper
2021-12-18/a>Guy BruneauVMware Security Update - https://www.vmware.com/security/advisories/VMSA-2021-0030.html
2021-12-16/a>Brad DuncanHow the "Contact Forms" campaign tricks people
2021-12-14/a>Johannes UllrichLog4j: Getting ready for the long haul (CVE-2021-44228)
2021-12-10/a>Xavier MertensPython Shellcode Injection From JSON Data
2021-12-06/a>Xavier MertensThe Importance of Out-of-Band Networks
2021-12-01/a>Xavier MertensInfo-Stealer Using webhook.site to Exfiltrate Data
2021-11-20/a>Guy BruneauHikvision Security Cameras Potentially Exposed to Remote Code Execution
2021-11-18/a>Xavier MertensJavaScript Downloader Delivers Agent Tesla Trojan
2021-11-14/a>Didier StevensVideo: Obfuscated Maldoc: Reversed BASE64
2021-11-10/a>Xavier MertensShadow IT Makes People More Vulnerable to Phishing
2021-11-08/a>Xavier Mertens(Ab)Using Security Tools & Controls for the Bad
2021-10-18/a>Xavier MertensMalicious PowerShell Using Client Certificate Authentication
2021-09-24/a>Xavier MertensKeep an Eye on Your Users Mobile Devices (Simple Inventory)
2021-09-22/a>Didier StevensAn XML-Obfuscated Office Document (CVE-2021-40444)
2021-09-17/a>Xavier MertensMalicious Calendar Subscriptions Are Back?
2021-09-15/a>Brad DuncanHancitor campaign abusing Microsoft's OneDrive
2021-08-30/a>Xavier MertensCryptocurrency Clipboard Swapper Delivered With Love
2021-08-29/a>Guy BruneauFilter JSON Data by Value with Linux jq
2021-08-19/a>Johannes UllrichWhen Lightning Strikes. What works and doesn't work.
2021-08-17/a>Johannes UllrichLaravel (<=v8.4.2) exploit attempts for CVE-2021-3129 (debug mode: Remote code execution)
2021-08-13/a>Guy BruneauScanning for Microsoft Exchange eDiscovery
2021-07-31/a>Guy BruneauUnsolicited DNS Queries
2021-07-28/a>Jan KoprivaA sextortion e-mail from...IT support?!
2021-07-20/a>Bojan ZdrnjaSummer of SAM - incorrect permissions on Windows 10/11 hives
2021-07-16/a>Xavier MertensMultiple BaseXX Obfuscations
2021-07-14/a>Jan KoprivaOne way to fail at malspam - give recipients the wrong password for an encrypted attachment
2021-07-08/a>Xavier MertensUsing Sudo with Python For More Security Controls
2021-07-06/a>Xavier MertensPython DLL Injection Check
2021-07-04/a>Didier StevensDIY CD/DVD Destruction - Follow Up
2021-07-02/a>Xavier Mertens"inception.py"... Multiple Base64 Encodings
2021-06-27/a>Didier StevensDIY CD/DVD Destruction
2021-06-24/a>Xavier MertensDo you Like Cookies? Some are for sale!
2021-06-21/a>Rick WannerMitre CWE - Common Weakness Enumeration
2021-06-15/a>Johannes UllrichMulti Perimeter Device Exploit Mirai Version Hunting For Sonicwall, DLink, Cisco and more
2021-06-12/a>Guy BruneauFortinet Targeted for Unpatched SSL VPN Discovery Activity
2021-06-11/a>Xavier MertensKeeping an Eye on Dangerous Python Modules
2021-06-11/a>Xavier MertensSonicwall SRA 4600 Targeted By an Old Vulnerability
2021-06-07/a>Johannes UllrichAmazon Sidewalk: Cutting Through the Hype
2021-06-04/a>Xavier MertensRussian Dolls VBS Obfuscation
2021-05-31/a>Rick WannerQuick and dirty Python: nmap
2021-05-30/a>Didier StevensSysinternals: Procmon, Sysmon, TcpView and Process Explorer update
2021-05-23/a>Didier StevensVideo: Making Sense Of Encrypted Cobalt Strike Traffic
2021-05-12/a>Jan KoprivaNumber of industrial control systems on the internet is lower then in 2020...but still far from zero
2021-05-10/a>Johannes UllrichCorrectly Validating IP Addresses: Why encoding matters for input validation.
2021-05-08/a>Guy BruneauWho is Probing the Internet for Research Purposes?
2021-05-04/a>Rick WannerQuick and dirty Python: masscan
2021-04-29/a>Xavier MertensFrom Python to .Net
2021-04-25/a>Didier StevensSysinternals: Procmon and Sysmon update
2021-04-22/a>Xavier MertensHow Safe Are Your Docker Images?
2021-04-19/a>Jan KoprivaHunting phishing websites with favicon hashes
2021-04-18/a>Didier StevensDecoding Cobalt Strike Traffic
2021-04-12/a>Didier StevensExample of Cleartext Cobalt Strike Traffic (Thanks Brad)
2021-04-09/a>Xavier MertensNo Python Interpreter? This Simple RAT Installs Its Own Copy
2021-04-02/a>Xavier MertensC2 Activity: Sandboxes or Real Victims?
2021-03-31/a>Xavier MertensQuick Analysis of a Modular InfoStealer
2021-03-18/a>Xavier MertensSimple Python Keylogger
2021-03-10/a>Rob VandenBrinkSharpRDP - PSExec without PSExec, PSRemoting without PowerShell
2021-03-07/a>Didier StevensPCAPs and Beacons
2021-03-02/a>Russ McReeAdversary Simulation with Sim
2021-02-28/a>Didier StevensMaldocs: Protection Passwords
2021-02-26/a>Guy BruneauPretending to be an Outlook Version Update
2021-02-22/a>Didier StevensUnprotecting Malicious Documents For Inspection
2021-02-13/a>Guy BruneauvSphere Replication updates address a command injection vulnerability (CVE-2021-21976) - https://www.vmware.com/security/advisories/VMSA-2021-0001.html
2021-02-04/a>Bojan ZdrnjaAbusing Google Chrome extension syncing for data exfiltration and C&C
2021-02-01/a>Rob VandenBrinkTaking a Shot at Reverse Shell Attacks, CNC Phone Home and Data Exfil from Servers
2021-01-22/a>Xavier MertensAnother File Extension to Block in your MTA: .jnlp
2021-01-19/a>Russ McReeGordon for fast cyber reputation checks
2021-01-18/a>Didier StevensDoc & RTF Malicious Document
2021-01-17/a>Didier StevensNew Release of Sysmon Adding Detection for Process Tampering
2021-01-15/a>Guy BruneauObfuscated DNS Queries
2021-01-04/a>Jan KoprivaFrom a small BAT file to Mass Logger infostealer
2021-01-02/a>Guy BruneauProtecting Home Office and Enterprise in 2021
2020-12-29/a>Jan KoprivaWant to know what's in a folder you don't have a permission to access? Try asking your AV solution...
2020-12-22/a>Xavier MertensMalware Victim Selection Through WiFi Identification
2020-12-19/a>Guy BruneauSecure Communication using TLS in Elasticsearch
2020-12-17/a>Daniel Wesemann"Amazon" invoice that asks to call 1-866-335-0659 "to cancel" an order that you never made is (obviously) a #scam
2020-12-13/a>Didier StevensKringleCon 2020
2020-12-10/a>Xavier MertensPython Backdoor Talking to a C2 Through Ngrok
2020-12-04/a>Guy BruneauDetecting Actors Activity with Threat Intel
2020-11-30/a>Didier StevensDecrypting PowerShell Payloads (video)
2020-11-22/a>Didier StevensQuick Tip: Extracting all VBA Code from a Maldoc - JSON Format
2020-11-21/a>Guy BruneauVMware privilege escalation vulnerabilities (CVE-2020-4004, CVE-2020-4005) - https://www.vmware.com/security/advisories/VMSA-2020-0026.html
2020-11-20/a>Xavier MertensMalicious Python Code and LittleSnitch Detection
2020-11-19/a>Xavier MertensPowerShell Dropper Delivering Formbook
2020-11-13/a>Xavier MertensOld Worm But New Obfuscation Technique
2020-11-09/a>Xavier MertensHow Attackers Brush Up Their Malicious Scripts
2020-11-07/a>Guy BruneauCryptojacking Targeting WebLogic TCP/7001
2020-11-05/a>Xavier MertensDid You Spot "Invoke-Expression"?
2020-10-24/a>Guy BruneauAn Alternative to Shodan, Censys with User-Agent CensysInspect/1.1
2020-10-20/a>Xavier MertensMirai-alike Python Scanner
2020-10-14/a>Xavier MertensNicely Obfuscated Python RAT
2020-09-30/a>Johannes UllrichScans for FPURL.xml: Reconnaissance or Not?
2020-09-29/a>Xavier MertensManaging Remote Access for Partners & Contractors
2020-09-24/a>Xavier MertensParty in Ibiza with PowerShell
2020-09-20/a>Guy BruneauAnalysis of a Salesforce Phishing Emails
2020-09-18/a>Xavier MertensA Mix of Python & VBA in a Malicious Word Document
2020-09-17/a>Xavier MertensSuspicious Endpoint Containment with OSSEC
2020-09-04/a>Jan KoprivaA blast from the past - XXEncoded VB6.0 Trojan
2020-09-03/a>Xavier MertensSandbox Evasion Using NTP
2020-09-02/a>Xavier MertensPython and Risky Windows API Calls
2020-08-28/a>Xavier MertensExample of Malicious DLL Injected in PowerShell
2020-08-19/a>Xavier MertensExample of Word Document Delivering Qakbot
2020-08-18/a>Xavier MertensUsing API's to Track Attackers
2020-08-16/a>Didier StevensSmall Challenge: A Simple Word Maldoc - Part 3
2020-08-10/a>Bojan ZdrnjaScoping web application and web service penetration tests
2020-08-04/a>Johannes UllrichInternet Choke Points: Concentration of Authoritative Name Servers
2020-07-30/a>Johannes UllrichPython Developers: Prepare!!!
2020-07-27/a>Johannes UllrichIn Memory of Donald Smith
2020-07-24/a>Xavier MertensCompromized Desktop Applications by Web Technologies
2020-07-20/a>Rick WannerSextortion Update: The Final Final Chapter
2020-07-11/a>Guy BruneauVMware XPC Client validation privilege escalation vulnerability - https://www.vmware.com/security/advisories/VMSA-2020-0017.html
2020-07-08/a>Xavier MertensIf You Want Something Done Right, You Have To Do It Yourself... Malware Too!
2020-07-01/a>Jim ClausingSetting up the Dshield honeypot and tcp-honeypot.py
2020-06-29/a>Didier StevensSysmon and Alternate Data Streams
2020-06-28/a>Guy Bruneautcp-honeypot.py Logstash Parser & Dashboard Update
2020-06-25/a>Johannes UllrichTech Tuesday Recap / Recordings: Part 2 (Installing the Honeypot) release.
2020-06-20/a>Tom WebbPi Zero HoneyPot
2020-06-16/a>Xavier MertensSextortion to The Next Level
2020-06-05/a>Remco VerhoefNot so FastCGI!
2020-06-04/a>Xavier MertensAnti-Debugging Technique based on Memory Protection
2020-05-31/a>Guy BruneauWindows 10 Built-in Packet Sniffer - PktMon
2020-05-29/a>Johannes UllrichThe Impact of Researchers on Our Data
2020-05-04/a>Didier StevensSysmon and File Deletion
2020-05-01/a>Jim ClausingAttack traffic on TCP port 9673
2020-04-27/a>Xavier MertensPowershell Payload Stored in a PSCredential Object
2020-04-24/a>Xavier MertensMalicious Excel With a Strong Obfuscation and Sandbox Evasion
2020-04-03/a>Xavier MertensObfuscated with a Simple 0x0A
2020-03-23/a>Didier StevensWindows Zeroday Actively Exploited: Type 1 Font Parsing Remote Code Execution Vulnerability
2020-03-15/a>Guy BruneauVPN Access and Activity Monitoring
2020-03-11/a>Xavier MertensAgent Tesla Delivered via Fake Canon EOS Notification on Free OwnCloud Account
2020-02-27/a>Xavier MertensOffensive Tools Are For Blue Teams Too
2020-02-22/a>Xavier MertensSimple but Efficient VBScript Obfuscation
2020-02-16/a>Guy BruneauSOAR or not to SOAR?
2020-02-14/a>Xavier MertensKeep an Eye on Command-Line Browsers
2020-02-08/a>Russell EubanksAfter Action Review
2020-02-07/a>Xavier MertensSandbox Detection Tricks & Nice Obfuscation in a Single VBScript
2020-01-27/a>Johannes UllrichNetwork Security Perspective on Coronavirus Preparedness
2020-01-23/a>Xavier MertensComplex Obfuscation VS Simple Trick
2020-01-16/a>Jan KoprivaPicks of 2019 malware - the large, the small and the one full of null bytes
2020-01-12/a>Guy BruneauELK Dashboard and Logstash parser for tcp-honeypot Logs
2020-01-10/a>Xavier MertensMore Data Exfiltration
2020-01-04/a>Didier StevensKringleCon 2019
2019-12-23/a>Didier StevensNew oledump.py plugin: plugin_version_vba
2019-11-29/a>Russ McReeISC Snapshot: Search with SauronEye
2019-11-22/a>Xavier MertensAbusing Web Filters Misconfiguration for Reconnaissance
2019-11-20/a>Brad DuncanHancitor infection with Pony, Evil Pony, Ursnif, and Cobalt Strike
2019-11-11/a>Johannes UllrichAre We Going Back to TheMoon (and How is Liquor Involved)?
2019-11-09/a>Guy BruneauFake Netflix Update Request by Text
2019-11-03/a>Didier StevensYou Too? "Unusual Activity with Double Base64 Encoding"
2019-10-29/a>Xavier MertensGenerating PCAP Files from YAML
2019-10-24/a>Johannes UllrichYour Supply Chain Doesn't End At Receiving: How Do You Decommission Network Equipment?
2019-10-19/a>Russell EubanksWhat Assumptions Are You Making?
2019-10-18/a>Xavier MertensQuick Malicious VBS Analysis
2019-10-16/a>Xavier MertensSecurity Monitoring: At Network or Host Level?
2019-09-27/a>Xavier MertensNew Scans for Polycom Autoconfiguration Files
2019-09-22/a>Didier StevensVideo: Encrypted Sextortion PDFs
2019-09-19/a>Xavier MertensAgent Tesla Trojan Abusing Corporate Email Accounts
2019-09-19/a>Xavier MertensBlocklisting or Whitelisting in the Right Way
2019-09-17/a>Rob VandenBrinkInvestigating Gaps in your Windows Event Logs
2019-09-16/a>Didier StevensEncrypted Sextortion PDFs
2019-08-25/a>Guy BruneauAre there any Advantages of Buying Cyber Security Insurance?
2019-08-09/a>Xavier Mertens100% JavaScript Phishing Page
2019-08-05/a>Rick WannerSextortion: Follow the Money - The Final Chapter
2019-07-28/a>Didier StevensVideo: Analyzing Compressed PowerShell Scripts
2019-07-25/a>Rob VandenBrinkWhen Users Attack! Users (and Admins) Thwarting Security Controls
2019-07-18/a>Rob VandenBrinkThe Other Side of Critical Control 1: 802.1x Wired Network Access Controls
2019-07-13/a>Guy BruneauGuidance to Protect DNS Against Hijacking & Scanning for Version.BIND Still a Thing
2019-07-11/a>Xavier MertensRussian Dolls Malicious Script Delivering Ursnif
2019-07-02/a>Xavier MertensMalicious Script With Multiple Payloads
2019-06-27/a>Rob VandenBrinkFinding the Gold in a Pile of Pennies - Long Tail Analysis in PowerShell
2019-06-20/a>Xavier MertensUsing a Travel Packing App for Infosec Purpose
2019-06-19/a>Johannes UllrichCritical Actively Exploited WebLogic Flaw Patched CVE-2019-2729
2019-06-16/a>Didier StevensSysmon Version 10: DNS Logging
2019-06-10/a>Xavier MertensInteresting JavaScript Obfuscation Example
2019-06-09/a>Didier StevensTip: Sysmon Will Log DNS Queries
2019-05-16/a>Xavier MertensThe Risk of Authenticated Vulnerability Scans
2019-04-26/a>Rob VandenBrinkPillaging Passwords from Service Accounts
2019-04-25/a>Rob VandenBrinkUnpatched Vulnerability Alert - WebLogic Zero Day
2019-04-13/a>Johannes UllrichConfiguring MTA-STS and TLS Reporting For Your Domain
2019-04-05/a>Russ McReeBeagle: Graph transforms for DFIR data & logs
2019-03-25/a>Didier Stevens"VelvetSweatshop" Maldocs: Shellcode Analysis
2019-03-24/a>Didier StevensDecoding QR Codes with Python
2019-03-23/a>Didier Stevens"VelvetSweatshop" Maldocs
2019-03-21/a>Xavier MertensNew Wave of Extortion Emails: Central Intelligence Agency Case
2019-03-20/a>Rob VandenBrinkUsing AD to find hosts that aren't in AD - fun with the [IPAddress] construct!
2019-03-06/a>Xavier MertensKeep an Eye on Disposable Email Addresses
2019-02-25/a>Didier StevensSextortion Email Variant: With QR Code
2019-02-24/a>Guy BruneauPacket Editor and Builder by Colasoft
2019-02-06/a>Brad DuncanHancitor malspam and infection traffic from Tuesday 2019-02-05
2019-02-05/a>Rob VandenBrinkMitigations against Mimikatz Style Attacks
2019-02-01/a>Rick WannerSextortion: Follow the Money Part 3 - The cashout begins!
2019-01-31/a>Xavier MertensTracking Unexpected DNS Changes
2019-01-18/a>John BambenekSextortion Bitcoin on the Move
2018-12-31/a>Didier StevensSoftware Crashes: A New Year's Resolution
2018-12-29/a>Didier StevensVideo: De-DOSfuscation Example
2018-12-22/a>Didier StevensKringleCon 2018
2018-12-19/a>Xavier MertensUsing OSSEC Active-Response as a DFIR Framework
2018-12-15/a>Didier StevensDe-DOSfuscation Example
2018-12-14/a>Rick WannerBombstortion?? Boomstortion??
2018-12-12/a>Didier StevensYet Another DOSfuscation Sample
2018-11-27/a>Xavier MertensMore obfuscated shell scripts: Fake MacOS Flash update
2018-11-27/a>Rob VandenBrinkData Exfiltration in Penetration Tests
2018-11-26/a>Russ McReeViperMonkey: VBA maldoc deobfuscation
2018-11-26/a>Xavier MertensObfuscated bash script targeting QNap boxes
2018-11-16/a>Xavier MertensBasic Obfuscation With Permissive Languages
2018-11-09/a>Tom WebbPlaying with T-POT
2018-11-06/a>Xavier MertensMalicious Powershell Script Dissection
2018-11-05/a>Johannes UllrichStruts 2.3 Vulnerable to Two Year old File Upload Flaw
2018-10-23/a>Xavier MertensDiving into Malicious AutoIT Code
2018-10-21/a>Didier StevensMSG Files: Compressed RTF
2018-10-17/a>Russ McReeRedHunt Linux - Adversary Emulation, Threat Hunting & Intelligence
2018-10-12/a>Xavier MertensMore Equation Editor Exploit Waves
2018-10-10/a>Xavier MertensNew Campaign Using Old Equation Editor Vulnerability
2018-10-01/a>Didier StevensDecoding Custom Substitution Encodings with translate.py
2018-09-30/a>Didier StevensWhen DOSfuscation Helps...
2018-09-28/a>Xavier MertensMore Excel DDE Code Injection
2018-09-19/a>Rob VandenBrinkCertificates Revisited - SSL VPN Certificates 2 Ways
2018-09-05/a>Rob VandenBrinkWhere have all my Certificates gone? (And when do they expire?)
2018-09-05/a>Xavier MertensMalicious PowerShell Compiling C# Code on the Fly
2018-09-04/a>Rob VandenBrinkLet's Trade: You Read My Email, I'll Read Your Password!
2018-08-30/a>Xavier MertensCrypto Mining Is More Popular Than Ever!
2018-08-13/a>Didier StevensNew Extortion Tricks: Now Including Your (Partial) Phone Number!
2018-07-30/a>Didier StevensMalicious Word documents using DOSfuscation
2018-07-26/a>Xavier MertensWindows Batch File Deobfuscation
2018-07-24/a>Tom WebbCell Phone Monitoring. Who is Watching the Watchers?
2018-07-15/a>Didier StevensVideo: Retrieving and processing JSON data (BTC example)
2018-07-14/a>Didier StevensRetrieving and processing JSON data (BTC example)
2018-07-12/a>Johannes UllrichNew Extortion Tricks: Now Including Your Password!
2018-07-02/a>Guy BruneauVMware ESXi, Workstation, and Fusion address multiple out-of-bounds read vulnerabilities https://www.vmware.com/security/advisories/VMSA-2018-0016.html
2018-06-18/a>Xavier MertensMalicious JavaScript Targeting Mobile Browsers
2018-06-17/a>Didier StevensEncrypted Office Documents
2018-06-15/a>Lorna HutchesonSMTP Strangeness - Possible C2
2018-06-05/a>Xavier MertensMalicious Post-Exploitation Batch File
2018-05-30/a>Bojan ZdrnjaThe end of the lock icon
2018-05-28/a>Kevin ListonDo you hear Laurel or Yanny or is it On-Off Keying?
2018-05-27/a>Guy BruneauCapture and Analysis of User Agents
2018-05-25/a>Xavier MertensAntivirus Evasion? Easy as 1,2,3
2018-05-22/a>Guy BruneauVMware updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue - https://www.vmware.com/security/advisories/VMSA-2018-0012.html
2018-05-20/a>Didier StevensDASAN GPON home routers exploits in-the-wild
2018-05-19/a>Xavier MertensMalicious Powershell Targeting UK Bank Customers
2018-05-16/a>Mark HofmanEFAIL, a weakness in openPGP and S\MIME
2018-05-10/a>Bojan ZdrnjaExfiltrating data from (very) isolated environments
2018-04-30/a>Remco VerhoefAnother approach to webapplication fingerprinting
2018-04-25/a>Johannes UllrichYet Another Drupal RCE Vulnerability
2018-03-12/a>Xavier MertensPayload delivery via SMB
2017-12-27/a>Guy BruneauWhat are your Security Challenges for 2018?
2017-12-23/a>Didier StevensEncrypted PDFs
2017-12-14/a>Russ McReeSecurity Planner: Improve your online safety
2017-12-14/a>Russ McReeDetection Lab: Visibility & Introspection for Defenders
2017-12-13/a>Xavier MertensTracking Newly Registered Domains
2017-12-05/a>Tom WebbIR using the Hive Project.
2017-11-25/a>Guy BruneauExim Remote Code Exploit
2017-11-23/a>Xavier MertensProactive Malicious Domain Search
2017-11-13/a>Guy Bruneaujsonrpc Scanning for root account
2017-11-03/a>Xavier MertensSimple Analysis of an Obfuscated JAR File
2017-10-30/a>Johannes UllrichCritical Patch For Oracle's Identity Manager
2017-10-27/a>Renato Marinho"Catch-All" Google Chrome Malicious Extension Steals All Posted Data
2017-10-25/a>Mark HofmanDUHK attack, continuing a week of named issues
2017-10-24/a>Xavier MertensStop relying on file extensions
2017-10-12/a>Xavier MertensVersion control tools aren't only for Developers
2017-10-05/a>Johannes Ullrichpcap2curl: Turning a pcap file into a set of cURL commands for "replay"
2017-10-02/a>Xavier MertensInvestigating Security Incidents with Passive DNS
2017-09-30/a>Lorna HutchesonWho's Borrowing your Resources?
2017-09-17/a>Guy BruneaurockNSM as a Incident Response Package
2017-09-16/a>Guy BruneauVMware ESXi, vCenter Server, Fusion and Workstation updates resolve multiple security vulnerabilities - https://www.vmware.com/security/advisories/VMSA-2017-0015.html
2017-09-09/a>Didier StevensMalware analysis output sanitization
2017-09-06/a>Adrien de BeaupreModern Web Application Penetration Testing , Hash Length Extension Attacks
2017-08-29/a>Renato MarinhoSecond Google Chrome Extension Banker Malware in Two Weeks
2017-08-22/a>Xavier MertensDefang all the things!
2017-08-15/a>Renato Marinho(Banker(GoogleChromeExtension)).targeting("Brazil")
2017-08-10/a>Didier StevensMaldoc Analysis with ViperMonkey
2017-08-03/a>Johannes UllrichUsing a Raspberry Pi honeypot to contribute data to DShield/ISC
2017-08-01/a>Rob VandenBrinkRooting Out Hosts that Support Older Samba Versions
2017-07-27/a>Xavier MertensTinyPot, My Small Honeypot
2017-07-24/a>Russell EubanksTrends Over Time
2017-07-08/a>Xavier MertensA VBScript with Obfuscated Base64 Data
2017-07-07/a>Renato MarinhoDDoS Extortion E-mail: Yet Another Bluff?
2017-06-22/a>Xavier MertensObfuscating without XOR
2017-06-17/a>Guy BruneauMapping Use Cases to Logs. Which Logs are the Most Important to Collect?
2017-06-10/a>Russell EubanksAn Occasional Look in the Rear View Mirror
2017-05-28/a>Guy BruneauCyberChef a Must Have Tool in your Tool bag!
2017-05-16/a>Russ McReeWannaCry? Do your own data analysis.
2017-05-06/a>Xavier MertensThe story of the CFO and CEO...
2017-05-06/a>Russell EubanksWhat Can You Learn On Your Own?
2017-05-05/a>Xavier MertensHTTP Headers... the Achilles' heel of many applications
2017-04-28/a>Xavier MertensAnother Day, Another Obfuscation Technique
2017-04-21/a>Xavier MertensAnalysis of a Maldoc with Multiple Layers of Obfuscation
2017-04-20/a>Xavier MertensDNS Query Length... Because Size Does Matter
2017-04-19/a>Xavier MertensHunting for Malicious Excel Sheets
2017-04-13/a>Rob VandenBrinkPacket Captures Filtered by Process
2017-03-30/a>Xavier MertensDiverting built-in features for the bad
2017-03-25/a>Russell EubanksDistraction as a Service
2017-03-24/a>Xavier MertensNicely Obfuscated JavaScript Sample
2017-03-18/a>Xavier MertensExample of Multiple Stages Dropper
2017-03-15/a>Xavier MertensRetro Hunting!
2017-03-12/a>Guy BruneauHoneypot Logs and Tracking a VBE Script
2017-03-10/a>Xavier MertensThe Side Effect of GeoIP Filters
2017-03-08/a>Richard PorterWhat is really being proxied?
2017-03-04/a>Xavier MertensHow your pictures may affect your website reputation
2017-02-28/a>Xavier MertensAmazon S3 Outage
2017-02-28/a>Xavier MertensAnalysis of a Simple PHP Backdoor
2017-02-28/a>Johannes UllrichMy Catch Of 4 Months In The Amazon IP Address Space
2017-02-21/a>Jim ClausingQuick and dirty generic listener
2017-02-13/a>Rob VandenBrinkStuff I Learned Decrypting
2017-02-12/a>Xavier MertensAnalysis of a Suspicious Piece of JavaScript
2017-02-10/a>Brad DuncanHancitor/Pony malspam
2017-01-28/a>Lorna HutchesonPacket Analysis - Where do you start?
2017-01-13/a>Xavier MertensWho's Attacking Me?
2017-01-12/a>Mark BaggettSystem Resource Utilization Monitor
2017-01-01/a>Didier Stevenspy2exe Decompiling - Part 1
2016-12-31/a>Xavier MertensOngoing Scans Below the Radar
2016-12-27/a>Guy BruneauUsing daemonlogger as a Software Tap
2016-12-10/a>Didier StevensSleeping VBS Really Wants To Sleep
2016-12-06/a>Bojan ZdrnjaAttacking NoSQL applications
2016-11-27/a>Russ McReeScapy vs. CozyDuke
2016-11-23/a>Tom WebbMapping Attack Methodology to Controls
2016-11-16/a>Xavier MertensExample of Getting Analysts & Researchers Away
2016-11-13/a>Guy BruneauBitcoin Miner File Upload via FTP
2016-10-26/a>Johannes UllrichNew VMWare Security Advisory: VMSA-2016-0017 Information Disclosure in VMWare Fusion and VMWare Tools https://www.vmware.com/security/advisories/VMSA-2016-0017.html
2016-10-25/a>Xavier MertensAnother Day, Another Spam...
2016-10-08/a>Russell EubanksUnauthorized Change Detected!
2016-09-15/a>Xavier MertensIn Need of a OTP Manager Soon?
2016-09-13/a>Rob VandenBrinkIf it's Free, YOU are the Product
2016-09-04/a>Russ McReeKali Linux 2016.2 Release: https://www.kali.org/news/kali-linux-20162-release/
2016-08-29/a>Russ McReeRecommended Reading: Intrusion Detection Using Indicators of Compromise Based on Best Practices and Windows Event Logs
2016-08-28/a>Guy BruneauSpam with Obfuscated Javascript
2016-08-24/a>Tom WebbStay on Track During IR
2016-08-21/a>Rick WannerCisco ASA SNMP Remote Code Execution Vulnerability
2016-08-20/a>Russell EubanksWhat are YOU doing to give back to the security community?
2016-08-19/a>Xavier MertensData Classification For the Masses
2016-07-27/a>Xavier MertensCritical Xen PV guests vulnerabilities
2016-07-26/a>Johannes UllrichCommand and Control Channels Using "AAAA" DNS Records
2016-07-25/a>Didier StevensPython Malware - Part 4
2016-07-16/a>Didier StevensPython Malware - Part 3
2016-07-15/a>Xavier MertensName All the Things!
2016-07-07/a>Johannes UllrichPatchwork: Is it still "Advanced" if all you have to do is Copy/Paste?
2016-06-22/a>Bojan ZdrnjaSecurity through obscurity never works
2016-06-03/a>Tom ListonMySQL is YourSQL
2016-06-01/a>Xavier MertensDocker Containers Logging
2016-05-28/a>Russell EubanksApplied Lessons Learned
2016-05-18/a>Russ McReeResources: Windows Auditing & Monitoring, Linux 2FA
2016-05-15/a>Didier StevensPython Malware - Part 1
2016-05-14/a>Guy BruneauINetSim as a Basic Honeypot
2016-04-28/a>Rob VandenBrinkDNS and DHCP Recon using Powershell
2016-04-27/a>Tom WebbKippos Cousin Cowrie
2016-04-02/a>Russell EubanksWhy Can't We Be Friends?
2016-03-30/a>Xavier MertensWhat to watch with your FIM?
2016-03-23/a>Bojan ZdrnjaAbusing Oracles
2016-03-15/a>Xavier MertensDockerized DShield SSH Honeypot
2016-03-13/a>Xavier MertensSSH Honeypots (Ab)used as Proxy
2016-03-13/a>Guy BruneauA Look at the Mandiant M-Trends 2016 Report
2016-02-23/a>Xavier MertensVMware VMSA-2016-0002
2016-02-20/a>Didier StevensLocky: JavaScript Deobfuscation
2016-02-15/a>Bojan ZdrnjaExploiting (pretty) blind SQL injections
2016-02-11/a>Tom WebbTomcat IR with XOR.DDoS
2016-02-07/a>Xavier MertensMore Malicious JavaScript Obfuscation
2016-02-03/a>Xavier MertensAutomating Vulnerability Scans
2016-01-31/a>Guy BruneauWindows 10 and System Protection for DATA Default is OFF
2016-01-29/a>Xavier MertensScripting Web Categorization
2016-01-15/a>Xavier MertensJavaScript Deobfuscation Tool
2016-01-09/a>Xavier MertensVirtual Bitlocker Containers
2016-01-05/a>Guy BruneauWhat are you Concerned the Most in 2016?
2016-01-01/a>Didier StevensFailure Is An Option
2015-12-29/a>Daniel WesemannNew Years Resolutions
2015-12-24/a>Xavier MertensUnity Makes Strength
2015-12-21/a>Daniel WesemannCritical Security Controls: Getting to know the unknown
2015-12-12/a>Russell EubanksWhat Signs Are You Missing?
2015-12-04/a>Tom WebbAutomating Phishing Analysis using BRO
2015-11-04/a>Richard PorterApplication Aware and Critical Control 2
2015-10-17/a>Russell EubanksCIS Critical Security Controls - Version 6.0
2015-10-12/a>Guy BruneauData Visualization,What is your Tool of Choice?
2015-10-12/a>Guy BruneauCritical Vulnerability in Multiple Cisco Products - Apache Struts 2 Command Execution http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2
2015-09-28/a>Johannes Ullrich"Transport of London" Malicious E-Mail
2015-09-03/a>Xavier MertensQuerying the DShield API from RTIR
2015-09-01/a>Daniel WesemannEncryption of "data at rest" in servers
2015-07-31/a>Russ McReeTech tip follow-up: Using the data Invoked with R's system command
2015-07-18/a>Russell EubanksThe Value a "Fresh Set Of Eyes" (FSOE)
2015-06-02/a>Alex StanfordGuest Diary: Xavier Mertens - Playing with IP Reputation with Dshield & OSSEC
2015-05-29/a>Russell EubanksTrust But Verify
2015-04-29/a>Daniel WesemannUDP/3478 to Amazon 54.84.9.242 -- got packets? (solved)
2015-04-28/a>Daniel WesemannScammy Nepal earthquake donation requests
2015-04-19/a>Didier StevensHandling Special PDF Compression Methods
2015-04-14/a>Johannes UllrichOdd POST Request To Web Honeypot
2015-04-08/a>Tom WebbIs it a breach or not?
2015-03-07/a>Guy BruneauShould it be Mandatory to have an Independent Security Audit after a Breach?
2015-02-22/a>Russell EubanksLeave Things Better Than When You Found Them
2015-02-17/a>Rob VandenBrinkA Different Kind of Equation
2015-02-11/a>Johannes UllrichDid PCI Just Kill E-Commerce By Saying SSL is Not Sufficient For Payment Info ? (spoiler: TLS!=SSL)
2015-02-10/a>Mark BaggettDetecting Mimikatz Use On Your Network
2015-01-23/a>Adrien de BeaupreInfocon change to yellow for Adobe Flash issues
2014-12-24/a>Rick WannerIncident Response at Sony
2014-12-04/a>Mark BaggettAutomating Incident data collection with Python
2014-12-01/a>Guy BruneauDo you have a Data Breach Response Plan?
2014-11-27/a>Russ McReeSyrian Electronic Army attack leads to malvertising
2014-11-19/a>Rob VandenBrink"Big Data" Needs a Trip to the Security Chiropracter!
2014-10-13/a>Lorna HutchesonFor or Against: Port Security for Network Access Control
2014-10-01/a>Russ McReeSecurity Onion news: Updated ShellShock detection scripts for Bro
2014-09-27/a>Guy BruneauWhat has Bash and Heartbleed Taught Us?
2014-09-26/a>Richard PorterWhy We Have Moved to InfoCon:Yellow
2014-09-19/a>Guy BruneauCipherShed Fork from TrueCrypt Project, Support Windows, Mac OS and Linux - https://ciphershed.org
2014-08-17/a>Rick WannerPart 1: Is your home network unwittingly contributing to NTP DDOS attacks?
2014-08-17/a>Rick WannerPart 2: Is your home network unwittingly contributing to NTP DDOS attacks?
2014-08-09/a>Adrien de BeaupreComplete application ownage via Multi-POST XSRF
2014-07-31/a>Chris MohanA Honeypot for home: Raspberry Pi
2014-07-30/a>Rick WannerSymantec Endpoint Protection Privilege Escalation Zero Day
2014-07-28/a>Guy BruneauManagement and Control of Mobile Device Security
2014-07-22/a>Daniel WesemannApp "telemetry"
2014-07-14/a>Johannes UllrichThe Internet of Things: How do you "on-board" devices?
2014-07-02/a>Johannes UllrichSimple Javascript Extortion Scheme Advertised via Bing
2014-06-30/a>Johannes UllrichShould I setup a Honeypot? [SANSFIRE]
2014-06-28/a>Mark HofmanNo more Microsoft advisory email notifications?
2014-06-24/a>Kevin ShorttNTP DDoS Counts Have Dropped
2014-06-11/a>Daniel WesemannHelp your pilot fly!
2014-05-22/a>Johannes UllrichDiscontinuing Support for ISC Alert Task Bar Icon
2014-05-01/a>Johannes UllrichBusybox Honeypot Fingerprinting and a new DVR scanner
2014-04-26/a>Guy BruneauAndroid Users - Beware of Bitcoin Mining Malware
2014-04-21/a>Daniel WesemannAllow us to leave!
2014-04-14/a>Kevin ShorttINFOCon Green: Heartbleed - on the mend
2014-04-11/a>Guy BruneauHeartbleed Fix Available for Download for Cisco Products
2014-04-04/a>Rob VandenBrinkDealing with Disaster - A Short Malware Incident Response
2014-03-25/a>Johannes UllrichA few updates on "The Moon" worm
2014-03-13/a>Daniel WesemannIdentification and authentication are hard ... finding out intention is even harder
2014-03-06/a>Mark BaggettPort 5000 traffic and snort signature
2014-03-04/a>Daniel WesemannTriple Handshake Cookie Cutter
2014-02-26/a>Russ McReeOngoing NTP Amplification Attacks
2014-02-18/a>Johannes UllrichMore Details About "TheMoon" Linksys Worm
2014-02-10/a>Rob VandenBrinkA Tale of Two Admins (and no Change Control)
2014-02-09/a>Basil Alawi S.TaherMandiant Highlighter 2
2014-01-23/a>Chris MohanLearning from the breaches that happens to others Part 2
2014-01-22/a>Chris MohanLearning from the breaches that happens to others
2014-01-17/a>Russ McReeMassive RFI scans likely a free web app vuln scanner rather than bots
2014-01-11/a>Guy Bruneautcpflow 1.4.4 and some of its most Interesting Features
2014-01-01/a>Russ McReeHappy New Year from the Syrian Electronic Army - Skype’s Social Media Accounts Hacked
2013-12-29/a>Russ McReeOpenSSL suffers apparent defacement
2013-12-20/a>Daniel Wesemannauthorized key lime pie
2013-12-16/a>Tom WebbThe case of Minerd
2013-12-01/a>Richard PorterBPF, PCAP, Binary, hex, why they matter?
2013-11-22/a>Rick WannerPort 0 DDOS
2013-11-10/a>Rick WannerMicrosoft and Facebook announce bug bounty
2013-10-22/a>Richard PorterGreenbone and OpenVAS Scanner
2013-10-21/a>Johannes UllrichNew tricks that may bring DNS spoofing back or: "Why you should enable DNSSEC even if it is a pain to do"
2013-10-19/a>Johannes UllrichYet Another WHMCS SQL Injection Exploit
2013-10-05/a>Richard PorterAdobe Breach Notification, Notifications?
2013-10-04/a>Johannes UllrichThe Adobe Breach FAQ
2013-10-01/a>Adrien de BeaupreCSAM! Send us your logs!
2013-09-24/a>Tom WebbIDS, NSM, and Log Management with Security Onion 12.04.3
2013-09-18/a>Rob VandenBrinkCisco DCNM Update Released
2013-09-09/a>Johannes UllrichSSL is broken. So what?
2013-09-02/a>Guy BruneauMultiple Cisco Security Notice
2013-08-21/a>Rob VandenBrinkFibre Channel Reconnaissance - Reloaded
2013-08-19/a>Johannes UllrichRunning Snort on ESXi using the Distributed Switch
2013-08-14/a>Johannes UllrichImaging LUKS Encrypted Drives
2013-07-27/a>Scott FendleyDefending Against Web Server Denial of Service Attacks
2013-07-25/a>Johannes UllrichA Couple of SSH Brute Force Compromises
2013-07-23/a>Bojan ZdrnjaSessions with(out) cookies
2013-07-21/a>Guy BruneauWhy use Regular Expressions?
2013-07-17/a>Johannes UllrichNetwork Solutions Outage
2013-07-16/a>Johannes UllrichWhy don't we see more examples of web app attacks via POST?
2013-07-13/a>Lenny ZeltserDecoy Personas for Safeguarding Online Identity Using Deception
2013-07-06/a>Guy BruneauIs Metadata the Magic in Modern Network Security?
2013-07-04/a>Russ McReeCelebrating 4th of July With a Malware PCAP Visualization
2013-06-27/a>Tony CarothersRuby Update for SSL Vulnerability
2013-06-18/a>Russ McReeEMET 4.0 is now available for download
2013-05-22/a>Adrien de BeauprePrivilege escalation, why should I care?
2013-05-09/a>John BambenekAdobe Releases 0-day Security Advisory for Coldfusion, Exploit Code Available. Advisory here: http://www.adobe.com/support/security/advisories/apsa13-03.html
2013-05-01/a>Daniel WesemannThe cost of cleaning up
2013-04-25/a>Adam SwangerGuest Diary: Dylan Johnson - A week in the life of some Perimeter Firewalls
2013-04-17/a>John BambenekUPDATEDx1: Boston-Related Malware Campaigns Have Begun - Now with Waco Plant Explosion Fun
2013-04-16/a>John BambenekFake Boston Marathon Scams Update
2013-04-15/a>John BambenekPlease send any spam (full headers), URLs or other suspicious content scamming off Boston Marathon explosions to handlers@sans.org
2013-04-04/a>Johannes UllrichMicrosoft April Patch Tuesday Advance Notification
2013-03-29/a>Chris MohanDoes your breach email notification look like a phish?
2013-03-27/a>Adam SwangerIPv6 Focus Month: Guest Diary: Stephen Groat - IPv6 moving target defense
2013-03-25/a>Johannes UllrichIPv6 Focus Month: IPv6 over IPv4 Preference
2013-03-23/a>Guy BruneauApple ID Two-step Verification Now Available in some Countries
2013-03-19/a>Johannes UllrichIPv6 Focus Month: The warm and fuzzy side of IPv6
2013-03-18/a>Johannes UllrichIPv6 Focus Month: What is changing with DHCP
2013-03-18/a>Kevin ShorttCisco IOS Type 4 Password Issue: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4
2013-03-13/a>Mark BaggettWipe the drive! Stealthy Malware Persistence Mechanism - Part 1
2013-03-11/a>Richard PorterIPv6 Focus Month: Traffic Testing, Firewalls, ACLs, pt 1
2013-03-09/a>Guy BruneauIPv6 Focus Month: IPv6 Encapsulation - Protocol 41
2013-03-08/a>Johannes UllrichIPv6 Focus Month: Filtering ICMPv6 at the Border
2013-03-06/a>Adam SwangerIPv6 Focus Month: Guest Diary: Stephen Groat - Geolocation Using IPv6 Addresses
2013-03-05/a>Mark HofmanIPv6 Focus Month: Device Defaults
2013-03-04/a>Johannes UllrichIPv6 Focus Month: Addresses
2013-03-02/a>Scott FendleyEvernote Security Issue
2013-02-25/a>Johannes UllrichPunkspider enumerates web application vulnerabilities
2013-02-17/a>Guy BruneauHP ArcSight Connector Appliance and Logger Vulnerabilities
2013-02-16/a>Lorna HutchesonFedora RedHat Vulnerabilty Released
2013-02-14/a>Adam SwangerISC Monthly Threat Update - February 2013 http://isc.sans.edu/podcastdetail.html?id=3121
2013-02-08/a>Kevin ShorttIs it Spam or Is it Malware?
2013-02-04/a>Adam SwangerSAN Securing The Human Monthly Awareness Video - Advanced Persistent Threat (APT) http://www.securingthehuman.org/resources/ncsam
2013-01-25/a>Johannes UllrichVulnerability Scans via Search Engines (Request for Logs)
2013-01-10/a>Rob VandenBrinkWhat Else runs Telnets? Or, Pentesters Love Video Conferencing Units Too!
2013-01-10/a>Adam SwangerISC Monthly Threat Update New Format
2013-01-09/a>Rob VandenBrinkSQL Injection Flaw in Ruby on Rails
2013-01-09/a>Johannes UllrichNew Format for Monthly Threat Update
2013-01-09/a>Rob VandenBrinkSecurity Update - Cisco 7900 Phones - cisco-sa-20130109-uipphone privilege escallation issue - advisory at: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-uipphone
2013-01-05/a>Guy BruneauAdobe ColdFusion Security Advisory
2013-01-03/a>Bojan ZdrnjaMemory acquisition traps
2012-12-31/a>Manuel Humberto Santander PelaezHow to determine which NAC solutions fits best to your needs
2012-12-27/a>John BambenekIt's 3pm 2 days after Christmas, do you know where your unmanaged SSH keys are?
2012-12-18/a>Dan GoldbergMitigating the impact of organizational change: a risk assessment
2012-12-04/a>Johannes UllrichWhere do your backup tapes go to die?
2012-12-03/a>John BambenekJohn McAfee Exposes His Location in Photo About His Being on Run
2012-11-26/a>John BambenekOnline Shopping for the Holidays? Tips, News and a Fair Warning
2012-11-23/a>Rob VandenBrinkWhat's in Your Change Control Form?
2012-11-16/a>Manuel Humberto Santander PelaezInformation Security Incidents are now a concern for colombian government
2012-11-16/a>Guy BruneauVMware security updates for vSphere API and ESX Service Console - http://www.vmware.com/security/advisories/VMSA-2012-0016.html
2012-11-08/a>Daniel WesemannGet a 40% discount on your hotel room!
2012-11-06/a>Johannes UllrichWhat to watch out For on Election Day
2012-10-30/a>Mark HofmanCyber Security Awareness Month - Day 30 - DSD 35 mitigating controls
2012-10-29/a>Kevin ShorttCyber Security Awareness Month - Day 29 - Clear Desk: The Unacquainted Standard
2012-10-26/a>Russ McReeCyber Security Awareness Month - Day 26 - Attackers use trusted domain to propagate Citadel Zeus variant
2012-10-25/a>Richard PorterCyber Security Awareness Month - Day 25 - Pro Audio & Video Packets on the Wire
2012-10-24/a>Russ McReeCyber Security Awareness Month - Day 24 - A Standard for Information Security Incident Management - ISO 27035
2012-10-23/a>Rob VandenBrinkCyber Security Awareness Month - Day 23: Character Encoding Standards - ASCII and Successors
2012-10-21/a>Johannes UllrichCyber Security Awareness Month - Day 22: Connectors
2012-10-19/a>Johannes UllrichCyber Security Awareness Month - Day 19: Standard log formats and CEE.
2012-10-18/a>Rob VandenBrinkCyber Security Awareness Month - Day 18 - Vendor Standards: The vSphere Hardening Guide
2012-10-17/a>Rob VandenBrinkCyber Security Awareness Month - Day 17 - A Standard for Risk Management - ISO 27005
2012-10-16/a>Richard PorterCyberAwareness Month - Day 15, Standards Body Soup (pt2), Same Soup Different Cook.
2012-10-16/a>Johannes UllrichCyber Security Awareness Month - Day 16: W3C and HTML
2012-10-14/a>Pedro BuenoCyber Security Awareness Month - Day 14 - Poor Man's File Analysis System - Part 1
2012-10-13/a>Guy BruneauNew Poll - Cyber Security Awareness Month Activities 2012 - https://isc.sans.edu/poll.html
2012-10-12/a>Mark HofmanCyber Security Awareness Month - Day 12 PCI DSS
2012-10-11/a>Rob VandenBrinkCyber Security Awareness Month - Day 11 - Vendor Agnostic Standards (Center for Internet Security)
2012-10-10/a>Kevin ShorttCyber Security Awareness Month - Day 10 - Standard Sudo - Part Two
2012-10-09/a>Johannes UllrichCyber Security Awreness Month - Day 9 - Request for Comment (RFC)
2012-10-08/a>Mark HofmanCyber Security Awareness Month - Day 8 ISO 27001
2012-10-07/a>Tony CarothersCyber Security Awareness Month - Day 7 - Rollup Review of CSAM Week 1
2012-10-06/a>Manuel Humberto Santander PelaezCyber Security Awareness Month - Day 6 - NERC: The standard that enforces security on power SCADA
2012-10-05/a>Johannes UllrichCyber Security Awareness Month - Day 5: Standards Body Soup, So many Flavors in the bowl.
2012-10-05/a>Richard PorterReports of a Distributed Injection Scan
2012-10-04/a>Johannes UllrichCyber Security Awareness Month - Day 4: Crypto Standards
2012-10-03/a>Kevin ShorttFake Support Calls Reported
2012-10-03/a>Kevin ShorttCyber Security Awareness Month - Day 3 - Standard Sudo - Part One
2012-10-02/a>Russ McReeCyber Security Awareness Month - Day 2 - PCI Security Standard: Mobile Payment Acceptance Security Guidelines
2012-10-01/a>Johannes UllrichCyber Security Awareness Month
2012-09-08/a>Guy BruneauWebmin Input Validation Vulnerabilities
2012-09-02/a>Lorna HutchesonDemonstrating the value of your Intrusion Detection Program and Analysts
2012-08-30/a>Bojan ZdrnjaAnalyzing outgoing network traffic (part 2)
2012-08-23/a>Bojan ZdrnjaAnalyzing outgoing network traffic
2012-08-16/a>Johannes UllrichA Poor Man's DNS Anomaly Detection Script
2012-07-31/a>Daniel WesemannSQL injection, lilupophilupop-style
2012-07-25/a>Johannes UllrichApple OS X 10.8 (Mountain Lion) released
2012-07-18/a>Rob VandenBrinkVote NO to Weak Encryption!
2012-07-14/a>Tony CarothersUser Awareness and Education
2012-07-05/a>Adrien de BeaupreMicrosoft advanced notification for July 2012 patch Tuesday
2012-07-02/a>Dan GoldbergStorms of June 29th 2012 in Mid Atlantic region of the USA
2012-06-25/a>Rick WannerTargeted Malware for Industrial Espionage?
2012-06-20/a>Raul SilesCVE-2012-0217 (from MS12-042) applies to other environments too
2012-06-14/a>Johannes UllrichSpot the Phish: Verizon Wireless
2012-06-12/a>Swa FrantzenAdobe June 2012 Black Tuesday patches
2012-05-22/a>Johannes Ullrichnmap 6 released
2012-05-07/a>Guy BruneauiOS 5.1.1 Software Update for iPod, iPhone, iPad
2012-04-26/a>Richard PorterDefine Irony: A medical device with a Virus?
2012-04-23/a>Russ McReeEmergency Operations Centers & Security Incident Management: A Correlation
2012-04-21/a>Guy BruneauWordPress Release Security Update
2012-03-16/a>Swa FrantzenINFOCON Yellow - Microsoft RDP - MS12-020
2012-03-16/a>Russ McReeMS12-020 RDP vulnerabilities: Patch, Mitigate, Detect
2012-03-11/a>Johannes UllrichAn Analysis of Jester's QR Code Attack. (Guest Diary)
2012-03-03/a>Jim ClausingNew automated sandbox for Android malware
2012-02-23/a>donald smithDNS-Changer "clean DNS" extension requested
2012-02-22/a>Johannes UllrichHow to test OS X Mountain Lion's Gatekeeper in Lion
2012-01-27/a>Mark HofmanCISCO Ironport C & M Series telnet vulnerability
2012-01-22/a>Johannes UllrichJavascript DDoS Tool Analysis
2012-01-13/a>Guy BruneauSysinternals Updates - http://blogs.technet.com/b/sysinternals/archive/2012/01/13/updates-autoruns-v11-21-coreinfo-v3-03-portmon-v-3-03-process-explorer-v15-12-mark-s-blog-and-mark-at-rsa-2012.aspx
2012-01-03/a>Bojan ZdrnjaThe tale of obfuscated JavaScript continues
2011-12-13/a>Johannes UllrichDecember 2011 Adobe Black Tuesday
2011-12-08/a>Adrien de BeaupreMicrosoft Security Bulletin Advance Notification for December 2011
2011-12-07/a>Lenny ZeltserV8 as an Alternative to SpiderMonkey for JavaScript Deobfuscation
2011-12-01/a>Mark HofmanSQL Injection Attack happening ATM
2011-11-03/a>Richard PorterAn Apple, Inc. Sandbox to play in.
2011-11-01/a>Russ McReeHoneynet Project: Android Reverse Engineering (A.R.E.) Virtual Machine released
2011-11-01/a>Russ McReeSecure languages & frameworks
2011-10-29/a>Richard PorterThe Sub Critical Control? Evidence Collection
2011-10-28/a>Russ McReeCritical Control 19: Data Recovery Capability
2011-10-28/a>Daniel WesemannCritical Control 20: Security Skills Assessment and Training to fill Gaps
2011-10-27/a>Mark BaggettCritical Control 18: Incident Response Capabilities
2011-10-26/a>Rick WannerCritical Control 17:Penetration Tests and Red Team Exercises
2011-10-26/a>Rob VandenBrinkThe Theoretical "SSL Renegotiation" Issue gets a Whole Lot More Real !
2011-10-17/a>Rob VandenBrinkCritical Control 11: Account Monitoring and Control
2011-10-13/a>Guy BruneauCritical Control 10: Continuous Vulnerability Assessment and Remediation
2011-10-12/a>Kevin ShorttCritical Control 8 - Controlled Use of Administrative Privileges
2011-10-11/a>Swa FrantzenCritical Control 7 - Application Software Security
2011-10-10/a>Jim ClausingCritical Control 6 - Maintenance, Monitoring, and Analysis of Security Audit Logs
2011-10-07/a>Mark HofmanCritical Control 5 - Boundary Defence
2011-10-04/a>Rob VandenBrinkCritical Control 2 - Inventory of Authorized and Unauthorized Software
2011-10-04/a>Johannes UllrichCritical Control 3 - Secure Configurations for Hardware and Software on Laptops, Workstations and Servers
2011-10-03/a>Mark HofmanCritical Control 1 - Inventory of Authorized and Unauthorized Devices
2011-10-03/a>Mark BaggettWhat are the 20 Critical Controls?
2011-10-03/a>Tom ListonSecurity 101 : Security Basics in 140 Characters Or Less
2011-10-02/a>Mark HofmanCyber Security Awareness Month Day 1/2 - Schedule
2011-10-02/a>Mark HofmanCyber Security Awareness Month Day 1/2 - Introduction to the controls
2011-10-01/a>Mark HofmanHot on the heels fo FF, Thunderbird v 7.0.1 and SeaMonkey v 2.4.1 have been updated.
2011-09-28/a>Richard PorterAll Along the ARP Tower!
2011-09-21/a>Mark HofmanOctober 2011 Cyber Security Awareness Month
2011-09-05/a>Bojan ZdrnjaBitcoin – crypto currency of future or heaven for criminals?
2011-08-26/a>Johannes UllrichSANS Virginia Beach Conference Canceled. Details: http://www.sans.org/virginia-beach-2011/
2011-08-26/a>Johannes UllrichSome Hurricane Technology Tips
2011-08-17/a>Rob VandenBrinkPutting all of Your Eggs in One Basket - or How NOT to do Layoffs
2011-08-16/a>Johannes UllrichWhat are the most dangerous web applications and how to secure them?
2011-08-14/a>Guy BruneauFireCAT 2.0 Released
2011-08-13/a>Rick WannerMoonSols Dumpit released...for free!
2011-08-11/a>Guy BruneauBlackBerry Enterprise Server Critical Update
2011-07-30/a>Deborah HaleData Encryption Ban? Really?
2011-07-29/a>Richard PorterApple Lion talking on TCP 5223
2011-07-28/a>Johannes UllrichAnnouncing: The "404 Project"
2011-07-27/a>Johannes UllrichInternet Storm Center iPhone App now available. Feedback/Feature Requests welcome. Search App Store for "ISC Reader"
2011-07-25/a>Chris MohanMonday morning incident handler practice
2011-07-21/a>Mark HofmanLion Released
2011-07-21/a>Johannes UllrichLion: What is new in Security
2011-07-19/a>Richard PorterSMS Phishing at the SANSFire 2011 Handler Dinner
2011-07-11/a>John BambenekAnother Defense Contractor Hacked in AntiSec Hacktivism Spree
2011-07-09/a>Chris MohanSafer Windows Incident Response
2011-07-05/a>Raul SilesHelping Developers Understand Security - Spot the Vuln
2011-07-03/a>Deborah HaleBusiness Continuation in the Face of Disaster
2011-06-22/a>Guy BruneauHow Good is your Employee Termination Policy?
2011-06-21/a>Chris MohanStartSSL, a web authentication authority, suspend services after a security breach
2011-06-17/a>Richard PorterWhen do you stop owning Technology?
2011-06-12/a>Mark HofmanCloud thoughts
2011-06-09/a>Richard PorterOne Browser to Rule them All?
2011-06-06/a>Johannes UllrichThe Havij SQL Injection Tool
2011-06-04/a>Rick WannerDo you have a personal disaster recovery plan?
2011-05-18/a>Bojan ZdrnjaAndroid, HTTP and authentication tokens
2011-04-29/a>Guy BruneauFirefox, Thunderbird and SeaMonkey Security Updates
2011-04-28/a>Chris MohanDSL Reports advise 9,000 accounts were compromised
2011-04-26/a>John BambenekIs the Insider Threat Really Over?
2011-04-25/a>Rob VandenBrinkSony PlayStation Network Outage - Day 5
2011-04-22/a>Manuel Humberto Santander PelaezIn-house developed applications: The constant headache for the information security officer
2011-04-22/a>Manuel Humberto Santander PelaeziPhoneMap: iPhoneTracker port to Linux
2011-04-20/a>Daniel WesemannData Breach Investigations Report published by Verizon
2011-04-20/a>Johannes UllrichiPhone GPS Data Storage
2011-04-19/a>Bojan ZdrnjaSQL injection: why can’t we learn?
2011-04-05/a>Mark HofmanSony DDOS
2011-04-04/a>Mark HofmanWhen your service provider has a breach
2011-04-03/a>Richard PorterExtreme Disclosure? Not yet but a great trend!
2011-04-01/a>John BambenekLizaMoon Mass SQL-Injection Attack Infected at least 500k Websites
2011-03-25/a>Kevin ListonAPT Tabletop Exercise
2011-03-11/a>Guy BruneauSnort IDS Sensor with Sguil Framework ISO
2011-03-09/a>Chris MohanPossible Issue with Forefront Update KB2508823
2011-03-07/a>Lorna HutchesonCall for Packets - Unassigned TCP Options
2011-03-04/a>Mark HofmanA new version of Seamonkey is available, includes security fixes. More details here http://www.seamonkey-project.org/news#2011-03-02
2011-02-21/a>Adrien de BeaupreWhat’s New, it's Python 3.2
2011-02-14/a>Lorna HutchesonNetwork Visualization
2011-02-09/a>Mark HofmanAdobe Patches (shockwave, Flash, Reader & Coldfusion)
2011-02-07/a>Richard PorterCrime is still Crime! Pt 2
2011-02-05/a>Guy BruneauOpenSSH Legacy Certificate Information Disclosure Vulnerability
2011-01-12/a>Richard PorterHow Many Loyalty Cards do you Carry?
2011-01-12/a>Richard PorterYet Another Data Broker? AOL Lifestream.
2011-01-03/a>Johannes UllrichWhat Will Matter in 2011
2010-12-26/a>Manuel Humberto Santander PelaezISC infocon monitor app for OS X
2010-12-25/a>Manuel Humberto Santander PelaezAn interesting vulnerability playground to learn application vulnerabilities
2010-12-12/a>Raul SilesNew trend regarding web application vulnerabilities?
2010-12-02/a>Kevin JohnsonSQL Injection: Wordpress 3.0.2 released
2010-11-29/a>Stephen HalliPhone phishing - What you see, isn't what you get
2010-11-24/a>Bojan ZdrnjaPrivilege escalation 0-day in almost all Windows versions
2010-11-17/a>Guy BruneauConficker B++ Activated on Nov 15
2010-11-17/a>Guy BruneauCisco Unified Videoconferencing Affected by Multiple Vulnerabilities
2010-11-05/a>Adrien de BeaupreBot honeypot
2010-11-02/a>Johannes UllrichLimited Malicious Search Engine Poisoning for Election
2010-10-31/a>Marcus SachsCyber Security Awareness Month - Day 31 - Tying it all together
2010-10-30/a>Guy BruneauCyber Security Awareness Month - Day 30 - Role of the network team
2010-10-29/a>Manuel Humberto Santander PelaezCyber Security Awareness Month - Day 29- Role of the office geek
2010-10-28/a>Rick WannerCyber Security Awareness Month - Day 27 - Social Media use in the office
2010-10-28/a>Tony CarothersCyber Security Awareness Month - Day 28 - Role of the employee
2010-10-26/a>Pedro BuenoCyber Security Awareness Month - Day 26 - Sharing Office Files
2010-10-25/a>Kevin ShorttCyber Security Awareness Month - Day 25 - Using Home Computers for Work
2010-10-24/a>Swa FrantzenCyber Security Awarenes Month - Day 24 - Using work computers at home
2010-10-23/a>Mark HofmanCyber Security Awareness Month - Day 23 - The Importance of compliance
2010-10-22/a>Daniel WesemannCyber Security Awareness Month - Day 22 - Security of removable media
2010-10-22/a>Manuel Humberto Santander PelaezIntypedia project
2010-10-21/a>Chris CarboniCyber Security Awareness Month - Day 21 - Impossible Requests from the Boss
2010-10-20/a>Jim ClausingCyber Security Awareness Month - Day 20 - Securing Mobile Devices
2010-10-19/a>Rob VandenBrinkCyber Security Awareness Month - Day 19 - Remote Access Tools
2010-10-19/a>Rob VandenBrinkCyber Security Awareness Month - Day 19 - Remote User VPN Tunnels - to Split or not to Split?
2010-10-19/a>Rob VandenBrinkCyber Security Awareness Month - Day 19 - VPN Architectures – SSL or IPSec?
2010-10-19/a>Rob VandenBrinkCyber Security Awareness Month - Day 19 - Remote User VPN Access – Are things getting too easy, or too hard?
2010-10-19/a>Rob VandenBrinkCyber Security Awareness Month - Day 19 - VPN and Remote Access Tools
2010-10-18/a>Manuel Humberto Santander PelaezCyber Security Awareness Month - Day 18 - What you should tell your boss when there's a crisis
2010-10-17/a>Stephen HallCyber Security Awareness Month - Day 17 - What a boss should and should not have access to
2010-10-15/a>Marcus SachsCyber Security Awareness Month - Day 15 - What Teachers Need to Know About Their Students
2010-10-15/a>Guy BruneauCyber Security Awareness Month - Day 16 - Securing a donated computer
2010-10-14/a>Johannes UllrichCyber Security Awareness Month - Day 14 - Securing a public computer
2010-10-13/a>Deborah HaleCyber Security Awareness Month - Day 13 - Online Bullying
2010-10-12/a>Scott FendleyCyber Security Awareness Month - Day 12 - Protecting and Managing Your Digital Identity On Social Media Sites
2010-10-11/a>Rick WannerCyber Security Awareness Month - Day 11 - Safe Browsing for Teens
2010-10-10/a>Kevin ListonCyber Security Awareness Month - Day 10 - Safe browsing for pre-teens
2010-10-09/a>Kevin ShorttCyber Security Awareness Month - Day 9 - Disposal of an Old Computer
2010-10-08/a>Rick WannerCyber Security Awareness Month - Day 8 - Patch Management and System Updates
2010-10-06/a>Rob VandenBrinkCyber Security Awareness Month - Day 7 - Remote Access and Monitoring Tools
2010-10-06/a>Marcus SachsCyber Security Awareness Month - Day 6 - Computer Monitoring Tools
2010-10-05/a>Rick WannerCyber Security Awareness Month - Day 5 - Sites you should stay away from
2010-10-04/a>Daniel WesemannCyber Security Awareness Month - Day 4 - Managing EMail
2010-10-04/a>Mark HofmanOnline Voting
2010-10-03/a>Adrien de Beaupre Cyber Security Awareness Month - Day 3 - Recognizing phishing and online scams
2010-10-02/a>Mark HofmanCyber Security Awareness Month - Day 2 - Securing the Family Network
2010-10-01/a>Marcus SachsCyber Security Awareness Month - 2010
2010-10-01/a>Marcus SachsCyber Security Awareness Month - Day 1 - Securing the Family PC
2010-09-26/a>Daniel WesemannEgosurfing, the corporate way
2010-09-25/a>Rick WannerGuest Diary: Andrew Hunt - Visualizing the Hosting Patterns of Modern Cybercriminals
2010-09-21/a>Johannes UllrichImplementing two Factor Authentication on the Cheap
2010-09-04/a>Kevin ListonInvestigating Malicious Website Reports
2010-08-23/a>Manuel Humberto Santander PelaezFirefox plugins to perform penetration testing activities
2010-08-22/a>Rick WannerFailure of controls...Spanair crash caused by a Trojan
2010-08-19/a>Rob VandenBrinkChange is Good. Change is Bad. Change is Life.
2010-08-16/a>Raul SilesBlind Elephant: A New Web Application Fingerprinting Tool
2010-08-15/a>Manuel Humberto Santander PelaezObfuscated SQL Injection attacks
2010-08-15/a>Manuel Humberto Santander PelaezPython to test web application security
2010-08-08/a>Marcus SachsThinking about Cyber Security Awareness Month in October
2010-08-06/a>Rob VandenBrinkFOXIT PDF Reader update to resolve iPhone/iPad Jailbreak issue ==> http://www.foxitsoftware.com/announcements/2010861227.html
2010-08-05/a>Manuel Humberto Santander PelaezAdobe Acrobat Font Parsing Integer Overflow Vulnerability
2010-08-05/a>Rob VandenBrinkAccess Controls for Network Infrastructure
2010-08-03/a>Johannes UllrichWhen Lightning Strikes
2010-08-01/a>Manuel Humberto Santander PelaezEvation because IPS fails to validate TCP checksums?
2010-07-29/a>Rob VandenBrinkThe 2010 Verizon Data Breach Report is Out
2010-07-24/a>Manuel Humberto Santander PelaezTransmiting logon information unsecured in the network
2010-07-20/a>Manuel Humberto Santander PelaezLowering infocon back to green
2010-07-18/a>Manuel Humberto Santander PelaezSAGAN: An open-source event correlation system - Part 1: Installation
2010-07-13/a>Jim ClausingVMware Studio Security Update
2010-06-29/a>Johannes UllrichHow to be a better spy: Cyber security lessons from the recent russian spy arrests
2010-06-23/a>Johannes UllrichIPv6 Support in iOS 4
2010-06-15/a>Manuel Humberto Santander PelaezTCP evasions for IDS/IPS
2010-06-15/a>Manuel Humberto Santander PelaeziPhone 4 Order Security Breach Exposes Private Information
2010-06-14/a>Manuel Humberto Santander PelaezAnother way to get protection for application-level attacks
2010-06-14/a>Manuel Humberto Santander PelaezPython on a microcontroller?
2010-06-14/a>Manuel Humberto Santander PelaezRogue facebook application acting like a worm
2010-06-09/a>Deborah HaleMass Infection of IIS/ASP Sites
2010-06-07/a>Manuel Humberto Santander PelaezSoftware Restriction Policy to keep malware away
2010-06-06/a>Manuel Humberto Santander PelaezNice OS X exploit tutorial
2010-06-04/a>Rick WannerNew Honeynet Project Forensic Challenge
2010-06-02/a>Mark HofmanOpenSSL version 1.0.0a released. This fixes a number of security issues. Don't forget a number of commercial appliances will be using this, so look for vendor updates soon.
2010-06-02/a>Rob VandenBrinkNew Mac malware - OSX/Onionspy
2010-05-22/a>Rick WannerSANS 2010 Digital Forensics Summit - APT Based Forensic Challenge
2010-05-15/a>Deborah HalePhony Phone Scam
2010-05-12/a>Rob VandenBrinkAdobe Shockwave Update
2010-04-22/a>John BambenekData Redaction: You're Doing it Wrong
2010-04-21/a>Guy BruneauGoogle Chrome Security Update v4.1.249.1059 Released: http://googlechromereleases.blogspot.com/2010/04/stable-update-security-fixes.html
2010-04-20/a>Raul SilesAre You Ready for a Transportation Collapse...?
2010-04-18/a>Guy BruneauSome NetSol hosted sites breached
2010-04-13/a>Adrien de BeaupreWeb App Testing Tools
2010-04-12/a>Adrien de BeaupreGet yer bogons out!
2010-04-08/a>Bojan ZdrnjaJavaScript obfuscation in PDF: Sky is the limit
2010-04-06/a>Daniel WesemannApplication Logs
2010-04-04/a>Mari NicholsFinancial Management of Cyber Risk
2010-04-02/a>Guy BruneauFirefox 3.6.3 fix for CVE-2010-1121 http://www.mozilla.org/security/announce/2010/mfsa2010-25.html
2010-04-02/a>Guy BruneauSecurity Advisory for ESX Service Console
2010-03-30/a>Marcus SachsZigbee Analysis Tools
2010-03-28/a>Rick WannerHoneynet Project: 2010 Forensic Challenge #3
2010-03-27/a>Guy BruneauHP-UX Running NFS/ONCplus, Inadvertently Enabled NFS
2010-03-25/a>Kevin ListonResponding to "Copyright Lawsuit filed against you"
2010-03-21/a>Scott FendleySkipfish - Web Application Security Tool
2010-03-21/a>Chris CarboniResponding To The Unexpected
2010-03-10/a>Rob VandenBrinkMicrosoft Security Advisory 981374 - Remote Code Execution Vulnerability for IE6 and IE7
2010-03-10/a>Rob VandenBrinkMicrosoft re-release of KB973811 - attacks on Extended Protection for Authentication
2010-03-08/a>Raul SilesSamurai WTF 0.8
2010-03-07/a>Mari NicholsDHS issues Cybersecurity challenge
2010-03-06/a>Tony CarothersIntegration and the Security of New Technologies
2010-03-05/a>Kyle HaugsnessJavascript obfuscators used in the wild
2010-03-03/a>Johannes UllrichReports about large number of fake Amazon order confirmations
2010-02-22/a>Rob VandenBrinkNew Risks in Penetration Testing
2010-02-21/a>Patrick Nolan Looking for "more useful" malware information? Help develop the format.
2010-02-20/a>Mari NicholsIs "Green IT" Defeating Security?
2010-02-17/a>Rob VandenBrinkDefining Clouds - " A Cloud by any Other Name Would be a Lot Less Confusing"
2010-02-17/a>Rob VandenBrinkMultiple Security Updates for ESX 3.x and ESXi 3.x
2010-02-15/a>Johannes UllrichVarious Olympics Related Dangerous Google Searches
2010-02-06/a>Guy BruneauLANDesk Management Gateway Vulnerability
2010-02-03/a>Rob VandenBrinkAPPLE-SA-2010-02-02-1 iPhone OS 3.1.3 and iPhone OS 3.1.3 for iPod touch
2010-02-02/a>Guy BruneauAdobe ColdFusion Information Disclosure
2010-01-29/a>Adrien de BeaupreNeo-legacy applications
2010-01-27/a>Raul SilesEuropean Union Security Challenge (Campus Party 2010)
2010-01-24/a>Pedro BuenoOutdated client applications
2010-01-22/a>Mari NicholsPass-down for a Successful Incident Response
2010-01-17/a>Mark HofmanWhy not Yellow?
2010-01-08/a>Rob VandenBrinkMicrosoft OfficeOnline, Searching for Trust and Malware
2009-12-21/a>Marcus SachsiPhone Botnet Analysis
2009-12-19/a>Deborah HaleEducationing Our Communities
2009-12-16/a>Rob VandenBrinkSeamonkey Update to 2.0.1, find the release notes here ==> http://www.seamonkey-project.org/releases/seamonkey2.0.1
2009-12-07/a>Rob VandenBrinkLayer 2 Network Protections – reloaded!
2009-12-02/a>Rob VandenBrinkSPAM and Malware taking advantage of H1N1 concerns
2009-11-29/a>Patrick Nolan A Cloudy Weekend
2009-11-25/a>Jim ClausingUpdates to my GREM Gold scripts and a new script
2009-11-24/a>John BambenekBIND Security Advisory (DNSSEC only)
2009-11-13/a>Adrien de BeaupreTLS & SSLv3 renegotiation vulnerability explained
2009-11-13/a>Adrien de BeaupreConficker patch via email?
2009-11-11/a>Rob VandenBrinkLayer 2 Network Protections against Man in the Middle Attacks
2009-11-09/a>Chris Carboni80's Flashback on Jailbroken iPhones
2009-11-08/a>Bojan ZdrnjaiPhone worm in the wild
2009-11-02/a>Rob VandenBrinkMicrosoft releases v1.02 of Enhanced Mitigation Evaluation Toolkit (EMET)
2009-10-30/a>Rob VandenBrinkNew version of NIST 800-41, Firewalls and Firewall Policy Guidelines
2009-10-29/a>Kyle HaugsnessCyber Security Awareness Month - Day 29 - dns port 53
2009-10-28/a>Johannes UllrichCyber Security Awareness Month - Day 28 - ntp (123/udp)
2009-10-27/a>Rob VandenBrinkNew VMware Desktop Products Released (Workstation, Fusion, ACE)
2009-10-26/a>Johannes UllrichWeb honeypot Update
2009-10-25/a>Lorna HutchesonCyber Security Awareness Month - Day 25 - Port 80 and 443
2009-10-22/a>Adrien de BeaupreCyber Security Awareness Month - Day 22 port 502 TCP - Modbus
2009-10-20/a>Raul SilesWASC 2008 Statistics
2009-10-19/a>Daniel WesemannCyber Security Awareness Month - Day 19 - ICMP
2009-10-18/a>Mari NicholsComputer Security Awareness Month - Day 18 - Telnet an oldie but a goodie
2009-10-17/a>Rick WannerUnusual traffic from Loopback to Unused ARIN address
2009-10-16/a>Adrien de BeaupreCyber Security Awareness Month - Day 16 - Port 1521 - Oracle TNS Listener
2009-10-15/a>Deborah HaleYet another round of Viral Spam
2009-10-11/a>Mark HofmanCyber Security Awareness Month - Day 12 Ports 161/162 Simple Network Management Protocol (SNMP)
2009-10-09/a>Rob VandenBrinkCyber Security Awareness Month - Day 9 - Port 3389/tcp (RDP)
2009-10-09/a>Rob VandenBrinkAT&T Cell Phone Phish
2009-10-06/a>Adrien de BeaupreCyber Security Awareness Month - Day 6 ports 67&68 udp - bootp and dhcp
2009-10-05/a>Adrien de BeaupreCyber Security Awareness Month - Day 5 port 31337
2009-10-04/a>Guy BruneauSamba Security Information Disclosure and DoS
2009-10-02/a>Stephen HallCyber Security Awareness Month - Day 2 - Port 0
2009-10-02/a>Stephen HallVMware Fusion updates to fixes a couple of bugs
2009-10-02/a>Stephen HallVerizon New York area issues
2009-09-26/a>Kyle HaugsnessConficker detection hints
2009-09-25/a>Deborah HaleConficker Continues to Impact Networks
2009-09-23/a>Marcus SachsAddendum to SRI's Conficker C Analysis Published
2009-09-19/a>Rick WannerSysinternals Tools Updates
2009-09-18/a>Jason LamResults from Webhoneypot project
2009-09-16/a>Raul SilesReview the security controls of your Web Applications... all them!
2009-09-12/a>Jim ClausingApple Updates
2009-09-07/a>Lorna HutchesonEncrypting Data
2009-09-04/a>Adrien de BeaupreSeaMonkey Security Update
2009-08-29/a>Guy BruneauImmunet Protect - Cloud and Community Malware Protection
2009-08-28/a>Adrien de BeaupreWPA with TKIP done
2009-08-13/a>Jim ClausingTools for extracting files from pcaps
2009-08-08/a>Guy BruneauXML Libraries Data Parsing Vulnerabilities
2009-08-01/a>Deborah HaleWebsite Warnings
2009-07-31/a>Deborah HaleDon't forget to tell your SysAdmin Thanks
2009-07-31/a>Deborah HaleThe iPhone patch is out
2009-07-30/a>Deborah HaleiPhone Hijack
2009-07-28/a>Adrien de BeaupreYYAMCCBA
2009-07-27/a>Raul SilesNew Hacker Challenge: Prison Break - Breaking, Entering & Decoding
2009-07-23/a>John BambenekMissouri Passes Breach Notification Law: Gap Still Exists for Banking Account Information
2009-07-18/a>Patrick NolanChrome update contains Security fixes
2009-07-16/a>Bojan ZdrnjaOWC exploits used in SQL injection attacks
2009-07-13/a>Adrien de Beaupre* Infocon raised to yellow for Excel Web Components ActiveX vulnerability
2009-07-10/a>Guy BruneauWordPress Fixes Multiple vulnerabilities
2009-07-07/a>Marcus Sachs* INFOCON Status - staying green
2009-07-05/a>Bojan ZdrnjaMore on ColdFusion hacks
2009-07-03/a>Adrien de BeaupreFCKEditor advisory
2009-07-02/a>Bojan ZdrnjaCold Fusion web sites getting compromised
2009-06-30/a>Chris CarboniObfuscated Code
2009-06-30/a>Chris CarboniDe-Obfuscation Submissions
2009-06-27/a>Tony CarothersNew NIAP Strategy on the Horizon
2009-06-21/a>Bojan ZdrnjaApache HTTP DoS tool mitigation
2009-06-16/a>John BambenekIran Internet Blackout: Using Twitter for Operational Intelligence
2009-06-11/a>Rick WannerMIR-ROR Motile Incident Response - Respond Objectively Remediate
2009-06-11/a>Rick WannerWHO Declares Flu A(H1N1) a Pandemic
2009-06-11/a>Jason LamDshield Web Honeypot going beta
2009-05-29/a>Lorna HutchesonVMWare Patches Released
2009-05-26/a>Jason LamA new Web application security blog
2009-05-25/a>Jim ClausingMore tools for (US) Memorial Day
2009-05-20/a>Tom ListonWeb Toolz
2009-05-19/a>Bojan ZdrnjaAdvanced blind SQL injection (with Oracle examples)
2009-05-15/a>Daniel WesemannWarranty void if seal shredded?
2009-05-09/a>Patrick NolanShared SQL Injection Lessons Learned blog item
2009-05-01/a>Adrien de BeaupreIncident Management
2009-04-24/a>John BambenekData Leak Prevention: Proactive Security Requirements of Breach Notification Laws
2009-04-21/a>Bojan ZdrnjaWeb application vulnerabilities
2009-04-20/a>Jason LamDigital Content on TV
2009-04-16/a>Adrien de BeaupreSome conficker lessons learned
2009-04-16/a>Adrien de BeaupreIncident Response vs. Incident Handling
2009-04-10/a>Stephen HallFirefox 3 updates now in Seamonkey
2009-04-09/a>Johannes UllrichConficker update with payload
2009-04-09/a>Jim ClausingConficker Working Group site down
2009-04-07/a>Bojan ZdrnjaAdvanced JavaScript obfuscation (or why signature scanning is a failure)
2009-04-05/a>Marcus SachsOpen Source Conficker-C Scanner/Detector Released
2009-04-02/a>Handlers A view from the CWG Trenches
2009-03-30/a>Daniel WesemannLocate Conficker infected hosts with a network scan!
2009-03-29/a>Chris CarboniApril 1st - What Will Really Happen?
2009-03-26/a>Mark HofmanWebhoneypot fun
2009-03-26/a>Mark HofmanSanitising media
2009-03-20/a>Stephen HallMaking the most of your runbooks
2009-03-10/a>Swa Frantzenconspiracy fodder: pifts.exe
2009-03-08/a>Marcus SachsBehind the Estonia Cyber Attacks
2009-03-02/a>Swa FrantzenObama's leaked chopper blueprints: anything we can learn?
2009-02-25/a>Swa FrantzenTargeted link diversion attempts
2009-02-25/a>Andre LudwigPreview/Iphone/Linux pdf issues
2009-02-17/a>Jason LamDShield Web Honeypot - Alpha Preview Release
2009-02-13/a>Andre LudwigThird party information on conficker
2009-02-12/a>Mark HofmanAustralian Bushfires
2009-02-11/a>Robert DanfordProFTPd SQL Authentication Vulnerability exploit activity
2009-02-10/a>Bojan ZdrnjaMore tricks from Conficker and VM detection
2009-02-09/a>Bojan ZdrnjaSome tricks from Conficker's bag
2009-01-25/a>Rick WannerTwam?? Twammers?
2009-01-20/a>Adrien de BeaupreObamamania
2009-01-16/a>G. N. WhiteConficker.B/Downadup.B/Kido: F-Secure publishes details pertaining to their counting methodology of compromised machines
2009-01-15/a>Bojan ZdrnjaConficker's autorun and social engineering
2009-01-12/a>William SaluskyDownadup / Conficker - MS08-067 exploit and Windows domain account lockout
2009-01-12/a>William SaluskyWeb Application Firewalls (WAF) - Have you deployed WAF technology?
2009-01-07/a>William SaluskyBIND 9.x security patch - resolves potentially new DNS poisoning vector
2008-12-12/a>Johannes UllrichMSIE 0-day Spreading Via SQL Injection
2008-12-09/a>Swa FrantzenContacting us might be hard today
2008-12-02/a>Deborah HaleSonicwall License Manager Failure
2008-12-01/a>Jason LamCall for volunteers - Web Honeypot Project
2008-12-01/a>Jason LamInput filtering and escaping in SQL injection mitigation
2008-11-25/a>Andre LudwigThe beginnings of a collaborative approach to IDS
2008-11-20/a>Jason LamLarge quantity SQL Injection mitigation
2008-11-17/a>Jim ClausingA new cheat sheet and a contest
2008-11-16/a>Maarten Van HorenbeeckDetection of Trojan control channels
2008-11-02/a>Mari NicholsDay 33 - Working with Management to Improve Processes
2008-10-17/a>Rick WannerDay 18 - Containing Other Incidents
2008-10-15/a>Rick WannerDay 15 - Containing the Damage From a Lost or Stolen Laptop
2008-10-12/a>Mari NicholsDay 12 Containment: Gathering Evidence That Can be Used in Court
2008-09-29/a>Daniel WesemannASPROX mutant
2008-09-22/a>Maarten Van HorenbeeckData exfiltration and the use of anonymity providers
2008-09-22/a>Jim ClausingLessons learned from the Palin (and other) account hijacks
2008-09-21/a>Mari NicholsYou still have time!
2008-09-20/a>Rick WannerNew (to me) nmap Features
2008-09-11/a>David GoldsmithCookieMonster is coming to Pown (err, Town)
2008-09-10/a>Adrien de BeaupreApple updates iPod Touch + Bonjour for Windows
2008-09-09/a>Swa FrantzenEvil side economy: $1 for breaking 1000 CAPTCHAs
2008-09-07/a>Daniel WesemannStaying current, but not too current
2008-09-03/a>Daniel WesemannStatic analysis of Shellcode - Part 2
2008-09-03/a>donald smithNew bgp hijack isn't very new.
2008-09-01/a>John BambenekThe Number of Machines Controlled by Botnets Has Jumped 4x in Last 3 Months
2008-08-23/a>Mark HofmanSQL injections - an update
2008-08-12/a>Johannes UllrichUpcoming Infocon Test and new Color
2008-08-10/a>Stephen HallFrom lolly pops to afterglow
2008-08-08/a>Mark HofmanMore SQL Injections - very active right now
2008-08-03/a>Deborah HaleSecuring A Network - Lessons Learned
2008-07-24/a>Bojan ZdrnjaWhat's brewing in Danmec's pot?
2008-07-17/a>Mari NicholsAdobe Reader 9 Released
2008-07-14/a>Daniel WesemannObfuscated JavaScript Redux
2008-07-11/a>Jim ClausingHandling the load
2008-06-30/a>Marcus SachsMore SQL Injection with Fast Flux hosting
2008-06-25/a>Deborah HaleReport of Coreflood.dr Infection
2008-06-24/a>Jason LamSQL Injection mitigation in ASP
2008-06-24/a>Jason LamMicrosoft SQL Injection Prevention Strategy
2008-06-23/a>donald smithPreventing SQL injection
2008-06-13/a>Johannes UllrichSQL Injection: More of the same
2008-06-13/a>Johannes UllrichFloods: More of the same (2)
2008-06-07/a>Jim ClausingFollowup to 'How do you monitor your website?'
2008-05-26/a>Marcus SachsPredictable Response
2008-05-20/a>Raul SilesList of malicious domains inserted through SQL injection
2008-05-17/a>Jim ClausingDisaster donation scams continue
2008-04-24/a>donald smithHundreds of thousands of SQL injections
2008-04-16/a>Bojan ZdrnjaThe 10.000 web sites infection mystery solved
2008-04-07/a>John BambenekHP USB Keys Shipped with Malware for your Proliant Server
2008-04-07/a>John BambenekNetwork Solutions Technical Difficulties? Enom too
2008-04-06/a>Daniel WesemannAdvanced obfuscated JavaScript analysis
2008-04-03/a>Bojan ZdrnjaMixed (VBScript and JavaScript) obfuscation
2008-03-30/a>Mark HofmanMail Anyone?
2008-03-14/a>Kevin Liston2117966.net-- mass iframe injection
2008-01-09/a>Bojan ZdrnjaMass exploits with SQL Injection
2007-02-24/a>Jason LamPrepared Statements and SQL injections
2006-10-02/a>Jim ClausingBack to green, but the exploits are still running wild
2006-09-30/a>Swa FrantzenYellow: WebViewFolderIcon setslice exploit spreading

RAILS

2013-06-27/a>Tony CarothersRuby Update for SSL Vulnerability
2013-01-09/a>Rob VandenBrinkSQL Injection Flaw in Ruby on Rails