Internet Storm Center
Sign In
Sign Up
Handler on Duty:
Jesse La Grew
Threat Level:
green
Date
Author
Title
2024-11-30
Xavier Mertens
From a Regular Infostealer to its Obfuscated Version
2024-11-19
Xavier Mertens
Detecting the Presence of a Debugger in Linux
2024-10-07
Xavier Mertens
macOS Sequoia: System/Network Admins, Hold On!
2024-10-03
Guy Bruneau
Kickstart Your DShield Honeypot [Guest Diary]
2024-09-26
Johannes Ullrich
Patch for Critical CUPS vulnerability: Don't Panic
2024-09-25
Johannes Ullrich
DNS Reflection Update and Odd Corrupted DNS Requests
2024-09-25
Guy Bruneau
OSINT - Image Analysis or More Where, When, and Metadata [Guest Diary]
2024-09-18
Guy Bruneau
Time-to-Live Analysis of DShield Data with Vega-Lite
2024-09-16
Xavier Mertens
Managing PE Files With Overlays
2024-09-11
Guy Bruneau
Hygiene, Hygiene, Hygiene! [Guest Diary]
2024-09-04
Guy Bruneau
Attack Surface [Guest Diary]
2024-08-30
Jesse La Grew
Simulating Traffic With Scapy
2024-08-27
Guy Bruneau
Vega-Lite with Kibana to Parse and Display IP Activity over Time
2024-08-26
Xavier Mertens
From Highly Obfuscated Batch File to XWorm and Redline
2024-08-20
Guy Bruneau
Mapping Threats with DNSTwist and the Internet Storm Center [Guest Diary]
2024-08-07
Guy Bruneau
Same Scripts, Different Day: What My DShield Honeypot Taught Me About the Importance of Security Fundamentals [Guest Diary]
2024-07-25
Xavier Mertens
XWorm Hidden With Process Hollowing
2024-07-16
Guy Bruneau
Who You Gonna Call? AndroxGh0st Busters! [Guest Diary]
2024-06-26
Guy Bruneau
What Setting Live Traps for Cybercriminals Taught Me About Security [Guest Diary]
2024-06-20
Guy Bruneau
No Excuses, Free Tools to Help Secure Authentication in Ubuntu Linux [Guest Diary]
2024-06-13
Guy Bruneau
The Art of JQ and Command-line Fu [Guest Diary]
2024-06-06
Xavier Mertens
Malicious Python Script with a "Best Before" Date
2024-05-31
Xavier Mertens
"K1w1" InfoStealer Uses gofile.io for Exfiltration
2024-05-28
Guy Bruneau
Is that It? Finding the Unknown: Correlations Between Honeypot Logs & PCAPs [Guest Diary]
2024-05-22
Guy Bruneau
Analysis of ?redtail? File Uploads to ICS Honeypot, a Multi-Architecture Coin Miner [Guest Diary]
2024-05-15
Rob VandenBrink
Got MFA? If not, Now is the Time!
2024-04-29
Johannes Ullrich
D-Link NAS Device Backdoor Abused
2024-04-29
Guy Bruneau
Linux Trojan - Xorddos with Filename eyshcjdmzg
2024-04-17
Xavier Mertens
Malicious PDF File Used As Delivery Mechanism
2024-04-11
Yee Ching Tok
Evolution of Artificial Intelligence Systems and Ensuring Trustworthiness
2024-04-07
Guy Bruneau
A Use Case for Adding Threat Hunting to Your Security Operations Team. Detecting Adversaries Abusing Legitimate Tools in A Customer Environment. [Guest Diary]
2024-03-28
Xavier Mertens
From JavaScript to AsyncRAT
2024-03-19
Johannes Ullrich
Attacker Hunting Firewalls
2024-03-13
Xavier Mertens
Using ChatGPT to Deobfuscate Malicious Scripts
2024-03-10
Guy Bruneau
What happens when you accidentally leak your AWS API keys? [Guest Diary]
2024-03-07
Jesse La Grew
[Guest Diary] AWS Deployment Risks - Configuration and Credential File Targeting
2024-02-28
Johannes Ullrich
Exploit Attempts for Unknown Password Reset Vulnerability
2024-02-20
Xavier Mertens
Python InfoStealer With Dynamic Sandbox Detection
2024-02-15
Jesse La Grew
[Guest Diary] Learning by doing: Iterative adventures in troubleshooting
2024-02-09
Xavier Mertens
MSIX With Heavily Obfuscated PowerShell Script
2024-02-03
Guy Bruneau
DShield Sensor Log Collection with Elasticsearch
2024-01-26
Xavier Mertens
A Batch File With Multiple Payloads
2024-01-24
Johannes Ullrich
How Bad User Interfaces Make Security Tools Harmful
2024-01-18
Johannes Ullrich
More Scans for Ivanti Connect "Secure" VPN. Exploits Public
2024-01-16
Johannes Ullrich
Scans for Ivanti Connect "Secure" VPN Vulnerability (CVE-2023-46805, CVE-2024-21887)
2024-01-12
Xavier Mertens
One File, Two Payloads
2024-01-02
Johannes Ullrich
Fingerprinting SSH Identification Strings
2023-12-31
Tom Webb
Pi-Hole Pi4 Docker Deployment
2023-12-23
Xavier Mertens
Python Keylogger Using Mailtrap.io
2023-12-20
Guy Bruneau
How to Protect your Webserver from Directory Enumeration Attack ? Apache2 [Guest Diary]
2023-11-27
Guy Bruneau
Decoding the Patterns: Analyzing DShield Honeypot Activity [Guest Diary]
2023-11-22
Guy Bruneau
CVE-2023-1389: A New Means to Expand Botnets
2023-11-17
Jan Kopriva
Phishing page with trivial anti-analysis features
2023-11-09
Xavier Mertens
Visual Examples of Code Injection
2023-10-31
Xavier Mertens
Multiple Layers of Anti-Sandboxing Techniques
2023-10-29
Guy Bruneau
Spam or Phishing? Looking for Credentials & Passwords
2023-10-09
Didier Stevens
ZIP's DOSTIME & DOSDATE Formats
2023-09-26
Johannes Ullrich
Apple Releases MacOS Sonoma Including Numerous Security Patches
2023-09-07
Johannes Ullrich
Apple Releases iOS/iPadOS 16.6.1, macOS 13.5.2, watchOS 9.6.2 fixing two zeroday vulnerabilities
2023-08-22
Xavier Mertens
Have You Ever Heard of the Fernet Encryption Algorithm?
2023-08-21
Xavier Mertens
Quick Malware Triage With Inotify Tools
2023-08-12
Guy Bruneau
DShield Sensor Monitoring with a Docker ELK Stack [Guest Diary]
2023-08-11
Xavier Mertens
Show me All Your Windows!
2023-08-04
Xavier Mertens
Are Leaked Credentials Dumps Used by Attackers?
2023-07-23
Guy Bruneau
Install & Configure Filebeat on Raspberry Pi ARM64 to Parse DShield Sensor Logs
2023-07-01
Russ McRee
Sandfly Security
2023-06-16
Xavier Mertens
Another RAT Delivered Through VBS
2023-06-11
Guy Bruneau
DShield Honeypot Activity for May 2023
2023-06-09
Xavier Mertens
Undetected PowerShell Backdoor Disguised as a Profile File
2023-05-28
Guy Bruneau
We Can no Longer Ignore the Cost of Cybersecurity
2023-05-20
Xavier Mertens
Phishing Kit Collecting Victim's IP Address
2023-05-17
Xavier Mertens
Increase in Malicious RAR SFX files
2023-05-14
Guy Bruneau
VMware Aria Operations addresses multiple Local Privilege Escalations and a Deserialization issue
2023-05-09
Russ McRee
Exploratory Data Analysis with CISSM Cyber Attacks Database - Part 2
2023-05-03
Xavier Mertens
Increased Number of Configuration File Scans
2023-03-31
Jan Kopriva
Use of X-Frame-Options and CSP frame-ancestors security headers on 1 million most popular domains
2023-03-30
Xavier Mertens
Bypassing PowerShell Strong Obfuscation
2023-03-21
Didier Stevens
String Obfuscation: Character Pair Reversal
2023-03-18
Xavier Mertens
Old Backdoor, New Obfuscation
2023-02-10
Xavier Mertens
Obfuscated Deactivation of Script Block Logging
2023-02-04
Guy Bruneau
Assemblyline as a Malware Analysis Sandbox
2023-01-25
Xavier Mertens
A First Malicious OneNote Document
2023-01-21
Guy Bruneau
DShield Sensor JSON Log to Elasticsearch
2023-01-17
Johannes Ullrich
Packet Tuesday: IPv6 Router Advertisements https://www.youtube.com/watch?v=uRWpB_lYIZ8
2023-01-08
Guy Bruneau
DShield Sensor JSON Log Analysis
2022-12-21
Guy Bruneau
DShield Sensor Setup in Azure
2022-12-20
Xavier Mertens
Linux File System Monitoring & Actions
2022-12-19
Xavier Mertens
Hunting for Mastodon Servers
2022-11-05
Guy Bruneau
Windows Malware with VHD Extension
2022-11-04
Xavier Mertens
Remcos Downloader with Unicode Obfuscation
2022-10-22
Didier Stevens
rtfdump's Find Option
2022-10-18
Xavier Mertens
Python Obfuscation for Dummies
2022-10-07
Xavier Mertens
Critical Fortinet Vulnerability Ahead
2022-10-04
Johannes Ullrich
Credential Harvesting with Telegram API
2022-09-26
Xavier Mertens
Easy Python Sandbox Detection
2022-09-19
Russ McRee
Chainsaw: Hunt, search, and extract event log records
2022-09-14
Xavier Mertens
Easy Process Injection within Python
2022-09-07
Johannes Ullrich
PHP Deserialization Exploit attempt
2022-08-22
Xavier Mertens
32 or 64 bits Malware?
2022-08-10
Johannes Ullrich
And Here They Come Again: DNS Reflection Attacks
2022-08-02
Johannes Ullrich
Increase in Chinese "Hacktivism" Attacks
2022-07-28
Johannes Ullrich
Exfiltrating Data With Bookmarks
2022-07-09
Didier Stevens
7-Zip Editing & MoW
2022-07-06
Johannes Ullrich
How Many SANs are Insane?
2022-06-24
Xavier Mertens
Python (ab)using The Windows GUI
2022-06-19
Didier Stevens
Video: Decoding Obfuscated BASE64 Statistically
2022-06-18
Didier Stevens
Decoding Obfuscated BASE64 Statistically
2022-06-16
Xavier Mertens
Houdini is Back Delivered Through a JavaScript Dropper
2022-06-10
Russ McRee
EPSScall: An Exploit Prediction Scoring System App
2022-06-01
Jan Kopriva
HTML phishing attachments - now with anti-analysis features
2022-05-30
Xavier Mertens
New Microsoft Office Attack Vector via "ms-msdt" Protocol Scheme (CVE-2022-30190)
2022-05-19
Brad Duncan
Bumblebee Malware from TransferXL URLs
2022-05-03
Rob VandenBrink
Finding the Real "Last Patched" Day (Interim Version)
2022-04-19
Johannes Ullrich
Resetting Linux Passwords with U-Boot Bootloaders
2022-03-29
Johannes Ullrich
More Fake/Typosquatting Twitter Accounts Asking for Ukraine Crytocurrency Donations
2022-03-27
Didier Stevens
Video: Maldoc Cleaned by Anti-Virus
2022-03-23
Brad Duncan
Arkei Variants: From Vidar to Mars Stealer
2022-03-10
Xavier Mertens
Credentials Leaks on VirusTotal
2022-03-09
Xavier Mertens
Infostealer in a Batch File
2022-03-04
Johannes Ullrich
Scam E-Mail Impersonating Red Cross
2022-03-02
Johannes Ullrich
The More Often Something is Repeated, the More True It Becomes: Dealing with Social Media
2022-02-22
Xavier Mertens
A Good Old Equation Editor Vulnerability Delivering Malware
2022-02-10
Johannes Ullrich
Zyxel Network Storage Devices Hunted By Mirai Variant
2022-02-01
Xavier Mertens
Automation is Nice But Don't Replace Your Knowledge
2022-01-29
Guy Bruneau
SIEM In this Decade, Are They Better than the Last?
2022-01-20
Xavier Mertens
RedLine Stealer Delivered Through FTP
2021-12-28
Russ McRee
LotL Classifier tests for shells, exfil, and miners
2021-12-21
Xavier Mertens
More Undetected PowerShell Dropper
2021-12-10
Xavier Mertens
Python Shellcode Injection From JSON Data
2021-12-01
Xavier Mertens
Info-Stealer Using webhook.site to Exfiltrate Data
2021-11-20
Guy Bruneau
Hikvision Security Cameras Potentially Exposed to Remote Code Execution
2021-11-18
Xavier Mertens
JavaScript Downloader Delivers Agent Tesla Trojan
2021-11-14
Didier Stevens
Video: Obfuscated Maldoc: Reversed BASE64
2021-11-08
Xavier Mertens
(Ab)Using Security Tools & Controls for the Bad
2021-11-01
Yee Ching Tok
Revisiting BrakTooth: Two Months Later
2021-10-18
Xavier Mertens
Malicious PowerShell Using Client Certificate Authentication
2021-09-24
Xavier Mertens
Keep an Eye on Your Users Mobile Devices (Simple Inventory)
2021-09-22
Didier Stevens
An XML-Obfuscated Office Document (CVE-2021-40444)
2021-09-17
Xavier Mertens
Malicious Calendar Subscriptions Are Back?
2021-09-11
Guy Bruneau
Shipping to Elasticsearch Microsoft DNS Logs
2021-09-09
Johannes Ullrich
Updates to Our Datafeeds/API
2021-09-08
Johannes Ullrich
Microsoft Offers Workaround for 0-Day Office Vulnerability (CVE-2021-40444)
2021-08-31
Yee Ching Tok
BrakTooth: Impacts, Implications and Next Steps
2021-08-29
Guy Bruneau
Filter JSON Data by Value with Linux jq
2021-08-19
Johannes Ullrich
When Lightning Strikes. What works and doesn't work.
2021-08-17
Johannes Ullrich
Laravel (<=v8.4.2) exploit attempts for CVE-2021-3129 (debug mode: Remote code execution)
2021-07-31
Guy Bruneau
Unsolicited DNS Queries
2021-07-28
Jan Kopriva
A sextortion e-mail from...IT support?!
2021-07-24
Bojan Zdrnja
Active Directory Certificate Services (ADCS - PKI) domain admin vulnerability
2021-07-14
Jan Kopriva
One way to fail at malspam - give recipients the wrong password for an encrypted attachment
2021-07-06
Xavier Mertens
Python DLL Injection Check
2021-07-04
Didier Stevens
DIY CD/DVD Destruction - Follow Up
2021-07-02
Xavier Mertens
"inception.py"... Multiple Base64 Encodings
2021-06-27
Didier Stevens
DIY CD/DVD Destruction
2021-06-25
Jim Clausing
Is this traffic bAD?
2021-06-24
Xavier Mertens
Do you Like Cookies? Some are for sale!
2021-06-21
Rick Wanner
Mitre CWE - Common Weakness Enumeration
2021-06-12
Guy Bruneau
Fortinet Targeted for Unpatched SSL VPN Discovery Activity
2021-06-04
Xavier Mertens
Russian Dolls VBS Obfuscation
2021-05-29
Guy Bruneau
Spear-phishing Email Targeting Outlook Mail Clients
2021-05-21
Xavier Mertens
Locking Kernel32.dll As Anti-Debugging Technique
2021-05-10
Johannes Ullrich
Correctly Validating IP Addresses: Why encoding matters for input validation.
2021-05-08
Guy Bruneau
Who is Probing the Internet for Research Purposes?
2021-04-29
Xavier Mertens
From Python to .Net
2021-04-10
Guy Bruneau
Building an IDS Sensor with Suricata & Zeek with Logs to ELK
2021-04-09
Xavier Mertens
No Python Interpreter? This Simple RAT Installs Its Own Copy
2021-04-02
Xavier Mertens
C2 Activity: Sandboxes or Real Victims?
2021-03-31
Xavier Mertens
Quick Analysis of a Modular InfoStealer
2021-03-17
Xavier Mertens
Defenders, Know Your Operating System Like Attackers Do!
2021-03-10
Rob VandenBrink
SharpRDP - PSExec without PSExec, PSRemoting without PowerShell
2021-03-02
Russ McRee
Adversary Simulation with Sim
2021-02-28
Didier Stevens
Maldocs: Protection Passwords
2021-02-26
Guy Bruneau
Pretending to be an Outlook Version Update
2021-02-22
Didier Stevens
Unprotecting Malicious Documents For Inspection
2021-02-13
Guy Bruneau
Using Logstash to Parse IPtables Firewall Logs
2021-02-13
Guy Bruneau
vSphere Replication updates address a command injection vulnerability (CVE-2021-21976) - https://www.vmware.com/security/advisories/VMSA-2021-0001.html
2021-02-04
Bojan Zdrnja
Abusing Google Chrome extension syncing for data exfiltration and C&C
2021-01-30
Guy Bruneau
PacketSifter as Network Parsing and Telemetry Tool
2021-01-29
Xavier Mertens
Sensitive Data Shared with Cloud Services
2021-01-18
Didier Stevens
Doc & RTF Malicious Document
2021-01-04
Jan Kopriva
From a small BAT file to Mass Logger infostealer
2021-01-02
Guy Bruneau
Protecting Home Office and Enterprise in 2021
2020-12-29
Jan Kopriva
Want to know what's in a folder you don't have a permission to access? Try asking your AV solution...
2020-12-22
Xavier Mertens
Malware Victim Selection Through WiFi Identification
2020-12-19
Guy Bruneau
Secure Communication using TLS in Elasticsearch
2020-11-30
Didier Stevens
Decrypting PowerShell Payloads (video)
2020-11-25
Xavier Mertens
Live Patching Windows API Calls Using PowerShell
2020-11-21
Guy Bruneau
VMware privilege escalation vulnerabilities (CVE-2020-4004, CVE-2020-4005) - https://www.vmware.com/security/advisories/VMSA-2020-0026.html
2020-11-20
Xavier Mertens
Malicious Python Code and LittleSnitch Detection
2020-11-19
Xavier Mertens
PowerShell Dropper Delivering Formbook
2020-11-18
Xavier Mertens
When Security Controls Lead to Security Issues
2020-11-13
Xavier Mertens
Old Worm But New Obfuscation Technique
2020-11-05
Xavier Mertens
Did You Spot "Invoke-Expression"?
2020-10-30
Xavier Mertens
Quick Status of the CAA DNS Record Adoption
2020-10-24
Guy Bruneau
An Alternative to Shodan, Censys with User-Agent CensysInspect/1.1
2020-10-14
Xavier Mertens
Nicely Obfuscated Python RAT
2020-10-07
Johannes Ullrich
Today, Nobody is Going to Attack You.
2020-10-01
Daniel Wesemann
Making sense of Azure AD (AAD) activity logs
2020-09-30
Johannes Ullrich
Scans for FPURL.xml: Reconnaissance or Not?
2020-09-24
Xavier Mertens
Party in Ibiza with PowerShell
2020-09-20
Guy Bruneau
Analysis of a Salesforce Phishing Emails
2020-09-04
Jan Kopriva
A blast from the past - XXEncoded VB6.0 Trojan
2020-08-31
Didier Stevens
Finding The Original Maldoc
2020-08-30
Johannes Ullrich
CenturyLink Outage Causing Internet Wide Problems
2020-08-29
Didier Stevens
Malicious Excel Sheet with a NULL VT Score: More Info
2020-08-28
Xavier Mertens
Example of Malicious DLL Injected in PowerShell
2020-08-25
Xavier Mertens
Keep An Eye on LOLBins
2020-08-24
Xavier Mertens
Tracking A Malware Campaign Through VT
2020-08-19
Xavier Mertens
Example of Word Document Delivering Qakbot
2020-08-18
Xavier Mertens
Using API's to Track Attackers
2020-08-16
Didier Stevens
Small Challenge: A Simple Word Maldoc - Part 3
2020-08-10
Bojan Zdrnja
Scoping web application and web service penetration tests
2020-08-04
Johannes Ullrich
Internet Choke Points: Concentration of Authoritative Name Servers
2020-08-01
Jan Kopriva
What pages do bad bots look for?
2020-07-30
Johannes Ullrich
Python Developers: Prepare!!!
2020-07-24
Xavier Mertens
Compromized Desktop Applications by Web Technologies
2020-07-20
Rick Wanner
Sextortion Update: The Final Final Chapter
2020-07-11
Guy Bruneau
VMware XPC Client validation privilege escalation vulnerability - https://www.vmware.com/security/advisories/VMSA-2020-0017.html
2020-07-08
Xavier Mertens
If You Want Something Done Right, You Have To Do It Yourself... Malware Too!
2020-06-16
Xavier Mertens
Sextortion to The Next Level
2020-06-08
Didier Stevens
Translating BASE64 Obfuscated Scripts
2020-06-04
Xavier Mertens
Anti-Debugging Technique based on Memory Protection
2020-05-14
Rob VandenBrink
Patch Tuesday Revisited - CVE-2020-1048 isn't as "Medium" as MS Would Have You Believe
2020-05-06
Xavier Mertens
Keeping an Eye on Malicious Files Life Time
2020-05-04
Didier Stevens
Sysmon and File Deletion
2020-04-27
Xavier Mertens
Powershell Payload Stored in a PSCredential Object
2020-04-24
Xavier Mertens
Malicious Excel With a Strong Obfuscation and Sandbox Evasion
2020-04-16
Johannes Ullrich
Using AppLocker to Prevent Living off the Land Attacks
2020-04-10
Xavier Mertens
PowerShell Sample Extracting Payload From SSL
2020-04-03
Xavier Mertens
Obfuscated with a Simple 0x0A
2020-03-21
Guy Bruneau
Honeypot - Scanning and Targeting Devices & Services
2020-03-15
Guy Bruneau
VPN Access and Activity Monitoring
2020-03-02
Jan Kopriva
Secure vs. cleartext protocols - couple of interesting stats
2020-02-22
Xavier Mertens
Simple but Efficient VBScript Obfuscation
2020-02-16
Guy Bruneau
SOAR or not to SOAR?
2020-02-07
Xavier Mertens
Sandbox Detection Tricks & Nice Obfuscation in a Single VBScript
2020-01-27
Johannes Ullrich
Network Security Perspective on Coronavirus Preparedness
2020-01-25
Guy Bruneau
Is Threat Hunting the new Fad?
2020-01-23
Xavier Mertens
Complex Obfuscation VS Simple Trick
2020-01-21
Russ McRee
DeepBlueCLI: Powershell Threat Hunting
2020-01-15
Johannes Ullrich
CVE-2020-0601 Followup
2020-01-11
Johannes Ullrich
Citrix ADC Exploits are Public and Heavily Used. Attempts to Install Backdoor
2020-01-10
Xavier Mertens
More Data Exfiltration
2019-12-12
Xavier Mertens
Code & Data Reuse in the Malware Ecosystem
2019-11-22
Xavier Mertens
Abusing Web Filters Misconfiguration for Reconnaissance
2019-10-19
Russell Eubanks
What Assumptions Are You Making?
2019-10-18
Xavier Mertens
Quick Malicious VBS Analysis
2019-10-10
Rob VandenBrink
Mining Live Networks for OUI Data Oddness
2019-09-27
Xavier Mertens
New Scans for Polycom Autoconfiguration Files
2019-09-22
Didier Stevens
Video: Encrypted Sextortion PDFs
2019-09-19
Xavier Mertens
Agent Tesla Trojan Abusing Corporate Email Accounts
2019-09-19
Xavier Mertens
Blocklisting or Whitelisting in the Right Way
2019-09-17
Rob VandenBrink
Investigating Gaps in your Windows Event Logs
2019-09-16
Didier Stevens
Encrypted Sextortion PDFs
2019-08-09
Xavier Mertens
100% JavaScript Phishing Page
2019-08-05
Rick Wanner
Sextortion: Follow the Money - The Final Chapter
2019-07-25
Rob VandenBrink
When Users Attack! Users (and Admins) Thwarting Security Controls
2019-07-20
Guy Bruneau
Re-evaluating Network Security - It is Increasingly More Complex
2019-07-18
Rob VandenBrink
The Other Side of Critical Control 1: 802.1x Wired Network Access Controls
2019-07-17
Xavier Mertens
Analyzis of DNS TXT Records
2019-07-11
Xavier Mertens
Russian Dolls Malicious Script Delivering Ursnif
2019-07-02
Xavier Mertens
Malicious Script With Multiple Payloads
2019-06-20
Xavier Mertens
Using a Travel Packing App for Infosec Purpose
2019-06-19
Johannes Ullrich
Critical Actively Exploited WebLogic Flaw Patched CVE-2019-2729
2019-06-10
Xavier Mertens
Interesting JavaScript Obfuscation Example
2019-04-26
Rob VandenBrink
Pillaging Passwords from Service Accounts
2019-04-25
Rob VandenBrink
Unpatched Vulnerability Alert - WebLogic Zero Day
2019-04-13
Johannes Ullrich
Configuring MTA-STS and TLS Reporting For Your Domain
2019-04-05
Russ McRee
Beagle: Graph transforms for DFIR data & logs
2019-03-27
Xavier Mertens
Running your Own Passive DNS Service
2019-03-25
Didier Stevens
"VelvetSweatshop" Maldocs: Shellcode Analysis
2019-03-24
Didier Stevens
Decoding QR Codes with Python
2019-03-23
Didier Stevens
"VelvetSweatshop" Maldocs
2019-03-21
Xavier Mertens
New Wave of Extortion Emails: Central Intelligence Agency Case
2019-03-06
Xavier Mertens
Keep an Eye on Disposable Email Addresses
2019-02-25
Didier Stevens
Sextortion Email Variant: With QR Code
2019-02-24
Guy Bruneau
Packet Editor and Builder by Colasoft
2019-02-05
Rob VandenBrink
Mitigations against Mimikatz Style Attacks
2019-02-01
Rick Wanner
Sextortion: Follow the Money Part 3 - The cashout begins!
2019-01-18
John Bambenek
Sextortion Bitcoin on the Move
2018-12-31
Didier Stevens
Software Crashes: A New Year's Resolution
2018-12-29
Didier Stevens
Video: De-DOSfuscation Example
2018-12-19
Xavier Mertens
Using OSSEC Active-Response as a DFIR Framework
2018-12-16
Guy Bruneau
Random Port Scan for Open RDP Backdoor
2018-12-15
Didier Stevens
De-DOSfuscation Example
2018-12-14
Rick Wanner
Bombstortion?? Boomstortion??
2018-12-12
Didier Stevens
Yet Another DOSfuscation Sample
2018-11-30
Remco Verhoef
CoinMiners searching for hosts
2018-11-27
Xavier Mertens
More obfuscated shell scripts: Fake MacOS Flash update
2018-11-27
Rob VandenBrink
Data Exfiltration in Penetration Tests
2018-11-26
Xavier Mertens
Obfuscated bash script targeting QNap boxes
2018-11-20
Xavier Mertens
Querying DShield from Cortex
2018-11-16
Xavier Mertens
Basic Obfuscation With Permissive Languages
2018-11-06
Xavier Mertens
Malicious Powershell Script Dissection
2018-11-05
Johannes Ullrich
Struts 2.3 Vulnerable to Two Year old File Upload Flaw
2018-10-23
Xavier Mertens
Diving into Malicious AutoIT Code
2018-10-17
Russ McRee
RedHunt Linux - Adversary Emulation, Threat Hunting & Intelligence
2018-10-12
Xavier Mertens
More Equation Editor Exploit Waves
2018-10-10
Xavier Mertens
New Campaign Using Old Equation Editor Vulnerability
2018-10-01
Didier Stevens
Decoding Custom Substitution Encodings with translate.py
2018-09-30
Didier Stevens
When DOSfuscation Helps...
2018-09-28
Xavier Mertens
More Excel DDE Code Injection
2018-09-20
Xavier Mertens
Hunting for Suspicious Processes with OSSEC
2018-09-19
Rob VandenBrink
Certificates Revisited - SSL VPN Certificates 2 Ways
2018-09-18
Rob VandenBrink
Using Certificate Transparency as an Attack / Defense Tool
2018-09-05
Rob VandenBrink
Where have all my Certificates gone? (And when do they expire?)
2018-09-05
Xavier Mertens
Malicious PowerShell Compiling C# Code on the Fly
2018-08-13
Didier Stevens
New Extortion Tricks: Now Including Your (Partial) Phone Number!
2018-08-10
Remco Verhoef
Hunting SSL/TLS clients using JA3
2018-07-30
Didier Stevens
Malicious Word documents using DOSfuscation
2018-07-29
Guy Bruneau
Using RITA for Threat Analysis
2018-07-26
Xavier Mertens
Windows Batch File Deobfuscation
2018-07-24
Tom Webb
Cell Phone Monitoring. Who is Watching the Watchers?
2018-07-12
Johannes Ullrich
New Extortion Tricks: Now Including Your Password!
2018-07-02
Guy Bruneau
VMware ESXi, Workstation, and Fusion address multiple out-of-bounds read vulnerabilities https://www.vmware.com/security/advisories/VMSA-2018-0016.html
2018-07-02
Guy Bruneau
Hello Peppa! - PHP Scans
2018-06-25
Didier Stevens
Guilty by association
2018-06-21
Xavier Mertens
Are Your Hunting Rules Still Working?
2018-06-18
Xavier Mertens
Malicious JavaScript Targeting Mobile Browsers
2018-06-17
Didier Stevens
Encrypted Office Documents
2018-06-15
Lorna Hutcheson
SMTP Strangeness - Possible C2
2018-06-13
Remco Verhoef
From Microtik with Love
2018-06-05
Xavier Mertens
Malicious Post-Exploitation Batch File
2018-06-04
Rob VandenBrink
Digging into Authenticode Certificates
2018-05-25
Xavier Mertens
Antivirus Evasion? Easy as 1,2,3
2018-05-22
Guy Bruneau
VMware updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue - https://www.vmware.com/security/advisories/VMSA-2018-0012.html
2018-05-19
Xavier Mertens
Malicious Powershell Targeting UK Bank Customers
2018-05-16
Mark Hofman
EFAIL, a weakness in openPGP and S\MIME
2018-05-10
Bojan Zdrnja
Exfiltrating data from (very) isolated environments
2018-04-30
Remco Verhoef
Another approach to webapplication fingerprinting
2018-02-25
Guy Bruneau
Blackhole Advertising Sites with Pi-hole
2018-02-02
Xavier Mertens
Simple but Effective Malicious XLS Sheet
2017-12-30
Xavier Mertens
2017, The Flood of CVEs
2017-12-27
Guy Bruneau
What are your Security Challenges for 2018?
2017-12-23
Didier Stevens
Encrypted PDFs
2017-12-14
Russ McRee
Detection Lab: Visibility & Introspection for Defenders
2017-12-13
Xavier Mertens
Tracking Newly Registered Domains
2017-12-02
Xavier Mertens
Using Bad Material for the Good
2017-11-25
Guy Bruneau
Exim Remote Code Exploit
2017-11-23
Xavier Mertens
Proactive Malicious Domain Search
2017-11-17
Xavier Mertens
Top-100 Malicious IP STIX Feed
2017-11-11
Xavier Mertens
Keep An Eye on your Root Certificates
2017-11-03
Xavier Mertens
Simple Analysis of an Obfuscated JAR File
2017-10-30
Johannes Ullrich
Critical Patch For Oracle's Identity Manager
2017-10-25
Mark Hofman
DUHK attack, continuing a week of named issues
2017-10-18
Renato Marinho
Baselining Servers to Detect Outliers
2017-10-02
Xavier Mertens
Investigating Security Incidents with Passive DNS
2017-09-30
Lorna Hutcheson
Who's Borrowing your Resources?
2017-09-22
Russell Eubanks
What is the State of Your Union?
2017-09-19
Jim Clausing
New tool: mac-robber.py
2017-09-16
Guy Bruneau
VMware ESXi, vCenter Server, Fusion and Workstation updates resolve multiple security vulnerabilities - https://www.vmware.com/security/advisories/VMSA-2017-0015.html
2017-09-11
Russ McRee
Windows Auditing with WINspect
2017-09-09
Didier Stevens
Malware analysis output sanitization
2017-09-06
Adrien de Beaupre
Modern Web Application Penetration Testing , Hash Length Extension Attacks
2017-09-02
Xavier Mertens
AutoIT based malware back in the wild
2017-07-24
Russell Eubanks
Trends Over Time
2017-07-08
Xavier Mertens
A VBScript with Obfuscated Base64 Data
2017-07-07
Renato Marinho
DDoS Extortion E-mail: Yet Another Bluff?
2017-06-22
Xavier Mertens
Obfuscating without XOR
2017-06-17
Guy Bruneau
Mapping Use Cases to Logs. Which Logs are the Most Important to Collect?
2017-06-10
Russell Eubanks
An Occasional Look in the Rear View Mirror
2017-05-28
Pasquale Stirparo
Analysis of Competing Hypotheses (ACH part 1)
2017-05-28
Guy Bruneau
CyberChef a Must Have Tool in your Tool bag!
2017-05-20
Xavier Mertens
Typosquatting: Awareness and Hunting
2017-05-16
Russ McRee
WannaCry? Do your own data analysis.
2017-05-13
Guy Bruneau
Has anyone Tested WannaCry Killswitch? - https://blog.didierstevens.com/2017/05/13/quickpost-wcry-killswitch-check-is-not-proxy-aware/
2017-05-05
Xavier Mertens
HTTP Headers... the Achilles' heel of many applications
2017-05-02
Richard Porter
Do you have Intel AMT? Then you have a problem today! Intel Active Management Technology INTEL-SA-00075
2017-04-28
Xavier Mertens
Another Day, Another Obfuscation Technique
2017-04-21
Xavier Mertens
Analysis of a Maldoc with Multiple Layers of Obfuscation
2017-04-20
Xavier Mertens
DNS Query Length... Because Size Does Matter
2017-04-19
Xavier Mertens
Hunting for Malicious Excel Sheets
2017-04-02
Guy Bruneau
IPFire - A Household Multipurpose Security Gateway
2017-03-30
Xavier Mertens
Diverting built-in features for the bad
2017-03-25
Russell Eubanks
Distraction as a Service
2017-03-24
Xavier Mertens
Nicely Obfuscated JavaScript Sample
2017-03-18
Xavier Mertens
Example of Multiple Stages Dropper
2017-03-15
Xavier Mertens
Retro Hunting!
2017-03-10
Xavier Mertens
The Side Effect of GeoIP Filters
2017-03-08
Richard Porter
What is really being proxied?
2017-03-06
Renato Marinho
A very convincing Typosquatting + Social Engineering campaign is targeting Santander corporate customers in Brazil
2017-03-04
Xavier Mertens
How your pictures may affect your website reputation
2017-02-28
Xavier Mertens
Analysis of a Simple PHP Backdoor
2017-02-13
Rob VandenBrink
Stuff I Learned Decrypting
2017-02-12
Xavier Mertens
Analysis of a Suspicious Piece of JavaScript
2017-02-09
Brad Duncan
Ticketbleed vulnerability affects some f5 appliances
2017-01-28
Lorna Hutcheson
Packet Analysis - Where do you start?
2016-12-27
Guy Bruneau
Using daemonlogger as a Software Tap
2016-12-24
Didier Stevens
Pinging All The Way
2016-11-20
Pasquale Stirparo
How many “Epoch” times? Epocalypse.py timestamp converter
2016-10-30
Pasquale Stirparo
Volatility Bot: Automated Memory Analysis
2016-10-17
Didier Stevens
Maldoc VBA Anti-Analysis: Video
2016-10-15
Didier Stevens
Maldoc VBA Anti-Analysis
2016-09-15
Xavier Mertens
In Need of a OTP Manager Soon?
2016-09-09
Xavier Mertens
Collecting Users Credentials from Locked Devices
2016-09-04
Russ McRee
Kali Linux 2016.2 Release: https://www.kali.org/news/kali-linux-20162-release/
2016-08-29
Russ McRee
Recommended Reading: Intrusion Detection Using Indicators of Compromise Based on Best Practices and Windows Event Logs
2016-08-28
Guy Bruneau
Spam with Obfuscated Javascript
2016-08-21
Rick Wanner
Cisco ASA SNMP Remote Code Execution Vulnerability
2016-08-19
Xavier Mertens
Data Classification For the Masses
2016-07-27
Xavier Mertens
Critical Xen PV guests vulnerabilities
2016-07-26
Johannes Ullrich
Command and Control Channels Using "AAAA" DNS Records
2016-07-15
Xavier Mertens
Name All the Things!
2016-07-12
Xavier Mertens
Hunting for Malicious Files with MISP + OSSEC
2016-07-07
Johannes Ullrich
Patchwork: Is it still "Advanced" if all you have to do is Copy/Paste?
2016-07-03
Guy Bruneau
Is Data Privacy part of your Company's Culture?
2016-06-22
Bojan Zdrnja
Security through obscurity never works
2016-06-03
Tom Liston
MySQL is YourSQL
2016-05-18
Russ McRee
Resources: Windows Auditing & Monitoring, Linux 2FA
2016-05-08
Jim Clausing
Guest Diary: Linux Capabilities - A friend and foe
2016-04-02
Russell Eubanks
Why Can't We Be Friends?
2016-03-23
Bojan Zdrnja
Abusing Oracles
2016-03-13
Guy Bruneau
A Look at the Mandiant M-Trends 2016 Report
2016-03-07
Xavier Mertens
Another Malicious Document, Another Way to Deliver Malicious Code
2016-02-23
Xavier Mertens
VMware VMSA-2016-0002
2016-02-22
Xavier Mertens
Reducing False Positives with Open Data Sources
2016-02-20
Didier Stevens
Locky: JavaScript Deobfuscation
2016-02-15
Bojan Zdrnja
Exploiting (pretty) blind SQL injections
2016-02-07
Xavier Mertens
More Malicious JavaScript Obfuscation
2016-02-03
Xavier Mertens
Automating Vulnerability Scans
2016-01-31
Guy Bruneau
Windows 10 and System Protection for DATA Default is OFF
2016-01-30
Xavier Mertens
All CVE Details at Your Fingertips
2016-01-29
Xavier Mertens
Scripting Web Categorization
2016-01-25
Rob VandenBrink
Assessing Remote Certificates with Powershell
2016-01-21
Jim Clausing
Scanning for Fortinet ssh backdoor
2016-01-20
Xavier Mertens
/tmp, %TEMP%, ~/Desktop, T:\, ... A goldmine for pentesters!
2016-01-15
Xavier Mertens
JavaScript Deobfuscation Tool
2016-01-05
Guy Bruneau
What are you Concerned the Most in 2016?
2015-12-29
Daniel Wesemann
New Years Resolutions
2015-12-24
Xavier Mertens
Unity Makes Strength
2015-12-21
Daniel Wesemann
Critical Security Controls: Getting to know the unknown
2015-12-05
Guy Bruneau
Are you looking to setup your own Malware Sandbox?
2015-11-09
John Bambenek
ICYMI: Widespread Unserialize Vulnerability in Java
2015-11-04
Richard Porter
Application Aware and Critical Control 2
2015-10-17
Russell Eubanks
CIS Critical Security Controls - Version 6.0
2015-10-12
Guy Bruneau
Data Visualization,What is your Tool of Choice?
2015-10-12
Guy Bruneau
Critical Vulnerability in Multiple Cisco Products - Apache Struts 2 Command Execution http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2
2015-09-03
Xavier Mertens
Querying the DShield API from RTIR
2015-09-01
Daniel Wesemann
Encryption of "data at rest" in servers
2015-08-29
Tom Webb
Automating Metrics using RTIR REST API
2015-07-31
Russ McRee
Tech tip follow-up: Using the data Invoked with R's system command
2015-07-03
Didier Stevens
Analyzing Quarantine Files
2015-06-28
Didier Stevens
The EICAR Test File
2015-06-24
Rob VandenBrink
The Powershell Diaries - Finding Problem User Accounts in AD
2015-06-02
Alex Stanford
Guest Diary: Xavier Mertens - Playing with IP Reputation with Dshield & OSSEC
2015-05-29
Russell Eubanks
Trust But Verify
2015-05-20
Brad Duncan
Logjam - vulnerabilities in Diffie-Hellman key exchange affect browsers and servers using TLS
2015-05-03
Russ McRee
VolDiff, for memory image differential analysis
2015-04-28
Daniel Wesemann
Scammy Nepal earthquake donation requests
2015-04-08
Tom Webb
Is it a breach or not?
2015-03-26
Daniel Wesemann
Pin-up on your Smartphone!
2015-03-18
Daniel Wesemann
Pass the hash!
2015-02-27
Rick Wanner
Let's Encrypt!
2015-02-17
Rob VandenBrink
A Different Kind of Equation
2015-02-11
Johannes Ullrich
Did PCI Just Kill E-Commerce By Saying SSL is Not Sufficient For Payment Info ? (spoiler: TLS!=SSL)
2015-02-10
Mark Baggett
Detecting Mimikatz Use On Your Network
2015-01-31
Guy Bruneau
Beware of Phishing and Spam Super Bowl Fans!
2014-11-27
Russ McRee
Syrian Electronic Army attack leads to malvertising
2014-09-27
Guy Bruneau
What has Bash and Heartbleed Taught Us?
2014-09-19
Guy Bruneau
CipherShed Fork from TrueCrypt Project, Support Windows, Mac OS and Linux - https://ciphershed.org
2014-09-12
Chris Mohan
Are credential dumps worth reviewing?
2014-08-29
Johannes Ullrich
False Positive or Not? Difficult to Analyze Javascript
2014-08-25
Jim Clausing
Unusual CRL traffic?
2014-08-25
Jim Clausing
UDP port 1900 DDoS traffic
2014-08-09
Adrien de Beaupre
Complete application ownage via Multi-POST XSRF
2014-08-04
Russ McRee
Threats & Indicators: A Security Intelligence Lifecycle
2014-07-30
Rick Wanner
Symantec Endpoint Protection Privilege Escalation Zero Day
2014-07-26
Chris Mohan
"Internet scanning project" scans
2014-07-09
Daniel Wesemann
Who owns your typo?
2014-07-02
Johannes Ullrich
Simple Javascript Extortion Scheme Advertised via Bing
2014-06-28
Mark Hofman
No more Microsoft advisory email notifications?
2014-06-24
Kevin Shortt
NTP DDoS Counts Have Dropped
2014-05-27
Kevin Shortt
Avast forums hacked
2014-05-23
Richard Porter
Highlights from Cisco Live 2014 - The Internet of Everything
2014-05-01
Johannes Ullrich
Busybox Honeypot Fingerprinting and a new DVR scanner
2014-04-26
Guy Bruneau
New Project by Linux Foundation - Core Infrastructure Initiative
2014-04-21
Daniel Wesemann
Allow us to leave!
2014-04-12
Guy Bruneau
Critical Security Update for JetPack WordPress Plugin. Bug has existed since Jetpack 1.9, released in October 2012. - http://jetpack.me/2014/04/10/jetpack-security-update/
2014-03-14
Richard Porter
Word Press Shenanigans? Anyone seeing strange activity today?
2014-03-13
Daniel Wesemann
Identification and authentication are hard ... finding out intention is even harder
2014-03-07
Tom Webb
Linux Memory Dump with Rekall
2014-03-04
Daniel Wesemann
Triple Handshake Cookie Cutter
2014-02-26
Russ McRee
Ongoing NTP Amplification Attacks
2014-02-14
Chris Mohan
Scanning activity for /siemens/bootstrapping/JnlpBrowser/Development/
2014-02-14
Chris Mohan
SYM14-004 Symantec Endpoint Protection Management Vulnerabilities - http://www.symantec.com/business/support/index?page=content&id=TECH214866
2014-02-03
Johannes Ullrich
When an Attack isn't an Attack
2014-01-31
Chris Mohan
Looking for packets from three particular subnets
2014-01-17
Russ McRee
Massive RFI scans likely a free web app vuln scanner rather than bots
2014-01-11
Guy Bruneau
tcpflow 1.4.4 and some of its most Interesting Features
2013-12-23
Rob VandenBrink
How-To's for the Holidays - Java Whitelisting using AD Group Policy
2013-12-20
Daniel Wesemann
authorized key lime pie
2013-12-16
Tom Webb
The case of Minerd
2013-12-10
Rob VandenBrink
Those Look Just Like Hashes!
2013-11-19
Johannes Ullrich
vBulletin.com Compromise - Possible 0-day
2013-10-25
Rob VandenBrink
Kaspersky flags TCPIP.SYS as Malware
2013-10-24
Johannes Ullrich
False Positive: php.net Malware Alert
2013-10-21
Johannes Ullrich
New tricks that may bring DNS spoofing back or: "Why you should enable DNSSEC even if it is a pain to do"
2013-10-19
Johannes Ullrich
Yet Another WHMCS SQL Injection Exploit
2013-10-12
Richard Porter
Reported Spike in tcp/5901 and tcp/5900
2013-10-05
Richard Porter
Adobe Breach Notification, Notifications?
2013-10-04
Pedro Bueno
CSAM: WebHosting BruteForce logs
2013-09-18
Rob VandenBrink
Cisco DCNM Update Released
2013-09-09
Johannes Ullrich
SSL is broken. So what?
2013-08-19
Johannes Ullrich
Running Snort on ESXi using the Distributed Switch
2013-08-14
Johannes Ullrich
Imaging LUKS Encrypted Drives
2013-08-13
Swa Frantzen
Microsoft security advisories: RDP and MD5 deprecation in Microsoft root certificates
2013-08-03
Deborah Hale
What Anti-virus Program Is Right For You?
2013-07-27
Scott Fendley
Defending Against Web Server Denial of Service Attacks
2013-07-17
Johannes Ullrich
Network Solutions Outage
2013-07-16
Johannes Ullrich
Why don't we see more examples of web app attacks via POST?
2013-07-06
Guy Bruneau
Is Metadata the Magic in Modern Network Security?
2013-07-04
Russ McRee
Celebrating 4th of July With a Malware PCAP Visualization
2013-07-01
Manuel Humberto Santander Pelaez
Using nmap scripts to enhance vulnerability asessment results
2013-06-18
Russ McRee
EMET 4.0 is now available for download
2013-06-18
Russ McRee
Volatility rules...any questions?
2013-06-07
Daniel Wesemann
100% Compliant (for 65% of the systems)
2013-05-23
Adrien de Beaupre
MoVP II
2013-05-22
Adrien de Beaupre
Privilege escalation, why should I care?
2013-05-22
Adrien de Beaupre
Apple QuickTime 7.7.4 for Windows updated, MANY security vulnerabilities: http://support.apple.com/kb/HT1222
2013-05-17
Johannes Ullrich
SSL: Another reason not to ignore IPv6
2013-05-11
Lenny Zeltser
Extracting Digital Signatures from Signed Malware
2013-05-07
Jim Clausing
Is there an epidemic of typo squatting?
2013-04-26
Russ McRee
What is "up to date anti-virus software"?
2013-04-25
Adam Swanger
Guest Diary: Dylan Johnson - A week in the life of some Perimeter Firewalls
2013-04-17
John Bambenek
UPDATEDx1: Boston-Related Malware Campaigns Have Begun - Now with Waco Plant Explosion Fun
2013-04-16
John Bambenek
Fake Boston Marathon Scams Update
2013-04-15
Rob VandenBrink
Oops - You Mean That Deleted Server was a Certificate Authority?
2013-04-04
Johannes Ullrich
Microsoft April Patch Tuesday Advance Notification
2013-03-29
Chris Mohan
Does your breach email notification look like a phish?
2013-03-23
Guy Bruneau
Apple ID Two-step Verification Now Available in some Countries
2013-03-07
Guy Bruneau
Apple Blocking Java Web plug-in
2013-03-03
Richard Porter
Uptick in MSSQL Activity
2013-02-17
Guy Bruneau
HP ArcSight Connector Appliance and Logger Vulnerabilities
2013-02-16
Lorna Hutcheson
Fedora RedHat Vulnerabilty Released
2013-02-11
John Bambenek
Is This Chinese Registrar Really Trying to XSS Me?
2013-02-08
Kevin Shortt
Is it Spam or Is it Malware?
2013-02-06
Johannes Ullrich
Are you losing system logging information (and don't know it)?
2013-02-04
Russ McRee
An expose of a recent SANS GIAC XSS vulnerability
2013-01-25
Johannes Ullrich
Vulnerability Scans via Search Engines (Request for Logs)
2013-01-15
Russ McRee
Cisco introducing Cisco Security Notices 16 JAN 2013
2013-01-09
Rob VandenBrink
SQL Injection Flaw in Ruby on Rails
2013-01-03
Manuel Humberto Santander Pelaez
New year and new CA compromised
2013-01-03
Bojan Zdrnja
Memory acquisition traps
2012-12-27
John Bambenek
It's 3pm 2 days after Christmas, do you know where your unmanaged SSH keys are?
2012-12-18
Dan Goldberg
Mitigating the impact of organizational change: a risk assessment
2012-12-04
Johannes Ullrich
Where do your backup tapes go to die?
2012-12-03
John Bambenek
John McAfee Exposes His Location in Photo About His Being on Run
2012-12-03
Kevin Liston
Recent SSH vulnerabilities
2012-12-02
Guy Bruneau
Collecting Logs from Security Devices at Home
2012-11-06
Johannes Ullrich
What to watch out For on Election Day
2012-11-02
Daniel Wesemann
The shortcomings of anti-virus software
2012-10-30
Mark Hofman
Cyber Security Awareness Month - Day 30 - DSD 35 mitigating controls
2012-10-05
Richard Porter
Reports of a Distributed Injection Scan
2012-09-19
Kevin Liston
Volatility: 2.2 is Coming Soon
2012-09-11
Adam Swanger
Microsoft September 2012 Black Tuesday Update - Overview
2012-09-08
Guy Bruneau
Webmin Input Validation Vulnerabilities
2012-09-02
Lorna Hutcheson
Demonstrating the value of your Intrusion Detection Program and Analysts
2012-08-21
Adrien de Beaupre
YYABCAFU - Yes Yet Another Bleeping Critical Adobe Flash Update
2012-08-16
Johannes Ullrich
A Poor Man's DNS Anomaly Detection Script
2012-08-14
Rick Wanner
Microsoft August 2012 Black Tuesday Update - Overview
2012-07-31
Daniel Wesemann
SQL injection, lilupophilupop-style
2012-07-21
Rick Wanner
TippingPoint DNS Version Request increase
2012-07-18
Rob VandenBrink
Vote NO to Weak Keys!
2012-07-18
Rob VandenBrink
Vote NO to Weak Encryption!
2012-07-14
Tony Carothers
User Awareness and Education
2012-07-12
Rob VandenBrink
Today at SANSFIRE - Dude Your Car is PWND !
2012-07-05
Adrien de Beaupre
Microsoft advanced notification for July 2012 patch Tuesday
2012-07-02
Dan Goldberg
Storms of June 29th 2012 in Mid Atlantic region of the USA
2012-06-22
Kevin Liston
Investigator's Tool-kit: Timeline
2012-06-20
Raul Siles
CVE-2012-0217 (from MS12-042) applies to other environments too
2012-06-19
Daniel Wesemann
Vulnerabilityqueerprocessbrittleness
2012-06-13
Johannes Ullrich
Microsoft Certificate Updater
2012-05-22
Johannes Ullrich
nmap 6 released
2012-05-21
Kevin Shortt
DNS ANY Request Cannon - Need More Packets
2012-05-17
Johannes Ullrich
New IPv6 Video: IPv6 Router Advertisements https://isc.sans.edu/ipv6videos
2012-05-16
Johannes Ullrich
Avira Antivirus false positives http://forum.avira.com/wbb/index.php?page=Thread&threadID=144875
2012-05-07
Guy Bruneau
iOS 5.1.1 Software Update for iPod, iPhone, iPad
2012-04-26
Richard Porter
Define Irony: A medical device with a Virus?
2012-04-21
Guy Bruneau
WordPress Release Security Update
2012-04-13
Daniel Wesemann
Anti-virus scanning exclusions
2012-03-16
Russ McRee
MS12-020 RDP vulnerabilities: Patch, Mitigate, Detect
2012-03-03
Jim Clausing
New automated sandbox for Android malware
2012-02-08
Jim Clausing
Chrome to stop checking Certificate Revocation List (CRL)?
2012-01-12
Rob VandenBrink
Stuff I Learned Scripting - Fun with STDERR
2012-01-05
Russ McRee
OpenSSL vulnerability fixes
2012-01-03
Bojan Zdrnja
The tale of obfuscated JavaScript continues
2011-12-25
Deborah Hale
Merry Christmas, Happy Holidays
2011-12-21
Chris Mohan
The off switch
2011-12-12
Daniel Wesemann
You won 100$ or a free iPad!
2011-12-08
Adrien de Beaupre
Microsoft Security Bulletin Advance Notification for December 2011
2011-12-01
Mark Hofman
SQL Injection Attack happening ATM
2011-11-11
Rick Wanner
APPLE-SA-2011-11-10-2 Time Capsule and AirPort Base Station (802.11n) Firmware 7.6 update
2011-11-10
Rob VandenBrink
Stuff I Learned Scripting - - Parsing XML in a One-Liner
2011-11-07
Rob VandenBrink
Stuff I Learned Scripting - Evaluating a Remote SSL Certificate
2011-11-03
Richard Porter
An Apple, Inc. Sandbox to play in.
2011-11-01
Russ McRee
Secure languages & frameworks
2011-10-29
Richard Porter
The Sub Critical Control? Evidence Collection
2011-10-28
Russ McRee
Critical Control 19: Data Recovery Capability
2011-10-28
Daniel Wesemann
Critical Control 20: Security Skills Assessment and Training to fill Gaps
2011-10-27
Mark Baggett
Critical Control 18: Incident Response Capabilities
2011-10-26
Rick Wanner
Critical Control 17:Penetration Tests and Red Team Exercises
2011-10-26
Rob VandenBrink
The Theoretical "SSL Renegotiation" Issue gets a Whole Lot More Real !
2011-10-25
Chris Mohan
Recurring reporting made easy?
2011-10-17
Rob VandenBrink
Critical Control 11: Account Monitoring and Control
2011-10-02
Mark Hofman
Cyber Security Awareness Month Day 1/2 - Schedule
2011-10-02
Mark Hofman
Cyber Security Awareness Month Day 1/2 - Introduction to the controls
2011-09-19
Guy Bruneau
MS Security Advisory Update - Fraudulent DigiNotar Certificates
2011-09-09
Guy Bruneau
Apple Certificate Trust Policy Update
2011-09-09
Guy Bruneau
Adobe Publish its List of Trusted Root Certificate - http://www.adobe.com/security/approved-trust-list.html
2011-09-08
Rob VandenBrink
When Good CA's go Bad: Other Things to Check in Your Datacenter
2011-09-05
Bojan Zdrnja
Bitcoin – crypto currency of future or heaven for criminals?
2011-08-26
Daniel Wesemann
User Agent 007
2011-08-24
Rob VandenBrink
Citrix Access Gateway Cross Site Scripting vulnerability and fix ==> http://support.citrix.com/article/CTX129971
2011-08-17
Rob VandenBrink
Putting all of Your Eggs in One Basket - or How NOT to do Layoffs
2011-08-16
Johannes Ullrich
What are the most dangerous web applications and how to secure them?
2011-08-15
Rob VandenBrink
8 Years since the Eastern Seaboard Blackout - Has it Been that Long?
2011-08-11
Guy Bruneau
BlackBerry Enterprise Server Critical Update
2011-08-04
Jim Clausing
Apple release Quicktime 7.7 fixes 14 CVEs, see http://support.apple.com/kb/HT1222
2011-07-30
Deborah Hale
Data Encryption Ban? Really?
2011-07-29
Richard Porter
Apple Lion talking on TCP 5223
2011-07-28
Johannes Ullrich
Announcing: The "404 Project"
2011-07-11
John Bambenek
Another Defense Contractor Hacked in AntiSec Hacktivism Spree
2011-07-05
Raul Siles
Helping Developers Understand Security - Spot the Vuln
2011-07-03
Deborah Hale
Business Continuation in the Face of Disaster
2011-06-22
Guy Bruneau
How Good is your Employee Termination Policy?
2011-06-21
Chris Mohan
StartSSL, a web authentication authority, suspend services after a security breach
2011-06-12
Mark Hofman
Cloud thoughts
2011-06-09
Richard Porter
One Browser to Rule them All?
2011-06-06
Johannes Ullrich
The Havij SQL Injection Tool
2011-06-02
Johannes Ullrich
Some Insight into Apple's Anti-Virus Signatures
2011-05-31
Johannes Ullrich
Apple Improving OS X Anti-Malware Feature
2011-05-30
Johannes Ullrich
Lockheed Martin and RSA Tokens
2011-05-19
Daniel Wesemann
Fake AV Bingo
2011-05-18
Bojan Zdrnja
Android, HTTP and authentication tokens
2011-05-12
Johannes Ullrich
ActiveX Flaw Affecting SCADA systems
2011-04-28
Chris Mohan
DSL Reports advise 9,000 accounts were compromised
2011-04-25
Rob VandenBrink
Sony PlayStation Network Outage - Day 5
2011-04-22
Manuel Humberto Santander Pelaez
In-house developed applications: The constant headache for the information security officer
2011-04-19
Bojan Zdrnja
SQL injection: why can’t we learn?
2011-04-03
Richard Porter
Extreme Disclosure? Not yet but a great trend!
2011-04-01
John Bambenek
LizaMoon Mass SQL-Injection Attack Infected at least 500k Websites
2011-03-17
Kevin Liston
So You Got an AV Alert. Now What?
2011-03-09
Kevin Shortt
AVG Anti-Virus 2011 False Positives - Luhe.Exploit.PDF.B
2011-03-07
Lorna Hutcheson
Call for Packets - Unassigned TCP Options
2011-03-01
Daniel Wesemann
AV software and "sharing samples"
2011-02-14
Lorna Hutcheson
Network Visualization
2011-02-08
Johannes Ullrich
Tippingpoint Releases Details on Unpatched Bugs
2011-02-05
Guy Bruneau
OpenSSH Legacy Certificate Information Disclosure Vulnerability
2011-02-04
Daniel Wesemann
Oh, just click "yes"
2011-01-25
Chris Mohan
Reviewing our preconceptions
2011-01-24
Rob VandenBrink
Where have all the COM Ports Gone? - How enumerating COM ports led to me finding a “misplaced” Microsoft tool
2011-01-18
Daniel Wesemann
Yet another rogue anti-virus
2011-01-12
Richard Porter
How Many Loyalty Cards do you Carry?
2011-01-12
Richard Porter
Yet Another Data Broker? AOL Lifestream.
2011-01-03
Johannes Ullrich
What Will Matter in 2011
2010-12-25
Manuel Humberto Santander Pelaez
An interesting vulnerability playground to learn application vulnerabilities
2010-12-18
Raul Siles
Where are the Wi-Fi Driver Vulnerabilities?
2010-12-15
Manuel Humberto Santander Pelaez
Vulnerability in the PDF distiller of the BlackBerry Attachment Service
2010-12-12
Raul Siles
New trend regarding web application vulnerabilities?
2010-12-12
Raul Siles
Apple Quickime 7.6.9 was released a few days ago (just in case you missed it): http://support.apple.com/kb/HT1222. Update all your web browser plugins!
2010-12-02
Kevin Johnson
SQL Injection: Wordpress 3.0.2 released
2010-11-24
Bojan Zdrnja
Privilege escalation 0-day in almost all Windows versions
2010-11-11
Daniel Wesemann
Fake AV scams via Skype Chat
2010-11-07
Adrien de Beaupre
Change your clocks?
2010-11-04
Johannes Ullrich
Microsoft Smart Screen False Positivies
2010-11-02
Johannes Ullrich
Limited Malicious Search Engine Poisoning for Election
2010-10-22
Manuel Humberto Santander Pelaez
Intypedia project
2010-10-04
Mark Hofman
Online Voting
2010-09-26
Daniel Wesemann
Egosurfing, the corporate way
2010-09-25
Rick Wanner
Guest Diary: Andrew Hunt - Visualizing the Hosting Patterns of Modern Cybercriminals
2010-09-21
Johannes Ullrich
Implementing two Factor Authentication on the Cheap
2010-08-30
Adrien de Beaupre
Apple QuickTime potential vulnerability/backdoor
2010-08-23
Manuel Humberto Santander Pelaez
Firefox plugins to perform penetration testing activities
2010-08-16
Raul Siles
The Seven Deadly Sins of Security Vulnerability Reporting
2010-08-16
Raul Siles
Blind Elephant: A New Web Application Fingerprinting Tool
2010-08-15
Manuel Humberto Santander Pelaez
Obfuscated SQL Injection attacks
2010-08-15
Manuel Humberto Santander Pelaez
Python to test web application security
2010-08-13
Guy Bruneau
QuickTime Security Updates
2010-08-13
Guy Bruneau
Shadowserver Binary Whitelisting Service
2010-08-03
Johannes Ullrich
When Lightning Strikes
2010-07-24
Manuel Humberto Santander Pelaez
Transmiting logon information unsecured in the network
2010-07-23
Mark Hofman
vBulletin vB 3.8.6 vulnerability
2010-07-18
Manuel Humberto Santander Pelaez
SAGAN: An open-source event correlation system - Part 1: Installation
2010-07-13
Jim Clausing
VMware Studio Security Update
2010-06-29
Johannes Ullrich
How to be a better spy: Cyber security lessons from the recent russian spy arrests
2010-06-27
Manuel Humberto Santander Pelaez
Study of clickjacking vulerabilities on popular sites
2010-06-18
Tom Liston
IMPORTANT INFORMATION: Distributed SSH Brute Force Attacks
2010-06-15
Manuel Humberto Santander Pelaez
TCP evasions for IDS/IPS
2010-06-15
Manuel Humberto Santander Pelaez
iPhone 4 Order Security Breach Exposes Private Information
2010-06-14
Manuel Humberto Santander Pelaez
Another way to get protection for application-level attacks
2010-06-14
Manuel Humberto Santander Pelaez
Rogue facebook application acting like a worm
2010-06-09
Deborah Hale
Mass Infection of IIS/ASP Sites
2010-06-07
Manuel Humberto Santander Pelaez
Software Restriction Policy to keep malware away
2010-06-06
Manuel Humberto Santander Pelaez
Nice OS X exploit tutorial
2010-05-26
Bojan Zdrnja
Malware modularization and AV detection evasion
2010-05-12
Rob VandenBrink
Adobe Shockwave Update
2010-05-04
Rick Wanner
SIFT review in the ISSA Toolsmith
2010-04-26
Raul Siles
Vulnerable Sites Database
2010-04-22
John Bambenek
Data Redaction: You're Doing it Wrong
2010-04-21
Guy Bruneau
McAfee DAT 5958 Update Issues
2010-04-21
Guy Bruneau
Google Chrome Security Update v4.1.249.1059 Released: http://googlechromereleases.blogspot.com/2010/04/stable-update-security-fixes.html
2010-04-20
Raul Siles
Are You Ready for a Transportation Collapse...?
2010-04-18
Guy Bruneau
Some NetSol hosted sites breached
2010-04-13
Adrien de Beaupre
Web App Testing Tools
2010-04-08
Bojan Zdrnja
JavaScript obfuscation in PDF: Sky is the limit
2010-04-06
Daniel Wesemann
Application Logs
2010-04-04
Mari Nichols
Financial Management of Cyber Risk
2010-04-02
Guy Bruneau
Firefox 3.6.3 fix for CVE-2010-1121 http://www.mozilla.org/security/announce/2010/mfsa2010-25.html
2010-04-02
Guy Bruneau
Security Advisory for ESX Service Console
2010-04-02
Guy Bruneau
Apple QuickTime and iTunes Security Update
2010-04-02
Guy Bruneau
Oracle Java SE and Java for Business Critical Patch Update Advisory
2010-03-30
Pedro Bueno
VMWare Security Advisories Out
2010-03-29
Adrien de Beaupre
OOB Update for Internet Explorer MS10-018
2010-03-27
Guy Bruneau
HP-UX Running NFS/ONCplus, Inadvertently Enabled NFS
2010-03-21
Scott Fendley
Skipfish - Web Application Security Tool
2010-03-10
Rob VandenBrink
Microsoft Security Advisory 981374 - Remote Code Execution Vulnerability for IE6 and IE7
2010-03-10
Rob VandenBrink
Microsoft re-release of KB973811 - attacks on Extended Protection for Authentication
2010-03-08
Raul Siles
Samurai WTF 0.8
2010-03-06
Tony Carothers
Integration and the Security of New Technologies
2010-03-05
Kyle Haugsness
Javascript obfuscators used in the wild
2010-02-22
Rob VandenBrink
New Risks in Penetration Testing
2010-02-21
Patrick Nolan
Looking for "more useful" malware information? Help develop the format.
2010-02-20
Mari Nichols
Is "Green IT" Defeating Security?
2010-02-17
Rob VandenBrink
Defining Clouds - " A Cloud by any Other Name Would be a Lot Less Confusing"
2010-02-15
Johannes Ullrich
Various Olympics Related Dangerous Google Searches
2010-02-11
Deborah Hale
Critical Update for AD RMS
2010-02-06
Guy Bruneau
LANDesk Management Gateway Vulnerability
2010-01-29
Adrien de Beaupre
Neo-legacy applications
2010-01-24
Pedro Bueno
Outdated client applications
2010-01-17
Rick Wanner
Buffer overflow in Quicktime
2010-01-14
Bojan Zdrnja
Rogue AV exploiting Haiti earthquake
2010-01-13
Johannes Ullrich
SMS Donations Advertised via Twitter
2010-01-12
Johannes Ullrich
Haiti Earthquake: Possible scams / malware
2009-12-19
Deborah Hale
Educationing Our Communities
2009-12-16
Rob VandenBrink
Beware the Attack of the Christmas Greeting Cards !
2009-12-14
Adrien de Beaupre
Anti-forensics, COFEE vs. DECAF
2009-12-07
Rob VandenBrink
Layer 2 Network Protections – reloaded!
2009-12-05
Guy Bruneau
Java JRE Buffer and Integer Overflow
2009-12-03
Mark Hofman
Avast false positives
2009-12-02
Rob VandenBrink
SPAM and Malware taking advantage of H1N1 concerns
2009-11-29
Patrick Nolan
A Cloudy Weekend
2009-11-25
Jim Clausing
Updates to my GREM Gold scripts and a new script
2009-11-13
Adrien de Beaupre
TLS & SSLv3 renegotiation vulnerability explained
2009-11-11
Rob VandenBrink
Layer 2 Network Protections against Man in the Middle Attacks
2009-11-02
Rob VandenBrink
Microsoft releases v1.02 of Enhanced Mitigation Evaluation Toolkit (EMET)
2009-10-30
Rob VandenBrink
New version of NIST 800-41, Firewalls and Firewall Policy Guidelines
2009-10-27
Rob VandenBrink
New VMware Desktop Products Released (Workstation, Fusion, ACE)
2009-10-20
Raul Siles
WASC 2008 Statistics
2009-10-09
Rob VandenBrink
THAWTE to discontinue free Email Certificate Services and Web of Trust Service
2009-10-04
Guy Bruneau
Samba Security Information Disclosure and DoS
2009-10-02
Stephen Hall
Cyber Security Awareness Month - Day 2 - Port 0
2009-09-25
Lenny Zeltser
Categories of Common Malware Traits
2009-09-17
Bojan Zdrnja
Why is Rogue/Fake AV so successful?
2009-09-16
Raul Siles
Review the security controls of your Web Applications... all them!
2009-09-12
Jim Clausing
Apple Updates
2009-09-07
Lorna Hutcheson
Encrypting Data
2009-09-05
Mark Hofman
Critical Infrastructure and dependencies
2009-09-04
Adrien de Beaupre
Fake anti-virus
2009-08-29
Guy Bruneau
Immunet Protect - Cloud and Community Malware Protection
2009-08-28
Adrien de Beaupre
WPA with TKIP done
2009-08-19
Daniel Wesemann
Checking your protection
2009-08-18
Deborah Hale
Website compromises - what's happening?
2009-08-13
Johannes Ullrich
CA eTrust update crashes systems
2009-08-13
Jim Clausing
Tools for extracting files from pcaps
2009-08-08
Guy Bruneau
XML Libraries Data Parsing Vulnerabilities
2009-08-01
Deborah Hale
Website Warnings
2009-07-31
Deborah Hale
Don't forget to tell your SysAdmin Thanks
2009-07-28
Adrien de Beaupre
YYAMCCBA
2009-07-27
Raul Siles
New Hacker Challenge: Prison Break - Breaking, Entering & Decoding
2009-07-26
Jim Clausing
New Volatility plugins
2009-07-23
John Bambenek
Missouri Passes Breach Notification Law: Gap Still Exists for Banking Account Information
2009-07-16
Bojan Zdrnja
OWC exploits used in SQL injection attacks
2009-07-13
Adrien de Beaupre
Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution
2009-07-13
Adrien de Beaupre
* Infocon raised to yellow for Excel Web Components ActiveX vulnerability
2009-07-12
Mari Nichols
CA Apologizes for False Positive
2009-07-11
Marcus Sachs
Imageshack
2009-07-10
Guy Bruneau
WordPress Fixes Multiple vulnerabilities
2009-06-30
Chris Carboni
Obfuscated Code
2009-06-30
Chris Carboni
De-Obfuscation Submissions
2009-06-27
Tony Carothers
New NIAP Strategy on the Horizon
2009-06-21
Bojan Zdrnja
Apache HTTP DoS tool mitigation
2009-06-16
John Bambenek
Iran Internet Blackout: Using Twitter for Operational Intelligence
2009-06-16
Bojan Zdrnja
Iranian hacktivism
2009-06-11
Rick Wanner
MIR-ROR Motile Incident Response - Respond Objectively Remediate
2009-06-11
Rick Wanner
WHO Declares Flu A(H1N1) a Pandemic
2009-06-02
Deborah Hale
Another Quicktime Update
2009-05-29
Lorna Hutcheson
VMWare Patches Released
2009-05-28
Jim Clausing
More new volatility plugins
2009-05-26
Jason Lam
A new Web application security blog
2009-05-20
Tom Liston
Web Toolz
2009-05-19
Bojan Zdrnja
Advanced blind SQL injection (with Oracle examples)
2009-05-15
Daniel Wesemann
Warranty void if seal shredded?
2009-05-09
Patrick Nolan
Shared SQL Injection Lessons Learned blog item
2009-04-24
John Bambenek
Data Leak Prevention: Proactive Security Requirements of Breach Notification Laws
2009-04-21
Bojan Zdrnja
Web application vulnerabilities
2009-04-07
Bojan Zdrnja
Advanced JavaScript obfuscation (or why signature scanning is a failure)
2009-03-26
Mark Hofman
Sanitising media
2009-03-22
Mari Nichols
Dealing with Security Challenges
2009-03-20
Stephen Hall
Making the most of your runbooks
2009-03-10
Swa Frantzen
TinyURL and security
2009-03-02
Swa Frantzen
Obama's leaked chopper blueprints: anything we can learn?
2009-03-01
Jim Clausing
Cool combination of tools
2009-02-14
Deborah Hale
Microsoft Time Sync Appears to Down
2009-02-12
Mark Hofman
Australian Bushfires
2009-02-11
Robert Danford
ProFTPd SQL Authentication Vulnerability exploit activity
2009-02-06
Adrien de Beaupre
Fake stimulus payments
2009-01-25
Rick Wanner
Twam?? Twammers?
2009-01-20
Adrien de Beaupre
Obamamania
2009-01-12
William Salusky
Web Application Firewalls (WAF) - Have you deployed WAF technology?
2009-01-02
Mark Hofman
Blocking access to MD5 signed certs
2008-12-12
Johannes Ullrich
MSIE 0-day Spreading Via SQL Injection
2008-12-04
Bojan Zdrnja
Finjan blocking access to isc.sans.org
2008-12-01
Jason Lam
Input filtering and escaping in SQL injection mitigation
2008-11-25
Andre Ludwig
The beginnings of a collaborative approach to IDS
2008-11-20
Jason Lam
Large quantity SQL Injection mitigation
2008-11-17
Jim Clausing
Finding stealth injected DLLs
2008-11-16
Maarten Van Horenbeeck
Detection of Trojan control channels
2008-11-02
Adrien de Beaupre
Daylight saving time
2008-09-29
Daniel Wesemann
ASPROX mutant
2008-09-22
Maarten Van Horenbeeck
Data exfiltration and the use of anonymity providers
2008-09-22
Jim Clausing
Lessons learned from the Palin (and other) account hijacks
2008-09-21
Mari Nichols
You still have time!
2008-09-20
Rick Wanner
New (to me) nmap Features
2008-09-15
donald smith
Fake antivirus 2009 and search engine results
2008-09-11
David Goldsmith
CookieMonster is coming to Pown (err, Town)
2008-09-09
Swa Frantzen
Apple updates iTunes+QuickTime
2008-09-08
Raul Siles
Quick Analysis of the 2007 Web Application Security Statistics
2008-09-07
Daniel Wesemann
Staying current, but not too current
2008-09-03
Daniel Wesemann
Static analysis of Shellcode - Part 2
2008-09-01
John Bambenek
The Number of Machines Controlled by Botnets Has Jumped 4x in Last 3 Months
2008-08-23
Mark Hofman
SQL injections - an update
2008-08-15
Jim Clausing
Another MS update that may have escaped notice
2008-08-15
Jim Clausing
WebEx ActiveX buffer overflow
2008-08-10
Stephen Hall
From lolly pops to afterglow
2008-08-08
Mark Hofman
More SQL Injections - very active right now
2008-08-03
Deborah Hale
Securing A Network - Lessons Learned
2008-08-02
Maarten Van Horenbeeck
A little of that human touch
2008-07-24
Bojan Zdrnja
What's brewing in Danmec's pot?
2008-07-22
Mari Nichols
‘Cold Boot’ Attack Utility Tools
2008-07-14
Daniel Wesemann
Obfuscated JavaScript Redux
2008-07-07
Scott Fendley
Microsoft Snapshot Viewer Security Advisory
2008-07-07
Pedro Bueno
Bad url classification
2008-06-30
Marcus Sachs
More SQL Injection with Fast Flux hosting
2008-06-25
Deborah Hale
Report of Coreflood.dr Infection
2008-06-24
Jason Lam
SQL Injection mitigation in ASP
2008-06-24
Jason Lam
Microsoft SQL Injection Prevention Strategy
2008-06-23
donald smith
Preventing SQL injection
2008-06-13
Johannes Ullrich
SQL Injection: More of the same
2008-06-13
Johannes Ullrich
Floods: More of the same (2)
2008-06-10
Swa Frantzen
Upgrade to QuickTime 7.5
2008-06-01
Mark Hofman
Free Yahoo email account! Sign me up, Ok well maybe not.
2008-05-29
Joel Esler
Creative Software AutoUpdate Engine ActiveX stack buffer overflow
2008-05-26
Marcus Sachs
Predictable Response
2008-05-23
Mike Poor
Cisco IOS Rootkit thoughts
2008-05-20
Raul Siles
List of malicious domains inserted through SQL injection
2008-05-17
Jim Clausing
Disaster donation scams continue
2008-04-24
donald smith
Hundreds of thousands of SQL injections
2008-04-16
Bojan Zdrnja
The 10.000 web sites infection mystery solved
2008-04-07
John Bambenek
HP USB Keys Shipped with Malware for your Proliant Server
2008-04-07
John Bambenek
Network Solutions Technical Difficulties? Enom too
2008-04-06
Daniel Wesemann
Advanced obfuscated JavaScript analysis
2008-04-03
Bojan Zdrnja
A bag of vulnerabilities (and fixes) in QuickTime
2008-04-03
Bojan Zdrnja
Mixed (VBScript and JavaScript) obfuscation
2008-03-29
Patrick Nolan
Two ITIL v3 Resources
2008-03-27
Maarten Van Horenbeeck
Guarding the guardians: a story of PGP key ring theft
2008-03-24
Maarten Van Horenbeeck
Overview of cyber attacks against Tibetan communities
2008-03-21
Maarten Van Horenbeeck
Cyber attacks against Tibetan communities
2008-03-14
Kevin Liston
2117966.net-- mass iframe injection
2008-03-12
Joel Esler
Don't use G-Archiver
2008-01-09
Bojan Zdrnja
Mass exploits with SQL Injection
2007-02-24
Jason Lam
Prepared Statements and SQL injections
2006-10-30
William Salusky
ToD - Configuration Management - maintaining security awareness
2006-09-29
Kevin Liston
A Report from the Field
2006-09-15
Swa Frantzen
MSIE DirectAnimation ActiveX 0-day update
2006-09-12
Swa Frantzen
Apple Quicktime 7.1.3 released
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Contact Us
Contact Us
About Us
Handlers
About Us
Slack Channel
Mastodon
Bluesky
X
Keep yourself informed with our
aggregate InfoSec news