Date Author Title
2024-09-24Johannes UllrichExploitation of RAISECOM Gateway Devices Vulnerability CVE-2024-7120
2024-07-16Guy BruneauWho You Gonna Call? AndroxGh0st Busters! [Guest Diary]
2023-12-20Guy BruneauHow to Protect your Webserver from Directory Enumeration Attack ? Apache2 [Guest Diary]
2023-12-16Xavier MertensAn Example of RocketMQ Exploit Scanner
2023-04-18Johannes UllrichUDDIs are back? Attackers rediscovering old exploits.
2023-03-16Xavier MertensSimple Shellcode Dissection
2022-12-22Guy BruneauExchange OWASSRF Exploited for Remote Code Execution
2022-08-03Johannes Ullrichl9explore and LeakIX Internet wide recon scans.
2022-06-10Russ McReeEPSScall: An Exploit Prediction Scoring System App
2022-05-31Xavier MertensFirst Exploitation of Follina Seen in the Wild
2022-05-07Guy BruneauPhishing PDF Received in my ISC Mailbox
2022-03-31Johannes UllrichSpring Vulnerability Update - Exploitation Attempts CVE-2022-22965
2022-02-22Xavier MertensA Good Old Equation Editor Vulnerability Delivering Malware
2022-02-01Xavier MertensAutomation is Nice But Don't Replace Your Knowledge
2022-01-25Bojan ZdrnjaLocal privilege escalation vulnerability in polkit's pkexec (CVE-2021-4034)
2021-11-26Guy BruneauSearching for Exposed ASUS Routers Vulnerable to CVE-2021-20090
2021-11-20Guy BruneauHikvision Security Cameras Potentially Exposed to Remote Code Execution
2021-10-30Guy BruneauRemote Desktop Protocol (RDP) Discovery
2021-10-16Guy BruneauApache is Actively Scan for CVE-2021-41773 & CVE-2021-42013
2021-10-09Guy BruneauScanning for Previous Oracle WebLogic Vulnerabilities
2021-06-26Guy BruneauCVE-2019-9670: Zimbra Collaboration Suite XXE vulnerability
2021-06-12Guy BruneauFortinet Targeted for Unpatched SSL VPN Discovery Activity
2021-06-11Xavier MertensSonicwall SRA 4600 Targeted By an Old Vulnerability
2021-05-30Didier StevensSysinternals: Procmon, Sysmon, TcpView and Process Explorer update
2021-03-10Rob VandenBrinkSharpRDP - PSExec without PSExec, PSRemoting without PowerShell
2021-01-15Brad DuncanThrowback Friday: An Example of Rig Exploit Kit
2021-01-02Guy BruneauProtecting Home Office and Enterprise in 2021
2020-11-05Xavier MertensDid You Spot "Invoke-Expression"?
2020-08-22Guy BruneauRemote Desktop (TCP/3389) and Telnet (TCP/23), What might they have in Common?
2020-08-08Guy BruneauScanning Activity Include Netcat Listener
2020-07-19Guy BruneauScanning Activity for ZeroShell Unauthenticated Access
2020-07-11Guy BruneauVMware XPC Client validation privilege escalation vulnerability - https://www.vmware.com/security/advisories/VMSA-2020-0017.html
2020-07-11Guy BruneauScanning Home Internet Facing Devices to Exploit
2020-05-16Guy BruneauScanning for Outlook Web Access (OWA) & Microsoft Exchange Control Panel (ECP)
2020-03-03Johannes UllrichIntroduction to EvtxEcmd (Evtx Explorer)
2019-10-20Guy BruneauScanning Activity for NVMS-9000 Digital Video Recorder
2019-09-07Guy BruneauUnidentified Scanning Activity
2019-06-25Brad DuncanRig Exploit Kit sends Pitou.B Trojan
2019-06-17Brad DuncanAn infection from Rig exploit kit
2019-04-27Didier StevensQuick Tip for Dissecting CVE-2017-11882 Exploits
2019-04-22Didier Stevens.rar Files and ACE Exploit CVE-2018-20250
2019-02-02Guy BruneauScanning for WebDAV PROPFIND Exploiting CVE-2017-7269
2018-12-23Guy BruneauScanning Activity, end Goal is to add Hosts to Mirai Botnet
2018-12-19Xavier MertensMicrosoft OOB Patch for Internet Explorer: Scripting Engine Memory Corruption Vulnerability
2018-11-23Didier StevensVideo: Dissecting a CVE-2017-11882 Exploit
2018-09-24Didier StevensAnalyzing Encoded Shellcode with scdbg
2018-07-04Didier StevensXPS Metadata
2018-07-03Didier StevensProgress indication for scripts on Windows
2018-07-01Didier StevensVideo: Analyzing XPS Files
2018-06-30Didier StevensXPS samples
2018-06-26Didier StevensAnalyzing XPS files
2018-06-22Lorna HutchesonXPS Attachment Used for Phishing
2018-06-05Xavier MertensMalicious Post-Exploitation Batch File
2018-05-20Didier StevensDASAN GPON home routers exploits in-the-wild
2018-05-03Renato MarinhoWebLogic Exploited in the Wild (Again)
2017-09-30Lorna HutchesonWho's Borrowing your Resources?
2017-09-25Renato MarinhoXPCTRA Malware Steals Banking and Digital Wallet User's Credentials
2017-09-10Didier StevensAnalyzing JPEG files
2017-08-18Guy Bruneautshark 2.4 New Feature - Command Line Export Objects
2017-02-25Guy BruneauUnpatched Microsoft Edge and IE Bug
2017-01-07Xavier MertensUsing Security Tools to Compromize a Network
2016-12-11Russ McReeSteganography in Action: Image Steganography & StegExpose
2016-04-21Daniel WesemannDecoding Pseudo-Darkleech (#1)
2016-03-13Guy BruneauA Look at the Mandiant M-Trends 2016 Report
2015-08-18Russ McReeMicrosoft Security Bulletin MS15-093 - Critical OOB - Internet Explorer RCE
2015-07-27Daniel WesemannAngler's best friends
2015-07-17Didier StevensProcess Explorer and VirusTotal
2015-06-27Guy BruneauIs Windows XP still around in your Network a year after Support Ended?
2015-03-10Brad DuncanThreatglass has pcap files with exploit kit activity
2015-02-04Alex StanfordExploit Kit Evolution - Neutrino
2014-08-16Lenny ZeltserWeb Server Attack Investigation - Installing a Bot and Reverse Shell via a PHP Vulnerability
2014-07-22Daniel WesemannIvan's Order of Magnitude
2014-07-05Guy BruneauJava Support ends for Windows XP
2014-03-04Daniel WesemannXPired!
2014-02-28Daniel WesemannFiesta!
2014-02-13Johannes UllrichLinksys Worm ("TheMoon") Captured
2014-02-12Johannes UllrichSuspected Mass Exploit Against Linksys E1000 / E1200 Routers
2014-02-09Basil Alawi S.TaherMandiant Highlighter 2
2014-02-07Rob VandenBrinkHello Virustotal? It's Microsoft Calling.
2014-01-04Tom WebbMonitoring Windows Networks Using Syslog (Part One)
2013-11-28Rob VandenBrinkMicrosoft Security Advisory (2914486): Vulnerability in Microsoft Windows Kernel 0 day exploit in wild
2013-10-30Russ McReeSIR v15: Five good reasons to leave Windows XP behind
2013-10-01John Bambenek*Metaspoit Releases Module to Exploit Unpatched IE Vuln CVE-2013-3893
2013-09-20Russ McReeThreat Level Yellow: Protection recommendations regarding Internet Explorer exploits in the wild
2013-09-17John BambenekMicrosoft Releases Out-of-Band Advisory for all Versions of Internet Explorer
2013-08-02Johannes UllrichFake American Express Alerts
2013-07-21Guy BruneauWhy use Regular Expressions?
2013-05-22Adrien de BeauprePrivilege escalation, why should I care?
2013-05-09Johannes UllrichMicrosoft released a Fix-it for the Internet Explorer 8 Vulnerability http://support.microsoft.com/kb/2847140
2013-04-17John BambenekUPDATEDx1: Boston-Related Malware Campaigns Have Begun - Now with Waco Plant Explosion Fun
2013-02-21Pedro BuenoNBC site redirecting to Exploit kit
2013-02-17Guy BruneauAdobe Acrobat and Reader Security Update Planned this Week
2013-02-13Swa FrantzenMore adobe reader and acrobat (PDF) trouble
2013-02-06Adam SwangerSysinternals in particular Process Explorer update https://blogs.technet.com/b/sysinternals/?Redirected=true
2013-01-05Guy BruneauAdobe ColdFusion Security Advisory
2013-01-04Guy Bruneau"FixIt" Patch for CVE-2012-4792 Bypassed
2013-01-02Russ McReeEMET 3.5: The Value of Looking Through an Attacker's Eyes
2013-01-01Johannes UllrichFixIt Available for Internet Explorer Vulnerability
2012-12-10Johannes UllrichYour CPA License has not been revoked
2012-12-02Guy BruneauZero Day MySQL Buffer Overflow
2012-08-05Daniel WesemannPhishing for Payroll with unpatched Java
2012-07-19Mark BaggettA Heap of Overflows?
2012-06-18Guy BruneauCVE-2012-1875 exploit is now available
2012-05-05Tony CarothersVulnerability Exploit for Snow Leopard
2012-04-26Richard PorterPacketstorm Security and Metasploit have Exploit code for MS12-027
2012-03-11Johannes UllrichAn Analysis of Jester's QR Code Attack. (Guest Diary)
2012-01-13Guy BruneauSysinternals Updates - http://blogs.technet.com/b/sysinternals/archive/2012/01/13/updates-autoruns-v11-21-coreinfo-v3-03-portmon-v-3-03-process-explorer-v15-12-mark-s-blog-and-mark-at-rsa-2012.aspx
2011-12-19Guy BruneauProcess Explorer Update 15.11 with bugfixes - http://technet.microsoft.com/en-us/sysinternals/bb896653
2011-12-08Adrien de BeaupreNewest Adobe Flash 11.1.102.55 and Previous 0 Day Exploit
2011-12-06Pedro BuenoThe RedRet connection...
2011-11-22Pedro BuenoUpdates on ZeroAccess and BlackHole front...
2011-10-13Johannes UllrichCritical OS X Vulnerability Patched
2011-05-06Richard PorterUpdated Exploit Index for Microsoft
2011-03-29Daniel WesemannMalware emails with fake cellphone invoice
2011-03-15Lenny ZeltserLimiting Exploit Capabilities by Using Windows Integrity Levels
2011-03-09Kevin ShorttAVG Anti-Virus 2011 False Positives - Luhe.Exploit.PDF.B
2011-02-21Adrien de BeaupreWinamp forums compromised
2011-02-16Jason LamWindows 0-day SMB mrxsmb.dll vulnerability
2011-01-27Robert DanfordMicrosoft Security Advisory for MHTML via Internet Explorer (MS2501696/CVE-2011-0096)
2011-01-05Johannes UllrichCurrently Unpatched Windows / Internet Explorer Vulnerabilities
2010-12-27Johannes UllrichVarious sites "Owned and Exposed"
2010-12-13Deborah HaleThe Week to Top All Weeks
2010-12-02Kevin JohnsonProFTPD distribution servers compromised
2010-11-01Manuel Humberto Santander PelaezCVE-2010-3654 exploit in the wild
2010-09-26Daniel WesemannPDF analysis paper
2010-09-14Adrien de BeaupreAdobe Flash v10.1.82.76 and earlier vulnerability in-the-wild
2010-09-13Manuel Humberto Santander Pelaez Enhanced Mitigation Experience Toolkit can block Adobe 0-day exploit
2010-09-13Manuel Humberto Santander PelaezAdobe SING table parsing exploit (CVE-2010-2883) in the wild
2010-09-02Daniel WesemannSDF, please!
2010-08-22Manuel Humberto Santander PelaezAnatomy of a PDF exploit
2010-08-15Manuel Humberto Santander PelaezOpensolaris project cancelled, replaced by Solaris 11 express
2010-06-15Manuel Humberto Santander PelaeziPhone 4 Order Security Breach Exposes Private Information
2010-06-15Manuel Humberto Santander PelaezMicrosoft Windows Help and Support Center vulnerability (CVE 2010-1885) exploit in the wild
2010-06-06Manuel Humberto Santander PelaezNice OS X exploit tutorial
2010-05-23Manuel Humberto Santander PelaezOracle Java SE and Java for Business 'MixerSequencer' Remote Code Execution Vulnerability
2010-04-10Andre LudwigNew bug/exploit for javaws
2010-03-10Rob VandenBrinkMicrosoft re-release of KB973811 - attacks on Extended Protection for Authentication
2010-03-01Mark HofmanMicrosoft will drop support for Vista (without any Service Packs) on April 13 and support for XP SP2 ends July 13. (i.e. no more security updates). If you are still running these, it it time to update.
2010-02-08Adrien de BeaupreWhen is a 0day not a 0day? Fake OpenSSh exploit, again.
2010-02-03Johannes UllrichInformation Disclosure Vulnerability in Internet Explorer
2010-01-24Pedro BuenoOutdated client applications
2010-01-19Johannes UllrichUnpatched Microsoft Windows (all versions) Privilege Escalation Vulnerability Released
2010-01-14Bojan Zdrnja0-day vulnerability in Internet Explorer 6, 7 and 8
2010-01-12Adrien de BeauprePoC for CVE-2009-0689 MacOS X 10.5/10.6 vulnerability
2009-12-05Guy BruneauJava JRE Buffer and Integer Overflow
2009-11-25Jim ClausingTool updates
2009-11-24Rick WannerMicrosoft Security Advisory 977981 - IE 6 and IE 7
2009-11-16G. N. WhiteReports of a successful exploit of the SSL Renegotiation Vulnerability?
2009-11-14Adrien de BeaupreMicrosoft advisory for Windows 7 / Windows Server 2008 R2 Remote SMB DoS Exploit released
2009-11-12Rob VandenBrinkWindows 7 / Windows Server 2008 Remote SMB Exploit
2009-10-21Pedro BuenoWordPress Hardening
2009-09-16Bojan ZdrnjaSMB2 remote exploit released
2009-08-31Pedro BuenoMicrosoft IIS 5/6 FTP 0Day released
2009-08-18Bojan ZdrnjaMS09-039 exploit in the wild?
2009-07-16Bojan ZdrnjaOWC exploits used in SQL injection attacks
2009-07-15Bojan ZdrnjaMake sure you update that Java
2009-07-13Adrien de Beaupre* Infocon raised to yellow for Excel Web Components ActiveX vulnerability
2009-07-10Guy BruneauWordPress Fixes Multiple vulnerabilities
2009-07-09Bojan ZdrnjaOpenSSH 0day FUD
2009-06-12Adrien de BeaupreGreen Dam
2009-06-08Chris CarboniKloxo (formerly Lxadmin) Vulnerability Exploited
2009-05-06Tom ListonFollow The Bouncing Malware: Gone With the WINS
2009-04-24Pedro BuenoDid you check your conference goodies?
2009-04-14Swa FrantzenVMware exploits - just how bad is it ?
2009-03-19Mark HofmanBrowsers Tumble at CanSecWest
2009-03-18Adrien de BeaupreAdobe Security Bulletin Adobe Reader and Acrobat
2009-02-25Andre LudwigAdobe Acrobat pdf 0-day exploit, No JavaScript needed!
2009-02-25Andre LudwigPreview/Iphone/Linux pdf issues
2008-12-17donald smithInternet Explorer 960714 is released
2008-12-10Bojan Zdrnja0-day exploit for Internet Explorer in the wild
2008-08-26John BambenekActive attacks using stolen SSH keys (UPDATED)
2008-05-17Lorna HutchesonXP SP3 Issues
2008-05-07Jim ClausingMore on automated exploit generation
2008-05-06John BambenekWindows XP Service Pack 3 Released
2008-05-05John BambenekDefenses Against Automated Patch-Based Exploit Generation
2008-05-01Adrien de BeaupreWindows XP SteadyState
2008-04-29Bojan ZdrnjaWindows Service Pack blocker tool
2008-04-24Maarten Van HorenbeeckTargeted attacks using malicious PDF files
2008-04-22donald smithXP SP3 RC2 Available
2008-04-18John BambenekThe Patch Window is Gone: Automated Patch-Based Exploit Generation
2008-04-16William StearnsWindows XP Service Pack 3 - unofficial schedule: Apr 21-28
2008-04-10Deborah HaleSymantec Threatcon Level 2
2006-11-20Joel EslerMS06-070 Remote Exploit