COMMAND AND CONTROL CHANNEL |
| 2016-07-26 | Johannes Ullrich | Command and Control Channels Using "AAAA" DNS Records |
COMMAND |
| 2021-02-13/a> | Guy Bruneau | vSphere Replication updates address a command injection vulnerability (CVE-2021-21976) - https://www.vmware.com/security/advisories/VMSA-2021-0001.html |
| 2021-02-05/a> | Xavier Mertens | VBA Macro Trying to Alter the Application Menus |
| 2020-02-14/a> | Xavier Mertens | Keep an Eye on Command-Line Browsers |
| 2019-07-16/a> | Russ McRee | Commando VM: The Complete Mandiant Offensive VM |
| 2018-07-30/a> | Xavier Mertens | Exploiting the Power of Curl |
| 2018-05-02/a> | Russ McRee | Windows Commands Reference - An InfoSec Must Have |
| 2016-07-26/a> | Johannes Ullrich | Command and Control Channels Using "AAAA" DNS Records |
| 2016-04-15/a> | Xavier Mertens | Windows Command Line Persistence? |
| 2015-10-12/a> | Guy Bruneau | Critical Vulnerability in Multiple Cisco Products - Apache Struts 2 Command Execution http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2 |
| 2013-02-17/a> | Guy Bruneau | HP ArcSight Connector Appliance and Logger Vulnerabilities |
| 2010-02-06/a> | Guy Bruneau | LANDesk Management Gateway Vulnerability |
| 2010-01-27/a> | Raul Siles | Command Line Kung Fu |
AND |
| 2021-04-02/a> | Xavier Mertens | C2 Activity: Sandboxes or Real Victims? |
| 2021-03-26/a> | Guy Bruneau | Malware Analysis with elastic-agent and Microsoft Sandbox |
| 2021-02-13/a> | Guy Bruneau | vSphere Replication updates address a command injection vulnerability (CVE-2021-21976) - https://www.vmware.com/security/advisories/VMSA-2021-0001.html |
| 2021-02-05/a> | Xavier Mertens | VBA Macro Trying to Alter the Application Menus |
| 2020-09-16/a> | Johannes Ullrich | Do Vulnerabilities Ever Get Old? Recent "Mirai" Variant Scanning for 20 Year Old Amanda Version? |
| 2020-09-03/a> | Xavier Mertens | Sandbox Evasion Using NTP |
| 2020-04-16/a> | Johannes Ullrich | Using AppLocker to Prevent Living off the Land Attacks |
| 2020-02-14/a> | Xavier Mertens | Keep an Eye on Command-Line Browsers |
| 2020-02-07/a> | Xavier Mertens | Sandbox Detection Tricks & Nice Obfuscation in a Single VBScript |
| 2019-07-16/a> | Russ McRee | Commando VM: The Complete Mandiant Offensive VM |
| 2019-01-10/a> | Brad Duncan | Heartbreaking Emails: "Love You" Malspam |
| 2018-08-01/a> | Johannes Ullrich | When Cameras and Routers attack Phones. Spike in CVE-2014-8361 Exploits Against Port 52869 |
| 2018-07-30/a> | Xavier Mertens | Exploiting the Power of Curl |
| 2018-07-24/a> | Brad Duncan | Recent Emotet activity |
| 2018-05-02/a> | Russ McRee | Windows Commands Reference - An InfoSec Must Have |
| 2018-02-07/a> | Brad Duncan | GandCrab Ransomware: Now Coming From Malspam |
| 2017-01-06/a> | John Bambenek | Great Misadventures of Security Vendors: Absurd Sandboxing Edition |
| 2017-01-05/a> | John Bambenek | New Year's Resolution: Build Your Own Malware Lab? |
| 2016-12-10/a> | Didier Stevens | Sleeping VBS Really Wants To Sleep |
| 2016-07-26/a> | Johannes Ullrich | Command and Control Channels Using "AAAA" DNS Records |
| 2016-06-22/a> | Bojan Zdrnja | Security through obscurity never works |
| 2016-05-02/a> | Rick Wanner | Fake Chrome update for Android |
| 2016-04-15/a> | Xavier Mertens | Windows Command Line Persistence? |
| 2015-12-16/a> | Xavier Mertens | Playing With Sandboxes Like a Boss |
| 2015-12-05/a> | Guy Bruneau | Are you looking to setup your own Malware Sandbox? |
| 2015-12-04/a> | Tom Webb | Automating Phishing Analysis using BRO |
| 2015-10-12/a> | Guy Bruneau | Critical Vulnerability in Multiple Cisco Products - Apache Struts 2 Command Execution http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2 |
| 2015-07-28/a> | Rick Wanner | Android Stagefright multimedia viewer prone to remote exploitation |
| 2015-04-27/a> | Richard Porter | When Prevention Fails, Incident Response Begins |
| 2014-09-12/a> | Chris Mohan | Are credential dumps worth reviewing? |
| 2014-08-12/a> | Adrien de Beaupre | Host discovery with nmap |
| 2014-08-04/a> | Russ McRee | Threats & Indicators: A Security Intelligence Lifecycle |
| 2014-05-01/a> | Johannes Ullrich | Microsoft Announces Special Patch for IE 0-day (Win XP included!) |
| 2014-04-26/a> | Guy Bruneau | Android Users - Beware of Bitcoin Mining Malware |
| 2014-04-05/a> | Jim Clausing | Those strange e-mails with URLs in them can lead to Android malware |
| 2014-04-01/a> | Basil Alawi S.Taher | Upgrading Your Android, Elevating My Malware |
| 2014-03-11/a> | Basil Alawi S.Taher | Introduction to Memory Analysis with Mandiant Redline |
| 2014-02-10/a> | Rob VandenBrink | Isn't it About Time to Get Moving on Chip and PIN? |
| 2014-02-07/a> | Rob VandenBrink | New ISO Standards on Vulnerability Handling and Disclosure |
| 2014-01-23/a> | Chris Mohan | Learning from the breaches that happens to others Part 2 |
| 2013-12-05/a> | Mark Hofman | Updated Standards Part 1 - ISO 27001 |
| 2013-09-23/a> | Rob VandenBrink | How do you spell "PSK"? |
| 2013-02-22/a> | Chris Mohan | PHP 5.4.12 and PHP 5.3.22 released http://www.php.net/ChangeLog-5.php |
| 2013-02-17/a> | Guy Bruneau | HP ArcSight Connector Appliance and Logger Vulnerabilities |
| 2013-01-30/a> | Richard Porter | Getting Involved with the Local Community |
| 2013-01-14/a> | Richard Porter | January 2013 Microsoft Out of Cycle Patch |
| 2013-01-08/a> | Jim Clausing | Cuckoo 0.5 is out and the world didn't end |
| 2012-12-13/a> | Johannes Ullrich | What if Tomorrow Was the Day? |
| 2012-10-24/a> | Russ McRee | Cyber Security Awareness Month - Day 24 - A Standard for Information Security Incident Management - ISO 27035 |
| 2012-10-23/a> | Rob VandenBrink | Cyber Security Awareness Month - Day 23: Character Encoding Standards - ASCII and Successors |
| 2012-10-17/a> | Rob VandenBrink | Cyber Security Awareness Month - Day 17 - A Standard for Risk Management - ISO 27005 |
| 2012-10-12/a> | Mark Hofman | Cyber Security Awareness Month - Day 12 PCI DSS |
| 2012-10-11/a> | Rob VandenBrink | Cyber Security Awareness Month - Day 11 - Vendor Agnostic Standards (Center for Internet Security) |
| 2012-10-09/a> | Johannes Ullrich | Cyber Security Awreness Month - Day 9 - Request for Comment (RFC) |
| 2012-05-18/a> | Johannes Ullrich | ZTE Score M Android Phone backdoor |
| 2012-04-23/a> | Russ McRee | Emergency Operations Centers & Security Incident Management: A Correlation |
| 2012-03-03/a> | Jim Clausing | New automated sandbox for Android malware |
| 2011-11-03/a> | Richard Porter | An Apple, Inc. Sandbox to play in. |
| 2011-11-01/a> | Russ McRee | Honeynet Project: Android Reverse Engineering (A.R.E.) Virtual Machine released |
| 2011-10-29/a> | Richard Porter | The Sub Critical Control? Evidence Collection |
| 2011-09-15/a> | Johannes Ullrich | SSH Vandals? |
| 2011-09-07/a> | Lenny Zeltser | Analyzing Mobile Device Malware - Honeynet Forensic Challenge 9 and Some Tools |
| 2011-05-18/a> | Bojan Zdrnja | Android, HTTP and authentication tokens |
| 2011-03-22/a> | Chris Mohan | Read only USB stick trick |
| 2011-03-03/a> | Manuel Humberto Santander Pelaez | Rogue apps inside Android Marketplace |
| 2011-01-08/a> | Guy Bruneau | PandaLabs 2010 Annual Report |
| 2010-12-31/a> | Bojan Zdrnja | Android malware enters 2011 |
| 2010-11-19/a> | Jason Lam | Adobe Reader X - Sandbox |
| 2010-10-19/a> | Rob VandenBrink | Cyber Security Awareness Month - Day 19 - VPN and Remote Access Tools |
| 2010-08-04/a> | Tom Liston | Incident Reporting - Liston's "How-To" Guide |
| 2010-07-25/a> | Rick Wanner | Updated version of Mandiant's Web Historian |
| 2010-07-21/a> | Adrien de Beaupre | Adobe Reader Protected Mode |
| 2010-02-07/a> | Rick Wanner | Mandiant Mtrends Report |
| 2010-02-06/a> | Guy Bruneau | LANDesk Management Gateway Vulnerability |
| 2010-01-27/a> | Raul Siles | Command Line Kung Fu |
| 2010-01-21/a> | Chris Carboni | * Microsoft Out Of Band Patch Release |
| 2010-01-11/a> | Johannes Ullrich | Fake Android Application |
| 2009-07-24/a> | Rick Wanner | Microsoft Out of Band Patch |
| 2009-06-11/a> | Rick Wanner | WHO Declares Flu A(H1N1) a Pandemic |
| 2009-05-19/a> | Rick Wanner | New Version of Mandiant Highlighter |
| 2009-05-01/a> | Adrien de Beaupre | Incident Management |
| 2009-04-26/a> | Johannes Ullrich | Pandemic Preparation - Swine Flu |
| 2009-04-16/a> | Adrien de Beaupre | Incident Response vs. Incident Handling |
| 2009-04-07/a> | Johannes Ullrich | Common Apache Misconception |
| 2009-02-05/a> | Rick Wanner | Mandiant Memoryze review, Hilighter, other Mandiant tools! |
| 2008-11-25/a> | Andre Ludwig | Tmobile G1 handsets having DNS problems? |
| 2008-10-29/a> | Deborah Hale | Day 29 - Should I Switch Software Vendors? |
| 2008-10-23/a> | Mark Hofman | Microsoft out-of-band patch - Severity Critical |
| 2008-09-09/a> | Swa Frantzen | wordpress upgrade |
| 2008-08-09/a> | Deborah Hale | Cleveland Outage |
CONTROL |
| 2019-10-19/a> | Russell Eubanks | What Assumptions Are You Making? |
| 2019-07-25/a> | Rob VandenBrink | When Users Attack! Users (and Admins) Thwarting Security Controls |
| 2019-07-18/a> | Rob VandenBrink | The Other Side of Critical Control 1: 802.1x Wired Network Access Controls |
| 2017-07-24/a> | Russell Eubanks | Trends Over Time |
| 2017-06-10/a> | Russell Eubanks | An Occasional Look in the Rear View Mirror |
| 2016-11-23/a> | Tom Webb | Mapping Attack Methodology to Controls |
| 2016-10-08/a> | Russell Eubanks | Unauthorized Change Detected! |
| 2016-07-26/a> | Johannes Ullrich | Command and Control Channels Using "AAAA" DNS Records |
| 2015-12-21/a> | Daniel Wesemann | Critical Security Controls: Getting to know the unknown |
| 2015-11-04/a> | Richard Porter | Application Aware and Critical Control 2 |
| 2015-05-29/a> | Russell Eubanks | Trust But Verify |
| 2014-10-13/a> | Lorna Hutcheson | For or Against: Port Security for Network Access Control |
| 2014-08-17/a> | Rick Wanner | Part 2: Is your home network unwittingly contributing to NTP DDOS attacks? |
| 2014-07-28/a> | Guy Bruneau | Management and Control of Mobile Device Security |
| 2014-06-11/a> | Daniel Wesemann | Help your pilot fly! |
| 2014-02-10/a> | Rob VandenBrink | A Tale of Two Admins (and no Change Control) |
| 2013-09-02/a> | Guy Bruneau | Multiple Cisco Security Notice |
| 2013-03-13/a> | Mark Baggett | Wipe the drive! Stealthy Malware Persistence Mechanism - Part 1 |
| 2012-12-31/a> | Manuel Humberto Santander Pelaez | How to determine which NAC solutions fits best to your needs |
| 2012-11-23/a> | Rob VandenBrink | What's in Your Change Control Form? |
| 2011-11-03/a> | Richard Porter | An Apple, Inc. Sandbox to play in. |
| 2011-10-29/a> | Richard Porter | The Sub Critical Control? Evidence Collection |
| 2011-10-28/a> | Daniel Wesemann | Critical Control 20: Security Skills Assessment and Training to fill Gaps |
| 2011-10-27/a> | Mark Baggett | Critical Control 18: Incident Response Capabilities |
| 2011-10-26/a> | Rick Wanner | Critical Control 17:Penetration Tests and Red Team Exercises |
| 2011-10-17/a> | Rob VandenBrink | Critical Control 11: Account Monitoring and Control |
| 2010-08-22/a> | Rick Wanner | Failure of controls...Spanair crash caused by a Trojan |
| 2010-08-19/a> | Rob VandenBrink | Change is Good. Change is Bad. Change is Life. |
| 2010-08-05/a> | Rob VandenBrink | Access Controls for Network Infrastructure |
| 2010-06-14/a> | Manuel Humberto Santander Pelaez | Python on a microcontroller? |
| 2010-06-07/a> | Manuel Humberto Santander Pelaez | Software Restriction Policy to keep malware away |
| 2009-10-22/a> | Adrien de Beaupre | Cyber Security Awareness Month - Day 22 port 502 TCP - Modbus |
CHANNEL |
| 2016-07-26/a> | Johannes Ullrich | Command and Control Channels Using "AAAA" DNS Records |
| 2013-08-21/a> | Rob VandenBrink | Fibre Channel Reconnaissance - Reloaded |
