Internet Storm Center
Sign In
Sign Up
Handler on Duty:
Didier Stevens
Threat Level:
green
Date
Author
Title
DO NOT TRACK
2012-05-22
Johannes Ullrich
The "Do Not Track" header
DO
2024-11-17/a>
Johannes Ullrich
Ancient TP-Link Backdoor Discovered by Attackers
2024-10-02/a>
Jim Clausing
Security related Docker containers
2024-09-25/a>
Johannes Ullrich
DNS Reflection Update and Odd Corrupted DNS Requests
2024-08-19/a>
Xavier Mertens
Do you Like Donuts? Here is a Donut Shellcode Delivered Through PowerShell/Python
2024-07-30/a>
Johannes Ullrich
Apple Patches Everything. July 2024 Edition
2024-04-29/a>
Guy Bruneau
Linux Trojan - Xorddos with Filename eyshcjdmzg
2024-04-22/a>
Jan Kopriva
It appears that the number of industrial devices accessible from the internet has risen by 30 thousand over the past three years
2024-04-01/a>
Bojan Zdrnja
The amazingly scary xz sshd backdoor
2024-03-29/a>
Xavier Mertens
Quick Forensics Analysis of Apache logs
2024-03-05/a>
Johannes Ullrich
Apple Releases iOS/iPadOS Updates with Zero Day Fixes.
2024-02-27/a>
Johannes Ullrich
Take Downs and the Rest of Us: Do they matter?
2024-01-22/a>
Johannes Ullrich
Apple Updates Everything - New 0 Day in WebKit
2023-12-31/a>
Tom Webb
Pi-Hole Pi4 Docker Deployment
2023-12-11/a>
Johannes Ullrich
Apple Patches Everything
2023-11-09/a>
Guy Bruneau
Routers Targeted for Gafgyt Botnet [Guest Diary]
2023-10-25/a>
Johannes Ullrich
Apple Patches Everything. Releases iOS 17.1, MacOS 14.1 and updates for older versions fixing exploited vulnerability
2023-10-15/a>
Guy Bruneau
Domain Name Used as Password Captured by DShield Sensor
2023-10-09/a>
Didier Stevens
ZIP's DOSTIME & DOSDATE Formats
2023-09-30/a>
Xavier Mertens
Simple Netcat Backdoor in Python Script
2023-08-23/a>
Xavier Mertens
More Exotic Excel Files Dropping AgentTesla
2023-08-12/a>
Guy Bruneau
DShield Sensor Monitoring with a Docker ELK Stack [Guest Diary]
2023-08-11/a>
Xavier Mertens
Show me All Your Windows!
2023-08-01/a>
Johannes Ullrich
Summary of DNS over HTTPS requests against our honeypots.
2023-07-07/a>
Xavier Mertens
DSSuite (Didier's Toolbox) Docker Image Update
2023-06-29/a>
Brad Duncan
GuLoader- or DBatLoader/ModiLoader-style infection for Remcos RAT
2023-06-22/a>
Johannes Ullrich
Apple Patches Exploited Vulnerabilities in iOS/iPadOS, macOS, watchOS and Safari
2023-06-09/a>
Xavier Mertens
Undetected PowerShell Backdoor Disguised as a Profile File
2023-05-07/a>
Didier Stevens
Quickly Finding Encoded Payloads in Office Documents
2023-04-28/a>
Xavier Mertens
Quick IOC Scan With Docker
2023-03-27/a>
Johannes Ullrich
Apple Updates Everything (including Studio Display)
2023-03-22/a>
Didier Stevens
Windows 11 Snipping Tool Privacy Bug: Inspecting PNG Files
2023-03-18/a>
Xavier Mertens
Old Backdoor, New Obfuscation
2023-02-19/a>
Didier Stevens
"Unsupported 16-bit Application" or HTML?
2023-02-09/a>
Xavier Mertens
A Backdoor with Smart Screenshot Capability
2023-02-05/a>
Didier Stevens
Video: Analyzing Malicious OneNote Documents
2023-02-01/a>
Didier Stevens
Detecting (Malicious) OneNote Files
2023-01-30/a>
Johannes Ullrich
Decoding DNS over HTTP(s) Requests
2023-01-24/a>
Johannes Ullrich
Apple Updates (almost) Everything: Patch Overview
2022-12-19/a>
Xavier Mertens
Hunting for Mastodon Servers
2022-11-05/a>
Guy Bruneau
Windows Malware with VHD Extension
2022-11-04/a>
Xavier Mertens
Remcos Downloader with Unicode Obfuscation
2022-10-07/a>
Xavier Mertens
Powershell Backdoor with DGA Capability
2022-09-25/a>
Didier Stevens
Downloading Samples From Takendown Domains
2022-09-24/a>
Didier Stevens
Maldoc Analysis Info On MalwareBazaar
2022-09-16/a>
Didier Stevens
Word Maldoc With CustomXML and Renamed VBAProject.bin
2022-09-10/a>
Guy Bruneau
Phishing Word Documents with Suspicious URL
2022-09-09/a>
Didier Stevens
Maldoc With Decoy BASE64
2022-09-04/a>
Didier Stevens
Video: VBA Maldoc & UTF7 (APT-C-35)
2022-08-29/a>
Didier Stevens
Update: VBA Maldoc & UTF7 (APT-C-35)
2022-08-16/a>
Didier Stevens
VBA Maldoc & UTF7 (APT-C-35)
2022-08-11/a>
Xavier Mertens
InfoStealer Script Based on Curl and NSudo
2022-08-10/a>
Johannes Ullrich
And Here They Come Again: DNS Reflection Attacks
2022-08-02/a>
Johannes Ullrich
A Little DDoS in the Morning - Followup
2022-08-01/a>
Johannes Ullrich
A Little DDoS In the Morning
2022-07-20/a>
Johannes Ullrich
Apple Patches Everything Day
2022-07-10/a>
Guy Bruneau
Excel 4 Emotet Maldoc Analysis using CyberChef
2022-06-26/a>
Didier Stevens
My Paste Command
2022-06-24/a>
Xavier Mertens
Python (ab)using The Windows GUI
2022-06-21/a>
Johannes Ullrich
Experimental New Domain / Domain Age API
2022-06-12/a>
Didier Stevens
Quickie: Follina, RTF & Explorer Preview Pane
2022-06-06/a>
Didier Stevens
"ms-msdt" RTF Maldoc Analysis: oledump Plugins
2022-06-05/a>
Didier Stevens
Analysis Of An "ms-msdt" RTF Maldoc
2022-05-12/a>
Rob VandenBrink
When Get-WebRequest Fails You
2022-05-09/a>
Xavier Mertens
Octopus Backdoor is Back with a New Embedded Obfuscated Bat File
2022-05-02/a>
Didier Stevens
Detecting VSTO Office Files With ExifTool
2022-04-28/a>
Johannes Ullrich
A Day of SMB: What does our SMB/RPC Honeypot see? CVE-2022-26809
2022-04-24/a>
Didier Stevens
Analyzing a Phishing Word Document
2022-04-17/a>
Didier Stevens
Video: Office Protects You From Malicious ISO Files
2022-04-16/a>
Didier Stevens
Office Protects You From Malicious ISO Files
2022-04-14/a>
Johannes Ullrich
An Update on CVE-2022-26809 - MSRPC Vulnerabliity - PATCH NOW
2022-04-13/a>
Jan Kopriva
How is Ukrainian internet holding up during the Russian invasion?
2022-04-10/a>
Didier Stevens
Video: Method For String Extraction Filtering
2022-04-09/a>
Didier Stevens
Method For String Extraction Filtering
2022-04-06/a>
Brad Duncan
Windows MetaStealer Malware
2022-03-31/a>
Johannes Ullrich
Apple Patches Actively Exploited Vulnerability in macOS, iOS and iPadOS,
2022-03-30/a>
Didier Stevens
Quickie: Parsing XLSB Documents
2022-03-29/a>
Johannes Ullrich
More Fake/Typosquatting Twitter Accounts Asking for Ukraine Crytocurrency Donations
2022-03-27/a>
Didier Stevens
Video: Maldoc Cleaned by Anti-Virus
2022-03-24/a>
Xavier Mertens
Malware Delivered Through Free Sharing Tool
2022-03-18/a>
Johannes Ullrich
Scans for Movable Type Vulnerability (CVE-2021-20837)
2022-03-14/a>
Johannes Ullrich
Apple Updates Everything: MacOS 12.3, XCode 13.3, tvOS 15.4, watchOS 8.5, iPadOS 15.4 and more
2022-02-25/a>
Didier Stevens
Windows, Fixed IPv4 Addresses and APIPA
2022-02-24/a>
Xavier Mertens
Ukraine & Russia Situation From a Domain Names Perspective
2022-02-11/a>
Xavier Mertens
CinaRAT Delivered Through HTML ID Attributes
2022-02-10/a>
Johannes Ullrich
iOS/iPadOS and MacOS Update: Single WebKit 0-Day Vulnerability Patched
2022-01-27/a>
Johannes Ullrich
Apple Patches Everything
2021-12-28/a>
Russ McRee
LotL Classifier tests for shells, exfil, and miners
2021-12-15/a>
Xavier Mertens
Simple but Undetected PowerShell Backdoor
2021-11-28/a>
Didier Stevens
Video: YARA Rules for Office Maldocs
2021-11-23/a>
Didier Stevens
YARA Rule for OOXML Maldocs: Less False Positives
2021-11-21/a>
Didier Stevens
Backdooring PAM
2021-11-19/a>
Xavier Mertens
Downloader Disguised as Excel Add-In (XLL)
2021-11-14/a>
Didier Stevens
Video: Obfuscated Maldoc: Reversed BASE64
2021-11-10/a>
Xavier Mertens
Shadow IT Makes People More Vulnerable to Phishing
2021-11-08/a>
Xavier Mertens
(Ab)Using Security Tools & Controls for the Bad
2021-10-20/a>
Xavier Mertens
Thanks to COVID-19, New Types of Documents are Lost in The Wild
2021-10-14/a>
Xavier Mertens
Port-Forwarding with Windows for the Win
2021-10-03/a>
Didier Stevens
Video: CVE-2021-40444 Maldocs: Extracting URLs
2021-09-25/a>
Didier Stevens
Strings Analysis: VBA & Excel4 Maldoc
2021-09-25/a>
Didier Stevens
Video: Strings Analysis: VBA & Excel4 Maldoc
2021-09-22/a>
Didier Stevens
An XML-Obfuscated Office Document (CVE-2021-40444)
2021-09-19/a>
Didier Stevens
Video: Simple Analysis Of A CVE-2021-40444 .docx Document
2021-09-18/a>
Didier Stevens
Simple Analysis Of A CVE-2021-40444 .docx Document
2021-09-02/a>
Xavier Mertens
Attackers Will Always Abuse Major Events in our Lifes
2021-07-31/a>
Guy Bruneau
Unsolicited DNS Queries
2021-07-24/a>
Bojan Zdrnja
Active Directory Certificate Services (ADCS - PKI) domain admin vulnerability
2021-07-21/a>
Johannes Ullrich
"Summer of SAM": Microsoft Releases Guidance for CVE-2021-36934
2021-07-19/a>
Rick Wanner
New Windows Print Spooler Vulnerability - CVE-2021-34481
2021-07-08/a>
Xavier Mertens
Using Sudo with Python For More Security Controls
2021-07-02/a>
Xavier Mertens
"inception.py"... Multiple Base64 Encodings
2021-06-28/a>
Didier Stevens
CFBF Files Strings Analysis
2021-05-28/a>
Xavier Mertens
Malicious PowerShell Hosted on script.google.com
2021-05-02/a>
Didier Stevens
PuTTY And FileZilla Use The Same Fingerprint Registry Keys
2021-04-22/a>
Xavier Mertens
How Safe Are Your Docker Images?
2021-02-28/a>
Didier Stevens
Maldocs: Protection Passwords
2021-02-23/a>
Jan Kopriva
Qakbot in a response to Full Disclosure post
2021-02-22/a>
Didier Stevens
Unprotecting Malicious Documents For Inspection
2021-02-21/a>
Didier Stevens
DDE and oledump
2021-01-26/a>
Brad Duncan
TA551 (Shathak) Word docs push Qakbot (Qbot)
2021-01-25/a>
Rob VandenBrink
Fun with NMAP NSE Scripts and DOH (DNS over HTTPS)
2021-01-24/a>
Didier Stevens
Video: Doc & RTF Malicious Document
2021-01-23/a>
Didier Stevens
CyberChef: Analyzing OOXML Files for URLs
2021-01-19/a>
Russ McRee
Gordon for fast cyber reputation checks
2021-01-18/a>
Didier Stevens
Doc & RTF Malicious Document
2021-01-15/a>
Guy Bruneau
Obfuscated DNS Queries
2021-01-10/a>
Didier Stevens
Maldoc Analysis With CyberChef
2021-01-09/a>
Didier Stevens
Maldoc Strings Analysis
2020-12-24/a>
Xavier Mertens
Malicious Word Document Delivering an Octopus Backdoor
2020-12-15/a>
Didier Stevens
Analyzing FireEye Maldocs
2020-12-10/a>
Xavier Mertens
Python Backdoor Talking to a C2 Through Ngrok
2020-11-25/a>
Xavier Mertens
Live Patching Windows API Calls Using PowerShell
2020-11-22/a>
Didier Stevens
Quick Tip: Extracting all VBA Code from a Maldoc - JSON Format
2020-10-31/a>
Didier Stevens
More File Selection Gaffes
2020-10-26/a>
Didier Stevens
Excel 4 Macros: "Abnormal Sheet Visibility"
2020-10-14/a>
Brad Duncan
More TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-09-30/a>
Johannes Ullrich
Scans for FPURL.xml: Reconnaissance or Not?
2020-09-02/a>
Xavier Mertens
Python and Risky Windows API Calls
2020-09-01/a>
Johannes Ullrich
Exposed Windows Domain Controllers Used in CLDAP DDoS Attacks
2020-08-31/a>
Didier Stevens
Finding The Original Maldoc
2020-08-29/a>
Didier Stevens
Malicious Excel Sheet with a NULL VT Score: More Info
2020-08-25/a>
Xavier Mertens
Keep An Eye on LOLBins
2020-08-19/a>
Xavier Mertens
Example of Word Document Delivering Qakbot
2020-08-16/a>
Didier Stevens
Small Challenge: A Simple Word Maldoc - Part 3
2020-08-07/a>
Brad Duncan
TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-08-02/a>
Didier Stevens
Small Challenge: A Simple Word Maldoc
2020-07-27/a>
Johannes Ullrich
In Memory of Donald Smith
2020-07-15/a>
Brad Duncan
Word docs with macros for IcedID (Bokbot)
2020-07-12/a>
Didier Stevens
Maldoc: VBA Purging Example
2020-07-11/a>
Guy Bruneau
Scanning Home Internet Facing Devices to Exploit
2020-06-24/a>
Jan Kopriva
Using Shell Links as zero-touch downloaders and to initiate network connections
2020-06-12/a>
Xavier Mertens
Malicious Excel Delivering Fileless Payload
2020-06-01/a>
Didier Stevens
XLMMacroDeobfuscator: An Update
2020-05-29/a>
Johannes Ullrich
The Impact of Researchers on Our Data
2020-05-24/a>
Didier Stevens
Zloader Maldoc Analysis With xlm-deobfuscator
2020-05-20/a>
Brad Duncan
Microsoft Word document with malicious macro pushes IcedID (Bokbot)
2020-05-19/a>
Rick Wanner
Cisco Advisories for FTD, ASA, Firepower 1000
2020-04-30/a>
Xavier Mertens
Collecting IOCs from IMAP Folder
2020-04-26/a>
Didier Stevens
Video: Malformed .docm File
2020-04-18/a>
Guy Bruneau
Maldoc Falsely Represented as DOCX Invoice Redirecting to Fake Apple Store
2020-04-06/a>
Didier Stevens
Password Protected Malicious Excel Files
2020-04-05/a>
Guy Bruneau
Maldoc XLS Invoice with Excel 4 Macros
2020-04-04/a>
Didier Stevens
New Bypass Technique or Corrupt Word Document?
2020-03-30/a>
Jan Kopriva
Crashing explorer.exe with(out) a click
2020-03-29/a>
Didier Stevens
Obfuscated Excel 4 Macros
2020-03-28/a>
Didier Stevens
Covid19 Domain Classifier
2020-03-27/a>
Johannes Ullrich
Help us classify Covid19 related domains https://isc.sans.edu/covidclassifier.html (login required)
2020-03-23/a>
Didier Stevens
Windows Zeroday Actively Exploited: Type 1 Font Parsing Remote Code Execution Vulnerability
2020-03-16/a>
Jan Kopriva
Desktop.ini as a post-exploitation tool
2020-03-09/a>
Didier Stevens
Malicious Spreadsheet With Data Connection and Excel 4 Macros
2020-02-24/a>
Didier Stevens
Maldoc: Excel 4 Macros and VBA, Devil and Angel?
2020-02-23/a>
Didier Stevens
Maldoc: Excel 4 Macros in OOXML Format
2020-02-18/a>
Jan Kopriva
Discovering contents of folders in Windows without permissions
2020-02-17/a>
Didier Stevens
curl and SSPI
2020-02-15/a>
Didier Stevens
bsdtar on Windows 10
2020-01-22/a>
Brad Duncan
German language malspam pushes Ursnif
2020-01-09/a>
Kevin Shortt
Windows 7 - End of Life
2020-01-09/a>
Xavier Mertens
Quick Analyzis of a(nother) Maldoc
2019-12-22/a>
Didier Stevens
Extracting VBA Macros From .DWG Files
2019-12-16/a>
Didier Stevens
Malicious .DWG Files?
2019-12-14/a>
Didier Stevens
(Lazy) Sunday Maldoc Analysis: A Bit More ...
2019-12-09/a>
Didier Stevens
(Lazy) Sunday Maldoc Analysis
2019-12-05/a>
Jan Kopriva
E-mail from Agent Tesla
2019-11-25/a>
Xavier Mertens
My Little DoH Setup
2019-11-08/a>
Xavier Mertens
Microsoft Apps Diverted from Their Main Use
2019-08-15/a>
Didier Stevens
Analysis of a Spearphishing Maldoc
2019-08-14/a>
Brad Duncan
Recent example of MedusaHTTP malware
2019-07-28/a>
Didier Stevens
Video: Analyzing Compressed PowerShell Scripts
2019-07-17/a>
Xavier Mertens
Analyzis of DNS TXT Records
2019-07-16/a>
Russ McRee
Commando VM: The Complete Mandiant Offensive VM
2019-07-06/a>
Didier Stevens
Malicious XSL Files
2019-07-05/a>
Didier Stevens
A "Stream O" Maldoc
2019-07-02/a>
Xavier Mertens
Malicious Script With Multiple Payloads
2019-07-01/a>
Didier Stevens
Maldoc: Payloads in User Forms
2019-06-27/a>
Rob VandenBrink
Finding the Gold in a Pile of Pennies - Long Tail Analysis in PowerShell
2019-06-06/a>
Xavier Mertens
Keep an Eye on Your WMI Logs
2019-05-28/a>
Didier Stevens
Office Document & BASE64? PowerShell!
2019-05-22/a>
Johannes Ullrich
An Update on the Microsoft Windows RDP "Bluekeep" Vulnerability (CVE-2019-0708) [now with pcaps]
2019-05-10/a>
Xavier Mertens
DSSuite - A Docker Container with Didier's Tools
2019-05-01/a>
Didier Stevens
VBA Office Document: Which Version?
2019-04-27/a>
Didier Stevens
Quick Tip for Dissecting CVE-2017-11882 Exploits
2019-04-24/a>
Rob VandenBrink
Where have all the Domain Admins gone? Rooting out Unwanted Domain Administrators
2019-04-23/a>
Didier Stevens
Malicious VBA Office Document Without Source Code
2019-03-31/a>
Didier Stevens
Maldoc Analysis of the Weekend by a Reader
2019-03-27/a>
Xavier Mertens
Running your Own Passive DNS Service
2019-03-25/a>
Didier Stevens
"VelvetSweatshop" Maldocs: Shellcode Analysis
2019-03-23/a>
Didier Stevens
"VelvetSweatshop" Maldocs
2019-03-17/a>
Didier Stevens
Video: Maldoc Analysis: Excel 4.0 Macro
2019-03-16/a>
Didier Stevens
Maldoc: Excel 4.0 Macros
2019-03-05/a>
Rob VandenBrink
Powershell, Active Directory and the Windows Host Firewall
2019-02-27/a>
Didier Stevens
Maldoc Analysis by a Reader
2019-02-17/a>
Didier Stevens
Video: Finding Property Values in Office Documents
2019-02-16/a>
Didier Stevens
Finding Property Values in Office Documents
2019-02-11/a>
Didier Stevens
Have You Seen an Email Virus Recently?
2019-02-10/a>
Didier Stevens
Video: Maldoc Analysis of the Weekend
2019-02-09/a>
Didier Stevens
Maldoc Analysis of the Weekend
2019-01-26/a>
Didier Stevens
Video: Analyzing Encrypted Malicious Office Documents
2019-01-14/a>
Rob VandenBrink
Still Running Windows 7? Time to think about that upgrade project!
2019-01-11/a>
Didier Stevens
Quick Maldoc Analysis
2019-01-07/a>
Didier Stevens
Analyzing Encrypted Malicious Office Documents
2019-01-02/a>
Didier Stevens
Maldoc with Nonfunctional Shellcode
2018-12-29/a>
Didier Stevens
Video: De-DOSfuscation Example
2018-12-19/a>
Xavier Mertens
Restricting PowerShell Capabilities with NetSh
2018-12-19/a>
Xavier Mertens
Microsoft OOB Patch for Internet Explorer: Scripting Engine Memory Corruption Vulnerability
2018-12-17/a>
Didier Stevens
Password Protected ZIP with Maldoc
2018-12-16/a>
Guy Bruneau
Random Port Scan for Open RDP Backdoor
2018-12-15/a>
Didier Stevens
De-DOSfuscation Example
2018-12-12/a>
Didier Stevens
Yet Another DOSfuscation Sample
2018-12-07/a>
Remco Verhoef
A Dive into malicious Docker Containers
2018-12-03/a>
Didier Stevens
Word maldoc: yet another place to hide a command
2018-11-26/a>
Russ McRee
ViperMonkey: VBA maldoc deobfuscation
2018-11-23/a>
Didier Stevens
Video: Dissecting a CVE-2017-11882 Exploit
2018-11-21/a>
Johannes Ullrich
Critical Vulnerability in Flash Player
2018-11-10/a>
Didier Stevens
Video: CyberChef: BASE64/XOR Recipe
2018-11-02/a>
Didier Stevens
TriJklcj2HIUCheDES decryption failed?
2018-10-16/a>
Didier Stevens
CyberChef: BASE64/XOR Recipe
2018-10-13/a>
Didier Stevens
Maldoc: Once More It's XOR
2018-10-01/a>
Didier Stevens
Decoding Custom Substitution Encodings with translate.py
2018-09-30/a>
Didier Stevens
When DOSfuscation Helps...
2018-08-25/a>
Didier Stevens
Microsoft Publisher malware: static analysis
2018-08-05/a>
Didier Stevens
Video: Maldoc analysis with standard Linux tools
2018-07-30/a>
Didier Stevens
Malicious Word documents using DOSfuscation
2018-06-17/a>
Didier Stevens
Encrypted Office Documents
2018-06-13/a>
Xavier Mertens
A Bunch of Compromized Wordpress Sites
2018-06-05/a>
Xavier Mertens
Malicious Post-Exploitation Batch File
2018-05-07/a>
Xavier Mertens
Adding Persistence Via Scheduled Tasks
2018-05-02/a>
Russ McRee
Windows Commands Reference - An InfoSec Must Have
2018-05-01/a>
Xavier Mertens
Diving into a Simple Maldoc Generator
2018-04-25/a>
Johannes Ullrich
Yet Another Drupal RCE Vulnerability
2018-03-05/a>
Xavier Mertens
Malicious Bash Script with Multiple Features
2018-02-02/a>
Xavier Mertens
Simple but Effective Malicious XLS Sheet
2018-01-28/a>
Didier Stevens
Is this a pentest?
2018-01-26/a>
Xavier Mertens
Investigating Microsoft BITS Activity
2018-01-23/a>
Johannes Ullrich
Apple Updates Everything, Again
2018-01-20/a>
Didier Stevens
An RTF phish
2018-01-08/a>
Bojan Zdrnja
Meltdown and Spectre: clearing up the confusion
2018-01-02/a>
Didier Stevens
PDF documents & URLs: video
2017-12-31/a>
Didier Stevens
Analyzing TNEF files
2017-12-25/a>
Didier Stevens
Dealing with obfuscated RTF files
2017-12-24/a>
Didier Stevens
PDF documents & URLs: update
2017-12-23/a>
Didier Stevens
Encrypted PDFs
2017-12-19/a>
Xavier Mertens
Example of 'MouseOver' Link in a Powerpoint File
2017-12-18/a>
Didier Stevens
Phish or scam? - Part 2
2017-12-17/a>
Didier Stevens
Phish or scam? - Part 1
2017-12-13/a>
Xavier Mertens
Tracking Newly Registered Domains
2017-12-09/a>
Didier Stevens
Sometimes it's a dud
2017-12-02/a>
Xavier Mertens
Using Bad Material for the Good
2017-11-25/a>
Guy Bruneau
Exim Remote Code Exploit
2017-11-16/a>
Xavier Mertens
Suspicious Domains Tracking Dashboard
2017-11-15/a>
Xavier Mertens
If you want something done right, do it yourself!
2017-11-11/a>
Xavier Mertens
Keep An Eye on your Root Certificates
2017-11-06/a>
Didier Stevens
Metasploit's Maldoc
2017-11-05/a>
Didier Stevens
Extracting the text from PDF documents
2017-11-04/a>
Didier Stevens
PDF documents & URLs
2017-10-20/a>
Rick Wanner
One year Anniversary of Dyn DDOS
2017-09-28/a>
Xavier Mertens
The easy way to analyze huge amounts of PCAP data
2017-09-18/a>
Xavier Mertens
CCleaner 5.33 compromised - http://www.piriform.com/news/release-announcements/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users
2017-09-14/a>
Xavier Mertens
Another webshell, another backdoor!
2017-09-10/a>
Didier Stevens
It is a resume - Part 3
2017-08-20/a>
Didier Stevens
It's Not An Invoice ...
2017-08-17/a>
Xavier Mertens
Maldoc with auto-updated link
2017-08-10/a>
Didier Stevens
Maldoc Analysis with ViperMonkey
2017-07-30/a>
Renato Marinho
SMBLoris - the new SMB flaw
2017-07-29/a>
Didier Stevens
Maldoc Submitted and Analyzed
2017-07-28/a>
Didier Stevens
Static Analysis of Emotet Maldoc
2017-07-15/a>
Didier Stevens
Office maldoc + .lnk
2017-07-10/a>
Didier Stevens
Basic Office maldoc analysis
2017-07-09/a>
Russ McRee
Adversary hunting with SOF-ELK
2017-07-07/a>
Renato Marinho
DDoS Extortion E-mail: Yet Another Bluff?
2017-07-05/a>
Didier Stevens
Selecting domains with random names
2017-05-20/a>
Xavier Mertens
Typosquatting: Awareness and Hunting
2017-05-12/a>
Xavier Mertens
When Bad Guys are Pwning Bad Guys...
2017-05-03/a>
Bojan Zdrnja
OAUTH phishing against Google Docs ? beware!
2017-04-28/a>
Xavier Mertens
Another Day, Another Obfuscation Technique
2017-04-23/a>
Didier Stevens
Malicious Documents: A Bit Of News
2017-04-21/a>
Xavier Mertens
Analysis of a Maldoc with Multiple Layers of Obfuscation
2017-03-05/a>
Didier Stevens
Another example of maldoc string obfuscation, with extra bonus: UAC bypass
2017-02-28/a>
Xavier Mertens
Analysis of a Simple PHP Backdoor
2017-02-26/a>
Didier Stevens
CRA Maldoc Analysis
2017-02-10/a>
Brad Duncan
Hancitor/Pony malspam
2017-01-18/a>
Rob VandenBrink
Making Windows 10 a bit less "Creepy" - Common Privacy Settings
2017-01-12/a>
Mark Baggett
System Resource Utilization Monitor
2016-12-29/a>
Rick Wanner
More on Protocol 47 denys
2016-12-24/a>
Didier Stevens
Pinging All The Way
2016-12-19/a>
John Bambenek
UPDATED x1: Mirai Scanning for Port 6789 Looking for New Victims / Now hitting tcp/23231
2016-12-10/a>
Didier Stevens
Sleeping VBS Really Wants To Sleep
2016-12-09/a>
Rick Wanner
Mirai - now with DGA
2016-12-05/a>
Didier Stevens
Hancitor Maldoc Videos
2016-11-18/a>
Didier Stevens
VBA Shellcode and Windows 10
2016-11-12/a>
Didier Stevens
VBA Shellcode and EMET
2016-11-05/a>
Xavier Mertens
Full Packet Capture for Dummies
2016-10-26/a>
Johannes Ullrich
Critical Flash Player Update APSB16-36
2016-10-22/a>
Guy Bruneau
Request for Packets TCP 4786 - CVE-2016-6385
2016-10-17/a>
Didier Stevens
Maldoc VBA Anti-Analysis: Video
2016-10-16/a>
Didier Stevens
Analyzing Office Maldocs With Decoder.xls
2016-10-15/a>
Didier Stevens
Maldoc VBA Anti-Analysis
2016-10-13/a>
Jim Clausing
New tool: docker-mount.py
2016-09-26/a>
Didier Stevens
VBA and P-code
2016-09-13/a>
Rob VandenBrink
If it's Free, YOU are the Product
2016-09-13/a>
Rob VandenBrink
Apple iOS 10 and 10.0.1 Released
2016-08-29/a>
Russ McRee
Recommended Reading: Intrusion Detection Using Indicators of Compromise Based on Best Practices and Windows Event Logs
2016-08-06/a>
Didier Stevens
rtfdump
2016-08-02/a>
Tom Webb
Windows 10 Anniversary Update Available
2016-07-30/a>
Didier Stevens
rtfobj
2016-07-29/a>
Didier Stevens
Malicious RTF Files
2016-07-19/a>
Didier Stevens
Office Maldoc: Let's Focus on the VBA Macros Later...
2016-07-12/a>
Xavier Mertens
Hunting for Malicious Files with MISP + OSSEC
2016-06-17/a>
Johannes Ullrich
Critical Adobe Flash Update. Patch Now
2016-06-01/a>
Xavier Mertens
Docker Containers Logging
2016-05-29/a>
Guy Bruneau
Analysis of a Distributed Denial of Service (DDoS)
2016-05-22/a>
Pasquale Stirparo
The strange case of WinZip MRU Registry key
2016-05-18/a>
Russ McRee
Resources: Windows Auditing & Monitoring, Linux 2FA
2016-05-12/a>
Xavier Mertens
Adobe Released Updates to Fix Critical Vulnerability
2016-04-15/a>
Xavier Mertens
Windows Command Line Persistence?
2016-03-30/a>
Xavier Mertens
What to watch with your FIM?
2016-03-29/a>
Didier Stevens
VBE: Encoded VBS Script
2016-03-15/a>
Xavier Mertens
Dockerized DShield SSH Honeypot
2016-03-11/a>
Jim Clausing
Forensicating Docker, Part 1
2016-03-08/a>
Rick Wanner
Critical Adobe Updates - March 2016
2016-02-21/a>
Didier Stevens
Tip: Quick Analysis of Office Maldoc
2016-02-18/a>
Xavier Mertens
Hunting for Executable Code in Windows Environments
2016-02-09/a>
Johannes Ullrich
Adobe Patch Tuesday - February 2016
2016-02-07/a>
Rick Wanner
DDOS is down, but still a concern for ISPs
2016-01-31/a>
Guy Bruneau
Windows 10 and System Protection for DATA Default is OFF
2016-01-21/a>
Jim Clausing
Scanning for Fortinet ssh backdoor
2016-01-13/a>
Alex Stanford
You Have Got a New Audio Message - Guest Diary by Pasquale Stirparo
2016-01-11/a>
Didier Stevens
BlackEnergy .XLS Dropper
2015-12-28/a>
Rick Wanner
Adobe Flash and Adobe AIR Updates - https://helpx.adobe.com/security/products/flash-player/apsb16-01.html
2015-12-26/a>
Didier Stevens
Malfunctioning Malware
2015-12-09/a>
Xavier Mertens
Enforcing USB Storage Policy with PowerShell
2015-11-21/a>
Didier Stevens
Maldoc Social Engineering Trick
2015-10-16/a>
Alex Stanford
Adobe Flash Update
2015-10-13/a>
Alex Stanford
Adobe Updates Acrobat and Adobe Reader
2015-10-09/a>
Guy Bruneau
Adobe Acrobat and Reader Pre-Announcement
2015-09-28/a>
Johannes Ullrich
"Transport of London" Malicious E-Mail
2015-09-19/a>
Didier Stevens
Don't launch that file Adobe Reader!
2015-08-28/a>
Didier Stevens
Test File: PDF With Embedded DOC Dropping EICAR
2015-08-26/a>
Didier Stevens
PDF + maldoc1 = maldoc2
2015-08-12/a>
Rob VandenBrink
Windows Service Accounts - Why They're Evil and Why Pentesters Love them!
2015-07-27/a>
Daniel Wesemann
Angler's best friends
2015-07-14/a>
Johannes Ullrich
Adobe Updates Flash Player, Shockwave and PDF Reader
2015-07-12/a>
Rick Wanner
Another Adobe Flash Zero Day http://www.kb.cert.org/vuls/id/338736
2015-06-26/a>
Daniel Wesemann
Cisco default credentials - again!
2015-06-23/a>
Kevin Shortt
XOR DDOS Mitigation and Analysis
2015-06-23/a>
Kevin Shortt
Adobe Flash Player Update - https://helpx.adobe.com/security/products/flash-player/apsb15-14.html
2015-05-15/a>
Didier Stevens
Another Maldoc? I'm Afraid So...
2015-05-09/a>
Didier Stevens
Malicious Word Document: This Time The Maldoc Is A MIME File
2015-04-28/a>
Daniel Wesemann
Scammy Nepal earthquake donation requests
2015-04-10/a>
Didier Stevens
The Kill Chain: Now With Pastebin
2015-03-30/a>
Didier Stevens
YARA Rules For Shellcode
2015-03-14/a>
Didier Stevens
Maldoc VBA Sandbox/Virtualization Detection
2015-02-27/a>
Rick Wanner
DDOS are way down? Why?
2015-02-20/a>
Tom Webb
Fast analysis of a Tax Scam
2015-02-19/a>
Daniel Wesemann
DNS-based DDoS
2015-02-05/a>
Johannes Ullrich
Adobe Flash Player Update Released, Fixing CVE 2015-0313
2015-02-02/a>
Stephen Hall
New Adobe Flash Vulnerability - CVE-2015-0313
2015-01-26/a>
Russ McRee
Adobe updates Security Advisory for Adobe Flash Player, Infocon returns to green
2015-01-23/a>
Adrien de Beaupre
Infocon change to yellow for Adobe Flash issues
2014-11-11/a>
Johannes Ullrich
Adobe Flash Update
2014-10-14/a>
Johannes Ullrich
Adobe October 2014 Bulletins for Flash Player and Coldfusion
2014-09-16/a>
Daniel Wesemann
https://yourfakebank.support -- TLD confusion starts!
2014-09-16/a>
Mark Hofman
FreeBSD Denial of Service advisory (CVE-2004-0230)
2014-08-31/a>
Rick Wanner
1900/UDP (SSDP) Scanning and DDOS
2014-08-25/a>
Jim Clausing
UDP port 1900 DDoS traffic
2014-08-17/a>
Rick Wanner
Part 1: Is your home network unwittingly contributing to NTP DDOS attacks?
2014-08-17/a>
Rick Wanner
Part 2: Is your home network unwittingly contributing to NTP DDOS attacks?
2014-08-15/a>
Tom Webb
AppLocker Event Logs with OSSEC 2.8
2014-08-12/a>
Adrien de Beaupre
Adobe updates for 2014/08
2014-07-09/a>
Daniel Wesemann
Who owns your typo?
2014-07-08/a>
Johannes Ullrich
Hardcoded Netgear Prosafe Switch Password
2014-07-05/a>
Guy Bruneau
Java Support ends for Windows XP
2014-07-02/a>
Johannes Ullrich
Cisco Unified Communications Domain Manager Update
2014-06-24/a>
Kevin Shortt
NTP DDoS Counts Have Dropped
2014-06-02/a>
Rick Wanner
Using nmap to scan for DDOS reflectors
2014-04-30/a>
Russ McRee
UltraDNS DDOS
2014-04-28/a>
Russ McRee
Adobe Security Bulletin: Security updates available for Adobe Flash Player http://adobe.ly/QVjO72
2014-04-08/a>
Rick Wanner
Security Updates available for Adobe Flash Player - http://helpx.adobe.com/security/products/flash-player/apsb14-09.html
2014-04-06/a>
Basil Alawi S.Taher
"Power Worm" PowerShell based Malware
2014-04-04/a>
Rob VandenBrink
Windows 8.1 Released
2014-03-24/a>
Johannes Ullrich
New Microsoft Advisory: Unpatched Word Flaw used in Targeted Attacks
2014-03-13/a>
Daniel Wesemann
Adobe Shockwave Player critical update: http://helpx.adobe.com/security/products/shockwave/apsb14-10.html
2014-03-12/a>
Johannes Ullrich
Wordpress "Pingback" DDoS Attacks
2014-03-11/a>
Johannes Ullrich
Adobe Updates: Flash Player
2014-03-04/a>
Daniel Wesemann
XPired!
2014-02-20/a>
Stephen Hall
Abobe out of band patch announcement (APSB14-07)
2014-02-17/a>
Chris Mohan
NTP reflection attacks continue
2014-02-11/a>
Johannes Ullrich
Adobe February 2014 Patch Tuesday
2014-02-05/a>
Johannes Ullrich
To Merrillville or Sochi: How Dangerous is it to travel?
2014-02-04/a>
Johannes Ullrich
Adobe Flash Player Emergency Patch
2014-01-30/a>
Johannes Ullrich
New gTLDs appearing in the root zone
2014-01-14/a>
Johannes Ullrich
Adobe Patch Tuesday January 2014
2014-01-10/a>
Basil Alawi S.Taher
Windows Autorun-3
2014-01-10/a>
Basil Alawi S.Taher
Cisco Small Business Devices backdoor fix
2014-01-04/a>
Tom Webb
Monitoring Windows Networks Using Syslog (Part One)
2014-01-02/a>
Johannes Ullrich
Scans Increase for New Linksys Backdoor (32764/TCP)
2013-12-24/a>
Daniel Wesemann
Unfriendly crontab additions
2013-12-21/a>
Daniel Wesemann
Adobe phishing underway
2013-12-21/a>
Guy Bruneau
Strange DNS Queries - Request for Packets
2013-12-16/a>
Tom Webb
The case of Minerd
2013-12-10/a>
Rob VandenBrink
Adobe Updates today as well.
2013-11-22/a>
Rick Wanner
Port 0 DDOS
2013-11-22/a>
Rick Wanner
Tales of Password Reuse
2013-11-05/a>
Daniel Wesemann
Is your vacuum cleaner sending spam?
2013-10-30/a>
Russ McRee
SIR v15: Five good reasons to leave Windows XP behind
2013-10-24/a>
Johannes Ullrich
Are you a small business that experienced a DoS attack?
2013-10-09/a>
Johannes Ullrich
Other Patch Tuesday Updates (Adobe, Apple)
2013-10-08/a>
Johannes Ullrich
CSAM: ANY queries used in reflective DoS attack
2013-10-05/a>
Richard Porter
Adobe Breach Notification, Notifications?
2013-10-04/a>
Johannes Ullrich
The Adobe Breach FAQ
2013-10-03/a>
Johannes Ullrich
October Patch Tuesday Preview (CVE-2013-3893 patch coming!)
2013-10-02/a>
John Bambenek
Obamacare related domain registration spike, Government shutdown domain registration beginning
2013-09-23/a>
Rob VandenBrink
How do you spell "PSK"?
2013-09-10/a>
Swa Frantzen
Adobe September 2013 Black Tuesday Overview
2013-07-27/a>
Scott Fendley
Defending Against Web Server Denial of Service Attacks
2013-07-12/a>
Johannes Ullrich
DNS resolution is failing for Microsofts Teredo server (teredo.ipv6.microsoft.com)
2013-07-12/a>
Johannes Ullrich
Microsoft Teredo Server "Sunset"
2013-07-09/a>
Swa Frantzen
Adobe July 2013 Black Tuesday Overview
2013-06-11/a>
Swa Frantzen
Adobe June 2013 Black Tuesday Overview
2013-06-05/a>
Richard Porter
BIND 9 Update fixing CVE-2013-3919
2013-05-21/a>
Adrien de Beaupre
Moore, Oklahoma tornado charitable organization scams, malware, and phishing
2013-05-20/a>
Guy Bruneau
Safe - Tools, Tactics and Techniques
2013-05-14/a>
Swa Frantzen
Adobe May 2013 Black Tuesday Overview
2013-05-10/a>
Johannes Ullrich
Microsoft and Adobe Patch Tuesday Pre-Release
2013-05-09/a>
John Bambenek
Adobe Releases 0-day Security Advisory for Coldfusion, Exploit Code Available. Advisory here: http://www.adobe.com/support/security/advisories/apsa13-03.html
2013-05-08/a>
Johannes Ullrich
"De Flashing" the ISC Web Site and Flash XSS issues
2013-04-21/a>
John Bambenek
A Chargen-based DDoS? Chargen is still a thing?
2013-04-09/a>
Swa Frantzen
Adobe April 2013 Black Tuesday Overview
2013-03-28/a>
John Bambenek
Where Were You During the Great DDoS Cybergeddon of 2013?
2013-03-27/a>
Rob VandenBrink
Several Cisco IOS DOS Issues Resolved
2013-03-19/a>
Johannes Ullrich
Windows 7 SP1 and Windows Server 2008 R2 SP1 Being "pushed" today
2013-03-19/a>
Johannes Ullrich
Scam of the day: More fake CNN e-mails
2013-03-18/a>
Kevin Shortt
Spamhaus DDOS
2013-03-12/a>
Swa Frantzen
Adobe March 2013 Black Tueday
2013-03-09/a>
Guy Bruneau
IPv6 Focus Month: IPv6 Encapsulation - Protocol 41
2013-02-28/a>
Daniel Wesemann
Parsing Windows Eventlogs in Powershell
2013-02-27/a>
Adam Swanger
Adobe Flash Player Security Update - http://www.adobe.com/support/security/bulletins/apsb13-08.html
2013-02-20/a>
Johannes Ullrich
Update Palooza
2013-02-17/a>
Guy Bruneau
Adobe Acrobat and Reader Security Update Planned this Week
2013-02-16/a>
Lorna Hutcheson
Fedora RedHat Vulnerabilty Released
2013-02-13/a>
Swa Frantzen
More adobe reader and acrobat (PDF) trouble
2013-02-07/a>
John Bambenek
Adobe Releases Patches for 0-day Vulnerability in Flash Player for Windows and Mac, Upgrade now: http://www.adobe.com/support/security/bulletins/apsb13-04.html
2013-01-09/a>
Rob VandenBrink
Security Updates for Adobe Reader / Acrobat - http://www.adobe.com/support/security/bulletins/apsb13-02.html
2013-01-09/a>
Rob VandenBrink
Security Updates for Adobe Flash - http://www.adobe.com/support/security/bulletins/apsb13-01.html
2013-01-08/a>
Richard Porter
Adobe Security Bulletins http://blogs.adobe.com/psirt/2013/01/adobe-security-bulletins-posted-4.html
2013-01-04/a>
Daniel Wesemann
Patch pre-notification from Adobe and Microsoft
2012-12-06/a>
Daniel Wesemann
Comodo DNS hiccup on usertrust.com
2012-11-08/a>
Daniel Wesemann
Adobe Patches
2012-10-24/a>
Rob VandenBrink
Time to run Windows Update - - Microsoft Updates KB2755801 for Windows RT / IE10 / Flash Player - http://technet.microsoft.com/en-us/security/advisory/2755801
2012-10-10/a>
Kevin Shortt
Cyber Security Awareness Month - Day 10 - Standard Sudo - Part Two
2012-10-09/a>
Johannes Ullrich
Adobe Flash Player update http://www.adobe.com/support/security/bulletins/apsb12-22.html
2012-10-03/a>
Kevin Shortt
Cyber Security Awareness Month - Day 3 - Standard Sudo - Part One
2012-09-20/a>
Russ McRee
Financial sector advisory: attacks and threats against financial institutions
2012-08-21/a>
Adrien de Beaupre
YYABCAFU - Yes Yet Another Bleeping Critical Adobe Flash Update
2012-08-15/a>
Guy Bruneau
Cisco IOS XR Software Route Processor DoS Vulnerability - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120530-iosxr
2012-08-14/a>
Rick Wanner
Adobe Security Bulletins - http://blogs.adobe.com/psirt/2012/08/adobe-security-bulletins-posted-2.html
2012-07-19/a>
Mark Baggett
Diagnosing Malware with Resource Monitor
2012-07-03/a>
Johannes Ullrich
ocsp.comodoca.com blocklisted (by comodo itself)
2012-06-25/a>
Guy Bruneau
Issues with Windows Update Agent
2012-06-12/a>
Swa Frantzen
Adobe June 2012 Black Tuesday patches
2012-05-25/a>
Guy Bruneau
Technical Analysis of Flash Player CVE-2012-0779
2012-05-22/a>
Johannes Ullrich
The "Do Not Track" header
2012-05-21/a>
Kevin Shortt
DNS ANY Request Cannon - Need More Packets
2012-05-18/a>
Johannes Ullrich
ZTE Score M Android Phone backdoor
2012-05-12/a>
Tony Carothers
Adobe Update to Vulnerabilities
2012-05-08/a>
Bojan Zdrnja
Windows Firewall Bypass Vulnerability and NetBIOS NS
2012-05-06/a>
Jim Clausing
Tool updates and Win 8
2012-05-04/a>
Guy Bruneau
Adobe Security Flash Update
2012-04-10/a>
Swa Frantzen
Windows Vista RIP
2012-04-10/a>
Swa Frantzen
Adobe April 2012 Black Tuesday Update
2012-04-06/a>
Johannes Ullrich
Adobe Patch Tuesday Prerelease (Reader/Acrobat) http://www.adobe.com/support/security/bulletins/apsb12-08.html
2012-03-30/a>
Daniel Wesemann
Tomorrow, the world will end
2012-03-28/a>
Kevin Shortt
Adobe Flash Player APSB12-07 - 28 March 2012
2012-03-16/a>
Russ McRee
MS12-020 RDP vulnerabilities: Patch, Mitigate, Detect
2012-03-13/a>
Lenny Zeltser
Please transfer this email to your CEO or appropriate person, thanks
2012-03-05/a>
Johannes Ullrich
Adobe Flash Player Security Update
2012-02-16/a>
Johannes Ullrich
Adobe Flash Player Update
2012-02-14/a>
Johannes Ullrich
Adobe Shockwave Player and RoboHelp for Word Patches
2012-01-22/a>
Johannes Ullrich
Javascript DDoS Tool Analysis
2012-01-10/a>
Adrien de Beaupre
Adobe January 2012 Black Tuesday overview
2011-12-28/a>
Daniel Wesemann
Hash collisions vulnerability in web servers
2011-12-21/a>
Johannes Ullrich
New Vulnerability in Windows 7 64 bit
2011-12-13/a>
Johannes Ullrich
December 2011 Adobe Black Tuesday
2011-12-08/a>
Adrien de Beaupre
Newest Adobe Flash 11.1.102.55 and Previous 0 Day Exploit
2011-12-07/a>
Lenny Zeltser
Adobe Acrobat Latest Zero-Day Vulnerability Fix Coming to All Platforms by January 10
2011-11-15/a>
Adrien de Beaupre
www.disa.mil down?
2011-11-11/a>
Rick Wanner
Adobe Air updated to 3.1.0.4880
2011-11-08/a>
Swa Frantzen
Abobe November 2011 Black Tuesday Overview
2011-11-03/a>
Richard Porter
An Apple, Inc. Sandbox to play in.
2011-10-05/a>
Johannes Ullrich
Adobe SSL Certificate Problem (fixed)
2011-10-01/a>
Mark Hofman
Adobe Photoshop for Windows Vulnerability (CVE-2011-2443)
2011-09-21/a>
Swa Frantzen
Emergency patch expected for Flash Player
2011-09-21/a>
Guy Bruneau
Adobe Release Flash Player 10.3.183.10 available at http://get.adobe.com/flashplayer/
2011-09-09/a>
Guy Bruneau
Adobe plan to release critical security updates next Tuesday for Acrobat and Reader http://www.adobe.com/support/security/bulletins/apsb11-24.html
2011-09-09/a>
Guy Bruneau
Adobe Publish its List of Trusted Root Certificate - http://www.adobe.com/security/approved-trust-list.html
2011-08-30/a>
Johannes Ullrich
Apache patch out for "byte range" DoS vulnerability http://www.apache.org/dist/httpd/Announcement2.2.html
2011-08-26/a>
Daniel Wesemann
Adobe Flash stability update to 10.3.183.7. See http://forums.adobe.com/message/3883150
2011-08-25/a>
Kevin Shortt
Revival of an Unpatched Apache HTTPD DoS
2011-08-09/a>
Swa Frantzen
Adobe August 2011 Black Tuesday Overview
2011-07-09/a>
Chris Mohan
Safer Windows Incident Response
2011-07-04/a>
Deborah Hale
VSFTP Backdoor in Source Code
2011-06-30/a>
Rob VandenBrink
Update for RSA Authentication Manager
2011-06-30/a>
Guy Bruneau
Adobe Release Flash Player 10.3.181.34 available at http://get.adobe.com/flashplayer/
2011-06-14/a>
Swa Frantzen
Adobe releases patches
2011-06-09/a>
Richard Porter
One Browser to Rule them All?
2011-06-06/a>
Johannes Ullrich
Adobe releases Flash Player patch on a Sunday to combat latest 0day http://www.adobe.com/support/security/bulletins/apsb11-13.html
2011-06-01/a>
Johannes Ullrich
Enabling Privacy Enhanced Addresses for IPv6
2011-05-20/a>
Guy Bruneau
Distributed Denial of Service Cheat Sheet
2011-05-12/a>
Chris Mohan
Security updates available for Flash Player, RoboHelp, Audition, and Flash Media Server
2011-05-03/a>
Johannes Ullrich
Analyzing Teredo with tshark and Wireshark
2011-04-21/a>
Guy Bruneau
Adobe Reader and Acrobat Security Updates
2011-04-14/a>
Johannes Ullrich
Update to Adobe Flash 0-day: Patch will be out soon
2011-04-11/a>
Johannes Ullrich
Yet another Adobe Flash/Reader/Acrobat 0 day
2011-04-05/a>
Mark Hofman
Sony DDOS
2011-04-05/a>
Mark Hofman
DNS.be DDOS
2011-03-27/a>
Guy Bruneau
Strange Shockwave File with Surprising Attachments
2011-03-23/a>
Johannes Ullrich
Microsoft Advisory about fraudulent SSL Certificates
2011-03-23/a>
Johannes Ullrich
Comodo RA Compromise
2011-03-22/a>
Kevin Shortt
Adobe Reader/Acrobat Security Update - http://www.adobe.com/support/security/bulletins/apsb11-06.html
2011-03-15/a>
Lenny Zeltser
Limiting Exploit Capabilities by Using Windows Integrity Levels
2011-03-14/a>
Bojan Zdrnja
Adobe Flash 0-day being used in targeted attacks
2011-03-04/a>
Mark Hofman
DDOS, the new black?
2011-03-02/a>
Chris Mohan
Updates: Firefox 3.6.14/3.5.17, Thunderbird 3.1.8, Adobe Flash v10.2.152.32 & WireShark 1.4.4
2011-02-24/a>
Johannes Ullrich
Windows 7 / 2008 R2 Service Pack 1 Problems
2011-02-23/a>
Johannes Ullrich
Windows 7 Service Pack 1 out
2011-02-16/a>
Jason Lam
Windows 0-day SMB mrxsmb.dll vulnerability
2011-02-12/a>
Kevin Liston
DDoS Analysis Process
2011-02-10/a>
Chris Mohan
Befriending Windows Security Log Events
2011-02-09/a>
Mark Hofman
Adobe Patches (shockwave, Flash, Reader & Coldfusion)
2011-01-29/a>
Mark Hofman
Sourceforge attack
2011-01-27/a>
Guy Bruneau
ISC DHCP DHCPv6 Vulnerability
2011-01-24/a>
Rob VandenBrink
Where have all the COM Ports Gone? - How enumerating COM ports led to me finding a “misplaced” Microsoft tool
2011-01-06/a>
Johannes Ullrich
Flash Local-with-filesystem Sandbox Bypass
2011-01-04/a>
Johannes Ullrich
Microsoft Advisory: Vulnerability in Graphics Rendering Engine
2010-12-22/a>
John Bambenek
IIS 7.5 0-Day DoS (processing FTP requests)
2010-12-15/a>
Johannes Ullrich
OpenBSD IPSec "Backdoor"
2010-12-09/a>
Mark Hofman
Having a look at the DDOS tool used in the attacks today
2010-12-08/a>
Rob VandenBrink
Interesting DDOS activity around Wikileaks
2010-12-02/a>
Kevin Johnson
ProFTPD distribution servers compromised
2010-11-24/a>
Bojan Zdrnja
Privilege escalation 0-day in almost all Windows versions
2010-11-22/a>
Lenny Zeltser
Adobe Acrobat Spam Going Strong - More to Come?
2010-11-19/a>
Jason Lam
Adobe Reader X - Sandbox
2010-11-17/a>
Guy Bruneau
Conficker B++ Activated on Nov 15
2010-11-04/a>
Johannes Ullrich
Today's Adobe Patches and Vulnerablities
2010-10-28/a>
Manuel Humberto Santander Pelaez
CVE-2010-3654 - New dangerous 0-day authplay library adobe products vulnerability
2010-10-26/a>
Pedro Bueno
Cyber Security Awareness Month - Day 26 - Sharing Office Files
2010-10-06/a>
Robert Danford
Adobe updates: http://www.adobe.com/support/security/bulletins/apsb10-21.html
2010-09-14/a>
Adrien de Beaupre
BlackEnergy DDoS
2010-09-14/a>
Adrien de Beaupre
Adobe Flash v10.1.82.76 and earlier vulnerability in-the-wild
2010-09-13/a>
Manuel Humberto Santander Pelaez
Enhanced Mitigation Experience Toolkit can block Adobe 0-day exploit
2010-09-13/a>
Manuel Humberto Santander Pelaez
Adobe SING table parsing exploit (CVE-2010-2883) in the wild
2010-09-12/a>
Manuel Humberto Santander Pelaez
Adobe Acrobat pushstring Memory Corruption paper
2010-09-08/a>
John Bambenek
Adobe Acrobat/Reader 0-day in Wild, Adobe Issues Advisory
2010-08-30/a>
Adrien de Beaupre
Apple QuickTime potential vulnerability/backdoor
2010-08-25/a>
Pedro Bueno
Adobe released security update for Shockwave player that fix several CVEs: APSB1020
2010-08-19/a>
Rob VandenBrink
Don points us to multiple Adobe updates (Reader and Acrobat 9.3.4 among them) ==> http://www.adobe.com/support/downloads/new.jsp
2010-08-18/a>
Guy Bruneau
Adobe out-of-cycle Updates
2010-08-16/a>
Raul Siles
DDOS: State of the Art
2010-08-13/a>
Guy Bruneau
Cisco IOS Software 15.1(2)T TCP DoS
2010-08-10/a>
Jason Lam
Adobe critical security updates
2010-08-07/a>
Stephen Hall
DnsMadeEasy under a "quite large and unique" ddos.
2010-08-05/a>
Manuel Humberto Santander Pelaez
Adobe Acrobat Font Parsing Integer Overflow Vulnerability
2010-08-04/a>
Adrien de Beaupre
Multiple Cisco Advisories
2010-08-02/a>
Manuel Humberto Santander Pelaez
Securing Windows Internet Kiosk
2010-07-21/a>
Adrien de Beaupre
Adobe Reader Protected Mode
2010-06-29/a>
donald smith
Adobe Reader 9.3.3/8.2.3 addressing CVE-2010-1297
2010-06-16/a>
Kevin Shortt
Adobe Flash Player 10.1 - Security Update Available
2010-06-15/a>
Manuel Humberto Santander Pelaez
Microsoft Windows Help and Support Center vulnerability (CVE 2010-1885) exploit in the wild
2010-06-09/a>
Deborah Hale
Adobe POC in the Wild
2010-06-09/a>
Deborah Hale
Best Practice to Prevent PDF Attacks
2010-06-05/a>
Guy Bruneau
Security Advisory for Flash Player, Adobe Reader and Acrobat
2010-05-12/a>
Rob VandenBrink
Adobe Shockwave Update
2010-05-08/a>
Guy Bruneau
Wireshark DOCSIS Dissector DoS Vulnerability
2010-04-13/a>
Adrien de Beaupre
Security update available for Adobe Reader and Acrobat
2010-04-09/a>
Mark Hofman
Adobe launch issue response/work around.
2010-03-31/a>
Johannes Ullrich
PDF Arbitrary Code Execution - vulnerable by design.
2010-03-24/a>
Johannes Ullrich
".sys" Directories Delivering Driveby Downloads
2010-03-24/a>
Kyle Haugsness
Wax nostalgic - commodore64 updated to present time
2010-02-16/a>
Johannes Ullrich
Teredo "stray packet" analysis
2010-02-16/a>
Robert Danford
Adobe Updates: http://www.adobe.com/support/security/bulletins/apsb10-07.html http://www.adobe.com/support/security/bulletins/apsb10-06.html
2010-02-16/a>
Jim Clausing
Teredo request for packets
2010-02-12/a>
G. N. White
Adobe Flash Player 10.0.45.2 and AIR 1.5.3.9130 released to correct vulnerability CVE-2010-0186 Details: http://www.adobe.com/support/security/bulletins/apsb10-06.html
2010-02-11/a>
Deborah Hale
The Mysterious Blue Screen
2010-02-02/a>
Guy Bruneau
Adobe ColdFusion Information Disclosure
2010-02-02/a>
Johannes Ullrich
Pushdo Update
2010-01-30/a>
Stephen Hall
Got PushDo SSL packets?
2010-01-22/a>
Mari Nichols
Pass-down for a Successful Incident Response
2010-01-21/a>
Chris Carboni
Security Update Available for Shockwave Player
2010-01-19/a>
Jim Clausing
49Gbps DDoS, IPv4 exhaustion, and DNSSEC, oh my!
2010-01-14/a>
Bojan Zdrnja
PDF Babushka
2010-01-12/a>
Johannes Ullrich
Microsoft Advices XP Users to Uninstall Flash Player 6
2010-01-12/a>
Johannes Ullrich
Pre-Announced Adobe Reader and Acrobat Patch Found!
2010-01-07/a>
Daniel Wesemann
Static analysis of malicious PDFs
2010-01-07/a>
Daniel Wesemann
Static analysis of malicous PDFs (Part #2)
2010-01-06/a>
Johannes Ullrich
Denial of Service Attack Aftermath (and what did Iran have to do with it?)
2009-12-30/a>
Guy Bruneau
KDC DoS in cross-realm referral processing
2009-12-24/a>
Guy Bruneau
F5 BIG-IP ASM and PSM Remote Buffer Overflow
2009-12-15/a>
Johannes Ullrich
Adobe 0-day in the wild - again
2009-12-09/a>
Swa Frantzen
Adobe flash player and air patched
2009-12-09/a>
Swa Frantzen
ntpd upgrade to prevent spoofed looping
2009-12-03/a>
Mark Hofman
Next week will be a big patch week - Adobe is also releasing patches "Adobe is planning to release an update for Adobe Flash Player 10.0.32.18 and earlier versions, and an update to Adobe AIR 1.5.2 and earlier versions, to resolve critical security issues
2009-11-14/a>
Adrien de Beaupre
Microsoft advisory for Windows 7 / Windows Server 2008 R2 Remote SMB DoS Exploit released
2009-11-13/a>
Deborah Hale
Pushdo/Cutwail Spambot - A Little Known BIG Problem
2009-11-12/a>
Rob VandenBrink
Windows 7 / Windows Server 2008 Remote SMB Exploit
2009-11-03/a>
Bojan Zdrnja
Adobe released Shockwave Player 11.5.2.602 which fixes several critical security vulnerabilities
2009-10-24/a>
Marcus Sachs
Windows 7 - How is it doing?
2009-10-13/a>
Daniel Wesemann
Adobe Reader and Acrobat - Black Tuesday continues
2009-10-08/a>
Johannes Ullrich
New Adobe Vulnerability Exploited in Targeted Attacks
2009-10-05/a>
Adrien de Beaupre
Cyber Security Awareness Month - Day 5 port 31337
2009-10-04/a>
Guy Bruneau
Samba Security Information Disclosure and DoS
2009-09-09/a>
Mark Hofman
Possible DDOS on gov.au sites starting tonight?
2009-09-08/a>
Guy Bruneau
Cisco Security Advisory TCP DoS
2009-09-08/a>
Guy Bruneau
Vista/2008/Windows 7 SMB2 BSOD 0Day
2009-08-26/a>
Johannes Ullrich
WSUS 3.0 SP2 released
2009-08-18/a>
Deborah Hale
Security Bulletin for ColdFusion and JRun
2009-08-08/a>
Guy Bruneau
XML Libraries Data Parsing Vulnerabilities
2009-07-31/a>
Deborah Hale
Adobe Patch is out
2009-07-29/a>
Bojan Zdrnja
BIND 9 DoS attacks in the wild
2009-07-22/a>
Bojan Zdrnja
YA0D (Yet Another 0-Day) in Adobe Flash player
2009-07-16/a>
Guy Bruneau
Changes in Windows Security Center
2009-07-09/a>
John Bambenek
Latest Updates on Ongoing DDoS on Governmental/Commercial Websites in USA and S. Korea
2009-07-08/a>
Marcus Sachs
RFI: DDoS Against Government and Civilian Web Sites
2009-07-02/a>
Daniel Wesemann
Time to update updating on PCs for 3rd party apps
2009-06-24/a>
Kyle Haugsness
Adobe Shockwave Player Update
2009-06-23/a>
Bojan Zdrnja
Slowloris and Iranian DDoS attacks
2009-06-21/a>
Bojan Zdrnja
Apache HTTP DoS tool mitigation
2009-06-18/a>
Bojan Zdrnja
Apache HTTP DoS tool released
2009-06-09/a>
Swa Frantzen
Adobe June Black Tuesday upgrades
2009-05-24/a>
Raul Siles
Analyzing malicious PDF documents
2009-05-22/a>
Mark Hofman
Patching and Adobe
2009-05-12/a>
Swa Frantzen
Adobe Acrobat (reader) patches released
2009-05-02/a>
Rick Wanner
More Swine/Mexican/H1N1 related domains
2009-05-01/a>
Adrien de Beaupre
Adobe Flash Media Server privilege escalation security bulletin
2009-04-29/a>
Jason Lam
Two Adobe 0-day vulnerabilities
2009-04-27/a>
Johannes Ullrich
Swine Flu (Mexican Flu) related domains
2009-04-20/a>
Jason Lam
Digital Content on TV
2009-04-16/a>
Adrien de Beaupre
Strange Windows Event Log entry
2009-04-09/a>
Johannes Ullrich
Conficker update with payload
2009-04-02/a>
Handlers
A view from the CWG Trenches
2009-03-28/a>
Rick Wanner
New Beta release of Nmap
2009-03-18/a>
Adrien de Beaupre
Adobe Security Bulletin Adobe Reader and Acrobat
2009-03-10/a>
Swa Frantzen
Adobe Acrobat 9.1 released
2009-03-08/a>
Marcus Sachs
Behind the Estonia Cyber Attacks
2009-02-25/a>
Andre Ludwig
Preview/Iphone/Linux pdf issues
2009-02-25/a>
Andre Ludwig
Adobe Acrobat pdf 0-day exploit, No JavaScript needed!
2009-02-25/a>
Andre Ludwig
Adobe flash player patch
2009-02-13/a>
Andre Ludwig
Third party information on conficker
2009-02-12/a>
Mark Hofman
Australian Bushfires
2009-01-31/a>
Swa Frantzen
DNS DDoS - let's use a long term solution
2009-01-31/a>
Swa Frantzen
Windows 7 - not so secure ?
2009-01-31/a>
Swa Frantzen
VMware updates
2009-01-16/a>
G. N. White
Conficker.B/Downadup.B/Kido: F-Secure publishes details pertaining to their counting methodology of compromised machines
2009-01-15/a>
Bojan Zdrnja
Conficker's autorun and social engineering
2009-01-12/a>
William Salusky
Downadup / Conficker - MS08-067 exploit and Windows domain account lockout
2008-12-09/a>
Swa Frantzen
Contacting us might be hard today
2008-12-05/a>
Daniel Wesemann
Been updatin' your Flash player lately?
2008-12-03/a>
Andre Ludwig
New ISC Poll! Has your organization suffered a DDoS (Distributed Denial of Service) attack in the last year?
2008-11-29/a>
Pedro Bueno
Ubuntu users: Time to update!
2008-11-17/a>
Jim Clausing
Critical update to Adobe AIR
2008-11-11/a>
Swa Frantzen
Acrobat continued activity in the wild
2008-11-06/a>
Joel Esler
More Adobe Updates
2008-10-15/a>
Mari Nichols
Adobe Flash 10 Released
2008-09-09/a>
Swa Frantzen
wordpress upgrade
2008-08-15/a>
Jim Clausing
OMFW 2008 reflections
2008-07-20/a>
Kevin Liston
Denial of Service Attack Against Georgia-- Are You Participating?
2008-07-17/a>
Mari Nichols
Adobe Reader 9 Released
2008-07-11/a>
Raul Siles
How to Determine if Adobe Acrobat or Reader 8.1.2 Security Update 1 is Installed?
2008-06-13/a>
Johannes Ullrich
Floods: More of the same (2)
2008-06-12/a>
Bojan Zdrnja
Safari on Windows - not looking good
2008-05-27/a>
Adrien de Beaupre
Adobe flash player vuln
2008-05-26/a>
Marcus Sachs
Predictable Response
2008-05-17/a>
Jim Clausing
Disaster donation scams continue
2008-05-17/a>
Lorna Hutcheson
XP SP3 Issues
2008-05-12/a>
Scott Fendley
Adobe Releases Security Updates
2008-05-06/a>
John Bambenek
Windows XP Service Pack 3 Released
2008-05-01/a>
Adrien de Beaupre
Windows XP SteadyState
2008-04-29/a>
Bojan Zdrnja
Windows Service Pack blocker tool
2008-04-18/a>
John Bambenek
The Patch Window is Gone: Automated Patch-Based Exploit Generation
2008-04-16/a>
William Stearns
Windows XP Service Pack 3 - unofficial schedule: Apr 21-28
2008-04-10/a>
Deborah Hale
DSLReports Being Attacked Again
2008-04-09/a>
Raul Siles
Critical vulnerabilities in Adobe Flash Player
2008-03-20/a>
Joel Esler
Potential Vulnerability in Flash CS3 Professional, Flash Professional 8 and Flash Basic 8?
2008-03-12/a>
Joel Esler
Adobe security updates
2007-01-03/a>
Toby Kohlenberg
VLC Media Player udp URL handler Format String Vulnerability
2006-11-29/a>
Toby Kohlenberg
New Adobe vulnerability
2006-11-14/a>
Jim Clausing
MS06-069: Adobe Flash Player
2006-11-14/a>
Swa Frantzen
Adobe Flash update available
2006-09-12/a>
Swa Frantzen
Adobe Flash player upgrade time
NOT
2024-04-17/a>
Xavier Mertens
Malicious PDF File Used As Delivery Mechanism
2023-08-21/a>
Xavier Mertens
Quick Malware Triage With Inotify Tools
2023-03-02/a>
Didier Stevens
YARA: Detect The Unexpected ...
2023-02-05/a>
Didier Stevens
Video: Analyzing Malicious OneNote Documents
2023-02-01/a>
Didier Stevens
Detecting (Malicious) OneNote Files
2023-01-25/a>
Xavier Mertens
A First Malicious OneNote Document
2022-12-20/a>
Xavier Mertens
Linux File System Monitoring & Actions
2022-09-18/a>
Didier Stevens
Video: Grep & Tail -f With Notepad++
2022-09-05/a>
Didier Stevens
Quickie: Grep & Tail -f With Notepad++
2022-07-05/a>
Jan Kopriva
EternalBlue 5 years after WannaCry and NotPetya
2022-06-24/a>
Xavier Mertens
Python (ab)using The Windows GUI
2018-06-16/a>
Russ McRee
Anomaly Detection & Threat Hunting with Anomalize
2017-06-28/a>
Brad Duncan
Petya? I hardly know ya! - an ISC update on the 2017-06-27 ransomware outbreak
2015-04-08/a>
Tom Webb
Is it a breach or not?
2014-06-28/a>
Mark Hofman
No more Microsoft advisory email notifications?
2013-10-05/a>
Richard Porter
Adobe Breach Notification, Notifications?
2013-04-04/a>
Johannes Ullrich
Microsoft April Patch Tuesday Advance Notification
2013-03-29/a>
Chris Mohan
Does your breach email notification look like a phish?
2013-03-02/a>
Scott Fendley
Evernote Security Issue
2013-01-15/a>
Russ McRee
Cisco introducing Cisco Security Notices 16 JAN 2013
2012-07-05/a>
Adrien de Beaupre
Microsoft advanced notification for July 2012 patch Tuesday
2012-05-22/a>
Johannes Ullrich
The "Do Not Track" header
2011-12-08/a>
Adrien de Beaupre
Microsoft Security Bulletin Advance Notification for December 2011
2011-09-20/a>
Swa Frantzen
Diginotar declared bankrupt
2011-09-19/a>
Guy Bruneau
MS Security Advisory Update - Fraudulent DigiNotar Certificates
2011-09-15/a>
Swa Frantzen
DigiNotar looses their accreditation for qualified certificates
2011-09-13/a>
Swa Frantzen
More DigiNotar intermediate certificates blocklisted at Microsoft
2011-09-07/a>
Lenny Zeltser
GlobalSign Temporarily Stops Issuing Certificates to Investigate a Potential Breach
2011-09-06/a>
Johannes Ullrich
Microsoft Releases Diginotar Related Patch and Advisory
2011-09-06/a>
Swa Frantzen
DigiNotar audit - intermediate report available
2011-09-01/a>
Swa Frantzen
DigiNotar breach - the story so far
2011-08-31/a>
Johannes Ullrich
Firefox/Thunderbird 6.0.1 released to blocklist bad DigiNotar SSL certificates
2011-07-29/a>
Richard Porter
Apple Lion talking on TCP 5223
2011-06-21/a>
Chris Mohan
StartSSL, a web authentication authority, suspend services after a security breach
2011-04-28/a>
Chris Mohan
DSL Reports advise 9,000 accounts were compromised
2011-04-03/a>
Richard Porter
Extreme Disclosure? Not yet but a great trend!
2010-02-09/a>
Adrien de Beaupre
When is a 0day not a 0day? Samba symlink bad default config
2009-11-05/a>
Swa Frantzen
RIM fixes random code execution vulnerability
2009-07-23/a>
John Bambenek
Missouri Passes Breach Notification Law: Gap Still Exists for Banking Account Information
2009-04-24/a>
John Bambenek
Data Leak Prevention: Proactive Security Requirements of Breach Notification Laws
2008-04-08/a>
Swa Frantzen
Notes file viewer vulnerabilities
TRACK
2014-08-29/a>
Johannes Ullrich
False Positive or Not? Difficult to Analyze Javascript
2013-03-06/a>
Adam Swanger
IPv6 Focus Month: Guest Diary: Stephen Groat - Geolocation Using IPv6 Addresses
2012-08-14/a>
Rick Wanner
Backtrack 5 r3 released - http://www.backtrack-linux.org/downloads/
2012-05-22/a>
Johannes Ullrich
The "Do Not Track" header
2012-04-12/a>
Guy Bruneau
wicd Privilege Escalation 0day exploit for Backtrack 5 R2
2011-05-10/a>
Swa Frantzen
Backtrack 5 released
2010-12-27/a>
Johannes Ullrich
Various sites "Owned and Exposed"
2010-05-19/a>
Jason Lam
EFF paper about browser tracking
2010-01-11/a>
Adrien de Beaupre
BackTrack 4 final released http://www.remote-exploit.org/news.html http://www.backtrack-linux.org/downloads/
2008-09-16/a>
donald smith
Don't open that invoice.zip file its not from UPS
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Contact Us
Contact Us
About Us
Handlers
About Us
Slack Channel
Mastodon
Bluesky
X
Have you seen our swag?
Buy SANS ISC Gear