Date Author Title
2024-10-24Johannes UllrichDevelopment Features Enabled in Prodcution
2024-10-09Xavier MertensFrom Perfctl to InfoStealer
2024-09-16Xavier MertensManaging PE Files With Overlays
2024-08-22Johannes UllrichOpenAI Scans for Honeypots. Artificially Malicious? Action Abuse?
2024-08-14Xavier MertensMultiple Malware Dropped Through MSI Package
2024-06-20Guy BruneauNo Excuses, Free Tools to Help Secure Authentication in Ubuntu Linux [Guest Diary]
2024-02-29Jesse La Grew[Guest Diary] Dissecting DarkGate: Modular Malware Delivery and Persistence as a Service.
2023-11-16Johannes UllrichBeyond -n: Optimizing tcpdump performance
2023-06-27Xavier MertensThe Importance of Malware Triage
2023-06-24Guy BruneauEmail Spam with Attachment Modiloader
2023-06-19Xavier MertensMalware Delivered Through .inf File
2023-05-26Xavier MertensUsing DFIR Techniques To Recover From Infrastructure Outages
2023-05-16Jesse La GrewSignals Defense With Faraday Bags & Flipper Zero
2023-05-14Guy BruneauVMware Aria Operations addresses multiple Local Privilege Escalations and a Deserialization issue
2023-02-25Didier StevensCrypto Inside a Browser
2022-11-02Rob VandenBrinkBreakpoints in Burp
2022-10-17Xavier MertensFileless Powershell Dropper
2022-09-22Xavier MertensRAT Delivered Through FODHelper
2022-09-03Didier StevensVideo: James Webb JPEG With Malware
2022-09-02Didier StevensJames Webb JPEG With Malware
2022-08-22Xavier Mertens32 or 64 bits Malware?
2022-07-05Jan KoprivaEternalBlue 5 years after WannaCry and NotPetya
2022-06-20Johannes UllrichOdd TCP Fast Open Packets. Anybody understands why?
2022-05-29Didier StevensExtracting The Overlay Of A PE File
2022-05-28Didier StevensHuge Signed PE File: Keeping The Signature
2022-05-26Didier StevensHuge Signed PE File
2022-04-11Johannes UllrichSpring: It isn't just about Spring4Shell. Spring Cloud Function Vulnerabilities are being probed too.
2022-03-30Johannes UllrichJava Springtime Confusion: What Vulnerability are We Talking About
2022-03-18Johannes UllrichScans for Movable Type Vulnerability (CVE-2021-20837)
2022-03-04Johannes UllrichScam E-Mail Impersonating Red Cross
2022-03-03Johannes UllrichAttackers Search For Exposed "LuCI" Folders: Help me understand this attack
2022-02-11Xavier MertensCinaRAT Delivered Through HTML ID Attributes
2022-01-31Xavier MertensBe careful with RPMSG files
2021-12-31Jan KoprivaDo you want your Agent Tesla in the 300 MB or 8 kB package?
2021-12-21Xavier MertensMore Undetected PowerShell Dropper
2021-10-30Guy BruneauRemote Desktop Protocol (RDP) Discovery
2021-08-04Yee Ching TokPivoting and Hunting for Shenanigans from a Reported Phishing Domain
2021-07-24Bojan ZdrnjaActive Directory Certificate Services (ADCS - PKI) domain admin vulnerability
2021-07-20Bojan ZdrnjaSummer of SAM - incorrect permissions on Windows 10/11 hives
2021-06-18Daniel WesemannOpen redirects ... and why Phishers love them
2021-05-29Guy BruneauSpear-phishing Email Targeting Outlook Mail Clients
2021-05-14Xavier Mertens"Open" Access to Industrial Systems Interface is Also Far From Zero
2021-04-22Xavier MertensHow Safe Are Your Docker Images?
2021-03-16Jan Kopriva50 years of malware? Not really. 50 years of computer worms? That's a different story...
2021-03-04Xavier MertensFrom VBS, PowerShell, C Sharp, Process Hollowing to RAT
2021-01-11Rob VandenBrinkUsing the NVD Database and API to Keep Up with Vulnerabilities and Patches - Tool Drop: CVEScan (Part 3 of 3)
2021-01-07Rob VandenBrinkUsing the NIST Database and API to Keep Up with Vulnerabilities and Patches (Part 1 of 3)
2020-12-29Jan KoprivaWant to know what's in a folder you don't have a permission to access? Try asking your AV solution...
2020-11-19Xavier MertensPowerShell Dropper Delivering Formbook
2020-08-25Xavier MertensKeep An Eye on LOLBins
2020-08-10Bojan ZdrnjaScoping web application and web service penetration tests
2020-06-30Russ McReeISC Snapshot: SpectX IP Hitcount Query
2020-06-11Xavier MertensAnti-Debugging JavaScript Techniques
2020-05-15Rob VandenBrinkSHA3 Hashes (on Windows) - Where Art Thou?
2020-04-21Russ McReeSpectX: Log Parser for DFIR
2020-03-26Xavier MertensVery Large Sample as Evasion Technique?
2020-03-15Guy BruneauVPN Access and Activity Monitoring
2019-12-04Jan KoprivaAnalysis of a strangely poetic malware
2019-11-29Russ McReeISC Snapshot: Search with SauronEye
2019-10-22Bojan ZdrnjaTesting TLSv1.3 and supported ciphers
2019-08-28Johannes Ullrich[Guest Diary] Open Redirect: A Small But Very Common Vulnerability
2019-08-22Xavier MertensSimple Mimikatz & RDPWrapper Dropper
2019-08-21Russ McReeKAPE: Kroll Artifact Parser and Extractor
2019-08-15Didier StevensAnalysis of a Spearphishing Maldoc
2019-07-24Xavier MertensMay People Be Considered as IOC?
2019-05-16Xavier MertensThe Risk of Authenticated Vulnerability Scans
2019-04-26Rob VandenBrinkPillaging Passwords from Service Accounts
2019-04-01Didier StevensAnalysis of PDFs Created with OpenOffice/LibreOffice
2019-03-15Remco VerhoefBinary Analysis with Jupyter and Radare2
2019-02-17Didier StevensVideo: Finding Property Values in Office Documents
2019-02-16Didier StevensFinding Property Values in Office Documents
2019-01-05Didier StevensA Malicious JPEG? Second Example
2019-01-04Didier StevensA Malicious JPEG?
2018-11-27Xavier MertensMore obfuscated shell scripts: Fake MacOS Flash update
2018-11-26Russ McReeViperMonkey: VBA maldoc deobfuscation
2018-11-04Pasquale StirparoBeyond good ol' LaunchAgent - part 1
2018-10-26Xavier MertensDissecting Malicious Office Documents with Linux
2018-10-21Pasquale StirparoBeyond good ol’ LaunchAgent - part 0
2018-10-08Guy BruneauLatest Release of rockNSM 2.1
2018-08-20Didier StevensOpenSSH user enumeration (CVE-2018-15473)
2018-07-11Remco VerhoefWell, Hello Again Peppa!
2018-06-07Remco VerhoefAutomated twitter loot collection
2018-05-24Xavier Mertens"Blocked" Does Not Mean "Forget It"
2018-05-07Xavier MertensAdding Persistence Via Scheduled Tasks
2018-04-28Rick WannerMicrosoft Security Update for Spectre V2
2018-01-28Didier StevensIs this a pentest?
2018-01-10Russ McReeGitHub InfoSec Threepeat: HELK, ptf, and VulnWhisperer
2018-01-08Bojan ZdrnjaMeltdown and Spectre: clearing up the confusion
2017-11-25Guy BruneauBenefits associated with the use of Open Source Software
2017-11-07Xavier MertensInteresting VBA Dropper
2017-10-30Didier StevensPE files and debug info
2017-10-08Didier StevensA strange JPEG file
2017-09-10Didier StevensAnalyzing JPEG files
2017-09-06Adrien de BeaupreModern Web Application Penetration Testing , Hash Length Extension Attacks
2017-08-10Didier StevensMaldoc Analysis with ViperMonkey
2017-07-02Didier StevensPE Section Name Descriptions
2017-06-28Brad DuncanPetya? I hardly know ya! - an ISC update on the 2017-06-27 ransomware outbreak
2017-05-18Xavier MertensMy Little CVE Bot
2017-05-05Xavier MertensHTTP Headers... the Achilles' heel of many applications
2017-04-02Guy BruneauIPFire - A Household Multipurpose Security Gateway
2016-11-25Xavier MertensFree Software Quick Security Checklist
2016-11-02Rob VandenBrinkWhat Does a Pentest Look Like?
2016-09-28Xavier MertensSNMP Pwn3ge
2016-09-04Russ McReeKali Linux 2016.2 Release: https://www.kali.org/news/kali-linux-20162-release/
2016-07-28Bojan ZdrnjaVerifying SSL/TLS certificates manually
2016-07-27Xavier MertensCritical Xen PV guests vulnerabilities
2016-06-15Richard PorterWarp Speed Ahead, L7 Open Source Packet Generator: Warp17
2016-05-21Didier StevensPython Malware - Part 2
2016-05-03Rick WannerOpenSSL Updates
2016-04-25Guy BruneauHighlights from the 2016 HPE Annual Cyber Threat Report
2016-02-27Guy BruneauOpenSSL Security Update Planned for 1 March Release
2016-02-22Xavier MertensReducing False Positives with Open Data Sources
2016-02-18Xavier MertensHunting for Executable Code in Windows Environments
2016-02-03Xavier MertensAutomating Vulnerability Scans
2016-01-31Guy BruneauOpenSSL 1.0.2 Advisory and Update
2016-01-30Xavier MertensAll CVE Details at Your Fingertips
2016-01-20Xavier Mertens/tmp, %TEMP%, ~/Desktop, T:\, ... A goldmine for pentesters!
2015-12-23Rob VandenBrinkLibraries and Dependencies - It Really is Turtles All The Way Down!
2015-12-22Rick WannerThe other Juniper vulnerability - CVE-2015-7756
2015-11-22Guy BruneauOpenDNS Research Used to Predict Threat
2015-11-09John BambenekICYMI: Widespread Unserialize Vulnerability in Java
2015-10-27Xavier MertensThe "Yes, but..." syndrome
2015-03-17Didier StevensFrom PEiD To YARA
2015-02-17Rob VandenBrinkA Different Kind of Equation
2014-08-23Guy BruneauNSS Labs Cyber Resilience Report
2014-08-12Adrien de BeaupreHost discovery with nmap
2014-08-09Adrien de BeaupreComplete application ownage via Multi-POST XSRF
2014-08-06Chris MohanOpenSSL Security Advisories http://www.openssl.org/news/secadv_20140806.txt
2014-08-04Russ McReeThreats & Indicators: A Security Intelligence Lifecycle
2014-07-05Guy BruneauMalware Analysis with pedump
2014-06-12Johannes UllrichMetasploit now includes module to exploit CVE-2014-0195 (OpenSSL DTLS Fragment Vuln.)
2014-06-05Johannes UllrichMore Details Regarding CVE-2014-0195 (DTLS arbitrary code execution)
2014-06-05Johannes UllrichUpdated OpenSSL Patch Presentation
2014-06-05Johannes UllrichCritical OpenSSL Patch Available. Patch Now!
2014-06-05Johannes UllrichInternet Storm Center Briefing on OpenSSL Vulnerabilities today at 12pm ET (8am PT/4pm UTC) https://www.sans.org/webcasts/98445
2014-04-26Guy BruneauNew Project by Linux Foundation - Core Infrastructure Initiative
2014-04-21Daniel WesemannOpenSSL Rampage
2014-04-21Daniel WesemannFinding the bleeders
2014-04-15Richard PorterVMWare Advisory VMSA-2014-0004 - Updates on OpenSSL HeartBleed http://www.vmware.com/security/advisories/VMSA-2014-0004.html
2014-04-14Kevin ShorttINFOCon Green: Heartbleed - on the mend
2014-04-11Johannes UllrichTonight OpenSSL Webcast #4: Client Side Issues / What to tell your kids & managers about it https://www.sans.org/webcasts/side-heartbleed-client-vulnerabilities-98135
2014-04-08Guy BruneauOpenSSL CVE-2014-0160 Fixed
2014-04-08Johannes Ullrich* Patch Now: OpenSSL "Heartbleed" Vulnerability
2014-04-01Basil Alawi S.TaherUpgrading Your Android, Elevating My Malware
2014-01-02John BambenekOpenSSL.org Defaced by Attackers Gaining Access to Hypervisor
2014-01-01Russ McReeSix degrees of celebration: Juniper, ANT, Shodan, Maltego, Cisco, and Tails
2014-01-01Russ McReeHappy New Year from the Syrian Electronic Army - Skype’s Social Media Accounts Hacked
2013-12-29Russ McReeOpenSSL suffers apparent defacement
2013-12-21Guy BruneauStrange DNS Queries - Request for Packets
2013-12-19Rob VandenBrinkTarget US - Credit Card Data Breach
2013-12-16Tom WebbThe case of Minerd
2013-12-01Richard PorterBPF, PCAP, Binary, hex, why they matter?
2013-11-13Johannes UllrichPacket Challenge for the Hivemind: What's happening with this Ethernet header?
2013-10-26Guy BruneauActive Perl/Shellbot Trojan
2013-10-25Rob VandenBrinkKaspersky flags TCPIP.SYS as Malware
2013-10-22Richard PorterGreenbone and OpenVAS Scanner
2013-09-05Rob VandenBrinkBuilding Your Own GPU Enabled Private Cloud
2013-08-21Rob VandenBrinkFibre Channel Reconnaissance - Reloaded
2013-05-20Guy BruneauSafe - Tools, Tactics and Techniques
2013-04-25Adam SwangerGuest Diary: Dylan Johnson - A week in the life of some Perimeter Firewalls
2013-03-18Kevin ShorttCisco IOS Type 4 Password Issue: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4
2013-03-13Johannes UllrichIPv6 Focus Month: Kaspersky Firewall IPv6 Vulnerability
2013-02-25Johannes UllrichTrustwave Trustkeeper Phish
2013-02-25Johannes UllrichPunkspider enumerates web application vulnerabilities
2013-02-11John BambenekOpenSSL 1.0.1e Released with Corrected fix for CVE-2013-1069, more here: http://www.openssl.org/
2013-02-04Adam SwangerSAN Securing The Human Monthly Awareness Video - Advanced Persistent Threat (APT) http://www.securingthehuman.org/resources/ncsam
2013-01-15Rob VandenBrinkWhen Disabling IE6 (or Java, or whatever) is not an Option...
2012-12-06Johannes UllrichHow to identify if you are behind a "Transparent Proxy"
2012-12-04Johannes UllrichWhere do your backup tapes go to die?
2012-11-14Jim ClausingSkype account hijack vulnerability fixed
2012-09-19Russ McReeScript kiddie scavenging with Shellbot.S
2012-08-17Guy BruneauSuspicious eFax Spear Phishing Messages
2012-08-02Guy BruneauOpera Security Update
2012-07-21Rick WannerOpenDNS is looking for a few good malware people!
2012-05-06Jim ClausingTool updates and Win 8
2012-05-01Rob VandenBrinkAre Open SSIDs in decline?
2012-04-24Russ McReeOpenSSL reissues fix for ASN1 BIO vulnerability
2012-04-19Kevin ShorttOpenSSL Security Advisory - CVE-2012-2110
2012-03-27Guy BruneauOpera 11.62 for Windows patch several bugs and vulnerabilities - http://www.opera.com/docs/changelogs/windows/1162/
2012-03-12Guy BruneauOpenSSL Security Update
2012-01-13Guy BruneauStrange DNS Queries - Request Packets/Logs
2012-01-07Scott FendleyUpdated OpenDLP
2011-11-07Rob VandenBrinkStuff I Learned Scripting - Evaluating a Remote SSL Certificate
2011-11-07Rob VandenBrinkJuniper BGP issues causing locallized Internet Problems
2011-11-04Guy BruneauDuqu Mitigation
2011-10-26Rick WannerCritical Control 17:Penetration Tests and Red Team Exercises
2011-08-26Daniel WesemannUser Agent 007
2011-07-19Richard PorterSMS Phishing at the SANSFire 2011 Handler Dinner
2011-06-28Johannes UllrichUpdate: Opera 11.50 is now available http://www.opera.com/
2011-06-04Rick WannerDo you have a personal disaster recovery plan?
2011-05-31Johannes UllrichSkype EasyBits Add-on
2011-05-09Rick WannerSerious flaw in OpenID
2011-05-09Rick WannerVUPEN Security pwns Google Chrome
2011-05-06Richard PorterUnpatched Exploit: Skype for MAC
2011-04-18John BambenekWordpress.com Security Breach
2011-03-16Johannes UllrichAnalyzing HTTP Packet Captures
2011-02-21Adrien de BeaupreKaspersky update servers unreachable
2011-02-19Guy BruneauSnort Data Acquisition Library
2011-02-05Guy BruneauOpenSSH Legacy Certificate Information Disclosure Vulnerability
2011-01-28Guy BruneauOpenOffice Security Fixes
2011-01-27Chris CarboniOpera Updates
2011-01-12Richard PorterHow Many Loyalty Cards do you Carry?
2010-12-30Rick WannerObvious Lessons from the Skype outage
2010-12-15Johannes UllrichOpenBSD IPSec "Backdoor"
2010-11-19Jason LamExchanging and sharing of assessment results
2010-11-16Guy Bruneau OpenSSL TLS Extension Parsing Race Condition
2010-11-08Manuel Humberto Santander PelaezNetwork Security Perimeter: How to choose the correct firewall and IPS for your environment?
2010-10-22Manuel Humberto Santander PelaezIntypedia project
2010-10-12Adrien de BeaupreNew version of Opera- Opera 10.63 is a recommended upgrade offering security and stability enhancements: http://www.opera.com/browser/download/
2010-09-16Johannes UllrichOpenX Ad-Server Vulnerability
2010-09-09Jim ClausingOpera 10.62 - security (the DLL path issue) and stability upate see http://www.opera.com/docs/changelogs/windows/1062/
2010-08-23Manuel Humberto Santander PelaezFirefox plugins to perform penetration testing activities
2010-08-19Daniel WesemannCasper the unfriendly ghost
2010-08-16Raul SilesBlind Elephant: A New Web Application Fingerprinting Tool
2010-08-15Manuel Humberto Santander PelaezOpensolaris project cancelled, replaced by Solaris 11 express
2010-08-05Manuel Humberto Santander PelaezAdobe Acrobat Font Parsing Integer Overflow Vulnerability
2010-07-24Manuel Humberto Santander PelaezTypes of diary: One liners vs full diary
2010-06-23Scott FendleyOpera Browser Update
2010-06-06Manuel Humberto Santander PelaezNice OS X exploit tutorial
2010-06-05Guy BruneauOpenOffice.org 3.2.1 Fixes Bugs and Vulnerabilities
2010-06-02Mark HofmanOpenSSL version 1.0.0a released. This fixes a number of security issues. Don't forget a number of commercial appliances will be using this, so look for vendor updates soon.
2010-05-22Rick WannerSANS 2010 Digital Forensics Summit - APT Based Forensic Challenge
2010-04-25Raul SilesManual Verification of SSL/TLS Certificate Trust Chains using Openssl
2010-04-13Adrien de BeaupreWeb App Testing Tools
2010-03-29Adrien de BeaupreOpenSSL V 1.0.0 released!
2010-03-24Kyle HaugsnessWikipedia outage
2010-03-22Guy BruneauNew Opera 10.51 available with security fixes. More information available at: http://www.opera.com/docs/changelogs/windows/1051/
2010-03-11donald smithCert write up on Skype IMBot Logic and Functionality.
2010-03-05Kyle HaugsnessUnpatched Opera 10.50 and below code execution vulnerability
2010-02-26Rick WannerOpenSSL 0.9.8m released.
2010-02-22Rob VandenBrinkMultiple Security Updates for OpenOffice ==> http://www.openoffice.org/security/bulletin.html
2010-02-22Rob VandenBrinkNew Risks in Penetration Testing
2010-02-01Rob VandenBrinkNMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?
2010-01-27Raul SilesEuropean Union Security Challenge (Campus Party 2010)
2010-01-19Jim ClausingApple Security Update 2010-001
2009-11-17Guy BruneauOpenVPN Fixed OpenSSL Session Renegotiation Issue
2009-11-06Andre LudwigNew version of OpenSSL released - OpenSSL 0.9.8l
2009-10-26Johannes UllrichToday: ISC Login bugfix day. If you have issues logging in using OpenID, please email a copy of your OpenID URL to jullrich\at\sans.edu
2009-10-02Stephen HallNew version of OpenSSH released
2009-09-01Guy BruneauOpera 10 with Security Fixes
2009-07-27Raul SilesNew Hacker Challenge: Prison Break - Breaking, Entering & Decoding
2009-07-09Bojan ZdrnjaOpenSSH 0day FUD
2009-07-07Marcus SachsOpenSSH Rumors
2009-07-03Adrien de BeaupreHappy 4th of July!
2009-05-31Tony CarothersL0phtcrack is Back!
2009-05-25Jim ClausingMore tools for (US) Memorial Day
2009-05-01Adrien de BeaupreOpenBSD 4.5
2009-04-26Johannes UllrichOdd DNS Resolution for Google via OpenDNS
2009-04-21Bojan ZdrnjaWeb application vulnerabilities
2009-04-07Johannes UllrichCommon Apache Misconception
2009-03-03Kyle HaugsnessOpera browser security updates
2009-03-01Jim ClausingCool combination of tools
2009-01-08Kyle HaugsnessBIND OpenSSL follow-up
2008-12-17donald smithOpera 9.6.3 released with security fixes
2008-11-05donald smithIf you missed President Elect Obamas speech have some malware instead
2008-10-31Rick WannerSprint-Cogent Peering Issue
2008-10-30Kevin ListonOpera 9.62 available - security update
2008-10-22Mari NicholsOpera 9.6.1 Released
2008-10-07Kyle HaugsnessCogent peering problems
2008-09-20Rick WannerNew (to me) nmap Features
2008-08-20Adrien de BeaupreFrom the mailbag, Opera 9.52...
2008-07-11Jim ClausingHandling the load
2008-07-03Bojan ZdrnjaNew Opera v9.51 fixes couple of security issues
2008-07-02Jim ClausingAnother little script I threw together
2008-06-16Kevin ListonOpera 9.5 is Available
2008-06-10Swa FrantzenRansomware keybreaking
2008-06-09Scott FendleySo Where Are Those OpenSSH Key-based Attacks?
2008-05-16Daniel WesemannINFOcon back to green
2008-05-15Bojan ZdrnjaDebian and Ubuntu users: fix your keys/certificates NOW
2008-05-15Bojan ZdrnjaINFOCon yellow: update your Debian generated keys/certs ASAP
2008-05-13Swa FrantzenOpenSSH: Predictable PRNG in debian and ubuntu Linux
2008-04-23Mari NicholsWhat's New, Old and Morphing?
2008-04-14John BambenekA Federal Subpoena or Just Some More Spam & Malware?
2008-04-03Bojan ZdrnjaOpera fixes vulnerabilities and Microsoft announces April's fixes
2006-12-18Toby KohlenbergSkype worm
2006-11-29Toby KohlenbergNew Vulnerability Announcement and patches from Apple
2006-09-13Swa FrantzenPHP - shared hosters, take note.