Bojan Zdrnja Diaries
- Open redirects ... and why Phishers love them
- Network Forensics on Azure VMs (Part #2)
- Network Forensics on Azure VMs (Part #1)
- Ransomware Defenses
- Exposed Azure Storage Containers
- Office macro execution evidence
- Forensicating Azure VMs
- Emotet vs. Windows Attack Surface Reduction
- DNS Logs in Public Clouds
- Preventing Exposed Azure Blob Storage
- Exposed Blob Storage in Azure
- Shipping dangerous goods
- IOC's turning into IOOI's
- Making sense of Azure AD (AAD) activity logs
- Are you getting I-CANNED ?
- Decoding Pseudo-Darkleech (Part #2)
- Decoding Pseudo-Darkleech (#1)
- New Years Resolutions
- Critical Security Controls: Getting to know the unknown
- Cisco IOS / IOS XE security advisories
- Making our users unlearn what we taught them
- How to hack
- Encryption of "data at rest" in servers
- Gift card from Marriott?
- Angler's best friends
- Cisco default credentials - again!
- Oh Bloat!
- UDP/3478 to Amazon 54.84.9.242 -- got packets? (solved)
- Scammy Nepal earthquake donation requests
- Pin-up on your Smartphone!
- Pass the hash!
- New SANS memory forensics poster
- DNS-based DDoS
- Macros? Really?!
- Shellshock keeps on giving!
- tcp/6379 trolling - Redis NoSQL? Or something else?
- PCRE for malware audits
- 20$ is 999999 Euro
- Whois someone else?
- Your online background check is now public!
- https://yourfakebank.support -- TLD confusion starts!
- WordPress brute force attack via wp.getUsersBlogs
- App "telemetry"
- Ivan's Order of Magnitude
- Oracle July 2014 CPU (patch bundle)
- Oracle Java: 20 new vulnerabilities patched
- AOC Cloud
- E-ZPass phishing scam
- Who inherits your IP address?
- Who owns your typo?
- Made any new friends lately?
- Pay attention to Cryptowall!
- Help your pilot fly!
- Gimme your keys!
- Sampling Bias
- Allow us to leave!
- Finding the bleeders
- OpenSSL Rampage
- Web server logs containing RS=^ ?
- Identification and authentication are hard ... finding out intention is even harder
- Triple Handshake Cookie Cutter
- XPired!
- Fiesta!
- Oversharing
- Unfriendly crontab additions
- Mr Jones wants you to appear in court!
- Costco, BestBuy, Walmart really want to send you a package!
- Adobe phishing underway
- authorized key lime pie
- TIFF images in MS-Office documents used in targeted attacks
- Is your vacuum cleaner sending spam?
- Exploit cocktail (Struts, Java, Windows) going after 3-month old vulnerabilities
- 37.58.73.42 / 95.156.228.69 / 195.210.43.42, anyone?
- SANSFIRE 2013
- 100% Compliant (for 65% of the systems)
- e-netprotections.su ?
- Extracting signatures from Apple .apps
- The cost of cleaning up
- How your Webhosting Account is Getting Abused
- Parsing Windows Eventlogs in Powershell
- Patch pre-notification from Adobe and Microsoft
- Blue for Reset?
- White House strategy on security information sharing and safeguarding
- Rich Quick Make Money!
- Comodo DNS hiccup on usertrust.com
- Fake tech support calls - revisited
- Snipping Leaks
- Adobe Patches
- Get a 40% discount on your hotel room!
- Lamiabiocasa
- The shortcomings of anti-virus software
- Patched your Java yet?
- Phishing for Payroll with unpatched Java
- SQL injection, lilupophilupop-style
- What's up with port 79 ?
- Run, Forest! (Update)
- Run, Forest!
- Vulnerabilityqueerprocessbrittleness
- Blacole's shell code
- Blacole's obfuscated JavaScript
- Anti-virus scanning exclusions
- Oracle CPU Patches announced for Apr 17
- Fake tech reps calling
- Tomorrow, the world will end
- evilcode.class
- Hello, Antony!
- Hash collisions vulnerability in web servers
- .nl.ai ?
- Printer Pranks
- Java 6u30 released
- You won 100$ or a free iPad!
- Unwanted Presents
- Critical Control 20: Security Skills Assessment and Training to fill Gaps
- The SSD dilemma
- User Agent 007
- Anatomy of a Unix breach
- OWASP Session Management "Cheat Sheet"
- Down the FakeAV rabbit hole
- Apple advisory on "MacDefender" malware
- Weekend reading
- Fake AV Bingo
- Virustotal.com hiccup
- Data Breach Investigations Report published by Verizon
- Malware emails with fake cellphone invoice
- Requesting deletion of "free" email and chat accounts
- Making sense of RSA ACE server audit logs
- AV software and "sharing samples"
- Busy patch tuesday ahead
- Oh, just click "yes"
- Oracle Patches (Jan2011 CPU)
- Yet another rogue anti-virus
- Beware of strange web sites bearing gifts ...
- Malware Domains 2234.in, 0000002.in & co
- A question of class
- Fake AV scams via Skype Chat
- Java Exploits
- Cyber Security Awareness Month - Day 22 - Security of removable media
- Cyber Security Awareness Month - Day 4 - Managing EMail
- Strange packet: "daylight rekick", anyone?
- MS10-070 OOB Patch for ASP.NET vulnerability
- Supporting the economy (in Russia and Ukraine)
- PDF analysis paper
- The wireless wiretap
- Egosurfing, the corporate way
- Microsoft EMETv2 released
- SDF, please!
- Casper the unfriendly ghost
- SSH - new brute force tool?
- Protect your privates!
- Social engineering via paper mail
- Linked into scams?
- Application Logs
- SIFT2.0 SANS Investigative Forensics Toolkit released
- Getting the EXE out of the RTF again
- salefale-dot-com is bad
- What is your firewall log telling you - Part #2
- Juniper routers may crash on certain malformed packets
- Static analysis of malicous PDFs (Part #2)
- Static analysis of malicious PDFs
- In caches, danger lurks
- overlay.xul is back
- The economics of security advice (MSFT research paper)
- Max Power's Malware Paradise
- Password rules: Change them every 25 years
- IDN ccTLDs
- Scam Email
- Cyber Security Awareness Month - Day 19 - ICMP
- Backed up, lately ?
- Adobe Reader and Acrobat - Black Tuesday continues
- Cyber Security Awareness Month - Day 3 - Port 5900 - VNC
- Checking your protection
- Forensics: Mounting partitions from full-disk 'dd' images
- Unpatched Bloatware on new PCs
- Getting the EXE out of the RTF
- Time to update updating on PCs for 3rd party apps
- Drive-by Blackouting ?
- IIS6.0 WebDav Remote Auth Bypass
- Warranty void if seal shredded?
- Guess what? SSH again!
- Watch your Internet routers!
- Locate Conficker infected hosts with a network scan!
- Turf War
- And the Oscar goes to...
- Titan Shields up!
- Firefox 3.0.6
- 3322. org
- DNS queries for "."
- Baby, baby!
- Been updatin' your Flash player lately?
- Patchbag: WinZip / MPlayer / RealWin SCADA vuln
- ASPROX mutant
- Staying current, but not too current
- Static analysis of Shellcode - Part 2
- Static analysis of Shellcode
- Watching those DNS logs
- The news update you never asked for
- DR/BCM lessons from the Vancouver fire
- Obfuscated JavaScript Redux
- Automatic wireless connections
- INFOcon back to green
- Advanced obfuscated JavaScript analysis
- nmidahena
- Tax day scams
- In a world of encrypted traffic, where is the NIDS ?
- Unzip of Death?
- New TrueCrypt supports full HD encryption
- When security improvements backfire
- New MS Excel vulnerability could allow remote code execution
- Java.ByteVerify exploit
- Using Cisco CSA? Time to patch!
- Overzlobbed
- Cyber Security Awareness Tip #24: Not all patches are released on a Tuesday
- Malware Megabucks International
- Mailbag
- Antivirus: The emperor is naked
- Google Counter ... isn't
- BBB goes IRS
- Virus detection - vector vs. payload
- Mailbag: MS Patches / Symantec Vuln
- Malware from dot-CN
- Malware Soup du Jour
- movie.exe spammed
- Not so funny.php
- Mac OS X patches
- The end of the trend
- Javascript decoding round-up
- Where is Cameroon ?
- Happy Patch Tuesday ahead
- New MSN worm in Asia
- TrendMicro Anti-Virus vulnerability
- Advance info on Microsoft patches due on Jan 9
- Cuckoo's egg on the face
- Cross-Site (XSS) bug in GMail
- Pain reliever with serious side effects
- postcard.exe
- Ghoulies and Ghosties
- VML exploits with OS version detection
- TOR servers seized by police in Germany
- Log analysis and marketing decisions don't mix
- Cisco Advisories
- More on encoded malware
- Tip of the day: Test, don't ping
- Decoding malware
- MS06-040 wgareg / wgavm update
- named/bind error messages - solved
- Tip of the Day: Remove Default Route
- Mailbag
- Firefox fix 1.5.0.3 / MySQL Patches
- Relay reject woes
- The chocolate / attack correlation
- Horde exploit downloading Perl/Shellbot
- Coolwebsearch / Trafficadvance got a new home...
- Fondly reminiscing the past
- Grampa's backup
- McAfee/NAI rolls bad pattern
- Bargain: 10'000 infected PC's for only 25$
- "Free" exchange rate conversion
- Mwcollect and Nepenthes merging
- Antiphishing.org Trend Report
- W32/Feebs again
- New email virus making the rounds
- Default Password in Cisco MARS
- The most hated IP address of 2005 ?
- Searching money, finding exploit
- New Beagle on the war path
- If MS05-054 doesn't apply correctly...
- LAND attacks against network devices
- MS05-051 (MSDTC) Malware / Port 1025
- Mambo exploit making the rounds
- loadadv.exe
- parishilton.scr
- Getting spamfiltered?
- Outage on Verio and Level3
- s_ta_ts.js, anyone?
- Nasty Games of Hide and Seek in the Registry; Nepenthes
- Who needs .info/.biz, anyway ? ; Cisco IPV6 vuln ; NIST minimum security requirements
- Analyzing evidence of DNS attacks in PIX firewall logs; Trojans for industrial espionage; openrbl.org offline?
- Catch of the Day; Scripted mass hack; Not-so-black Tuesday ahead
- Malware from China; Googkle is gone; IM Worm/Botnet going in circles
- 7sir7 Mass Hack Update / DNS Cache Poisoning / Phishing with a twist
- Arkeia remote exploit scan activity; More MyDoom; Where is Tokelau?; IRC Botnet