Internet Storm Center
Sign In
Sign Up
Watch ISC TV. Great for NOCs, SOCs and Living Rooms:
https://isctv.sans.edu
Handler on Duty:
Didier Stevens
Threat Level:
green
Date
Author
Title
2023-03-21
Didier Stevens
String Obfuscation: Character Pair Reversal
2023-03-18
Xavier Mertens
Old Backdoor, New Obfuscation
2023-02-10
Xavier Mertens
Obfuscated Deactivation of Script Block Logging
2023-02-04
Guy Bruneau
Assemblyline as a Malware Analysis Sandbox
2023-01-25
Xavier Mertens
A First Malicious OneNote Document
2023-01-21
Guy Bruneau
DShield Sensor JSON Log to Elasticsearch
2023-01-17
Johannes Ullrich
Packet Tuesday: IPv6 Router Advertisements https://www.youtube.com/watch?v=uRWpB_lYIZ8
2023-01-08
Guy Bruneau
DShield Sensor JSON Log Analysis
2022-12-21
Guy Bruneau
DShield Sensor Setup in Azure
2022-12-20
Xavier Mertens
Linux File System Monitoring & Actions
2022-12-19
Xavier Mertens
Hunting for Mastodon Servers
2022-11-05
Guy Bruneau
Windows Malware with VHD Extension
2022-11-04
Xavier Mertens
Remcos Downloader with Unicode Obfuscation
2022-10-22
Didier Stevens
rtfdump's Find Option
2022-10-18
Xavier Mertens
Python Obfuscation for Dummies
2022-10-07
Xavier Mertens
Critical Fortinet Vulnerability Ahead
2022-10-04
Johannes Ullrich
Credential Harvesting with Telegram API
2022-09-26
Xavier Mertens
Easy Python Sandbox Detection
2022-09-19
Russ McRee
Chainsaw: Hunt, search, and extract event log records
2022-09-14
Xavier Mertens
Easy Process Injection within Python
2022-09-07
Johannes Ullrich
PHP Deserialization Exploit attempt
2022-08-22
Xavier Mertens
32 or 64 bits Malware?
2022-08-10
Johannes Ullrich
And Here They Come Again: DNS Reflection Attacks
2022-08-02
Johannes Ullrich
Increase in Chinese "Hacktivism" Attacks
2022-07-28
Johannes Ullrich
Exfiltrating Data With Bookmarks
2022-07-09
Didier Stevens
7-Zip Editing & MoW
2022-07-06
Johannes Ullrich
How Many SANs are Insane?
2022-06-24
Xavier Mertens
Python (ab)using The Windows GUI
2022-06-19
Didier Stevens
Video: Decoding Obfuscated BASE64 Statistically
2022-06-18
Didier Stevens
Decoding Obfuscated BASE64 Statistically
2022-06-16
Xavier Mertens
Houdini is Back Delivered Through a JavaScript Dropper
2022-06-10
Russ McRee
EPSScall: An Exploit Prediction Scoring System App
2022-06-01
Jan Kopriva
HTML phishing attachments - now with anti-analysis features
2022-05-30
Xavier Mertens
New Microsoft Office Attack Vector via "ms-msdt" Protocol Scheme (CVE-2022-30190)
2022-05-19
Brad Duncan
Bumblebee Malware from TransferXL URLs
2022-05-03
Rob VandenBrink
Finding the Real "Last Patched" Day (Interim Version)
2022-04-19
Johannes Ullrich
Resetting Linux Passwords with U-Boot Bootloaders
2022-03-29
Johannes Ullrich
More Fake/Typosquatting Twitter Accounts Asking for Ukraine Crytocurrency Donations
2022-03-27
Didier Stevens
Video: Maldoc Cleaned by Anti-Virus
2022-03-23
Brad Duncan
Arkei Variants: From Vidar to Mars Stealer
2022-03-10
Xavier Mertens
Credentials Leaks on VirusTotal
2022-03-09
Xavier Mertens
Infostealer in a Batch File
2022-03-04
Johannes Ullrich
Scam E-Mail Impersonating Red Cross
2022-03-02
Johannes Ullrich
The More Often Something is Repeated, the More True It Becomes: Dealing with Social Media
2022-02-22
Xavier Mertens
A Good Old Equation Editor Vulnerability Delivering Malware
2022-02-10
Johannes Ullrich
Zyxel Network Storage Devices Hunted By Mirai Variant
2022-02-01
Xavier Mertens
Automation is Nice But Don't Replace Your Knowledge
2022-01-29
Guy Bruneau
SIEM In this Decade, Are They Better than the Last?
2022-01-20
Xavier Mertens
RedLine Stealer Delivered Through FTP
2021-12-28
Russ McRee
LotL Classifier tests for shells, exfil, and miners
2021-12-21
Xavier Mertens
More Undetected PowerShell Dropper
2021-12-10
Xavier Mertens
Python Shellcode Injection From JSON Data
2021-12-01
Xavier Mertens
Info-Stealer Using webhook.site to Exfiltrate Data
2021-11-20
Guy Bruneau
Hikvision Security Cameras Potentially Exposed to Remote Code Execution
2021-11-18
Xavier Mertens
JavaScript Downloader Delivers Agent Tesla Trojan
2021-11-14
Didier Stevens
Video: Obfuscated Maldoc: Reversed BASE64
2021-11-08
Xavier Mertens
(Ab)Using Security Tools & Controls for the Bad
2021-11-01
Yee Ching Tok
Revisiting BrakTooth: Two Months Later
2021-10-18
Xavier Mertens
Malicious PowerShell Using Client Certificate Authentication
2021-09-24
Xavier Mertens
Keep an Eye on Your Users Mobile Devices (Simple Inventory)
2021-09-22
Didier Stevens
An XML-Obfuscated Office Document (CVE-2021-40444)
2021-09-17
Xavier Mertens
Malicious Calendar Subscriptions Are Back?
2021-09-11
Guy Bruneau
Shipping to Elasticsearch Microsoft DNS Logs
2021-09-09
Johannes Ullrich
Updates to Our Datafeeds/API
2021-09-08
Johannes Ullrich
Microsoft Offers Workaround for 0-Day Office Vulnerability (CVE-2021-40444)
2021-08-31
Yee Ching Tok
BrakTooth: Impacts, Implications and Next Steps
2021-08-29
Guy Bruneau
Filter JSON Data by Value with Linux jq
2021-08-19
Johannes Ullrich
When Lightning Strikes. What works and doesn't work.
2021-08-17
Johannes Ullrich
Laravel (<=v8.4.2) exploit attempts for CVE-2021-3129 (debug mode: Remote code execution)
2021-07-31
Guy Bruneau
Unsolicited DNS Queries
2021-07-28
Jan Kopriva
A sextortion e-mail from...IT support?!
2021-07-24
Bojan Zdrnja
Active Directory Certificate Services (ADCS - PKI) domain admin vulnerability
2021-07-14
Jan Kopriva
One way to fail at malspam - give recipients the wrong password for an encrypted attachment
2021-07-06
Xavier Mertens
Python DLL Injection Check
2021-07-04
Didier Stevens
DIY CD/DVD Destruction - Follow Up
2021-07-02
Xavier Mertens
"inception.py"... Multiple Base64 Encodings
2021-06-27
Didier Stevens
DIY CD/DVD Destruction
2021-06-25
Jim Clausing
Is this traffic bAD?
2021-06-24
Xavier Mertens
Do you Like Cookies? Some are for sale!
2021-06-21
Rick Wanner
Mitre CWE - Common Weakness Enumeration
2021-06-12
Guy Bruneau
Fortinet Targeted for Unpatched SSL VPN Discovery Activity
2021-06-04
Xavier Mertens
Russian Dolls VBS Obfuscation
2021-05-29
Guy Bruneau
Spear-phishing Email Targeting Outlook Mail Clients
2021-05-21
Xavier Mertens
Locking Kernel32.dll As Anti-Debugging Technique
2021-05-10
Johannes Ullrich
Correctly Validating IP Addresses: Why encoding matters for input validation.
2021-05-08
Guy Bruneau
Who is Probing the Internet for Research Purposes?
2021-04-29
Xavier Mertens
From Python to .Net
2021-04-10
Guy Bruneau
Building an IDS Sensor with Suricata & Zeek with Logs to ELK
2021-04-09
Xavier Mertens
No Python Interpreter? This Simple RAT Installs Its Own Copy
2021-04-02
Xavier Mertens
C2 Activity: Sandboxes or Real Victims?
2021-03-31
Xavier Mertens
Quick Analysis of a Modular InfoStealer
2021-03-17
Xavier Mertens
Defenders, Know Your Operating System Like Attackers Do!
2021-03-10
Rob VandenBrink
SharpRDP - PSExec without PSExec, PSRemoting without PowerShell
2021-03-02
Russ McRee
Adversary Simulation with Sim
2021-02-28
Didier Stevens
Maldocs: Protection Passwords
2021-02-26
Guy Bruneau
Pretending to be an Outlook Version Update
2021-02-22
Didier Stevens
Unprotecting Malicious Documents For Inspection
2021-02-13
Guy Bruneau
vSphere Replication updates address a command injection vulnerability (CVE-2021-21976) - https://www.vmware.com/security/advisories/VMSA-2021-0001.html
2021-02-13
Guy Bruneau
Using Logstash to Parse IPtables Firewall Logs
2021-02-04
Bojan Zdrnja
Abusing Google Chrome extension syncing for data exfiltration and C&C
2021-01-30
Guy Bruneau
PacketSifter as Network Parsing and Telemetry Tool
2021-01-29
Xavier Mertens
Sensitive Data Shared with Cloud Services
2021-01-18
Didier Stevens
Doc & RTF Malicious Document
2021-01-04
Jan Kopriva
From a small BAT file to Mass Logger infostealer
2021-01-02
Guy Bruneau
Protecting Home Office and Enterprise in 2021
2020-12-29
Jan Kopriva
Want to know what's in a folder you don't have a permission to access? Try asking your AV solution...
2020-12-22
Xavier Mertens
Malware Victim Selection Through WiFi Identification
2020-12-19
Guy Bruneau
Secure Communication using TLS in Elasticsearch
2020-11-30
Didier Stevens
Decrypting PowerShell Payloads (video)
2020-11-25
Xavier Mertens
Live Patching Windows API Calls Using PowerShell
2020-11-21
Guy Bruneau
VMware privilege escalation vulnerabilities (CVE-2020-4004, CVE-2020-4005) - https://www.vmware.com/security/advisories/VMSA-2020-0026.html
2020-11-20
Xavier Mertens
Malicious Python Code and LittleSnitch Detection
2020-11-19
Xavier Mertens
PowerShell Dropper Delivering Formbook
2020-11-18
Xavier Mertens
When Security Controls Lead to Security Issues
2020-11-13
Xavier Mertens
Old Worm But New Obfuscation Technique
2020-11-05
Xavier Mertens
Did You Spot "Invoke-Expression"?
2020-10-30
Xavier Mertens
Quick Status of the CAA DNS Record Adoption
2020-10-24
Guy Bruneau
An Alternative to Shodan, Censys with User-Agent CensysInspect/1.1
2020-10-14
Xavier Mertens
Nicely Obfuscated Python RAT
2020-10-07
Johannes Ullrich
Today, Nobody is Going to Attack You.
2020-10-01
Daniel Wesemann
Making sense of Azure AD (AAD) activity logs
2020-09-30
Johannes Ullrich
Scans for FPURL.xml: Reconnaissance or Not?
2020-09-24
Xavier Mertens
Party in Ibiza with PowerShell
2020-09-20
Guy Bruneau
Analysis of a Salesforce Phishing Emails
2020-09-04
Jan Kopriva
A blast from the past - XXEncoded VB6.0 Trojan
2020-08-31
Didier Stevens
Finding The Original Maldoc
2020-08-30
Johannes Ullrich
CenturyLink Outage Causing Internet Wide Problems
2020-08-29
Didier Stevens
Malicious Excel Sheet with a NULL VT Score: More Info
2020-08-28
Xavier Mertens
Example of Malicious DLL Injected in PowerShell
2020-08-25
Xavier Mertens
Keep An Eye on LOLBins
2020-08-24
Xavier Mertens
Tracking A Malware Campaign Through VT
2020-08-19
Xavier Mertens
Example of Word Document Delivering Qakbot
2020-08-18
Xavier Mertens
Using API's to Track Attackers
2020-08-16
Didier Stevens
Small Challenge: A Simple Word Maldoc - Part 3
2020-08-10
Bojan Zdrnja
Scoping web application and web service penetration tests
2020-08-04
Johannes Ullrich
Internet Choke Points: Concentration of Authoritative Name Servers
2020-08-01
Jan Kopriva
What pages do bad bots look for?
2020-07-30
Johannes Ullrich
Python Developers: Prepare!!!
2020-07-24
Xavier Mertens
Compromized Desktop Applications by Web Technologies
2020-07-20
Rick Wanner
Sextortion Update: The Final Final Chapter
2020-07-11
Guy Bruneau
VMware XPC Client validation privilege escalation vulnerability - https://www.vmware.com/security/advisories/VMSA-2020-0017.html
2020-07-08
Xavier Mertens
If You Want Something Done Right, You Have To Do It Yourself... Malware Too!
2020-06-16
Xavier Mertens
Sextortion to The Next Level
2020-06-08
Didier Stevens
Translating BASE64 Obfuscated Scripts
2020-06-04
Xavier Mertens
Anti-Debugging Technique based on Memory Protection
2020-05-14
Rob VandenBrink
Patch Tuesday Revisited - CVE-2020-1048 isn't as "Medium" as MS Would Have You Believe
2020-05-06
Xavier Mertens
Keeping an Eye on Malicious Files Life Time
2020-05-04
Didier Stevens
Sysmon and File Deletion
2020-04-27
Xavier Mertens
Powershell Payload Stored in a PSCredential Object
2020-04-24
Xavier Mertens
Malicious Excel With a Strong Obfuscation and Sandbox Evasion
2020-04-16
Johannes Ullrich
Using AppLocker to Prevent Living off the Land Attacks
2020-04-10
Xavier Mertens
PowerShell Sample Extracting Payload From SSL
2020-04-03
Xavier Mertens
Obfuscated with a Simple 0x0A
2020-03-21
Guy Bruneau
Honeypot - Scanning and Targeting Devices & Services
2020-03-15
Guy Bruneau
VPN Access and Activity Monitoring
2020-03-02
Jan Kopriva
Secure vs. cleartext protocols - couple of interesting stats
2020-02-22
Xavier Mertens
Simple but Efficient VBScript Obfuscation
2020-02-16
Guy Bruneau
SOAR or not to SOAR?
2020-02-07
Xavier Mertens
Sandbox Detection Tricks & Nice Obfuscation in a Single VBScript
2020-01-27
Johannes Ullrich
Network Security Perspective on Coronavirus Preparedness
2020-01-25
Guy Bruneau
Is Threat Hunting the new Fad?
2020-01-23
Xavier Mertens
Complex Obfuscation VS Simple Trick
2020-01-21
Russ McRee
DeepBlueCLI: Powershell Threat Hunting
2020-01-15
Johannes Ullrich
CVE-2020-0601 Followup
2020-01-11
Johannes Ullrich
Citrix ADC Exploits are Public and Heavily Used. Attempts to Install Backdoor
2020-01-10
Xavier Mertens
More Data Exfiltration
2019-12-12
Xavier Mertens
Code & Data Reuse in the Malware Ecosystem
2019-11-22
Xavier Mertens
Abusing Web Filters Misconfiguration for Reconnaissance
2019-10-19
Russell Eubanks
What Assumptions Are You Making?
2019-10-18
Xavier Mertens
Quick Malicious VBS Analysis
2019-10-10
Rob VandenBrink
Mining Live Networks for OUI Data Oddness
2019-09-27
Xavier Mertens
New Scans for Polycom Autoconfiguration Files
2019-09-22
Didier Stevens
Video: Encrypted Sextortion PDFs
2019-09-19
Xavier Mertens
Agent Tesla Trojan Abusing Corporate Email Accounts
2019-09-19
Xavier Mertens
Blocklisting or Whitelisting in the Right Way
2019-09-17
Rob VandenBrink
Investigating Gaps in your Windows Event Logs
2019-09-16
Didier Stevens
Encrypted Sextortion PDFs
2019-08-09
Xavier Mertens
100% JavaScript Phishing Page
2019-08-05
Rick Wanner
Sextortion: Follow the Money - The Final Chapter
2019-07-25
Rob VandenBrink
When Users Attack! Users (and Admins) Thwarting Security Controls
2019-07-20
Guy Bruneau
Re-evaluating Network Security - It is Increasingly More Complex
2019-07-18
Rob VandenBrink
The Other Side of Critical Control 1: 802.1x Wired Network Access Controls
2019-07-17
Xavier Mertens
Analyzis of DNS TXT Records
2019-07-11
Xavier Mertens
Russian Dolls Malicious Script Delivering Ursnif
2019-07-02
Xavier Mertens
Malicious Script With Multiple Payloads
2019-06-20
Xavier Mertens
Using a Travel Packing App for Infosec Purpose
2019-06-19
Johannes Ullrich
Critical Actively Exploited WebLogic Flaw Patched CVE-2019-2729
2019-06-10
Xavier Mertens
Interesting JavaScript Obfuscation Example
2019-04-26
Rob VandenBrink
Pillaging Passwords from Service Accounts
2019-04-25
Rob VandenBrink
Unpatched Vulnerability Alert - WebLogic Zero Day
2019-04-13
Johannes Ullrich
Configuring MTA-STS and TLS Reporting For Your Domain
2019-04-05
Russ McRee
Beagle: Graph transforms for DFIR data & logs
2019-03-27
Xavier Mertens
Running your Own Passive DNS Service
2019-03-25
Didier Stevens
"VelvetSweatshop" Maldocs: Shellcode Analysis
2019-03-24
Didier Stevens
Decoding QR Codes with Python
2019-03-23
Didier Stevens
"VelvetSweatshop" Maldocs
2019-03-21
Xavier Mertens
New Wave of Extortion Emails: Central Intelligence Agency Case
2019-03-06
Xavier Mertens
Keep an Eye on Disposable Email Addresses
2019-02-25
Didier Stevens
Sextortion Email Variant: With QR Code
2019-02-24
Guy Bruneau
Packet Editor and Builder by Colasoft
2019-02-05
Rob VandenBrink
Mitigations against Mimikatz Style Attacks
2019-02-01
Rick Wanner
Sextortion: Follow the Money Part 3 - The cashout begins!
2019-01-18
John Bambenek
Sextortion Bitcoin on the Move
2018-12-31
Didier Stevens
Software Crashes: A New Year's Resolution
2018-12-29
Didier Stevens
Video: De-DOSfuscation Example
2018-12-19
Xavier Mertens
Using OSSEC Active-Response as a DFIR Framework
2018-12-16
Guy Bruneau
Random Port Scan for Open RDP Backdoor
2018-12-15
Didier Stevens
De-DOSfuscation Example
2018-12-14
Rick Wanner
Bombstortion?? Boomstortion??
2018-12-12
Didier Stevens
Yet Another DOSfuscation Sample
2018-11-30
Remco Verhoef
CoinMiners searching for hosts
2018-11-27
Xavier Mertens
More obfuscated shell scripts: Fake MacOS Flash update
2018-11-27
Rob VandenBrink
Data Exfiltration in Penetration Tests
2018-11-26
Xavier Mertens
Obfuscated bash script targeting QNap boxes
2018-11-20
Xavier Mertens
Querying DShield from Cortex
2018-11-16
Xavier Mertens
Basic Obfuscation With Permissive Languages
2018-11-06
Xavier Mertens
Malicious Powershell Script Dissection
2018-11-05
Johannes Ullrich
Struts 2.3 Vulnerable to Two Year old File Upload Flaw
2018-10-23
Xavier Mertens
Diving into Malicious AutoIT Code
2018-10-17
Russ McRee
RedHunt Linux - Adversary Emulation, Threat Hunting & Intelligence
2018-10-12
Xavier Mertens
More Equation Editor Exploit Waves
2018-10-10
Xavier Mertens
New Campaign Using Old Equation Editor Vulnerability
2018-10-01
Didier Stevens
Decoding Custom Substitution Encodings with translate.py
2018-09-30
Didier Stevens
When DOSfuscation Helps...
2018-09-28
Xavier Mertens
More Excel DDE Code Injection
2018-09-20
Xavier Mertens
Hunting for Suspicious Processes with OSSEC
2018-09-19
Rob VandenBrink
Certificates Revisited - SSL VPN Certificates 2 Ways
2018-09-18
Rob VandenBrink
Using Certificate Transparency as an Attack / Defense Tool
2018-09-05
Rob VandenBrink
Where have all my Certificates gone? (And when do they expire?)
2018-09-05
Xavier Mertens
Malicious PowerShell Compiling C# Code on the Fly
2018-08-13
Didier Stevens
New Extortion Tricks: Now Including Your (Partial) Phone Number!
2018-08-10
Remco Verhoef
Hunting SSL/TLS clients using JA3
2018-07-30
Didier Stevens
Malicious Word documents using DOSfuscation
2018-07-29
Guy Bruneau
Using RITA for Threat Analysis
2018-07-26
Xavier Mertens
Windows Batch File Deobfuscation
2018-07-24
Tom Webb
Cell Phone Monitoring. Who is Watching the Watchers?
2018-07-12
Johannes Ullrich
New Extortion Tricks: Now Including Your Password!
2018-07-02
Guy Bruneau
VMware ESXi, Workstation, and Fusion address multiple out-of-bounds read vulnerabilities https://www.vmware.com/security/advisories/VMSA-2018-0016.html
2018-07-02
Guy Bruneau
Hello Peppa! - PHP Scans
2018-06-25
Didier Stevens
Guilty by association
2018-06-21
Xavier Mertens
Are Your Hunting Rules Still Working?
2018-06-18
Xavier Mertens
Malicious JavaScript Targeting Mobile Browsers
2018-06-17
Didier Stevens
Encrypted Office Documents
2018-06-15
Lorna Hutcheson
SMTP Strangeness - Possible C2
2018-06-13
Remco Verhoef
From Microtik with Love
2018-06-05
Xavier Mertens
Malicious Post-Exploitation Batch File
2018-06-04
Rob VandenBrink
Digging into Authenticode Certificates
2018-05-25
Xavier Mertens
Antivirus Evasion? Easy as 1,2,3
2018-05-22
Guy Bruneau
VMware updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue - https://www.vmware.com/security/advisories/VMSA-2018-0012.html
2018-05-19
Xavier Mertens
Malicious Powershell Targeting UK Bank Customers
2018-05-16
Mark Hofman
EFAIL, a weakness in openPGP and S\MIME
2018-05-10
Bojan Zdrnja
Exfiltrating data from (very) isolated environments
2018-04-30
Remco Verhoef
Another approach to webapplication fingerprinting
2018-02-25
Guy Bruneau
Blackhole Advertising Sites with Pi-hole
2018-02-02
Xavier Mertens
Simple but Effective Malicious XLS Sheet
2017-12-30
Xavier Mertens
2017, The Flood of CVEs
2017-12-27
Guy Bruneau
What are your Security Challenges for 2018?
2017-12-23
Didier Stevens
Encrypted PDFs
2017-12-14
Russ McRee
Detection Lab: Visibility & Introspection for Defenders
2017-12-13
Xavier Mertens
Tracking Newly Registered Domains
2017-12-02
Xavier Mertens
Using Bad Material for the Good
2017-11-25
Guy Bruneau
Exim Remote Code Exploit
2017-11-23
Xavier Mertens
Proactive Malicious Domain Search
2017-11-17
Xavier Mertens
Top-100 Malicious IP STIX Feed
2017-11-11
Xavier Mertens
Keep An Eye on your Root Certificates
2017-11-03
Xavier Mertens
Simple Analysis of an Obfuscated JAR File
2017-10-30
Johannes Ullrich
Critical Patch For Oracle's Identity Manager
2017-10-25
Mark Hofman
DUHK attack, continuing a week of named issues
2017-10-18
Renato Marinho
Baselining Servers to Detect Outliers
2017-10-02
Xavier Mertens
Investigating Security Incidents with Passive DNS
2017-09-30
Lorna Hutcheson
Who's Borrowing your Resources?
2017-09-22
Russell Eubanks
What is the State of Your Union?
2017-09-19
Jim Clausing
New tool: mac-robber.py
2017-09-16
Guy Bruneau
VMware ESXi, vCenter Server, Fusion and Workstation updates resolve multiple security vulnerabilities - https://www.vmware.com/security/advisories/VMSA-2017-0015.html
2017-09-11
Russ McRee
Windows Auditing with WINspect
2017-09-09
Didier Stevens
Malware analysis output sanitization
2017-09-06
Adrien de Beaupre
Modern Web Application Penetration Testing , Hash Length Extension Attacks
2017-09-02
Xavier Mertens
AutoIT based malware back in the wild
2017-07-24
Russell Eubanks
Trends Over Time
2017-07-08
Xavier Mertens
A VBScript with Obfuscated Base64 Data
2017-07-07
Renato Marinho
DDoS Extortion E-mail: Yet Another Bluff?
2017-06-22
Xavier Mertens
Obfuscating without XOR
2017-06-17
Guy Bruneau
Mapping Use Cases to Logs. Which Logs are the Most Important to Collect?
2017-06-10
Russell Eubanks
An Occasional Look in the Rear View Mirror
2017-05-28
Pasquale Stirparo
Analysis of Competing Hypotheses (ACH part 1)
2017-05-28
Guy Bruneau
CyberChef a Must Have Tool in your Tool bag!
2017-05-20
Xavier Mertens
Typosquatting: Awareness and Hunting
2017-05-16
Russ McRee
WannaCry? Do your own data analysis.
2017-05-13
Guy Bruneau
Has anyone Tested WannaCry Killswitch? - https://blog.didierstevens.com/2017/05/13/quickpost-wcry-killswitch-check-is-not-proxy-aware/
2017-05-05
Xavier Mertens
HTTP Headers... the Achilles' heel of many applications
2017-05-02
Richard Porter
Do you have Intel AMT? Then you have a problem today! Intel Active Management Technology INTEL-SA-00075
2017-04-28
Xavier Mertens
Another Day, Another Obfuscation Technique
2017-04-21
Xavier Mertens
Analysis of a Maldoc with Multiple Layers of Obfuscation
2017-04-20
Xavier Mertens
DNS Query Length... Because Size Does Matter
2017-04-19
Xavier Mertens
Hunting for Malicious Excel Sheets
2017-04-02
Guy Bruneau
IPFire - A Household Multipurpose Security Gateway
2017-03-30
Xavier Mertens
Diverting built-in features for the bad
2017-03-25
Russell Eubanks
Distraction as a Service
2017-03-24
Xavier Mertens
Nicely Obfuscated JavaScript Sample
2017-03-18
Xavier Mertens
Example of Multiple Stages Dropper
2017-03-15
Xavier Mertens
Retro Hunting!
2017-03-10
Xavier Mertens
The Side Effect of GeoIP Filters
2017-03-08
Richard Porter
What is really being proxied?
2017-03-06
Renato Marinho
A very convincing Typosquatting + Social Engineering campaign is targeting Santander corporate customers in Brazil
2017-03-04
Xavier Mertens
How your pictures may affect your website reputation
2017-02-28
Xavier Mertens
Analysis of a Simple PHP Backdoor
2017-02-13
Rob VandenBrink
Stuff I Learned Decrypting
2017-02-12
Xavier Mertens
Analysis of a Suspicious Piece of JavaScript
2017-02-09
Brad Duncan
Ticketbleed vulnerability affects some f5 appliances
2017-01-28
Lorna Hutcheson
Packet Analysis - Where do you start?
2016-12-27
Guy Bruneau
Using daemonlogger as a Software Tap
2016-12-24
Didier Stevens
Pinging All The Way
2016-11-20
Pasquale Stirparo
How many “Epoch” times? Epocalypse.py timestamp converter
2016-10-30
Pasquale Stirparo
Volatility Bot: Automated Memory Analysis
2016-10-17
Didier Stevens
Maldoc VBA Anti-Analysis: Video
2016-10-15
Didier Stevens
Maldoc VBA Anti-Analysis
2016-09-15
Xavier Mertens
In Need of a OTP Manager Soon?
2016-09-09
Xavier Mertens
Collecting Users Credentials from Locked Devices
2016-09-04
Russ McRee
Kali Linux 2016.2 Release: https://www.kali.org/news/kali-linux-20162-release/
2016-08-29
Russ McRee
Recommended Reading: Intrusion Detection Using Indicators of Compromise Based on Best Practices and Windows Event Logs
2016-08-28
Guy Bruneau
Spam with Obfuscated Javascript
2016-08-21
Rick Wanner
Cisco ASA SNMP Remote Code Execution Vulnerability
2016-08-19
Xavier Mertens
Data Classification For the Masses
2016-07-27
Xavier Mertens
Critical Xen PV guests vulnerabilities
2016-07-26
Johannes Ullrich
Command and Control Channels Using "AAAA" DNS Records
2016-07-15
Xavier Mertens
Name All the Things!
2016-07-12
Xavier Mertens
Hunting for Malicious Files with MISP + OSSEC
2016-07-07
Johannes Ullrich
Patchwork: Is it still "Advanced" if all you have to do is Copy/Paste?
2016-07-03
Guy Bruneau
Is Data Privacy part of your Company's Culture?
2016-06-22
Bojan Zdrnja
Security through obscurity never works
2016-06-03
Tom Liston
MySQL is YourSQL
2016-05-18
Russ McRee
Resources: Windows Auditing & Monitoring, Linux 2FA
2016-05-08
Jim Clausing
Guest Diary: Linux Capabilities - A friend and foe
2016-04-02
Russell Eubanks
Why Can't We Be Friends?
2016-03-23
Bojan Zdrnja
Abusing Oracles
2016-03-13
Guy Bruneau
A Look at the Mandiant M-Trends 2016 Report
2016-03-07
Xavier Mertens
Another Malicious Document, Another Way to Deliver Malicious Code
2016-02-23
Xavier Mertens
VMware VMSA-2016-0002
2016-02-22
Xavier Mertens
Reducing False Positives with Open Data Sources
2016-02-20
Didier Stevens
Locky: JavaScript Deobfuscation
2016-02-15
Bojan Zdrnja
Exploiting (pretty) blind SQL injections
2016-02-07
Xavier Mertens
More Malicious JavaScript Obfuscation
2016-02-03
Xavier Mertens
Automating Vulnerability Scans
2016-01-31
Guy Bruneau
Windows 10 and System Protection for DATA Default is OFF
2016-01-30
Xavier Mertens
All CVE Details at Your Fingertips
2016-01-29
Xavier Mertens
Scripting Web Categorization
2016-01-25
Rob VandenBrink
Assessing Remote Certificates with Powershell
2016-01-21
Jim Clausing
Scanning for Fortinet ssh backdoor
2016-01-20
Xavier Mertens
/tmp, %TEMP%, ~/Desktop, T:\, ... A goldmine for pentesters!
2016-01-15
Xavier Mertens
JavaScript Deobfuscation Tool
2016-01-05
Guy Bruneau
What are you Concerned the Most in 2016?
2015-12-29
Daniel Wesemann
New Years Resolutions
2015-12-24
Xavier Mertens
Unity Makes Strength
2015-12-21
Daniel Wesemann
Critical Security Controls: Getting to know the unknown
2015-12-05
Guy Bruneau
Are you looking to setup your own Malware Sandbox?
2015-11-09
John Bambenek
ICYMI: Widespread Unserialize Vulnerability in Java
2015-11-04
Richard Porter
Application Aware and Critical Control 2
2015-10-17
Russell Eubanks
CIS Critical Security Controls - Version 6.0
2015-10-12
Guy Bruneau
Data Visualization,What is your Tool of Choice?
2015-10-12
Guy Bruneau
Critical Vulnerability in Multiple Cisco Products - Apache Struts 2 Command Execution http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2
2015-09-03
Xavier Mertens
Querying the DShield API from RTIR
2015-09-01
Daniel Wesemann
Encryption of "data at rest" in servers
2015-08-29
Tom Webb
Automating Metrics using RTIR REST API
2015-07-31
Russ McRee
Tech tip follow-up: Using the data Invoked with R's system command
2015-07-03
Didier Stevens
Analyzing Quarantine Files
2015-06-28
Didier Stevens
The EICAR Test File
2015-06-24
Rob VandenBrink
The Powershell Diaries - Finding Problem User Accounts in AD
2015-06-02
Alex Stanford
Guest Diary: Xavier Mertens - Playing with IP Reputation with Dshield & OSSEC
2015-05-29
Russell Eubanks
Trust But Verify
2015-05-20
Brad Duncan
Logjam - vulnerabilities in Diffie-Hellman key exchange affect browsers and servers using TLS
2015-05-03
Russ McRee
VolDiff, for memory image differential analysis
2015-04-28
Daniel Wesemann
Scammy Nepal earthquake donation requests
2015-04-08
Tom Webb
Is it a breach or not?
2015-03-26
Daniel Wesemann
Pin-up on your Smartphone!
2015-03-18
Daniel Wesemann
Pass the hash!
2015-02-27
Rick Wanner
Let's Encrypt!
2015-02-17
Rob VandenBrink
A Different Kind of Equation
2015-02-11
Johannes Ullrich
Did PCI Just Kill E-Commerce By Saying SSL is Not Sufficient For Payment Info ? (spoiler: TLS!=SSL)
2015-02-10
Mark Baggett
Detecting Mimikatz Use On Your Network
2015-01-31
Guy Bruneau
Beware of Phishing and Spam Super Bowl Fans!
2014-11-27
Russ McRee
Syrian Electronic Army attack leads to malvertising
2014-09-27
Guy Bruneau
What has Bash and Heartbleed Taught Us?
2014-09-19
Guy Bruneau
CipherShed Fork from TrueCrypt Project, Support Windows, Mac OS and Linux - https://ciphershed.org
2014-09-12
Chris Mohan
Are credential dumps worth reviewing?
2014-08-29
Johannes Ullrich
False Positive or Not? Difficult to Analyze Javascript
2014-08-25
Jim Clausing
Unusual CRL traffic?
2014-08-25
Jim Clausing
UDP port 1900 DDoS traffic
2014-08-09
Adrien de Beaupre
Complete application ownage via Multi-POST XSRF
2014-08-04
Russ McRee
Threats & Indicators: A Security Intelligence Lifecycle
2014-07-30
Rick Wanner
Symantec Endpoint Protection Privilege Escalation Zero Day
2014-07-26
Chris Mohan
"Internet scanning project" scans
2014-07-09
Daniel Wesemann
Who owns your typo?
2014-07-02
Johannes Ullrich
Simple Javascript Extortion Scheme Advertised via Bing
2014-06-28
Mark Hofman
No more Microsoft advisory email notifications?
2014-06-24
Kevin Shortt
NTP DDoS Counts Have Dropped
2014-05-27
Kevin Shortt
Avast forums hacked
2014-05-23
Richard Porter
Highlights from Cisco Live 2014 - The Internet of Everything
2014-05-01
Johannes Ullrich
Busybox Honeypot Fingerprinting and a new DVR scanner
2014-04-26
Guy Bruneau
New Project by Linux Foundation - Core Infrastructure Initiative
2014-04-21
Daniel Wesemann
Allow us to leave!
2014-04-12
Guy Bruneau
Critical Security Update for JetPack WordPress Plugin. Bug has existed since Jetpack 1.9, released in October 2012. - http://jetpack.me/2014/04/10/jetpack-security-update/
2014-03-14
Richard Porter
Word Press Shenanigans? Anyone seeing strange activity today?
2014-03-13
Daniel Wesemann
Identification and authentication are hard ... finding out intention is even harder
2014-03-07
Tom Webb
Linux Memory Dump with Rekall
2014-03-04
Daniel Wesemann
Triple Handshake Cookie Cutter
2014-02-26
Russ McRee
Ongoing NTP Amplification Attacks
2014-02-14
Chris Mohan
Scanning activity for /siemens/bootstrapping/JnlpBrowser/Development/
2014-02-14
Chris Mohan
SYM14-004 Symantec Endpoint Protection Management Vulnerabilities - http://www.symantec.com/business/support/index?page=content&id=TECH214866
2014-02-03
Johannes Ullrich
When an Attack isn't an Attack
2014-01-31
Chris Mohan
Looking for packets from three particular subnets
2014-01-17
Russ McRee
Massive RFI scans likely a free web app vuln scanner rather than bots
2014-01-11
Guy Bruneau
tcpflow 1.4.4 and some of its most Interesting Features
2013-12-23
Rob VandenBrink
How-To's for the Holidays - Java Whitelisting using AD Group Policy
2013-12-20
Daniel Wesemann
authorized key lime pie
2013-12-16
Tom Webb
The case of Minerd
2013-12-10
Rob VandenBrink
Those Look Just Like Hashes!
2013-11-19
Johannes Ullrich
vBulletin.com Compromise - Possible 0-day
2013-10-25
Rob VandenBrink
Kaspersky flags TCPIP.SYS as Malware
2013-10-24
Johannes Ullrich
False Positive: php.net Malware Alert
2013-10-21
Johannes Ullrich
New tricks that may bring DNS spoofing back or: "Why you should enable DNSSEC even if it is a pain to do"
2013-10-19
Johannes Ullrich
Yet Another WHMCS SQL Injection Exploit
2013-10-12
Richard Porter
Reported Spike in tcp/5901 and tcp/5900
2013-10-05
Richard Porter
Adobe Breach Notification, Notifications?
2013-10-04
Pedro Bueno
CSAM: WebHosting BruteForce logs
2013-09-18
Rob VandenBrink
Cisco DCNM Update Released
2013-09-09
Johannes Ullrich
SSL is broken. So what?
2013-08-19
Johannes Ullrich
Running Snort on ESXi using the Distributed Switch
2013-08-14
Johannes Ullrich
Imaging LUKS Encrypted Drives
2013-08-13
Swa Frantzen
Microsoft security advisories: RDP and MD5 deprecation in Microsoft root certificates
2013-08-03
Deborah Hale
What Anti-virus Program Is Right For You?
2013-07-27
Scott Fendley
Defending Against Web Server Denial of Service Attacks
2013-07-17
Johannes Ullrich
Network Solutions Outage
2013-07-16
Johannes Ullrich
Why don't we see more examples of web app attacks via POST?
2013-07-06
Guy Bruneau
Is Metadata the Magic in Modern Network Security?
2013-07-04
Russ McRee
Celebrating 4th of July With a Malware PCAP Visualization
2013-07-01
Manuel Humberto Santander Pelaez
Using nmap scripts to enhance vulnerability asessment results
2013-06-18
Russ McRee
EMET 4.0 is now available for download
2013-06-18
Russ McRee
Volatility rules...any questions?
2013-06-07
Daniel Wesemann
100% Compliant (for 65% of the systems)
2013-05-23
Adrien de Beaupre
MoVP II
2013-05-22
Adrien de Beaupre
Privilege escalation, why should I care?
2013-05-22
Adrien de Beaupre
Apple QuickTime 7.7.4 for Windows updated, MANY security vulnerabilities: http://support.apple.com/kb/HT1222
2013-05-17
Johannes Ullrich
SSL: Another reason not to ignore IPv6
2013-05-11
Lenny Zeltser
Extracting Digital Signatures from Signed Malware
2013-05-07
Jim Clausing
Is there an epidemic of typo squatting?
2013-04-26
Russ McRee
What is "up to date anti-virus software"?
2013-04-25
Adam Swanger
Guest Diary: Dylan Johnson - A week in the life of some Perimeter Firewalls
2013-04-17
John Bambenek
UPDATEDx1: Boston-Related Malware Campaigns Have Begun - Now with Waco Plant Explosion Fun
2013-04-16
John Bambenek
Fake Boston Marathon Scams Update
2013-04-15
Rob VandenBrink
Oops - You Mean That Deleted Server was a Certificate Authority?
2013-04-04
Johannes Ullrich
Microsoft April Patch Tuesday Advance Notification
2013-03-29
Chris Mohan
Does your breach email notification look like a phish?
2013-03-23
Guy Bruneau
Apple ID Two-step Verification Now Available in some Countries
2013-03-07
Guy Bruneau
Apple Blocking Java Web plug-in
2013-03-03
Richard Porter
Uptick in MSSQL Activity
2013-02-17
Guy Bruneau
HP ArcSight Connector Appliance and Logger Vulnerabilities
2013-02-16
Lorna Hutcheson
Fedora RedHat Vulnerabilty Released
2013-02-11
John Bambenek
Is This Chinese Registrar Really Trying to XSS Me?
2013-02-08
Kevin Shortt
Is it Spam or Is it Malware?
2013-02-06
Johannes Ullrich
Are you losing system logging information (and don't know it)?
2013-02-04
Russ McRee
An expose of a recent SANS GIAC XSS vulnerability
2013-01-25
Johannes Ullrich
Vulnerability Scans via Search Engines (Request for Logs)
2013-01-15
Russ McRee
Cisco introducing Cisco Security Notices 16 JAN 2013
2013-01-09
Rob VandenBrink
SQL Injection Flaw in Ruby on Rails
2013-01-03
Bojan Zdrnja
Memory acquisition traps
2013-01-03
Manuel Humberto Santander Pelaez
New year and new CA compromised
2012-12-27
John Bambenek
It's 3pm 2 days after Christmas, do you know where your unmanaged SSH keys are?
2012-12-18
Dan Goldberg
Mitigating the impact of organizational change: a risk assessment
2012-12-04
Johannes Ullrich
Where do your backup tapes go to die?
2012-12-03
John Bambenek
John McAfee Exposes His Location in Photo About His Being on Run
2012-12-03
Kevin Liston
Recent SSH vulnerabilities
2012-12-02
Guy Bruneau
Collecting Logs from Security Devices at Home
2012-11-06
Johannes Ullrich
What to watch out For on Election Day
2012-11-02
Daniel Wesemann
The shortcomings of anti-virus software
2012-10-30
Mark Hofman
Cyber Security Awareness Month - Day 30 - DSD 35 mitigating controls
2012-10-05
Richard Porter
Reports of a Distributed Injection Scan
2012-09-19
Kevin Liston
Volatility: 2.2 is Coming Soon
2012-09-11
Adam Swanger
Microsoft September 2012 Black Tuesday Update - Overview
2012-09-08
Guy Bruneau
Webmin Input Validation Vulnerabilities
2012-09-02
Lorna Hutcheson
Demonstrating the value of your Intrusion Detection Program and Analysts
2012-08-21
Adrien de Beaupre
YYABCAFU - Yes Yet Another Bleeping Critical Adobe Flash Update
2012-08-16
Johannes Ullrich
A Poor Man's DNS Anomaly Detection Script
2012-08-14
Rick Wanner
Microsoft August 2012 Black Tuesday Update - Overview
2012-07-31
Daniel Wesemann
SQL injection, lilupophilupop-style
2012-07-21
Rick Wanner
TippingPoint DNS Version Request increase
2012-07-18
Rob VandenBrink
Vote NO to Weak Keys!
2012-07-18
Rob VandenBrink
Vote NO to Weak Encryption!
2012-07-14
Tony Carothers
User Awareness and Education
2012-07-12
Rob VandenBrink
Today at SANSFIRE - Dude Your Car is PWND !
2012-07-05
Adrien de Beaupre
Microsoft advanced notification for July 2012 patch Tuesday
2012-07-02
Dan Goldberg
Storms of June 29th 2012 in Mid Atlantic region of the USA
2012-06-22
Kevin Liston
Investigator's Tool-kit: Timeline
2012-06-20
Raul Siles
CVE-2012-0217 (from MS12-042) applies to other environments too
2012-06-19
Daniel Wesemann
Vulnerabilityqueerprocessbrittleness
2012-06-13
Johannes Ullrich
Microsoft Certificate Updater
2012-05-22
Johannes Ullrich
nmap 6 released
2012-05-21
Kevin Shortt
DNS ANY Request Cannon - Need More Packets
2012-05-17
Johannes Ullrich
New IPv6 Video: IPv6 Router Advertisements https://isc.sans.edu/ipv6videos
2012-05-16
Johannes Ullrich
Avira Antivirus false positives http://forum.avira.com/wbb/index.php?page=Thread&threadID=144875
2012-05-07
Guy Bruneau
iOS 5.1.1 Software Update for iPod, iPhone, iPad
2012-04-26
Richard Porter
Define Irony: A medical device with a Virus?
2012-04-21
Guy Bruneau
WordPress Release Security Update
2012-04-13
Daniel Wesemann
Anti-virus scanning exclusions
2012-03-16
Russ McRee
MS12-020 RDP vulnerabilities: Patch, Mitigate, Detect
2012-03-03
Jim Clausing
New automated sandbox for Android malware
2012-02-08
Jim Clausing
Chrome to stop checking Certificate Revocation List (CRL)?
2012-01-12
Rob VandenBrink
Stuff I Learned Scripting - Fun with STDERR
2012-01-05
Russ McRee
OpenSSL vulnerability fixes
2012-01-03
Bojan Zdrnja
The tale of obfuscated JavaScript continues
2011-12-25
Deborah Hale
Merry Christmas, Happy Holidays
2011-12-21
Chris Mohan
The off switch
2011-12-12
Daniel Wesemann
You won 100$ or a free iPad!
2011-12-08
Adrien de Beaupre
Microsoft Security Bulletin Advance Notification for December 2011
2011-12-01
Mark Hofman
SQL Injection Attack happening ATM
2011-11-11
Rick Wanner
APPLE-SA-2011-11-10-2 Time Capsule and AirPort Base Station (802.11n) Firmware 7.6 update
2011-11-10
Rob VandenBrink
Stuff I Learned Scripting - - Parsing XML in a One-Liner
2011-11-07
Rob VandenBrink
Stuff I Learned Scripting - Evaluating a Remote SSL Certificate
2011-11-03
Richard Porter
An Apple, Inc. Sandbox to play in.
2011-11-01
Russ McRee
Secure languages & frameworks
2011-10-29
Richard Porter
The Sub Critical Control? Evidence Collection
2011-10-28
Russ McRee
Critical Control 19: Data Recovery Capability
2011-10-28
Daniel Wesemann
Critical Control 20: Security Skills Assessment and Training to fill Gaps
2011-10-27
Mark Baggett
Critical Control 18: Incident Response Capabilities
2011-10-26
Rick Wanner
Critical Control 17:Penetration Tests and Red Team Exercises
2011-10-26
Rob VandenBrink
The Theoretical "SSL Renegotiation" Issue gets a Whole Lot More Real !
2011-10-25
Chris Mohan
Recurring reporting made easy?
2011-10-17
Rob VandenBrink
Critical Control 11: Account Monitoring and Control
2011-10-02
Mark Hofman
Cyber Security Awareness Month Day 1/2 - Schedule
2011-10-02
Mark Hofman
Cyber Security Awareness Month Day 1/2 - Introduction to the controls
2011-09-19
Guy Bruneau
MS Security Advisory Update - Fraudulent DigiNotar Certificates
2011-09-09
Guy Bruneau
Apple Certificate Trust Policy Update
2011-09-09
Guy Bruneau
Adobe Publish its List of Trusted Root Certificate - http://www.adobe.com/security/approved-trust-list.html
2011-09-08
Rob VandenBrink
When Good CA's go Bad: Other Things to Check in Your Datacenter
2011-09-05
Bojan Zdrnja
Bitcoin – crypto currency of future or heaven for criminals?
2011-08-26
Daniel Wesemann
User Agent 007
2011-08-24
Rob VandenBrink
Citrix Access Gateway Cross Site Scripting vulnerability and fix ==> http://support.citrix.com/article/CTX129971
2011-08-17
Rob VandenBrink
Putting all of Your Eggs in One Basket - or How NOT to do Layoffs
2011-08-16
Johannes Ullrich
What are the most dangerous web applications and how to secure them?
2011-08-15
Rob VandenBrink
8 Years since the Eastern Seaboard Blackout - Has it Been that Long?
2011-08-11
Guy Bruneau
BlackBerry Enterprise Server Critical Update
2011-08-04
Jim Clausing
Apple release Quicktime 7.7 fixes 14 CVEs, see http://support.apple.com/kb/HT1222
2011-07-30
Deborah Hale
Data Encryption Ban? Really?
2011-07-29
Richard Porter
Apple Lion talking on TCP 5223
2011-07-28
Johannes Ullrich
Announcing: The "404 Project"
2011-07-11
John Bambenek
Another Defense Contractor Hacked in AntiSec Hacktivism Spree
2011-07-05
Raul Siles
Helping Developers Understand Security - Spot the Vuln
2011-07-03
Deborah Hale
Business Continuation in the Face of Disaster
2011-06-22
Guy Bruneau
How Good is your Employee Termination Policy?
2011-06-21
Chris Mohan
StartSSL, a web authentication authority, suspend services after a security breach
2011-06-12
Mark Hofman
Cloud thoughts
2011-06-09
Richard Porter
One Browser to Rule them All?
2011-06-06
Johannes Ullrich
The Havij SQL Injection Tool
2011-06-02
Johannes Ullrich
Some Insight into Apple's Anti-Virus Signatures
2011-05-31
Johannes Ullrich
Apple Improving OS X Anti-Malware Feature
2011-05-30
Johannes Ullrich
Lockheed Martin and RSA Tokens
2011-05-19
Daniel Wesemann
Fake AV Bingo
2011-05-18
Bojan Zdrnja
Android, HTTP and authentication tokens
2011-05-12
Johannes Ullrich
ActiveX Flaw Affecting SCADA systems
2011-04-28
Chris Mohan
DSL Reports advise 9,000 accounts were compromised
2011-04-25
Rob VandenBrink
Sony PlayStation Network Outage - Day 5
2011-04-22
Manuel Humberto Santander Pelaez
In-house developed applications: The constant headache for the information security officer
2011-04-19
Bojan Zdrnja
SQL injection: why can’t we learn?
2011-04-03
Richard Porter
Extreme Disclosure? Not yet but a great trend!
2011-04-01
John Bambenek
LizaMoon Mass SQL-Injection Attack Infected at least 500k Websites
2011-03-17
Kevin Liston
So You Got an AV Alert. Now What?
2011-03-09
Kevin Shortt
AVG Anti-Virus 2011 False Positives - Luhe.Exploit.PDF.B
2011-03-07
Lorna Hutcheson
Call for Packets - Unassigned TCP Options
2011-03-01
Daniel Wesemann
AV software and "sharing samples"
2011-02-14
Lorna Hutcheson
Network Visualization
2011-02-08
Johannes Ullrich
Tippingpoint Releases Details on Unpatched Bugs
2011-02-05
Guy Bruneau
OpenSSH Legacy Certificate Information Disclosure Vulnerability
2011-02-04
Daniel Wesemann
Oh, just click "yes"
2011-01-25
Chris Mohan
Reviewing our preconceptions
2011-01-24
Rob VandenBrink
Where have all the COM Ports Gone? - How enumerating COM ports led to me finding a “misplaced” Microsoft tool
2011-01-18
Daniel Wesemann
Yet another rogue anti-virus
2011-01-12
Richard Porter
How Many Loyalty Cards do you Carry?
2011-01-12
Richard Porter
Yet Another Data Broker? AOL Lifestream.
2011-01-03
Johannes Ullrich
What Will Matter in 2011
2010-12-25
Manuel Humberto Santander Pelaez
An interesting vulnerability playground to learn application vulnerabilities
2010-12-18
Raul Siles
Where are the Wi-Fi Driver Vulnerabilities?
2010-12-15
Manuel Humberto Santander Pelaez
Vulnerability in the PDF distiller of the BlackBerry Attachment Service
2010-12-12
Raul Siles
New trend regarding web application vulnerabilities?
2010-12-12
Raul Siles
Apple Quickime 7.6.9 was released a few days ago (just in case you missed it): http://support.apple.com/kb/HT1222. Update all your web browser plugins!
2010-12-02
Kevin Johnson
SQL Injection: Wordpress 3.0.2 released
2010-11-24
Bojan Zdrnja
Privilege escalation 0-day in almost all Windows versions
2010-11-11
Daniel Wesemann
Fake AV scams via Skype Chat
2010-11-07
Adrien de Beaupre
Change your clocks?
2010-11-04
Johannes Ullrich
Microsoft Smart Screen False Positivies
2010-11-02
Johannes Ullrich
Limited Malicious Search Engine Poisoning for Election
2010-10-22
Manuel Humberto Santander Pelaez
Intypedia project
2010-10-04
Mark Hofman
Online Voting
2010-09-26
Daniel Wesemann
Egosurfing, the corporate way
2010-09-25
Rick Wanner
Guest Diary: Andrew Hunt - Visualizing the Hosting Patterns of Modern Cybercriminals
2010-09-21
Johannes Ullrich
Implementing two Factor Authentication on the Cheap
2010-08-30
Adrien de Beaupre
Apple QuickTime potential vulnerability/backdoor
2010-08-23
Manuel Humberto Santander Pelaez
Firefox plugins to perform penetration testing activities
2010-08-16
Raul Siles
The Seven Deadly Sins of Security Vulnerability Reporting
2010-08-16
Raul Siles
Blind Elephant: A New Web Application Fingerprinting Tool
2010-08-15
Manuel Humberto Santander Pelaez
Obfuscated SQL Injection attacks
2010-08-15
Manuel Humberto Santander Pelaez
Python to test web application security
2010-08-13
Guy Bruneau
QuickTime Security Updates
2010-08-13
Guy Bruneau
Shadowserver Binary Whitelisting Service
2010-08-03
Johannes Ullrich
When Lightning Strikes
2010-07-24
Manuel Humberto Santander Pelaez
Transmiting logon information unsecured in the network
2010-07-23
Mark Hofman
vBulletin vB 3.8.6 vulnerability
2010-07-18
Manuel Humberto Santander Pelaez
SAGAN: An open-source event correlation system - Part 1: Installation
2010-07-13
Jim Clausing
VMware Studio Security Update
2010-06-29
Johannes Ullrich
How to be a better spy: Cyber security lessons from the recent russian spy arrests
2010-06-27
Manuel Humberto Santander Pelaez
Study of clickjacking vulerabilities on popular sites
2010-06-18
Tom Liston
IMPORTANT INFORMATION: Distributed SSH Brute Force Attacks
2010-06-15
Manuel Humberto Santander Pelaez
TCP evasions for IDS/IPS
2010-06-15
Manuel Humberto Santander Pelaez
iPhone 4 Order Security Breach Exposes Private Information
2010-06-14
Manuel Humberto Santander Pelaez
Another way to get protection for application-level attacks
2010-06-14
Manuel Humberto Santander Pelaez
Rogue facebook application acting like a worm
2010-06-09
Deborah Hale
Mass Infection of IIS/ASP Sites
2010-06-07
Manuel Humberto Santander Pelaez
Software Restriction Policy to keep malware away
2010-06-06
Manuel Humberto Santander Pelaez
Nice OS X exploit tutorial
2010-05-26
Bojan Zdrnja
Malware modularization and AV detection evasion
2010-05-12
Rob VandenBrink
Adobe Shockwave Update
2010-05-04
Rick Wanner
SIFT review in the ISSA Toolsmith
2010-04-26
Raul Siles
Vulnerable Sites Database
2010-04-22
John Bambenek
Data Redaction: You're Doing it Wrong
2010-04-21
Guy Bruneau
Google Chrome Security Update v4.1.249.1059 Released: http://googlechromereleases.blogspot.com/2010/04/stable-update-security-fixes.html
2010-04-21
Guy Bruneau
McAfee DAT 5958 Update Issues
2010-04-20
Raul Siles
Are You Ready for a Transportation Collapse...?
2010-04-18
Guy Bruneau
Some NetSol hosted sites breached
2010-04-13
Adrien de Beaupre
Web App Testing Tools
2010-04-08
Bojan Zdrnja
JavaScript obfuscation in PDF: Sky is the limit
2010-04-06
Daniel Wesemann
Application Logs
2010-04-04
Mari Nichols
Financial Management of Cyber Risk
2010-04-02
Guy Bruneau
Firefox 3.6.3 fix for CVE-2010-1121 http://www.mozilla.org/security/announce/2010/mfsa2010-25.html
2010-04-02
Guy Bruneau
Security Advisory for ESX Service Console
2010-04-02
Guy Bruneau
Apple QuickTime and iTunes Security Update
2010-04-02
Guy Bruneau
Oracle Java SE and Java for Business Critical Patch Update Advisory
2010-03-30
Pedro Bueno
VMWare Security Advisories Out
2010-03-29
Adrien de Beaupre
OOB Update for Internet Explorer MS10-018
2010-03-27
Guy Bruneau
HP-UX Running NFS/ONCplus, Inadvertently Enabled NFS
2010-03-21
Scott Fendley
Skipfish - Web Application Security Tool
2010-03-10
Rob VandenBrink
Microsoft re-release of KB973811 - attacks on Extended Protection for Authentication
2010-03-10
Rob VandenBrink
Microsoft Security Advisory 981374 - Remote Code Execution Vulnerability for IE6 and IE7
2010-03-08
Raul Siles
Samurai WTF 0.8
2010-03-06
Tony Carothers
Integration and the Security of New Technologies
2010-03-05
Kyle Haugsness
Javascript obfuscators used in the wild
2010-02-22
Rob VandenBrink
New Risks in Penetration Testing
2010-02-21
Patrick Nolan
Looking for "more useful" malware information? Help develop the format.
2010-02-20
Mari Nichols
Is "Green IT" Defeating Security?
2010-02-17
Rob VandenBrink
Defining Clouds - " A Cloud by any Other Name Would be a Lot Less Confusing"
2010-02-15
Johannes Ullrich
Various Olympics Related Dangerous Google Searches
2010-02-11
Deborah Hale
Critical Update for AD RMS
2010-02-06
Guy Bruneau
LANDesk Management Gateway Vulnerability
2010-01-29
Adrien de Beaupre
Neo-legacy applications
2010-01-24
Pedro Bueno
Outdated client applications
2010-01-17
Rick Wanner
Buffer overflow in Quicktime
2010-01-14
Bojan Zdrnja
Rogue AV exploiting Haiti earthquake
2010-01-13
Johannes Ullrich
SMS Donations Advertised via Twitter
2010-01-12
Johannes Ullrich
Haiti Earthquake: Possible scams / malware
2009-12-19
Deborah Hale
Educationing Our Communities
2009-12-16
Rob VandenBrink
Beware the Attack of the Christmas Greeting Cards !
2009-12-14
Adrien de Beaupre
Anti-forensics, COFEE vs. DECAF
2009-12-07
Rob VandenBrink
Layer 2 Network Protections – reloaded!
2009-12-05
Guy Bruneau
Java JRE Buffer and Integer Overflow
2009-12-03
Mark Hofman
Avast false positives
2009-12-02
Rob VandenBrink
SPAM and Malware taking advantage of H1N1 concerns
2009-11-29
Patrick Nolan
A Cloudy Weekend
2009-11-25
Jim Clausing
Updates to my GREM Gold scripts and a new script
2009-11-13
Adrien de Beaupre
TLS & SSLv3 renegotiation vulnerability explained
2009-11-11
Rob VandenBrink
Layer 2 Network Protections against Man in the Middle Attacks
2009-11-02
Rob VandenBrink
Microsoft releases v1.02 of Enhanced Mitigation Evaluation Toolkit (EMET)
2009-10-30
Rob VandenBrink
New version of NIST 800-41, Firewalls and Firewall Policy Guidelines
2009-10-27
Rob VandenBrink
New VMware Desktop Products Released (Workstation, Fusion, ACE)
2009-10-20
Raul Siles
WASC 2008 Statistics
2009-10-09
Rob VandenBrink
THAWTE to discontinue free Email Certificate Services and Web of Trust Service
2009-10-04
Guy Bruneau
Samba Security Information Disclosure and DoS
2009-10-02
Stephen Hall
Cyber Security Awareness Month - Day 2 - Port 0
2009-09-25
Lenny Zeltser
Categories of Common Malware Traits
2009-09-17
Bojan Zdrnja
Why is Rogue/Fake AV so successful?
2009-09-16
Raul Siles
Review the security controls of your Web Applications... all them!
2009-09-12
Jim Clausing
Apple Updates
2009-09-07
Lorna Hutcheson
Encrypting Data
2009-09-05
Mark Hofman
Critical Infrastructure and dependencies
2009-09-04
Adrien de Beaupre
Fake anti-virus
2009-08-29
Guy Bruneau
Immunet Protect - Cloud and Community Malware Protection
2009-08-28
Adrien de Beaupre
WPA with TKIP done
2009-08-19
Daniel Wesemann
Checking your protection
2009-08-18
Deborah Hale
Website compromises - what's happening?
2009-08-13
Johannes Ullrich
CA eTrust update crashes systems
2009-08-13
Jim Clausing
Tools for extracting files from pcaps
2009-08-08
Guy Bruneau
XML Libraries Data Parsing Vulnerabilities
2009-08-01
Deborah Hale
Website Warnings
2009-07-31
Deborah Hale
Don't forget to tell your SysAdmin Thanks
2009-07-28
Adrien de Beaupre
YYAMCCBA
2009-07-27
Raul Siles
New Hacker Challenge: Prison Break - Breaking, Entering & Decoding
2009-07-26
Jim Clausing
New Volatility plugins
2009-07-23
John Bambenek
Missouri Passes Breach Notification Law: Gap Still Exists for Banking Account Information
2009-07-16
Bojan Zdrnja
OWC exploits used in SQL injection attacks
2009-07-13
Adrien de Beaupre
Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution
2009-07-13
Adrien de Beaupre
* Infocon raised to yellow for Excel Web Components ActiveX vulnerability
2009-07-12
Mari Nichols
CA Apologizes for False Positive
2009-07-11
Marcus Sachs
Imageshack
2009-07-10
Guy Bruneau
WordPress Fixes Multiple vulnerabilities
2009-06-30
Chris Carboni
Obfuscated Code
2009-06-30
Chris Carboni
De-Obfuscation Submissions
2009-06-27
Tony Carothers
New NIAP Strategy on the Horizon
2009-06-21
Bojan Zdrnja
Apache HTTP DoS tool mitigation
2009-06-16
Bojan Zdrnja
Iranian hacktivism
2009-06-16
John Bambenek
Iran Internet Blackout: Using Twitter for Operational Intelligence
2009-06-11
Rick Wanner
MIR-ROR Motile Incident Response - Respond Objectively Remediate
2009-06-11
Rick Wanner
WHO Declares Flu A(H1N1) a Pandemic
2009-06-02
Deborah Hale
Another Quicktime Update
2009-05-29
Lorna Hutcheson
VMWare Patches Released
2009-05-28
Jim Clausing
More new volatility plugins
2009-05-26
Jason Lam
A new Web application security blog
2009-05-20
Tom Liston
Web Toolz
2009-05-19
Bojan Zdrnja
Advanced blind SQL injection (with Oracle examples)
2009-05-15
Daniel Wesemann
Warranty void if seal shredded?
2009-05-09
Patrick Nolan
Shared SQL Injection Lessons Learned blog item
2009-04-24
John Bambenek
Data Leak Prevention: Proactive Security Requirements of Breach Notification Laws
2009-04-21
Bojan Zdrnja
Web application vulnerabilities
2009-04-07
Bojan Zdrnja
Advanced JavaScript obfuscation (or why signature scanning is a failure)
2009-03-26
Mark Hofman
Sanitising media
2009-03-22
Mari Nichols
Dealing with Security Challenges
2009-03-20
Stephen Hall
Making the most of your runbooks
2009-03-10
Swa Frantzen
TinyURL and security
2009-03-02
Swa Frantzen
Obama's leaked chopper blueprints: anything we can learn?
2009-03-01
Jim Clausing
Cool combination of tools
2009-02-14
Deborah Hale
Microsoft Time Sync Appears to Down
2009-02-12
Mark Hofman
Australian Bushfires
2009-02-11
Robert Danford
ProFTPd SQL Authentication Vulnerability exploit activity
2009-02-06
Adrien de Beaupre
Fake stimulus payments
2009-01-25
Rick Wanner
Twam?? Twammers?
2009-01-20
Adrien de Beaupre
Obamamania
2009-01-12
William Salusky
Web Application Firewalls (WAF) - Have you deployed WAF technology?
2009-01-02
Mark Hofman
Blocking access to MD5 signed certs
2008-12-12
Johannes Ullrich
MSIE 0-day Spreading Via SQL Injection
2008-12-04
Bojan Zdrnja
Finjan blocking access to isc.sans.org
2008-12-01
Jason Lam
Input filtering and escaping in SQL injection mitigation
2008-11-25
Andre Ludwig
The beginnings of a collaborative approach to IDS
2008-11-20
Jason Lam
Large quantity SQL Injection mitigation
2008-11-17
Jim Clausing
Finding stealth injected DLLs
2008-11-16
Maarten Van Horenbeeck
Detection of Trojan control channels
2008-11-02
Adrien de Beaupre
Daylight saving time
2008-09-29
Daniel Wesemann
ASPROX mutant
2008-09-22
Maarten Van Horenbeeck
Data exfiltration and the use of anonymity providers
2008-09-22
Jim Clausing
Lessons learned from the Palin (and other) account hijacks
2008-09-21
Mari Nichols
You still have time!
2008-09-20
Rick Wanner
New (to me) nmap Features
2008-09-15
donald smith
Fake antivirus 2009 and search engine results
2008-09-11
David Goldsmith
CookieMonster is coming to Pown (err, Town)
2008-09-09
Swa Frantzen
Apple updates iTunes+QuickTime
2008-09-08
Raul Siles
Quick Analysis of the 2007 Web Application Security Statistics
2008-09-07
Daniel Wesemann
Staying current, but not too current
2008-09-03
Daniel Wesemann
Static analysis of Shellcode - Part 2
2008-09-01
John Bambenek
The Number of Machines Controlled by Botnets Has Jumped 4x in Last 3 Months
2008-08-23
Mark Hofman
SQL injections - an update
2008-08-15
Jim Clausing
Another MS update that may have escaped notice
2008-08-15
Jim Clausing
WebEx ActiveX buffer overflow
2008-08-10
Stephen Hall
From lolly pops to afterglow
2008-08-08
Mark Hofman
More SQL Injections - very active right now
2008-08-03
Deborah Hale
Securing A Network - Lessons Learned
2008-08-02
Maarten Van Horenbeeck
A little of that human touch
2008-07-24
Bojan Zdrnja
What's brewing in Danmec's pot?
2008-07-22
Mari Nichols
‘Cold Boot’ Attack Utility Tools
2008-07-14
Daniel Wesemann
Obfuscated JavaScript Redux
2008-07-07
Scott Fendley
Microsoft Snapshot Viewer Security Advisory
2008-07-07
Pedro Bueno
Bad url classification
2008-06-30
Marcus Sachs
More SQL Injection with Fast Flux hosting
2008-06-25
Deborah Hale
Report of Coreflood.dr Infection
2008-06-24
Jason Lam
SQL Injection mitigation in ASP
2008-06-24
Jason Lam
Microsoft SQL Injection Prevention Strategy
2008-06-23
donald smith
Preventing SQL injection
2008-06-13
Johannes Ullrich
SQL Injection: More of the same
2008-06-13
Johannes Ullrich
Floods: More of the same (2)
2008-06-10
Swa Frantzen
Upgrade to QuickTime 7.5
2008-06-01
Mark Hofman
Free Yahoo email account! Sign me up, Ok well maybe not.
2008-05-29
Joel Esler
Creative Software AutoUpdate Engine ActiveX stack buffer overflow
2008-05-26
Marcus Sachs
Predictable Response
2008-05-23
Mike Poor
Cisco IOS Rootkit thoughts
2008-05-20
Raul Siles
List of malicious domains inserted through SQL injection
2008-05-17
Jim Clausing
Disaster donation scams continue
2008-04-24
donald smith
Hundreds of thousands of SQL injections
2008-04-16
Bojan Zdrnja
The 10.000 web sites infection mystery solved
2008-04-07
John Bambenek
HP USB Keys Shipped with Malware for your Proliant Server
2008-04-07
John Bambenek
Network Solutions Technical Difficulties? Enom too
2008-04-06
Daniel Wesemann
Advanced obfuscated JavaScript analysis
2008-04-03
Bojan Zdrnja
Mixed (VBScript and JavaScript) obfuscation
2008-04-03
Bojan Zdrnja
A bag of vulnerabilities (and fixes) in QuickTime
2008-03-29
Patrick Nolan
Two ITIL v3 Resources
2008-03-27
Maarten Van Horenbeeck
Guarding the guardians: a story of PGP key ring theft
2008-03-24
Maarten Van Horenbeeck
Overview of cyber attacks against Tibetan communities
2008-03-21
Maarten Van Horenbeeck
Cyber attacks against Tibetan communities
2008-03-14
Kevin Liston
2117966.net-- mass iframe injection
2008-03-12
Joel Esler
Don't use G-Archiver
2008-01-09
Bojan Zdrnja
Mass exploits with SQL Injection
2007-02-24
Jason Lam
Prepared Statements and SQL injections
2006-10-30
William Salusky
ToD - Configuration Management - maintaining security awareness
2006-09-29
Kevin Liston
A Report from the Field
2006-09-15
Swa Frantzen
MSIE DirectAnimation ActiveX 0-day update
2006-09-12
Swa Frantzen
Apple Quicktime 7.1.3 released
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Forums
Auditing
Diary Discussions
Forensics
General Discussions
Industry News
Network Security
Penetration Testing
Software Security
Contact Us
Contact Us
About Us
Handlers
Slack Channel
Mastodon
Twitter
Follow updates by subscribing to the handler's
diary RSS feed