Diaries by Keyword - SANS Internet Storm Center

Participate: Learn more about our honeypot network
https://isc.sans.edu/tools/honeypot/

Handler on Duty: Xavier Mertens

Threat Level: green

Date	Author	Title
2023-09-26	Johannes Ullrich	Apple Releases MacOS Sonoma Including Numerous Security Patches
2023-09-07	Johannes Ullrich	Apple Releases iOS/iPadOS 16.6.1, macOS 13.5.2, watchOS 9.6.2 fixing two zeroday vulnerabilities
2023-08-22	Xavier Mertens	Have You Ever Heard of the Fernet Encryption Algorithm?
2023-08-21	Xavier Mertens	Quick Malware Triage With Inotify Tools
2023-08-12	Guy Bruneau	DShield Sensor Monitoring with a Docker ELK Stack [Guest Diary]
2023-08-11	Xavier Mertens	Show me All Your Windows!
2023-08-04	Xavier Mertens	Are Leaked Credentials Dumps Used by Attackers?
2023-07-23	Guy Bruneau	Install & Configure Filebeat on Raspberry Pi ARM64 to Parse DShield Sensor Logs
2023-07-01	Russ McRee	Sandfly Security
2023-06-16	Xavier Mertens	Another RAT Delivered Through VBS
2023-06-11	Guy Bruneau	DShield Honeypot Activity for May 2023
2023-06-09	Xavier Mertens	Undetected PowerShell Backdoor Disguised as a Profile File
2023-05-28	Guy Bruneau	We Can no Longer Ignore the Cost of Cybersecurity
2023-05-20	Xavier Mertens	Phishing Kit Collecting Victim's IP Address
2023-05-17	Xavier Mertens	Increase in Malicious RAR SFX files
2023-05-14	Guy Bruneau	VMware Aria Operations addresses multiple Local Privilege Escalations and a Deserialization issue
2023-05-09	Russ McRee	Exploratory Data Analysis with CISSM Cyber Attacks Database - Part 2
2023-05-03	Xavier Mertens	Increased Number of Configuration File Scans
2023-03-31	Jan Kopriva	Use of X-Frame-Options and CSP frame-ancestors security headers on 1 million most popular domains
2023-03-30	Xavier Mertens	Bypassing PowerShell Strong Obfuscation
2023-03-21	Didier Stevens	String Obfuscation: Character Pair Reversal
2023-03-18	Xavier Mertens	Old Backdoor, New Obfuscation
2023-02-10	Xavier Mertens	Obfuscated Deactivation of Script Block Logging
2023-02-04	Guy Bruneau	Assemblyline as a Malware Analysis Sandbox
2023-01-25	Xavier Mertens	A First Malicious OneNote Document
2023-01-21	Guy Bruneau	DShield Sensor JSON Log to Elasticsearch
2023-01-17	Johannes Ullrich	Packet Tuesday: IPv6 Router Advertisements https://www.youtube.com/watch?v=uRWpB_lYIZ8
2023-01-08	Guy Bruneau	DShield Sensor JSON Log Analysis
2022-12-21	Guy Bruneau	DShield Sensor Setup in Azure
2022-12-20	Xavier Mertens	Linux File System Monitoring & Actions
2022-12-19	Xavier Mertens	Hunting for Mastodon Servers
2022-11-05	Guy Bruneau	Windows Malware with VHD Extension
2022-11-04	Xavier Mertens	Remcos Downloader with Unicode Obfuscation
2022-10-22	Didier Stevens	rtfdump's Find Option
2022-10-18	Xavier Mertens	Python Obfuscation for Dummies
2022-10-07	Xavier Mertens	Critical Fortinet Vulnerability Ahead
2022-10-04	Johannes Ullrich	Credential Harvesting with Telegram API
2022-09-26	Xavier Mertens	Easy Python Sandbox Detection
2022-09-19	Russ McRee	Chainsaw: Hunt, search, and extract event log records
2022-09-14	Xavier Mertens	Easy Process Injection within Python
2022-09-07	Johannes Ullrich	PHP Deserialization Exploit attempt
2022-08-22	Xavier Mertens	32 or 64 bits Malware?
2022-08-10	Johannes Ullrich	And Here They Come Again: DNS Reflection Attacks
2022-08-02	Johannes Ullrich	Increase in Chinese "Hacktivism" Attacks
2022-07-28	Johannes Ullrich	Exfiltrating Data With Bookmarks
2022-07-09	Didier Stevens	7-Zip Editing & MoW
2022-07-06	Johannes Ullrich	How Many SANs are Insane?
2022-06-24	Xavier Mertens	Python (ab)using The Windows GUI
2022-06-19	Didier Stevens	Video: Decoding Obfuscated BASE64 Statistically
2022-06-18	Didier Stevens	Decoding Obfuscated BASE64 Statistically
2022-06-16	Xavier Mertens	Houdini is Back Delivered Through a JavaScript Dropper
2022-06-10	Russ McRee	EPSScall: An Exploit Prediction Scoring System App
2022-06-01	Jan Kopriva	HTML phishing attachments - now with anti-analysis features
2022-05-30	Xavier Mertens	New Microsoft Office Attack Vector via "ms-msdt" Protocol Scheme (CVE-2022-30190)
2022-05-19	Brad Duncan	Bumblebee Malware from TransferXL URLs
2022-05-03	Rob VandenBrink	Finding the Real "Last Patched" Day (Interim Version)
2022-04-19	Johannes Ullrich	Resetting Linux Passwords with U-Boot Bootloaders
2022-03-29	Johannes Ullrich	More Fake/Typosquatting Twitter Accounts Asking for Ukraine Crytocurrency Donations
2022-03-27	Didier Stevens	Video: Maldoc Cleaned by Anti-Virus
2022-03-23	Brad Duncan	Arkei Variants: From Vidar to Mars Stealer
2022-03-10	Xavier Mertens	Credentials Leaks on VirusTotal
2022-03-09	Xavier Mertens	Infostealer in a Batch File
2022-03-04	Johannes Ullrich	Scam E-Mail Impersonating Red Cross
2022-03-02	Johannes Ullrich	The More Often Something is Repeated, the More True It Becomes: Dealing with Social Media
2022-02-22	Xavier Mertens	A Good Old Equation Editor Vulnerability Delivering Malware
2022-02-10	Johannes Ullrich	Zyxel Network Storage Devices Hunted By Mirai Variant
2022-02-01	Xavier Mertens	Automation is Nice But Don't Replace Your Knowledge
2022-01-29	Guy Bruneau	SIEM In this Decade, Are They Better than the Last?
2022-01-20	Xavier Mertens	RedLine Stealer Delivered Through FTP
2021-12-28	Russ McRee	LotL Classifier tests for shells, exfil, and miners
2021-12-21	Xavier Mertens	More Undetected PowerShell Dropper
2021-12-10	Xavier Mertens	Python Shellcode Injection From JSON Data
2021-12-01	Xavier Mertens	Info-Stealer Using webhook.site to Exfiltrate Data
2021-11-20	Guy Bruneau	Hikvision Security Cameras Potentially Exposed to Remote Code Execution
2021-11-18	Xavier Mertens	JavaScript Downloader Delivers Agent Tesla Trojan
2021-11-14	Didier Stevens	Video: Obfuscated Maldoc: Reversed BASE64
2021-11-08	Xavier Mertens	(Ab)Using Security Tools & Controls for the Bad
2021-11-01	Yee Ching Tok	Revisiting BrakTooth: Two Months Later
2021-10-18	Xavier Mertens	Malicious PowerShell Using Client Certificate Authentication
2021-09-24	Xavier Mertens	Keep an Eye on Your Users Mobile Devices (Simple Inventory)
2021-09-22	Didier Stevens	An XML-Obfuscated Office Document (CVE-2021-40444)
2021-09-17	Xavier Mertens	Malicious Calendar Subscriptions Are Back?
2021-09-11	Guy Bruneau	Shipping to Elasticsearch Microsoft DNS Logs
2021-09-09	Johannes Ullrich	Updates to Our Datafeeds/API
2021-09-08	Johannes Ullrich	Microsoft Offers Workaround for 0-Day Office Vulnerability (CVE-2021-40444)
2021-08-31	Yee Ching Tok	BrakTooth: Impacts, Implications and Next Steps
2021-08-29	Guy Bruneau	Filter JSON Data by Value with Linux jq
2021-08-19	Johannes Ullrich	When Lightning Strikes. What works and doesn't work.
2021-08-17	Johannes Ullrich	Laravel (<=v8.4.2) exploit attempts for CVE-2021-3129 (debug mode: Remote code execution)
2021-07-31	Guy Bruneau	Unsolicited DNS Queries
2021-07-28	Jan Kopriva	A sextortion e-mail from...IT support?!
2021-07-24	Bojan Zdrnja	Active Directory Certificate Services (ADCS - PKI) domain admin vulnerability
2021-07-14	Jan Kopriva	One way to fail at malspam - give recipients the wrong password for an encrypted attachment
2021-07-06	Xavier Mertens	Python DLL Injection Check
2021-07-04	Didier Stevens	DIY CD/DVD Destruction - Follow Up
2021-07-02	Xavier Mertens	"inception.py"... Multiple Base64 Encodings
2021-06-27	Didier Stevens	DIY CD/DVD Destruction
2021-06-25	Jim Clausing	Is this traffic bAD?
2021-06-24	Xavier Mertens	Do you Like Cookies? Some are for sale!
2021-06-21	Rick Wanner	Mitre CWE - Common Weakness Enumeration
2021-06-12	Guy Bruneau	Fortinet Targeted for Unpatched SSL VPN Discovery Activity
2021-06-04	Xavier Mertens	Russian Dolls VBS Obfuscation
2021-05-29	Guy Bruneau	Spear-phishing Email Targeting Outlook Mail Clients
2021-05-21	Xavier Mertens	Locking Kernel32.dll As Anti-Debugging Technique
2021-05-10	Johannes Ullrich	Correctly Validating IP Addresses: Why encoding matters for input validation.
2021-05-08	Guy Bruneau	Who is Probing the Internet for Research Purposes?
2021-04-29	Xavier Mertens	From Python to .Net
2021-04-10	Guy Bruneau	Building an IDS Sensor with Suricata & Zeek with Logs to ELK
2021-04-09	Xavier Mertens	No Python Interpreter? This Simple RAT Installs Its Own Copy
2021-04-02	Xavier Mertens	C2 Activity: Sandboxes or Real Victims?
2021-03-31	Xavier Mertens	Quick Analysis of a Modular InfoStealer
2021-03-17	Xavier Mertens	Defenders, Know Your Operating System Like Attackers Do!
2021-03-10	Rob VandenBrink	SharpRDP - PSExec without PSExec, PSRemoting without PowerShell
2021-03-02	Russ McRee	Adversary Simulation with Sim
2021-02-28	Didier Stevens	Maldocs: Protection Passwords
2021-02-26	Guy Bruneau	Pretending to be an Outlook Version Update
2021-02-22	Didier Stevens	Unprotecting Malicious Documents For Inspection
2021-02-13	Guy Bruneau	vSphere Replication updates address a command injection vulnerability (CVE-2021-21976) - https://www.vmware.com/security/advisories/VMSA-2021-0001.html
2021-02-13	Guy Bruneau	Using Logstash to Parse IPtables Firewall Logs
2021-02-04	Bojan Zdrnja	Abusing Google Chrome extension syncing for data exfiltration and C&C
2021-01-30	Guy Bruneau	PacketSifter as Network Parsing and Telemetry Tool
2021-01-29	Xavier Mertens	Sensitive Data Shared with Cloud Services
2021-01-18	Didier Stevens	Doc & RTF Malicious Document
2021-01-04	Jan Kopriva	From a small BAT file to Mass Logger infostealer
2021-01-02	Guy Bruneau	Protecting Home Office and Enterprise in 2021
2020-12-29	Jan Kopriva	Want to know what's in a folder you don't have a permission to access? Try asking your AV solution...
2020-12-22	Xavier Mertens	Malware Victim Selection Through WiFi Identification
2020-12-19	Guy Bruneau	Secure Communication using TLS in Elasticsearch
2020-11-30	Didier Stevens	Decrypting PowerShell Payloads (video)
2020-11-25	Xavier Mertens	Live Patching Windows API Calls Using PowerShell
2020-11-21	Guy Bruneau	VMware privilege escalation vulnerabilities (CVE-2020-4004, CVE-2020-4005) - https://www.vmware.com/security/advisories/VMSA-2020-0026.html
2020-11-20	Xavier Mertens	Malicious Python Code and LittleSnitch Detection
2020-11-19	Xavier Mertens	PowerShell Dropper Delivering Formbook
2020-11-18	Xavier Mertens	When Security Controls Lead to Security Issues
2020-11-13	Xavier Mertens	Old Worm But New Obfuscation Technique
2020-11-05	Xavier Mertens	Did You Spot "Invoke-Expression"?
2020-10-30	Xavier Mertens	Quick Status of the CAA DNS Record Adoption
2020-10-24	Guy Bruneau	An Alternative to Shodan, Censys with User-Agent CensysInspect/1.1
2020-10-14	Xavier Mertens	Nicely Obfuscated Python RAT
2020-10-07	Johannes Ullrich	Today, Nobody is Going to Attack You.
2020-10-01	Daniel Wesemann	Making sense of Azure AD (AAD) activity logs
2020-09-30	Johannes Ullrich	Scans for FPURL.xml: Reconnaissance or Not?
2020-09-24	Xavier Mertens	Party in Ibiza with PowerShell
2020-09-20	Guy Bruneau	Analysis of a Salesforce Phishing Emails
2020-09-04	Jan Kopriva	A blast from the past - XXEncoded VB6.0 Trojan
2020-08-31	Didier Stevens	Finding The Original Maldoc
2020-08-30	Johannes Ullrich	CenturyLink Outage Causing Internet Wide Problems
2020-08-29	Didier Stevens	Malicious Excel Sheet with a NULL VT Score: More Info
2020-08-28	Xavier Mertens	Example of Malicious DLL Injected in PowerShell
2020-08-25	Xavier Mertens	Keep An Eye on LOLBins
2020-08-24	Xavier Mertens	Tracking A Malware Campaign Through VT
2020-08-19	Xavier Mertens	Example of Word Document Delivering Qakbot
2020-08-18	Xavier Mertens	Using API's to Track Attackers
2020-08-16	Didier Stevens	Small Challenge: A Simple Word Maldoc - Part 3
2020-08-10	Bojan Zdrnja	Scoping web application and web service penetration tests
2020-08-04	Johannes Ullrich	Internet Choke Points: Concentration of Authoritative Name Servers
2020-08-01	Jan Kopriva	What pages do bad bots look for?
2020-07-30	Johannes Ullrich	Python Developers: Prepare!!!
2020-07-24	Xavier Mertens	Compromized Desktop Applications by Web Technologies
2020-07-20	Rick Wanner	Sextortion Update: The Final Final Chapter
2020-07-11	Guy Bruneau	VMware XPC Client validation privilege escalation vulnerability - https://www.vmware.com/security/advisories/VMSA-2020-0017.html
2020-07-08	Xavier Mertens	If You Want Something Done Right, You Have To Do It Yourself... Malware Too!
2020-06-16	Xavier Mertens	Sextortion to The Next Level
2020-06-08	Didier Stevens	Translating BASE64 Obfuscated Scripts
2020-06-04	Xavier Mertens	Anti-Debugging Technique based on Memory Protection
2020-05-14	Rob VandenBrink	Patch Tuesday Revisited - CVE-2020-1048 isn't as "Medium" as MS Would Have You Believe
2020-05-06	Xavier Mertens	Keeping an Eye on Malicious Files Life Time
2020-05-04	Didier Stevens	Sysmon and File Deletion
2020-04-27	Xavier Mertens	Powershell Payload Stored in a PSCredential Object
2020-04-24	Xavier Mertens	Malicious Excel With a Strong Obfuscation and Sandbox Evasion
2020-04-16	Johannes Ullrich	Using AppLocker to Prevent Living off the Land Attacks
2020-04-10	Xavier Mertens	PowerShell Sample Extracting Payload From SSL
2020-04-03	Xavier Mertens	Obfuscated with a Simple 0x0A
2020-03-21	Guy Bruneau	Honeypot - Scanning and Targeting Devices & Services
2020-03-15	Guy Bruneau	VPN Access and Activity Monitoring
2020-03-02	Jan Kopriva	Secure vs. cleartext protocols - couple of interesting stats
2020-02-22	Xavier Mertens	Simple but Efficient VBScript Obfuscation
2020-02-16	Guy Bruneau	SOAR or not to SOAR?
2020-02-07	Xavier Mertens	Sandbox Detection Tricks & Nice Obfuscation in a Single VBScript
2020-01-27	Johannes Ullrich	Network Security Perspective on Coronavirus Preparedness
2020-01-25	Guy Bruneau	Is Threat Hunting the new Fad?
2020-01-23	Xavier Mertens	Complex Obfuscation VS Simple Trick
2020-01-21	Russ McRee	DeepBlueCLI: Powershell Threat Hunting
2020-01-15	Johannes Ullrich	CVE-2020-0601 Followup
2020-01-11	Johannes Ullrich	Citrix ADC Exploits are Public and Heavily Used. Attempts to Install Backdoor
2020-01-10	Xavier Mertens	More Data Exfiltration
2019-12-12	Xavier Mertens	Code & Data Reuse in the Malware Ecosystem
2019-11-22	Xavier Mertens	Abusing Web Filters Misconfiguration for Reconnaissance
2019-10-19	Russell Eubanks	What Assumptions Are You Making?
2019-10-18	Xavier Mertens	Quick Malicious VBS Analysis
2019-10-10	Rob VandenBrink	Mining Live Networks for OUI Data Oddness
2019-09-27	Xavier Mertens	New Scans for Polycom Autoconfiguration Files
2019-09-22	Didier Stevens	Video: Encrypted Sextortion PDFs
2019-09-19	Xavier Mertens	Agent Tesla Trojan Abusing Corporate Email Accounts
2019-09-19	Xavier Mertens	Blocklisting or Whitelisting in the Right Way
2019-09-17	Rob VandenBrink	Investigating Gaps in your Windows Event Logs
2019-09-16	Didier Stevens	Encrypted Sextortion PDFs
2019-08-09	Xavier Mertens	100% JavaScript Phishing Page
2019-08-05	Rick Wanner	Sextortion: Follow the Money - The Final Chapter
2019-07-25	Rob VandenBrink	When Users Attack! Users (and Admins) Thwarting Security Controls
2019-07-20	Guy Bruneau	Re-evaluating Network Security - It is Increasingly More Complex
2019-07-18	Rob VandenBrink	The Other Side of Critical Control 1: 802.1x Wired Network Access Controls
2019-07-17	Xavier Mertens	Analyzis of DNS TXT Records
2019-07-11	Xavier Mertens	Russian Dolls Malicious Script Delivering Ursnif
2019-07-02	Xavier Mertens	Malicious Script With Multiple Payloads
2019-06-20	Xavier Mertens	Using a Travel Packing App for Infosec Purpose
2019-06-19	Johannes Ullrich	Critical Actively Exploited WebLogic Flaw Patched CVE-2019-2729
2019-06-10	Xavier Mertens	Interesting JavaScript Obfuscation Example
2019-04-26	Rob VandenBrink	Pillaging Passwords from Service Accounts
2019-04-25	Rob VandenBrink	Unpatched Vulnerability Alert - WebLogic Zero Day
2019-04-13	Johannes Ullrich	Configuring MTA-STS and TLS Reporting For Your Domain
2019-04-05	Russ McRee	Beagle: Graph transforms for DFIR data & logs
2019-03-27	Xavier Mertens	Running your Own Passive DNS Service
2019-03-25	Didier Stevens	"VelvetSweatshop" Maldocs: Shellcode Analysis
2019-03-24	Didier Stevens	Decoding QR Codes with Python
2019-03-23	Didier Stevens	"VelvetSweatshop" Maldocs
2019-03-21	Xavier Mertens	New Wave of Extortion Emails: Central Intelligence Agency Case
2019-03-06	Xavier Mertens	Keep an Eye on Disposable Email Addresses
2019-02-25	Didier Stevens	Sextortion Email Variant: With QR Code
2019-02-24	Guy Bruneau	Packet Editor and Builder by Colasoft
2019-02-05	Rob VandenBrink	Mitigations against Mimikatz Style Attacks
2019-02-01	Rick Wanner	Sextortion: Follow the Money Part 3 - The cashout begins!
2019-01-18	John Bambenek	Sextortion Bitcoin on the Move
2018-12-31	Didier Stevens	Software Crashes: A New Year's Resolution
2018-12-29	Didier Stevens	Video: De-DOSfuscation Example
2018-12-19	Xavier Mertens	Using OSSEC Active-Response as a DFIR Framework
2018-12-16	Guy Bruneau	Random Port Scan for Open RDP Backdoor
2018-12-15	Didier Stevens	De-DOSfuscation Example
2018-12-14	Rick Wanner	Bombstortion?? Boomstortion??
2018-12-12	Didier Stevens	Yet Another DOSfuscation Sample
2018-11-30	Remco Verhoef	CoinMiners searching for hosts
2018-11-27	Xavier Mertens	More obfuscated shell scripts: Fake MacOS Flash update
2018-11-27	Rob VandenBrink	Data Exfiltration in Penetration Tests
2018-11-26	Xavier Mertens	Obfuscated bash script targeting QNap boxes
2018-11-20	Xavier Mertens	Querying DShield from Cortex
2018-11-16	Xavier Mertens	Basic Obfuscation With Permissive Languages
2018-11-06	Xavier Mertens	Malicious Powershell Script Dissection
2018-11-05	Johannes Ullrich	Struts 2.3 Vulnerable to Two Year old File Upload Flaw
2018-10-23	Xavier Mertens	Diving into Malicious AutoIT Code
2018-10-17	Russ McRee	RedHunt Linux - Adversary Emulation, Threat Hunting & Intelligence
2018-10-12	Xavier Mertens	More Equation Editor Exploit Waves
2018-10-10	Xavier Mertens	New Campaign Using Old Equation Editor Vulnerability
2018-10-01	Didier Stevens	Decoding Custom Substitution Encodings with translate.py
2018-09-30	Didier Stevens	When DOSfuscation Helps...
2018-09-28	Xavier Mertens	More Excel DDE Code Injection
2018-09-20	Xavier Mertens	Hunting for Suspicious Processes with OSSEC
2018-09-19	Rob VandenBrink	Certificates Revisited - SSL VPN Certificates 2 Ways
2018-09-18	Rob VandenBrink	Using Certificate Transparency as an Attack / Defense Tool
2018-09-05	Rob VandenBrink	Where have all my Certificates gone? (And when do they expire?)
2018-09-05	Xavier Mertens	Malicious PowerShell Compiling C# Code on the Fly
2018-08-13	Didier Stevens	New Extortion Tricks: Now Including Your (Partial) Phone Number!
2018-08-10	Remco Verhoef	Hunting SSL/TLS clients using JA3
2018-07-30	Didier Stevens	Malicious Word documents using DOSfuscation
2018-07-29	Guy Bruneau	Using RITA for Threat Analysis
2018-07-26	Xavier Mertens	Windows Batch File Deobfuscation
2018-07-24	Tom Webb	Cell Phone Monitoring. Who is Watching the Watchers?
2018-07-12	Johannes Ullrich	New Extortion Tricks: Now Including Your Password!
2018-07-02	Guy Bruneau	VMware ESXi, Workstation, and Fusion address multiple out-of-bounds read vulnerabilities https://www.vmware.com/security/advisories/VMSA-2018-0016.html
2018-07-02	Guy Bruneau	Hello Peppa! - PHP Scans
2018-06-25	Didier Stevens	Guilty by association
2018-06-21	Xavier Mertens	Are Your Hunting Rules Still Working?
2018-06-18	Xavier Mertens	Malicious JavaScript Targeting Mobile Browsers
2018-06-17	Didier Stevens	Encrypted Office Documents
2018-06-15	Lorna Hutcheson	SMTP Strangeness - Possible C2
2018-06-13	Remco Verhoef	From Microtik with Love
2018-06-05	Xavier Mertens	Malicious Post-Exploitation Batch File
2018-06-04	Rob VandenBrink	Digging into Authenticode Certificates
2018-05-25	Xavier Mertens	Antivirus Evasion? Easy as 1,2,3
2018-05-22	Guy Bruneau	VMware updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue - https://www.vmware.com/security/advisories/VMSA-2018-0012.html
2018-05-19	Xavier Mertens	Malicious Powershell Targeting UK Bank Customers
2018-05-16	Mark Hofman	EFAIL, a weakness in openPGP and S\MIME
2018-05-10	Bojan Zdrnja	Exfiltrating data from (very) isolated environments
2018-04-30	Remco Verhoef	Another approach to webapplication fingerprinting
2018-02-25	Guy Bruneau	Blackhole Advertising Sites with Pi-hole
2018-02-02	Xavier Mertens	Simple but Effective Malicious XLS Sheet
2017-12-30	Xavier Mertens	2017, The Flood of CVEs
2017-12-27	Guy Bruneau	What are your Security Challenges for 2018?
2017-12-23	Didier Stevens	Encrypted PDFs
2017-12-14	Russ McRee	Detection Lab: Visibility & Introspection for Defenders
2017-12-13	Xavier Mertens	Tracking Newly Registered Domains
2017-12-02	Xavier Mertens	Using Bad Material for the Good
2017-11-25	Guy Bruneau	Exim Remote Code Exploit
2017-11-23	Xavier Mertens	Proactive Malicious Domain Search
2017-11-17	Xavier Mertens	Top-100 Malicious IP STIX Feed
2017-11-11	Xavier Mertens	Keep An Eye on your Root Certificates
2017-11-03	Xavier Mertens	Simple Analysis of an Obfuscated JAR File
2017-10-30	Johannes Ullrich	Critical Patch For Oracle's Identity Manager
2017-10-25	Mark Hofman	DUHK attack, continuing a week of named issues
2017-10-18	Renato Marinho	Baselining Servers to Detect Outliers
2017-10-02	Xavier Mertens	Investigating Security Incidents with Passive DNS
2017-09-30	Lorna Hutcheson	Who's Borrowing your Resources?
2017-09-22	Russell Eubanks	What is the State of Your Union?
2017-09-19	Jim Clausing	New tool: mac-robber.py
2017-09-16	Guy Bruneau	VMware ESXi, vCenter Server, Fusion and Workstation updates resolve multiple security vulnerabilities - https://www.vmware.com/security/advisories/VMSA-2017-0015.html
2017-09-11	Russ McRee	Windows Auditing with WINspect
2017-09-09	Didier Stevens	Malware analysis output sanitization
2017-09-06	Adrien de Beaupre	Modern Web Application Penetration Testing , Hash Length Extension Attacks
2017-09-02	Xavier Mertens	AutoIT based malware back in the wild
2017-07-24	Russell Eubanks	Trends Over Time
2017-07-08	Xavier Mertens	A VBScript with Obfuscated Base64 Data
2017-07-07	Renato Marinho	DDoS Extortion E-mail: Yet Another Bluff?
2017-06-22	Xavier Mertens	Obfuscating without XOR
2017-06-17	Guy Bruneau	Mapping Use Cases to Logs. Which Logs are the Most Important to Collect?
2017-06-10	Russell Eubanks	An Occasional Look in the Rear View Mirror
2017-05-28	Pasquale Stirparo	Analysis of Competing Hypotheses (ACH part 1)
2017-05-28	Guy Bruneau	CyberChef a Must Have Tool in your Tool bag!
2017-05-20	Xavier Mertens	Typosquatting: Awareness and Hunting
2017-05-16	Russ McRee	WannaCry? Do your own data analysis.
2017-05-13	Guy Bruneau	Has anyone Tested WannaCry Killswitch? - https://blog.didierstevens.com/2017/05/13/quickpost-wcry-killswitch-check-is-not-proxy-aware/
2017-05-05	Xavier Mertens	HTTP Headers... the Achilles' heel of many applications
2017-05-02	Richard Porter	Do you have Intel AMT? Then you have a problem today! Intel Active Management Technology INTEL-SA-00075
2017-04-28	Xavier Mertens	Another Day, Another Obfuscation Technique
2017-04-21	Xavier Mertens	Analysis of a Maldoc with Multiple Layers of Obfuscation
2017-04-20	Xavier Mertens	DNS Query Length... Because Size Does Matter
2017-04-19	Xavier Mertens	Hunting for Malicious Excel Sheets
2017-04-02	Guy Bruneau	IPFire - A Household Multipurpose Security Gateway
2017-03-30	Xavier Mertens	Diverting built-in features for the bad
2017-03-25	Russell Eubanks	Distraction as a Service
2017-03-24	Xavier Mertens	Nicely Obfuscated JavaScript Sample
2017-03-18	Xavier Mertens	Example of Multiple Stages Dropper
2017-03-15	Xavier Mertens	Retro Hunting!
2017-03-10	Xavier Mertens	The Side Effect of GeoIP Filters
2017-03-08	Richard Porter	What is really being proxied?
2017-03-06	Renato Marinho	A very convincing Typosquatting + Social Engineering campaign is targeting Santander corporate customers in Brazil
2017-03-04	Xavier Mertens	How your pictures may affect your website reputation
2017-02-28	Xavier Mertens	Analysis of a Simple PHP Backdoor
2017-02-13	Rob VandenBrink	Stuff I Learned Decrypting
2017-02-12	Xavier Mertens	Analysis of a Suspicious Piece of JavaScript
2017-02-09	Brad Duncan	Ticketbleed vulnerability affects some f5 appliances
2017-01-28	Lorna Hutcheson	Packet Analysis - Where do you start?
2016-12-27	Guy Bruneau	Using daemonlogger as a Software Tap
2016-12-24	Didier Stevens	Pinging All The Way
2016-11-20	Pasquale Stirparo	How many “Epoch” times? Epocalypse.py timestamp converter
2016-10-30	Pasquale Stirparo	Volatility Bot: Automated Memory Analysis
2016-10-17	Didier Stevens	Maldoc VBA Anti-Analysis: Video
2016-10-15	Didier Stevens	Maldoc VBA Anti-Analysis
2016-09-15	Xavier Mertens	In Need of a OTP Manager Soon?
2016-09-09	Xavier Mertens	Collecting Users Credentials from Locked Devices
2016-09-04	Russ McRee	Kali Linux 2016.2 Release: https://www.kali.org/news/kali-linux-20162-release/
2016-08-29	Russ McRee	Recommended Reading: Intrusion Detection Using Indicators of Compromise Based on Best Practices and Windows Event Logs
2016-08-28	Guy Bruneau	Spam with Obfuscated Javascript
2016-08-21	Rick Wanner	Cisco ASA SNMP Remote Code Execution Vulnerability
2016-08-19	Xavier Mertens	Data Classification For the Masses
2016-07-27	Xavier Mertens	Critical Xen PV guests vulnerabilities
2016-07-26	Johannes Ullrich	Command and Control Channels Using "AAAA" DNS Records
2016-07-15	Xavier Mertens	Name All the Things!
2016-07-12	Xavier Mertens	Hunting for Malicious Files with MISP + OSSEC
2016-07-07	Johannes Ullrich	Patchwork: Is it still "Advanced" if all you have to do is Copy/Paste?
2016-07-03	Guy Bruneau	Is Data Privacy part of your Company's Culture?
2016-06-22	Bojan Zdrnja	Security through obscurity never works
2016-06-03	Tom Liston	MySQL is YourSQL
2016-05-18	Russ McRee	Resources: Windows Auditing & Monitoring, Linux 2FA
2016-05-08	Jim Clausing	Guest Diary: Linux Capabilities - A friend and foe
2016-04-02	Russell Eubanks	Why Can't We Be Friends?
2016-03-23	Bojan Zdrnja	Abusing Oracles
2016-03-13	Guy Bruneau	A Look at the Mandiant M-Trends 2016 Report
2016-03-07	Xavier Mertens	Another Malicious Document, Another Way to Deliver Malicious Code
2016-02-23	Xavier Mertens	VMware VMSA-2016-0002
2016-02-22	Xavier Mertens	Reducing False Positives with Open Data Sources
2016-02-20	Didier Stevens	Locky: JavaScript Deobfuscation
2016-02-15	Bojan Zdrnja	Exploiting (pretty) blind SQL injections
2016-02-07	Xavier Mertens	More Malicious JavaScript Obfuscation
2016-02-03	Xavier Mertens	Automating Vulnerability Scans
2016-01-31	Guy Bruneau	Windows 10 and System Protection for DATA Default is OFF
2016-01-30	Xavier Mertens	All CVE Details at Your Fingertips
2016-01-29	Xavier Mertens	Scripting Web Categorization
2016-01-25	Rob VandenBrink	Assessing Remote Certificates with Powershell
2016-01-21	Jim Clausing	Scanning for Fortinet ssh backdoor
2016-01-20	Xavier Mertens	/tmp, %TEMP%, ~/Desktop, T:\, ... A goldmine for pentesters!
2016-01-15	Xavier Mertens	JavaScript Deobfuscation Tool
2016-01-05	Guy Bruneau	What are you Concerned the Most in 2016?
2015-12-29	Daniel Wesemann	New Years Resolutions
2015-12-24	Xavier Mertens	Unity Makes Strength
2015-12-21	Daniel Wesemann	Critical Security Controls: Getting to know the unknown
2015-12-05	Guy Bruneau	Are you looking to setup your own Malware Sandbox?
2015-11-09	John Bambenek	ICYMI: Widespread Unserialize Vulnerability in Java
2015-11-04	Richard Porter	Application Aware and Critical Control 2
2015-10-17	Russell Eubanks	CIS Critical Security Controls - Version 6.0
2015-10-12	Guy Bruneau	Data Visualization,What is your Tool of Choice?
2015-10-12	Guy Bruneau	Critical Vulnerability in Multiple Cisco Products - Apache Struts 2 Command Execution http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2
2015-09-03	Xavier Mertens	Querying the DShield API from RTIR
2015-09-01	Daniel Wesemann	Encryption of "data at rest" in servers
2015-08-29	Tom Webb	Automating Metrics using RTIR REST API
2015-07-31	Russ McRee	Tech tip follow-up: Using the data Invoked with R's system command
2015-07-03	Didier Stevens	Analyzing Quarantine Files
2015-06-28	Didier Stevens	The EICAR Test File
2015-06-24	Rob VandenBrink	The Powershell Diaries - Finding Problem User Accounts in AD
2015-06-02	Alex Stanford	Guest Diary: Xavier Mertens - Playing with IP Reputation with Dshield & OSSEC
2015-05-29	Russell Eubanks	Trust But Verify
2015-05-20	Brad Duncan	Logjam - vulnerabilities in Diffie-Hellman key exchange affect browsers and servers using TLS
2015-05-03	Russ McRee	VolDiff, for memory image differential analysis
2015-04-28	Daniel Wesemann	Scammy Nepal earthquake donation requests
2015-04-08	Tom Webb	Is it a breach or not?
2015-03-26	Daniel Wesemann	Pin-up on your Smartphone!
2015-03-18	Daniel Wesemann	Pass the hash!
2015-02-27	Rick Wanner	Let's Encrypt!
2015-02-17	Rob VandenBrink	A Different Kind of Equation
2015-02-11	Johannes Ullrich	Did PCI Just Kill E-Commerce By Saying SSL is Not Sufficient For Payment Info ? (spoiler: TLS!=SSL)
2015-02-10	Mark Baggett	Detecting Mimikatz Use On Your Network
2015-01-31	Guy Bruneau	Beware of Phishing and Spam Super Bowl Fans!
2014-11-27	Russ McRee	Syrian Electronic Army attack leads to malvertising
2014-09-27	Guy Bruneau	What has Bash and Heartbleed Taught Us?
2014-09-19	Guy Bruneau	CipherShed Fork from TrueCrypt Project, Support Windows, Mac OS and Linux - https://ciphershed.org
2014-09-12	Chris Mohan	Are credential dumps worth reviewing?
2014-08-29	Johannes Ullrich	False Positive or Not? Difficult to Analyze Javascript
2014-08-25	Jim Clausing	Unusual CRL traffic?
2014-08-25	Jim Clausing	UDP port 1900 DDoS traffic
2014-08-09	Adrien de Beaupre	Complete application ownage via Multi-POST XSRF
2014-08-04	Russ McRee	Threats & Indicators: A Security Intelligence Lifecycle
2014-07-30	Rick Wanner	Symantec Endpoint Protection Privilege Escalation Zero Day
2014-07-26	Chris Mohan	"Internet scanning project" scans
2014-07-09	Daniel Wesemann	Who owns your typo?
2014-07-02	Johannes Ullrich	Simple Javascript Extortion Scheme Advertised via Bing
2014-06-28	Mark Hofman	No more Microsoft advisory email notifications?
2014-06-24	Kevin Shortt	NTP DDoS Counts Have Dropped
2014-05-27	Kevin Shortt	Avast forums hacked
2014-05-23	Richard Porter	Highlights from Cisco Live 2014 - The Internet of Everything
2014-05-01	Johannes Ullrich	Busybox Honeypot Fingerprinting and a new DVR scanner
2014-04-26	Guy Bruneau	New Project by Linux Foundation - Core Infrastructure Initiative
2014-04-21	Daniel Wesemann	Allow us to leave!
2014-04-12	Guy Bruneau	Critical Security Update for JetPack WordPress Plugin. Bug has existed since Jetpack 1.9, released in October 2012. - http://jetpack.me/2014/04/10/jetpack-security-update/
2014-03-14	Richard Porter	Word Press Shenanigans? Anyone seeing strange activity today?
2014-03-13	Daniel Wesemann	Identification and authentication are hard ... finding out intention is even harder
2014-03-07	Tom Webb	Linux Memory Dump with Rekall
2014-03-04	Daniel Wesemann	Triple Handshake Cookie Cutter
2014-02-26	Russ McRee	Ongoing NTP Amplification Attacks
2014-02-14	Chris Mohan	Scanning activity for /siemens/bootstrapping/JnlpBrowser/Development/
2014-02-14	Chris Mohan	SYM14-004 Symantec Endpoint Protection Management Vulnerabilities - http://www.symantec.com/business/support/index?page=content&id=TECH214866
2014-02-03	Johannes Ullrich	When an Attack isn't an Attack
2014-01-31	Chris Mohan	Looking for packets from three particular subnets
2014-01-17	Russ McRee	Massive RFI scans likely a free web app vuln scanner rather than bots
2014-01-11	Guy Bruneau	tcpflow 1.4.4 and some of its most Interesting Features
2013-12-23	Rob VandenBrink	How-To's for the Holidays - Java Whitelisting using AD Group Policy
2013-12-20	Daniel Wesemann	authorized key lime pie
2013-12-16	Tom Webb	The case of Minerd
2013-12-10	Rob VandenBrink	Those Look Just Like Hashes!
2013-11-19	Johannes Ullrich	vBulletin.com Compromise - Possible 0-day
2013-10-25	Rob VandenBrink	Kaspersky flags TCPIP.SYS as Malware
2013-10-24	Johannes Ullrich	False Positive: php.net Malware Alert
2013-10-21	Johannes Ullrich	New tricks that may bring DNS spoofing back or: "Why you should enable DNSSEC even if it is a pain to do"
2013-10-19	Johannes Ullrich	Yet Another WHMCS SQL Injection Exploit
2013-10-12	Richard Porter	Reported Spike in tcp/5901 and tcp/5900
2013-10-05	Richard Porter	Adobe Breach Notification, Notifications?
2013-10-04	Pedro Bueno	CSAM: WebHosting BruteForce logs
2013-09-18	Rob VandenBrink	Cisco DCNM Update Released
2013-09-09	Johannes Ullrich	SSL is broken. So what?
2013-08-19	Johannes Ullrich	Running Snort on ESXi using the Distributed Switch
2013-08-14	Johannes Ullrich	Imaging LUKS Encrypted Drives
2013-08-13	Swa Frantzen	Microsoft security advisories: RDP and MD5 deprecation in Microsoft root certificates
2013-08-03	Deborah Hale	What Anti-virus Program Is Right For You?
2013-07-27	Scott Fendley	Defending Against Web Server Denial of Service Attacks
2013-07-17	Johannes Ullrich	Network Solutions Outage
2013-07-16	Johannes Ullrich	Why don't we see more examples of web app attacks via POST?
2013-07-06	Guy Bruneau	Is Metadata the Magic in Modern Network Security?
2013-07-04	Russ McRee	Celebrating 4th of July With a Malware PCAP Visualization
2013-07-01	Manuel Humberto Santander Pelaez	Using nmap scripts to enhance vulnerability asessment results
2013-06-18	Russ McRee	EMET 4.0 is now available for download
2013-06-18	Russ McRee	Volatility rules...any questions?
2013-06-07	Daniel Wesemann	100% Compliant (for 65% of the systems)
2013-05-23	Adrien de Beaupre	MoVP II
2013-05-22	Adrien de Beaupre	Privilege escalation, why should I care?
2013-05-22	Adrien de Beaupre	Apple QuickTime 7.7.4 for Windows updated, MANY security vulnerabilities: http://support.apple.com/kb/HT1222
2013-05-17	Johannes Ullrich	SSL: Another reason not to ignore IPv6
2013-05-11	Lenny Zeltser	Extracting Digital Signatures from Signed Malware
2013-05-07	Jim Clausing	Is there an epidemic of typo squatting?
2013-04-26	Russ McRee	What is "up to date anti-virus software"?
2013-04-25	Adam Swanger	Guest Diary: Dylan Johnson - A week in the life of some Perimeter Firewalls
2013-04-17	John Bambenek	UPDATEDx1: Boston-Related Malware Campaigns Have Begun - Now with Waco Plant Explosion Fun
2013-04-16	John Bambenek	Fake Boston Marathon Scams Update
2013-04-15	Rob VandenBrink	Oops - You Mean That Deleted Server was a Certificate Authority?
2013-04-04	Johannes Ullrich	Microsoft April Patch Tuesday Advance Notification
2013-03-29	Chris Mohan	Does your breach email notification look like a phish?
2013-03-23	Guy Bruneau	Apple ID Two-step Verification Now Available in some Countries
2013-03-07	Guy Bruneau	Apple Blocking Java Web plug-in
2013-03-03	Richard Porter	Uptick in MSSQL Activity
2013-02-17	Guy Bruneau	HP ArcSight Connector Appliance and Logger Vulnerabilities
2013-02-16	Lorna Hutcheson	Fedora RedHat Vulnerabilty Released
2013-02-11	John Bambenek	Is This Chinese Registrar Really Trying to XSS Me?
2013-02-08	Kevin Shortt	Is it Spam or Is it Malware?
2013-02-06	Johannes Ullrich	Are you losing system logging information (and don't know it)?
2013-02-04	Russ McRee	An expose of a recent SANS GIAC XSS vulnerability
2013-01-25	Johannes Ullrich	Vulnerability Scans via Search Engines (Request for Logs)
2013-01-15	Russ McRee	Cisco introducing Cisco Security Notices 16 JAN 2013
2013-01-09	Rob VandenBrink	SQL Injection Flaw in Ruby on Rails
2013-01-03	Bojan Zdrnja	Memory acquisition traps
2013-01-03	Manuel Humberto Santander Pelaez	New year and new CA compromised
2012-12-27	John Bambenek	It's 3pm 2 days after Christmas, do you know where your unmanaged SSH keys are?
2012-12-18	Dan Goldberg	Mitigating the impact of organizational change: a risk assessment
2012-12-04	Johannes Ullrich	Where do your backup tapes go to die?
2012-12-03	Kevin Liston	Recent SSH vulnerabilities
2012-12-03	John Bambenek	John McAfee Exposes His Location in Photo About His Being on Run
2012-12-02	Guy Bruneau	Collecting Logs from Security Devices at Home
2012-11-06	Johannes Ullrich	What to watch out For on Election Day
2012-11-02	Daniel Wesemann	The shortcomings of anti-virus software
2012-10-30	Mark Hofman	Cyber Security Awareness Month - Day 30 - DSD 35 mitigating controls
2012-10-05	Richard Porter	Reports of a Distributed Injection Scan
2012-09-19	Kevin Liston	Volatility: 2.2 is Coming Soon
2012-09-11	Adam Swanger	Microsoft September 2012 Black Tuesday Update - Overview
2012-09-08	Guy Bruneau	Webmin Input Validation Vulnerabilities
2012-09-02	Lorna Hutcheson	Demonstrating the value of your Intrusion Detection Program and Analysts
2012-08-21	Adrien de Beaupre	YYABCAFU - Yes Yet Another Bleeping Critical Adobe Flash Update
2012-08-16	Johannes Ullrich	A Poor Man's DNS Anomaly Detection Script
2012-08-14	Rick Wanner	Microsoft August 2012 Black Tuesday Update - Overview
2012-07-31	Daniel Wesemann	SQL injection, lilupophilupop-style
2012-07-21	Rick Wanner	TippingPoint DNS Version Request increase
2012-07-18	Rob VandenBrink	Vote NO to Weak Encryption!
2012-07-18	Rob VandenBrink	Vote NO to Weak Keys!
2012-07-14	Tony Carothers	User Awareness and Education
2012-07-12	Rob VandenBrink	Today at SANSFIRE - Dude Your Car is PWND !
2012-07-05	Adrien de Beaupre	Microsoft advanced notification for July 2012 patch Tuesday
2012-07-02	Dan Goldberg	Storms of June 29th 2012 in Mid Atlantic region of the USA
2012-06-22	Kevin Liston	Investigator's Tool-kit: Timeline
2012-06-20	Raul Siles	CVE-2012-0217 (from MS12-042) applies to other environments too
2012-06-19	Daniel Wesemann	Vulnerabilityqueerprocessbrittleness
2012-06-13	Johannes Ullrich	Microsoft Certificate Updater
2012-05-22	Johannes Ullrich	nmap 6 released
2012-05-21	Kevin Shortt	DNS ANY Request Cannon - Need More Packets
2012-05-17	Johannes Ullrich	New IPv6 Video: IPv6 Router Advertisements https://isc.sans.edu/ipv6videos
2012-05-16	Johannes Ullrich	Avira Antivirus false positives http://forum.avira.com/wbb/index.php?page=Thread&threadID=144875
2012-05-07	Guy Bruneau	iOS 5.1.1 Software Update for iPod, iPhone, iPad
2012-04-26	Richard Porter	Define Irony: A medical device with a Virus?
2012-04-21	Guy Bruneau	WordPress Release Security Update
2012-04-13	Daniel Wesemann	Anti-virus scanning exclusions
2012-03-16	Russ McRee	MS12-020 RDP vulnerabilities: Patch, Mitigate, Detect
2012-03-03	Jim Clausing	New automated sandbox for Android malware
2012-02-08	Jim Clausing	Chrome to stop checking Certificate Revocation List (CRL)?
2012-01-12	Rob VandenBrink	Stuff I Learned Scripting - Fun with STDERR
2012-01-05	Russ McRee	OpenSSL vulnerability fixes
2012-01-03	Bojan Zdrnja	The tale of obfuscated JavaScript continues
2011-12-25	Deborah Hale	Merry Christmas, Happy Holidays
2011-12-21	Chris Mohan	The off switch
2011-12-12	Daniel Wesemann	You won 100$ or a free iPad!
2011-12-08	Adrien de Beaupre	Microsoft Security Bulletin Advance Notification for December 2011
2011-12-01	Mark Hofman	SQL Injection Attack happening ATM
2011-11-11	Rick Wanner	APPLE-SA-2011-11-10-2 Time Capsule and AirPort Base Station (802.11n) Firmware 7.6 update
2011-11-10	Rob VandenBrink	Stuff I Learned Scripting - - Parsing XML in a One-Liner
2011-11-07	Rob VandenBrink	Stuff I Learned Scripting - Evaluating a Remote SSL Certificate
2011-11-03	Richard Porter	An Apple, Inc. Sandbox to play in.
2011-11-01	Russ McRee	Secure languages & frameworks
2011-10-29	Richard Porter	The Sub Critical Control? Evidence Collection
2011-10-28	Russ McRee	Critical Control 19: Data Recovery Capability
2011-10-28	Daniel Wesemann	Critical Control 20: Security Skills Assessment and Training to fill Gaps
2011-10-27	Mark Baggett	Critical Control 18: Incident Response Capabilities
2011-10-26	Rick Wanner	Critical Control 17:Penetration Tests and Red Team Exercises
2011-10-26	Rob VandenBrink	The Theoretical "SSL Renegotiation" Issue gets a Whole Lot More Real !
2011-10-25	Chris Mohan	Recurring reporting made easy?
2011-10-17	Rob VandenBrink	Critical Control 11: Account Monitoring and Control
2011-10-02	Mark Hofman	Cyber Security Awareness Month Day 1/2 - Schedule
2011-10-02	Mark Hofman	Cyber Security Awareness Month Day 1/2 - Introduction to the controls
2011-09-19	Guy Bruneau	MS Security Advisory Update - Fraudulent DigiNotar Certificates
2011-09-09	Guy Bruneau	Apple Certificate Trust Policy Update
2011-09-09	Guy Bruneau	Adobe Publish its List of Trusted Root Certificate - http://www.adobe.com/security/approved-trust-list.html
2011-09-08	Rob VandenBrink	When Good CA's go Bad: Other Things to Check in Your Datacenter
2011-09-05	Bojan Zdrnja	Bitcoin – crypto currency of future or heaven for criminals?
2011-08-26	Daniel Wesemann	User Agent 007
2011-08-24	Rob VandenBrink	Citrix Access Gateway Cross Site Scripting vulnerability and fix ==> http://support.citrix.com/article/CTX129971
2011-08-17	Rob VandenBrink	Putting all of Your Eggs in One Basket - or How NOT to do Layoffs
2011-08-16	Johannes Ullrich	What are the most dangerous web applications and how to secure them?
2011-08-15	Rob VandenBrink	8 Years since the Eastern Seaboard Blackout - Has it Been that Long?
2011-08-11	Guy Bruneau	BlackBerry Enterprise Server Critical Update
2011-08-04	Jim Clausing	Apple release Quicktime 7.7 fixes 14 CVEs, see http://support.apple.com/kb/HT1222
2011-07-30	Deborah Hale	Data Encryption Ban? Really?
2011-07-29	Richard Porter	Apple Lion talking on TCP 5223
2011-07-28	Johannes Ullrich	Announcing: The "404 Project"
2011-07-11	John Bambenek	Another Defense Contractor Hacked in AntiSec Hacktivism Spree
2011-07-05	Raul Siles	Helping Developers Understand Security - Spot the Vuln
2011-07-03	Deborah Hale	Business Continuation in the Face of Disaster
2011-06-22	Guy Bruneau	How Good is your Employee Termination Policy?
2011-06-21	Chris Mohan	StartSSL, a web authentication authority, suspend services after a security breach
2011-06-12	Mark Hofman	Cloud thoughts
2011-06-09	Richard Porter	One Browser to Rule them All?
2011-06-06	Johannes Ullrich	The Havij SQL Injection Tool
2011-06-02	Johannes Ullrich	Some Insight into Apple's Anti-Virus Signatures
2011-05-31	Johannes Ullrich	Apple Improving OS X Anti-Malware Feature
2011-05-30	Johannes Ullrich	Lockheed Martin and RSA Tokens
2011-05-19	Daniel Wesemann	Fake AV Bingo
2011-05-18	Bojan Zdrnja	Android, HTTP and authentication tokens
2011-05-12	Johannes Ullrich	ActiveX Flaw Affecting SCADA systems
2011-04-28	Chris Mohan	DSL Reports advise 9,000 accounts were compromised
2011-04-25	Rob VandenBrink	Sony PlayStation Network Outage - Day 5
2011-04-22	Manuel Humberto Santander Pelaez	In-house developed applications: The constant headache for the information security officer
2011-04-19	Bojan Zdrnja	SQL injection: why can’t we learn?
2011-04-03	Richard Porter	Extreme Disclosure? Not yet but a great trend!
2011-04-01	John Bambenek	LizaMoon Mass SQL-Injection Attack Infected at least 500k Websites
2011-03-17	Kevin Liston	So You Got an AV Alert. Now What?
2011-03-09	Kevin Shortt	AVG Anti-Virus 2011 False Positives - Luhe.Exploit.PDF.B
2011-03-07	Lorna Hutcheson	Call for Packets - Unassigned TCP Options
2011-03-01	Daniel Wesemann	AV software and "sharing samples"
2011-02-14	Lorna Hutcheson	Network Visualization
2011-02-08	Johannes Ullrich	Tippingpoint Releases Details on Unpatched Bugs
2011-02-05	Guy Bruneau	OpenSSH Legacy Certificate Information Disclosure Vulnerability
2011-02-04	Daniel Wesemann	Oh, just click "yes"
2011-01-25	Chris Mohan	Reviewing our preconceptions
2011-01-24	Rob VandenBrink	Where have all the COM Ports Gone? - How enumerating COM ports led to me finding a “misplaced” Microsoft tool
2011-01-18	Daniel Wesemann	Yet another rogue anti-virus
2011-01-12	Richard Porter	How Many Loyalty Cards do you Carry?
2011-01-12	Richard Porter	Yet Another Data Broker? AOL Lifestream.
2011-01-03	Johannes Ullrich	What Will Matter in 2011
2010-12-25	Manuel Humberto Santander Pelaez	An interesting vulnerability playground to learn application vulnerabilities
2010-12-18	Raul Siles	Where are the Wi-Fi Driver Vulnerabilities?
2010-12-15	Manuel Humberto Santander Pelaez	Vulnerability in the PDF distiller of the BlackBerry Attachment Service
2010-12-12	Raul Siles	Apple Quickime 7.6.9 was released a few days ago (just in case you missed it): http://support.apple.com/kb/HT1222. Update all your web browser plugins!
2010-12-12	Raul Siles	New trend regarding web application vulnerabilities?
2010-12-02	Kevin Johnson	SQL Injection: Wordpress 3.0.2 released
2010-11-24	Bojan Zdrnja	Privilege escalation 0-day in almost all Windows versions
2010-11-11	Daniel Wesemann	Fake AV scams via Skype Chat
2010-11-07	Adrien de Beaupre	Change your clocks?
2010-11-04	Johannes Ullrich	Microsoft Smart Screen False Positivies
2010-11-02	Johannes Ullrich	Limited Malicious Search Engine Poisoning for Election
2010-10-22	Manuel Humberto Santander Pelaez	Intypedia project
2010-10-04	Mark Hofman	Online Voting
2010-09-26	Daniel Wesemann	Egosurfing, the corporate way
2010-09-25	Rick Wanner	Guest Diary: Andrew Hunt - Visualizing the Hosting Patterns of Modern Cybercriminals
2010-09-21	Johannes Ullrich	Implementing two Factor Authentication on the Cheap
2010-08-30	Adrien de Beaupre	Apple QuickTime potential vulnerability/backdoor
2010-08-23	Manuel Humberto Santander Pelaez	Firefox plugins to perform penetration testing activities
2010-08-16	Raul Siles	The Seven Deadly Sins of Security Vulnerability Reporting
2010-08-16	Raul Siles	Blind Elephant: A New Web Application Fingerprinting Tool
2010-08-15	Manuel Humberto Santander Pelaez	Obfuscated SQL Injection attacks
2010-08-15	Manuel Humberto Santander Pelaez	Python to test web application security
2010-08-13	Guy Bruneau	QuickTime Security Updates
2010-08-13	Guy Bruneau	Shadowserver Binary Whitelisting Service
2010-08-03	Johannes Ullrich	When Lightning Strikes
2010-07-24	Manuel Humberto Santander Pelaez	Transmiting logon information unsecured in the network
2010-07-23	Mark Hofman	vBulletin vB 3.8.6 vulnerability
2010-07-18	Manuel Humberto Santander Pelaez	SAGAN: An open-source event correlation system - Part 1: Installation
2010-07-13	Jim Clausing	VMware Studio Security Update
2010-06-29	Johannes Ullrich	How to be a better spy: Cyber security lessons from the recent russian spy arrests
2010-06-27	Manuel Humberto Santander Pelaez	Study of clickjacking vulerabilities on popular sites
2010-06-18	Tom Liston	IMPORTANT INFORMATION: Distributed SSH Brute Force Attacks
2010-06-15	Manuel Humberto Santander Pelaez	TCP evasions for IDS/IPS
2010-06-15	Manuel Humberto Santander Pelaez	iPhone 4 Order Security Breach Exposes Private Information
2010-06-14	Manuel Humberto Santander Pelaez	Another way to get protection for application-level attacks
2010-06-14	Manuel Humberto Santander Pelaez	Rogue facebook application acting like a worm
2010-06-09	Deborah Hale	Mass Infection of IIS/ASP Sites
2010-06-07	Manuel Humberto Santander Pelaez	Software Restriction Policy to keep malware away
2010-06-06	Manuel Humberto Santander Pelaez	Nice OS X exploit tutorial
2010-05-26	Bojan Zdrnja	Malware modularization and AV detection evasion
2010-05-12	Rob VandenBrink	Adobe Shockwave Update
2010-05-04	Rick Wanner	SIFT review in the ISSA Toolsmith
2010-04-26	Raul Siles	Vulnerable Sites Database
2010-04-22	John Bambenek	Data Redaction: You're Doing it Wrong
2010-04-21	Guy Bruneau	McAfee DAT 5958 Update Issues
2010-04-21	Guy Bruneau	Google Chrome Security Update v4.1.249.1059 Released: http://googlechromereleases.blogspot.com/2010/04/stable-update-security-fixes.html
2010-04-20	Raul Siles	Are You Ready for a Transportation Collapse...?
2010-04-18	Guy Bruneau	Some NetSol hosted sites breached
2010-04-13	Adrien de Beaupre	Web App Testing Tools
2010-04-08	Bojan Zdrnja	JavaScript obfuscation in PDF: Sky is the limit
2010-04-06	Daniel Wesemann	Application Logs
2010-04-04	Mari Nichols	Financial Management of Cyber Risk
2010-04-02	Guy Bruneau	Firefox 3.6.3 fix for CVE-2010-1121 http://www.mozilla.org/security/announce/2010/mfsa2010-25.html
2010-04-02	Guy Bruneau	Security Advisory for ESX Service Console
2010-04-02	Guy Bruneau	Apple QuickTime and iTunes Security Update
2010-04-02	Guy Bruneau	Oracle Java SE and Java for Business Critical Patch Update Advisory
2010-03-30	Pedro Bueno	VMWare Security Advisories Out
2010-03-29	Adrien de Beaupre	OOB Update for Internet Explorer MS10-018
2010-03-27	Guy Bruneau	HP-UX Running NFS/ONCplus, Inadvertently Enabled NFS
2010-03-21	Scott Fendley	Skipfish - Web Application Security Tool
2010-03-10	Rob VandenBrink	Microsoft Security Advisory 981374 - Remote Code Execution Vulnerability for IE6 and IE7
2010-03-10	Rob VandenBrink	Microsoft re-release of KB973811 - attacks on Extended Protection for Authentication
2010-03-08	Raul Siles	Samurai WTF 0.8
2010-03-06	Tony Carothers	Integration and the Security of New Technologies
2010-03-05	Kyle Haugsness	Javascript obfuscators used in the wild
2010-02-22	Rob VandenBrink	New Risks in Penetration Testing
2010-02-21	Patrick Nolan	Looking for "more useful" malware information? Help develop the format.
2010-02-20	Mari Nichols	Is "Green IT" Defeating Security?
2010-02-17	Rob VandenBrink	Defining Clouds - " A Cloud by any Other Name Would be a Lot Less Confusing"
2010-02-15	Johannes Ullrich	Various Olympics Related Dangerous Google Searches
2010-02-11	Deborah Hale	Critical Update for AD RMS
2010-02-06	Guy Bruneau	LANDesk Management Gateway Vulnerability
2010-01-29	Adrien de Beaupre	Neo-legacy applications
2010-01-24	Pedro Bueno	Outdated client applications
2010-01-17	Rick Wanner	Buffer overflow in Quicktime
2010-01-14	Bojan Zdrnja	Rogue AV exploiting Haiti earthquake
2010-01-13	Johannes Ullrich	SMS Donations Advertised via Twitter
2010-01-12	Johannes Ullrich	Haiti Earthquake: Possible scams / malware
2009-12-19	Deborah Hale	Educationing Our Communities
2009-12-16	Rob VandenBrink	Beware the Attack of the Christmas Greeting Cards !
2009-12-14	Adrien de Beaupre	Anti-forensics, COFEE vs. DECAF
2009-12-07	Rob VandenBrink	Layer 2 Network Protections – reloaded!
2009-12-05	Guy Bruneau	Java JRE Buffer and Integer Overflow
2009-12-03	Mark Hofman	Avast false positives
2009-12-02	Rob VandenBrink	SPAM and Malware taking advantage of H1N1 concerns
2009-11-29	Patrick Nolan	A Cloudy Weekend
2009-11-25	Jim Clausing	Updates to my GREM Gold scripts and a new script
2009-11-13	Adrien de Beaupre	TLS & SSLv3 renegotiation vulnerability explained
2009-11-11	Rob VandenBrink	Layer 2 Network Protections against Man in the Middle Attacks
2009-11-02	Rob VandenBrink	Microsoft releases v1.02 of Enhanced Mitigation Evaluation Toolkit (EMET)
2009-10-30	Rob VandenBrink	New version of NIST 800-41, Firewalls and Firewall Policy Guidelines
2009-10-27	Rob VandenBrink	New VMware Desktop Products Released (Workstation, Fusion, ACE)
2009-10-20	Raul Siles	WASC 2008 Statistics
2009-10-09	Rob VandenBrink	THAWTE to discontinue free Email Certificate Services and Web of Trust Service
2009-10-04	Guy Bruneau	Samba Security Information Disclosure and DoS
2009-10-02	Stephen Hall	Cyber Security Awareness Month - Day 2 - Port 0
2009-09-25	Lenny Zeltser	Categories of Common Malware Traits
2009-09-17	Bojan Zdrnja	Why is Rogue/Fake AV so successful?
2009-09-16	Raul Siles	Review the security controls of your Web Applications... all them!
2009-09-12	Jim Clausing	Apple Updates
2009-09-07	Lorna Hutcheson	Encrypting Data
2009-09-05	Mark Hofman	Critical Infrastructure and dependencies
2009-09-04	Adrien de Beaupre	Fake anti-virus
2009-08-29	Guy Bruneau	Immunet Protect - Cloud and Community Malware Protection
2009-08-28	Adrien de Beaupre	WPA with TKIP done
2009-08-19	Daniel Wesemann	Checking your protection
2009-08-18	Deborah Hale	Website compromises - what's happening?
2009-08-13	Johannes Ullrich	CA eTrust update crashes systems
2009-08-13	Jim Clausing	Tools for extracting files from pcaps
2009-08-08	Guy Bruneau	XML Libraries Data Parsing Vulnerabilities
2009-08-01	Deborah Hale	Website Warnings
2009-07-31	Deborah Hale	Don't forget to tell your SysAdmin Thanks
2009-07-28	Adrien de Beaupre	YYAMCCBA
2009-07-27	Raul Siles	New Hacker Challenge: Prison Break - Breaking, Entering & Decoding
2009-07-26	Jim Clausing	New Volatility plugins
2009-07-23	John Bambenek	Missouri Passes Breach Notification Law: Gap Still Exists for Banking Account Information
2009-07-16	Bojan Zdrnja	OWC exploits used in SQL injection attacks
2009-07-13	Adrien de Beaupre	Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution
2009-07-13	Adrien de Beaupre	* Infocon raised to yellow for Excel Web Components ActiveX vulnerability
2009-07-12	Mari Nichols	CA Apologizes for False Positive
2009-07-11	Marcus Sachs	Imageshack
2009-07-10	Guy Bruneau	WordPress Fixes Multiple vulnerabilities
2009-06-30	Chris Carboni	Obfuscated Code
2009-06-30	Chris Carboni	De-Obfuscation Submissions
2009-06-27	Tony Carothers	New NIAP Strategy on the Horizon
2009-06-21	Bojan Zdrnja	Apache HTTP DoS tool mitigation
2009-06-16	Bojan Zdrnja	Iranian hacktivism
2009-06-16	John Bambenek	Iran Internet Blackout: Using Twitter for Operational Intelligence
2009-06-11	Rick Wanner	MIR-ROR Motile Incident Response - Respond Objectively Remediate
2009-06-11	Rick Wanner	WHO Declares Flu A(H1N1) a Pandemic
2009-06-02	Deborah Hale	Another Quicktime Update
2009-05-29	Lorna Hutcheson	VMWare Patches Released
2009-05-28	Jim Clausing	More new volatility plugins
2009-05-26	Jason Lam	A new Web application security blog
2009-05-20	Tom Liston	Web Toolz
2009-05-19	Bojan Zdrnja	Advanced blind SQL injection (with Oracle examples)
2009-05-15	Daniel Wesemann	Warranty void if seal shredded?
2009-05-09	Patrick Nolan	Shared SQL Injection Lessons Learned blog item
2009-04-24	John Bambenek	Data Leak Prevention: Proactive Security Requirements of Breach Notification Laws
2009-04-21	Bojan Zdrnja	Web application vulnerabilities
2009-04-07	Bojan Zdrnja	Advanced JavaScript obfuscation (or why signature scanning is a failure)
2009-03-26	Mark Hofman	Sanitising media
2009-03-22	Mari Nichols	Dealing with Security Challenges
2009-03-20	Stephen Hall	Making the most of your runbooks
2009-03-10	Swa Frantzen	TinyURL and security
2009-03-02	Swa Frantzen	Obama's leaked chopper blueprints: anything we can learn?
2009-03-01	Jim Clausing	Cool combination of tools
2009-02-14	Deborah Hale	Microsoft Time Sync Appears to Down
2009-02-12	Mark Hofman	Australian Bushfires
2009-02-11	Robert Danford	ProFTPd SQL Authentication Vulnerability exploit activity
2009-02-06	Adrien de Beaupre	Fake stimulus payments
2009-01-25	Rick Wanner	Twam?? Twammers?
2009-01-20	Adrien de Beaupre	Obamamania
2009-01-12	William Salusky	Web Application Firewalls (WAF) - Have you deployed WAF technology?
2009-01-02	Mark Hofman	Blocking access to MD5 signed certs
2008-12-12	Johannes Ullrich	MSIE 0-day Spreading Via SQL Injection
2008-12-04	Bojan Zdrnja	Finjan blocking access to isc.sans.org
2008-12-01	Jason Lam	Input filtering and escaping in SQL injection mitigation
2008-11-25	Andre Ludwig	The beginnings of a collaborative approach to IDS
2008-11-20	Jason Lam	Large quantity SQL Injection mitigation
2008-11-17	Jim Clausing	Finding stealth injected DLLs
2008-11-16	Maarten Van Horenbeeck	Detection of Trojan control channels
2008-11-02	Adrien de Beaupre	Daylight saving time
2008-09-29	Daniel Wesemann	ASPROX mutant
2008-09-22	Maarten Van Horenbeeck	Data exfiltration and the use of anonymity providers
2008-09-22	Jim Clausing	Lessons learned from the Palin (and other) account hijacks
2008-09-21	Mari Nichols	You still have time!
2008-09-20	Rick Wanner	New (to me) nmap Features
2008-09-15	donald smith	Fake antivirus 2009 and search engine results
2008-09-11	David Goldsmith	CookieMonster is coming to Pown (err, Town)
2008-09-09	Swa Frantzen	Apple updates iTunes+QuickTime
2008-09-08	Raul Siles	Quick Analysis of the 2007 Web Application Security Statistics
2008-09-07	Daniel Wesemann	Staying current, but not too current
2008-09-03	Daniel Wesemann	Static analysis of Shellcode - Part 2
2008-09-01	John Bambenek	The Number of Machines Controlled by Botnets Has Jumped 4x in Last 3 Months
2008-08-23	Mark Hofman	SQL injections - an update
2008-08-15	Jim Clausing	Another MS update that may have escaped notice
2008-08-15	Jim Clausing	WebEx ActiveX buffer overflow
2008-08-10	Stephen Hall	From lolly pops to afterglow
2008-08-08	Mark Hofman	More SQL Injections - very active right now
2008-08-03	Deborah Hale	Securing A Network - Lessons Learned
2008-08-02	Maarten Van Horenbeeck	A little of that human touch
2008-07-24	Bojan Zdrnja	What's brewing in Danmec's pot?
2008-07-22	Mari Nichols	‘Cold Boot’ Attack Utility Tools
2008-07-14	Daniel Wesemann	Obfuscated JavaScript Redux
2008-07-07	Scott Fendley	Microsoft Snapshot Viewer Security Advisory
2008-07-07	Pedro Bueno	Bad url classification
2008-06-30	Marcus Sachs	More SQL Injection with Fast Flux hosting
2008-06-25	Deborah Hale	Report of Coreflood.dr Infection
2008-06-24	Jason Lam	SQL Injection mitigation in ASP
2008-06-24	Jason Lam	Microsoft SQL Injection Prevention Strategy
2008-06-23	donald smith	Preventing SQL injection
2008-06-13	Johannes Ullrich	SQL Injection: More of the same
2008-06-13	Johannes Ullrich	Floods: More of the same (2)
2008-06-10	Swa Frantzen	Upgrade to QuickTime 7.5
2008-06-01	Mark Hofman	Free Yahoo email account! Sign me up, Ok well maybe not.
2008-05-29	Joel Esler	Creative Software AutoUpdate Engine ActiveX stack buffer overflow
2008-05-26	Marcus Sachs	Predictable Response
2008-05-23	Mike Poor	Cisco IOS Rootkit thoughts
2008-05-20	Raul Siles	List of malicious domains inserted through SQL injection
2008-05-17	Jim Clausing	Disaster donation scams continue
2008-04-24	donald smith	Hundreds of thousands of SQL injections
2008-04-16	Bojan Zdrnja	The 10.000 web sites infection mystery solved
2008-04-07	John Bambenek	HP USB Keys Shipped with Malware for your Proliant Server
2008-04-07	John Bambenek	Network Solutions Technical Difficulties? Enom too
2008-04-06	Daniel Wesemann	Advanced obfuscated JavaScript analysis
2008-04-03	Bojan Zdrnja	Mixed (VBScript and JavaScript) obfuscation
2008-04-03	Bojan Zdrnja	A bag of vulnerabilities (and fixes) in QuickTime
2008-03-29	Patrick Nolan	Two ITIL v3 Resources
2008-03-27	Maarten Van Horenbeeck	Guarding the guardians: a story of PGP key ring theft
2008-03-24	Maarten Van Horenbeeck	Overview of cyber attacks against Tibetan communities
2008-03-21	Maarten Van Horenbeeck	Cyber attacks against Tibetan communities
2008-03-14	Kevin Liston	2117966.net-- mass iframe injection
2008-03-12	Joel Esler	Don't use G-Archiver
2008-01-09	Bojan Zdrnja	Mass exploits with SQL Injection
2007-02-24	Jason Lam	Prepared Statements and SQL injections
2006-10-30	William Salusky	ToD - Configuration Management - maintaining security awareness
2006-09-29	Kevin Liston	A Report from the Field
2006-09-15	Swa Frantzen	MSIE DirectAnimation ActiveX 0-day update
2006-09-12	Swa Frantzen	Apple Quicktime 7.1.3 released