Date Author Title
2024-10-07Xavier MertensmacOS Sequoia: System/Network Admins, Hold On!
2024-04-22Jan KoprivaIt appears that the number of industrial devices accessible from the internet has risen by 30 thousand over the past three years
2024-01-29Johannes UllrichExploit Flare Up Against Older Altassian Confluence Vulnerability
2023-05-03Xavier MertensIncreased Number of Configuration File Scans
2023-02-22Johannes UllrichInternet Wide Scan Fingerprinting Confluence Servers
2023-02-15Rob VandenBrinkDNS Recon Redux - Zone Transfers (plus a time machine) for When You Can't do a Zone Transfer
2022-11-14Jesse La GrewExtracting 'HTTP CONNECT' Requests with Python
2022-07-19Johannes UllrichRequests For beacon.http-get. Help Us Figure Out What They Are Looking For
2022-05-03Rob VandenBrinkFinding the Real "Last Patched" Day (Interim Version)
2022-04-29Rob VandenBrinkUsing Passive DNS sources for Reconnaissance and Enumeration
2022-03-13Didier StevensYARA 4.2.0 Released
2022-02-20Didier StevensVideo: YARA's Console Module
2022-01-30Didier StevensYARA's Console Module
2021-12-16Brad DuncanHow the "Contact Forms" campaign tricks people
2021-12-14Johannes UllrichLog4j: Getting ready for the long haul (CVE-2021-44228)
2021-08-19Johannes UllrichWhen Lightning Strikes. What works and doesn't work.
2021-08-13Guy BruneauScanning for Microsoft Exchange eDiscovery
2021-07-08Xavier MertensUsing Sudo with Python For More Security Controls
2021-05-23Didier StevensVideo: Making Sense Of Encrypted Cobalt Strike Traffic
2021-05-12Jan KoprivaNumber of industrial control systems on the internet is lower then in 2020...but still far from zero
2021-04-22Xavier MertensHow Safe Are Your Docker Images?
2021-04-19Jan KoprivaHunting phishing websites with favicon hashes
2021-04-18Didier StevensDecoding Cobalt Strike Traffic
2021-04-12Didier StevensExample of Cleartext Cobalt Strike Traffic (Thanks Brad)
2021-03-07Didier StevensPCAPs and Beacons
2020-12-13Didier StevensKringleCon 2020
2020-09-29Xavier MertensManaging Remote Access for Partners & Contractors
2020-09-17Xavier MertensSuspicious Endpoint Containment with OSSEC
2020-08-04Johannes UllrichInternet Choke Points: Concentration of Authoritative Name Servers
2020-02-27Xavier MertensOffensive Tools Are For Blue Teams Too
2020-01-27Johannes UllrichNetwork Security Perspective on Coronavirus Preparedness
2020-01-04Didier StevensKringleCon 2019
2019-11-22Xavier MertensAbusing Web Filters Misconfiguration for Reconnaissance
2019-10-19Russell EubanksWhat Assumptions Are You Making?
2019-09-27Xavier MertensNew Scans for Polycom Autoconfiguration Files
2019-09-19Xavier MertensBlocklisting or Whitelisting in the Right Way
2019-07-25Rob VandenBrinkWhen Users Attack! Users (and Admins) Thwarting Security Controls
2019-07-18Rob VandenBrinkThe Other Side of Critical Control 1: 802.1x Wired Network Access Controls
2019-03-20Rob VandenBrinkUsing AD to find hosts that aren't in AD - fun with the [IPAddress] construct!
2018-12-22Didier StevensKringleCon 2018
2018-05-30Bojan ZdrnjaThe end of the lock icon
2018-03-12Xavier MertensPayload delivery via SMB
2017-07-24Russell EubanksTrends Over Time
2017-06-10Russell EubanksAn Occasional Look in the Rear View Mirror
2017-05-06Xavier MertensThe story of the CFO and CEO...
2017-01-13Xavier MertensWho's Attacking Me?
2016-11-23Tom WebbMapping Attack Methodology to Controls
2016-10-08Russell EubanksUnauthorized Change Detected!
2016-09-13Rob VandenBrinkIf it's Free, YOU are the Product
2016-07-26Johannes UllrichCommand and Control Channels Using "AAAA" DNS Records
2016-07-15Xavier MertensName All the Things!
2016-06-01Xavier MertensDocker Containers Logging
2016-04-28Rob VandenBrinkDNS and DHCP Recon using Powershell
2016-01-09Xavier MertensVirtual Bitlocker Containers
2016-01-01Didier StevensFailure Is An Option
2015-12-21Daniel WesemannCritical Security Controls: Getting to know the unknown
2015-11-04Richard PorterApplication Aware and Critical Control 2
2015-05-29Russell EubanksTrust But Verify
2015-01-23Adrien de BeaupreInfocon change to yellow for Adobe Flash issues
2014-10-13Lorna HutchesonFor or Against: Port Security for Network Access Control
2014-09-26Richard PorterWhy We Have Moved to InfoCon:Yellow
2014-08-17Rick WannerPart 2: Is your home network unwittingly contributing to NTP DDOS attacks?
2014-07-28Guy BruneauManagement and Control of Mobile Device Security
2014-06-11Daniel WesemannHelp your pilot fly!
2014-05-22Johannes UllrichDiscontinuing Support for ISC Alert Task Bar Icon
2014-04-26Guy BruneauAndroid Users - Beware of Bitcoin Mining Malware
2014-04-14Kevin ShorttINFOCon Green: Heartbleed - on the mend
2014-04-11Guy BruneauHeartbleed Fix Available for Download for Cisco Products
2014-02-10Rob VandenBrinkA Tale of Two Admins (and no Change Control)
2014-01-11Guy Bruneautcpflow 1.4.4 and some of its most Interesting Features
2013-09-02Guy BruneauMultiple Cisco Security Notice
2013-05-01Daniel WesemannThe cost of cleaning up
2013-04-25Adam SwangerGuest Diary: Dylan Johnson - A week in the life of some Perimeter Firewalls
2013-03-13Mark BaggettWipe the drive! Stealthy Malware Persistence Mechanism - Part 1
2013-02-17Guy BruneauHP ArcSight Connector Appliance and Logger Vulnerabilities
2013-02-16Lorna HutchesonFedora RedHat Vulnerabilty Released
2013-01-10Rob VandenBrinkWhat Else runs Telnets? Or, Pentesters Love Video Conferencing Units Too!
2012-12-31Manuel Humberto Santander PelaezHow to determine which NAC solutions fits best to your needs
2012-11-23Rob VandenBrinkWhat's in Your Change Control Form?
2012-11-16Guy BruneauVMware security updates for vSphere API and ESX Service Console - http://www.vmware.com/security/advisories/VMSA-2012-0016.html
2012-07-02Dan GoldbergStorms of June 29th 2012 in Mid Atlantic region of the USA
2012-03-16Swa FrantzenINFOCON Yellow - Microsoft RDP - MS12-020
2011-11-03Richard PorterAn Apple, Inc. Sandbox to play in.
2011-10-29Richard PorterThe Sub Critical Control? Evidence Collection
2011-10-28Daniel WesemannCritical Control 20: Security Skills Assessment and Training to fill Gaps
2011-10-28Russ McReeCritical Control 19: Data Recovery Capability
2011-10-27Mark BaggettCritical Control 18: Incident Response Capabilities
2011-10-26Rick WannerCritical Control 17:Penetration Tests and Red Team Exercises
2011-10-17Rob VandenBrinkCritical Control 11: Account Monitoring and Control
2011-08-26Johannes UllrichSANS Virginia Beach Conference Canceled. Details: http://www.sans.org/virginia-beach-2011/
2011-08-26Johannes UllrichSome Hurricane Technology Tips
2011-07-03Deborah HaleBusiness Continuation in the Face of Disaster
2011-06-12Mark HofmanCloud thoughts
2010-12-26Manuel Humberto Santander PelaezISC infocon monitor app for OS X
2010-11-17Guy BruneauConficker B++ Activated on Nov 15
2010-11-17Guy BruneauCisco Unified Videoconferencing Affected by Multiple Vulnerabilities
2010-08-22Rick WannerFailure of controls...Spanair crash caused by a Trojan
2010-08-19Rob VandenBrinkChange is Good. Change is Bad. Change is Life.
2010-08-05Rob VandenBrinkAccess Controls for Network Infrastructure
2010-08-03Johannes UllrichWhen Lightning Strikes
2010-07-20Manuel Humberto Santander PelaezLowering infocon back to green
2010-06-14Manuel Humberto Santander PelaezPython on a microcontroller?
2010-06-07Manuel Humberto Santander PelaezSoftware Restriction Policy to keep malware away
2010-05-22Rick WannerSANS 2010 Digital Forensics Summit - APT Based Forensic Challenge
2010-04-20Raul SilesAre You Ready for a Transportation Collapse...?
2010-01-17Mark HofmanWhy not Yellow?
2009-11-25Jim ClausingUpdates to my GREM Gold scripts and a new script
2009-11-13Adrien de BeaupreConficker patch via email?
2009-10-22Adrien de BeaupreCyber Security Awareness Month - Day 22 port 502 TCP - Modbus
2009-10-15Deborah HaleYet another round of Viral Spam
2009-09-26Kyle HaugsnessConficker detection hints
2009-09-25Deborah HaleConficker Continues to Impact Networks
2009-09-23Marcus SachsAddendum to SRI's Conficker C Analysis Published
2009-07-18Patrick NolanChrome update contains Security fixes
2009-07-13Adrien de Beaupre* Infocon raised to yellow for Excel Web Components ActiveX vulnerability
2009-07-07Marcus Sachs* INFOCON Status - staying green
2009-04-20Jason LamDigital Content on TV
2009-04-16Adrien de BeaupreSome conficker lessons learned
2009-04-09Johannes UllrichConficker update with payload
2009-04-09Jim ClausingConficker Working Group site down
2009-04-05Marcus SachsOpen Source Conficker-C Scanner/Detector Released
2009-04-02Handlers A view from the CWG Trenches
2009-03-30Daniel WesemannLocate Conficker infected hosts with a network scan!
2009-03-29Chris CarboniApril 1st - What Will Really Happen?
2009-02-13Andre LudwigThird party information on conficker
2009-02-10Bojan ZdrnjaMore tricks from Conficker and VM detection
2009-02-09Bojan ZdrnjaSome tricks from Conficker's bag
2009-01-16G. N. WhiteConficker.B/Downadup.B/Kido: F-Secure publishes details pertaining to their counting methodology of compromised machines
2009-01-15Bojan ZdrnjaConficker's autorun and social engineering
2009-01-12William SaluskyDownadup / Conficker - MS08-067 exploit and Windows domain account lockout
2008-12-09Swa FrantzenContacting us might be hard today
2008-11-17Jim ClausingA new cheat sheet and a contest
2008-10-17Rick WannerDay 18 - Containing Other Incidents
2008-10-15Rick WannerDay 15 - Containing the Damage From a Lost or Stolen Laptop
2008-10-12Mari NicholsDay 12 Containment: Gathering Evidence That Can be Used in Court
2008-09-09Swa FrantzenEvil side economy: $1 for breaking 1000 CAPTCHAs
2008-09-03donald smithNew bgp hijack isn't very new.
2008-08-12Johannes UllrichUpcoming Infocon Test and new Color
2008-07-17Mari NicholsAdobe Reader 9 Released
2008-03-30Mark HofmanMail Anyone?
2006-10-02Jim ClausingBack to green, but the exploits are still running wild
2006-09-30Swa FrantzenYellow: WebViewFolderIcon setslice exploit spreading