Date Author Title

EXPLOIT KIT

2021-01-15Brad DuncanThrowback Friday: An Example of Rig Exploit Kit
2019-06-25Brad DuncanRig Exploit Kit sends Pitou.B Trojan
2019-06-17Brad DuncanAn infection from Rig exploit kit
2016-04-21Daniel WesemannDecoding Pseudo-Darkleech (#1)
2015-07-27Daniel WesemannAngler's best friends
2015-03-10Brad DuncanThreatglass has pcap files with exploit kit activity
2015-02-04Alex StanfordExploit Kit Evolution - Neutrino
2014-02-28Daniel WesemannFiesta!
2012-12-10Johannes UllrichYour CPA License has not been revoked
2011-12-06Pedro BuenoThe RedRet connection...
2011-11-22Pedro BuenoUpdates on ZeroAccess and BlackHole front...

EXPLOIT

2024-09-24/a>Johannes UllrichExploitation of RAISECOM Gateway Devices Vulnerability CVE-2024-7120
2024-07-16/a>Guy BruneauWho You Gonna Call? AndroxGh0st Busters! [Guest Diary]
2023-12-20/a>Guy BruneauHow to Protect your Webserver from Directory Enumeration Attack ? Apache2 [Guest Diary]
2023-12-16/a>Xavier MertensAn Example of RocketMQ Exploit Scanner
2023-04-18/a>Johannes UllrichUDDIs are back? Attackers rediscovering old exploits.
2023-03-16/a>Xavier MertensSimple Shellcode Dissection
2022-12-22/a>Guy BruneauExchange OWASSRF Exploited for Remote Code Execution
2022-06-10/a>Russ McReeEPSScall: An Exploit Prediction Scoring System App
2022-05-31/a>Xavier MertensFirst Exploitation of Follina Seen in the Wild
2022-05-07/a>Guy BruneauPhishing PDF Received in my ISC Mailbox
2022-03-31/a>Johannes UllrichSpring Vulnerability Update - Exploitation Attempts CVE-2022-22965
2022-02-22/a>Xavier MertensA Good Old Equation Editor Vulnerability Delivering Malware
2022-02-01/a>Xavier MertensAutomation is Nice But Don't Replace Your Knowledge
2022-01-25/a>Bojan ZdrnjaLocal privilege escalation vulnerability in polkit's pkexec (CVE-2021-4034)
2021-11-26/a>Guy BruneauSearching for Exposed ASUS Routers Vulnerable to CVE-2021-20090
2021-11-20/a>Guy BruneauHikvision Security Cameras Potentially Exposed to Remote Code Execution
2021-10-30/a>Guy BruneauRemote Desktop Protocol (RDP) Discovery
2021-10-16/a>Guy BruneauApache is Actively Scan for CVE-2021-41773 & CVE-2021-42013
2021-10-09/a>Guy BruneauScanning for Previous Oracle WebLogic Vulnerabilities
2021-06-26/a>Guy BruneauCVE-2019-9670: Zimbra Collaboration Suite XXE vulnerability
2021-06-12/a>Guy BruneauFortinet Targeted for Unpatched SSL VPN Discovery Activity
2021-06-11/a>Xavier MertensSonicwall SRA 4600 Targeted By an Old Vulnerability
2021-03-10/a>Rob VandenBrinkSharpRDP - PSExec without PSExec, PSRemoting without PowerShell
2021-01-15/a>Brad DuncanThrowback Friday: An Example of Rig Exploit Kit
2021-01-02/a>Guy BruneauProtecting Home Office and Enterprise in 2021
2020-08-22/a>Guy BruneauRemote Desktop (TCP/3389) and Telnet (TCP/23), What might they have in Common?
2020-08-08/a>Guy BruneauScanning Activity Include Netcat Listener
2020-07-19/a>Guy BruneauScanning Activity for ZeroShell Unauthenticated Access
2020-07-11/a>Guy BruneauVMware XPC Client validation privilege escalation vulnerability - https://www.vmware.com/security/advisories/VMSA-2020-0017.html
2020-07-11/a>Guy BruneauScanning Home Internet Facing Devices to Exploit
2020-05-16/a>Guy BruneauScanning for Outlook Web Access (OWA) & Microsoft Exchange Control Panel (ECP)
2019-10-20/a>Guy BruneauScanning Activity for NVMS-9000 Digital Video Recorder
2019-09-07/a>Guy BruneauUnidentified Scanning Activity
2019-06-25/a>Brad DuncanRig Exploit Kit sends Pitou.B Trojan
2019-06-17/a>Brad DuncanAn infection from Rig exploit kit
2019-04-27/a>Didier StevensQuick Tip for Dissecting CVE-2017-11882 Exploits
2019-04-22/a>Didier Stevens.rar Files and ACE Exploit CVE-2018-20250
2018-12-23/a>Guy BruneauScanning Activity, end Goal is to add Hosts to Mirai Botnet
2018-11-23/a>Didier StevensVideo: Dissecting a CVE-2017-11882 Exploit
2018-09-24/a>Didier StevensAnalyzing Encoded Shellcode with scdbg
2018-06-05/a>Xavier MertensMalicious Post-Exploitation Batch File
2018-05-20/a>Didier StevensDASAN GPON home routers exploits in-the-wild
2018-05-03/a>Renato MarinhoWebLogic Exploited in the Wild (Again)
2017-09-30/a>Lorna HutchesonWho's Borrowing your Resources?
2017-09-10/a>Didier StevensAnalyzing JPEG files
2017-02-25/a>Guy BruneauUnpatched Microsoft Edge and IE Bug
2017-01-07/a>Xavier MertensUsing Security Tools to Compromize a Network
2016-04-21/a>Daniel WesemannDecoding Pseudo-Darkleech (#1)
2016-03-13/a>Guy BruneauA Look at the Mandiant M-Trends 2016 Report
2015-07-27/a>Daniel WesemannAngler's best friends
2015-03-10/a>Brad DuncanThreatglass has pcap files with exploit kit activity
2015-02-04/a>Alex StanfordExploit Kit Evolution - Neutrino
2014-08-16/a>Lenny ZeltserWeb Server Attack Investigation - Installing a Bot and Reverse Shell via a PHP Vulnerability
2014-07-22/a>Daniel WesemannIvan's Order of Magnitude
2014-02-28/a>Daniel WesemannFiesta!
2014-02-13/a>Johannes UllrichLinksys Worm ("TheMoon") Captured
2014-02-12/a>Johannes UllrichSuspected Mass Exploit Against Linksys E1000 / E1200 Routers
2013-10-01/a>John Bambenek*Metaspoit Releases Module to Exploit Unpatched IE Vuln CVE-2013-3893
2013-09-20/a>Russ McReeThreat Level Yellow: Protection recommendations regarding Internet Explorer exploits in the wild
2013-05-22/a>Adrien de BeauprePrivilege escalation, why should I care?
2013-02-21/a>Pedro BuenoNBC site redirecting to Exploit kit
2013-02-17/a>Guy BruneauAdobe Acrobat and Reader Security Update Planned this Week
2013-02-13/a>Swa FrantzenMore adobe reader and acrobat (PDF) trouble
2013-01-05/a>Guy BruneauAdobe ColdFusion Security Advisory
2013-01-04/a>Guy Bruneau"FixIt" Patch for CVE-2012-4792 Bypassed
2012-12-10/a>Johannes UllrichYour CPA License has not been revoked
2012-12-02/a>Guy BruneauZero Day MySQL Buffer Overflow
2012-08-05/a>Daniel WesemannPhishing for Payroll with unpatched Java
2012-07-19/a>Mark BaggettA Heap of Overflows?
2012-06-18/a>Guy BruneauCVE-2012-1875 exploit is now available
2012-05-05/a>Tony CarothersVulnerability Exploit for Snow Leopard
2012-04-26/a>Richard PorterPacketstorm Security and Metasploit have Exploit code for MS12-027
2012-03-11/a>Johannes UllrichAn Analysis of Jester's QR Code Attack. (Guest Diary)
2011-12-08/a>Adrien de BeaupreNewest Adobe Flash 11.1.102.55 and Previous 0 Day Exploit
2011-12-06/a>Pedro BuenoThe RedRet connection...
2011-11-22/a>Pedro BuenoUpdates on ZeroAccess and BlackHole front...
2011-10-13/a>Johannes UllrichCritical OS X Vulnerability Patched
2011-05-06/a>Richard PorterUpdated Exploit Index for Microsoft
2011-03-29/a>Daniel WesemannMalware emails with fake cellphone invoice
2011-03-15/a>Lenny ZeltserLimiting Exploit Capabilities by Using Windows Integrity Levels
2011-03-09/a>Kevin ShorttAVG Anti-Virus 2011 False Positives - Luhe.Exploit.PDF.B
2011-02-16/a>Jason LamWindows 0-day SMB mrxsmb.dll vulnerability
2010-12-27/a>Johannes UllrichVarious sites "Owned and Exposed"
2010-12-13/a>Deborah HaleThe Week to Top All Weeks
2010-12-02/a>Kevin JohnsonProFTPD distribution servers compromised
2010-11-01/a>Manuel Humberto Santander PelaezCVE-2010-3654 exploit in the wild
2010-09-26/a>Daniel WesemannPDF analysis paper
2010-09-14/a>Adrien de BeaupreAdobe Flash v10.1.82.76 and earlier vulnerability in-the-wild
2010-09-13/a>Manuel Humberto Santander Pelaez Enhanced Mitigation Experience Toolkit can block Adobe 0-day exploit
2010-09-13/a>Manuel Humberto Santander PelaezAdobe SING table parsing exploit (CVE-2010-2883) in the wild
2010-09-02/a>Daniel WesemannSDF, please!
2010-08-22/a>Manuel Humberto Santander PelaezAnatomy of a PDF exploit
2010-06-15/a>Manuel Humberto Santander PelaezMicrosoft Windows Help and Support Center vulnerability (CVE 2010-1885) exploit in the wild
2010-06-06/a>Manuel Humberto Santander PelaezNice OS X exploit tutorial
2010-05-23/a>Manuel Humberto Santander PelaezOracle Java SE and Java for Business 'MixerSequencer' Remote Code Execution Vulnerability
2010-04-10/a>Andre LudwigNew bug/exploit for javaws
2010-02-08/a>Adrien de BeaupreWhen is a 0day not a 0day? Fake OpenSSh exploit, again.
2010-01-24/a>Pedro BuenoOutdated client applications
2010-01-19/a>Johannes UllrichUnpatched Microsoft Windows (all versions) Privilege Escalation Vulnerability Released
2010-01-12/a>Adrien de BeauprePoC for CVE-2009-0689 MacOS X 10.5/10.6 vulnerability
2009-12-05/a>Guy BruneauJava JRE Buffer and Integer Overflow
2009-11-16/a>G. N. WhiteReports of a successful exploit of the SSL Renegotiation Vulnerability?
2009-11-14/a>Adrien de BeaupreMicrosoft advisory for Windows 7 / Windows Server 2008 R2 Remote SMB DoS Exploit released
2009-11-12/a>Rob VandenBrinkWindows 7 / Windows Server 2008 Remote SMB Exploit
2009-10-21/a>Pedro BuenoWordPress Hardening
2009-09-16/a>Bojan ZdrnjaSMB2 remote exploit released
2009-08-31/a>Pedro BuenoMicrosoft IIS 5/6 FTP 0Day released
2009-08-18/a>Bojan ZdrnjaMS09-039 exploit in the wild?
2009-07-16/a>Bojan ZdrnjaOWC exploits used in SQL injection attacks
2009-07-15/a>Bojan ZdrnjaMake sure you update that Java
2009-07-13/a>Adrien de Beaupre* Infocon raised to yellow for Excel Web Components ActiveX vulnerability
2009-07-10/a>Guy BruneauWordPress Fixes Multiple vulnerabilities
2009-07-09/a>Bojan ZdrnjaOpenSSH 0day FUD
2009-06-12/a>Adrien de BeaupreGreen Dam
2009-06-08/a>Chris CarboniKloxo (formerly Lxadmin) Vulnerability Exploited
2009-05-06/a>Tom ListonFollow The Bouncing Malware: Gone With the WINS
2009-04-24/a>Pedro BuenoDid you check your conference goodies?
2009-04-14/a>Swa FrantzenVMware exploits - just how bad is it ?
2009-03-19/a>Mark HofmanBrowsers Tumble at CanSecWest
2009-03-18/a>Adrien de BeaupreAdobe Security Bulletin Adobe Reader and Acrobat
2009-02-25/a>Andre LudwigAdobe Acrobat pdf 0-day exploit, No JavaScript needed!
2009-02-25/a>Andre LudwigPreview/Iphone/Linux pdf issues
2008-08-26/a>John BambenekActive attacks using stolen SSH keys (UPDATED)
2008-05-07/a>Jim ClausingMore on automated exploit generation
2008-05-05/a>John BambenekDefenses Against Automated Patch-Based Exploit Generation
2008-04-24/a>Maarten Van HorenbeeckTargeted attacks using malicious PDF files
2008-04-18/a>John BambenekThe Patch Window is Gone: Automated Patch-Based Exploit Generation
2008-04-10/a>Deborah HaleSymantec Threatcon Level 2
2006-11-20/a>Joel EslerMS06-070 Remote Exploit

KIT

2024-10-09/a>Xavier MertensFrom Perfctl to InfoStealer
2024-01-22/a>Johannes UllrichApple Updates Everything - New 0 Day in WebKit
2022-09-21/a>Xavier MertensPhishing Campaigns Use Free Online Resources
2022-08-17/a>Johannes UllrichApple Patches Two Exploited Vulnerabilities
2022-01-25/a>Bojan ZdrnjaLocal privilege escalation vulnerability in polkit's pkexec (CVE-2021-4034)
2021-01-15/a>Brad DuncanThrowback Friday: An Example of Rig Exploit Kit
2020-10-09/a>Jan KoprivaPhishing kits as far as the eye can see
2020-10-02/a>Xavier MertensAnalysis of a Phishing Kit
2019-06-25/a>Brad DuncanRig Exploit Kit sends Pitou.B Trojan
2019-06-17/a>Brad DuncanAn infection from Rig exploit kit
2019-01-16/a>Brad DuncanEmotet infections and follow-up malware
2016-04-21/a>Daniel WesemannDecoding Pseudo-Darkleech (#1)
2016-02-26/a>Xavier MertensQuick Audit of *NIX Systems
2015-07-27/a>Daniel WesemannAngler's best friends
2015-03-10/a>Brad DuncanThreatglass has pcap files with exploit kit activity
2015-02-04/a>Alex StanfordExploit Kit Evolution - Neutrino
2014-07-22/a>Daniel WesemannIvan's Order of Magnitude
2014-04-24/a>Rob VandenBrinkApple IOS updates to 7.1.1, OSX Security update 2014-002, Airport Updates - http://support.apple.com/kb/HT1222, http://support.apple.com/kb/HT6208, http://support.apple.com/kb/HT6207, http://support.apple.com/kb/HT6203
2014-02-28/a>Daniel WesemannFiesta!
2013-02-21/a>Bojan ZdrnjaSSHD rootkit in the wild
2013-02-21/a>Pedro BuenoNBC site redirecting to Exploit kit
2012-12-10/a>Johannes UllrichYour CPA License has not been revoked
2012-03-11/a>Johannes UllrichAn Analysis of Jester's QR Code Attack. (Guest Diary)
2011-12-06/a>Pedro BuenoThe RedRet connection...
2011-11-22/a>Pedro BuenoUpdates on ZeroAccess and BlackHole front...
2011-07-02/a>Pedro BuenoBootkits, they are back at full speed...
2011-02-14/a>Richard PorterAnonymous Damage Control Anybody?
2010-11-18/a>Chris CarboniStopping the ZeroAccess Rootkit
2010-05-04/a>Rick WannerSIFT review in the ISSA Toolsmith
2010-02-19/a>Mark HofmanMS10-015 may cause Windows XP to blue screen (but only if you have malware on it)
2009-12-23/a>Johannes UllrichTell us about your Christmas Family Emergency Kit
2009-11-02/a>Rob VandenBrinkMicrosoft releases v1.02 of Enhanced Mitigation Evaluation Toolkit (EMET)
2008-05-25/a>Stephen HallCisco's Response to Rootkit presentation
2008-05-23/a>Mike PoorCisco IOS Rootkit thoughts