FILE CARVING |
| 2014-01-11 | Guy Bruneau | tcpflow 1.4.4 and some of its most Interesting Features |
| 2013-08-26 | Alex Stanford | Stop, Drop and File Carve |
FILE |
| 2022-06-25/a> | Xavier Mertens | Malicious Code Passed to PowerShell via the Clipboard |
| 2022-06-04/a> | Guy Bruneau | Spam Email Contains a Very Large ISO file |
| 2022-06-03/a> | Xavier Mertens | Sandbox Evasion... With Just a Filename! |
| 2022-05-29/a> | Didier Stevens | Extracting The Overlay Of A PE File |
| 2022-05-28/a> | Didier Stevens | Huge Signed PE File: Keeping The Signature |
| 2022-05-26/a> | Didier Stevens | Huge Signed PE File |
| 2022-05-23/a> | Johannes Ullrich | Attacker Scanning for jQuery-File-Upload |
| 2022-05-20/a> | Xavier Mertens | A 'Zip Bomb' to Bypass Security Controls & Sandboxes |
| 2022-03-24/a> | Xavier Mertens | Malware Delivered Through Free Sharing Tool |
| 2021-09-11/a> | Guy Bruneau | Shipping to Elasticsearch Microsoft DNS Logs |
| 2021-05-02/a> | Didier Stevens | PuTTY And FileZilla Use The Same Fingerprint Registry Keys |
| 2021-04-10/a> | Guy Bruneau | Building an IDS Sensor with Suricata & Zeek with Logs to ELK |
| 2021-03-12/a> | Guy Bruneau | Microsoft DHCP Logs Shipped to ELK |
| 2021-02-12/a> | Xavier Mertens | AgentTesla Dropped Through Automatic Click in Microsoft Help File |
| 2020-06-12/a> | Xavier Mertens | Malicious Excel Delivering Fileless Payload |
| 2020-05-22/a> | Didier Stevens | Some Strings to Remember |
| 2020-05-04/a> | Didier Stevens | Sysmon and File Deletion |
| 2020-03-21/a> | Guy Bruneau | Honeypot - Scanning and Targeting Devices & Services |
| 2019-10-03/a> | Xavier Mertens | "Lost_Files" Ransomware |
| 2019-08-04/a> | Didier Stevens | Detecting ZLIB Compression |
| 2019-02-19/a> | Didier Stevens | Identifying Files: Failure Happens |
| 2018-11-05/a> | Johannes Ullrich | Struts 2.3 Vulnerable to Two Year old File Upload Flaw |
| 2017-11-29/a> | Xavier Mertens | Fileless Malicious PowerShell Sample |
| 2017-10-30/a> | Didier Stevens | PE files and debug info |
| 2017-10-24/a> | Xavier Mertens | Stop relying on file extensions |
| 2017-07-19/a> | Xavier Mertens | Bots Searching for Keys & Config Files |
| 2017-07-02/a> | Didier Stevens | PE Section Name Descriptions |
| 2017-05-26/a> | Lorna Hutcheson | File2pcap - A new tool for your toolkit! |
| 2016-08-24/a> | Xavier Mertens | Example of Targeted Attack Through a Proxy PAC File |
| 2016-05-21/a> | Didier Stevens | Python Malware - Part 2 |
| 2016-03-30/a> | Xavier Mertens | What to watch with your FIM? |
| 2016-01-20/a> | Xavier Mertens | /tmp, %TEMP%, ~/Desktop, T:\, ... A goldmine for pentesters! |
| 2015-07-12/a> | Didier Stevens | Jump List Files Are OLE Files |
| 2014-03-17/a> | Johannes Ullrich | Scans for FCKEditor File Manager |
| 2014-02-28/a> | Daniel Wesemann | Oversharing |
| 2014-01-11/a> | Guy Bruneau | tcpflow 1.4.4 and some of its most Interesting Features |
| 2013-08-26/a> | Alex Stanford | Stop, Drop and File Carve |
| 2013-08-21/a> | Alex Stanford | Psst. Your Browser Knows All Your Secrets. |
| 2011-11-28/a> | Tom Liston | A Puzzlement... |
| 2011-08-15/a> | Mark Hofman | How to find unwanted files on workstations |
| 2009-12-28/a> | Johannes Ullrich | 8 Basic Rules to Implement Secure File Uploads http://jbu.me/48 (inspired by IIS ; bug) |
| 2009-08-13/a> | Jim Clausing | Tools for extracting files from pcaps |
| 2009-06-27/a> | Tony Carothers | New NIAP Strategy on the Horizon |
| 2009-05-27/a> | donald smith | Host file black lists |
| 2009-05-25/a> | Jim Clausing | More tools for (US) Memorial Day |
| 2008-03-13/a> | Jason Lam | Remote File Include spoof!? |
CARVING |
| 2014-08-27/a> | Rob VandenBrink | One More Day of Trolling in POS Memory |
| 2014-01-11/a> | Guy Bruneau | tcpflow 1.4.4 and some of its most Interesting Features |
| 2013-08-26/a> | Alex Stanford | Stop, Drop and File Carve |
https://www.sans.edu
