HTTP HEADER |
| 2025-03-27 | Johannes Ullrich | Sitecore "thumbnailsaccesstoken" Deserialization Scans (and some new reports) CVE-2025-27218 |
| 2011-07-10 | Raul Siles | Security Testing SSL/TLS (HTTPS) Implementations |
| 2011-02-15 | Jason Lam | HTTP headers fun |
HTTP |
| 2025-03-27/a> | Johannes Ullrich | Sitecore "thumbnailsaccesstoken" Deserialization Scans (and some new reports) CVE-2025-27218 |
| 2025-03-23/a> | Johannes Ullrich | Let's Talk About HTTP Headers. |
| 2025-02-26/a> | Jesse La Grew | [Guest Diary] Malware Source Servers: The Threat of Attackers Using Ephemeral Ports as Service Ports to Upload Data |
| 2025-02-07/a> | Jan Kopriva | SSL 2.0 turns 30 this Sunday... Perhaps the time has come to let it die? |
| 2023-11-07/a> | Johannes Ullrich | What's Normal: New uses of DNS, Discovery of Designated Resolvers (DDR) |
| 2023-08-01/a> | Johannes Ullrich | Summary of DNS over HTTPS requests against our honeypots. |
| 2023-03-31/a> | Jan Kopriva | Use of X-Frame-Options and CSP frame-ancestors security headers on 1 million most popular domains |
| 2023-03-15/a> | Jan Kopriva | IPFS phishing and the need for correctly set HTTP security headers |
| 2022-11-14/a> | Jesse La Grew | Extracting 'HTTP CONNECT' Requests with Python |
| 2022-08-26/a> | Guy Bruneau | HTTP/2 Packet Analysis with Wireshark |
| 2022-08-01/a> | Johannes Ullrich | A Little DDoS In the Morning |
| 2022-07-19/a> | Johannes Ullrich | Requests For beacon.http-get. Help Us Figure Out What They Are Looking For |
| 2022-01-12/a> | Johannes Ullrich | A Quick CVE-2022-21907 FAQ |
| 2021-10-11/a> | Johannes Ullrich | Things that go "Bump" in the Night: Non HTTP Requests Hitting Web Servers |
| 2021-09-28/a> | Jan Kopriva | TLS 1.3 and SSL - the current state of affairs |
| 2021-04-19/a> | Jan Kopriva | Hunting phishing websites with favicon hashes |
| 2021-04-16/a> | Xavier Mertens | HTTPS Support for All Internal Services |
| 2021-03-30/a> | Jan Kopriva | Old TLS versions - gone, but not forgotten... well, not really "gone" either |
| 2021-01-25/a> | Rob VandenBrink | Fun with NMAP NSE Scripts and DOH (DNS over HTTPS) |
| 2021-01-15/a> | Guy Bruneau | Obfuscated DNS Queries |
| 2020-12-30/a> | Jan Kopriva | TLS 1.3 is now supported by about 1 in every 5 HTTPS servers |
| 2020-08-01/a> | Jan Kopriva | What pages do bad bots look for? |
| 2020-03-02/a> | Jan Kopriva | Secure vs. cleartext protocols - couple of interesting stats |
| 2019-08-14/a> | Brad Duncan | Recent example of MedusaHTTP malware |
| 2019-01-21/a> | Didier Stevens | Suspicious GET Request: Do You Know What This Is? |
| 2017-12-03/a> | Xavier Mertens | StartSSL: Termination of Services is Now Scheduled |
| 2017-08-18/a> | Guy Bruneau | tshark 2.4 New Feature - Command Line Export Objects |
| 2017-05-05/a> | Xavier Mertens | HTTP Headers... the Achilles' heel of many applications |
| 2016-07-18/a> | Johannes Ullrich | HTTP Proxy Header Vulnerability ("httpoxy") |
| 2016-07-05/a> | Johannes Ullrich | Apache Update: TLS Certificate Authentication Bypass with HTTP/2 (CVE-2016-4979) |
| 2016-06-15/a> | Richard Porter | Warp Speed Ahead, L7 Open Source Packet Generator: Warp17 |
| 2016-01-19/a> | Rob VandenBrink | Powershell and HTTPS ? It Ain?t All Rainbows And Lollipops! (or is it?) |
| 2015-06-23/a> | Kevin Shortt | XOR DDOS Mitigation and Analysis |
| 2015-04-15/a> | Johannes Ullrich | MS15-034: HTTP.sys (IIS) DoS And Possible Remote Code Execution. PATCH NOW |
| 2014-04-07/a> | Johannes Ullrich | Attack or Bad Link? Your Guess? |
| 2013-12-11/a> | Johannes Ullrich | Browser Fingerprinting via SSL Client Hello Messages |
| 2013-11-15/a> | Johannes Ullrich | The Security Impact of HTTP Caching Headers |
| 2013-07-16/a> | Johannes Ullrich | Why don't we see more examples of web app attacks via POST? |
| 2013-02-22/a> | Chris Mohan | PHP 5.4.12 and PHP 5.3.22 released http://www.php.net/ChangeLog-5.php |
| 2013-02-06/a> | Johannes Ullrich | HTTP Range Header and Partial Downloads |
| 2012-05-29/a> | Johannes Ullrich | Speeding up the Web and your IDS / Firewall |
| 2012-02-08/a> | Jim Clausing | Chrome to stop checking Certificate Revocation List (CRL)? |
| 2011-07-13/a> | Guy Bruneau | New Sguil HTTPRY Agent |
| 2011-07-10/a> | Raul Siles | Security Testing SSL/TLS (HTTPS) Implementations |
| 2011-06-29/a> | Johannes Ullrich | Random SSL Tips and Tricks |
| 2011-03-16/a> | Johannes Ullrich | Analyzing HTTP Packet Captures |
| 2011-02-15/a> | Jason Lam | HTTP headers fun |
| 2010-07-30/a> | Guy Bruneau | Web Traffic Analysis with httpry |
| 2010-01-25/a> | William Salusky | "Bots and Spiders and Crawlers, be gone!" - or - "New Open Source WebAppSec tools, Huzzah!" |
HEADER |
| 2025-03-27/a> | Johannes Ullrich | Sitecore "thumbnailsaccesstoken" Deserialization Scans (and some new reports) CVE-2025-27218 |
| 2025-03-23/a> | Johannes Ullrich | Let's Talk About HTTP Headers. |
| 2017-05-05/a> | Xavier Mertens | HTTP Headers... the Achilles' heel of many applications |
| 2015-09-28/a> | Johannes Ullrich | "Transport of London" Malicious E-Mail |
| 2014-02-21/a> | Johannes Ullrich | UPS Malware Spam Using Fake SPF Headers |
| 2013-08-25/a> | Johannes Ullrich | When does your browser send a "Referer" header (or not)? |
| 2011-07-10/a> | Raul Siles | Security Testing SSL/TLS (HTTPS) Implementations |
| 2011-02-15/a> | Jason Lam | HTTP headers fun |
