Internet Storm Center
Sign In
Sign Up
Handler on Duty:
Xavier Mertens
Threat Level:
green
Date
Author
Title
2024-11-22
Xavier Mertens
An Infostealer Searching for « BIP-0039 » Data
2024-11-19
Xavier Mertens
Detecting the Presence of a Debugger in Linux
2024-11-07
Xavier Mertens
Steam Account Checker Poisoned with Infostealer
2024-11-06
Jesse La Grew
[Guest Diary] Insights from August Web Traffic Surge
2024-11-05
Xavier Mertens
Python RAT with a Nice Screensharing Feature
2024-10-15
Johannes Ullrich
A Network Nerd's Take on Emergency Preparedness
2024-10-09
Xavier Mertens
From Perfctl to InfoStealer
2024-10-03
Guy Bruneau
Kickstart Your DShield Honeypot [Guest Diary]
2024-09-25
Guy Bruneau
OSINT - Image Analysis or More Where, When, and Metadata [Guest Diary]
2024-09-18
Xavier Mertens
Python Infostealer Patching Windows Exodus App
2024-09-17
Xavier Mertens
23:59, Time to Exfiltrate!
2024-09-16
Xavier Mertens
Managing PE Files With Overlays
2024-09-11
Guy Bruneau
Hygiene, Hygiene, Hygiene! [Guest Diary]
2024-09-04
Guy Bruneau
Attack Surface [Guest Diary]
2024-08-30
Jesse La Grew
Simulating Traffic With Scapy
2024-08-27
Xavier Mertens
Why Is Python so Popular to Infect Windows Hosts?
2024-08-27
Guy Bruneau
Vega-Lite with Kibana to Parse and Display IP Activity over Time
2024-08-26
Xavier Mertens
From Highly Obfuscated Batch File to XWorm and Redline
2024-08-22
Johannes Ullrich
OpenAI Scans for Honeypots. Artificially Malicious? Action Abuse?
2024-08-20
Guy Bruneau
Mapping Threats with DNSTwist and the Internet Storm Center [Guest Diary]
2024-08-19
Xavier Mertens
Do you Like Donuts? Here is a Donut Shellcode Delivered Through PowerShell/Python
2024-08-14
Xavier Mertens
Multiple Malware Dropped Through MSI Package
2024-08-07
Guy Bruneau
Same Scripts, Different Day: What My DShield Honeypot Taught Me About the Importance of Security Fundamentals [Guest Diary]
2024-07-26
Xavier Mertens
ExelaStealer Delivered "From Russia With Love"
2024-07-25
Xavier Mertens
XWorm Hidden With Process Hollowing
2024-07-24
Xavier Mertens
"Mouse Logger" Malicious Python Script
2024-07-16
Jan Kopriva
"Reply-chain phishing" with a twist
2024-07-16
Guy Bruneau
Who You Gonna Call? AndroxGh0st Busters! [Guest Diary]
2024-07-01
Johannes Ullrich
SSH "regreSSHion" Remote Code Execution Vulnerability in OpenSSH.
2024-06-26
Guy Bruneau
What Setting Live Traps for Cybercriminals Taught Me About Security [Guest Diary]
2024-06-17
Xavier Mertens
New NetSupport Campaign Delivered Through MSIX Packages
2024-06-13
Guy Bruneau
The Art of JQ and Command-line Fu [Guest Diary]
2024-06-06
Xavier Mertens
Malicious Python Script with a "Best Before" Date
2024-06-03
Didier Stevens
A Wireshark Lua Dissector for Fixed Field Length Protocols
2024-05-30
Xavier Mertens
Feeding MISP with OSSEC
2024-05-28
Guy Bruneau
Is that It? Finding the Unknown: Correlations Between Honeypot Logs & PCAPs [Guest Diary]
2024-05-22
Guy Bruneau
Analysis of ?redtail? File Uploads to ICS Honeypot, a Multi-Architecture Coin Miner [Guest Diary]
2024-05-15
Rob VandenBrink
Got MFA? If not, Now is the Time!
2024-05-08
Xavier Mertens
Analyzing Synology Disks on Linux
2024-04-29
Guy Bruneau
Linux Trojan - Xorddos with Filename eyshcjdmzg
2024-04-25
Jesse La Grew
Does it matter if iptables isn't running on my honeypot?
2024-04-11
Yee Ching Tok
Evolution of Artificial Intelligence Systems and Ensuring Trustworthiness
2024-04-07
Guy Bruneau
A Use Case for Adding Threat Hunting to Your Security Operations Team. Detecting Adversaries Abusing Legitimate Tools in A Customer Environment. [Guest Diary]
2024-03-31
Didier Stevens
Wireshark 4.2.4 Released
2024-03-29
Xavier Mertens
Quick Forensics Analysis of Apache logs
2024-03-28
Xavier Mertens
From JavaScript to AsyncRAT
2024-03-17
Guy Bruneau
Gamified Learning: Using Capture the Flag Challenges to Supplement Cybersecurity Training [Guest Diary]
2024-03-14
Jan Kopriva
Increase in the number of phishing messages pointing to IPFS and to R2 buckets
2024-03-13
Xavier Mertens
Using ChatGPT to Deobfuscate Malicious Scripts
2024-03-10
Guy Bruneau
What happens when you accidentally leak your AWS API keys? [Guest Diary]
2024-03-07
Jesse La Grew
[Guest Diary] AWS Deployment Risks - Configuration and Credential File Targeting
2024-03-03
Guy Bruneau
Capturing DShield Packets with a LAN Tap [Guest Diary]
2024-02-29
Jesse La Grew
[Guest Diary] Dissecting DarkGate: Modular Malware Delivery and Persistence as a Service.
2024-02-20
Xavier Mertens
Python InfoStealer With Dynamic Sandbox Detection
2024-02-08
Xavier Mertens
A Python MP3 Player with Builtin Keylogger Capability
2024-02-06
Jan Kopriva
Computer viruses are celebrating their 40th birthday (well, 54th, really)
2024-02-05
Jesse La Grew
Public Information and Email Spam
2024-01-26
Xavier Mertens
A Batch File With Multiple Payloads
2024-01-25
Xavier Mertens
Facebook AdsManager Targeted by a Python Infostealer
2024-01-24
Johannes Ullrich
How Bad User Interfaces Make Security Tools Harmful
2024-01-19
Xavier Mertens
macOS Python Script Replacing Wallet Applications with Rogue Apps
2024-01-07
Guy Bruneau
Suspicious Prometei Botnet Activity
2024-01-04
Jim Clausing
Wireshark updates
2024-01-03
Jan Kopriva
Interesting large and small malspam attachments from 2023
2023-12-22
Xavier Mertens
Shall We Play a Game?
2023-12-20
Guy Bruneau
How to Protect your Webserver from Directory Enumeration Attack ? Apache2 [Guest Diary]
2023-12-13
Guy Bruneau
T-shooting Terraform for DShield Honeypot in Azure [Guest Diary]
2023-11-25
Didier Stevens
Wireshark 4.2.0 Released
2023-11-18
Xavier Mertens
Quasar RAT Delivered Through Updated SharpLoader
2023-11-15
Xavier Mertens
Redline Dropped Through MSIX Package
2023-11-09
Xavier Mertens
Visual Examples of Code Injection
2023-11-01
Xavier Mertens
Malware Dropped Through a ZPAQ Archive
2023-10-31
Xavier Mertens
Multiple Layers of Anti-Sandboxing Techniques
2023-10-29
Guy Bruneau
Spam or Phishing? Looking for Credentials & Passwords
2023-10-28
Xavier Mertens
Size Matters for Many Security Controls
2023-10-20
Yee Ching Tok
VMware Releases Security Patches for Fusion, Workstation and Aria Operations for Logs
2023-10-18
Jesse La Grew
Hiding in Hex
2023-10-08
Didier Stevens
Wireshark 4.2.0 First Release Candidate
2023-10-07
Jim Clausing
Wireshark releases 2 updates in one day. Mac users especially will want the latest.
2023-10-03
Tom Webb
Are Local LLMs Useful in Incident Response?
2023-09-30
Xavier Mertens
Simple Netcat Backdoor in Python Script
2023-09-29
Xavier Mertens
Are You Still Storing Passwords In Plain Text Files?
2023-09-07
Johannes Ullrich
Fleezeware/Scareware Advertised via Facebook Tags; Available in Apple App Store
2023-09-05
Jesse La Grew
Common usernames submitted to honeypots
2023-09-02
Jesse La Grew
What is the origin of passwords submitted to honeypots?
2023-08-25
Xavier Mertens
Python Malware Using Postgresql for C2 Communications
2023-08-23
Xavier Mertens
More Exotic Excel Files Dropping AgentTesla
2023-08-22
Xavier Mertens
Have You Ever Heard of the Fernet Encryption Algorithm?
2023-08-21
Xavier Mertens
Quick Malware Triage With Inotify Tools
2023-08-20
Guy Bruneau
SystemBC Malware Activity
2023-08-18
Xavier Mertens
From a Zalando Phishing to a RAT
2023-08-11
Xavier Mertens
Show me All Your Windows!
2023-08-04
Xavier Mertens
Are Leaked Credentials Dumps Used by Attackers?
2023-08-03
Jan Kopriva
From small LNK to large malicious BAT file with zero VT score
2023-07-29
Xavier Mertens
Do Attackers Pay More Attention to IPv6?
2023-07-28
Xavier Mertens
ShellCode Hidden with Steganography
2023-07-26
Xavier Mertens
Suspicious IP Addresses Avoided by Malware Samples
2023-06-29
Brad Duncan
GuLoader- or DBatLoader/ModiLoader-style infection for Remcos RAT
2023-06-27
Xavier Mertens
The Importance of Malware Triage
2023-06-23
Xavier Mertens
Word Document with an Online Attached Template
2023-06-21
Yee Ching Tok
Analyzing a YouTube Sponsorship Phishing Mail and Malware Targeting Content Creators
2023-06-20
Xavier Mertens
Malicious Code Can Be Anywhere
2023-06-19
Xavier Mertens
Malware Delivered Through .inf File
2023-06-16
Xavier Mertens
Another RAT Delivered Through VBS
2023-05-30
Brad Duncan
Malspam pushes ModiLoader (DBatLoader) infection for Remcos RAT
2023-05-20
Xavier Mertens
Phishing Kit Collecting Victim's IP Address
2023-05-17
Xavier Mertens
Increase in Malicious RAR SFX files
2023-05-14
Guy Bruneau
VMware Aria Operations addresses multiple Local Privilege Escalations and a Deserialization issue
2023-05-07
Didier Stevens
Quickly Finding Encoded Payloads in Office Documents
2023-04-29
Didier Stevens
Wireshark 4.0.5 Released
2023-04-27
Johannes Ullrich
SANS.edu Research Journal: Volume 3
2023-04-07
Xavier Mertens
Detecting Suspicious API Usage with YARA Rules
2023-04-04
Johannes Ullrich
Analyzing the efile.com Malware "efail"
2023-03-31
Guy Bruneau
Using Linux grep and Windows findstr to Manipulate Files
2023-03-30
Xavier Mertens
Bypassing PowerShell Strong Obfuscation
2023-03-26
Didier Stevens
Extra: "String Obfuscation: Character Pair Reversal"
2023-03-18
Xavier Mertens
Old Backdoor, New Obfuscation
2023-03-09
Rob VandenBrink
Today I Learned .. a new thing about GREP
2023-03-01
Xavier Mertens
Python Infostealer Targeting Gamers
2023-02-21
Xavier Mertens
Phishing Page Branded with Your Corporate Website
2023-02-15
Rob VandenBrink
DNS Recon Redux - Zone Transfers (plus a time machine) for When You Can't do a Zone Transfer
2023-02-09
Xavier Mertens
A Backdoor with Smart Screenshot Capability
2023-02-06
Johannes Ullrich
APIs Used by Bots to Detect Public IP address
2023-02-04
Guy Bruneau
Assemblyline as a Malware Analysis Sandbox
2023-02-03
Jim Clausing
VMware workstation 17.0.1 fixes arbitrary file deletion issue - https://www.vmware.com/security/advisories/VMSA-2023-0003.html
2023-01-26
Tom Webb
Live Linux IR with UAC
2023-01-25
Xavier Mertens
A First Malicious OneNote Document
2023-01-22
Didier Stevens
Wireshark 4.0.3 Released
2023-01-16
Johannes Ullrich
PSA: Why you must run an ad blocker when using Google
2023-01-15
Johannes Ullrich
Elon Musk Themed Crypto Scams Flooding YouTube Today
2023-01-12
Russ McRee
Prowler v3: AWS & Azure security assessments
2023-01-06
Xavier Mertens
AutoIT Remains Popular in the Malware Landscape
2023-01-05
Brad Duncan
More Brazil malspam pushing Astaroth (Guildma) in January 2023
2023-01-02
Xavier Mertens
NetworkMiner 2.8 Released
2022-12-21
Guy Bruneau
DShield Sensor Setup in Azure
2022-12-18
Guy Bruneau
Infostealer Malware with Double Extension
2022-12-07
Jim Clausing
Wireshark 4.0.2 and 3.6.10 released
2022-11-28
Johannes Ullrich
Ukraine Themed Twitter Spam Pushing iOS Scareware
2022-11-24
Xavier Mertens
Attackers Keep Phishing Victims Under Stress
2022-11-19
Guy Bruneau
McAfee Fake Antivirus Phishing Campaign is Back!
2022-11-10
Xavier Mertens
Do you collect "Observables" or "IOCs"?
2022-11-09
Xavier Mertens
Another Script-Based Ransomware
2022-11-05
Guy Bruneau
Windows Malware with VHD Extension
2022-11-04
Xavier Mertens
Remcos Downloader with Unicode Obfuscation
2022-11-02
Brad Duncan
Who put the "Dark" in DarkVNC?
2022-11-02
Rob VandenBrink
Breakpoints in Burp
2022-10-24
Xavier Mertens
C2 Communications Through outlook.com
2022-10-21
Brad Duncan
sczriptzzbn inject pushes malware for NetSupport RAT
2022-10-18
Xavier Mertens
Python Obfuscation for Dummies
2022-10-17
Xavier Mertens
Fileless Powershell Dropper
2022-10-15
Guy Bruneau
Malware - Covid Vaccination Supplier Declaration
2022-10-10
Didier Stevens
Wireshark: Specifying a Protocol Stack Layer in Display Filters
2022-10-08
Didier Stevens
Wireshark 4.0.0 Released
2022-10-07
Xavier Mertens
Powershell Backdoor with DGA Capability
2022-10-07
Xavier Mertens
Critical Fortinet Vulnerability Ahead
2022-10-04
Johannes Ullrich
Credential Harvesting with Telegram API
2022-09-25
Didier Stevens
Downloading Samples From Takendown Domains
2022-09-24
Didier Stevens
Maldoc Analysis Info On MalwareBazaar
2022-09-23
Xavier Mertens
Kids Like Cookies, Malware Too!
2022-09-22
Xavier Mertens
RAT Delivered Through FODHelper
2022-09-21
Xavier Mertens
Phishing Campaigns Use Free Online Resources
2022-09-18
Didier Stevens
Video: Grep & Tail -f With Notepad++
2022-09-15
Xavier Mertens
Malicious Word Document with a Frameset
2022-09-14
Xavier Mertens
Easy Process Injection within Python
2022-09-11
Didier Stevens
Wireshark 3.6.8 and 4.0.0rc1 Released
2022-09-10
Guy Bruneau
Phishing Word Documents with Suspicious URL
2022-09-05
Didier Stevens
Quickie: Grep & Tail -f With Notepad++
2022-09-03
Didier Stevens
Video: James Webb JPEG With Malware
2022-09-02
Didier Stevens
James Webb JPEG With Malware
2022-08-31
Johannes Ullrich
Underscores and DNS: The Privacy Story
2022-08-30
Johannes Ullrich
Two things that will never die: bash scripts and IRC!
2022-08-26
Guy Bruneau
HTTP/2 Packet Analysis with Wireshark
2022-08-22
Xavier Mertens
32 or 64 bits Malware?
2022-08-14
Johannes Ullrich
Realtek SDK SIP ALG Vulnerability: A Big Deal, but not much you can do about it. CVE 2022-27255
2022-08-10
Johannes Ullrich
And Here They Come Again: DNS Reflection Attacks
2022-08-03
Johannes Ullrich
l9explore and LeakIX Internet wide recon scans.
2022-07-30
Didier Stevens
Wireshark 3.6.7 Released
2022-07-29
Johannes Ullrich
PDF Analysis Intro and OpenActions Entries
2022-07-26
Xavier Mertens
How is Your macOS Security Posture?
2022-07-25
Xavier Mertens
PowerShell Script with Fileless Capability
2022-07-22
Yee Ching Tok
An Analysis of a Discerning Phishing Website
2022-07-20
Xavier Mertens
Malicious Python Script Behaving Like a Rubber Ducky
2022-07-13
Xavier Mertens
Using Referers to Detect Phishing Attacks
2022-07-08
Johannes Ullrich
ISC Website Redesign
2022-06-25
Xavier Mertens
Malicious Code Passed to PowerShell via the Clipboard
2022-06-23
Xavier Mertens
FLOSS 2.0 Has Been Released
2022-06-22
Xavier Mertens
Malicious PowerShell Targeting Cryptocurrency Browser Extensions
2022-06-19
Didier Stevens
Wireshark 3.6.6 Released
2022-06-16
Xavier Mertens
Houdini is Back Delivered Through a JavaScript Dropper
2022-06-15
Johannes Ullrich
Terraforming Honeypots. Installing DShield Sensors in the Cloud
2022-06-04
Guy Bruneau
Spam Email Contains a Very Large ISO file
2022-06-03
Xavier Mertens
Sandbox Evasion... With Just a Filename!
2022-06-02
Johannes Ullrich
Quick Answers in Incident Response: RECmd.exe
2022-05-31
Xavier Mertens
First Exploitation of Follina Seen in the Wild
2022-05-29
Didier Stevens
Extracting The Overlay Of A PE File
2022-05-28
Didier Stevens
Huge Signed PE File: Keeping The Signature
2022-05-26
Didier Stevens
Huge Signed PE File
2022-05-25
Rob VandenBrink
Using NMAP to Assess Hosts in Load Balanced Clusters
2022-05-20
Xavier Mertens
A 'Zip Bomb' to Bypass Security Controls & Sandboxes
2022-05-19
Brad Duncan
Bumblebee Malware from TransferXL URLs
2022-05-15
Didier Stevens
Wireshark 3.6.5 Released
2022-05-11
Brad Duncan
TA578 using thread-hijacked emails to push ISO files for Bumblebee malware
2022-05-07
Guy Bruneau
Phishing PDF Received in my ISC Mailbox
2022-05-06
Jan Kopriva
What is the simplest malware in the world?
2022-05-05
Brad Duncan
Password-protected Excel spreadsheet pushes Remcos RAT
2022-05-03
Johannes Ullrich
Some Honeypot Updates
2022-04-29
Rob VandenBrink
Using Passive DNS sources for Reconnaissance and Enumeration
2022-04-27
Jan Kopriva
MITRE ATT&CK v11 - a small update that can help (not just) with detection engineering
2022-04-23
Guy Bruneau
Are Roku Streaming Devices Safe from Exploitation?
2022-04-21
Xavier Mertens
Multi-Cryptocurrency Clipboard Swapper
2022-04-06
Brad Duncan
Windows MetaStealer Malware
2022-04-04
Johannes Ullrich
Emptying the Phishtank: Are WordPress sites the Mosquitoes of the Internet?
2022-03-27
Didier Stevens
Wireshark 3.6.3 Released
2022-03-26
Guy Bruneau
Is buying Cyber Insurance a Must Now?
2022-03-25
Xavier Mertens
XLSB Files: Because Binary is Stealthier Than XML
2022-03-24
Xavier Mertens
Malware Delivered Through Free Sharing Tool
2022-03-23
Brad Duncan
Arkei Variants: From Vidar to Mars Stealer
2022-03-22
Johannes Ullrich
Statement by President Biden: What you need to do (or not do)
2022-03-15
Xavier Mertens
Clean Binaries with Suspicious Behaviour
2022-03-12
Didier Stevens
ICMP Messages: Original Datagram Field
2022-03-11
Xavier Mertens
Keep an Eye on WebSockets
2022-03-10
Xavier Mertens
Credentials Leaks on VirusTotal
2022-03-09
Xavier Mertens
Infostealer in a Batch File
2022-03-07
Johannes Ullrich
No Bitcoin - No Problem: Follow Up to Last Weeks Donation Scam
2022-03-06
Didier Stevens
Video: TShark & Multiple IP Addresses
2022-03-04
Johannes Ullrich
Scam E-Mail Impersonating Red Cross
2022-02-22
Xavier Mertens
A Good Old Equation Editor Vulnerability Delivering Malware
2022-02-19
Didier Stevens
Wireshark 3.6.2 Released
2022-02-18
Xavier Mertens
Remcos RAT Delivered Through Double Compressed Archive
2022-02-13
Guy Bruneau
DHL Spear Phishing to Capture Username/Password
2022-02-11
Xavier Mertens
CinaRAT Delivered Through HTML ID Attributes
2022-02-02
Johannes Ullrich
Finding elFinder: Who is looking for your files?
2022-01-29
Guy Bruneau
SIEM In this Decade, Are They Better than the Last?
2022-01-20
Xavier Mertens
RedLine Stealer Delivered Through FTP
2022-01-16
Guy Bruneau
10 Most Popular Targeted Ports in the Past 3 Weeks
2022-01-08
Didier Stevens
TShark & jq
2022-01-07
Xavier Mertens
Custom Python RAT Builder
2022-01-06
Xavier Mertens
Malicious Python Script Targeting Chinese People
2022-01-05
Xavier Mertens
Code Reuse In the Malware Landscape
2022-01-01
Didier Stevens
Expect Regressions
2021-12-26
Didier Stevens
Quicktip: TShark's Options -e and -T
2021-12-25
Didier Stevens
TShark Tip: Extracting Field Values From Capture Files
2021-12-22
Brad Duncan
December 2021 Forensic Contest: Answers and Analysis
2021-12-21
Xavier Mertens
More Undetected PowerShell Dropper
2021-12-17
Rob VandenBrink
DR Automation - Using Public DNS APIs
2021-12-15
Xavier Mertens
Simple but Undetected PowerShell Backdoor
2021-12-08
Brad Duncan
December 2021 Forensic Challenge
2021-12-06
Xavier Mertens
The Importance of Out-of-Band Networks
2021-12-04
Guy Bruneau
A Review of Year 2021
2021-12-03
Xavier Mertens
The UPX Packer Will Never Die!
2021-12-02
Brad Duncan
TA551 (Shathak) pushes IcedID (Bokbot)
2021-11-30
Johannes Ullrich
Hunting for PHPUnit Installed via Composer
2021-11-29
Didier Stevens
Wireshark 3.6.0 Released
2021-11-19
Xavier Mertens
Downloader Disguised as Excel Add-In (XLL)
2021-11-18
Xavier Mertens
JavaScript Downloader Delivers Agent Tesla Trojan
2021-11-08
Xavier Mertens
(Ab)Using Security Tools & Controls for the Bad
2021-11-04
Brad Duncan
October 2021 Forensic Contest: Answers and Analysis
2021-11-04
Tom Webb
Xmount for Disk Images
2021-10-22
Brad Duncan
October 2021 Contest: Forensic Challenge
2021-10-21
Brad Duncan
"Stolen Images Evidence" campaign pushes Sliver-based malware
2021-10-16
Guy Bruneau
Apache is Actively Scan for CVE-2021-41773 & CVE-2021-42013
2021-10-10
Didier Stevens
Wireshark 3.4.9 Released
2021-10-01
Xavier Mertens
New Tool to Add to Your LOLBAS List: cvtres.exe
2021-09-23
Xavier Mertens
Excel Recipe: Some VBA Code with a Touch of Excel4 Macro
2021-09-21
Johannes Ullrich
A First Look at Apple's iOS 15 "Private Relay" feature.
2021-09-20
Johannes Ullrich
#OMIGOD Exploits Captured in the Wild. Researchers responsible for half of scans for related ports.
2021-09-16
Jan Kopriva
Phishing 101: why depend on one suspicious message subject when you can use many?
2021-09-09
Johannes Ullrich
Updates to Our Datafeeds/API
2021-09-01
Brad Duncan
STRRAT: a Java-based RAT that doesn't care if you have Java
2021-08-30
Xavier Mertens
Cryptocurrency Clipboard Swapper Delivered With Love
2021-08-20
Xavier Mertens
Waiting for the C2 to Show Up
2021-08-19
Johannes Ullrich
When Lightning Strikes. What works and doesn't work.
2021-08-15
Didier Stevens
Simple Tips For Triage Of MALWARE Bazaar's Daily Malware Batches
2021-08-13
Guy Bruneau
Scanning for Microsoft Exchange eDiscovery
2021-08-07
Didier Stevens
MALWARE Bazaar "Download daily malware batches"
2021-08-06
Xavier Mertens
Malicious Microsoft Word Remains A Key Infection Vector
2021-07-30
Xavier Mertens
Infected With a .reg File
2021-07-29
Xavier Mertens
Malicious Content Delivered Through archive.org
2021-07-25
Didier Stevens
Wireshark 3.4.7 Released
2021-07-24
Xavier Mertens
Agent.Tesla Dropped via a .daa Image and Talking to Telegram
2021-07-16
Xavier Mertens
Multiple BaseXX Obfuscations
2021-07-06
Xavier Mertens
Python DLL Injection Check
2021-07-02
Xavier Mertens
"inception.py"... Multiple Base64 Encodings
2021-07-02
Xavier Mertens
Kaseya VSA Users Hit by Ransomware
2021-06-30
Johannes Ullrich
CVE-2021-1675: Incomplete Patch and Leaked RCE Exploit
2021-06-30
Brad Duncan
June 2021 Forensic Contest: Answers and Analysis
2021-06-25
Jim Clausing
Is this traffic bAD?
2021-06-21
Rick Wanner
Mitre CWE - Common Weakness Enumeration
2021-06-18
Daniel Wesemann
Network Forensics on Azure VMs (Part #2)
2021-06-18
Daniel Wesemann
Open redirects ... and why Phishers love them
2021-06-17
Daniel Wesemann
Network Forensics on Azure VMs (Part #1)
2021-06-11
Xavier Mertens
Keeping an Eye on Dangerous Python Modules
2021-06-09
Jan Kopriva
Architecture, compilers and black magic, or "what else affects the ability of AVs to detect malicious files"
2021-06-04
Xavier Mertens
Russian Dolls VBS Obfuscation
2021-06-02
Jim Clausing
Wireshark 3.4.6 (and 3.2.14) released
2021-05-30
Didier Stevens
Sysinternals: Procmon, Sysmon, TcpView and Process Explorer update
2021-05-29
Guy Bruneau
Spear-phishing Email Targeting Outlook Mail Clients
2021-05-28
Xavier Mertens
Malicious PowerShell Hosted on script.google.com
2021-05-27
Jan Kopriva
All your Base are...nearly equal when it comes to AV evasion, but 64-bit executables are not
2021-05-21
Xavier Mertens
Locking Kernel32.dll As Anti-Debugging Technique
2021-05-19
Brad Duncan
May 2021 Forensic Contest: Answers and Analysis
2021-05-18
Xavier Mertens
From RunDLL32 to JavaScript then PowerShell
2021-05-17
Daniel Wesemann
Ransomware Defenses
2021-05-14
Xavier Mertens
"Open" Access to Industrial Systems Interface is Also Far From Zero
2021-05-10
Johannes Ullrich
Correctly Validating IP Addresses: Why encoding matters for input validation.
2021-05-08
Guy Bruneau
Who is Probing the Internet for Research Purposes?
2021-05-07
Daniel Wesemann
Exposed Azure Storage Containers
2021-05-06
Xavier Mertens
Alternative Ways To Perform Basic Tasks
2021-05-05
Brad Duncan
May 2021 Forensic Contest
2021-05-02
Didier Stevens
PuTTY And FileZilla Use The Same Fingerprint Registry Keys
2021-04-30
Remco Verhoef
Qiling: A true instrumentable binary emulation framework
2021-04-29
Xavier Mertens
From Python to .Net
2021-04-28
Xavier Mertens
Deeper Analyzis of my Last Malicious PowerPoint Add-On
2021-04-25
Didier Stevens
Wireshark 3.4.5 Released
2021-04-23
Xavier Mertens
Malicious PowerPoint Add-On: "Small Is Beautiful"
2021-04-09
Xavier Mertens
No Python Interpreter? This Simple RAT Installs Its Own Copy
2021-04-08
Xavier Mertens
Simple Powershell Ransomware Creating a 7Z Archive of your Files
2021-04-06
Jan Kopriva
Malspam with Lokibot vs. Outlook and RFCs
2021-04-02
Xavier Mertens
C2 Activity: Sandboxes or Real Victims?
2021-04-01
Brad Duncan
April 2021 Forensic Quiz
2021-03-31
Xavier Mertens
Quick Analysis of a Modular InfoStealer
2021-03-19
Xavier Mertens
Pastebin.com Used As a Simple C2 Channel
2021-03-18
Xavier Mertens
Simple Python Keylogger
2021-03-17
Xavier Mertens
Defenders, Know Your Operating System Like Attackers Do!
2021-03-16
Jan Kopriva
50 years of malware? Not really. 50 years of computer worms? That's a different story...
2021-03-14
Didier Stevens
Wireshark 3.4.4 Released
2021-03-06
Xavier Mertens
Spotting the Red Team on VirusTotal!
2021-03-04
Xavier Mertens
From VBS, PowerShell, C Sharp, Process Hollowing to RAT
2021-02-25
Daniel Wesemann
Forensicating Azure VMs
2021-02-24
Brad Duncan
Malspam pushes GuLoader for Remcos RAT
2021-02-20
Didier Stevens
Quickie: Extracting HTTP URLs With tshark
2021-02-19
Xavier Mertens
Dynamic Data Exchange (DDE) is Back in the Wild?
2021-02-15
Johannes Ullrich
Securing and Optimizing Networks: Using pfSense Traffic Shaper Limiters to Combat Bufferbloat
2021-02-14
Didier Stevens
Video: tshark & Malware Analysis
2021-02-13
Guy Bruneau
vSphere Replication updates address a command injection vulnerability (CVE-2021-21976) - https://www.vmware.com/security/advisories/VMSA-2021-0001.html
2021-02-13
Guy Bruneau
Using Logstash to Parse IPtables Firewall Logs
2021-02-12
Xavier Mertens
AgentTesla Dropped Through Automatic Click in Microsoft Help File
2021-02-11
Jan Kopriva
Agent Tesla hidden in a historical anti-malware tool
2021-02-08
Didier Stevens
Quickie: tshark & Malware Analysis
2021-02-03
Brad Duncan
Excel spreadsheets push SystemBC malware
2021-02-02
Xavier Mertens
New Example of XSL Script Processing aka "Mitre T1220"
2021-02-01
Rob VandenBrink
Taking a Shot at Reverse Shell Attacks, CNC Phone Home and Data Exfil from Servers
2021-01-30
Guy Bruneau
Wireshark 3.2.11 is now available which contains Bug Fixes - https://www.wireshark.org
2021-01-22
Xavier Mertens
Another File Extension to Block in your MTA: .jnlp
2021-01-21
Xavier Mertens
Powershell Dropping a REvil Ransomware
2021-01-04
Jan Kopriva
From a small BAT file to Mass Logger infostealer
2021-01-02
Guy Bruneau
Protecting Home Office and Enterprise in 2021
2020-12-29
Jan Kopriva
Want to know what's in a folder you don't have a permission to access? Try asking your AV solution...
2020-12-24
Xavier Mertens
Malicious Word Document Delivering an Octopus Backdoor
2020-12-22
Xavier Mertens
Malware Victim Selection Through WiFi Identification
2020-12-20
Didier Stevens
Wireshark 3.4.2 Released
2020-12-16
Daniel Wesemann
DNS Logs in Public Clouds
2020-12-15
Didier Stevens
Analyzing FireEye Maldocs
2020-12-13
Didier Stevens
Wireshark 3.4.1 Released
2020-12-08
Johannes Ullrich
December 2020 Microsoft Patch Tuesday: Exchange, Sharepoint, Dynamics and DNS Spoofing
2020-12-05
Guy Bruneau
Is IP 91.199.118.137 testing Access to aahwwx.52host.xyz?
2020-12-04
Guy Bruneau
Detecting Actors Activity with Threat Intel
2020-12-03
Brad Duncan
Traffic Analysis Quiz: Mr Natural
2020-11-25
Xavier Mertens
Live Patching Windows API Calls Using PowerShell
2020-11-24
Johannes Ullrich
The special case of TCP RST
2020-11-23
Didier Stevens
Quick Tip: Cobalt Strike Beacon Analysis
2020-11-18
Xavier Mertens
When Security Controls Lead to Security Issues
2020-11-12
Daniel Wesemann
Exposed Blob Storage in Azure
2020-11-12
Daniel Wesemann
Preventing Exposed Azure Blob Storage
2020-11-09
Xavier Mertens
How Attackers Brush Up Their Malicious Scripts
2020-11-06
Johannes Ullrich
Rediscovering Limitations of Stateful Firewalls: "NAT Slipstreaming" ? Implications, Detections and Mitigations
2020-11-05
Xavier Mertens
Did You Spot "Invoke-Expression"?
2020-10-25
Didier Stevens
Video: Pascal Strings
2020-10-21
Daniel Wesemann
Shipping dangerous goods
2020-10-07
Johannes Ullrich
Today, Nobody is Going to Attack You.
2020-10-01
Daniel Wesemann
Making sense of Azure AD (AAD) activity logs
2020-09-30
Johannes Ullrich
Scans for FPURL.xml: Reconnaissance or Not?
2020-09-29
Xavier Mertens
Managing Remote Access for Partners & Contractors
2020-09-27
Didier Stevens
Wireshark 3.2.7 Released
2020-09-24
Xavier Mertens
Party in Ibiza with PowerShell
2020-09-23
Xavier Mertens
Malicious Word Document with Dynamic Content
2020-09-18
Xavier Mertens
A Mix of Python & VBA in a Malicious Word Document
2020-09-17
Xavier Mertens
Suspicious Endpoint Containment with OSSEC
2020-09-15
Brad Duncan
Traffic Analysis Quiz: Oh No... Another Infection!
2020-09-09
Johannes Ullrich
A First Look at macOS 11 Big Sur Network Traffic (New! Now with more GREASE!)
2020-09-04
Jan Kopriva
A blast from the past - XXEncoded VB6.0 Trojan
2020-09-03
Xavier Mertens
Sandbox Evasion Using NTP
2020-08-28
Xavier Mertens
Example of Malicious DLL Injected in PowerShell
2020-08-26
Xavier Mertens
Malicious Excel Sheet with a NULL VT Score
2020-08-24
Xavier Mertens
Tracking A Malware Campaign Through VT
2020-08-22
Guy Bruneau
VMware App Volumes patches address Stored Cross-Site Scripting (XSS) vulnerability - https://www.vmware.com/security/advisories/VMSA-2020-0019.html
2020-08-22
Guy Bruneau
Remote Desktop (TCP/3389) and Telnet (TCP/23), What might they have in Common?
2020-08-19
Xavier Mertens
Example of Word Document Delivering Qakbot
2020-08-18
Xavier Mertens
Using API's to Track Attackers
2020-08-15
Didier Stevens
Wireshark 3.2.6 Released
2020-08-14
Jan Kopriva
Definition of 'overkill' - using 130 MB executable to hide 24 kB malware
2020-08-12
Russ McRee
To the Brim at the Gates of Mordor Pt. 1
2020-08-06
Xavier Mertens
A Fork of the FTCode Powershell Ransomware
2020-08-05
Brad Duncan
Traffic Analysis Quiz: What's the Malware From This Infection?
2020-08-04
Johannes Ullrich
Reminder: Patch Cisco ASA / FTD Devices (CVE-2020-3452). Exploitation Continues
2020-08-04
Johannes Ullrich
Internet Choke Points: Concentration of Authoritative Name Servers
2020-07-31
Richard Porter
Building a .freq file with Public Domain Data Sources
2020-07-24
Xavier Mertens
Compromized Desktop Applications by Web Technologies
2020-07-16
John Bambenek
Hunting for SigRed Exploitation
2020-07-15
Brad Duncan
Word docs with macros for IcedID (Bokbot)
2020-07-15
Johannes Ullrich
PATCH NOW - SIGRed - CVE-2020-1350 - Microsoft DNS Server Vulnerability
2020-07-11
Guy Bruneau
VMware XPC Client validation privilege escalation vulnerability - https://www.vmware.com/security/advisories/VMSA-2020-0017.html
2020-07-10
Brad Duncan
Excel spreasheet macro kicks off Formbook infection
2020-07-08
Xavier Mertens
If You Want Something Done Right, You Have To Do It Yourself... Malware Too!
2020-07-04
Russ McRee
Happy FouRth of July from the Internet Storm Center
2020-06-19
Remco Verhoef
Sigma rules! The generic signature format for SIEM systems.
2020-06-15
Rick Wanner
VMWare Security Advisory - VMSA-2020-0013 - https://www.vmware.com/security/advisories/VMSA-2020-0013.html
2020-06-13
Guy Bruneau
Mirai Botnet Activity
2020-06-04
Xavier Mertens
Anti-Debugging Technique based on Memory Protection
2020-06-01
Jim Clausing
Stackstrings, type 2
2020-05-31
Guy Bruneau
Windows 10 Built-in Packet Sniffer - PktMon
2020-05-29
Johannes Ullrich
The Impact of Researchers on Our Data
2020-05-24
Didier Stevens
Wireshark 3.2.4 Released
2020-05-23
Xavier Mertens
AgentTesla Delivered via a Malicious PowerPoint Add-In
2020-05-21
Xavier Mertens
Malware Triage with FLOSS: API Calls Based Behavior
2020-05-20
Brad Duncan
Microsoft Word document with malicious macro pushes IcedID (Bokbot)
2020-05-19
Rick Wanner
Wireshark Release - 2.6.17, 3.0.11 and 3.2.4 - https://www.wireshark.org/news/20200519.html
2020-05-19
Rick Wanner
VMWare Security Advisory - VMSA-2020-0010 - https://www.vmware.com/security/advisories/VMSA-2020-0010.html
2020-05-09
Rick Wanner
VMWare vRealize Critical vulnerabilities due to SaltStack - VMSA-2020-0009
2020-05-06
Xavier Mertens
Keeping an Eye on Malicious Files Life Time
2020-05-05
Russ McRee
Cloud Security Features Don't Replace the Need for Personnel Security Capabilities
2020-04-27
Xavier Mertens
Powershell Payload Stored in a PSCredential Object
2020-04-25
Didier Stevens
MALWARE Bazaar
2020-04-24
Xavier Mertens
Malicious Excel With a Strong Obfuscation and Sandbox Evasion
2020-04-20
Didier Stevens
KPOT AutoIt Script: Analysis
2020-04-17
Xavier Mertens
Weaponized RTF Document Generator & Mailer in PowerShell
2020-04-12
Didier Stevens
Reader Analysis: "Dynamic analysis technique to get decrypted KPOT Malware."
2020-04-11
Didier Stevens
Wireshark 3.2.3 Released: Mac Users Pay Attention Please
2020-04-10
Xavier Mertens
PowerShell Sample Extracting Payload From SSL
2020-04-10
Scott Fendley
Critical Vuln in vCenter vmdir (CVE-2020-3952)
2020-04-03
Xavier Mertens
Obfuscated with a Simple 0x0A
2020-03-31
Johannes Ullrich
Kwampirs Targeted Attacks Involving Healthcare Sector
2020-03-27
Xavier Mertens
Malicious JavaScript Dropping Payload in the Registry
2020-03-26
Xavier Mertens
Very Large Sample as Evasion Technique?
2020-03-23
Didier Stevens
KPOT Deployed via AutoIt Script
2020-03-22
Didier Stevens
More COVID-19 Themed Malware
2020-03-21
Guy Bruneau
Honeypot - Scanning and Targeting Devices & Services
2020-03-19
Xavier Mertens
COVID-19 Themed Multistage Malware
2020-03-14
Didier Stevens
Phishing PDF With Incremental Updates.
2020-03-11
Xavier Mertens
Agent Tesla Delivered via Fake Canon EOS Notification on Free OwnCloud Account
2020-03-07
Didier Stevens
Wireshark 3.2.2 Released: Windows' Users Pay Attention Please
2020-03-06
Xavier Mertens
A Safe Excel Sheet Not So Safe
2020-03-03
Johannes Ullrich
Introduction to EvtxEcmd (Evtx Explorer)
2020-02-27
Xavier Mertens
Offensive Tools Are For Blue Teams Too
2020-02-25
Jan Kopriva
Quick look at a couple of current online scam campaigns
2020-02-21
Xavier Mertens
Quick Analysis of an Encrypted Compound Document Format
2020-02-16
Guy Bruneau
SOAR or not to SOAR?
2020-02-14
Xavier Mertens
Keep an Eye on Command-Line Browsers
2020-02-07
Xavier Mertens
Sandbox Detection Tricks & Nice Obfuscation in a Single VBScript
2020-02-03
Jan Kopriva
Analysis of a triple-encrypted AZORult downloader
2020-02-01
Didier Stevens
Wireshark 3.2.1 Released
2020-01-25
Guy Bruneau
Is Threat Hunting the new Fad?
2020-01-16
Jan Kopriva
Picks of 2019 malware - the large, the small and the one full of null bytes
2020-01-10
Xavier Mertens
More Data Exfiltration
2020-01-09
Xavier Mertens
Quick Analyzis of a(nother) Maldoc
2020-01-06
Johannes Ullrich
Increase in Number of Sources January 3rd and 4th: spoofed
2020-01-02
Xavier Mertens
Ransomware in Node.js
2019-12-31
Johannes Ullrich
Some Thoughts About the Critical Citrix ADC/Gateway Vulnerability (CVE-2019-19781)
2019-12-24
Brad Duncan
Malspam with links to Word docs pushes IcedID (Bokbot)
2019-12-21
Didier Stevens
Wireshark 3.2.0 Released
2019-12-12
Xavier Mertens
Code & Data Reuse in the Malware Ecosystem
2019-12-08
Didier Stevens
Wireshark 3.0.7 Released
2019-11-29
Russ McRee
ISC Snapshot: Search with SauronEye
2019-11-23
Guy Bruneau
Local Malware Analysis with Malice
2019-11-22
Xavier Mertens
Abusing Web Filters Misconfiguration for Reconnaissance
2019-11-09
Guy Bruneau
Fake Netflix Update Request by Text
2019-11-08
Xavier Mertens
Microsoft Apps Diverted from Their Main Use
2019-10-27
Didier Stevens
Wireshark 3.0.6 Released
2019-10-25
Rob VandenBrink
More on DNS Archeology (with PowerShell)
2019-10-18
Xavier Mertens
Quick Malicious VBS Analysis
2019-10-03
Xavier Mertens
"Lost_Files" Ransomware
2019-09-26
Rob VandenBrink
Mining MAC Address and OUI Information
2019-09-24
Xavier Mertens
Huge Amount of remotewebaccess.com Sites Found in Certificate Transparency Logs
2019-09-21
Didier Stevens
Wireshark 3.0.5 Release: Potential Windows Crash when Updating
2019-09-19
Xavier Mertens
Agent Tesla Trojan Abusing Corporate Email Accounts
2019-08-30
Xavier Mertens
Malware Dropping a Local Node.js Instance
2019-08-28
Johannes Ullrich
[Guest Diary] Open Redirect: A Small But Very Common Vulnerability
2019-08-28
Xavier Mertens
Malware Samples Compiling Their Next Stage on Premise
2019-08-25
Guy Bruneau
Are there any Advantages of Buying Cyber Security Insurance?
2019-08-22
Xavier Mertens
Simple Mimikatz & RDPWrapper Dropper
2019-08-21
Russ McRee
KAPE: Kroll Artifact Parser and Extractor
2019-08-18
Didier Stevens
Video: Analyzing DAA Files
2019-08-16
Didier Stevens
The DAA File Format
2019-08-12
Didier Stevens
Malicious .DAA Attachments
2019-07-28
Didier Stevens
Video: Analyzing Compressed PowerShell Scripts
2019-07-24
Xavier Mertens
May People Be Considered as IOC?
2019-07-18
Xavier Mertens
Malicious PHP Script Back on Stage?
2019-07-16
Russ McRee
Commando VM: The Complete Mandiant Offensive VM
2019-07-11
Xavier Mertens
Russian Dolls Malicious Script Delivering Ursnif
2019-07-02
Xavier Mertens
Malicious Script With Multiple Payloads
2019-06-24
Johannes Ullrich
Extensive BGP Issues Affecting Cloudflare and possibly others
2019-06-18
Johannes Ullrich
What You Need To Know About TCP "SACK Panic"
2019-06-14
Jim Clausing
A few Ghidra tips for IDA users, part 4 - function call graphs
2019-06-10
Xavier Mertens
Interesting JavaScript Obfuscation Example
2019-05-29
Xavier Mertens
Behavioural Malware Analysis with Microsoft ASA
2019-05-20
Tom Webb
CVE-2019-0604 Attack
2019-05-16
Xavier Mertens
The Risk of Authenticated Vulnerability Scans
2019-05-13
Xavier Mertens
From Phishing To Ransomware?
2019-05-03
Jim Clausing
A few Ghidra tips for IDA users, part 3 - conversion, labels, and comments
2019-05-01
Xavier Mertens
Another Day, Another Suspicious UDF File
2019-04-19
Didier Stevens
Analyzing UDF Files with Python
2019-04-17
Jim Clausing
A few Ghidra tips for IDA users, part 2 - strings and parameters
2019-04-17
Xavier Mertens
Malware Sample Delivered Through UDF Image
2019-04-08
Jim Clausing
A few Ghidra tips for IDA users, part 1 - the decompiler/unreachable code
2019-04-05
Russ McRee
Beagle: Graph transforms for DFIR data & logs
2019-04-03
Jim Clausing
A few Ghidra tips for IDA users, part 0 - automatic comments for API call parameters
2019-04-01
Didier Stevens
Analysis of PDFs Created with OpenOffice/LibreOffice
2019-03-31
Didier Stevens
Maldoc Analysis of the Weekend by a Reader
2019-03-30
Didier Stevens
"404" is not Malware
2019-03-29
Remco Verhoef
Annotating Golang binaries with Cutter and Jupyter
2019-03-20
Rob VandenBrink
Using AD to find hosts that aren't in AD - fun with the [IPAddress] construct!
2019-03-18
Didier Stevens
Wireshark 3.0.0 and Npcap: Some Remarks
2019-03-17
Didier Stevens
Video: Maldoc Analysis: Excel 4.0 Macro
2019-03-16
Didier Stevens
Maldoc: Excel 4.0 Macros
2019-03-15
Remco Verhoef
Binary Analysis with Jupyter and Radare2
2019-03-14
Didier Stevens
Tip: Ghidra & ZIP Files
2019-03-11
Didier Stevens
Wireshark 3.0.0 and Npcap
2019-03-10
Didier Stevens
Malicious HTA Analysis by a Reader
2019-03-10
Didier Stevens
Quick and Dirty Malicious HTA Analysis
2019-03-08
Remco Verhoef
Analysing meterpreter payload with Ghidra
2019-03-06
Johannes Ullrich
March Edition of Ouch! Newsletter: Securely Disposing Mobile Devices https://www.sans.org/security-awareness-training/resources/disposing-your-mobile-device
2019-03-05
Rob VandenBrink
Powershell, Active Directory and the Windows Host Firewall
2019-02-27
Didier Stevens
Maldoc Analysis by a Reader
2019-02-20
Brad Duncan
More Russian language malspam pushing Shade (Troldesh) ransomware
2019-02-14
Xavier Mertens
Suspicious PDF Connecting to a Remote SMB Share
2019-02-14
Xavier Mertens
Old H-Worm Delivered Through GitHub
2019-01-30
Russ McRee
CR19-010: The United States vs. Huawei
2019-01-29
Johannes Ullrich
A Not So Well Done Phish (Why Attackers need to Implement IPv6 Now! ;-) )
2019-01-28
Bojan Zdrnja
Relaying Exchange?s NTLM authentication to domain admin (and more)
2019-01-22
Xavier Mertens
DNS Firewalling with MISP
2019-01-16
Brad Duncan
Emotet infections and follow-up malware
2019-01-10
Brad Duncan
Heartbreaking Emails: "Love You" Malspam
2019-01-06
Didier Stevens
Malicious .tar Attachments
2019-01-05
Didier Stevens
A Malicious JPEG? Second Example
2019-01-04
Didier Stevens
A Malicious JPEG?
2019-01-02
Xavier Mertens
Malicious Script Leaking Data via FTP
2018-12-19
Xavier Mertens
Restricting PowerShell Capabilities with NetSh
2018-12-19
Xavier Mertens
Microsoft OOB Patch for Internet Explorer: Scripting Engine Memory Corruption Vulnerability
2018-12-19
Xavier Mertens
Using OSSEC Active-Response as a DFIR Framework
2018-12-09
Didier Stevens
Quickie: String Analysis is Still Useful
2018-12-08
Didier Stevens
Reader Malware Submission: MHT File Inside a ZIP File
2018-12-01
Didier Stevens
Wireshark update 2.6.5 available
2018-11-29
Brad Duncan
Russian language malspam pushing Shade (Troldesh) ransomware
2018-11-27
Xavier Mertens
More obfuscated shell scripts: Fake MacOS Flash update
2018-11-26
Xavier Mertens
Obfuscated bash script targeting QNap boxes
2018-11-22
Xavier Mertens
Divided Payload in Multiple Pasties
2018-11-20
Xavier Mertens
Querying DShield from Cortex
2018-11-20
Xavier Mertens
VMware Affected by Dell EMC Avamar Vulnerability
2018-11-14
Brad Duncan
Day in the life of a researcher: Finding a wave of Trickbot malspam
2018-11-11
Pasquale Stirparo
Community contribution: joining forces or multiply solutions?
2018-11-06
Xavier Mertens
Malicious Powershell Script Dissection
2018-10-23
Xavier Mertens
Diving into Malicious AutoIT Code
2018-10-22
Xavier Mertens
Malicious Powershell using a Decoy Picture
2018-10-21
Didier Stevens
MSG Files: Compressed RTF
2018-10-21
Pasquale Stirparo
Beyond good ol’ LaunchAgent - part 0
2018-10-17
Russ McRee
VMSA-2018-0026 VMware ESXi, Workstation & Fusion updates address out-of-bounds read vulnerability https://www.vmware.com/security/advisories/VMSA-2018-0026.html
2018-10-17
Russ McRee
RedHunt Linux - Adversary Emulation, Threat Hunting & Intelligence
2018-10-12
Xavier Mertens
More Equation Editor Exploit Waves
2018-10-05
Jim Clausing
A strange spam
2018-09-28
Xavier Mertens
More Excel DDE Code Injection
2018-09-22
Didier Stevens
Suspicious DNS Requests ... Issued by a Firewall
2018-09-18
Rob VandenBrink
Using Certificate Transparency as an Attack / Defense Tool
2018-09-16
Didier Stevens
20/20 malware vision
2018-09-13
Xavier Mertens
Malware Delivered Through MHT Files
2018-09-05
Xavier Mertens
Malicious PowerShell Compiling C# Code on the Fly
2018-09-04
Rob VandenBrink
Let's Trade: You Read My Email, I'll Read Your Password!
2018-08-31
Jim Clausing
Quickie: Using radare2 to disassemble shellcode
2018-08-30
Xavier Mertens
Crypto Mining Is More Popular Than Ever!
2018-08-26
Didier Stevens
Identifying numeric obfuscation
2018-08-26
Didier Stevens
"When was this machine infected?"
2018-08-24
Xavier Mertens
Microsoft Publisher Files Delivering Malware
2018-08-21
Xavier Mertens
Malicious DLL Loaded Through AutoIT
2018-08-15
Brad Duncan
More malspam pushing password-protected Word docs for AZORult and Hermes Ransomware
2018-08-06
Didier Stevens
Numeric obfuscation: another example
2018-08-04
Didier Stevens
Dealing with numeric obfuscation in malicious scripts
2018-08-02
Brad Duncan
DHL-themed malspam reveals embedded malware in animated gif
2018-07-29
Guy Bruneau
Using RITA for Threat Analysis
2018-07-27
Brad Duncan
Malspam with password-protected Word docs pushes Hermes ransomware
2018-07-26
Xavier Mertens
Windows Batch File Deobfuscation
2018-07-09
Renato Marinho
Criminals Don't Read Instructions or Use Strong Passwords
2018-07-03
Didier Stevens
Progress indication for scripts on Windows
2018-06-29
Remco Verhoef
Crypto community target of MacOS malware
2018-06-25
Didier Stevens
Guilty by association
2018-06-13
Xavier Mertens
A Bunch of Compromized Wordpress Sites
2018-06-07
Remco Verhoef
Automated twitter loot collection
2018-06-05
Xavier Mertens
Malicious Post-Exploitation Batch File
2018-06-01
Remco Verhoef
Binary analysis with Radare2
2018-05-22
Guy Bruneau
VMware updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue - https://www.vmware.com/security/advisories/VMSA-2018-0012.html
2018-05-22
Xavier Mertens
Malware Distributed via .slk Files
2018-05-22
Xavier Mertens
VMware Workstation and Fusion updates address signature bypass and multiple denial-of-service vulnerabilities https://www.vmware.com/security/advisories/VMSA-2018-0013.html
2018-05-19
Xavier Mertens
Malicious Powershell Targeting UK Bank Customers
2018-05-09
Xavier Mertens
Nice Phishing Sample Delivering Trickbot
2018-05-07
Xavier Mertens
Adding Persistence Via Scheduled Tasks
2018-05-01
Xavier Mertens
Diving into a Simple Maldoc Generator
2018-04-28
Rick Wanner
Microsoft Security Update for Spectre V2
2018-03-08
Xavier Mertens
CRIMEB4NK IRC Bot
2018-03-05
Xavier Mertens
Malicious Bash Script with Multiple Features
2018-03-04
Xavier Mertens
The Crypto Miners Fight For CPU Cycles
2018-03-03
Xavier Mertens
Reminder: Beware of the "Cloud"
2018-02-25
Didier Stevens
Retrieving malware over Tor on Windows
2018-02-02
Xavier Mertens
Simple but Effective Malicious XLS Sheet
2018-01-30
Kevin Liston
Using FLIR in Incident Response?
2018-01-29
Didier Stevens
Comment your Packet Captures - Extra!
2018-01-28
Didier Stevens
Is this a pentest?
2018-01-26
Xavier Mertens
Investigating Microsoft BITS Activity
2018-01-25
Xavier Mertens
Ransomware as a Service
2018-01-22
Didier Stevens
HTTPS on every port?
2018-01-18
Xavier Mertens
Comment your Packet Captures!
2018-01-12
Bojan Zdrnja
Those pesky registry keys required by critical security patches
2018-01-11
Xavier Mertens
Mining or Nothing!
2018-01-10
Russ McRee
GitHub InfoSec Threepeat: HELK, ptf, and VulnWhisperer
2018-01-09
Jim Clausing
Are you watching for brute force attacks on IPv6?
2018-01-08
Bojan Zdrnja
Meltdown and Spectre: clearing up the confusion
2018-01-03
John Bambenek
Phishing to Rural America Leads to Six-figure Wire Fraud Losses
2017-12-27
Guy Bruneau
What are your Security Challenges for 2018?
2017-12-20
Richard Porter
VMWare Security Advisory: VMSA-2017-0021: https://www.vmware.com/security/advisories/VMSA-2017-0021.html
2017-12-19
Xavier Mertens
Example of 'MouseOver' Link in a Powerpoint File
2017-12-16
Xavier Mertens
Microsoft Office VBA Macro Obfuscation via Metadata
2017-12-13
Xavier Mertens
Tracking Newly Registered Domains
2017-12-05
Tom Webb
IR using the Hive Project.
2017-11-29
Xavier Mertens
Fileless Malicious PowerShell Sample
2017-11-25
Guy Bruneau
Exim Remote Code Exploit
2017-11-25
Guy Bruneau
Benefits associated with the use of Open Source Software
2017-11-16
Xavier Mertens
Suspicious Domains Tracking Dashboard
2017-11-15
Xavier Mertens
If you want something done right, do it yourself!
2017-11-13
Guy Bruneau
VBE Embeded Script (info.zip)
2017-11-07
Xavier Mertens
Interesting VBA Dropper
2017-11-03
Xavier Mertens
Simple Analysis of an Obfuscated JAR File
2017-10-31
Xavier Mertens
Some Powershell Malicious Code
2017-10-29
Didier Stevens
Remember ACE files?
2017-10-24
Xavier Mertens
BadRabbit: New ransomware wave hitting RU & UA
2017-10-15
Didier Stevens
Peeking into .msg files
2017-10-12
Xavier Mertens
Version control tools aren't only for Developers
2017-10-02
Xavier Mertens
Investigating Security Incidents with Passive DNS
2017-09-28
Xavier Mertens
The easy way to analyze huge amounts of PCAP data
2017-09-24
Jim Clausing
Forensic use of mount --bind
2017-09-22
Russell Eubanks
What is the State of Your Union?
2017-09-20
Renato Marinho
Ongoing Ykcol (Locky) campaign
2017-09-19
Jim Clausing
New tool: mac-robber.py
2017-09-18
Xavier Mertens
Getting some intelligence from malspam
2017-09-18
Johannes Ullrich
SANS Securingthehuman posted a follow up to their Equifax breach webcast: https://securingthehuman.sans.org/blog/2017/09/15/equifax-webcast-follow-up
2017-09-17
Guy Bruneau
rockNSM as a Incident Response Package
2017-09-16
Guy Bruneau
VMware ESXi, vCenter Server, Fusion and Workstation updates resolve multiple security vulnerabilities - https://www.vmware.com/security/advisories/VMSA-2017-0015.html
2017-09-09
Didier Stevens
Malware analysis output sanitization
2017-09-05
Adrien de Beaupre
Struts vulnerability patch released by apache, patch now
2017-09-02
Xavier Mertens
AutoIT based malware back in the wild
2017-09-01
Brad Duncan
Malspam pushing Locky ransomware tries HoeflerText notifications for Chrome and FireFox
2017-08-26
Didier Stevens
Malware analysis: searching for dots
2017-08-25
Xavier Mertens
Malicious AutoIT script delivered in a self-extracting RAR file
2017-08-23
Xavier Mertens
Malicious script dropping an executable signed by Avast?
2017-08-18
Guy Bruneau
tshark 2.4 New Feature - Command Line Export Objects
2017-08-18
Renato Marinho
EngineBox Malware Supports 10+ Brazilian Banks
2017-08-17
Xavier Mertens
Maldoc with auto-updated link
2017-08-13
Didier Stevens
The Good Phishing Email
2017-07-21
Didier Stevens
Malicious .iso Attachments
2017-07-18
Bojan Zdrnja
Investigation of BitTorrent Sync (v.2.0) as a P2P Cloud Service (Part 4 ? Windows Thumbnail Cache, Registry, Prefetch Files, and Link Files artefacts)
2017-07-14
Brad Duncan
NemucodAES and the malspam that distributes it
2017-07-13
Bojan Zdrnja
Investigation of BitTorrent Sync (v.2.0) as a P2P Cloud Service (Part 3 ? Physical Memory artefacts)
2017-07-09
Russ McRee
Adversary hunting with SOF-ELK
2017-07-05
Didier Stevens
Selecting domains with random names
2017-06-28
Brad Duncan
Petya? I hardly know ya! - an ISC update on the 2017-06-27 ransomware outbreak
2017-06-28
Brad Duncan
Catching up with Blank Slate: a malspam campaign still going strong
2017-06-22
Xavier Mertens
Obfuscating without XOR
2017-06-17
Guy Bruneau
Mapping Use Cases to Logs. Which Logs are the Most Important to Collect?
2017-06-07
Johannes Ullrich
Deceptive Advertisements: What they do and where they come from
2017-06-06
Didier Stevens
Malware and XOR - Part 2
2017-06-05
Didier Stevens
Malware and XOR - Part 1
2017-05-31
Pasquale Stirparo
Analysis of Competing Hypotheses, WCry and Lazarus (ACH part 2)
2017-05-30
Johannes Ullrich
FreeRadius Authentication Bypass
2017-05-28
Pasquale Stirparo
Analysis of Competing Hypotheses (ACH part 1)
2017-05-24
Brad Duncan
Jaff ransomware gets a makeover
2017-05-16
Russ McRee
WannaCry? Do your own data analysis.
2017-05-13
Guy Bruneau
Microsoft Released Guidance for WannaCrypt
2017-05-12
Xavier Mertens
Massive wave of ransomware ongoing
2017-05-06
Xavier Mertens
The story of the CFO and CEO...
2017-05-05
Xavier Mertens
HTTP Headers... the Achilles' heel of many applications
2017-05-02
Richard Porter
Do you have Intel AMT? Then you have a problem today! Intel Active Management Technology INTEL-SA-00075
2017-04-28
Xavier Mertens
Another Day, Another Obfuscation Technique
2017-04-19
Xavier Mertens
Hunting for Malicious Excel Sheets
2017-04-14
Rick Wanner
Wireshark 2.2.6 available -> https://www.wireshark.org/docs/relnotes/wireshark-2.2.6.html
2017-04-13
Rob VandenBrink
Packet Captures Filtered by Process
2017-04-12
Brad Duncan
Malspam on 2017-04-11 pushes yet another ransomware variant
2017-04-07
Xavier Mertens
Tracking Website Defacers with HTTP Referers
2017-04-05
Xavier Mertens
Whitelists: The Holy Grail of Attackers
2017-04-02
Guy Bruneau
IPFire - A Household Multipurpose Security Gateway
2017-03-29
Xavier Mertens
Critical VMware vulnerabilities disclosed
2017-03-19
Xavier Mertens
Searching for Base64-encoded PE Files
2017-03-18
Xavier Mertens
Example of Multiple Stages Dropper
2017-03-15
Xavier Mertens
Retro Hunting!
2017-03-12
Guy Bruneau
Honeypot Logs and Tracking a VBE Script
2017-03-08
Xavier Mertens
Not All Malware Samples Are Complex
2017-03-04
Xavier Mertens
How your pictures may affect your website reputation
2017-03-03
Lorna Hutcheson
BitTorrent or Something Else?
2017-02-24
Rick Wanner
Cloudflare data leak...what does it mean to me?
2017-02-15
Xavier Mertens
How was your stay at the Hotel La Playa?
2017-02-09
Brad Duncan
CryptoShield Ransomware from Rig EK
2017-02-05
Xavier Mertens
Many Malware Samples Found on Pastebin
2017-02-04
Xavier Mertens
Detecting Undisclosed Vulnerabilities with Security Tools & Features
2017-02-02
Rick Wanner
Multiple vulnerabilities discovered in popular printer models
2017-01-31
Johannes Ullrich
VMWare Security Advisory for AirWatch http://www.vmware.com/security/advisories/VMSA-2017-0001.html
2017-01-31
Johannes Ullrich
Malicious Office files using fileless UAC bypass to drop KEYBASE malware
2017-01-24
Xavier Mertens
Malicious SVG Files in the Wild
2017-01-13
Xavier Mertens
Who's Attacking Me?
2017-01-12
Mark Baggett
System Resource Utilization Monitor
2017-01-11
Johannes Ullrich
January 2017 Edition of Ouch! Security Awareness Newsletter Released: https://securingthehuman.sans.org/ouch
2017-01-10
Johannes Ullrich
Realtors Be Aware: You Are a Target
2017-01-06
John Bambenek
Ransomware Operators Cold Calling UK Schools to Get Malware Through
2017-01-05
John Bambenek
New Year's Resolution: Build Your Own Malware Lab?
2017-01-01
Didier Stevens
py2exe Decompiling - Part 1
2016-12-29
Rick Wanner
More on Protocol 47 denys
2016-12-29
Rick Wanner
Increase in Protocol 47 denys
2016-12-27
Guy Bruneau
Using daemonlogger as a Software Tap
2016-12-13
Xavier Mertens
UAC Bypass in JScript Dropper
2016-11-25
Xavier Mertens
Free Software Quick Security Checklist
2016-11-23
Tom Webb
Vmware Patches VMSA-2016-0005.5, VMSA-2016-0018.3 and VMSA-2016-0021
2016-11-18
Brad Duncan
Wireshark update: version 2.2.2 (stable release) and 2.0.8 (old stable release) - https://www.wireshark.org/download.html
2016-11-11
Rick Wanner
Benevolent malware? reincarna/Linux.Wifatch
2016-11-05
Xavier Mertens
Full Packet Capture for Dummies
2016-11-02
Rob VandenBrink
What Does a Pentest Look Like?
2016-10-31
Russ McRee
SEC505 DFIR capture script: snapshot.ps1
2016-10-30
Pasquale Stirparo
Volatility Bot: Automated Memory Analysis
2016-10-26
Johannes Ullrich
New VMWare Security Advisory: VMSA-2016-0017 Information Disclosure in VMWare Fusion and VMWare Tools https://www.vmware.com/security/advisories/VMSA-2016-0017.html
2016-10-25
Xavier Mertens
Another Day, Another Spam...
2016-10-11
Xavier Mertens
WiFi Still Remains a Good Attack Vector
2016-10-10
Didier Stevens
Radare2: rahash2
2016-09-30
Xavier Mertens
Another Day, Another Malicious Behaviour
2016-09-25
Pasquale Stirparo
Defining Threat Intelligence Requirements
2016-09-22
Rick Wanner
YAHDD! (Yet another HUGE data Breach!)
2016-09-13
Rob VandenBrink
If it's Free, YOU are the Product
2016-09-09
Xavier Mertens
Collecting Users Credentials from Locked Devices
2016-09-05
Xavier Mertens
Malware Delivered via '.pub' Files
2016-09-01
Xavier Mertens
Maxmind.com (Ab)used As Anti-Analysis Technique
2016-08-31
Deborah Hale
Dropbox Breach
2016-08-25
Xavier Mertens
Out-of-Band iOS Patch Fixes 0-Day Vulnerabilities
2016-08-24
Tom Webb
Stay on Track During IR
2016-08-24
Xavier Mertens
Example of Targeted Attack Through a Proxy PAC File
2016-08-23
Xavier Mertens
Voice Message Notifications Deliver Ransomware
2016-08-19
Xavier Mertens
Data Classification For the Masses
2016-08-14
Guy Bruneau
vRealize Log Insight directory traversal vulnerability - http://www.vmware.com/security/advisories/VMSA-2016-0011.html
2016-08-11
Pasquale Stirparo
Looking for the insider: Forensic Artifacts on iOS Messaging App
2016-08-01
Daniel Wesemann
Are you getting I-CANNED ?
2016-07-31
Pasquale Stirparo
Sharing (intel) is caring... or not?
2016-07-27
Xavier Mertens
Analyze of a Linux botnet client source code
2016-07-25
Didier Stevens
Python Malware - Part 4
2016-07-16
Didier Stevens
Python Malware - Part 3
2016-07-12
Xavier Mertens
Hunting for Malicious Files with MISP + OSSEC
2016-07-08
Mark Hofman
Malware being distributed pretending to be from AU Fedcourts
2016-07-03
Guy Bruneau
Is Data Privacy part of your Company's Culture?
2016-06-29
Xavier Mertens
Phishing Campaign with Blurred Images
2016-06-26
Rick Wanner
Bart - a new Ransomware
2016-06-20
Xavier Mertens
Ongoing Spam Campaign Related to Swift
2016-06-18
Rob VandenBrink
Controlling JavaScript Malware Before it Runs
2016-06-01
Xavier Mertens
Docker Containers Logging
2016-05-25
Rick Wanner
VMWare Security Advisories
2016-05-22
Pasquale Stirparo
The strange case of WinZip MRU Registry key
2016-05-16
Rick Wanner
An oldie but a goodie - 419 Death Scam
2016-05-15
Didier Stevens
Python Malware - Part 1
2016-05-13
Xavier Mertens
MISP - Malware Information Sharing Platform
2016-05-05
Xavier Mertens
Microsoft BITS Used to Download Payloads
2016-05-02
Rick Wanner
Fake Chrome update for Android
2016-05-02
Rick Wanner
Lean Threat Intelligence
2016-04-28
Rob VandenBrink
DNS and DHCP Recon using Powershell
2016-04-25
Guy Bruneau
Highlights from the 2016 HPE Annual Cyber Threat Report
2016-04-21
Daniel Wesemann
Decoding Pseudo-Darkleech (#1)
2016-04-21
Daniel Wesemann
Decoding Pseudo-Darkleech (Part #2)
2016-04-11
John Bambenek
Tool Released to Decrypt Petya Ransomware Infected Disks
2016-04-10
Didier Stevens
Handling Malware Samples
2016-04-02
Russell Eubanks
Why Can't We Be Friends?
2016-04-01
John Bambenek
Tips for Stopping Ransomware
2016-03-28
Xavier Mertens
Improving Bash Forensics Capabilities
2016-03-13
Guy Bruneau
A Look at the Mandiant M-Trends 2016 Report
2016-03-11
Jim Clausing
Forensicating Docker, Part 1
2016-03-09
Rob VandenBrink
A Wall Against Cryptowall? Some Tips for Preventing Ransomware
2016-03-07
Xavier Mertens
Another Malicious Document, Another Way to Deliver Malicious Code
2016-03-07
Xavier Mertens
OSX Ransomware Spread via a Rogue BitTorrent Client Installer
2016-03-06
Jim Clausing
Novel method for slowing down Locky on Samba server using fail2ban
2016-02-27
Guy Bruneau
Wireshark Fixes Several Bugs and Vulnerabilities
2016-02-24
Xavier Mertens
Analyzis of a Malicious .lnk File with an Embedded Payload
2016-02-23
Xavier Mertens
VMware VMSA-2016-0002
2016-02-18
Xavier Mertens
Hunting for Executable Code in Windows Environments
2016-02-13
Guy Bruneau
VMware VMSA-2015-0007.3 has been Re-released
2016-02-11
Tom Webb
Tomcat IR with XOR.DDoS
2016-01-31
Guy Bruneau
Windows 10 and System Protection for DATA Default is OFF
2016-01-24
Didier Stevens
Obfuscated MIME Files
2016-01-20
Xavier Mertens
/tmp, %TEMP%, ~/Desktop, T:\, ... A goldmine for pentesters!
2016-01-15
Xavier Mertens
JavaScript Deobfuscation Tool
2016-01-10
Jim Clausing
VMware security update
2016-01-06
Russ McRee
toolsmith #112: Red vs Blue - PowerSploit vs PowerForensics
2016-01-05
Guy Bruneau
What are you Concerned the Most in 2016?
2016-01-01
Didier Stevens
Failure Is An Option
2015-12-26
Didier Stevens
Malfunctioning Malware
2015-12-19
Russell Eubanks
VMWare Security Advisory
2015-12-16
Xavier Mertens
Playing With Sandboxes Like a Boss
2015-12-06
Mark Hofman
Malware SPAM a new run has started.
2015-11-22
Guy Bruneau
OpenDNS Research Used to Predict Threat
2015-11-09
John Bambenek
Protecting Users and Enterprises from the Mobile Malware Threat
2015-11-07
Didier Stevens
Ransomware & Entropy: Your Turn -> Solution
2015-11-04
Johannes Ullrich
Internet Wide Scanners Wanted
2015-10-30
Didier Stevens
Ransomware & Entropy: Your Turn
2015-10-27
Xavier Mertens
The "Yes, but..." syndrome
2015-10-18
Russell Eubanks
Security Awareness for Security Professionals
2015-10-18
Didier Stevens
Ransomware & Entropy
2015-10-17
Russell Eubanks
CIS Critical Security Controls - Version 6.0
2015-10-12
Guy Bruneau
Critical Vulnerability in Multiple Cisco Products - Apache Struts 2 Command Execution http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2
2015-10-09
Guy Bruneau
Adobe Acrobat and Reader Pre-Announcement
2015-09-29
Pedro Bueno
Tricks for DLL analysis
2015-09-28
Johannes Ullrich
"Transport of London" Malicious E-Mail
2015-09-23
Daniel Wesemann
Making our users unlearn what we taught them
2015-09-21
Xavier Mertens
Detecting XCodeGhost Activity
2015-09-19
Didier Stevens
Don't launch that file Adobe Reader!
2015-09-01
Daniel Wesemann
Encryption of "data at rest" in servers
2015-08-29
Tom Webb
Automating Metrics using RTIR REST API
2015-08-18
Russ McRee
Microsoft Security Bulletin MS15-093 - Critical OOB - Internet Explorer RCE
2015-08-12
Rob VandenBrink
Wireshark 1.12.7 is released, multiple fixes. Find the release notes at: https://www.wireshark.org/docs/relnotes/wireshark-1.12.7.html and the binaries at: https://www.wireshark.org/download.html
2015-08-07
Tony Carothers
Critical Firefox Update Today
2015-07-17
Didier Stevens
Process Explorer and VirusTotal
2015-07-15
Richard Porter
Always Check Your References (Cheat Sheets to the Rescue)
2015-06-29
Rob VandenBrink
The Powershell Diaries 2 - Software Inventory
2015-06-24
Rob VandenBrink
The Powershell Diaries - Finding Problem User Accounts in AD
2015-06-02
Alex Stanford
Guest Diary: Xavier Mertens - Playing with IP Reputation with Dshield & OSSEC
2015-05-23
Guy Bruneau
Business Value in "Big Data"
2015-05-14
Daniel Wesemann
Oh Bloat!
2015-05-10
Didier Stevens
Wireshark TCP Flags: How To Install On Windows Video
2015-05-07
Chris Mohan
Security Awareness? How do you keep your staff safe?
2015-05-03
Russ McRee
VolDiff, for memory image differential analysis
2015-04-30
Brad Duncan
Dalexis/CTB-Locker malspam campaign
2015-04-24
Basil Alawi S.Taher
Fileless Malware
2015-04-19
Didier Stevens
Handling Special PDF Compression Methods
2015-04-17
Didier Stevens
Memory Forensics Of Network Devices
2015-04-09
Brad Duncan
An example of the malicious emails sometimes sent to the ISC handler addresses
2015-04-08
Tom Webb
Is it a breach or not?
2015-04-05
Didier Stevens
Wireshark TCP Flags
2015-04-04
Didier Stevens
VMware Product Updates Address Critical Information Disclosure Issue In JRE
2015-03-21
Russell Eubanks
Have you seen my personal information? It has been lost. Again.
2015-03-18
Daniel Wesemann
New SANS memory forensics poster
2015-03-18
Daniel Wesemann
Pass the hash!
2015-03-14
Didier Stevens
Maldoc VBA Sandbox/Virtualization Detection
2015-03-13
Guy Bruneau
Blind SQL Injection against WordPress SEO by Yoast
2015-03-08
Brad Duncan
What Happened to You, Asprox Botnet?
2015-03-07
Guy Bruneau
Should it be Mandatory to have an Independent Security Audit after a Breach?
2015-02-26
Johannes Ullrich
New Feature: Subnet Report
2015-02-23
Richard Porter
Subscribing to the DShield Top 20 on a Palo Alto Networks Firewall
2015-02-19
Daniel Wesemann
Macros? Really?!
2015-02-17
Rob VandenBrink
oclHashcat 1.33 Released
2015-02-09
Chris Mohan
Backups are part of the overall business continuity and disaster recovery plan
2015-02-03
Johannes Ullrich
Another Network Forensic Tool for the Toolbox - Dshell
2015-01-31
Guy Bruneau
Beware of Phishing and Spam Super Bowl Fans!
2014-12-24
Rick Wanner
Incident Response at Sony
2014-12-23
John Bambenek
How I learned to stop worrying and love malware DGAs....
2014-12-05
Basil Alawi S.Taher
VMware new and updated security advisories
2014-12-01
Guy Bruneau
Do you have a Data Breach Response Plan?
2014-11-24
Richard Porter
Someone is using this? PoS: Compressor
2014-11-20
Johannes Ullrich
Critical WordPress XSS Update
2014-11-04
Daniel Wesemann
Whois someone else?
2014-10-23
Russ McRee
Digest: 23 OCT 2014
2014-10-14
Johannes Ullrich
Updates for Firefox and Thunderbird. http://www.mozilla.org/firefox/new/
2014-10-03
Johannes Ullrich
CSAM: The Power of Virustotal to Turn Harmless Binaries Malicious
2014-10-02
Johannes Ullrich
Why is your Mac all for sudden using Bing as a search engine?
2014-10-01
Russ McRee
VMware security advisory: VMSA-2014-0010 http://www.vmware.com/security/advisories/VMSA-2014-0010.html
2014-09-27
Guy Bruneau
What has Bash and Heartbleed Taught Us?
2014-09-22
Johannes Ullrich
Fake LogMeIn Certificate Update with Bad AV Detection Rate
2014-09-19
Guy Bruneau
Added today in oclhashcat 131 Django [Default Auth] (PBKDF2 SHA256 Rounds Salt) Support - http://hashcat.net/hashcat/
2014-09-16
Mark Hofman
FreeBSD Denial of Service advisory (CVE-2004-0230)
2014-09-12
Chris Mohan
VMware NSX and vCNS product updates address a critical information disclosure vulnerability http://www.vmware.com/security/advisories/VMSA-2014-0009.html
2014-09-12
Chris Mohan
Are credential dumps worth reviewing?
2014-08-25
Jim Clausing
UDP port 1900 DDoS traffic
2014-08-23
Guy Bruneau
NSS Labs Cyber Resilience Report
2014-08-22
Richard Porter
PHP 5.4.32 Released http://www.php.net/ChangeLog-5.php#5.4.32
2014-08-22
Richard Porter
PHP 5.5.16 is available http://www.php.net/ChangeLog-5.php#5.5.16
2014-08-14
Basil Alawi S.Taher
Threats to virtual environments
2014-08-12
Adrien de Beaupre
Adobe updates for 2014/08
2014-08-10
Basil Alawi S.Taher
Incident Response with Triage-ir
2014-08-09
Adrien de Beaupre
Complete application ownage via Multi-POST XSRF
2014-08-06
Chris Mohan
Free Service to Help CryptoLocker Victims by FireEye and Fox-IT
2014-08-05
Johannes Ullrich
Center for Internet Security Releases Benchmark for VMWare ESXi 5.5 https://benchmarks.cisecurity.org/downloads/form/index.cfm?download=esxi55.100
2014-08-05
Johannes Ullrich
Legal Threat Spam: Sometimes it Gets Personal
2014-08-04
Russ McRee
Threats & Indicators: A Security Intelligence Lifecycle
2014-08-01
Chris Mohan
WireShark 1.10.9 and 1.12.0 has been released
2014-07-24
Bojan Zdrnja
Windows Previous Versions against ransomware
2014-07-22
Daniel Wesemann
Ivan's Order of Magnitude
2014-07-22
Daniel Wesemann
WordPress brute force attack via wp.getUsersBlogs
2014-07-19
Russ McRee
Keeping the RATs out: the trap is sprung - Part 3
2014-07-18
Russ McRee
Keeping the RATs out: **it happens - Part 2
2014-07-18
Russ McRee
Gameover Zeus reported as "returned from the dead"
2014-07-16
Russ McRee
Keeping the RATs out: an exercise in building IOCs - Part 1
2014-07-15
Daniel Wesemann
AOC Cloud
2014-07-11
Rob VandenBrink
Egress Filtering? What - do we have a bird problem?
2014-07-05
Guy Bruneau
Malware Analysis with pedump
2014-07-03
Johannes Ullrich
Credit Card Processing in 700 Words or Less
2014-07-02
Johannes Ullrich
July Ouch! Security Awareness Newsletter Released. E-mail Do's and Don'ts http://www.securingthehuman.org/resources/newsletters/ouch/2014#july2014
2014-06-30
Johannes Ullrich
Should I setup a Honeypot? [SANSFIRE]
2014-06-24
Kevin Shortt
NTP DDoS Counts Have Dropped
2014-06-22
Russ McRee
OfficeMalScanner helps identify the source of a compromise
2014-06-19
Tony Carothers
WordPress and Security
2014-06-13
Richard Porter
A welcomed response, PF Chang's
2014-06-11
Daniel Wesemann
Pay attention to Cryptowall!
2014-06-08
Guy Bruneau
efax Spam Containing Malware
2014-06-03
Basil Alawi S.Taher
An Introduction to RSA Netwitness Investigator
2014-05-23
Richard Porter
Highlights from Cisco Live 2014 - The Internet of Everything
2014-05-18
Russ McRee
sed and awk will always rock
2014-04-29
Russ McRee
Firefox 29.0 & Thunderbird 24.5 released: http://www.mozilla.org/security/known-vulnerabilities/
2014-04-26
Guy Bruneau
New Project by Linux Foundation - Core Infrastructure Initiative
2014-04-21
Daniel Wesemann
Allow us to leave!
2014-04-15
Richard Porter
VMWare Advisory VMSA-2014-0004 - Updates on OpenSSL HeartBleed http://www.vmware.com/security/advisories/VMSA-2014-0004.html
2014-04-13
Kevin Shortt
Reverse Heartbleed Testing
2014-04-11
Rob VandenBrink
VMware Security Advisories / Patches released for 2 issues (NOT Heartbleed) - http://www.vmware.com/security/advisories/VMSA-2014-0003.html and http://www.vmware.com/security/advisories/VMSA-2014-0002.html
2014-04-11
Guy Bruneau
Heartbleed Fix Available for Download for Cisco Products
2014-04-06
Basil Alawi S.Taher
"Power Worm" PowerShell based Malware
2014-04-05
Jim Clausing
Those strange e-mails with URLs in them can lead to Android malware
2014-04-04
Rob VandenBrink
Dealing with Disaster - A Short Malware Incident Response
2014-03-26
Johannes Ullrich
Full Disclosure Mailing List is back: http://insecure.org/news/fulldisclosure/
2014-03-19
Mark Hofman
Mozilla released updates for Firefox ( v 28.0), Thunderbird (v 24.4) and Firefox Extended Support Release (ESR) updates to 24.4.0 (Fixes include the issues highlighted at the pwn2own contest.)
2014-03-14
Richard Porter
Word Press Shenanigans? Anyone seeing strange activity today?
2014-03-12
Johannes Ullrich
Wordpress "Pingback" DDoS Attacks
2014-03-11
Basil Alawi S.Taher
Introduction to Memory Analysis with Mandiant Redline
2014-03-07
Tom Webb
Linux Memory Dump with Rekall
2014-03-04
Daniel Wesemann
XPired!
2014-03-04
Daniel Wesemann
Triple Handshake Cookie Cutter
2014-03-02
Stephen Hall
Sunday Reading
2014-02-28
Daniel Wesemann
Oversharing
2014-02-28
Daniel Wesemann
Fiesta!
2014-02-22
Tony Carothers
Cisco UCS Director Vulnerability and Update
2014-02-19
Russ McRee
Threat modeling in the name of security
2014-02-09
Basil Alawi S.Taher
Mandiant Highlighter 2
2014-02-07
Rob VandenBrink
Hello Virustotal? It's Microsoft Calling.
2014-02-07
Rob VandenBrink
New ISO Standards on Vulnerability Handling and Disclosure
2014-02-05
Johannes Ullrich
SANS Ouch Security Awareness Newsletter What is Malware http://www.securingthehuman.org/ouch
2014-02-04
Johannes Ullrich
Firefox 27 Available http://www.mozilla.org/en-US/firefox/27.0/releasenotes/
2014-01-23
Chris Mohan
Learning from the breaches that happens to others Part 2
2014-01-22
Chris Mohan
Learning from the breaches that happens to others
2014-01-19
Rick Wanner
Anatomy of a Malware distribution campaign
2014-01-17
Russ McRee
New and updated VMWare security advisories - http://www.vmware.com/security/advisories
2014-01-11
Guy Bruneau
tcpflow 1.4.4 and some of its most Interesting Features
2014-01-10
Basil Alawi S.Taher
Windows Autorun-3
2014-01-09
Johannes Ullrich
Microsoft Security Bulletin Advance Notification for January 2014 http://technet.microsoft.com/en-us/security/bulletin/ms14-jan
2013-12-28
Russ McRee
Weekend Reading List 27 DEC
2013-12-24
Daniel Wesemann
Mr Jones wants you to appear in court!
2013-12-23
Scott Fendley
VMWare ESX/ESXi Security Advisory
2013-12-23
Daniel Wesemann
Costco, BestBuy, Walmart really want to send you a package!
2013-12-23
Rob VandenBrink
How-To's for the Holidays - Java Whitelisting using AD Group Policy
2013-12-21
Daniel Wesemann
Adobe phishing underway
2013-12-19
Rob VandenBrink
Target US - Credit Card Data Breach
2013-12-18
Adrien de Beaupre
Wireshark 1.10.4 and 1.8.12 are available
2013-12-12
Basil Alawi S.Taher
Acquiring Memory Images with Dumpit
2013-12-07
Guy Bruneau
Suspected Active Rovnix Botnet Controller
2013-12-04
Adrien de Beaupre
VMware Security Advisory VMSA-2013-0014
2013-12-02
Richard Porter
Reports of higher than normal SSH Attacks
2013-11-22
Rick Wanner
Port 0 DDOS
2013-11-22
Rick Wanner
Tales of Password Reuse
2013-11-21
Mark Baggett
"In the end it is all PEEKS and POKES."
2013-11-20
Mark Baggett
Searching live memory on a running machine with winpmem
2013-11-19
Mark Baggett
Winpmem - Mild mannered memory aquisition tool??
2013-11-15
Johannes Ullrich
VMWare Security Advisory: http://www.vmware.com/security/advisories/VMSA-2013-0013.html
2013-11-02
Rick Wanner
Protecting Your Family's Computers
2013-10-31
Russ McRee
Happy Halloween: The Ghost Really May Be In The Machine
2013-10-30
Russ McRee
SIR v15: Five good reasons to leave Windows XP behind
2013-10-28
Daniel Wesemann
Exploit cocktail (Struts, Java, Windows) going after 3-month old vulnerabilities
2013-10-24
Johannes Ullrich
False Positive: php.net Malware Alert
2013-10-22
Richard Porter
Greenbone and OpenVAS Scanner
2013-10-22
John Bambenek
Cryptolocker Update, Request for Info
2013-10-18
Guy Bruneau
VMware Release Multiple Security Updates
2013-10-18
Rob VandenBrink
CSAM - Why am I seeing DNS Requests to IANA.ORG in my Firewall Logs?
2013-10-15
Rob VandenBrink
Wireshark 1.11.0 Development Version Released ==> http://www.wireshark.org/download.html (1.10.2 remains the Stable version)
2013-10-05
Richard Porter
Adobe Breach Notification, Notifications?
2013-10-04
Johannes Ullrich
The Adobe Breach FAQ
2013-10-02
John Bambenek
Obamacare related domain registration spike, Government shutdown domain registration beginning
2013-10-01
Adrien de Beaupre
CSAM! Send us your logs!
2013-10-01
John Bambenek
*Metaspoit Releases Module to Exploit Unpatched IE Vuln CVE-2013-3893
2013-09-30
Adrien de Beaupre
Twitter DM spam/malware
2013-09-23
Rob VandenBrink
How do you spell "PSK"?
2013-09-20
Russ McRee
Threat Level Yellow: Protection recommendations regarding Internet Explorer exploits in the wild
2013-09-18
Rob VandenBrink
Cisco DCNM Update Released
2013-09-17
John Bambenek
Microsoft Releases Out-of-Band Advisory for all Versions of Internet Explorer
2013-09-12
Daniel Wesemann
37.58.73.42 / 95.156.228.69 / 195.210.43.42, anyone?
2013-09-10
Swa Frantzen
More Black Tuesday workload
2013-09-10
Swa Frantzen
Macs need to patch too!
2013-09-07
Guy Bruneau
Microsoft September Patch Pre-Announcement
2013-09-02
Guy Bruneau
Multiple Cisco Security Notice
2013-08-30
Kevin Liston
VMware ESXi and ESX address an NFC Protocol Unhandled Exception
2013-08-29
Russ McRee
Suspect Sendori software
2013-08-26
Alex Stanford
Stop, Drop and File Carve
2013-08-25
Johannes Ullrich
When does your browser send a "Referer" header (or not)?
2013-08-21
Alex Stanford
Psst. Your Browser Knows All Your Secrets.
2013-08-21
Rob VandenBrink
Fibre Channel Reconnaissance - Reloaded
2013-08-19
Rob VandenBrink
NMAP 6.40 Released (www.nmap.org), Release Notes at www.nmap.org/changelog.html
2013-08-14
Johannes Ullrich
Imaging LUKS Encrypted Drives
2013-08-07
Johannes Ullrich
Firefox 23 and Mixed Active Content
2013-08-07
Johannes Ullrich
New edition of the Ouch! Security Awareness Newsletter is out: http://www.securingthehuman.org/resources/newsletters/ouch/2013
2013-08-02
Chris Mohan
VMware Security Advisory VMSA-2013-0009 - http://www.vmware.com/security/advisories/VMSA-2013-0009.html
2013-08-02
Johannes Ullrich
Fake American Express Alerts
2013-07-28
Guy Bruneau
Wireshark 1.8.9 and 1.10.1 Security Update
2013-07-27
Scott Fendley
Defending Against Web Server Denial of Service Attacks
2013-07-22
Johannes Ullrich
Apple Developer Site Breach
2013-07-21
Guy Bruneau
Ubuntu Forums Security Breach
2013-07-21
Guy Bruneau
Why use Regular Expressions?
2013-07-20
Manuel Humberto Santander Pelaez
Do you have rogue Internet gateways in your network? Check it with nmap
2013-07-12
Johannes Ullrich
DNS resolution is failing for Microsofts Teredo server (teredo.ipv6.microsoft.com)
2013-07-12
Johannes Ullrich
Microsoft Teredo Server "Sunset"
2013-07-12
Rob VandenBrink
Hmm - where did I save those files?
2013-07-10
Johannes Ullrich
.NL Registrar Compromisse
2013-07-04
Russ McRee
Celebrating 4th of July With a Malware PCAP Visualization
2013-06-25
Bojan Zdrnja
Mozilla Firefox 22 released, fixes 14 security vulnerabilities, more info at http://www.mozilla.org/en-US/firefox/22.0/releasenotes/
2013-06-18
Russ McRee
Volatility rules...any questions?
2013-06-17
Daniel Wesemann
SANSFIRE 2013
2013-06-11
Swa Frantzen
vmware security advisory VMSA-2013-0008
2013-06-05
Johannes Ullrich
New version of "Ouch", the SANS Securing the Human Newsletter http://www.securingthehuman.org/resources/newsletters/ouch/2013
2013-06-05
Richard Porter
Wireshark 1.10.0 Stable Released http://www.wireshark.org/download.html
2013-05-31
Chris Mohan
VMware releases new and updated security advisories
2013-05-23
Adrien de Beaupre
Wireshark 1.10.0rc2 is now available http://www.wireshark.org/download.html
2013-05-23
Adrien de Beaupre
MoVP II
2013-05-22
Adrien de Beaupre
Wireshark 1.8.7 and 1.6.15 Released http://www.wireshark.org/news/20130517.html
2013-05-21
Adrien de Beaupre
Moore, Oklahoma tornado charitable organization scams, malware, and phishing
2013-05-17
Daniel Wesemann
e-netprotections.su ?
2013-05-16
Daniel Wesemann
Extracting signatures from Apple .apps
2013-05-14
Swa Frantzen
Firefox & Thunderbird released
2013-05-11
Lenny Zeltser
Extracting Digital Signatures from Signed Malware
2013-05-09
Johannes Ullrich
Microsoft released a Fix-it for the Internet Explorer 8 Vulnerability http://support.microsoft.com/kb/2847140
2013-05-01
Daniel Wesemann
The cost of cleaning up
2013-04-25
Adam Swanger
Guest Diary: Dylan Johnson - A week in the life of some Perimeter Firewalls
2013-04-25
Adam Swanger
SANS 2013 Forensics Survey - https://www.surveymonkey.com/s/2013SANSForensicsSurvey
2013-04-18
John Bambenek
ISC Handler Lenny Zeltser's REMnux v4 Reviewed on Hak5
2013-04-10
Manuel Humberto Santander Pelaez
Massive Google scam sent by email to Colombian domains
2013-04-04
Johannes Ullrich
Postgresql Patches Critical Vulnerability
2013-04-03
Mark Hofman
Firefox 20 and Thunderbird 17.0.5 updates
2013-03-28
John Bambenek
Where Were You During the Great DDoS Cybergeddon of 2013?
2013-03-27
Adam Swanger
IPv6 Focus Month: Guest Diary: Stephen Groat - IPv6 moving target defense
2013-03-27
Rob VandenBrink
Sourcefire VRT Community ruleset is live
2013-03-26
Daniel Wesemann
How your Webhosting Account is Getting Abused
2013-03-25
Johannes Ullrich
IPv6 Focus Month: IPv6 over IPv4 Preference
2013-03-22
Mark Baggett
Wipe the drive! Stealthy Malware Persistence - Part 4
2013-03-20
Mark Baggett
Wipe the drive! Stealthy Malware Persistence - Part 3
2013-03-19
Johannes Ullrich
Scam of the day: More fake CNN e-mails
2013-03-18
Kevin Shortt
Cisco IOS Type 4 Password Issue: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4
2013-03-15
Mark Baggett
AVG detect legit file as virus
2013-03-14
Mark Baggett
Wipe the drive! Stealthy Malware Persistence - Part 2
2013-03-13
Mark Baggett
Wipe the drive! Stealthy Malware Persistence Mechanism - Part 1
2013-03-13
Johannes Ullrich
IPv6 Focus Month: Kaspersky Firewall IPv6 Vulnerability
2013-03-09
Guy Bruneau
IPv6 Focus Month: IPv6 Encapsulation - Protocol 41
2013-03-08
Johannes Ullrich
IPv6 Focus Month: Filtering ICMPv6 at the Border
2013-03-07
Guy Bruneau
Wireshark Security Updates
2013-03-05
Mark Hofman
IPv6 Focus Month: Device Defaults
2013-03-04
Johannes Ullrich
IPv6 Focus Month: Addresses
2013-03-02
Scott Fendley
Evernote Security Issue
2013-02-27
Adam Swanger
Guest Diary: Dylan Johnson - There's value in them there logs!
2013-02-25
Johannes Ullrich
Mass-Customized Malware Lures: Don't trust your cat!
2013-02-22
Chris Mohan
PHP 5.4.12 and PHP 5.3.22 released http://www.php.net/ChangeLog-5.php
2013-02-22
Chris Mohan
VMware releases new and updated security advisories
2013-02-22
Johannes Ullrich
Zendesk breach affects Tumblr/Pinterest/Twitter
2013-02-21
Pedro Bueno
NBC site redirecting to Exploit kit
2013-02-19
Johannes Ullrich
Firefox 19 Release with various security fixes.
2013-02-17
Guy Bruneau
Adobe Acrobat and Reader Security Update Planned this Week
2013-02-17
Guy Bruneau
HP ArcSight Connector Appliance and Logger Vulnerabilities
2013-02-16
Lorna Hutcheson
Fedora RedHat Vulnerabilty Released
2013-02-14
Adam Swanger
ISC Monthly Threat Update - February 2013 http://isc.sans.edu/podcastdetail.html?id=3121
2013-02-13
Swa Frantzen
More adobe reader and acrobat (PDF) trouble
2013-02-08
Johannes Ullrich
VMWare Advisories (ESX, Workstation, Fusion...) http://www.vmware.com/security/advisories/VMSA-2013-0002.html
2013-02-06
Adam Swanger
Sysinternals in particular Process Explorer update https://blogs.technet.com/b/sysinternals/?Redirected=true
2013-02-06
Kevin Shortt
Firefox updated to 18.02 -> https://www.mozilla.org/en-US/firefox/18.0.2/releasenotes/
2013-02-04
Adam Swanger
SAN Securing The Human Monthly Awareness Video - Advanced Persistent Threat (APT) http://www.securingthehuman.org/resources/ncsam
2013-02-01
Jim Clausing
VMware vSphere security updates for the authentication service and third party libraries (see http://www.vmware.com/security/advisories/VMSA-2013-0001.html)
2013-01-27
Tony Carothers
HP JetDirect Vulnerabilities Discussed
2013-01-15
Rob VandenBrink
When Disabling IE6 (or Java, or whatever) is not an Option...
2013-01-10
Rob VandenBrink
What Else runs Telnets? Or, Pentesters Love Video Conferencing Units Too!
2013-01-10
Adam Swanger
ISC Monthly Threat Update New Format
2013-01-09
Rob VandenBrink
Firefox and Thunderbird Updates
2013-01-09
Rob VandenBrink
Security Updates for Adobe Reader / Acrobat - http://www.adobe.com/support/security/bulletins/apsb13-02.html
2013-01-09
Johannes Ullrich
New Format for Monthly Threat Update
2013-01-08
Jim Clausing
Cuckoo 0.5 is out and the world didn't end
2013-01-08
Richard Porter
Yahoo Web Interface Report: Compose and Send
2013-01-08
Richard Porter
A picture worth a 1000 barcodes?
2013-01-08
Richard Porter
Firefox 18 Released, Security Fixes http://www.mozilla.org/security/known-vulnerabilities/firefox.html
2013-01-04
Daniel Wesemann
Blue for Reset?
2013-01-02
Russ McRee
EMET 3.5: The Value of Looking Through an Attacker's Eyes
2013-01-01
Johannes Ullrich
FixIt Available for Internet Explorer Vulnerability
2012-12-18
Rob VandenBrink
All I Want for Christmas is to Not Get Hacked !
2012-12-14
Adam Swanger
ISC Feature of the Week: Webhoneypot: Web Server Log Project
2012-12-07
Adam Swanger
ISC Feature of the Week: Glossary Additions
2012-12-06
Johannes Ullrich
How to identify if you are behind a "Transparent Proxy"
2012-12-03
Kevin Liston
Mobile Malware: Request for Field Reports
2012-12-03
John Bambenek
John McAfee Exposes His Location in Photo About His Being on Run
2012-12-01
Guy Bruneau
Firefox 17.0.1 Bug Fixes - http://www.mozilla.org/en-US/firefox/17.0.1/releasenotes/
2012-11-29
Adam Swanger
ISC Feature of the Week: SSH Scan Reports
2012-11-29
Kevin Shortt
New Apple Security Update: APPLE-SA-2012-11-29-1 Apple TV 5.1.1
2012-11-28
Mark Hofman
McAfee releases extraDAT for W32/Autorun.worm.aaeb-h
2012-11-28
Mark Hofman
New version of wireshark is available (1.8.4), some security fixes included.
2012-11-27
Chris Mohan
Can users' phish emails be a security admin's catch of the day?
2012-11-26
John Bambenek
Online Shopping for the Holidays? Tips, News and a Fair Warning
2012-11-22
Kevin Liston
Greek National Arrested on Suspicion of Theft of 9M Records on Fellow Greeks
2012-11-20
John Bambenek
Behind the Random NTP Bizarreness of Incorrect Year Being Set
2012-11-20
John Bambenek
Firefox v 17.0 just released, more here: http://www.mozilla.org/en-US/firefox/17.0/releasenotes/
2012-11-19
John Bambenek
MoneyGram fined $100 million for aiding wire fraud - http://krebsonsecurity.com/2012/11/moneygram-fined-100-million-for-wire-fraud/
2012-11-19
John Bambenek
New Poll: Top 5 Unresolved Security Problems of 2012
2012-11-18
Guy Bruneau
FreeBSD Project Servers Compromised - http://www.freebsd.org/news/2012-compromise.html
2012-11-17
Manuel Humberto Santander Pelaez
New Sysinternal Updates: AdExplorer v1.44, Contig v1.7, Coreinfo v3.2, Procdump v5.1. See http://blogs.technet.com/b/sysinternals/archive/2012/11/16/updates-adexplorer-v1-44-contig-v1-7-coreinfo-v3-2-procdump-v5-1.aspx?Redirected=true
2012-11-16
Guy Bruneau
VMware security updates for vSphere API and ESX Service Console - http://www.vmware.com/security/advisories/VMSA-2012-0016.html
2012-11-16
Manuel Humberto Santander Pelaez
Information Security Incidents are now a concern for colombian government
2012-11-15
Jim Clausing
Another month another password disclosure breach
2012-11-12
John Bambenek
Request for info: Robocall Phishing Against Local/Regional Banks
2012-11-09
Mark Baggett
Fresh batch of Microsoft patches next week
2012-11-09
Mark Baggett
Remote Diagnostics with PSR
2012-11-08
Daniel Wesemann
Adobe Patches
2012-11-07
Mark Baggett
Help eliminate unquoted path vulnerabilities
2012-11-07
Mark Baggett
Multiple 0-Days Reported!
2012-11-07
Mark Baggett
Cisco TACACS+ Authentication Bypass
2012-11-05
Johannes Ullrich
Reminder: Ongoing SMTP Brute Forcing Attacks
2012-11-05
Johannes Ullrich
Possible Fake-AV Ads from Doubleclick Servers
2012-11-04
Lorna Hutcheson
What's important on your network?
2012-11-02
Daniel Wesemann
The shortcomings of anti-virus software
2012-11-02
Daniel Wesemann
Lamiabiocasa
2012-11-01
Daniel Wesemann
Patched your Java yet?
2012-10-31
Johannes Ullrich
Cyber Security Awareness Month - Day 31 - Business Continuity and Disaster Recovery
2012-10-30
Johannes Ullrich
Hurricane Sandy Update
2012-10-30
Richard Porter
Splunk 5.0 SP-CAAAHB4 http://www.splunk.com/view/SP-CAAAHB4
2012-10-30
Mark Hofman
Cyber Security Awareness Month - Day 30 - DSD 35 mitigating controls
2012-10-29
Kevin Shortt
Cyber Security Awareness Month - Day 29 - Clear Desk: The Unacquainted Standard
2012-10-28
Tony Carothers
Firefox 16.02 Released
2012-10-26
Russ McRee
Cyber Security Awareness Month - Day 26 - Attackers use trusted domain to propagate Citadel Zeus variant
2012-10-25
Richard Porter
Cyber Security Awareness Month - Day 25 - Pro Audio & Video Packets on the Wire
2012-10-24
Russ McRee
Cyber Security Awareness Month - Day 24 - A Standard for Information Security Incident Management - ISO 27035
2012-10-24
Russ McRee
Ongoing Windstream outage in the midwest - https://twitter.com/search?q=windstream
2012-10-23
Rob VandenBrink
Cyber Security Awareness Month - Day 23: Character Encoding Standards - ASCII and Successors
2012-10-21
Johannes Ullrich
Cyber Security Awareness Month - Day 22: Connectors
2012-10-21
Lorna Hutcheson
Potential Phish for Regular Webmail Accounts
2012-10-19
Johannes Ullrich
Cyber Security Awareness Month - Day 19: Standard log formats and CEE.
2012-10-18
Rob VandenBrink
Cyber Security Awareness Month - Day 18 - Vendor Standards: The vSphere Hardening Guide
2012-10-17
Mark Hofman
New Acrobat release (including reader) available. Version 11. Some security improvements more here -->http://blogs.adobe.com/adobereader/
2012-10-17
Rob VandenBrink
Cyber Security Awareness Month - Day 17 - A Standard for Risk Management - ISO 27005
2012-10-16
Richard Porter
CyberAwareness Month - Day 15, Standards Body Soup (pt2), Same Soup Different Cook.
2012-10-16
Johannes Ullrich
Cyber Security Awareness Month - Day 16: W3C and HTML
2012-10-14
Pedro Bueno
Cyber Security Awareness Month - Day 14 - Poor Man's File Analysis System - Part 1
2012-10-13
Guy Bruneau
New Poll - Cyber Security Awareness Month Activities 2012 - https://isc.sans.edu/poll.html
2012-10-12
Mark Hofman
Cyber Security Awareness Month - Day 12 PCI DSS
2012-10-11
Rob VandenBrink
Firefox 16 / Thunderbird 16 updates
2012-10-11
Rob VandenBrink
Cyber Security Awareness Month - Day 11 - Vendor Agnostic Standards (Center for Internet Security)
2012-10-10
Kevin Shortt
Cyber Security Awareness Month - Day 10 - Standard Sudo - Part Two
2012-10-09
Johannes Ullrich
Cyber Security Awreness Month - Day 9 - Request for Comment (RFC)
2012-10-09
Johannes Ullrich
Microsoft October 2012 Black Tuesday Update - Overview
2012-10-08
Mark Hofman
Cyber Security Awareness Month - Day 8 ISO 27001
2012-10-07
Tony Carothers
Cyber Security Awareness Month - Day 7 - Rollup Review of CSAM Week 1
2012-10-06
Manuel Humberto Santander Pelaez
Cyber Security Awareness Month - Day 6 - NERC: The standard that enforces security on power SCADA
2012-10-05
Johannes Ullrich
Cyber Security Awareness Month - Day 5: Standards Body Soup, So many Flavors in the bowl.
2012-10-05
Richard Porter
VMWare Security Advisory: VMSA-2012-0014 - http://www.vmware.com/security/advisories/VMSA-2012-0014.html
2012-10-05
Adam Swanger
ISC Feature of the Week: Report Fake Tech Support Call Statistics
2012-10-05
Richard Porter
Reports of a Distributed Injection Scan
2012-10-04
Mark Hofman
And the SHA-3 title goes to .....Keccak
2012-10-04
Johannes Ullrich
Cyber Security Awareness Month - Day 4: Crypto Standards
2012-10-03
Kevin Shortt
Cyber Security Awareness Month - Day 3 - Standard Sudo - Part One
2012-10-02
Russ McRee
Cyber Security Awareness Month - Day 2 - PCI Security Standard: Mobile Payment Acceptance Security Guidelines
2012-10-01
Johannes Ullrich
Cyber Security Awareness Month
2012-09-28
Joel Esler
Adobe certification revocation for October 4th
2012-09-27
Adam Swanger
ISC Feature of the Week: Glossary
2012-09-26
Johannes Ullrich
Some Android phones can be reset to factory default by clicking on links
2012-09-26
Johannes Ullrich
More Java Woes
2012-09-21
Johannes Ullrich
iOS 6 Security Roundup
2012-09-21
Guy Bruneau
Storing your Collection of Malware Samples with Malwarehouse
2012-09-20
Russ McRee
Flash Player update but no announcement, check your version http://www.adobe.com/software/flash/about/
2012-09-20
Russ McRee
Apple and Cisco Security Advisories 19 SEP 2012
2012-09-20
Russ McRee
Financial sector advisory: attacks and threats against financial institutions
2012-09-19
Russ McRee
Script kiddie scavenging with Shellbot.S
2012-09-17
Rob VandenBrink
What's on your iPad?
2012-09-14
Lenny Zeltser
Analyzing Malicious RTF Files Using OfficeMalScanner's RTFScan
2012-09-14
Lenny Zeltser
Scam Report - Fake Voice Mail Email Notification Redirects to Malicious Site
2012-09-14
Adam Swanger
ISC Feature of the Week: Privacy Policy
2012-09-13
Mark Baggett
TCP Fuzzing with Scapy
2012-09-13
Mark Baggett
Microsoft disrupts traffic associated with the Nitol botnet
2012-09-13
Mark Baggett
More SSL trouble
2012-09-10
Johannes Ullrich
Microsoft Patch Tuesday Pre-Release
2012-09-10
Johannes Ullrich
Godaddy DDoS Attack
2012-09-10
donald smith
Blue Toad publishing co compromise lead to UDID release. http://redtape.nbcnews.com/_news/2012/09/10/13781440-exclusive-the-real-source-of-apple-device-ids-leaked-by-anonymous-last-week?lite
2012-09-06
Johannes Ullrich
SSL Requests sent to port 80 (request for help/input)
2012-09-04
Johannes Ullrich
Another round of "Spot the Exploit E-Mail"
2012-09-02
Lorna Hutcheson
Demonstrating the value of your Intrusion Detection Program and Analysts
2012-09-01
Russ McRee
Blackhole targeting Java vulnerability via fake Microsoft Services Agreement email phish
2012-08-31
Johannes Ullrich
VMware Updates
2012-08-31
Russ McRee
Not so fast: Java 7 Update 7 critical vulnerability discovered in less than 24 hours
2012-08-30
Bojan Zdrnja
Analyzing outgoing network traffic (part 2)
2012-08-30
Johannes Ullrich
Editorial: The Slumlord Approach to Network Security http://isc.sans.edu/j/editorial
2012-08-29
Johannes Ullrich
"Data" URLs used for in-URL phishing
2012-08-28
Johannes Ullrich
Firefox 15 Released (includes silent future updates) http://www.mozilla.org/en-US/firefox/15.0/releasenotes/buglist.html
2012-08-27
Johannes Ullrich
The Good, Bad and Ugly about Assigning IPv6 Addresses
2012-08-27
Johannes Ullrich
Malware Spam harvesting Facebook Information
2012-08-26
Lorna Hutcheson
Who ya gonna contact?
2012-08-23
Bojan Zdrnja
Analyzing outgoing network traffic
2012-08-23
Adam Swanger
ISC Feature of the Week: Contact Us
2012-08-22
Adrien de Beaupre
Apple Remote Desktop update fixes no encryption issue
2012-08-22
Adrien de Beaupre
Phishing/spam via SMS
2012-08-21
Adrien de Beaupre
YYABCAFU - Yes Yet Another Bleeping Critical Adobe Flash Update
2012-08-21
Adrien de Beaupre
RuggedCom fails key management 101 on Rugged Operating System (ROS)
2012-08-20
Manuel Humberto Santander Pelaez
Do we need test procedures in our companies before implementing Antivirus signatures?
2012-08-19
Manuel Humberto Santander Pelaez
Authentication Issues between entities during protocol message exchange in SCADA Systems
2012-08-15
Guy Bruneau
Wireshark Security Update
2012-08-12
Tony Carothers
Layers of the Defense-in-Depth Onion
2012-08-12
Tony Carothers
Oracle Security Alert for CVE-2012-3132
2012-08-10
Adam Swanger
ISC Feature of the Week: Report Fake Tech Support Calls
2012-08-09
Mark Hofman
SQL Injection Lilupophilupop style, Part 2
2012-08-09
Mark Hofman
Zeus/Citadel variant causing issues in the Netherlands
2012-08-07
Adrien de Beaupre
Who protects small business?
2012-08-04
Adam Swanger
ISC Feature of the Week: Handler Select News Feed
2012-08-04
Kevin Liston
Vendors: More Patch-Release Options Please
2012-07-27
Daniel Wesemann
Cuckoo 0.4 is out - cool new features for malware analysis http://www.cuckoosandbox.org/
2012-07-26
Adam Swanger
ISC Feature of the Week: The 404Project - now with IP Mask
2012-07-25
Johannes Ullrich
Microsoft Exchange/Sharepoint and others: Oracle Outside In Vulnerability
2012-07-24
Richard Porter
Wireshark 1.8.1 Released http://www.wireshark.org/
2012-07-24
Richard Porter
Report of spike in DNS Queries gd21.net
2012-07-21
Rick Wanner
OpenDNS is looking for a few good malware people!
2012-07-20
Mark Baggett
Syria Internet connection cut?
2012-07-19
Mark Baggett
Diagnosing Malware with Resource Monitor
2012-07-19
Mark Baggett
A Heap of Overflows?
2012-07-17
Jim Clausing
Firefox 14.0.1, Thunderbird 14.0 out - both claim security fixes, but release notes not updated yet with security details
2012-07-16
Richard Porter
Sysinternals Update @ http://blogs.technet.com/b/sysinternals/archive/2012/07/16/updates-handle-v3-5-process-explorer-v15-22-process-monitor-v3-03-rammap-v1-21-zoomit-v4-3.aspx
2012-07-16
Jim Clausing
An analysis of the Yahoo! passwords
2012-07-14
Tony Carothers
User Awareness and Education
2012-07-13
Richard Porter
Yesterday (not as on the ball as Rob) at SANSFire
2012-07-13
Russ McRee
2 for 1: SANSFIRE & MSRA presentations
2012-07-13
Russ McRee
VMWare Security Advisory 12 JUL 2012
2012-07-13
Russ McRee
Yahoo service SQL injection vuln leads to account exposure
2012-07-12
Rick Wanner
Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctms
2012-07-12
Rick Wanner
Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Recording Server - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctrs
2012-07-12
Rick Wanner
Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-cts
2012-07-12
Rick Wanner
Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Manager - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctsman
2012-07-12
Rob VandenBrink
Today at SANSFIRE - Dude Your Car is PWND !
2012-07-12
Adam Swanger
ISC Feature of the Week: Internet Storm Center Events
2012-07-11
Rick Wanner
Excellent Security Education Resources
2012-07-10
Rob VandenBrink
Today at SANSFIRE (09 July 2012) - ISC Panel Discussion on the State of the Internet
2012-07-09
Johannes Ullrich
The FBI will turn off the Internet on Monday (or not)
2012-07-09
Manuel Humberto Santander Pelaez
Internet Storm Center panel tonight at SANSFIRE 2012!
2012-07-05
Adrien de Beaupre
New OS X trojan backdoor MaControl variant reported
2012-07-02
Joel Esler
A rough guide to keeping your website up
2012-07-02
Dan Goldberg
Storms of June 29th 2012 in Mid Atlantic region of the USA
2012-07-02
Joel Esler
Linux & Java leap second bug
2012-06-29
Jim Clausing
Updated SysInternals tools - Autoruns, Process Explorer, Process Monitor, PSKill -- http://blogs.technet.com/b/sysinternals/archive/2012/06/28/updates-autoruns-v11-32-process-explorer-v15-21-process-monitor-v3-02-pskill-v1-15-rammap-v1-2.aspx
2012-06-28
Chris Mohan
Massive spike in BGP traffic - Possible BGP poisoning?
2012-06-28
Adam Swanger
ISC Feature of the Week: About the Internet Storm Center
2012-06-27
Swa Frantzen
Online Banking Heists
2012-06-26
Daniel Wesemann
Run, Forest! (Update)
2012-06-25
Rick Wanner
Targeted Malware for Industrial Espionage?
2012-06-25
Swa Frantzen
Belgian online banking customers hacked.
2012-06-22
Adam Swanger
ISC Feature of the Week: Tools->ISC At-A-Glance
2012-06-22
Daniel Wesemann
Run, Forest!
2012-06-21
Raul Siles
Print Bomb? (Take 2)
2012-06-21
Russ McRee
Analysis of drive-by attack sample set
2012-06-21
Russ McRee
Wireshark 1.8.0 released 21 JUN 2012 http://www.wireshark.org/download.html
2012-06-20
Raul Siles
Firefox 13.0.1 Update
2012-06-19
Daniel Wesemann
Vulnerabilityqueerprocessbrittleness
2012-06-14
Johannes Ullrich
VMWare Security Advisories
2012-06-06
Jim Clausing
Firefox, Thunderbird, and Seamonkey Security Updates
2012-06-06
Jim Clausing
Potential leak of 6.5+ million LinkedIn password hashes
2012-06-05
Adam Swanger
ISC Feature of the Week: IPv6 Preparedness and Tools
2012-06-04
Lenny Zeltser
Decoding Common XOR Obfuscation in Malicious Code
2012-06-04
Rob VandenBrink
vSphere 5.0 Hardening Guide Officially Released
2012-06-01
Adam Swanger
ISC Feature of the Week: Country and Region Report
2012-05-31
Johannes Ullrich
SCADA@Home: Your health is no secret no more!
2012-05-25
Guy Bruneau
Google Publish Transparency Report
2012-05-25
Guy Bruneau
VMware vMA Security Advisory VMSA-2012-0010 - http://www.vmware.com/security/advisories/VMSA-2012-0010.html
2012-05-24
Adam Swanger
ISC Feature of the Week: Country Report
2012-05-22
Johannes Ullrich
nmap 6 released
2012-05-21
Kevin Shortt
DNS ANY Request Cannon - Need More Packets
2012-05-17
Johannes Ullrich
Do Firewalls make sense?
2012-05-17
Adam Swanger
ISC Feature of the Week: Tools->Information Gathering
2012-05-11
Adam Swanger
ISC Feature of the Week: Link List
2012-05-08
Bojan Zdrnja
Windows Firewall Bypass Vulnerability and NetBIOS NS
2012-05-06
Jim Clausing
Tool updates and Win 8
2012-05-04
Adam Swanger
ISC Feature of the Week: Data/Reports
2012-05-03
Guy Bruneau
VMware Critical Security Issues Advisory - http://www.vmware.com/security/advisories/VMSA-2012-0009.html
2012-05-02
Bojan Zdrnja
Monitoring VMWare logs
2012-04-27
Adam Swanger
ISC Feature of the Week: Handler Created Tools
2012-04-26
Richard Porter
Define Irony: A medical device with a Virus?
2012-04-25
Daniel Wesemann
Blacole's obfuscated JavaScript
2012-04-25
Daniel Wesemann
Blacole's shell code
2012-04-23
Russ McRee
Emergency Operations Centers & Security Incident Management: A Correlation
2012-04-21
Guy Bruneau
WordPress Release Security Update
2012-04-18
Adam Swanger
ISC Feature of the Week: Suspicious Domains
2012-04-13
Daniel Wesemann
VMware ESX/ESXi privilege escalation vuln. advisory: http://www.vmware.com/security/advisories/VMSA-2012-0007.html
2012-04-13
Adam Swanger
ISC Feature of the Week: Get to know the Handlers
2012-04-12
Guy Bruneau
Apple Java Updates for Mac OS X
2012-04-12
Guy Bruneau
HP ProCurve 5400 zl Switch, Flash Cards Infected with Malware
2012-04-10
Swa Frantzen
Adobe April 2012 Black Tuesday Update
2012-04-09
Johannes Ullrich
Not your Parent's Wireless Threat
2012-04-04
Adam Swanger
ISC Feature of the Week: Diary/Infocon/Event Notifications
2012-03-27
Johannes Ullrich
Firefox 3.6 EOL
2012-03-27
Adam Swanger
ISC Feature of the Week: ISC Poll
2012-03-27
Guy Bruneau
Wireshark 1.6.6 and 1.4.2 Released
2012-03-25
Daniel Wesemann
evilcode.class
2012-03-21
Adam Swanger
ISC Feature of the Week: Presentations and Papers
2012-03-16
Guy Bruneau
VMware New and Updated Security Advisories
2012-03-16
Russ McRee
MS12-020 RDP vulnerabilities: Patch, Mitigate, Detect
2012-03-15
Adam Swanger
ISC Feature of the Week: Infocon
2012-03-09
Guy Bruneau
VMware New and Updated Advisories
2012-03-06
Adam Swanger
ISC Feature of the Week: Follow us on Twitter
2012-03-03
Jim Clausing
New automated sandbox for Android malware
2012-02-29
Adam Swanger
ISC Feature of the Week: 404Project Reports
2012-02-24
Guy Bruneau
Flashback Trojan in the Wild
2012-02-22
Adam Swanger
ISC Feature of the Week: Handler Diaries
2012-02-20
Pedro Bueno
Simple Malware Research Tools
2012-02-20
Rick Wanner
DNSChanger resolver shutdown deadline is March 8th
2012-02-15
Adam Swanger
ISC Feature of the Week: XML Feeds
2012-02-11
Mark Hofman
Yet another version of Firefox has been released. One security fix. More info can be found here: https://www.mozilla.org/en-US/firefox/10.0.1/releasenotes/
2012-02-07
Jim Clausing
Book Review: Practical Packet Analysis, 2nd ed
2012-02-07
Adam Swanger
ISC Feature of the Week: Security Dashboard
2012-02-01
Adam Swanger
ISC Feature of the Week: ISC Search
2012-01-31
Russ McRee
Firefox 10 and VMWare advisories and updates
2012-01-25
Adam Swanger
ISC Feature of the Week: ISC Link Back
2012-01-25
Bojan Zdrnja
pcAnywhere users – patch now!
2012-01-18
Adam Swanger
ISC Feature of the Week: The 404Project
2012-01-16
Kevin Shortt
Zappos Breached
2012-01-14
Daniel Wesemann
Hello, Antony!
2012-01-13
Guy Bruneau
Sysinternals Updates - http://blogs.technet.com/b/sysinternals/archive/2012/01/13/updates-autoruns-v11-21-coreinfo-v3-03-portmon-v-3-03-process-explorer-v15-12-mark-s-blog-and-mark-at-rsa-2012.aspx
2012-01-11
Adrien de Beaupre
New wireshark released - 1.6.5 and 1.4.11 - www.wireshark.org/download.html
2012-01-11
Adam Swanger
ISC Feature of the Week: Internet Storm Center / DShield API
2012-01-06
Guy Bruneau
January 2012 Patch Tuesday Pre-release
2012-01-05
Russ McRee
WordPress 3.3.1 fixes 15 issues with WordPress 3.3 including XSS. Download 3.3.1 or visit Dashboard --> Updates in your site admin panel.
2012-01-03
Adam Swanger
ISC Feature of the Week: How to Submit Firewall Logs
2011-12-28
Daniel Wesemann
.nl.ai ?
2011-12-26
Deborah Hale
Badware 2011
2011-12-25
Deborah Hale
Merry Christmas, Happy Holidays
2011-12-22
Johannes Ullrich
Firefox 9 Security Fixes
2011-12-21
Chris Mohan
Firefox 9 has been released patching known vulnerabilities http://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox9
2011-12-19
Guy Bruneau
Process Explorer Update 15.11 with bugfixes - http://technet.microsoft.com/en-us/sysinternals/bb896653
2011-12-10
Daniel Wesemann
Unwanted Presents
2011-12-07
Lenny Zeltser
V8 as an Alternative to SpiderMonkey for JavaScript Deobfuscation
2011-11-28
Tom Liston
A Puzzlement...
2011-11-19
Pedro Bueno
Dragon Research Group (DRG) announced the white paper entitled "VNC: Threats and Countermeasures" : https://dragonresearchgroup.org/insight/vnc-tac.html
2011-11-18
Kevin Liston
Recent VMWare security advisories
2011-11-08
Swa Frantzen
Firefox 8.0 released
2011-11-04
Guy Bruneau
Duqu Mitigation
2011-11-03
Guy Bruneau
November 2011 Patch Tuesday Pre-release
2011-11-02
Russ McRee
Wireshark updates: 1.6.3 and 1.4.10 released
2011-10-29
Richard Porter
The Sub Critical Control? Evidence Collection
2011-10-28
Russ McRee
Critical Control 19: Data Recovery Capability
2011-10-28
Daniel Wesemann
Critical Control 20: Security Skills Assessment and Training to fill Gaps
2011-10-27
Mark Baggett
Critical Control 18: Incident Response Capabilities
2011-10-26
Rick Wanner
Critical Control 17:Penetration Tests and Red Team Exercises
2011-10-26
Rob VandenBrink
The Theoretical "SSL Renegotiation" Issue gets a Whole Lot More Real !
2011-10-25
Chris Mohan
Recurring reporting made easy?
2011-10-20
Johannes Ullrich
Evil Printers Sending Mail
2011-10-18
Rob VandenBrink
Java SE 6 Update 29 - http://www.oracle.com/technetwork/java/javase/6u29-relnotes-507960.html . Of particular interest is the Blocklist feature (introduced in 6u14) - http://www.oracle.com/technetwork/java/javase/6u14-137039.html#blocklist-jar-6u14
2011-10-17
Rob VandenBrink
Critical Control 11: Account Monitoring and Control
2011-10-13
Kevin Shortt
VMware ESXi and ESX updates to third party libraries and ESX Service Console - http://www.vmware.com/security/advisories/VMSA-2011-0012.html
2011-10-13
Guy Bruneau
Critical Control 10: Continuous Vulnerability Assessment and Remediation
2011-10-12
Kevin Shortt
Critical Control 8 - Controlled Use of Administrative Privileges
2011-10-11
Swa Frantzen
Critical Control 7 - Application Software Security
2011-10-10
Jim Clausing
Critical Control 6 - Maintenance, Monitoring, and Analysis of Security Audit Logs
2011-10-07
Mark Hofman
Critical Control 5 - Boundary Defence
2011-10-05
Jim Clausing
VMware Advisory - UDF file system handling
2011-10-04
Rob VandenBrink
Critical Control 2 - Inventory of Authorized and Unauthorized Software
2011-10-04
Johannes Ullrich
Critical Control 3 - Secure Configurations for Hardware and Software on Laptops, Workstations and Servers
2011-10-03
Mark Hofman
Critical Control 1 - Inventory of Authorized and Unauthorized Devices
2011-10-03
Mark Baggett
What are the 20 Critical Controls?
2011-10-03
Tom Liston
Security 101 : Security Basics in 140 Characters Or Less
2011-10-02
Mark Hofman
Cyber Security Awareness Month Day 1/2 - Schedule
2011-10-02
Mark Hofman
Cyber Security Awareness Month Day 1/2 - Introduction to the controls
2011-09-30
Tony Carothers
Firefox v. 7.0.1 Is Live
2011-09-29
Daniel Wesemann
The SSD dilemma
2011-09-27
Jason Lam
Firefox 3.6.23 security update is out and so is version 7 (time to break some add-on)
2011-09-21
Mark Hofman
October 2011 Cyber Security Awareness Month
2011-09-19
Guy Bruneau
MS Security Advisory Update - Fraudulent DigiNotar Certificates
2011-09-15
Swa Frantzen
DigiNotar looses their accreditation for qualified certificates
2011-09-15
Johannes Ullrich
September OUCH! awareness newsletter released - How to use social networking sites safely. http://bit.ly/ja6TMH
2011-09-09
Rob VandenBrink
Wireshark 1.62 (Newest Stable Release) is out !! ==> http://www.wireshark.org/download.html
2011-09-09
Guy Bruneau
Adobe plan to release critical security updates next Tuesday for Acrobat and Reader http://www.adobe.com/support/security/bulletins/apsb11-24.html
2011-09-08
Rob VandenBrink
When Good CA's go Bad: Other Things to Check in Your Datacenter
2011-09-07
Lenny Zeltser
Analyzing Mobile Device Malware - Honeynet Forensic Challenge 9 and Some Tools
2011-09-07
Lenny Zeltser
GlobalSign Temporarily Stops Issuing Certificates to Investigate a Potential Breach
2011-09-06
Swa Frantzen
DigiNotar audit - intermediate report available
2011-09-06
Guy Bruneau
Firefox 6.0.2 released to removed trust to DigiNotar certificate authority http://www.mozilla.org/en-US/firefox/6.0.2/releasenotes/
2011-09-01
Swa Frantzen
DigiNotar breach - the story so far
2011-08-31
Johannes Ullrich
Firefox/Thunderbird 6.0.1 released to blocklist bad DigiNotar SSL certificates
2011-08-29
Kevin Shortt
Internet Worm in the Wild
2011-08-26
Johannes Ullrich
SANS Virginia Beach Conference Canceled. Details: http://www.sans.org/virginia-beach-2011/
2011-08-26
Johannes Ullrich
Some Hurricane Technology Tips
2011-08-17
Johannes Ullrich
August edition of security awareness newsletter OUCH! released. Focus: Updating your Software http://t.co/ftRVetZ
2011-08-17
Rob VandenBrink
Putting all of Your Eggs in One Basket - or How NOT to do Layoffs
2011-08-16
Scott Fendley
Phishing Scam Victim Response
2011-08-16
Scott Fendley
Firefox 3.6.20 Corrects Several Critical Vulnerabilities
2011-08-15
Rob VandenBrink
8 Years since the Eastern Seaboard Blackout - Has it Been that Long?
2011-08-14
Guy Bruneau
FireCAT 2.0 Released
2011-08-11
Guy Bruneau
BlackBerry Enterprise Server Critical Update
2011-08-05
Johannes Ullrich
Forensics: SIFT Kit 2.1 now available for download http://computer-forensics.sans.org/community/downloads
2011-07-25
Chris Mohan
Monday morning incident handler practice
2011-07-15
Deborah Hale
What's in a Firewall?
2011-07-13
Guy Bruneau
New Sguil HTTPRY Agent
2011-07-13
Kevin Shortt
Firefox Update 5.0.1 Available - http://www.mozilla.com/en-US/firefox/new/
2011-07-10
Raul Siles
Jailbreakme Takes Advantage of 0-day PDF Vuln in Apple iOS Devices
2011-07-09
Chris Mohan
Safer Windows Incident Response
2011-07-02
Pedro Bueno
Bootkits, they are back at full speed...
2011-06-30
Guy Bruneau
WordPress 3.1.4 Security Update - http://wordpress.org/news/2011/06/wordpress-3-1-4/
2011-06-22
Guy Bruneau
WordPress Forces Password Reset
2011-06-21
Chris Mohan
StartSSL, a web authentication authority, suspend services after a security breach
2011-06-21
Chris Mohan
Australian government security audit report shows tough love to agencies
2011-06-21
Guy Bruneau
Firefox 5.0 is out with support Do Not Track on Multiple Platform - http://www.mozilla.com/en-US/firefox/new/
2011-06-15
Pedro Bueno
Hit by MacDefender, Apple Web Security (name your Mac FakeAV here)...
2011-06-15
Johannes Ullrich
Latest issue of "Ouch!" is out http://www.securingthehuman.org/resources/newsletters/ouch
2011-06-09
Richard Porter
One Browser to Rule them All?
2011-06-04
Rick Wanner
Do you have a personal disaster recovery plan?
2011-06-03
Guy Bruneau
Release of Wireshark 1.6.0rc2
2011-06-01
Adrien de Beaupre
Wireshark 1.4.7 and 1.2.17 Released - http://www.wireshark.org/news/20110531.html
2011-06-01
Johannes Ullrich
Enabling Privacy Enhanced Addresses for IPv6
2011-05-31
Chris Mohan
Getting the IT security word out there to the rest of the world
2011-05-30
Johannes Ullrich
Lockheed Martin and RSA Tokens
2011-05-25
Daniel Wesemann
Apple advisory on "MacDefender" malware
2011-05-25
Lenny Zeltser
Monitoring Social Media for Security References to Your Organization
2011-05-21
Daniel Wesemann
Weekend reading
2011-05-19
Daniel Wesemann
Fake AV Bingo
2011-05-16
Jason Lam
Firefox 3.5 forced upgrade coming soon
2011-05-14
Guy Bruneau
Websense Study Claims Canada Next Hotbed for Cybercrime Web Hosting Activity
2011-05-10
Swa Frantzen
Backtrack 5 released
2011-05-06
Richard Porter
Unpatched Exploit: Skype for MAC
2011-05-03
Johannes Ullrich
Analyzing Teredo with tshark and Wireshark
2011-05-03
Johannes Ullrich
Update on Osama Bin Laden themed Malware
2011-05-02
Johannes Ullrich
Bin Laden Death Related Malware
2011-04-29
Guy Bruneau
Firefox, Thunderbird and SeaMonkey Security Updates
2011-04-28
Guy Bruneau
VMware ESXi 4.1 Security and Firmware Updates
2011-04-28
Chris Mohan
DSL Reports advise 9,000 accounts were compromised
2011-04-26
John Bambenek
Is the Insider Threat Really Over?
2011-04-25
Rob VandenBrink
What's Your (IP) Address Worth?
2011-04-25
Rob VandenBrink
Sony PlayStation Network Outage - Day 5
2011-04-23
Manuel Humberto Santander Pelaez
Image search can lead to malware download
2011-04-21
Guy Bruneau
Adobe Reader and Acrobat Security Updates
2011-04-20
Daniel Wesemann
Data Breach Investigations Report published by Verizon
2011-04-18
John Bambenek
Wordpress.com Security Breach
2011-04-16
Scott Fendley
New Versions of Wireshark released
2011-04-13
Johannes Ullrich
April issue of SANS Security Awareness Newsletter is out http://www.securingthehuman.org/resources/ouch
2011-04-10
Raul Siles
Recent security enhancements in web browsers (e.g. Google Chrome)
2011-04-04
Mark Hofman
When your service provider has a breach
2011-04-03
Richard Porter
Extreme Disclosure? Not yet but a great trend!
2011-03-25
Kevin Liston
APT Tabletop Exercise
2011-03-25
Rob VandenBrink
The Recent RSA Breach - Imagining the Worst Case, And Why it Isn't Time to Panic (Yet)
2011-03-23
Johannes Ullrich
Firefox 4 Security Features
2011-03-23
Johannes Ullrich
Firefox 3 Updates and SSL Blocklist extension
2011-03-22
Kevin Shortt
Adobe Reader/Acrobat Security Update - http://www.adobe.com/support/security/bulletins/apsb11-06.html
2011-03-09
Chris Mohan
Possible Issue with Forefront Update KB2508823
2011-03-08
Jim Clausing
VMware ESX/ESXi security updates released, see http://www.vmware.com/security/advisories/VMSA-2011-0004.html
2011-03-04
Mark Hofman
And a new version of Firefox (thx all) hits the road, Version 3.6.15 more details here http://www.mozilla.com/en-US/firefox/3.6.15/releasenotes/ (and I agree it was a bit quick after 3.6.14)
2011-03-02
Chris Mohan
Updates: Firefox 3.6.14/3.5.17, Thunderbird 3.1.8, Adobe Flash v10.2.152.32 & WireShark 1.4.4
2011-03-01
Daniel Wesemann
AV software and "sharing samples"
2011-02-26
Rick Wanner
Firefox 4 Beta 12 released
2011-02-14
Richard Porter
Anonymous Damage Control Anybody?
2011-02-09
Mark Hofman
Adobe Patches (shockwave, Flash, Reader & Coldfusion)
2011-02-08
Chris Mohan
VMWare Security Advisory
2011-02-08
Mark Hofman
WordPress 3.0.5 (and 3.1 RC4) are out
2011-02-07
Pedro Bueno
The Good , the Bad and the Unknown Online Scanners
2011-02-05
Guy Bruneau
OpenSSH Legacy Certificate Information Disclosure Vulnerability
2011-02-01
Lenny Zeltser
The Importance of HTTP Headers When Investigating Malicious Sites
2011-01-27
Robert Danford
Microsoft Security Advisory for MHTML via Internet Explorer (MS2501696/CVE-2011-0096)
2011-01-25
Chris Mohan
Reviewing our preconceptions
2011-01-24
Rob VandenBrink
Where have all the COM Ports Gone? - How enumerating COM ports led to me finding a “misplaced” Microsoft tool
2011-01-23
Richard Porter
Crime is still Crime!
2011-01-19
Johannes Ullrich
Microsoft's Secure Developer Tools
2011-01-12
Richard Porter
Yet Another Data Broker? AOL Lifestream.
2011-01-10
Manuel Humberto Santander Pelaez
VirusTotal VTzilla firefox/chrome plugin
2011-01-08
Guy Bruneau
PandaLabs 2010 Annual Report
2011-01-08
Guy Bruneau
January 2011 Patch Tuesday Pre-release
2011-01-05
Johannes Ullrich
VMWare Security Advisory VMSA-2011-0001
2011-01-05
Johannes Ullrich
Survey: Software Security Awareness Training
2011-01-05
Johannes Ullrich
Currently Unpatched Windows / Internet Explorer Vulnerabilities
2011-01-03
Johannes Ullrich
What Will Matter in 2011
2010-12-30
Johannes Ullrich
Critcal Wordpress Security Update http://wordpress.org/news/2010/12/3-0-4-update/
2010-12-29
Daniel Wesemann
Malware Domains 2234.in, 0000002.in & co
2010-12-29
Daniel Wesemann
Beware of strange web sites bearing gifts ...
2010-12-28
John Bambenek
Mozilla Notifies of Relatively Minor Security Breach
2010-12-21
Rob VandenBrink
Network Reliability, Part 2 - HSRP Attacks and Defenses
2010-12-19
Raul Siles
Intel's new processors have a remote kill switch (Anti-Theft 3.0)
2010-12-09
Mark Hofman
Firefox version 3.6.13 is being pushed out, time to update (thanks Vincent). Thunderbird 3.1.7 and 3.0.11 can also be added to the list as well as SeaMonkey 2.0.11. - M
2010-12-02
Kevin Johnson
SQL Injection: Wordpress 3.0.2 released
2010-11-19
Jason Lam
Exchanging and sharing of assessment results
2010-11-19
Jason Lam
Adobe Reader X - Sandbox
2010-11-18
Chris Carboni
Stopping the ZeroAccess Rootkit
2010-11-17
Guy Bruneau
Reference on Open Source Digital Forensics
2010-11-17
Guy Bruneau
Cisco Unified Videoconferencing Affected by Multiple Vulnerabilities
2010-11-16
Guy Bruneau
Acrobat and Adobe Reader Security Update
2010-11-15
Stephen Hall
Mozilla Firefox 3.6.12 Remote Denial Of Service
2010-11-12
Guy Bruneau
Honeynet Forensic Challenge - Analyzing Malicious Portable Destructive Files
2010-11-08
Manuel Humberto Santander Pelaez
Network Security Perimeter: How to choose the correct firewall and IPS for your environment?
2010-11-04
Johannes Ullrich
Microsoft Smart Screen False Positivies
2010-11-01
Manuel Humberto Santander Pelaez
Checkpoint UTM-1 edge VPN boxes worldwide did an unscheduled reboot
2010-10-31
Marcus Sachs
Cyber Security Awareness Month - Day 31 - Tying it all together
2010-10-30
Guy Bruneau
Cyber Security Awareness Month - Day 30 - Role of the network team
2010-10-29
Manuel Humberto Santander Pelaez
Cyber Security Awareness Month - Day 29- Role of the office geek
2010-10-28
Rick Wanner
Cyber Security Awareness Month - Day 27 - Social Media use in the office
2010-10-28
Rick Wanner
Firefox 3.6.12 available - http://www.mozilla.com/en-US/firefox/personal.html
2010-10-28
Tony Carothers
Cyber Security Awareness Month - Day 28 - Role of the employee
2010-10-26
Pedro Bueno
Be (even more) careful with public hotspots. Firesheep released yesterday. Brilliant and scary.
2010-10-26
Pedro Bueno
Firefox news
2010-10-26
Pedro Bueno
Cyber Security Awareness Month - Day 26 - Sharing Office Files
2010-10-25
Kevin Shortt
Cyber Security Awareness Month - Day 25 - Using Home Computers for Work
2010-10-24
Swa Frantzen
Cyber Security Awarenes Month - Day 24 - Using work computers at home
2010-10-23
Mark Hofman
Cyber Security Awareness Month - Day 23 - The Importance of compliance
2010-10-22
Daniel Wesemann
Cyber Security Awareness Month - Day 22 - Security of removable media
2010-10-21
Chris Carboni
Cyber Security Awareness Month - Day 21 - Impossible Requests from the Boss
2010-10-20
Jim Clausing
Firefox 3.6.11 and 3.5.14 released, includes security updates ( http://www.mozilla.com/firefox/3.6.11/releasenotes/ )
2010-10-20
Jim Clausing
Cyber Security Awareness Month - Day 20 - Securing Mobile Devices
2010-10-20
Jim Clausing
Tools updates - Oct 2010
2010-10-19
Rob VandenBrink
Cyber Security Awareness Month - Day 19 - VPN and Remote Access Tools
2010-10-19
Rob VandenBrink
Cyber Security Awareness Month - Day 19 - Remote Access Tools
2010-10-19
Rob VandenBrink
Cyber Security Awareness Month - Day 19 - Remote User VPN Tunnels - to Split or not to Split?
2010-10-19
Rob VandenBrink
Cyber Security Awareness Month - Day 19 - VPN Architectures – SSL or IPSec?
2010-10-19
Rob VandenBrink
Cyber Security Awareness Month - Day 19 - Remote User VPN Access – Are things getting too easy, or too hard?
2010-10-18
Manuel Humberto Santander Pelaez
Cyber Security Awareness Month - Day 18 - What you should tell your boss when there's a crisis
2010-10-17
Stephen Hall
Cyber Security Awareness Month - Day 17 - What a boss should and should not have access to
2010-10-15
Marcus Sachs
Cyber Security Awareness Month - Day 15 - What Teachers Need to Know About Their Students
2010-10-15
Guy Bruneau
Cyber Security Awareness Month - Day 16 - Securing a donated computer
2010-10-14
Johannes Ullrich
Cyber Security Awareness Month - Day 14 - Securing a public computer
2010-10-13
Deborah Hale
Cyber Security Awareness Month - Day 13 - Online Bullying
2010-10-12
Scott Fendley
Cyber Security Awareness Month - Day 12 - Protecting and Managing Your Digital Identity On Social Media Sites
2010-10-11
Rick Wanner
Cyber Security Awareness Month - Day 11 - Safe Browsing for Teens
2010-10-11
Rick Wanner
New version of Wireshark available for download - 1.4.1 - http://www.wireshark.org/download.html
2010-10-10
Kevin Liston
Cyber Security Awareness Month - Day 10 - Safe browsing for pre-teens
2010-10-09
Kevin Shortt
Cyber Security Awareness Month - Day 9 - Disposal of an Old Computer
2010-10-08
Rick Wanner
Patch Tuesday Pre-release -- 16 updates
2010-10-08
Rick Wanner
Cyber Security Awareness Month - Day 8 - Patch Management and System Updates
2010-10-06
Rob VandenBrink
Cyber Security Awareness Month - Day 7 - Remote Access and Monitoring Tools
2010-10-06
Marcus Sachs
Cyber Security Awareness Month - Day 6 - Computer Monitoring Tools
2010-10-05
Rick Wanner
Cyber Security Awareness Month - Day 5 - Sites you should stay away from
2010-10-04
Daniel Wesemann
Cyber Security Awareness Month - Day 4 - Managing EMail
2010-10-03
Adrien de Beaupre
Cyber Security Awareness Month - Day 3 - Recognizing phishing and online scams
2010-10-02
Mark Hofman
Cyber Security Awareness Month - Day 2 - Securing the Family Network
2010-10-01
Marcus Sachs
Cyber Security Awareness Month - 2010
2010-10-01
Marcus Sachs
Cyber Security Awareness Month - Day 1 - Securing the Family PC
2010-09-26
Daniel Wesemann
Egosurfing, the corporate way
2010-09-26
Daniel Wesemann
The wireless wiretap
2010-09-09
Marcus Sachs
'Here You Have' Email
2010-09-08
John Bambenek
Adobe Acrobat/Reader 0-day in Wild, Adobe Issues Advisory
2010-09-04
Kevin Liston
Investigating Malicious Website Reports
2010-08-25
Pedro Bueno
Adobe released security update for Shockwave player that fix several CVEs: APSB1020
2010-08-23
Manuel Humberto Santander Pelaez
Firefox plugins to perform penetration testing activities
2010-08-18
Guy Bruneau
Adobe out-of-cycle Updates
2010-08-16
Raul Siles
The Seven Deadly Sins of Security Vulnerability Reporting
2010-08-15
Manuel Humberto Santander Pelaez
Opensolaris project cancelled, replaced by Solaris 11 express
2010-08-13
Tom Liston
The Strange Case of Doctor Jekyll and Mr. ED
2010-08-08
Marcus Sachs
Thinking about Cyber Security Awareness Month in October
2010-08-06
Rob VandenBrink
FOXIT PDF Reader update to resolve iPhone/iPad Jailbreak issue ==> http://www.foxitsoftware.com/announcements/2010861227.html
2010-08-05
Rob VandenBrink
Access Controls for Network Infrastructure
2010-08-03
Johannes Ullrich
When Lightning Strikes
2010-07-30
Guy Bruneau
Wireshark 1.2.10 released
2010-07-30
Guy Bruneau
Cisco Internet Streamer: Web Server Directory Traversal Vulnerability http://www.cisco.com/warp/public/707/cisco-sa-20100721-spcdn.shtml
2010-07-29
Rob VandenBrink
The 2010 Verizon Data Breach Report is Out
2010-07-29
Rob VandenBrink
NoScript 2.0 released
2010-07-29
Rob VandenBrink
FBI, Slovenian and Spanish Police announce more arrests of Mariposa Botnet Creator, Operators
2010-07-25
Rick Wanner
New Firefox Version, 3.6.8
2010-07-25
Rick Wanner
Mozilla advisory for Firefox...Upgrade to 3.6.8. http://www.mozilla.org/security/announce/2010/mfsa2010-48.html
2010-07-24
Manuel Humberto Santander Pelaez
Transmiting logon information unsecured in the network
2010-07-23
Mark Hofman
Firefox 3.6.8 is out. Yes it only seems like yesterday when you installed FF 3.6.7 (it was for me). The release notes say a stability issue has been fixed in this release.
2010-07-21
Adrien de Beaupre
Adobe Reader Protected Mode
2010-07-21
Adrien de Beaupre
Dell PowerEdge R410 replacement motherboard firmware contains malware
2010-07-21
Adrien de Beaupre
autorun.inf and .lnk Malware (NOT 'Vulnerability in Windows Shell Could Allow Remote Code Execution' 2286198)
2010-07-20
Manuel Humberto Santander Pelaez
Lowering infocon back to green
2010-07-18
Manuel Humberto Santander Pelaez
SAGAN: An open-source event correlation system - Part 1: Installation
2010-07-14
Deborah Hale
Secunia Half Year Report for 2010 shows interesting trends
2010-07-13
Jim Clausing
Forensic challenge results
2010-07-13
Jim Clausing
VMware Studio Security Update
2010-07-07
Kevin Shortt
Facebook, Facebook, What Do YOU See?
2010-07-06
Rob VandenBrink
Bogus Support Organizations use Live Operators to Install Malware
2010-07-04
Manuel Humberto Santander Pelaez
Malware inside PDF Files
2010-06-27
Jim Clausing
Firefox 3.6.6 out - fixes issues with "crash protection"
2010-06-24
Jason Lam
Help your competitor - Advise them of vulnerability
2010-06-23
Scott Fendley
Mozilla Firefox Updates
2010-06-17
Deborah Hale
FYI - Another bogus site
2010-06-15
Manuel Humberto Santander Pelaez
Mastercard delivering cards with OTP device included
2010-06-14
Manuel Humberto Santander Pelaez
Another way to get protection for application-level attacks
2010-06-14
Manuel Humberto Santander Pelaez
Rogue facebook application acting like a worm
2010-06-13
Rick Wanner
UnRealCD compromised by Trojan
2010-06-10
Deborah Hale
iPad Owners Exposed
2010-06-10
Deborah Hale
Wireshark 1.2.9 Now Available
2010-06-10
Deborah Hale
Microsoft Help Centre Handling of Escape Sequences May Lead to Exploit
2010-06-07
Manuel Humberto Santander Pelaez
Software Restriction Policy to keep malware away
2010-06-07
Manuel Humberto Santander Pelaez
Internet Storm Center panel tonight at SANSFIRE
2010-06-05
Guy Bruneau
Security Advisory for Flash Player, Adobe Reader and Acrobat
2010-06-04
Rick Wanner
New Honeynet Project Forensic Challenge
2010-06-02
Mark Hofman
OpenSSL version 1.0.0a released. This fixes a number of security issues. Don't forget a number of commercial appliances will be using this, so look for vendor updates soon.
2010-06-02
Rob VandenBrink
New Mac malware - OSX/Onionspy
2010-05-30
Kevin Liston
VMware ESX/ESXi Updates
2010-05-29
G. N. White
Rogue AV Indictment
2010-05-28
Jim Clausing
Wireshark SMB file extraction plug-in
2010-05-26
Bojan Zdrnja
Malware modularization and AV detection evasion
2010-05-23
Manuel Humberto Santander Pelaez
e-mail scam announcing Fidel Castro's funeral ... and nasty malware to your computer.
2010-05-22
Rick Wanner
SANS 2010 Digital Forensics Summit - APT Based Forensic Challenge
2010-05-21
Rick Wanner
IBM distributes malware at AusCERT!
2010-05-21
Rick Wanner
2010 Digital Forensics and Incident Response Summit
2010-05-19
Kyle Haugsness
Wordpress blog attacks... again
2010-05-12
Rob VandenBrink
Adobe Shockwave Update
2010-05-10
Toby Kohlenberg
Another round of WordPress Attacks
2010-05-08
Guy Bruneau
Wireshark DOCSIS Dissector DoS Vulnerability
2010-05-07
Rob VandenBrink
Security Awareness – Many Audiences, Many Messages (Part 2)
2010-05-04
Rick Wanner
SIFT review in the ISSA Toolsmith
2010-05-02
Mari Nichols
Zbot Social Engineering
2010-04-30
Johannes Ullrich
Sharepoint XSS Vulnerability
2010-04-30
Kevin Liston
CVE-2010-0817 SharePoint XSS Scorecard
2010-04-30
Kevin Liston
The Importance of Small Files
2010-04-27
Rob VandenBrink
Layer 2 Security - L2TPv3 for Disaster Recovery Sites
2010-04-26
Raul Siles
Vulnerable Sites Database
2010-04-22
Guy Bruneau
MS10-025 Security Update has been Pulled
2010-04-22
John Bambenek
Data Redaction: You're Doing it Wrong
2010-04-21
Guy Bruneau
McAfee DAT 5958 Update Issues
2010-04-21
Guy Bruneau
Google Chrome Security Update v4.1.249.1059 Released: http://googlechromereleases.blogspot.com/2010/04/stable-update-security-fixes.html
2010-04-19
Daniel Wesemann
Linked into scams?
2010-04-18
Guy Bruneau
Some NetSol hosted sites breached
2010-04-13
Johannes Ullrich
More Legal Threat Malware E-Mail
2010-04-13
Johannes Ullrich
Apache.org Bugtracker Breach
2010-04-13
Adrien de Beaupre
Security update available for Adobe Reader and Acrobat
2010-04-11
Marcus Sachs
Network and process forensics toolset
2010-04-09
Mark Hofman
VMware has released the following patch "VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues". Make sure you test before applying to production.
2010-04-07
Rob VandenBrink
The Many Paths to Security Awareness
2010-04-02
Guy Bruneau
Firefox 3.6.3 fix for CVE-2010-1121 http://www.mozilla.org/security/announce/2010/mfsa2010-25.html
2010-04-02
Guy Bruneau
Security Advisory for ESX Service Console
2010-04-01
Jim Clausing
Wireshark 1.2.7 released, bug fixes, doesn't look like any security issues (http://www.wireshark.org/)
2010-03-30
Pedro Bueno
VMWare Security Advisories Out
2010-03-30
Pedro Bueno
Sharing the Tools
2010-03-28
Rick Wanner
Honeynet Project: 2010 Forensic Challenge #3
2010-03-27
Guy Bruneau
HP-UX Running NFS/ONCplus, Inadvertently Enabled NFS
2010-03-26
Daniel Wesemann
Getting the EXE out of the RTF again
2010-03-26
Daniel Wesemann
SIFT2.0 SANS Investigative Forensics Toolkit released
2010-03-25
Kevin Liston
Responding to "Copyright Lawsuit filed against you"
2010-03-24
Kyle Haugsness
Wax nostalgic - commodore64 updated to present time
2010-03-21
Chris Carboni
Responding To The Unexpected
2010-03-20
Scott Fendley
Firefox 3.6.2 to be released March 30
2010-03-15
Adrien de Beaupre
Spamassassin Milter Plugin Remote Root Attack
2010-03-12
Mark Hofman
Firefox 3.6 is being pushed out to users. http://www.mozilla.com/en-US/firefox/3.6/releasenotes/
2010-03-10
Rob VandenBrink
What's My Firewall Telling Me? (Part 4)
2010-03-10
Rob VandenBrink
Microsoft Security Advisory 981374 - Remote Code Execution Vulnerability for IE6 and IE7
2010-03-09
Marcus Sachs
Energizer Malware
2010-03-07
Mari Nichols
DHS issues Cybersecurity challenge
2010-03-05
Kyle Haugsness
What is your firewall log telling you - responses
2010-03-05
Kyle Haugsness
False scare email proclaiming North Korea nuclear launch against Japan
2010-03-04
Daniel Wesemann
salefale-dot-com is bad
2010-03-03
Johannes Ullrich
Reports about large number of fake Amazon order confirmations
2010-03-03
Daniel Wesemann
What is your firewall log telling you - Part #2
2010-02-28
Mari Nichols
Disasters take practice
2010-02-26
Rick Wanner
New version of FireBug Firefox plug-in - http://getfirebug.com/
2010-02-23
Mark Hofman
What is your firewall telling you and what is TCP249?
2010-02-22
Rob VandenBrink
New Risks in Penetration Testing
2010-02-21
Patrick Nolan
Looking for "more useful" malware information? Help develop the format.
2010-02-20
Mari Nichols
Is "Green IT" Defeating Security?
2010-02-17
Rob VandenBrink
Defining Clouds - " A Cloud by any Other Name Would be a Lot Less Confusing"
2010-02-17
Rob VandenBrink
Multiple Security Updates for ESX 3.x and ESXi 3.x
2010-02-16
Jim Clausing
Teredo request for packets
2010-02-16
Johannes Ullrich
Teredo "stray packet" analysis
2010-02-13
Lorna Hutcheson
Network Traffic Analysis in Reverse
2010-02-11
Johannes Ullrich
MS10-015 may cause Windows XP to blue screen
2010-02-11
Deborah Hale
Critical Update for AD RMS
2010-02-10
Marcus Sachs
Datacenters and Directory Traversals
2010-02-07
Rick Wanner
Mandiant Mtrends Report
2010-02-05
Jim Clausing
WordPress iframe injection?
2010-02-03
Johannes Ullrich
Information Disclosure Vulnerability in Internet Explorer
2010-02-02
Johannes Ullrich
New IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux)
2010-02-02
Guy Bruneau
Cisco Secure Desktop Remote XSS Vulnerability
2010-01-30
Stephen Hall
New and updated VMWare advisories
2010-01-26
Rob VandenBrink
VMware vSphere Hardening Guide Draft posted for public review
2010-01-23
Lorna Hutcheson
The necessary evils: Policies, Processes and Procedures
2010-01-22
Mari Nichols
Pass-down for a Successful Incident Response
2010-01-21
Chris Carboni
Firefox Upgrade Available
2010-01-19
Jim Clausing
Forensic challenges
2010-01-14
Bojan Zdrnja
PDF Babushka
2010-01-14
Bojan Zdrnja
0-day vulnerability in Internet Explorer 6, 7 and 8
2010-01-13
Guy Bruneau
Sun Java JRE 6 Update 18 Released
2010-01-07
Daniel Wesemann
Static analysis of malicious PDFs
2010-01-07
Daniel Wesemann
Static analysis of malicous PDFs (Part #2)
2010-01-06
Guy Bruneau
Firefox security and stability update for version 3.5.7 and 3.0.17 available for download
2009-12-18
Stephen Hall
Wireshark 1.2.5 released - including three security fixes
2009-12-17
Daniel Wesemann
overlay.xul is back
2009-12-17
Daniel Wesemann
In caches, danger lurks
2009-12-16
Mark Hofman
Firefox 3.5.6 is available, time to update.
2009-12-16
Rob VandenBrink
Beware the Attack of the Christmas Greeting Cards !
2009-12-14
Adrien de Beaupre
Anti-forensics, COFEE vs. DECAF
2009-12-07
Rick Wanner
Cheat Sheet: Analyzing Malicious Documents
2009-12-05
Guy Bruneau
Java JRE Buffer and Integer Overflow
2009-12-04
Daniel Wesemann
Max Power's Malware Paradise
2009-12-02
Rob VandenBrink
Microsoft Black Screen of Death - Fact of Fiction?
2009-12-02
Rob VandenBrink
SPAM and Malware taking advantage of H1N1 concerns
2009-11-30
Bojan Zdrnja
Distributed Wordpress admin account cracking
2009-11-25
Jim Clausing
Tool updates
2009-11-25
Jim Clausing
Updates to my GREM Gold scripts and a new script
2009-11-24
Rick Wanner
Microsoft Security Advisory 977981 - IE 6 and IE 7
2009-11-21
Mark Hofman
VMware vCenter and ESX updates available http://lists.vmware.com/pipermail/security-announce/2009/000070.html
2009-11-18
Rob VandenBrink
Using a Cisco Router as a “Remote Collector” for tcpdump or Wireshark
2009-11-14
Adrien de Beaupre
Microsoft advisory for Windows 7 / Windows Server 2008 R2 Remote SMB DoS Exploit released
2009-11-13
Deborah Hale
It's Never Too Early To Start Teaching Them
2009-11-13
Adrien de Beaupre
TLS & SSLv3 renegotiation vulnerability explained
2009-11-12
Rob VandenBrink
Windows 7 / Windows Server 2008 Remote SMB Exploit
2009-11-06
Mark Hofman
A new version of Firefox (3.5.5) just became available. According to the release notes they are stability improvements.
2009-11-05
Swa Frantzen
Insider threat: The snapnames case
2009-10-30
Rob VandenBrink
New version of NIST 800-41, Firewalls and Firewall Policy Guidelines
2009-10-29
Kyle Haugsness
Cyber Security Awareness Month - Day 29 - dns port 53
2009-10-28
Johannes Ullrich
Sniffing SSL: RFC 4366 and TLS Extensions
2009-10-28
Johannes Ullrich
Cyber Security Awareness Month - Day 28 - ntp (123/udp)
2009-10-28
Johannes Ullrich
Firefox 3.5.4 released. Lots of security bug fixes. (thanks Gilbert!)
2009-10-27
Rob VandenBrink
New VMware Desktop Products Released (Workstation, Fusion, ACE)
2009-10-25
Lorna Hutcheson
Cyber Security Awareness Month - Day 25 - Port 80 and 443
2009-10-22
Adrien de Beaupre
Cyber Security Awareness Month - Day 22 port 502 TCP - Modbus
2009-10-22
Adrien de Beaupre
Sysinternals updates: Disk2vhd v1.1, ZoomIt v4.1, Coreinfo v2.0, VMMap v2.4
2009-10-21
Pedro Bueno
WordPress Hardening
2009-10-21
Pedro Bueno
Cyber Security Awareness Month - Day 21 - Port 135
2009-10-19
Daniel Wesemann
Cyber Security Awareness Month - Day 19 - ICMP
2009-10-19
Daniel Wesemann
Backed up, lately ?
2009-10-18
Mari Nichols
Computer Security Awareness Month - Day 18 - Telnet an oldie but a goodie
2009-10-17
Rick Wanner
Cyber Security Awareness Month - Day 17 - Port 22/SSH
2009-10-17
Rick Wanner
Mozilla disables Microsoft plug-ins?
2009-10-16
Stephen Hall
VMWare updates ESX
2009-10-16
Adrien de Beaupre
Cyber Security Awareness Month - Day 16 - Port 1521 - Oracle TNS Listener
2009-10-16
Adrien de Beaupre
Disable MS09-054 patch, or Firefox Plugin?
2009-10-15
Deborah Hale
Yet another round of Viral Spam
2009-10-15
Deborah Hale
Cyber Security Awareness Month - Day 15 - Ports 995, 465, and 993 - Secure Email
2009-10-11
Mark Hofman
Cyber Security Awareness Month - Day 12 Ports 161/162 Simple Network Management Protocol (SNMP)
2009-10-09
Rob VandenBrink
Cyber Security Awareness Month - Day 9 - Port 3389/tcp (RDP)
2009-10-08
Johannes Ullrich
Firefox Plugin Collections
2009-10-06
Adrien de Beaupre
Cyber Security Awareness Month - Day 6 ports 67&68 udp - bootp and dhcp
2009-10-05
Adrien de Beaupre
Cyber Security Awareness Month - Day 5 port 31337
2009-10-04
Guy Bruneau
Samba Security Information Disclosure and DoS
2009-10-02
Stephen Hall
Cyber Security Awareness Month - Day 2 - Port 0
2009-10-02
Stephen Hall
VMware Fusion updates to fixes a couple of bugs
2009-09-27
Stephen Hall
Use Emerging Threats signatures? READ THIS!
2009-09-25
Lenny Zeltser
Categories of Common Malware Traits
2009-09-25
Deborah Hale
Conficker Continues to Impact Networks
2009-09-25
Deborah Hale
Malware delivered over Google and Yahoo Ad's?
2009-09-20
Mari Nichols
Insider Threat and Security Awareness
2009-09-16
Raul Siles
Wireshark 1.2.2 (and 1.0.9) is out!
2009-09-10
Johannes Ullrich
Healthcare Spam
2009-09-10
Guy Bruneau
Firefox 3.5.3 and 3.0.14 has been released
2009-09-07
Lorna Hutcheson
Encrypting Data
2009-09-05
Mark Hofman
Critical Infrastructure and dependencies
2009-09-04
Adrien de Beaupre
Fake anti-virus
2009-08-30
Tony Carothers
How do I recover from.....?
2009-08-29
Guy Bruneau
Immunet Protect - Cloud and Community Malware Protection
2009-08-28
Adrien de Beaupre
WPA with TKIP done
2009-08-26
Johannes Ullrich
Malicious CD ROMs mailed to banks
2009-08-21
Rick Wanner
Updates to VMWare Products
2009-08-18
Daniel Wesemann
Forensics: Mounting partitions from full-disk 'dd' images
2009-08-13
Jim Clausing
New and updated cheat sheets
2009-08-11
Swa Frantzen
Wordpress unauthenticated administrator password reset
2009-08-04
Mark Hofman
Firefox Updates
2009-07-31
Deborah Hale
Don't forget to tell your SysAdmin Thanks
2009-07-28
Adrien de Beaupre
YYAMCCBA
2009-07-26
Jim Clausing
New Volatility plugins
2009-07-23
John Bambenek
Missouri Passes Breach Notification Law: Gap Still Exists for Banking Account Information
2009-07-22
Chris Carboni
Firefox 3.0.12 is Available
2009-07-20
Stephen Hall
Wireshark Release 1.2.1
2009-07-19
Marcus Sachs
Mozilla Comments on Firefox 3.5.1 issue
2009-07-17
Stephen Hall
Firefox 3.5.1 has been released
2009-07-14
Swa Frantzen
Firefox new exploit
2009-07-11
Rick Wanner
VMWare Security Advisories
2009-07-09
John Bambenek
Latest Updates on Ongoing DDoS on Governmental/Commercial Websites in USA and S. Korea
2009-07-03
Adrien de Beaupre
Authorize.net down
2009-07-03
Adrien de Beaupre
BCP/DRP
2009-07-03
Adrien de Beaupre
Happy 4th of July!
2009-07-02
Daniel Wesemann
Getting the EXE out of the RTF
2009-07-02
Bojan Zdrnja
Cold Fusion web sites getting compromised
2009-07-01
Bojan Zdrnja
New VMWare Security Advisory
2009-06-30
Chris Carboni
Firefox 3.5 is available
2009-06-20
Mark Hofman
G'day from Sansfire2009
2009-06-20
Scott Fendley
Situational Awareness: Spam Crisis and China
2009-06-17
Guy Bruneau
Wireshark 1.2.0 released
2009-06-16
John Bambenek
Iran Internet Blackout: Using Twitter for Operational Intelligence
2009-06-16
John Bambenek
URL Shortening Service Cligs Hacked
2009-06-14
Guy Bruneau
SANSFIRE 2009 Starts Tomorrow
2009-06-12
Adrien de Beaupre
Green Dam
2009-06-11
Rick Wanner
MIR-ROR Motile Incident Response - Respond Objectively Remediate
2009-06-11
Rick Wanner
Firefox 3.0.11 is available
2009-06-06
Patrick Nolan
ARRA/HIPAA Breach Reporting Dates Approaching
2009-06-04
Raul Siles
Malware targetting banks ATM's
2009-06-04
Raul Siles
Targeted e-mail attacks asking to verify wire transfer details
2009-06-01
G. N. White
Yet another "Digital Certificate" malware campaign
2009-05-29
Lorna Hutcheson
VMWare Patches Released
2009-05-25
Jim Clausing
Wireshark-1.0.8 released
2009-05-20
Pedro Bueno
Cyber Warfare and Kylin thoughts
2009-05-18
Rick Wanner
Cisco SAFE Security Reference Guide Updated
2009-05-18
Rick Wanner
JSRedir-R/Gumblar badness
2009-05-09
Patrick Nolan
Unusable, Unreadable, or Indecipherable? No Breach reporting required
2009-05-07
Deborah Hale
Malicious Content on the Web
2009-05-05
Bojan Zdrnja
Health database breached
2009-05-04
Tom Liston
Facebook phishing malware
2009-05-04
Tom Liston
Adobe Reader/Acrobat Critical Vulnerability
2009-05-01
Adrien de Beaupre
Incident Management
2009-04-24
John Bambenek
Data Leak Prevention: Proactive Security Requirements of Breach Notification Laws
2009-04-24
Pedro Bueno
Did you check your conference goodies?
2009-04-16
Adrien de Beaupre
Incident Response vs. Incident Handling
2009-04-15
Marcus Sachs
2009 Data Breach Investigation Report
2009-04-14
Swa Frantzen
VMware exploits - just how bad is it ?
2009-04-10
Stephen Hall
Patches for critical VMWare vulnerability
2009-04-09
Jim Clausing
Wireshark 1.0.7 released
2009-04-04
Tony Carothers
Recent VMware Updates Available
2009-03-27
David Goldsmith
Firefox 3.0.8 Released
2009-03-25
David Goldsmith
Java Runtime Environment 6.0 Update 13 Released
2009-03-19
Mark Hofman
Brace yourselves - IE8 reported to be released
2009-03-19
Mark Hofman
Browsers Tumble at CanSecWest
2009-03-13
Bojan Zdrnja
When web application security, Microsoft and the AV vendors all fail
2009-03-10
Swa Frantzen
TinyURL and security
2009-03-10
Swa Frantzen
Browser plug-ins, transparent proxies and same origin policies
2009-03-08
Marcus Sachs
Behind the Estonia Cyber Attacks
2009-03-04
Deborah Hale
Wireshark 1.0.6 Released
2009-03-04
Deborah Hale
Firefox Releases version 3.0.7
2009-03-01
Jim Clausing
Cool combination of tools
2009-02-25
Andre Ludwig
Preview/Iphone/Linux pdf issues
2009-02-23
Daniel Wesemann
Turf War
2009-02-23
Daniel Wesemann
And the Oscar goes to...
2009-02-12
Mark Hofman
Australian Bushfires
2009-02-10
Bojan Zdrnja
More tricks from Conficker and VM detection
2009-02-09
Bojan Zdrnja
Some tricks from Conficker's bag
2009-02-08
Mari Nichols
Are we becoming desensitized to data breaches?
2009-02-06
Adrien de Beaupre
Time to patch your HP printers
2009-02-04
Daniel Wesemann
Firefox 3.0.6
2009-02-04
Daniel Wesemann
Titan Shields up!
2009-02-02
Stephen Hall
How do you audit your production code?
2009-01-31
Swa Frantzen
VMware updates
2009-01-31
John Bambenek
Google Search Engine's Malware Detection Broken
2009-01-30
Mark Hofman
We all "Love" USB drives
2009-01-25
Rick Wanner
Twam?? Twammers?
2009-01-24
Pedro Bueno
Identifying and Removing the iWork09 Trojan
2009-01-18
Daniel Wesemann
3322. org
2009-01-15
Bojan Zdrnja
Conficker's autorun and social engineering
2009-01-12
William Salusky
Downadup / Conficker - MS08-067 exploit and Windows domain account lockout
2009-01-12
William Salusky
Web Application Firewalls (WAF) - Have you deployed WAF technology?
2009-01-07
Bojan Zdrnja
An Israeli patriot program or a trojan
2009-01-02
Rick Wanner
Tools on my Christmas list.
2008-12-28
Raul Siles
AT&T Wireless Outage
2008-12-25
Maarten Van Horenbeeck
Merry Christmas, and beware of digital hitchhikers!
2008-12-25
Maarten Van Horenbeeck
Christmas Ecard Malware
2008-12-17
donald smith
Firefox 3.0.5 fixes several security issues.
2008-12-17
donald smith
Team CYMRU's Malware Hash Registry
2008-12-17
donald smith
Internet Explorer 960714 is released
2008-12-16
donald smith
Cisco's Annual Security report has been released.
2008-12-12
Swa Frantzen
Browser Security Handbook
2008-12-10
Bojan Zdrnja
0-day exploit for Internet Explorer in the wild
2008-12-05
Daniel Wesemann
Been updatin' your Flash player lately?
2008-12-05
Daniel Wesemann
Baby, baby!
2008-12-04
Bojan Zdrnja
Rogue DHCP servers
2008-11-25
Andre Ludwig
The beginnings of a collaborative approach to IDS
2008-11-20
Jason Lam
Large quantity SQL Injection mitigation
2008-11-17
Marcus Sachs
New Tool: NetWitness Investigator
2008-11-17
Jim Clausing
Finding stealth injected DLLs
2008-11-16
Maarten Van Horenbeeck
Detection of Trojan control channels
2008-11-13
Jim Clausing
New Firefoxen out
2008-11-12
John Bambenek
Thoughts on Security Intelligence (McColo Corp alleged spam/malware host knocked offline)
2008-11-11
Swa Frantzen
Acrobat continued activity in the wild
2008-11-10
Stephen Hall
Adobe Reader Vulnerability - part 2
2008-11-08
Raul Siles
WPA Cracked - additional details
2008-11-06
Joel Esler
WPA Wi-fi Cracked (but it's not as bad as you think... yet)
2008-11-06
Joel Esler
Wireless Poll
2008-11-04
Marcus Sachs
Cyber Security Awareness Month 2008 - Summary and Links
2008-11-03
Joel Esler
Day 34 -- Feeding The Lessons Learned Back to the Preparation Phase
2008-11-02
Mari Nichols
Day 33 - Working with Management to Improve Processes
2008-11-01
Koon Yaw Tan
Day 32 - What Should I Make Public?
2008-10-31
Rick Wanner
Day 31 - Legal Awareness
2008-10-30
Kevin Liston
Day 30 - Applying Patches and Updates
2008-10-29
Deborah Hale
Day 29 - Should I Switch Software Vendors?
2008-10-28
Jason Lam
Day 28 - Avoiding Finger Pointing and the Blame Game
2008-10-27
Johannes Ullrich
Day 27 - Validation via Vulnerability Scanning
2008-10-25
Koon Yaw Tan
Day 25 - Finding and Removing Hidden Files and Directories
2008-10-25
Rick Wanner
Day 26 - Restoring Systems from Backup
2008-10-24
Stephen Hall
Day 24 - Cleaning Email Servers and Clients
2008-10-22
Johannes Ullrich
Day 22 - Wiping Disks and Media
2008-10-22
Mari Nichols
F-Secure and Trend Micro Release Critical Patches
2008-10-22
Chris Carboni
Day 23 - Turning off Unused Services
2008-10-21
Johannes Ullrich
Wireshark 1.0.4 released
2008-10-21
Johannes Ullrich
Day 21 - Removing Bots, Keyloggers, and Spyware
2008-10-20
Raul Siles
Day 20 - Eradicating a Rootkit
2008-10-19
Lorna Hutcheson
Day 19 - Eradication: Forensic Analysis Tools - What Happened?
2008-10-17
Patrick Nolan
Day 17 - Containing a DNS Hijacking
2008-10-17
Rick Wanner
Day 18 - Containing Other Incidents
2008-10-16
Mark Hofman
Day 16 - Containing a Malware Outbreak
2008-10-15
Rick Wanner
Day 15 - Containing the Damage From a Lost or Stolen Laptop
2008-10-14
Swa Frantzen
Day 14 - Containment: a Personal IdentityTheft Incident
2008-10-13
Adrien de Beaupre
Day 13 - Containment: Containing on Production Systems Such as a Web Server
2008-10-12
Mari Nichols
Day 12 Containment: Gathering Evidence That Can be Used in Court
2008-10-11
Stephen Hall
Day 11 - Identification: Other Methods of Identifying an Incident
2008-10-10
Marcus Sachs
Day 10 - Identification: Using Your Help Desk to Identify Security Incidents
2008-10-09
Marcus Sachs
Day 9 - Identification: Log and Audit Analysis
2008-10-09
Bojan Zdrnja
Watch that .htaccess file on your web site
2008-10-08
Johannes Ullrich
Day 8 - Global Incident Awareness
2008-10-07
Kyle Haugsness
Day 7 - Identification: Host-based Intrusion Detection Systems
2008-10-07
Kyle Haugsness
Good reading and a malware challenge
2008-10-06
Jim Clausing
Day 6 - Network-based Intrusion Detection Systems
2008-10-06
Jim Clausing
Novell eDirectory advisory
2008-10-05
Stephen Hall
Day 5 - Identification: Events versus Incidents
2008-10-04
Marcus Sachs
Day 4 - Preparation: What Goes Into a Response Kit
2008-10-03
Jason Lam
Day 3 - Preparation: Building Checklists
2008-10-02
Marcus Sachs
Day 2 - Preparation: Building a Response Team
2008-10-01
Marcus Sachs
Day 1 - Preparation: Policies, Management Support, and User Awareness
2008-09-30
Marcus Sachs
Cyber Security Awareness Month - Daily Topics
2008-09-29
Daniel Wesemann
ASPROX mutant
2008-09-26
Patrick Nolan
Firefox v2.0.0.17 and Thunderbird v2.0.0.17 release fixes vulnerabilities
2008-09-25
Jim Clausing
Firefox 3.0.3 will be out probably tomorrow
2008-09-22
Maarten Van Horenbeeck
Data exfiltration and the use of anonymity providers
2008-09-21
Mari Nichols
You still have time!
2008-09-20
Rick Wanner
New (to me) nmap Features
2008-09-19
Bojan Zdrnja
VMWare ESX(i) 3.5 security patches
2008-09-18
Bojan Zdrnja
Monitoring HTTP User-Agent fields
2008-09-09
Swa Frantzen
wordpress upgrade
2008-09-07
Lorna Hutcheson
Malware Analysis: Tools are only so good
2008-09-04
Chris Carboni
Wireshark 1.0.3 released
2008-09-03
Daniel Wesemann
Static analysis of Shellcode
2008-09-03
Daniel Wesemann
Static analysis of Shellcode - Part 2
2008-09-01
John Bambenek
The Number of Machines Controlled by Botnets Has Jumped 4x in Last 3 Months
2008-08-17
Kevin Liston
Volatility 1.3 Released
2008-08-15
Jim Clausing
OMFW 2008 reflections
2008-08-13
Adrien de Beaupre
CNN switched to MSNBC
2008-08-12
Johannes Ullrich
VMWare ESX 3.5u2 Errors
2008-08-05
Daniel Wesemann
The news update you never asked for
2008-08-02
Maarten Van Horenbeeck
A little of that human touch
2008-07-20
Kevin Liston
Malware Intelligence: Making it Actionable
2008-07-17
Mari Nichols
Firefox Releases 3.0.1 and fixes 3 security vulnerabilities
2008-07-17
Mari Nichols
Adobe Reader 9 Released
2008-07-17
Mari Nichols
Microsoft Updates 2 DirectX Bulletins
2008-07-16
Maarten Van Horenbeeck
Firefox 2.0.0.16 fixes two security vulnerabilities
2008-07-15
Maarten Van Horenbeeck
Extracting scripts and data from suspect PDF files
2008-07-15
Maarten Van Horenbeeck
Bot controller mimicry
2008-07-14
Daniel Wesemann
Obfuscated JavaScript Redux
2008-07-07
Pedro Bueno
Bad url classification
2008-07-02
Jim Clausing
Firefox 2.0.0.15 is out
2008-06-26
Daniel Wesemann
Automatic wireless connections
2008-06-23
donald smith
Preventing SQL injection
2008-06-19
William Stearns
Firefox vunerability
2008-06-18
Marcus Sachs
Olympics Part II
2008-06-16
Marcus Sachs
Firefox 3.0 to be Released on Tuesday
2008-06-14
Lorna Hutcheson
Malware Detection - Take the Blinders Off
2008-06-11
John Bambenek
CitectSCADA Buffer Overflow Vulnerability
2008-06-10
Swa Frantzen
Ransomware keybreaking
2008-06-02
Jim Clausing
Emergingthreats.net and ThePlanet
2008-06-01
Mark Hofman
Free Yahoo email account! Sign me up, Ok well maybe not.
2008-06-01
Mari Nichols
Updates to VMware resolve critical security issues
2008-05-28
Adrien de Beaupre
Another example of malicious SWF
2008-05-27
Adrien de Beaupre
Malicious swf files?
2008-05-26
Marcus Sachs
Predictable Response
2008-05-14
Bojan Zdrnja
War of the worlds?
2008-05-08
Joel Esler
COMPROMISED FILE IN VIETNAMESE LANGUAGE PACK FOR FIREFOX 2
2008-05-06
Marcus Sachs
Industrial Control Systems Vulnerability
2008-05-02
Adrien de Beaupre
Hi, remember me?...
2008-04-30
Bojan Zdrnja
(Minor) evolution in Mac DNS changer malware
2008-04-24
Maarten Van Horenbeeck
Targeted attacks using malicious PDF files
2008-04-23
Mari Nichols
What's New, Old and Morphing?
2008-04-17
Chris Carboni
Firefox Update
2008-04-16
Bojan Zdrnja
The 10.000 web sites infection mystery solved
2008-04-16
William Stearns
Passer, a aassive machine and service sniffer
2008-04-15
Johannes Ullrich
SRI Malware Threat Center
2008-04-14
John Bambenek
A Federal Subpoena or Just Some More Spam & Malware?
2008-04-10
Deborah Hale
DSLReports Being Attacked Again
2008-04-08
Swa Frantzen
Symantec's Global Internet Security Threat Report
2008-04-07
John Bambenek
HP USB Keys Shipped with Malware for your Proliant Server
2008-04-07
John Bambenek
Got Kraken?
2008-04-07
John Bambenek
Kraken Technical Details: UPDATED x3
2008-04-06
Daniel Wesemann
Advanced obfuscated JavaScript analysis
2008-04-04
Daniel Wesemann
nmidahena
2008-04-03
Bojan Zdrnja
VB detection: is it so difficult?
2008-04-02
Adrien de Beaupre
When is a DMG file not a DMG file
2008-04-01
Joel Esler
Security in everyday life -- A true April Fools story
2008-03-30
Mark Hofman
Mail Anyone?
2008-03-27
Maarten Van Horenbeeck
Guarding the guardians: a story of PGP key ring theft
2008-03-26
Raul Siles
Firefox 2.0.0.13 is out
2008-03-24
Raul Siles
Next-generation Web browsers?
2008-03-19
Raul Siles
VMware updates resolve critical security issues (VMSA-2008-0005)
2008-03-13
Jason Lam
Remote File Include spoof!?
2006-12-18
Toby Kohlenberg
ORDB Shutting down
2006-11-29
Toby Kohlenberg
New Adobe vulnerability
2006-11-20
Joel Esler
MS06-070 Remote Exploit
2006-10-05
John Bambenek
There are no more Passive Exploits
2006-09-09
Jim Clausing
New feature at isc.sans.org
2006-08-31
Swa Frantzen
NT botnet submitted
2000-01-02
Deborah Hale
2010 A Look Back - 2011 A Look Ahead
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Contact Us
Contact Us
About Us
Handlers
About Us
Slack Channel
Mastodon
Bluesky
X
Have you seen our swag?
Buy SANS ISC Gear