Date Author Title

USER AWARENESS

2012-07-14Tony CarothersUser Awareness and Education

USER

2024-10-16/a>Johannes UllrichThe Top 10 Not So Common SSH Usernames and Passwords
2024-02-28/a>Johannes UllrichExploit Attempts for Unknown Password Reset Vulnerability
2024-01-24/a>Johannes UllrichHow Bad User Interfaces Make Security Tools Harmful
2024-01-08/a>Jesse La GrewWhat is that User Agent?
2023-09-05/a>Jesse La GrewCommon usernames submitted to honeypots
2021-09-24/a>Xavier MertensKeep an Eye on Your Users Mobile Devices (Simple Inventory)
2021-04-24/a>Guy BruneauBase64 Hashes Used in Web Scanning
2021-03-02/a>Russ McReeAdversary Simulation with Sim
2019-07-25/a>Rob VandenBrinkWhen Users Attack! Users (and Admins) Thwarting Security Controls
2019-07-05/a>Didier StevensA "Stream O" Maldoc
2019-07-01/a>Didier StevensMaldoc: Payloads in User Forms
2018-05-27/a>Guy BruneauCapture and Analysis of User Agents
2018-01-01/a>Didier StevensWhat is new?
2014-04-05/a>Jim ClausingThose strange e-mails with URLs in them can lead to Android malware
2013-01-15/a>Rob VandenBrinkWhen Disabling IE6 (or Java, or whatever) is not an Option...
2012-07-14/a>Tony CarothersUser Awareness and Education
2012-04-05/a>Johannes UllrichEvil hides everywhere: Web Application Exploits in Headers
2011-08-26/a>Daniel WesemannUser Agent 007
2010-10-19/a>Rob VandenBrinkCyber Security Awareness Month - Day 19 - Remote User VPN Tunnels - to Split or not to Split?
2010-10-19/a>Rob VandenBrinkCyber Security Awareness Month - Day 19 - Remote User VPN Access – Are things getting too easy, or too hard?
2009-05-28/a>Jim ClausingMore new volatility plugins
2008-09-18/a>Bojan ZdrnjaMonitoring HTTP User-Agent fields

AWARENESS

2023-10-29/a>Guy BruneauSpam or Phishing? Looking for Credentials & Passwords
2021-05-29/a>Guy BruneauSpear-phishing Email Targeting Outlook Mail Clients
2019-03-06/a>Johannes UllrichMarch Edition of Ouch! Newsletter: Securely Disposing Mobile Devices https://www.sans.org/security-awareness-training/resources/disposing-your-mobile-device
2017-09-18/a>Johannes UllrichSANS Securingthehuman posted a follow up to their Equifax breach webcast: https://securingthehuman.sans.org/blog/2017/09/15/equifax-webcast-follow-up
2017-08-13/a>Didier StevensThe Good Phishing Email
2017-02-15/a>Xavier MertensHow was your stay at the Hotel La Playa?
2017-01-11/a>Johannes UllrichJanuary 2017 Edition of Ouch! Security Awareness Newsletter Released: https://securingthehuman.sans.org/ouch
2016-04-02/a>Russell EubanksWhy Can't We Be Friends?
2015-10-27/a>Xavier MertensThe "Yes, but..." syndrome
2015-10-18/a>Russell EubanksSecurity Awareness for Security Professionals
2015-10-17/a>Russell EubanksCIS Critical Security Controls - Version 6.0
2015-09-23/a>Daniel WesemannMaking our users unlearn what we taught them
2015-05-07/a>Chris MohanSecurity Awareness? How do you keep your staff safe?
2014-07-02/a>Johannes UllrichJuly Ouch! Security Awareness Newsletter Released. E-mail Do's and Don'ts http://www.securingthehuman.org/resources/newsletters/ouch/2014#july2014
2014-02-05/a>Johannes UllrichSANS Ouch Security Awareness Newsletter What is Malware http://www.securingthehuman.org/ouch
2013-10-01/a>Adrien de BeaupreCSAM! Send us your logs!
2013-08-07/a>Johannes UllrichNew edition of the Ouch! Security Awareness Newsletter is out: http://www.securingthehuman.org/resources/newsletters/ouch/2013
2012-12-18/a>Rob VandenBrinkAll I Want for Christmas is to Not Get Hacked !
2012-10-30/a>Mark HofmanCyber Security Awareness Month - Day 30 - DSD 35 mitigating controls
2012-10-29/a>Kevin ShorttCyber Security Awareness Month - Day 29 - Clear Desk: The Unacquainted Standard
2012-10-26/a>Russ McReeCyber Security Awareness Month - Day 26 - Attackers use trusted domain to propagate Citadel Zeus variant
2012-10-25/a>Richard PorterCyber Security Awareness Month - Day 25 - Pro Audio & Video Packets on the Wire
2012-10-24/a>Russ McReeCyber Security Awareness Month - Day 24 - A Standard for Information Security Incident Management - ISO 27035
2012-10-23/a>Rob VandenBrinkCyber Security Awareness Month - Day 23: Character Encoding Standards - ASCII and Successors
2012-10-21/a>Johannes UllrichCyber Security Awareness Month - Day 22: Connectors
2012-10-19/a>Johannes UllrichCyber Security Awareness Month - Day 19: Standard log formats and CEE.
2012-10-18/a>Rob VandenBrinkCyber Security Awareness Month - Day 18 - Vendor Standards: The vSphere Hardening Guide
2012-10-17/a>Rob VandenBrinkCyber Security Awareness Month - Day 17 - A Standard for Risk Management - ISO 27005
2012-10-16/a>Richard PorterCyberAwareness Month - Day 15, Standards Body Soup (pt2), Same Soup Different Cook.
2012-10-16/a>Johannes UllrichCyber Security Awareness Month - Day 16: W3C and HTML
2012-10-14/a>Pedro BuenoCyber Security Awareness Month - Day 14 - Poor Man's File Analysis System - Part 1
2012-10-13/a>Guy BruneauNew Poll - Cyber Security Awareness Month Activities 2012 - https://isc.sans.edu/poll.html
2012-10-12/a>Mark HofmanCyber Security Awareness Month - Day 12 PCI DSS
2012-10-11/a>Rob VandenBrinkCyber Security Awareness Month - Day 11 - Vendor Agnostic Standards (Center for Internet Security)
2012-10-10/a>Kevin ShorttCyber Security Awareness Month - Day 10 - Standard Sudo - Part Two
2012-10-09/a>Johannes UllrichCyber Security Awreness Month - Day 9 - Request for Comment (RFC)
2012-10-08/a>Mark HofmanCyber Security Awareness Month - Day 8 ISO 27001
2012-10-07/a>Tony CarothersCyber Security Awareness Month - Day 7 - Rollup Review of CSAM Week 1
2012-10-06/a>Manuel Humberto Santander PelaezCyber Security Awareness Month - Day 6 - NERC: The standard that enforces security on power SCADA
2012-10-05/a>Johannes UllrichCyber Security Awareness Month - Day 5: Standards Body Soup, So many Flavors in the bowl.
2012-10-04/a>Johannes UllrichCyber Security Awareness Month - Day 4: Crypto Standards
2012-10-03/a>Kevin ShorttCyber Security Awareness Month - Day 3 - Standard Sudo - Part One
2012-10-02/a>Russ McReeCyber Security Awareness Month - Day 2 - PCI Security Standard: Mobile Payment Acceptance Security Guidelines
2012-10-01/a>Johannes UllrichCyber Security Awareness Month
2012-07-14/a>Tony CarothersUser Awareness and Education
2011-10-29/a>Richard PorterThe Sub Critical Control? Evidence Collection
2011-10-28/a>Russ McReeCritical Control 19: Data Recovery Capability
2011-10-28/a>Daniel WesemannCritical Control 20: Security Skills Assessment and Training to fill Gaps
2011-10-27/a>Mark BaggettCritical Control 18: Incident Response Capabilities
2011-10-26/a>Rick WannerCritical Control 17:Penetration Tests and Red Team Exercises
2011-10-17/a>Rob VandenBrinkCritical Control 11: Account Monitoring and Control
2011-10-13/a>Guy BruneauCritical Control 10: Continuous Vulnerability Assessment and Remediation
2011-10-12/a>Kevin ShorttCritical Control 8 - Controlled Use of Administrative Privileges
2011-10-11/a>Swa FrantzenCritical Control 7 - Application Software Security
2011-10-10/a>Jim ClausingCritical Control 6 - Maintenance, Monitoring, and Analysis of Security Audit Logs
2011-10-07/a>Mark HofmanCritical Control 5 - Boundary Defence
2011-10-04/a>Rob VandenBrinkCritical Control 2 - Inventory of Authorized and Unauthorized Software
2011-10-04/a>Johannes UllrichCritical Control 3 - Secure Configurations for Hardware and Software on Laptops, Workstations and Servers
2011-10-03/a>Mark HofmanCritical Control 1 - Inventory of Authorized and Unauthorized Devices
2011-10-03/a>Mark BaggettWhat are the 20 Critical Controls?
2011-10-03/a>Tom ListonSecurity 101 : Security Basics in 140 Characters Or Less
2011-10-02/a>Mark HofmanCyber Security Awareness Month Day 1/2 - Schedule
2011-10-02/a>Mark HofmanCyber Security Awareness Month Day 1/2 - Introduction to the controls
2011-09-21/a>Mark HofmanOctober 2011 Cyber Security Awareness Month
2011-09-15/a>Johannes UllrichSeptember OUCH! awareness newsletter released - How to use social networking sites safely. http://bit.ly/ja6TMH
2011-08-17/a>Johannes UllrichAugust edition of security awareness newsletter OUCH! released. Focus: Updating your Software http://t.co/ftRVetZ
2011-06-15/a>Johannes UllrichLatest issue of "Ouch!" is out http://www.securingthehuman.org/resources/newsletters/ouch
2011-05-31/a>Chris MohanGetting the IT security word out there to the rest of the world
2011-05-21/a>Daniel WesemannWeekend reading
2011-04-13/a>Johannes UllrichApril issue of SANS Security Awareness Newsletter is out http://www.securingthehuman.org/resources/ouch
2010-10-31/a>Marcus SachsCyber Security Awareness Month - Day 31 - Tying it all together
2010-10-30/a>Guy BruneauCyber Security Awareness Month - Day 30 - Role of the network team
2010-10-29/a>Manuel Humberto Santander PelaezCyber Security Awareness Month - Day 29- Role of the office geek
2010-10-28/a>Rick WannerCyber Security Awareness Month - Day 27 - Social Media use in the office
2010-10-28/a>Tony CarothersCyber Security Awareness Month - Day 28 - Role of the employee
2010-10-26/a>Pedro BuenoCyber Security Awareness Month - Day 26 - Sharing Office Files
2010-10-25/a>Kevin ShorttCyber Security Awareness Month - Day 25 - Using Home Computers for Work
2010-10-24/a>Swa FrantzenCyber Security Awarenes Month - Day 24 - Using work computers at home
2010-10-23/a>Mark HofmanCyber Security Awareness Month - Day 23 - The Importance of compliance
2010-10-22/a>Daniel WesemannCyber Security Awareness Month - Day 22 - Security of removable media
2010-10-21/a>Chris CarboniCyber Security Awareness Month - Day 21 - Impossible Requests from the Boss
2010-10-20/a>Jim ClausingCyber Security Awareness Month - Day 20 - Securing Mobile Devices
2010-10-19/a>Rob VandenBrinkCyber Security Awareness Month - Day 19 - Remote Access Tools
2010-10-19/a>Rob VandenBrinkCyber Security Awareness Month - Day 19 - Remote User VPN Tunnels - to Split or not to Split?
2010-10-19/a>Rob VandenBrinkCyber Security Awareness Month - Day 19 - VPN Architectures – SSL or IPSec?
2010-10-19/a>Rob VandenBrinkCyber Security Awareness Month - Day 19 - Remote User VPN Access – Are things getting too easy, or too hard?
2010-10-19/a>Rob VandenBrinkCyber Security Awareness Month - Day 19 - VPN and Remote Access Tools
2010-10-18/a>Manuel Humberto Santander PelaezCyber Security Awareness Month - Day 18 - What you should tell your boss when there's a crisis
2010-10-17/a>Stephen HallCyber Security Awareness Month - Day 17 - What a boss should and should not have access to
2010-10-15/a>Marcus SachsCyber Security Awareness Month - Day 15 - What Teachers Need to Know About Their Students
2010-10-15/a>Guy BruneauCyber Security Awareness Month - Day 16 - Securing a donated computer
2010-10-14/a>Johannes UllrichCyber Security Awareness Month - Day 14 - Securing a public computer
2010-10-13/a>Deborah HaleCyber Security Awareness Month - Day 13 - Online Bullying
2010-10-12/a>Scott FendleyCyber Security Awareness Month - Day 12 - Protecting and Managing Your Digital Identity On Social Media Sites
2010-10-11/a>Rick WannerCyber Security Awareness Month - Day 11 - Safe Browsing for Teens
2010-10-10/a>Kevin ListonCyber Security Awareness Month - Day 10 - Safe browsing for pre-teens
2010-10-09/a>Kevin ShorttCyber Security Awareness Month - Day 9 - Disposal of an Old Computer
2010-10-08/a>Rick WannerCyber Security Awareness Month - Day 8 - Patch Management and System Updates
2010-10-06/a>Rob VandenBrinkCyber Security Awareness Month - Day 7 - Remote Access and Monitoring Tools
2010-10-06/a>Marcus SachsCyber Security Awareness Month - Day 6 - Computer Monitoring Tools
2010-10-05/a>Rick WannerCyber Security Awareness Month - Day 5 - Sites you should stay away from
2010-10-04/a>Daniel WesemannCyber Security Awareness Month - Day 4 - Managing EMail
2010-10-03/a>Adrien de Beaupre Cyber Security Awareness Month - Day 3 - Recognizing phishing and online scams
2010-10-02/a>Mark HofmanCyber Security Awareness Month - Day 2 - Securing the Family Network
2010-10-01/a>Marcus SachsCyber Security Awareness Month - 2010
2010-10-01/a>Marcus SachsCyber Security Awareness Month - Day 1 - Securing the Family PC
2010-08-08/a>Marcus SachsThinking about Cyber Security Awareness Month in October
2010-05-07/a>Rob VandenBrinkSecurity Awareness – Many Audiences, Many Messages (Part 2)
2010-05-02/a>Mari NicholsZbot Social Engineering
2010-04-07/a>Rob VandenBrinkThe Many Paths to Security Awareness
2010-03-07/a>Mari NicholsDHS issues Cybersecurity challenge
2010-02-20/a>Mari NicholsIs "Green IT" Defeating Security?
2009-10-29/a>Kyle HaugsnessCyber Security Awareness Month - Day 29 - dns port 53
2009-10-28/a>Johannes UllrichCyber Security Awareness Month - Day 28 - ntp (123/udp)
2009-10-25/a>Lorna HutchesonCyber Security Awareness Month - Day 25 - Port 80 and 443
2009-10-22/a>Adrien de BeaupreCyber Security Awareness Month - Day 22 port 502 TCP - Modbus
2009-10-21/a>Pedro BuenoCyber Security Awareness Month - Day 21 - Port 135
2009-10-19/a>Daniel WesemannCyber Security Awareness Month - Day 19 - ICMP
2009-10-18/a>Mari NicholsComputer Security Awareness Month - Day 18 - Telnet an oldie but a goodie
2009-10-16/a>Adrien de BeaupreCyber Security Awareness Month - Day 16 - Port 1521 - Oracle TNS Listener
2009-10-11/a>Mark HofmanCyber Security Awareness Month - Day 12 Ports 161/162 Simple Network Management Protocol (SNMP)
2009-10-09/a>Rob VandenBrinkCyber Security Awareness Month - Day 9 - Port 3389/tcp (RDP)
2009-10-06/a>Adrien de BeaupreCyber Security Awareness Month - Day 6 ports 67&68 udp - bootp and dhcp
2009-10-05/a>Adrien de BeaupreCyber Security Awareness Month - Day 5 port 31337
2009-10-02/a>Stephen HallCyber Security Awareness Month - Day 2 - Port 0
2009-09-20/a>Mari NicholsInsider Threat and Security Awareness
2009-06-20/a>Scott FendleySituational Awareness: Spam Crisis and China
2008-11-04/a>Marcus SachsCyber Security Awareness Month 2008 - Summary and Links
2008-11-03/a>Joel EslerDay 34 -- Feeding The Lessons Learned Back to the Preparation Phase
2008-11-02/a>Mari NicholsDay 33 - Working with Management to Improve Processes
2008-11-01/a>Koon Yaw TanDay 32 - What Should I Make Public?
2008-10-31/a>Rick WannerDay 31 - Legal Awareness
2008-10-30/a>Kevin ListonDay 30 - Applying Patches and Updates
2008-10-29/a>Deborah HaleDay 29 - Should I Switch Software Vendors?
2008-10-28/a>Jason LamDay 28 - Avoiding Finger Pointing and the Blame Game
2008-10-27/a>Johannes UllrichDay 27 - Validation via Vulnerability Scanning
2008-10-25/a>Koon Yaw TanDay 25 - Finding and Removing Hidden Files and Directories
2008-10-25/a>Rick WannerDay 26 - Restoring Systems from Backup
2008-10-24/a>Stephen HallDay 24 - Cleaning Email Servers and Clients
2008-10-22/a>Johannes UllrichDay 22 - Wiping Disks and Media
2008-10-22/a>Chris CarboniDay 23 - Turning off Unused Services
2008-10-21/a>Johannes UllrichDay 21 - Removing Bots, Keyloggers, and Spyware
2008-10-20/a>Raul SilesDay 20 - Eradicating a Rootkit
2008-10-19/a>Lorna HutchesonDay 19 - Eradication: Forensic Analysis Tools - What Happened?
2008-10-17/a>Patrick NolanDay 17 - Containing a DNS Hijacking
2008-10-17/a>Rick WannerDay 18 - Containing Other Incidents
2008-10-16/a>Mark HofmanDay 16 - Containing a Malware Outbreak
2008-10-15/a>Rick WannerDay 15 - Containing the Damage From a Lost or Stolen Laptop
2008-10-14/a>Swa FrantzenDay 14 - Containment: a Personal IdentityTheft Incident
2008-10-13/a>Adrien de BeaupreDay 13 - Containment: Containing on Production Systems Such as a Web Server
2008-10-12/a>Mari NicholsDay 12 Containment: Gathering Evidence That Can be Used in Court
2008-10-11/a>Stephen HallDay 11 - Identification: Other Methods of Identifying an Incident
2008-10-10/a>Marcus SachsDay 10 - Identification: Using Your Help Desk to Identify Security Incidents
2008-10-09/a>Marcus SachsDay 9 - Identification: Log and Audit Analysis
2008-10-08/a>Johannes UllrichDay 8 - Global Incident Awareness
2008-10-07/a>Kyle HaugsnessDay 7 - Identification: Host-based Intrusion Detection Systems
2008-10-06/a>Jim ClausingDay 6 - Network-based Intrusion Detection Systems
2008-10-05/a>Stephen HallDay 5 - Identification: Events versus Incidents
2008-10-04/a>Marcus SachsDay 4 - Preparation: What Goes Into a Response Kit
2008-10-03/a>Jason LamDay 3 - Preparation: Building Checklists
2008-10-02/a>Marcus SachsDay 2 - Preparation: Building a Response Team
2008-10-01/a>Marcus SachsDay 1 - Preparation: Policies, Management Support, and User Awareness
2008-09-30/a>Marcus SachsCyber Security Awareness Month - Daily Topics
2008-09-21/a>Mari NicholsYou still have time!