Diaries by Keyword - SANS Internet Storm Center

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Handler on Duty: Jesse La Grew

Threat Level: green

Date	Author	Title
LAYER 2 NETWORK PROTECTIONS BROADCAST MACOF FLOOD MAC
2009-12-07	Rob VandenBrink	Layer 2 Network Protections – reloaded!
LAYER
2019-10-10/a>	Rob VandenBrink	Mining Live Networks for OUI Data Oddness
2019-09-26/a>	Rob VandenBrink	Mining MAC Address and OUI Information
2016-10-26/a>	Johannes Ullrich	Critical Flash Player Update APSB16-36
2015-01-23/a>	Adrien de Beaupre	Infocon change to yellow for Adobe Flash issues
2014-04-28/a>	Russ McRee	Adobe Security Bulletin: Security updates available for Adobe Flash Player http://adobe.ly/QVjO72
2013-03-02/a>	Scott Fendley	Apple Blocks Older Insecure Versions of Flash Player
2012-11-08/a>	Daniel Wesemann	Adobe Patches
2012-10-24/a>	Rob VandenBrink	Time to run Windows Update - - Microsoft Updates KB2755801 for Windows RT / IE10 / Flash Player - http://technet.microsoft.com/en-us/security/advisory/2755801
2012-10-09/a>	Johannes Ullrich	Adobe Flash Player update http://www.adobe.com/support/security/bulletins/apsb12-22.html
2012-09-20/a>	Russ McRee	Flash Player update but no announcement, check your version http://www.adobe.com/software/flash/about/
2012-08-03/a>	Guy Bruneau	Flash Player 11.3.300.270 for Windows released to address a crash - http://forums.adobe.com/message/4594596#4594596
2012-03-28/a>	Kevin Shortt	Adobe Flash Player APSB12-07 - 28 March 2012
2012-03-05/a>	Johannes Ullrich	Adobe Flash Player Security Update
2012-02-16/a>	Johannes Ullrich	Adobe Flash Player Update
2011-04-11/a>	Johannes Ullrich	Layer 2 DoS and other IPv6 Tricks
2010-11-01/a>	Manuel Humberto Santander Pelaez	CVE-2010-3654 exploit in the wild
2010-10-30/a>	Guy Bruneau	Security Update for Shockwave Player
2010-08-25/a>	Pedro Bueno	Adobe released security update for Shockwave player that fix several CVEs: APSB1020
2010-06-16/a>	Kevin Shortt	Adobe Flash Player 10.1 - Security Update Available
2010-06-05/a>	Guy Bruneau	Security Advisory for Flash Player, Adobe Reader and Acrobat
2010-05-12/a>	Rob VandenBrink	Layer 2 Security - Private VLANs (the Story Continues ...)
2010-02-12/a>	G. N. White	Adobe Flash Player 10.0.45.2 and AIR 1.5.3.9130 released to correct vulnerability CVE-2010-0186 Details: http://www.adobe.com/support/security/bulletins/apsb10-06.html
2010-01-12/a>	Johannes Ullrich	Microsoft Advices XP Users to Uninstall Flash Player 6
2009-12-07/a>	Rob VandenBrink	Layer 2 Network Protections – reloaded!
2009-11-11/a>	Rob VandenBrink	Layer 2 Network Protections against Man in the Middle Attacks
2009-01-21/a>	Raul Siles	Traffic increase for port UDP/8247
2008-05-27/a>	Adrien de Beaupre	Adobe flash player vuln
2006-12-12/a>	Robert Danford	MS06-078: 2 Windows Media Format Vulnerabilities (CVE-2006-4702, CVE-2006-6134)
2
2024-04-23/a>	Johannes Ullrich	Struts "devmode": Still a problem ten years later?
2024-03-14/a>	Jan Kopriva	Increase in the number of phishing messages pointing to IPFS and to R2 buckets
2023-12-20/a>	Guy Bruneau	How to Protect your Webserver from Directory Enumeration Attack ? Apache2 [Guest Diary]
2023-11-30/a>	John Bambenek	Prophetic Post by Intern on CVE-2023-1389 Foreshadows Mirai Botnet Expansion Today
2023-11-22/a>	Guy Bruneau	CVE-2023-1389: A New Means to Expand Botnets
2023-11-06/a>	Johannes Ullrich	Exploit Activity for CVE-2023-22518, Atlassian Confluence Data Center and Server
2023-08-28/a>	Didier Stevens	Analysis of RAR Exploit Files (CVE-2023-38831)
2023-08-25/a>	Xavier Mertens	Python Malware Using Postgresql for C2 Communications
2023-07-12/a>	Brad Duncan	Loader activity for Formbook "QM18"
2023-06-22/a>	Brad Duncan	Qakbot (Qbot) activity, obama271 distribution tag
2023-06-17/a>	Brad Duncan	Formbook from Possible ModiLoader (DBatLoader)
2023-05-14/a>	Guy Bruneau	VMware Aria Operations addresses multiple Local Privilege Escalations and a Deserialization issue
2023-05-09/a>	Russ McRee	Exploratory Data Analysis with CISSM Cyber Attacks Database - Part 2
2023-03-25/a>	Guy Bruneau	Microsoft Released an Update for Windows Snipping Tool Vulnerability
2023-02-22/a>	Johannes Ullrich	Internet Wide Scan Fingerprinting Confluence Servers
2022-12-22/a>	Guy Bruneau	Exchange OWASSRF Exploited for Remote Code Execution
2022-12-16/a>	Guy Bruneau	VMware Security Updates
2022-12-10/a>	Didier Stevens	Open Now: 2022 SANS Holiday Hack Challenge & KringleCon
2022-10-24/a>	Xavier Mertens	C2 Communications Through outlook.com
2022-10-15/a>	Guy Bruneau	Malware - Covid Vaccination Supplier Declaration
2022-10-07/a>	Xavier Mertens	Powershell Backdoor with DGA Capability
2022-08-26/a>	Guy Bruneau	HTTP/2 Packet Analysis with Wireshark
2022-08-22/a>	Xavier Mertens	32 or 64 bits Malware?
2022-08-14/a>	Johannes Ullrich	Realtek SDK SIP ALG Vulnerability: A Big Deal, but not much you can do about it. CVE 2022-27255
2022-07-23/a>	Guy Bruneau	Analysis of SSH Honeypot Data with PowerBI
2022-06-09/a>	Brad Duncan	TA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt)
2022-05-13/a>	Johannes Ullrich	From 0-Day to Mirai: 7 days of BIG-IP Exploits
2022-04-28/a>	Johannes Ullrich	A Day of SMB: What does our SMB/RPC Honeypot see? CVE-2022-26809
2022-04-14/a>	Johannes Ullrich	An Update on CVE-2022-26809 - MSRPC Vulnerabliity - PATCH NOW
2022-01-12/a>	Johannes Ullrich	A Quick CVE-2022-21907 FAQ
2022-01-02/a>	Guy Bruneau	Exchange Server - Email Trapped in Transport Queues
2021-12-19/a>	Didier Stevens	Office 2021: VBA Project Version
2021-12-18/a>	Guy Bruneau	VMware Security Update - https://www.vmware.com/security/advisories/VMSA-2021-0030.html
2021-12-14/a>	Johannes Ullrich	Log4j: Getting ready for the long haul (CVE-2021-44228)
2021-12-11/a>	Johannes Ullrich	Log4j / Log4Shell Followup: What we see and how to defend (and how to access our data)
2021-11-26/a>	Guy Bruneau	Searching for Exposed ASUS Routers Vulnerable to CVE-2021-20090
2021-11-20/a>	Guy Bruneau	Hikvision Security Cameras Potentially Exposed to Remote Code Execution
2021-11-07/a>	Didier Stevens	Video: Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory
2021-11-06/a>	Didier Stevens	Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory
2021-10-30/a>	Guy Bruneau	Remote Desktop Protocol (RDP) Discovery
2021-10-25/a>	Didier Stevens	Decrypting Cobalt Strike Traffic With a "Leaked" Private Key
2021-10-16/a>	Guy Bruneau	Apache is Actively Scan for CVE-2021-41773 & CVE-2021-42013
2021-10-06/a>	Johannes Ullrich	Apache 2.4.49 Directory Traversal Vulnerability (CVE-2021-41773)
2021-08-20/a>	Xavier Mertens	Waiting for the C2 to Show Up
2021-08-03/a>	Johannes Ullrich	Three Problems with Two Factor Authentication
2021-06-30/a>	Johannes Ullrich	CVE-2021-1675: Incomplete Patch and Leaked RCE Exploit
2021-06-26/a>	Guy Bruneau	CVE-2019-9670: Zimbra Collaboration Suite XXE vulnerability
2021-05-28/a>	Xavier Mertens	Malicious PowerShell Hosted on script.google.com
2021-05-21/a>	Xavier Mertens	Locking Kernel32.dll As Anti-Debugging Technique
2021-05-18/a>	Xavier Mertens	From RunDLL32 to JavaScript then PowerShell
2021-04-02/a>	Xavier Mertens	C2 Activity: Sandboxes or Real Victims?
2021-03-19/a>	Xavier Mertens	Pastebin.com Used As a Simple C2 Channel
2021-02-25/a>	Jim Clausing	So where did those Satori attacks come from?
2021-02-24/a>	Brad Duncan	Malspam pushes GuLoader for Remcos RAT
2021-02-16/a>	Jim Clausing	More weirdness on TCP port 26
2021-02-02/a>	Xavier Mertens	New Example of XSL Script Processing aka "Mitre T1220"
2020-12-18/a>	Jan Kopriva	A slightly optimistic tale of how patching went for CVE-2019-19781
2020-12-13/a>	Didier Stevens	KringleCon 2020
2020-12-10/a>	Xavier Mertens	Python Backdoor Talking to a C2 Through Ngrok
2020-11-21/a>	Guy Bruneau	VMware privilege escalation vulnerabilities (CVE-2020-4004, CVE-2020-4005) - https://www.vmware.com/security/advisories/VMSA-2020-0026.html
2020-10-29/a>	Johannes Ullrich	PATCH NOW: CVE-2020-14882 Weblogic Actively Exploited Against Honeypots
2020-10-28/a>	Jan Kopriva	SMBGhost - the critical vulnerability many seem to have forgotten to patch
2020-08-08/a>	Guy Bruneau	Scanning Activity Include Netcat Listener
2020-08-04/a>	Johannes Ullrich	Reminder: Patch Cisco ASA / FTD Devices (CVE-2020-3452). Exploitation Continues
2020-07-22/a>	Rick Wanner	A few IoCs related to CVE-2020-5902
2020-07-15/a>	Johannes Ullrich	PATCH NOW - SIGRed - CVE-2020-1350 - Microsoft DNS Server Vulnerability
2020-07-06/a>	Johannes Ullrich	Summary of CVE-2020-5902 F5 BIG-IP RCE Vulnerability Exploits
2020-05-19/a>	Rick Wanner	What is up on Port 62234?
2020-05-14/a>	Rob VandenBrink	Patch Tuesday Revisited - CVE-2020-1048 isn't as "Medium" as MS Would Have You Believe
2020-04-29/a>	Johannes Ullrich	Privacy Preserving Protocols to Trace Covid19 Exposure
2020-02-21/a>	Xavier Mertens	Quick Analysis of an Encrypted Compound Document Format
2020-02-18/a>	Jan Kopriva	Discovering contents of folders in Windows without permissions
2020-01-16/a>	Bojan Zdrnja	Summing up CVE-2020-0601, or the Let?s Decrypt vulnerability
2020-01-15/a>	Johannes Ullrich	CVE-2020-0601 Followup
2020-01-13/a>	Didier Stevens	Citrix ADC Exploits: Overview of Observed Payloads
2020-01-11/a>	Johannes Ullrich	Citrix ADC Exploits are Public and Heavily Used. Attempts to Install Backdoor
2020-01-07/a>	Johannes Ullrich	A Quick Update on Scanning for CVE-2019-19781 (Citrix ADC / Gateway Vulnerability)
2019-12-02/a>	Jim Clausing	Next up, what's up with TCP port 26?
2019-11-18/a>	Johannes Ullrich	SMS and 2FA: Another Reason to Move away from It.
2019-11-06/a>	Brad Duncan	More malspam pushing Formbook
2019-11-01/a>	Didier Stevens	Tip: Password Managers and 2FA
2019-10-10/a>	Rob VandenBrink	Mining Live Networks for OUI Data Oddness
2019-09-26/a>	Rob VandenBrink	Mining MAC Address and OUI Information
2019-08-01/a>	Johannes Ullrich	What is Listening On Port 9527/TCP?
2019-07-18/a>	Rob VandenBrink	The Other Side of Critical Control 1: 802.1x Wired Network Access Controls
2019-06-19/a>	Johannes Ullrich	Critical Actively Exploited WebLogic Flaw Patched CVE-2019-2729
2019-05-22/a>	Johannes Ullrich	An Update on the Microsoft Windows RDP "Bluekeep" Vulnerability (CVE-2019-0708) [now with pcaps]
2019-04-28/a>	Johannes Ullrich	Update about Weblogic CVE-2019-2725 (Exploits Used in the Wild, Patch Status)
2019-04-02/a>	Johannes Ullrich	Fake AV is Back: LaCie Network Drives Used to Spread Malware
2019-03-29/a>	Remco Verhoef	Annotating Golang binaries with Cutter and Jupyter
2019-03-15/a>	Remco Verhoef	Binary Analysis with Jupyter and Radare2
2019-03-09/a>	Guy Bruneau	A Comparison Study of SSH Port Activity - TCP 22 & 2222
2019-02-02/a>	Guy Bruneau	Scanning for WebDAV PROPFIND Exploiting CVE-2017-7269
2019-01-09/a>	Russ McRee	gganimate: Animate YouR Security Analysis
2018-12-21/a>	Lorna Hutcheson	Phishing Attempts That Bypass 2FA
2018-10-10/a>	Xavier Mertens	New Campaign Using Old Equation Editor Vulnerability
2018-10-08/a>	Guy Bruneau	Latest Release of rockNSM 2.1
2018-08-31/a>	Jim Clausing	Quickie: Using radare2 to disassemble shellcode
2018-08-20/a>	Didier Stevens	OpenSSH user enumeration (CVE-2018-15473)
2018-06-27/a>	Renato Marinho	Silently Profiling Unknown Malware Samples
2018-06-15/a>	Lorna Hutcheson	SMTP Strangeness - Possible C2
2018-06-01/a>	Remco Verhoef	Binary analysis with Radare2
2018-05-22/a>	Guy Bruneau	VMware updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue - https://www.vmware.com/security/advisories/VMSA-2018-0012.html
2018-01-19/a>	Jim Clausing	Followup to IPv6 brute force and IPv6 blocking
2017-12-27/a>	Guy Bruneau	What are your Security Challenges for 2018?
2017-10-16/a>	Johannes Ullrich	WPA2 "KRACK" Attack
2017-09-08/a>	Adrien de Beaupre	YASRV (Yet Another Struts RCE Vulnerability) yes a different one from yesterday
2017-09-05/a>	Johannes Ullrich	The Mirai Botnet: A Look Back and Ahead At What's Next
2017-05-26/a>	Lorna Hutcheson	File2pcap - A new tool for your toolkit!
2017-05-13/a>	Guy Bruneau	Microsoft Released Guidance for WannaCrypt
2017-01-30/a>	Didier Stevens	py2exe Decompiling - Part 2
2016-10-22/a>	Guy Bruneau	Request for Packets TCP 4786 - CVE-2016-6385
2016-10-10/a>	Didier Stevens	Radare2: rahash2
2016-09-15/a>	Xavier Mertens	In Need of a OTP Manager Soon?
2016-07-17/a>	Guy Bruneau	Juniper -> Junos: Self-signed certificate with spoofed trusted Issuer CN accepted as valid - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10755&actp=search
2016-07-05/a>	Johannes Ullrich	Apache Update: TLS Certificate Authentication Bypass with HTTP/2 (CVE-2016-4979)
2016-05-18/a>	Russ McRee	Resources: Windows Auditing & Monitoring, Linux 2FA
2016-03-13/a>	Guy Bruneau	A Look at the Mandiant M-Trends 2016 Report
2016-03-06/a>	Jim Clausing	Novel method for slowing down Locky on Samba server using fail2ban
2016-02-13/a>	Guy Bruneau	VMware VMSA-2015-0007.3 has been Re-released
2016-01-31/a>	Guy Bruneau	OpenSSL 1.0.2 Advisory and Update
2016-01-05/a>	Guy Bruneau	What are you Concerned the Most in 2016?
2015-10-12/a>	Guy Bruneau	Critical Vulnerability in Multiple Cisco Products - Apache Struts 2 Command Execution http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2
2015-08-12/a>	Rob VandenBrink	Wireshark 1.12.7 is released, multiple fixes. Find the release notes at: https://www.wireshark.org/docs/relnotes/wireshark-1.12.7.html and the binaries at: https://www.wireshark.org/download.html
2015-07-12/a>	Guy Bruneau	PHP 5.x Security Updates
2015-06-16/a>	John Bambenek	CVE-2014-4114 and an Interesting AV Bypass Technique
2015-04-15/a>	Johannes Ullrich	MS15-034: HTTP.sys (IIS) DoS And Possible Remote Code Execution. PATCH NOW
2015-02-05/a>	Johannes Ullrich	Adobe Flash Player Update Released, Fixing CVE 2015-0313
2015-01-27/a>	Johannes Ullrich	New Critical GLibc Vulnerability CVE-2015-0235 (aka GHOST)
2014-09-25/a>	Johannes Ullrich	Update on CVE-2014-6271: Vulnerability in bash (shellshock)
2014-09-24/a>	Pedro Bueno	Attention *NIX admins, time to patch!
2014-09-22/a>	Johannes Ullrich	Cyber Security Awareness Month: What's your favorite/most scary false positive
2014-08-23/a>	Guy Bruneau	NSS Labs Cyber Resilience Report
2014-07-07/a>	Johannes Ullrich	Multi Platform *Coin Miner Attacking Routers on Port 32764
2014-06-30/a>	Johannes Ullrich	Should I setup a Honeypot? [SANSFIRE]
2014-06-12/a>	Johannes Ullrich	Metasploit now includes module to exploit CVE-2014-0195 (OpenSSL DTLS Fragment Vuln.)
2014-05-23/a>	Richard Porter	Highlights from Cisco Live 2014 - The Internet of Everything
2014-04-08/a>	Guy Bruneau	OpenSSL CVE-2014-0160 Fixed
2014-03-24/a>	Johannes Ullrich	New Microsoft Advisory: Unpatched Word Flaw used in Targeted Attacks
2014-03-02/a>	Stephen Hall	Symantec goes yellow
2014-02-27/a>	Richard Porter	DDoS and BCP 38
2014-02-07/a>	Rob VandenBrink	New ISO Standards on Vulnerability Handling and Disclosure
2013-12-05/a>	Mark Hofman	Updated Standards Part 1 - ISO 27001
2013-11-28/a>	Rob VandenBrink	Microsoft Security Advisory (2914486): Vulnerability in Microsoft Windows Kernel 0 day exploit in wild
2013-10-25/a>	Rob VandenBrink	Kaspersky flags TCPIP.SYS as Malware
2013-10-15/a>	Rob VandenBrink	CSAM: Microsoft Logs - NPS and IAS (RADIUS)
2013-10-10/a>	Mark Hofman	CSAM Some more unusual scans
2013-10-09/a>	Johannes Ullrich	CSAM: SSL Request Logs
2013-10-02/a>	Johannes Ullrich	CSAM: Misc. DNS Logs
2013-10-01/a>	Adrien de Beaupre	CSAM! Send us your logs!
2013-10-01/a>	John Bambenek	*Metaspoit Releases Module to Exploit Unpatched IE Vuln CVE-2013-3893
2013-09-20/a>	Russ McRee	Threat Level Yellow: Protection recommendations regarding Internet Explorer exploits in the wild
2013-09-18/a>	Rob VandenBrink	Cisco DCNM Update Released
2013-09-17/a>	John Bambenek	Microsoft Releases Out-of-Band Advisory for all Versions of Internet Explorer
2013-08-16/a>	Kevin Liston	CVE-2013-2251 Apache Struts 2.X OGNL Vulnerability
2013-08-09/a>	Kevin Shortt	Copy Machines - Changing Scanned Content
2013-07-06/a>	Guy Bruneau	Microsoft July Patch Pre-Announcement
2013-06-01/a>	Guy Bruneau	Exploit Sample for Win32/CVE-2012-0158
2013-05-20/a>	Guy Bruneau	Safe - Tools, Tactics and Techniques
2013-05-09/a>	Johannes Ullrich	Microsoft released a Fix-it for the Internet Explorer 8 Vulnerability http://support.microsoft.com/kb/2847140
2013-04-25/a>	Adam Swanger	SANS 2013 Forensics Survey - https://www.surveymonkey.com/s/2013SANSForensicsSurvey
2013-04-16/a>	Rob VandenBrink	Java 7 Update 21 is available - Watch for Behaviour Changes !
2013-03-25/a>	Johannes Ullrich	IPv6 Focus Month: IPv6 over IPv4 Preference
2013-02-22/a>	Chris Mohan	PHP 5.4.12 and PHP 5.3.22 released http://www.php.net/ChangeLog-5.php
2013-02-11/a>	John Bambenek	OpenSSL 1.0.1e Released with Corrected fix for CVE-2013-1069, more here: http://www.openssl.org/
2013-01-19/a>	Guy Bruneau	Java 7 Update 11 Still has a Flaw
2013-01-10/a>	Rob VandenBrink	What Else runs Telnets? Or, Pentesters Love Video Conferencing Units Too!
2013-01-09/a>	Richard Porter	The 80's called - They Want Their Mainframe Back!
2013-01-07/a>	Adam Swanger	Please consider participating in our 2013 ISC StormCast survey at http://www.surveymonkey.com/s/stormcast
2013-01-04/a>	Guy Bruneau	"FixIt" Patch for CVE-2012-4792 Bypassed
2012-10-30/a>	Mark Hofman	Cyber Security Awareness Month - Day 30 - DSD 35 mitigating controls
2012-10-29/a>	Kevin Shortt	Cyber Security Awareness Month - Day 29 - Clear Desk: The Unacquainted Standard
2012-10-26/a>	Russ McRee	Cyber Security Awareness Month - Day 26 - Attackers use trusted domain to propagate Citadel Zeus variant
2012-10-25/a>	Richard Porter	Cyber Security Awareness Month - Day 25 - Pro Audio & Video Packets on the Wire
2012-10-24/a>	Russ McRee	Cyber Security Awareness Month - Day 24 - A Standard for Information Security Incident Management - ISO 27035
2012-10-23/a>	Rob VandenBrink	Cyber Security Awareness Month - Day 23: Character Encoding Standards - ASCII and Successors
2012-10-21/a>	Johannes Ullrich	Cyber Security Awareness Month - Day 22: Connectors
2012-10-19/a>	Johannes Ullrich	Cyber Security Awareness Month - Day 19: Standard log formats and CEE.
2012-10-18/a>	Rob VandenBrink	Cyber Security Awareness Month - Day 18 - Vendor Standards: The vSphere Hardening Guide
2012-10-17/a>	Rob VandenBrink	Cyber Security Awareness Month - Day 17 - A Standard for Risk Management - ISO 27005
2012-10-16/a>	Richard Porter	CyberAwareness Month - Day 15, Standards Body Soup (pt2), Same Soup Different Cook.
2012-10-16/a>	Johannes Ullrich	Cyber Security Awareness Month - Day 16: W3C and HTML
2012-10-14/a>	Pedro Bueno	Cyber Security Awareness Month - Day 14 - Poor Man's File Analysis System - Part 1
2012-10-13/a>	Guy Bruneau	New Poll - Cyber Security Awareness Month Activities 2012 - https://isc.sans.edu/poll.html
2012-10-12/a>	Mark Hofman	Cyber Security Awareness Month - Day 12 PCI DSS
2012-10-11/a>	Rob VandenBrink	Cyber Security Awareness Month - Day 11 - Vendor Agnostic Standards (Center for Internet Security)
2012-10-10/a>	Kevin Shortt	Cyber Security Awareness Month - Day 10 - Standard Sudo - Part Two
2012-10-09/a>	Johannes Ullrich	Cyber Security Awreness Month - Day 9 - Request for Comment (RFC)
2012-10-08/a>	Mark Hofman	Cyber Security Awareness Month - Day 8 ISO 27001
2012-10-07/a>	Tony Carothers	Cyber Security Awareness Month - Day 7 - Rollup Review of CSAM Week 1
2012-10-06/a>	Manuel Humberto Santander Pelaez	Cyber Security Awareness Month - Day 6 - NERC: The standard that enforces security on power SCADA
2012-10-05/a>	Johannes Ullrich	Cyber Security Awareness Month - Day 5: Standards Body Soup, So many Flavors in the bowl.
2012-10-04/a>	Johannes Ullrich	Cyber Security Awareness Month - Day 4: Crypto Standards
2012-10-03/a>	Kevin Shortt	Cyber Security Awareness Month - Day 3 - Standard Sudo - Part One
2012-10-02/a>	Russ McRee	Cyber Security Awareness Month - Day 2 - PCI Security Standard: Mobile Payment Acceptance Security Guidelines
2012-10-01/a>	Johannes Ullrich	Cyber Security Awareness Month
2012-09-23/a>	Tony Carothers	Update for CVE-2012-3132
2012-09-21/a>	Guy Bruneau	IE Cumulative Updates MS12-063 - KB2744842
2012-09-21/a>	Guy Bruneau	Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10 (2755801)
2012-09-09/a>	Guy Bruneau	Phishing/Spam Pretending to be from BBB
2012-07-30/a>	Guy Bruneau	End of Days for MS-CHAPv2
2012-07-18/a>	Rob VandenBrink	Vote NO to Weak Keys!
2012-07-15/a>	Guy Bruneau	Oracle July 2012 Critical Patch Pre-Release Announcement
2012-07-10/a>	Rob VandenBrink	Today at SANSFIRE (09 July 2012) - ISC Panel Discussion on the State of the Internet
2012-06-18/a>	Guy Bruneau	CVE-2012-1875 exploit is now available
2012-05-25/a>	Guy Bruneau	Technical Analysis of Flash Player CVE-2012-0779
2012-05-16/a>	Johannes Ullrich	Got Packets? Odd duplicate DNS replies from 10.x IP Addresses
2012-05-05/a>	Tony Carothers	Vulnerability Exploit for Snow Leopard
2012-04-27/a>	Mark Hofman	Microsoft has added MSSQL 2008 R2 SP1 to the list of affected software for MS12-027 (Thanks Ryan). More info here --> http://technet.microsoft.com/security/bulletin/ms12-027
2012-04-19/a>	Kevin Shortt	OpenSSL Security Advisory - CVE-2012-2110
2012-04-12/a>	Guy Bruneau	wicd Privilege Escalation 0day exploit for Backtrack 5 R2
2012-02-03/a>	Guy Bruneau	Sophos 2012 Security Threat Report
2012-01-12/a>	Rob VandenBrink	PHP 5.39 was release on the 10th, amongst other things, it addresses CVE-2011-4885 (prevents attacks based on hash collisions) and CVE-2011-4566 (integer overflow when parsing invalid exif header)
2011-12-21/a>	Johannes Ullrich	New Vulnerability in Windows 7 64 bit
2011-10-29/a>	Richard Porter	The Sub Critical Control? Evidence Collection
2011-10-28/a>	Russ McRee	Critical Control 19: Data Recovery Capability
2011-10-28/a>	Daniel Wesemann	Critical Control 20: Security Skills Assessment and Training to fill Gaps
2011-10-27/a>	Mark Baggett	Critical Control 18: Incident Response Capabilities
2011-10-26/a>	Rick Wanner	Critical Control 17:Penetration Tests and Red Team Exercises
2011-10-17/a>	Rob VandenBrink	Critical Control 11: Account Monitoring and Control
2011-10-13/a>	Guy Bruneau	Critical Control 10: Continuous Vulnerability Assessment and Remediation
2011-10-12/a>	Kevin Shortt	Critical Control 8 - Controlled Use of Administrative Privileges
2011-10-11/a>	Swa Frantzen	Critical Control 7 - Application Software Security
2011-10-10/a>	Jim Clausing	Critical Control 6 - Maintenance, Monitoring, and Analysis of Security Audit Logs
2011-10-07/a>	Mark Hofman	Critical Control 5 - Boundary Defence
2011-10-06/a>	Rob VandenBrink	Apache HTTP Server mod_proxy reverse proxy issue
2011-10-04/a>	Rob VandenBrink	Critical Control 2 - Inventory of Authorized and Unauthorized Software
2011-10-04/a>	Johannes Ullrich	Critical Control 3 - Secure Configurations for Hardware and Software on Laptops, Workstations and Servers
2011-10-03/a>	Mark Hofman	Critical Control 1 - Inventory of Authorized and Unauthorized Devices
2011-10-03/a>	Mark Baggett	What are the 20 Critical Controls?
2011-10-03/a>	Tom Liston	Security 101 : Security Basics in 140 Characters Or Less
2011-10-02/a>	Mark Hofman	Cyber Security Awareness Month Day 1/2 - Schedule
2011-10-02/a>	Mark Hofman	Cyber Security Awareness Month Day 1/2 - Introduction to the controls
2011-09-21/a>	Mark Hofman	October 2011 Cyber Security Awareness Month
2011-08-30/a>	Johannes Ullrich	A Packet Challenge: Help us identify this traffic
2011-08-15/a>	Rob VandenBrink	8 Years since the Eastern Seaboard Blackout - Has it Been that Long?
2011-08-10/a>	Guy Bruneau	Samba 3.6.0 Released
2011-06-30/a>	Rob VandenBrink	Update for RSA Authentication Manager
2011-05-22/a>	Kevin Shortt	Facebook goes two-factor
2011-04-28/a>	Chris Mohan	Gathering and use of location information fears - or is it all a bit too late
2011-04-21/a>	Guy Bruneau	Silverlight Update Available
2011-04-18/a>	John Bambenek	Wordpress.com Security Breach
2011-04-15/a>	Kevin Liston	MS11-020 (KB2508429) Upgrading from Critical to PATCH NOW
2011-04-11/a>	Johannes Ullrich	Layer 2 DoS and other IPv6 Tricks
2011-02-23/a>	Manuel Humberto Santander Pelaez	Bind DOS vulnerability (CVE-2011-0414)
2011-02-21/a>	Adrien de Beaupre	What’s New, it's Python 3.2
2011-01-08/a>	Guy Bruneau	PandaLabs 2010 Annual Report
2011-01-03/a>	Johannes Ullrich	What Will Matter in 2011
2010-12-20/a>	Guy Bruneau	Highlight of Survey Related to Issues Affecting Businesses in 2010
2010-12-20/a>	Guy Bruneau	Patch Issues with Outlook 2007
2010-12-15/a>	Manuel Humberto Santander Pelaez	HP StorageWorks P2000 G3 MSA hardcoded user
2010-11-16/a>	Guy Bruneau	OpenSSL TLS Extension Parsing Race Condition
2010-10-31/a>	Marcus Sachs	Cyber Security Awareness Month - Day 31 - Tying it all together
2010-10-30/a>	Guy Bruneau	Security Update for Shockwave Player
2010-10-30/a>	Guy Bruneau	Cyber Security Awareness Month - Day 30 - Role of the network team
2010-10-29/a>	Manuel Humberto Santander Pelaez	Cyber Security Awareness Month - Day 29- Role of the office geek
2010-10-28/a>	Rick Wanner	Cyber Security Awareness Month - Day 27 - Social Media use in the office
2010-10-28/a>	Tony Carothers	Cyber Security Awareness Month - Day 28 - Role of the employee
2010-10-28/a>	Manuel Humberto Santander Pelaez	CVE-2010-3654 - New dangerous 0-day authplay library adobe products vulnerability
2010-10-26/a>	Pedro Bueno	Cyber Security Awareness Month - Day 26 - Sharing Office Files
2010-10-25/a>	Kevin Shortt	Cyber Security Awareness Month - Day 25 - Using Home Computers for Work
2010-10-24/a>	Swa Frantzen	Cyber Security Awarenes Month - Day 24 - Using work computers at home
2010-10-23/a>	Mark Hofman	Cyber Security Awareness Month - Day 23 - The Importance of compliance
2010-10-22/a>	Daniel Wesemann	Cyber Security Awareness Month - Day 22 - Security of removable media
2010-10-21/a>	Chris Carboni	Cyber Security Awareness Month - Day 21 - Impossible Requests from the Boss
2010-10-20/a>	Jim Clausing	Cyber Security Awareness Month - Day 20 - Securing Mobile Devices
2010-10-19/a>	Rob VandenBrink	Cyber Security Awareness Month - Day 19 - Remote Access Tools
2010-10-19/a>	Rob VandenBrink	Cyber Security Awareness Month - Day 19 - Remote User VPN Tunnels - to Split or not to Split?
2010-10-19/a>	Rob VandenBrink	Cyber Security Awareness Month - Day 19 - VPN Architectures – SSL or IPSec?
2010-10-19/a>	Rob VandenBrink	Cyber Security Awareness Month - Day 19 - Remote User VPN Access – Are things getting too easy, or too hard?
2010-10-19/a>	Rob VandenBrink	Cyber Security Awareness Month - Day 19 - VPN and Remote Access Tools
2010-10-18/a>	Manuel Humberto Santander Pelaez	Cyber Security Awareness Month - Day 18 - What you should tell your boss when there's a crisis
2010-10-17/a>	Stephen Hall	Cyber Security Awareness Month - Day 17 - What a boss should and should not have access to
2010-10-15/a>	Marcus Sachs	Cyber Security Awareness Month - Day 15 - What Teachers Need to Know About Their Students
2010-10-15/a>	Guy Bruneau	Cyber Security Awareness Month - Day 16 - Securing a donated computer
2010-10-14/a>	Johannes Ullrich	Cyber Security Awareness Month - Day 14 - Securing a public computer
2010-10-13/a>	Deborah Hale	Cyber Security Awareness Month - Day 13 - Online Bullying
2010-10-12/a>	Scott Fendley	Cyber Security Awareness Month - Day 12 - Protecting and Managing Your Digital Identity On Social Media Sites
2010-10-11/a>	Rick Wanner	Cyber Security Awareness Month - Day 11 - Safe Browsing for Teens
2010-10-10/a>	Kevin Liston	Cyber Security Awareness Month - Day 10 - Safe browsing for pre-teens
2010-10-09/a>	Kevin Shortt	Cyber Security Awareness Month - Day 9 - Disposal of an Old Computer
2010-10-08/a>	Rick Wanner	Cyber Security Awareness Month - Day 8 - Patch Management and System Updates
2010-10-06/a>	Rob VandenBrink	Cyber Security Awareness Month - Day 7 - Remote Access and Monitoring Tools
2010-10-06/a>	Marcus Sachs	Cyber Security Awareness Month - Day 6 - Computer Monitoring Tools
2010-10-05/a>	Rick Wanner	Cyber Security Awareness Month - Day 5 - Sites you should stay away from
2010-10-04/a>	Daniel Wesemann	Cyber Security Awareness Month - Day 4 - Managing EMail
2010-10-03/a>	Adrien de Beaupre	Cyber Security Awareness Month - Day 3 - Recognizing phishing and online scams
2010-10-02/a>	Mark Hofman	Cyber Security Awareness Month - Day 2 - Securing the Family Network
2010-10-01/a>	Marcus Sachs	Cyber Security Awareness Month - 2010
2010-10-01/a>	Marcus Sachs	Cyber Security Awareness Month - Day 1 - Securing the Family PC
2010-09-17/a>	Robert Danford	Circa 2007 Linux Kernel Vulnerability Resurfaces (Was CVE-2007-4573, Now CVE-2010-3301)
2010-09-13/a>	Manuel Humberto Santander Pelaez	Adobe SING table parsing exploit (CVE-2010-2883) in the wild
2010-09-12/a>	Manuel Humberto Santander Pelaez	Adobe Acrobat pushstring Memory Corruption paper
2010-09-08/a>	John Bambenek	Adobe Acrobat/Reader 0-day in Wild, Adobe Issues Advisory
2010-08-25/a>	Pedro Bueno	Adobe released security update for Shockwave player that fix several CVEs: APSB1020
2010-08-22/a>	Manuel Humberto Santander Pelaez	SCADA: A big challenge for information security professionals
2010-07-29/a>	Rob VandenBrink	Snort 2.8.6.1 and Snort 2.9 Beta Released
2010-07-26/a>	Guy Bruneau	SophosLabs Released Free Tool to Validate Microsoft Shortcut
2010-07-20/a>	Manuel Humberto Santander Pelaez	LNK vulnerability now with Metasploit module implementing the WebDAV method
2010-07-20/a>	Manuel Humberto Santander Pelaez	iTunes buffer overflow vulnerability
2010-07-10/a>	Tony Carothers	Oracle July 2010 Pre-Release Announcement
2010-06-15/a>	Manuel Humberto Santander Pelaez	Microsoft Windows Help and Support Center vulnerability (CVE 2010-1885) exploit in the wild
2010-05-12/a>	Rob VandenBrink	Layer 2 Security - Private VLANs (the Story Continues ...)
2010-04-27/a>	Rob VandenBrink	Layer 2 Security - L2TPv3 for Disaster Recovery Sites
2010-04-22/a>	Guy Bruneau	MS10-025 Security Update has been Pulled
2010-04-16/a>	G. N. White	MS10-021: Encountering A Failed WinXP Update
2010-03-28/a>	Rick Wanner	Honeynet Project: 2010 Forensic Challenge #3
2010-03-10/a>	Rob VandenBrink	Microsoft re-release of KB973811 - attacks on Extended Protection for Authentication
2010-03-01/a>	Mark Hofman	Microsoft will drop support for Vista (without any Service Packs) on April 13 and support for XP SP2 ends July 13. (i.e. no more security updates). If you are still running these, it it time to update.
2010-02-23/a>	Mark Hofman	What is your firewall telling you and what is TCP249?
2010-02-21/a>	Tony Carothers	TCP Port 12174 Request For Packets
2010-02-17/a>	Rob VandenBrink	Defining Clouds - " A Cloud by any Other Name Would be a Lot Less Confusing"
2010-02-01/a>	Rob VandenBrink	NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?
2010-01-19/a>	Jim Clausing	The IE saga continues, out-of-cycle patch coming soon
2010-01-15/a>	Kevin Liston	Exploit code available for CVE-2010-0249
2010-01-12/a>	Adrien de Beaupre	PoC for CVE-2009-0689 MacOS X 10.5/10.6 vulnerability
2010-01-04/a>	Bojan Zdrnja	Sophisticated, targeted malicious PDF documents exploiting CVE-2009-4324
2009-12-29/a>	Rick Wanner	What's up with port 12174? Possible Symantec server compromise?
2009-12-07/a>	Rob VandenBrink	Layer 2 Network Protections – reloaded!
2009-11-14/a>	Adrien de Beaupre	Microsoft advisory for Windows 7 / Windows Server 2008 R2 Remote SMB DoS Exploit released
2009-11-12/a>	Rob VandenBrink	Windows 7 / Windows Server 2008 Remote SMB Exploit
2009-11-11/a>	Rob VandenBrink	Layer 2 Network Protections against Man in the Middle Attacks
2009-10-31/a>	Rick Wanner	Cyber Security Awareness Month - Day 31, ident
2009-10-30/a>	Rob VandenBrink	Cyber Security Awareness Month - Day 30 - The "Common" IPSEC VPN Protocols - IKE / ISAKMP (500/udp), ESP (IP Protocol 50), NAT-T-IKE (500/udp, 4500/udp), PPTP (tcp/1723), GRE (IP Protocol 47)
2009-10-29/a>	Kyle Haugsness	Cyber Security Awareness Month - Day 29 - dns port 53
2009-10-28/a>	Johannes Ullrich	Cyber Security Awareness Month - Day 28 - ntp (123/udp)
2009-10-25/a>	Lorna Hutcheson	Cyber Security Awareness Month - Day 25 - Port 80 and 443
2009-10-22/a>	Adrien de Beaupre	Cyber Security Awareness Month - Day 22 port 502 TCP - Modbus
2009-10-22/a>	Adrien de Beaupre	Sysinternals updates: Disk2vhd v1.1, ZoomIt v4.1, Coreinfo v2.0, VMMap v2.4
2009-10-19/a>	Daniel Wesemann	Cyber Security Awareness Month - Day 19 - ICMP
2009-10-17/a>	Rick Wanner	Cyber Security Awareness Month - Day 17 - Port 22/SSH
2009-10-16/a>	Adrien de Beaupre	Cyber Security Awareness Month - Day 16 - Port 1521 - Oracle TNS Listener
2009-10-11/a>	Mark Hofman	Cyber Security Awareness Month - Day 12 Ports 161/162 Simple Network Management Protocol (SNMP)
2009-10-09/a>	Rob VandenBrink	Cyber Security Awareness Month - Day 9 - Port 3389/tcp (RDP)
2009-10-08/a>	Johannes Ullrich	Cyber Security Awareness Month - Day 8 - Port 25 - SMTP
2009-10-06/a>	Adrien de Beaupre	Cyber Security Awareness Month - Day 6 ports 67&68 udp - bootp and dhcp
2009-10-05/a>	Adrien de Beaupre	Cyber Security Awareness Month - Day 5 port 31337
2009-09-16/a>	Bojan Zdrnja	SMB2 remote exploit released
2009-09-08/a>	Guy Bruneau	Vista/2008/Windows 7 SMB2 BSOD 0Day
2009-09-07/a>	Jim Clausing	Request for packets
2009-08-28/a>	Adrien de Beaupre	WPA with TKIP done
2009-08-08/a>	Kevin Liston	Sun OpenSSO Enterprise/Sun Access Manager XML Vulnerabilities
2009-07-12/a>	Mari Nichols	CA Apologizes for False Positive
2009-06-20/a>	Mark Hofman	G'day from Sansfire2009
2009-06-14/a>	Guy Bruneau	SANSFIRE 2009 Starts Tomorrow
2009-05-28/a>	Stephen Hall	Microsoft DirectShow vulnerability
2009-05-27/a>	donald smith	WebDAV write-up
2009-05-26/a>	Jason Lam	Vista & Win2K8 SP2 available
2009-05-02/a>	Rick Wanner	Significant increase in port 2967 traffic
2009-03-24/a>	G. N. White	CanSecWest Pwn2Own: Would IE8 have been exploitable had the event waited one more day?
2009-02-19/a>	Bojan Zdrnja	MS09-002, XML/DOC and initial infection vector
2009-02-17/a>	Bojan Zdrnja	MS09-002 exploit in the wild
2009-01-31/a>	Swa Frantzen	VMware updates
2008-11-04/a>	Marcus Sachs	Cyber Security Awareness Month 2008 - Summary and Links
2008-11-03/a>	Joel Esler	Day 34 -- Feeding The Lessons Learned Back to the Preparation Phase
2008-11-02/a>	Mari Nichols	Day 33 - Working with Management to Improve Processes
2008-11-01/a>	Koon Yaw Tan	Day 32 - What Should I Make Public?
2008-10-31/a>	Rick Wanner	Day 31 - Legal Awareness
2008-10-30/a>	Kevin Liston	Day 30 - Applying Patches and Updates
2008-10-29/a>	Deborah Hale	Day 29 - Should I Switch Software Vendors?
2008-10-28/a>	Jason Lam	Day 28 - Avoiding Finger Pointing and the Blame Game
2008-10-27/a>	Johannes Ullrich	Day 27 - Validation via Vulnerability Scanning
2008-10-25/a>	Koon Yaw Tan	Day 25 - Finding and Removing Hidden Files and Directories
2008-10-25/a>	Rick Wanner	Day 26 - Restoring Systems from Backup
2008-10-24/a>	Stephen Hall	Day 24 - Cleaning Email Servers and Clients
2008-10-22/a>	Johannes Ullrich	Day 22 - Wiping Disks and Media
2008-10-22/a>	Chris Carboni	Day 23 - Turning off Unused Services
2008-10-21/a>	Johannes Ullrich	Day 21 - Removing Bots, Keyloggers, and Spyware
2008-10-20/a>	Raul Siles	Day 20 - Eradicating a Rootkit
2008-10-19/a>	Lorna Hutcheson	Day 19 - Eradication: Forensic Analysis Tools - What Happened?
2008-10-17/a>	Patrick Nolan	Day 17 - Containing a DNS Hijacking
2008-10-17/a>	Rick Wanner	Day 18 - Containing Other Incidents
2008-10-16/a>	Mark Hofman	Day 16 - Containing a Malware Outbreak
2008-10-15/a>	Rick Wanner	Day 15 - Containing the Damage From a Lost or Stolen Laptop
2008-10-14/a>	Swa Frantzen	Day 14 - Containment: a Personal IdentityTheft Incident
2008-10-13/a>	Adrien de Beaupre	Day 13 - Containment: Containing on Production Systems Such as a Web Server
2008-10-12/a>	Mari Nichols	Day 12 Containment: Gathering Evidence That Can be Used in Court
2008-10-11/a>	Stephen Hall	Day 11 - Identification: Other Methods of Identifying an Incident
2008-10-10/a>	Marcus Sachs	Day 10 - Identification: Using Your Help Desk to Identify Security Incidents
2008-10-09/a>	Marcus Sachs	Day 9 - Identification: Log and Audit Analysis
2008-10-08/a>	Johannes Ullrich	Day 8 - Global Incident Awareness
2008-10-07/a>	Kyle Haugsness	Day 7 - Identification: Host-based Intrusion Detection Systems
2008-10-06/a>	Jim Clausing	Day 6 - Network-based Intrusion Detection Systems
2008-10-05/a>	Stephen Hall	Day 5 - Identification: Events versus Incidents
2008-10-04/a>	Marcus Sachs	Day 4 - Preparation: What Goes Into a Response Kit
2008-10-03/a>	Jason Lam	Day 3 - Preparation: Building Checklists
2008-10-02/a>	Marcus Sachs	Day 2 - Preparation: Building a Response Team
2008-10-01/a>	Marcus Sachs	Day 1 - Preparation: Policies, Management Support, and User Awareness
2008-09-30/a>	Marcus Sachs	Cyber Security Awareness Month - Daily Topics
2008-09-15/a>	donald smith	Fake antivirus 2009 and search engine results
2008-08-26/a>	John Bambenek	Active attacks using stolen SSH keys (UPDATED)
2008-08-15/a>	Jim Clausing	Another MS update that may have escaped notice
2008-04-27/a>	Marcus Sachs	What's With Port 20329?
2008-04-22/a>	donald smith	XP SP3 RC2 Available
2008-04-10/a>	Deborah Hale	Symantec Threatcon Level 2
2006-09-19/a>	Swa Frantzen	Yet another MSIE 0-day: VML
2006-09-15/a>	Swa Frantzen	MSIE DirectAnimation ActiveX 0-day update
2006-09-12/a>	Swa Frantzen	Microsoft security patches for September 2006
2000-01-02/a>	Deborah Hale	2010 A Look Back - 2011 A Look Ahead
2000-01-01/a>	Manuel Humberto Santander Pelaez	Happy New Year 2011!!!
NETWORK
2023-08-26/a>	Xavier Mertens	macOS: Who?s Behind This Network Connection?
2023-01-02/a>	Xavier Mertens	NetworkMiner 2.8 Released
2022-01-25/a>	Brad Duncan	Emotet Stops Using 0.0.0.0 in Spambot Traffic
2021-12-06/a>	Xavier Mertens	The Importance of Out-of-Band Networks
2021-06-18/a>	Daniel Wesemann	Network Forensics on Azure VMs (Part #2)
2021-06-17/a>	Daniel Wesemann	Network Forensics on Azure VMs (Part #1)
2021-01-30/a>	Guy Bruneau	PacketSifter as Network Parsing and Telemetry Tool
2019-10-16/a>	Xavier Mertens	Security Monitoring: At Network or Host Level?
2019-10-06/a>	Russ McRee	visNetwork for Network Data
2019-07-20/a>	Guy Bruneau	Re-evaluating Network Security - It is Increasingly More Complex
2019-03-27/a>	Xavier Mertens	Running your Own Passive DNS Service
2018-06-06/a>	Xavier Mertens	Converting PCAP Web Traffic to Apache Log
2017-12-02/a>	Xavier Mertens	Using Bad Material for the Good
2017-09-28/a>	Xavier Mertens	The easy way to analyze huge amounts of PCAP data
2017-02-17/a>	Rob VandenBrink	RTRBK - Router / Switch / Firewall Backups in PowerShell (tool drop)
2017-01-13/a>	Xavier Mertens	Who's Attacking Me?
2017-01-12/a>	Mark Baggett	Some tools updates
2016-05-26/a>	Xavier Mertens	Keeping an Eye on Tor Traffic
2015-04-17/a>	Didier Stevens	Memory Forensics Of Network Devices
2015-03-16/a>	Johannes Ullrich	Automatically Documenting Network Connections From New Devices Connected to Home Networks
2014-10-13/a>	Lorna Hutcheson	For or Against: Port Security for Network Access Control
2014-06-03/a>	Basil Alawi S.Taher	An Introduction to RSA Netwitness Investigator
2014-01-24/a>	Chris Mohan	Phishing via Social Media
2013-11-30/a>	Russ McRee	A review of Tubes, A Journey to the Center of the Internet
2013-07-17/a>	Johannes Ullrich	Network Solutions Outage
2013-07-13/a>	Lenny Zeltser	Decoy Personas for Safeguarding Online Identity Using Deception
2013-02-03/a>	Lorna Hutcheson	Is it Really an Attack?
2012-12-31/a>	Manuel Humberto Santander Pelaez	How to determine which NAC solutions fits best to your needs
2012-08-30/a>	Bojan Zdrnja	Analyzing outgoing network traffic (part 2)
2012-08-23/a>	Bojan Zdrnja	Analyzing outgoing network traffic
2012-04-06/a>	Johannes Ullrich	Social Share Privacy
2011-08-05/a>	Johannes Ullrich	Microsoft Patch Tuesday Advance Notification: 13 Bulletins coming http://www.microsoft.com/technet/security/Bulletin/MS11-aug.mspx
2011-05-25/a>	Lenny Zeltser	Monitoring Social Media for Security References to Your Organization
2011-02-14/a>	Lorna Hutcheson	Network Visualization
2011-01-23/a>	Richard Porter	Crime is still Crime!
2010-12-21/a>	Rob VandenBrink	Network Reliability, Part 2 - HSRP Attacks and Defenses
2010-11-22/a>	Lenny Zeltser	Brand Impersonations On-Line: Brandjacking and Social Networks
2010-11-08/a>	Manuel Humberto Santander Pelaez	Network Security Perimeter: How to choose the correct firewall and IPS for your environment?
2010-09-16/a>	Johannes Ullrich	Facebook "Like Pages"
2010-08-05/a>	Rob VandenBrink	Access Controls for Network Infrastructure
2010-07-07/a>	Kevin Shortt	Facebook, Facebook, What Do YOU See?
2010-06-10/a>	Deborah Hale	Top 5 Social Networking Media Risks
2010-04-18/a>	Guy Bruneau	Some NetSol hosted sites breached
2009-12-07/a>	Rob VandenBrink	Layer 2 Network Protections – reloaded!
2009-11-25/a>	Jim Clausing	Tool updates
2009-11-11/a>	Rob VandenBrink	Layer 2 Network Protections against Man in the Middle Attacks
2009-08-13/a>	Jim Clausing	New and updated cheat sheets
2009-08-03/a>	Mark Hofman	Switch hardening on your network
2009-07-28/a>	Adrien de Beaupre	YYAMCCBA
2009-05-28/a>	Jim Clausing	Stego in TCP retransmissions
2009-05-18/a>	Rick Wanner	Cisco SAFE Security Reference Guide Updated
2008-04-07/a>	John Bambenek	Network Solutions Technical Difficulties? Enom too
PROTECTIONS
2009-12-07/a>	Rob VandenBrink	Layer 2 Network Protections – reloaded!
2009-11-11/a>	Rob VandenBrink	Layer 2 Network Protections against Man in the Middle Attacks
2009-10-30/a>	Rob VandenBrink	New version of NIST 800-41, Firewalls and Firewall Policy Guidelines
BROADCAST
2009-12-07/a>	Rob VandenBrink	Layer 2 Network Protections – reloaded!
MACOF
2009-12-07/a>	Rob VandenBrink	Layer 2 Network Protections – reloaded!
FLOOD
2009-12-07/a>	Rob VandenBrink	Layer 2 Network Protections – reloaded!
2008-07-15/a>	Maarten Van Horenbeeck	Bot controller mimicry
2008-06-13/a>	Johannes Ullrich	Floods: More of the same (2)
MAC
2024-01-22/a>	Johannes Ullrich	Apple Updates Everything - New 0 Day in WebKit
2024-01-19/a>	Xavier Mertens	macOS Python Script Replacing Wallet Applications with Rogue Apps
2023-12-11/a>	Johannes Ullrich	Apple Patches Everything
2023-09-26/a>	Johannes Ullrich	Apple Releases MacOS Sonoma Including Numerous Security Patches
2023-09-11/a>	Johannes Ullrich	Apple fixes 0-Day Vulnerability in Older Operating Systems
2023-09-07/a>	Johannes Ullrich	Apple Releases iOS/iPadOS 16.6.1, macOS 13.5.2, watchOS 9.6.2 fixing two zeroday vulnerabilities
2023-08-26/a>	Xavier Mertens	macOS: Who?s Behind This Network Connection?
2023-06-22/a>	Johannes Ullrich	Apple Patches Exploited Vulnerabilities in iOS/iPadOS, macOS, watchOS and Safari
2023-04-07/a>	Johannes Ullrich	Apple Patching Two 0-Day Vulnerabilities in iOS and macOS
2023-03-27/a>	Johannes Ullrich	Apple Updates Everything (including Studio Display)
2022-07-26/a>	Xavier Mertens	How is Your macOS Security Posture?
2022-07-20/a>	Johannes Ullrich	Apple Patches Everything Day
2022-04-20/a>	Brad Duncan	"aa" distribution Qakbot (Qbot) infection with DarkVNC traffic
2022-03-31/a>	Johannes Ullrich	Apple Patches Actively Exploited Vulnerability in macOS, iOS and iPadOS,
2022-03-25/a>	Xavier Mertens	XLSB Files: Because Binary is Stealthier Than XML
2022-03-14/a>	Johannes Ullrich	Apple Updates Everything: MacOS 12.3, XCode 13.3, tvOS 15.4, watchOS 8.5, iPadOS 15.4 and more
2022-02-10/a>	Johannes Ullrich	iOS/iPadOS and MacOS Update: Single WebKit 0-Day Vulnerability Patched
2022-01-27/a>	Johannes Ullrich	Apple Patches Everything
2022-01-22/a>	Xavier Mertens	Mixed VBA & Excel4 Macro In a Targeted Excel Sheet
2021-12-28/a>	Russ McRee	LotL Classifier tests for shells, exfil, and miners
2021-12-20/a>	Jan Kopriva	PowerPoint attachments, Agent Tesla and code reuse in malware
2021-12-02/a>	Brad Duncan	TA551 (Shathak) pushes IcedID (Bokbot)
2021-09-23/a>	Xavier Mertens	Excel Recipe: Some VBA Code with a Touch of Excel4 Macro
2021-09-01/a>	Brad Duncan	STRRAT: a Java-based RAT that doesn't care if you have Java
2021-08-06/a>	Xavier Mertens	Malicious Microsoft Word Remains A Key Infection Vector
2021-04-23/a>	Xavier Mertens	Malicious PowerPoint Add-On: "Small Is Beautiful"
2021-03-12/a>	Guy Bruneau	Microsoft DHCP Logs Shipped to ELK
2021-03-03/a>	Brad Duncan	Qakbot infection with Cobalt Strike
2021-02-25/a>	Daniel Wesemann	Forensicating Azure VMs
2021-02-23/a>	Jan Kopriva	Qakbot in a response to Full Disclosure post
2021-02-05/a>	Xavier Mertens	VBA Macro Trying to Alter the Application Menus
2021-02-03/a>	Brad Duncan	Excel spreadsheets push SystemBC malware
2021-02-02/a>	Xavier Mertens	New Example of XSL Script Processing aka "Mitre T1220"
2021-01-26/a>	Brad Duncan	TA551 (Shathak) Word docs push Qakbot (Qbot)
2021-01-20/a>	Brad Duncan	Qakbot activity resumes after holiday break
2021-01-14/a>	Bojan Zdrnja	Dynamically analyzing a heavily obfuscated Excel 4 macro malicious file
2021-01-13/a>	Brad Duncan	Hancitor activity resumes after a hoilday break
2020-12-22/a>	Xavier Mertens	Malware Victim Selection Through WiFi Identification
2020-12-09/a>	Brad Duncan	Recent Qakbot (Qbot) activity
2020-11-20/a>	Xavier Mertens	Malicious Python Code and LittleSnitch Detection
2020-11-09/a>	Xavier Mertens	How Attackers Brush Up Their Malicious Scripts
2020-10-26/a>	Didier Stevens	Excel 4 Macros: "Abnormal Sheet Visibility"
2020-10-14/a>	Brad Duncan	More TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-09-23/a>	Xavier Mertens	Malicious Word Document with Dynamic Content
2020-09-18/a>	Xavier Mertens	A Mix of Python & VBA in a Malicious Word Document
2020-09-10/a>	Brad Duncan	Recent Dridex activity
2020-09-09/a>	Johannes Ullrich	A First Look at macOS 11 Big Sur Network Traffic (New! Now with more GREASE!)
2020-08-26/a>	Xavier Mertens	Malicious Excel Sheet with a NULL VT Score
2020-08-19/a>	Xavier Mertens	Example of Word Document Delivering Qakbot
2020-08-07/a>	Brad Duncan	TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-08-06/a>	Xavier Mertens	A Fork of the FTCode Powershell Ransomware
2020-08-03/a>	Xavier Mertens	Powershell Bot with Multiple C2 Protocols
2020-07-15/a>	Brad Duncan	Word docs with macros for IcedID (Bokbot)
2020-07-11/a>	Guy Bruneau	VMware XPC Client validation privilege escalation vulnerability - https://www.vmware.com/security/advisories/VMSA-2020-0017.html
2020-07-10/a>	Brad Duncan	Excel spreasheet macro kicks off Formbook infection
2020-07-04/a>	Russ McRee	Happy FouRth of July from the Internet Storm Center
2020-06-12/a>	Xavier Mertens	Malicious Excel Delivering Fileless Payload
2020-06-10/a>	Brad Duncan	Job application-themed malspam pushes ZLoader
2020-06-01/a>	Didier Stevens	XLMMacroDeobfuscator: An Update
2020-05-20/a>	Brad Duncan	Microsoft Word document with malicious macro pushes IcedID (Bokbot)
2020-04-05/a>	Guy Bruneau	Maldoc XLS Invoice with Excel 4 Macros
2020-03-29/a>	Didier Stevens	Obfuscated Excel 4 Macros
2020-03-18/a>	Brad Duncan	Trickbot gtag red5 distributed as a DLL file
2020-03-09/a>	Didier Stevens	Malicious Spreadsheet With Data Connection and Excel 4 Macros
2020-03-06/a>	Xavier Mertens	A Safe Excel Sheet Not So Safe
2020-02-24/a>	Didier Stevens	Maldoc: Excel 4 Macros and VBA, Devil and Angel?
2020-02-23/a>	Didier Stevens	Maldoc: Excel 4 Macros in OOXML Format
2020-02-21/a>	Xavier Mertens	Quick Analysis of an Encrypted Compound Document Format
2020-01-22/a>	Brad Duncan	German language malspam pushes Ursnif
2020-01-09/a>	Xavier Mertens	Quick Analyzis of a(nother) Maldoc
2019-12-11/a>	Brad Duncan	German language malspam pushes yet another wave of Trickbot
2019-12-04/a>	Jan Kopriva	Analysis of a strangely poetic malware
2019-10-02/a>	Brad Duncan	A recent example of Emotet malspam
2019-09-26/a>	Rob VandenBrink	Mining MAC Address and OUI Information
2019-09-18/a>	Brad Duncan	Emotet malspam is back
2019-07-08/a>	Didier Stevens	Machine Code? No!
2019-07-04/a>	Didier Stevens	Machine Code?
2019-06-18/a>	Brad Duncan	Malspam with password-protected Word docs pushing Dridex
2019-03-17/a>	Didier Stevens	Video: Maldoc Analysis: Excel 4.0 Macro
2019-03-16/a>	Didier Stevens	Maldoc: Excel 4.0 Macros
2019-03-13/a>	Brad Duncan	Malspam pushes Emotet with Qakbot as the follow-up malware
2019-01-24/a>	Brad Duncan	Malspam with Word docs uses macro to run Powershell script and steal system data
2018-12-18/a>	Brad Duncan	Malspam links to password-protected Word docs that push IcedID (Bokbot)
2018-11-27/a>	Xavier Mertens	More obfuscated shell scripts: Fake MacOS Flash update
2018-11-15/a>	Brad Duncan	Emotet infection with IcedID banking Trojan
2018-11-04/a>	Pasquale Stirparo	Beyond good ol' LaunchAgent - part 1
2018-10-21/a>	Pasquale Stirparo	Beyond good ol’ LaunchAgent - part 0
2018-08-24/a>	Xavier Mertens	Microsoft Publisher Files Delivering Malware
2018-06-29/a>	Remco Verhoef	Crypto community target of MacOS malware
2018-05-25/a>	Xavier Mertens	Antivirus Evasion? Easy as 1,2,3
2018-05-23/a>	Remco Verhoef	Track naughty and nice binaries with Google Santa
2018-05-01/a>	Xavier Mertens	Diving into a Simple Maldoc Generator
2017-12-19/a>	Xavier Mertens	Example of 'MouseOver' Link in a Powerpoint File
2017-12-16/a>	Xavier Mertens	Microsoft Office VBA Macro Obfuscation via Metadata
2017-11-15/a>	Xavier Mertens	If you want something done right, do it yourself!
2017-09-19/a>	Jim Clausing	New tool: mac-robber.py
2017-02-26/a>	Guy Bruneau	It is Tax Season - Watch out for Suspicious Attachment
2016-09-30/a>	Xavier Mertens	Another Day, Another Malicious Behaviour
2015-02-19/a>	Daniel Wesemann	Macros? Really?!
2014-01-24/a>	Chris Mohan	Security Update for OS X for CVE-2014-1252 http://support.apple.com/kb/HT6117
2013-12-17/a>	Adrien de Beaupre	Apple security updates Mac OS X and Safari
2013-10-22/a>	Richard Porter	Greenbone and OpenVAS Scanner
2013-10-02/a>	John Bambenek	Obamacare related domain registration spike, Government shutdown domain registration beginning
2013-09-10/a>	Swa Frantzen	Macs need to patch too!
2013-08-09/a>	Kevin Shortt	Copy Machines - Changing Scanned Content
2013-03-02/a>	Scott Fendley	Apple Blocks Older Insecure Versions of Flash Player
2012-07-05/a>	Adrien de Beaupre	New OS X trojan backdoor MaControl variant reported
2012-05-05/a>	Tony Carothers	Vulnerability Exploit for Snow Leopard
2012-04-12/a>	Guy Bruneau	Apple Java Updates for Mac OS X
2012-02-24/a>	Guy Bruneau	Flashback Trojan in the Wild
2012-02-04/a>	Scott Fendley	Apple Security Advisory 2012-001 v1.1
2011-08-05/a>	donald smith	New Mac Trojan: BASH/QHost.WB
2011-06-23/a>	Jim Clausing	Apple Security Updates 2011-004
2011-06-15/a>	Pedro Bueno	Hit by MacDefender, Apple Web Security (name your Mac FakeAV here)...
2011-05-26/a>	Swa Frantzen	MacDefender ups the ante with removing the password need for installation
2011-05-06/a>	Richard Porter	Unpatched Exploit: Skype for MAC
2010-11-16/a>	Guy Bruneau	Mac OS X Server v10.6.5 (10H575) Security Update: http://support.apple.com/kb/HT4452
2010-06-17/a>	Deborah Hale	Digital Copy Machines - Security Risk?
2010-06-15/a>	Manuel Humberto Santander Pelaez	Apple releases advisory for Mac OS X - Multiple vulnerabilities discovered
2010-03-29/a>	Adrien de Beaupre	APPLE-SA-2010-03-29-1 Security Update 2010-002 / Mac OS X v10.6.3
2010-02-05/a>	Jim Clausing	Memory Analysis - time to move beyond XP
2010-01-12/a>	Adrien de Beaupre	PoC for CVE-2009-0689 MacOS X 10.5/10.6 vulnerability
2009-12-07/a>	Rob VandenBrink	Layer 2 Network Protections – reloaded!
2009-11-09/a>	Guy Bruneau	Apple Security Update 2009-006 for Mac OS X v10.6.2
2009-01-24/a>	Pedro Bueno	Identifying and Removing the iWork09 Trojan
2008-07-17/a>	Mari Nichols	Firefox Releases 3.0.1 and fixes 3 security vulnerabilities
2008-04-30/a>	Bojan Zdrnja	(Minor) evolution in Mac DNS changer malware
2008-04-02/a>	Adrien de Beaupre	When is a DMG file not a DMG file
2006-12-12/a>	Swa Frantzen	Microsoft Office 2004 - Mac OS X updated
2006-11-29/a>	Toby Kohlenberg	New Vulnerability Announcement and patches from Apple

LAYER 2 NETWORK PROTECTIONS BROADCAST MACOF FLOOD MAC

LAYER

2

NETWORK

PROTECTIONS

BROADCAST

MACOF

FLOOD

MAC