Back to Handlers
- Code & Data Reuse in the Malware Ecosystem
- My Little DoH Setup
- Abusing Web Filters Misconfiguration for Reconnaissance
- Microsoft Apps Diverted from Their Main Use
- Keep an Eye on Remote Access to Mailboxes
- Generating PCAP Files from YAML
- Quick Malicious VBS Analysis
- Security Monitoring: At Network or Host Level?
- "Lost_Files" Ransomware
- New Scans for Polycom Autoconfiguration Files
- Huge Amount of remotewebaccess.com Sites Found in Certificate Transparency Logs
- Blacklisting or Whitelisting in the Right Way
- Agent Tesla Trojan Abusing Corporate Email Accounts
- Rig Exploit Kit Delivering VBScript
- Blocking Firefox DoH with Bind
- PowerShell Script with a builtin DLL
- Private IP Addresses in Malware Samples?
- Malware Dropping a Local Node.js Instance
- Malware Samples Compiling Their Next Stage on Premise
- Simple Mimikatz & RDPWrapper Dropper
- 100% JavaScript Phishing Page
- May People Be Considered as IOC?
- Malicious PHP Script Back on Stage?
- Analyzis of DNS TXT Records
- Russian Dolls Malicious Script Delivering Ursnif
- Malicious Script With Multiple Payloads
- Using a Travel Packing App for Infosec Purpose
- Interesting JavaScript Obfuscation Example
- Keep an Eye on Your WMI Logs
- Behavioural Malware Analysis with Microsoft ASA
- The Risk of Authenticated Vulnerability Scans
- From Phishing To Ransomware?
- DSSuite - A Docker Container with Didier's Tools
- Another Day, Another Suspicious UDF File
- Malware Sample Delivered Through UDF Image
- New Waves of Scans Detected by an Old Rule
- Running your Own Passive DNS Service
- New Wave of Extortion Emails: Central Intelligence Agency Case
- Keep an Eye on Disposable Email Addresses
- Simple Powershell Keyloggers are Back
- Old H-Worm Delivered Through GitHub
- Suspicious PDF Connecting to a Remote SMB Share
- Phishing Kit with JavaScript Keylogger
- Tracking Unexpected DNS Changes
- DNS Firewalling with MISP
- Malicious Script Leaking Data via FTP
- Using OSSEC Active-Response as a DFIR Framework
- Microsoft OOB Patch for Internet Explorer: Scripting Engine Memory Corruption Vulnerability
- Restricting PowerShell Capabilities with NetSh
- Phishing Attack Through Non-Delivery Notification
- More obfuscated shell scripts: Fake MacOS Flash update
- Obfuscated bash script targeting QNap boxes
- Divided Payload in Multiple Pasties
- VMware Affected by Dell EMC Avamar Vulnerability
- Querying DShield from Cortex
- The Challenge of Managing Your Digital Library
- Quickly Investigating Websites with Lookyloo
- Basic Obfuscation With Permissive Languages
- Malicious Powershell Script Dissection
- Dissecting Malicious Office Documents with Linux
- Diving into Malicious AutoIT Code
- Malicious Powershell using a Decoy Picture
- More Equation Editor Exploit Waves
- New Campaign Using Old Equation Editor Vulnerability
- "OG" Tools Remain Valuable
- More Excel DDE Code Injection
- Hunting for Suspicious Processes with OSSEC
- Malware Delivered Through MHT Files
- Crypto Mining in a Windows Headless Browser
- Malicious PowerShell Compiling C# Code on the Fly
- 3D Printers in The Wild, What Can Go Wrong?
- Crypto Mining Is More Popular Than Ever!
- Microsoft Publisher Files Delivering Malware
- Simple Phishing Through formcrafts.com
- Malicious DLL Loaded Through AutoIT
- Truncating Payloads and Anonymizing PCAP files
- Exploiting the Power of Curl
- Windows Batch File Deobfuscation
- Searching for Geographically Improbable Login Attempts
- Cryptominer Delivered Though Compromized JavaScript File
- Are Your Hunting Rules Still Working?
- PowerShell: ScriptBlock Logging... Or Not?
- Malicious JavaScript Targeting Mobile Browsers
- A Bunch of Compromized Wordpress Sites
- Converting PCAP Web Traffic to Apache Log
- Malicious Post-Exploitation Batch File
- Antivirus Evasion? Easy as 1,2,3
- "Blocked" Does Not Mean "Forget It"
- Malware Distributed via .slk Files
- Malicious Powershell Targeting UK Bank Customers
- Nice Phishing Sample Delivering Trickbot
- Adding Persistence Via Scheduled Tasks
- Diving into a Simple Maldoc Generator
- Malicious Network Traffic From /bin/bash
- The real value of an IOC?
- Webshell looking for interesting files
- A Suspicious Use of certutil.exe
- How are Your Vulnerabilities?
- Windows IRC Bot in the Wild
- Extending Hunting Capabilities in Your Network
- Automatic Hunting for Malicious Files Crossing your Network
- Surge in blackmailing?
- Administrator's Password Bad Practice
- Payload delivery via SMB
- CRIMEB4NK IRC Bot
- Malicious Bash Script with Multiple Features
- The Crypto Miners Fight For CPU Cycles
- Reminder: Beware of the "Cloud"
- Common Patterns Used in Phishing Campaigns Files
- Malware Delivered via Windows Installer Files
- Simple but Effective Malicious XLS Sheet
- Adaptive Phishing Kit
- Investigating Microsoft BITS Activity
- Ransomware as a Service
- Comment your Packet Captures!
- Mining or Nothing!
- 2017, The Flood of CVEs
- Example of 'MouseOver' Link in a Powerpoint File
- Microsoft Office VBA Macro Obfuscation via Metadata
- Tracking Newly Registered Domains
- StartSSL: Termination of Services is Now Scheduled
- Using Bad Material for the Good
- Phishing Kit (Ab)Using Cloud Services
- Apple High Sierra Uses a Passwordless Root Account
- Fileless Malicious PowerShell Sample
- Proactive Malicious Domain Search
- Top-100 Malicious IP STIX Feed
- Suspicious Domains Tracking Dashboard
- If you want something done right, do it yourself!
- Keep An Eye on your Root Certificates
- Interesting VBA Dropper
- Simple Analysis of an Obfuscated JAR File
- Some Powershell Malicious Code
- BadRabbit: New ransomware wave hitting RU & UA
- Stop relying on file extensions
- Version control tools aren't only for Developers
- Base64 All The Things!
- Investigating Security Incidents with Passive DNS
- The easy way to analyze huge amounts of PCAP data
- Getting some intelligence from malspam
- Another webshell, another backdoor!
- AutoIT based malware back in the wild
- Malicious AutoIT script delivered in a self-extracting RAR file
- Malicious script dropping an executable signed by Avast?
- Defang all the things!
- Maldoc with auto-updated link
- Analysis of a Paypal phishing kit
- Increase of phpMyAdmin scans
- TinyPot, My Small Honeypot
- Bots Searching for Keys & Config Files
- Backup Scripts, the FIM of the Poor
- A VBScript with Obfuscated Base64 Data
- Obfuscating without XOR
- Systemd Could Fallback to Google DNS?
- Phishing Campaigns Follow Trends
- Sharing Private Data with Webcast Invitations
- Critical Vulnerability in Samba from 3.5.0 onwards
- Typosquatting: Awareness and Hunting
- My Little CVE Bot
- Massive wave of ransomware ongoing
- When Bad Guys are Pwning Bad Guys...
- The story of the CFO and CEO...
- HTTP Headers... the Achilles' heel of many applications
- Another Day, Another Obfuscation Technique
- Analysis of a Maldoc with Multiple Layers of Obfuscation
- DNS Query Length... Because Size Does Matter
- Hunting for Malicious Excel Sheets
- Tracking Website Defacers with HTTP Referers
- Whitelists: The Holy Grail of Attackers
- Pro & Con of Outsourcing your SOC
- Diverting built-in features for the bad
- Critical VMware vulnerabilities disclosed
- Logical & Physical Security Correlation
- Nicely Obfuscated JavaScript Sample
- Searching for Base64-encoded PE Files
- Example of Multiple Stages Dropper
- Retro Hunting!
- The Side Effect of GeoIP Filters
- Not All Malware Samples Are Complex
- How your pictures may affect your website reputation
- Amazon S3 Outage
- Analysis of a Simple PHP Backdoor
- How was your stay at the Hotel La Playa?
- Analysis of a Suspicious Piece of JavaScript
- Many Malware Samples Found on Pastebin
- Detecting Undisclosed Vulnerabilities with Security Tools & Features
- Quick Analysis of Data Left Available by Attackers
- IOC's: Risks of False Positive Alerts Flood Ahead
- Malicious SVG Files in the Wild
- Backup Files Are Good but Can Be Evil
- Who's Attacking Me?
- Using Security Tools to Compromize a Network
- Ongoing Scans Below the Radar
- UAC Bypass in JScript Dropper
- The Passwords You Should Never Use
- Free Software Quick Security Checklist
- Example of Getting Analysts & Researchers Away
- Full Packet Capture for Dummies
- Another Day, Another Spam...
- Spam Delivered via .ICS Files
- WiFi Still Remains a Good Attack Vector
- Another Day, Another Malicious Behaviour
- SNMP Pwn3ge
- In Need of a OTP Manager Soon?
- Ongoing IMAP Scan, Anyone Else?
- Collecting Users Credentials from Locked Devices
- Malware Delivered via '.pub' Files
- Maxmind.com (Ab)used As Anti-Analysis Technique
- Out-of-Band iOS Patch Fixes 0-Day Vulnerabilities
- Example of Targeted Attack Through a Proxy PAC File
- Voice Message Notifications Deliver Ransomware
- Data Classification For the Masses
- Analyze of a Linux botnet client source code
- Critical Xen PV guests vulnerabilities
- Name All the Things!
- The Power of Web Shells
- Drupal: Patch released today to fix a highly critical RCE in contributed modules
- Hunting for Malicious Files with MISP + OSSEC
- Phishing Campaign with Blurred Images
- Ongoing Spam Campaign Related to Swift
- Using Your Password Manager to Monitor Data Leaks
- Offensive or Defensive Security? Both!
- Docker Containers Logging
- Keeping an Eye on Tor Traffic
- MISP - Malware Information Sharing Platform
- Another Day, Another Wave of Phishing Emails
- Microsoft BITS Used to Download Payloads
- Windows Command Line Persistence?
- What to watch with your FIM?
- Improving Bash Forensics Capabilities
- IP Addresses Triage
- Dockerized DShield SSH Honeypot
- SSH Honeypots (Ab)used as Proxy
- OSX Ransomware Spread via a Rogue BitTorrent Client Installer
- Another Malicious Document, Another Way to Deliver Malicious Code
- Quick Audit of *NIX Systems
- Analyzis of a Malicious .lnk File with an Embedded Payload
- VMware VMSA-2016-0002
- Reducing False Positives with Open Data Sources
- Hunting for Executable Code in Windows Environments
- More Malicious JavaScript Obfuscation
- EMET 5.5 Released
- Automating Vulnerability Scans
- All CVE Details at Your Fingertips
- Scripting Web Categorization
- /tmp, %TEMP%, ~/Desktop, T:\, ... A goldmine for pentesters!
- JavaScript Deobfuscation Tool
- Virtual Bitlocker Containers
- Hunting for Juicy Information
- Unity Makes Strength
- Playing With Sandboxes Like a Boss
- Enforcing USB Storage Policy with PowerShell
- Tracking SSL Certificates
- Automatic MIME attachments triage
- SIEM is not a product, its a process...
- Analyze of a malicious Word document with an embedded payload
- Tracking HTTP POST data with ELK
- USB cleaning device for the masses
- Victim of its own success and (ab)used by malwares
- The "Yes, but..." syndrome
- AV Phone Scan via Fake BSOD Web Pages
- Cyber Security Awareness Month... Through Proverbs
- Tracking Privileged Accounts in Windows Environments
- Detecting XCodeGhost Activity
- The Wordpress Plugins Playground
- Feeding DShield with OSSEC Logs
- Hunting for IOC's with ioc-parser
- Port Scanners: The Good and The Bad
- Querying the DShield API from RTIR
- Detecting file changes on Microsoft systems with FCIV