Internet Storm Center
Sign In
Sign Up
Participate: Learn more about our honeypot network
https://isc.sans.edu/tools/honeypot/
Handler on Duty:
Guy Bruneau
Threat Level:
green
Date
Author
Title
2023-03-12
Guy Bruneau
AsynRAT Trojan - Bill Payment (Pago de la factura)
2023-02-04
Guy Bruneau
Assemblyline as a Malware Analysis Sandbox
2023-01-28
Didier Stevens
Sysinternals Updates: RDCMan v2.92, Sysmon v14.14, and ZoomIt v6.12
2023-01-26
Tom Webb
Live Linux IR with UAC
2023-01-17
Johannes Ullrich
Packet Tuesday: IPv6 Router Advertisements https://www.youtube.com/watch?v=uRWpB_lYIZ8
2022-12-20
Xavier Mertens
Linux File System Monitoring & Actions
2022-12-19
Xavier Mertens
Hunting for Mastodon Servers
2022-12-17
Didier Stevens
CyberChef & Entropy
2022-11-10
Xavier Mertens
Do you collect "Observables" or "IOCs"?
2022-11-02
Rob VandenBrink
Breakpoints in Burp
2022-10-30
Didier Stevens
Sysinternals Updates: Process Explorer v17.0, Handle v5.0, Process Monitor v3.92 and Sysmon v14.11
2022-10-19
Xavier Mertens
Are Internet Scanning Services Good or Bad for You?
2022-10-04
Johannes Ullrich
Credential Harvesting with Telegram API
2022-08-28
Didier Stevens
Sysinternals Updates: Sysmon v14.0 and ZoomIt v6.01
2022-08-23
Xavier Mertens
Who's Looking at Your security.txt File?
2022-07-23
Guy Bruneau
Analysis of SSH Honeypot Data with PowerBI
2022-06-17
Bojan Zdrnja
Critical vulnerability in Splunk Enterprise?s deployment server functionality
2022-06-02
Johannes Ullrich
Quick Answers in Incident Response: RECmd.exe
2022-06-01
Jan Kopriva
HTML phishing attachments - now with anti-analysis features
2022-05-23
Johannes Ullrich
Attacker Scanning for jQuery-File-Upload
2022-05-03
Rob VandenBrink
Finding the Real "Last Patched" Day (Interim Version)
2022-03-27
Didier Stevens
Video: Maldoc Cleaned by Anti-Virus
2022-03-22
Johannes Ullrich
Statement by President Biden: What you need to do (or not do)
2022-03-15
Xavier Mertens
Clean Binaries with Suspicious Behaviour
2022-03-10
Xavier Mertens
Credentials Leaks on VirusTotal
2022-02-14
Johannes Ullrich
Reminder: Decoding TLS Client Hellos to non TLS servers
2022-02-01
Xavier Mertens
Automation is Nice But Don't Replace Your Knowledge
2022-01-29
Guy Bruneau
SIEM In this Decade, Are They Better than the Last?
2021-12-31
Jan Kopriva
Do you want your Agent Tesla in the 300 MB or 8 kB package?
2021-12-30
Brad Duncan
Agent Tesla Updates SMTP Data Exfiltration Technique
2021-12-20
Jan Kopriva
PowerPoint attachments, Agent Tesla and code reuse in malware
2021-12-16
Brad Duncan
How the "Contact Forms" campaign tricks people
2021-12-06
Xavier Mertens
The Importance of Out-of-Band Networks
2021-11-18
Xavier Mertens
JavaScript Downloader Delivers Agent Tesla Trojan
2021-11-08
Xavier Mertens
(Ab)Using Security Tools & Controls for the Bad
2021-11-04
Tom Webb
Xmount for Disk Images
2021-10-31
Didier Stevens
Sysinternals: Autoruns and Sysmon updates
2021-10-20
Xavier Mertens
Thanks to COVID-19, New Types of Documents are Lost in The Wild
2021-10-18
Xavier Mertens
Malicious PowerShell Using Client Certificate Authentication
2021-09-24
Xavier Mertens
Keep an Eye on Your Users Mobile Devices (Simple Inventory)
2021-09-09
Johannes Ullrich
Updates to Our Datafeeds/API
2021-08-21
Didier Stevens
New Versions Of Sysinternals Tools
2021-08-19
Johannes Ullrich
When Lightning Strikes. What works and doesn't work.
2021-08-01
Didier Stevens
procdump Version 10.1
2021-07-08
Xavier Mertens
Using Sudo with Python For More Security Controls
2021-07-06
Xavier Mertens
Python DLL Injection Check
2021-06-30
Johannes Ullrich
CVE-2021-1675: Incomplete Patch and Leaked RCE Exploit
2021-06-30
Brad Duncan
June 2021 Forensic Contest: Answers and Analysis
2021-06-24
Xavier Mertens
Do you Like Cookies? Some are for sale!
2021-05-30
Didier Stevens
Sysinternals: Procmon, Sysmon, TcpView and Process Explorer update
2021-05-29
Guy Bruneau
Spear-phishing Email Targeting Outlook Mail Clients
2021-05-21
Xavier Mertens
Locking Kernel32.dll As Anti-Debugging Technique
2021-05-12
Jan Kopriva
Number of industrial control systems on the internet is lower then in 2020...but still far from zero
2021-05-08
Guy Bruneau
Who is Probing the Internet for Research Purposes?
2021-05-02
Didier Stevens
PuTTY And FileZilla Use The Same Fingerprint Registry Keys
2021-04-23
Xavier Mertens
Malicious PowerPoint Add-On: "Small Is Beautiful"
2021-04-22
Xavier Mertens
How Safe Are Your Docker Images?
2021-03-17
Xavier Mertens
Defenders, Know Your Operating System Like Attackers Do!
2021-03-10
Rob VandenBrink
SharpRDP - PSExec without PSExec, PSRemoting without PowerShell
2021-03-06
Xavier Mertens
Spotting the Red Team on VirusTotal!
2021-02-26
Guy Bruneau
Pretending to be an Outlook Version Update
2021-02-12
Xavier Mertens
AgentTesla Dropped Through Automatic Click in Microsoft Help File
2021-02-11
Jan Kopriva
Agent Tesla hidden in a historical anti-malware tool
2021-01-15
Guy Bruneau
Obfuscated DNS Queries
2021-01-02
Guy Bruneau
Protecting Home Office and Enterprise in 2021
2020-12-29
Jan Kopriva
Want to know what's in a folder you don't have a permission to access? Try asking your AV solution...
2020-12-08
Johannes Ullrich
December 2020 Microsoft Patch Tuesday: Exchange, Sharepoint, Dynamics and DNS Spoofing
2020-12-05
Guy Bruneau
Is IP 91.199.118.137 testing Access to aahwwx.52host.xyz?
2020-12-04
Guy Bruneau
Detecting Actors Activity with Threat Intel
2020-11-25
Xavier Mertens
Live Patching Windows API Calls Using PowerShell
2020-11-19
Xavier Mertens
PowerShell Dropper Delivering Formbook
2020-11-18
Xavier Mertens
When Security Controls Lead to Security Issues
2020-10-24
Guy Bruneau
An Alternative to Shodan, Censys with User-Agent CensysInspect/1.1
2020-10-21
Daniel Wesemann
Shipping dangerous goods
2020-10-07
Johannes Ullrich
Today, Nobody is Going to Attack You.
2020-09-30
Johannes Ullrich
Scans for FPURL.xml: Reconnaissance or Not?
2020-09-29
Xavier Mertens
Managing Remote Access for Partners & Contractors
2020-09-17
Xavier Mertens
Suspicious Endpoint Containment with OSSEC
2020-09-03
Xavier Mertens
Sandbox Evasion Using NTP
2020-08-31
Didier Stevens
Finding The Original Maldoc
2020-08-30
Johannes Ullrich
CenturyLink Outage Causing Internet Wide Problems
2020-08-29
Didier Stevens
Malicious Excel Sheet with a NULL VT Score: More Info
2020-08-24
Xavier Mertens
Tracking A Malware Campaign Through VT
2020-08-04
Johannes Ullrich
Internet Choke Points: Concentration of Authoritative Name Servers
2020-08-03
Johannes Ullrich
A Word of Caution: Helping Out People Being Stalked Online
2020-07-28
Johannes Ullrich
All I want this Tuesday: More Data
2020-06-29
Didier Stevens
Sysmon and Alternate Data Streams
2020-06-25
Johannes Ullrich
Tech Tuesday Recap / Recordings: Part 2 (Installing the Honeypot) release.
2020-06-16
Johannes Ullrich
Odd "Protest" Spam (Scam?) Targeting Atlanta Police Foundation
2020-06-04
Xavier Mertens
Anti-Debugging Technique based on Memory Protection
2020-05-23
Xavier Mertens
AgentTesla Delivered via a Malicious PowerPoint Add-In
2020-05-04
Didier Stevens
Sysmon and File Deletion
2020-04-28
Jan Kopriva
Agent Tesla delivered by the same phishing campaign for over a year
2020-04-27
Xavier Mertens
Powershell Payload Stored in a PSCredential Object
2020-03-23
Didier Stevens
Windows Zeroday Actively Exploited: Type 1 Font Parsing Remote Code Execution Vulnerability
2020-03-14
Didier Stevens
Phishing PDF With Incremental Updates.
2020-03-13
Rob VandenBrink
Not all Ethernet NICs are Created Equal - Trying to Capture Invalid Ethernet Frames
2020-03-11
Xavier Mertens
Agent Tesla Delivered via Fake Canon EOS Notification on Free OwnCloud Account
2020-02-12
Rob VandenBrink
March Patch Tuesday is Coming - the LDAP Changes will Change Your Life!
2020-01-27
Johannes Ullrich
Network Security Perspective on Coronavirus Preparedness
2020-01-25
Guy Bruneau
Is Threat Hunting the new Fad?
2020-01-23
Xavier Mertens
Complex Obfuscation VS Simple Trick
2020-01-21
Russ McRee
DeepBlueCLI: Powershell Threat Hunting
2020-01-09
Xavier Mertens
Quick Analyzis of a(nother) Maldoc
2019-11-29
Russ McRee
ISC Snapshot: Search with SauronEye
2019-11-27
Brad Duncan
Finding an Agent Tesla malware sample
2019-11-09
Guy Bruneau
Fake Netflix Update Request by Text
2019-10-19
Russell Eubanks
What Assumptions Are You Making?
2019-10-10
Rob VandenBrink
Mining Live Networks for OUI Data Oddness
2019-10-01
Johannes Ullrich
A Quick Look at Some Current Comment Spam
2019-09-19
Xavier Mertens
Agent Tesla Trojan Abusing Corporate Email Accounts
2019-09-19
Xavier Mertens
Blocklisting or Whitelisting in the Right Way
2019-09-17
Rob VandenBrink
Investigating Gaps in your Windows Event Logs
2019-08-25
Guy Bruneau
Are there any Advantages of Buying Cyber Security Insurance?
2019-07-25
Rob VandenBrink
When Users Attack! Users (and Admins) Thwarting Security Controls
2019-07-18
Rob VandenBrink
The Other Side of Critical Control 1: 802.1x Wired Network Access Controls
2019-07-17
Xavier Mertens
Analyzis of DNS TXT Records
2019-07-16
Russ McRee
Commando VM: The Complete Mandiant Offensive VM
2019-07-11
Johannes Ullrich
Remembering Mike Assante
2019-07-07
Rick Wanner
OpSec and OSInt
2019-05-20
Tom Webb
CVE-2019-0604 Attack
2019-05-19
Guy Bruneau
Is Metadata Only Approach, Good Enough for Network Traffic Analysis?
2019-05-16
Xavier Mertens
The Risk of Authenticated Vulnerability Scans
2019-04-26
Rob VandenBrink
Pillaging Passwords from Service Accounts
2019-04-25
Rob VandenBrink
Service Accounts Redux - Collecting Service Accounts with PowerShell
2019-03-27
Xavier Mertens
Running your Own Passive DNS Service
2019-02-14
Xavier Mertens
Suspicious PDF Connecting to a Remote SMB Share
2019-01-28
Bojan Zdrnja
Relaying Exchange?s NTLM authentication to domain admin (and more)
2018-12-19
Xavier Mertens
Microsoft OOB Patch for Internet Explorer: Scripting Engine Memory Corruption Vulnerability
2018-12-19
Xavier Mertens
Using OSSEC Active-Response as a DFIR Framework
2018-11-20
Xavier Mertens
Querying DShield from Cortex
2018-11-11
Pasquale Stirparo
Community contribution: joining forces or multiply solutions?
2018-10-17
Russ McRee
RedHunt Linux - Adversary Emulation, Threat Hunting & Intelligence
2018-09-20
Xavier Mertens
Hunting for Suspicious Processes with OSSEC
2018-09-05
Rob VandenBrink
Where have all my Certificates gone? (And when do they expire?)
2018-08-29
Xavier Mertens
3D Printers in The Wild, What Can Go Wrong?
2018-08-10
Remco Verhoef
Hunting SSL/TLS clients using JA3
2018-08-02
Brad Duncan
DHL-themed malspam reveals embedded malware in animated gif
2018-07-29
Guy Bruneau
Using RITA for Threat Analysis
2018-06-25
Didier Stevens
Guilty by association
2018-06-21
Xavier Mertens
Are Your Hunting Rules Still Working?
2018-06-04
Rob VandenBrink
Digging into Authenticode Certificates
2018-05-27
Guy Bruneau
Capture and Analysis of User Agents
2018-05-01
Xavier Mertens
Diving into a Simple Maldoc Generator
2018-04-27
Tom Webb
More Threat Hunting with User Agent and Drupal Exploits
2018-01-29
Didier Stevens
Comment your Packet Captures - Extra!
2018-01-28
Didier Stevens
Is this a pentest?
2018-01-13
Rick Wanner
Flaw in Intel's Active Management Technology (AMT)
2018-01-01
Didier Stevens
What is new?
2017-12-27
Guy Bruneau
What are your Security Challenges for 2018?
2017-12-19
Xavier Mertens
Example of 'MouseOver' Link in a Powerpoint File
2017-12-13
Xavier Mertens
Tracking Newly Registered Domains
2017-12-05
Tom Webb
IR using the Hive Project.
2017-12-02
Xavier Mertens
Using Bad Material for the Good
2017-11-23
Xavier Mertens
Proactive Malicious Domain Search
2017-10-30
Johannes Ullrich
Critical Patch For Oracle's Identity Manager
2017-10-18
Renato Marinho
Baselining Servers to Detect Outliers
2017-09-18
Xavier Mertens
Getting some intelligence from malspam
2017-09-17
Guy Bruneau
rockNSM as a Incident Response Package
2017-09-16
Guy Bruneau
VMware ESXi, vCenter Server, Fusion and Workstation updates resolve multiple security vulnerabilities - https://www.vmware.com/security/advisories/VMSA-2017-0015.html
2017-09-13
Rob VandenBrink
Sysinternals Update: Sysmon v6.10, Process Monitor v3.40, Autoruns v13.80, AccessChk v6.11 - https://blogs.technet.microsoft.com/sysinternals/2017/09/12/sysinternals-update-sysmon-v6-1-process-monitor-v3-4-autoruns-v13-8-accesschk-v6-11/
2017-09-06
Adrien de Beaupre
Modern Web Application Penetration Testing , Hash Length Extension Attacks
2017-09-02
Xavier Mertens
AutoIT based malware back in the wild
2017-07-24
Russell Eubanks
Trends Over Time
2017-07-18
Bojan Zdrnja
Investigation of BitTorrent Sync (v.2.0) as a P2P Cloud Service (Part 4 ? Windows Thumbnail Cache, Registry, Prefetch Files, and Link Files artefacts)
2017-07-13
Bojan Zdrnja
Investigation of BitTorrent Sync (v.2.0) as a P2P Cloud Service (Part 3 ? Physical Memory artefacts)
2017-07-12
Xavier Mertens
Backup Scripts, the FIM of the Poor
2017-07-09
Russ McRee
Adversary hunting with SOF-ELK
2017-06-17
Guy Bruneau
Mapping Use Cases to Logs. Which Logs are the Most Important to Collect?
2017-06-10
Russell Eubanks
An Occasional Look in the Rear View Mirror
2017-05-31
Pasquale Stirparo
Analysis of Competing Hypotheses, WCry and Lazarus (ACH part 2)
2017-05-28
Pasquale Stirparo
Analysis of Competing Hypotheses (ACH part 1)
2017-05-05
Xavier Mertens
HTTP Headers... the Achilles' heel of many applications
2017-04-07
Xavier Mertens
Tracking Website Defacers with HTTP Referers
2017-03-25
Russell Eubanks
Distraction as a Service
2017-03-15
Xavier Mertens
Retro Hunting!
2017-03-03
Lorna Hutcheson
BitTorrent or Something Else?
2017-02-02
Rick Wanner
Multiple vulnerabilities discovered in popular printer models
2016-12-24
Didier Stevens
Pinging All The Way
2016-11-23
Tom Webb
Mapping Attack Methodology to Controls
2016-11-22
Didier Stevens
Update:ZIP With Comment
2016-11-21
Didier Stevens
ZIP With Comment
2016-11-02
Rob VandenBrink
What Does a Pentest Look Like?
2016-10-25
Xavier Mertens
Another Day, Another Spam...
2016-10-17
Didier Stevens
Maldoc VBA Anti-Analysis: Video
2016-10-15
Didier Stevens
Maldoc VBA Anti-Analysis
2016-10-11
Xavier Mertens
WiFi Still Remains a Good Attack Vector
2016-10-08
Russell Eubanks
Unauthorized Change Detected!
2016-10-02
Guy Bruneau
Is there an Infosec Cybersecurity Talent Shortage?
2016-09-28
Xavier Mertens
SNMP Pwn3ge
2016-09-25
Pasquale Stirparo
Defining Threat Intelligence Requirements
2016-09-15
Xavier Mertens
In Need of a OTP Manager Soon?
2016-09-13
Rob VandenBrink
If it's Free, YOU are the Product
2016-09-09
Xavier Mertens
Collecting Users Credentials from Locked Devices
2016-09-02
Johannes Ullrich
Apple Patches "Trident" Vulnerabilities in OS X / Safari
2016-08-29
Russ McRee
Recommended Reading: Intrusion Detection Using Indicators of Compromise Based on Best Practices and Windows Event Logs
2016-08-24
Tom Webb
Stay on Track During IR
2016-07-31
Pasquale Stirparo
Sharing (intel) is caring... or not?
2016-07-26
Johannes Ullrich
Command and Control Channels Using "AAAA" DNS Records
2016-07-21
Didier Stevens
Practice ntds.dit File
2016-07-15
Xavier Mertens
Name All the Things!
2016-07-12
Xavier Mertens
Hunting for Malicious Files with MISP + OSSEC
2016-06-23
Russell Eubanks
An Approach to Vulnerability Management
2016-06-09
Xavier Mertens
Offensive or Defensive Security? Both!
2016-06-01
Xavier Mertens
Docker Containers Logging
2016-05-02
Rick Wanner
Lean Threat Intelligence
2016-04-29
Rob VandenBrink
Sysinternals Updated today - Updates to Sysmon, Procdump and Sigcheck. https://blogs.technet.microsoft.com/sysinternals/2016/04/28/update-sysmon-v4-procdump-v8-sigcheck-v2-51/
2016-04-02
Russell Eubanks
Why Can't We Be Friends?
2016-03-30
Xavier Mertens
What to watch with your FIM?
2016-03-21
Xavier Mertens
IP Addresses Triage
2016-03-07
Xavier Mertens
OSX Ransomware Spread via a Rogue BitTorrent Client Installer
2016-01-23
Didier Stevens
Sigcheck and VirusTotal for Offline Machine
2016-01-20
Xavier Mertens
/tmp, %TEMP%, ~/Desktop, T:\, ... A goldmine for pentesters!
2016-01-09
Xavier Mertens
Virtual Bitlocker Containers
2015-12-24
Xavier Mertens
Unity Makes Strength
2015-12-21
Daniel Wesemann
Critical Security Controls: Getting to know the unknown
2015-12-19
Russell Eubanks
VMWare Security Advisory
2015-12-05
Guy Bruneau
Are you looking to setup your own Malware Sandbox?
2015-12-04
Tom Webb
Automating Phishing Analysis using BRO
2015-11-09
John Bambenek
ICYMI: Widespread Unserialize Vulnerability in Java
2015-11-04
Richard Porter
Application Aware and Critical Control 2
2015-11-01
Guy Bruneau
Cisco Products Affected by Multiple Vulnerabilities in ntpd - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp
2015-10-27
Xavier Mertens
The "Yes, but..." syndrome
2015-10-17
Russell Eubanks
CIS Critical Security Controls - Version 6.0
2015-09-03
Xavier Mertens
Querying the DShield API from RTIR
2015-08-18
Russ McRee
Microsoft Security Bulletin MS15-093 - Critical OOB - Internet Explorer RCE
2015-08-16
Guy Bruneau
Are you a "Hunter"?
2015-08-12
Rob VandenBrink
Windows Service Accounts - Why They're Evil and Why Pentesters Love them!
2015-08-06
Didier Stevens
Sigcheck and virustotal-search
2015-07-21
Didier Stevens
Searching Through the VirusTotal Database
2015-07-18
Russell Eubanks
The Value a "Fresh Set Of Eyes" (FSOE)
2015-07-17
Didier Stevens
Process Explorer and VirusTotal
2015-07-17
Didier Stevens
Autoruns and VirusTotal
2015-07-17
Didier Stevens
Sigcheck and VirusTotal
2015-07-03
Didier Stevens
Analyzing Quarantine Files
2015-06-29
Rob VandenBrink
The Powershell Diaries 2 - Software Inventory
2015-06-28
Didier Stevens
The EICAR Test File
2015-05-29
Russell Eubanks
Trust But Verify
2015-05-27
Tom Webb
SYSINTERNALS Update(AccessChk v6.0, Autoruns v13.4, Process Monitor v3.2, VMMap v3.2)
2015-05-14
Daniel Wesemann
Oh Bloat!
2015-04-27
Richard Porter
When Prevention Fails, Incident Response Begins
2015-04-03
Didier Stevens
SSH Fingerprints Are Important
2015-03-21
Russell Eubanks
Have you seen my personal information? It has been lost. Again.
2015-03-18
Daniel Wesemann
Pass the hash!
2015-03-07
Guy Bruneau
Should it be Mandatory to have an Independent Security Audit after a Breach?
2015-02-06
Johannes Ullrich
Anthem, TurboTax and How Things "Fit Together" Sometimes
2015-01-31
Guy Bruneau
Beware of Phishing and Spam Super Bowl Fans!
2014-12-24
Rick Wanner
Incident Response at Sony
2014-12-23
John Bambenek
How I learned to stop worrying and love malware DGAs....
2014-11-04
Daniel Wesemann
20$ is 999999 Euro
2014-10-13
Lorna Hutcheson
For or Against: Port Security for Network Access Control
2014-09-27
Guy Bruneau
What has Bash and Heartbleed Taught Us?
2014-09-12
Chris Mohan
Are credential dumps worth reviewing?
2014-08-23
Guy Bruneau
NSS Labs Cyber Resilience Report
2014-08-17
Rick Wanner
Part 1: Is your home network unwittingly contributing to NTP DDOS attacks?
2014-08-17
Rick Wanner
Part 2: Is your home network unwittingly contributing to NTP DDOS attacks?
2014-08-16
Lenny Zeltser
Web Server Attack Investigation - Installing a Bot and Reverse Shell via a PHP Vulnerability
2014-08-15
Tom Webb
AppLocker Event Logs with OSSEC 2.8
2014-08-12
Adrien de Beaupre
Sysinternals updates Sysmon v1.0; Updates: Autoruns v12.01, Coreinfo v3.3, Procexp v16.03 http://blogs.technet.com/b/sysinternals/
2014-08-12
Adrien de Beaupre
Host discovery with nmap
2014-08-10
Basil Alawi S.Taher
Incident Response with Triage-ir
2014-08-06
Johannes Ullrich
Exploit Available for Symantec End Point Protection
2014-08-04
Russ McRee
Threats & Indicators: A Security Intelligence Lifecycle
2014-07-30
Rick Wanner
Symantec Endpoint Protection Privilege Escalation Zero Day
2014-07-28
Guy Bruneau
Management and Control of Mobile Device Security
2014-07-26
Chris Mohan
"Internet scanning project" scans
2014-07-06
Richard Porter
Physical Access, Point of Sale, Vegas
2014-06-24
Kevin Shortt
NTP DDoS Counts Have Dropped
2014-06-23
Russ McRee
Microsoft Interflow announced today at 26th FIRST conference
2014-06-11
Daniel Wesemann
Help your pilot fly!
2014-06-02
Rick Wanner
Using nmap to scan for DDOS reflectors
2014-05-28
Rob VandenBrink
Assessing SOAP APIs with Burp
2014-05-27
Kevin Shortt
Avast forums hacked
2014-05-01
Johannes Ullrich
Busybox Honeypot Fingerprinting and a new DVR scanner
2014-04-28
Russ McRee
Ubuntu 14.04 lockscreen bypass
2014-04-21
Daniel Wesemann
Allow us to leave!
2014-04-11
Rob VandenBrink
The Other Side of Heartbleed - Client Vulnerabilities
2014-04-05
Jim Clausing
Those strange e-mails with URLs in them can lead to Android malware
2014-04-04
Rob VandenBrink
Dealing with Disaster - A Short Malware Incident Response
2014-03-22
Guy Bruneau
How the Compromise of a User Account Lead to a Spam Incident
2014-03-13
Daniel Wesemann
Identification and authentication are hard ... finding out intention is even harder
2014-03-11
Basil Alawi S.Taher
Introduction to Memory Analysis with Mandiant Redline
2014-03-10
Basil Alawi S.Taher
Sysinternals Process Explorer v16.02, Process Monitor v3.1, PSExec v2.1 and Sigcheck v2.03 update
2014-03-02
Stephen Hall
Symantec goes yellow
2014-02-28
Daniel Wesemann
Oversharing
2014-02-26
Russ McRee
Ongoing NTP Amplification Attacks
2014-02-17
Chris Mohan
NTP reflection attacks continue
2014-02-14
Chris Mohan
SYM14-004 Symantec Endpoint Protection Management Vulnerabilities - http://www.symantec.com/business/support/index?page=content&id=TECH214866
2014-02-10
Rob VandenBrink
A Tale of Two Admins (and no Change Control)
2014-02-07
Rob VandenBrink
Hello Virustotal? It's Microsoft Calling.
2014-01-23
Chris Mohan
Learning from the breaches that happens to others Part 2
2014-01-22
Chris Mohan
Learning from the breaches that happens to others
2014-01-14
Chris Mohan
Spamming and scanning botnets - is there something I can do to block them from my site?
2014-01-04
Tom Webb
Monitoring Windows Networks Using Syslog (Part One)
2014-01-02
John Bambenek
OpenSSL.org Defaced by Attackers Gaining Access to Hypervisor
2014-01-01
Russ McRee
Six degrees of celebration: Juniper, ANT, Shodan, Maltego, Cisco, and Tails
2013-12-29
Russ McRee
OpenSSL suffers apparent defacement
2013-12-28
Russ McRee
Weekend Reading List 27 DEC
2013-12-24
Daniel Wesemann
Unfriendly crontab additions
2013-12-23
Scott Fendley
VMWare ESX/ESXi Security Advisory
2013-12-20
Daniel Wesemann
authorized key lime pie
2013-12-16
Tom Webb
The case of Minerd
2013-12-10
Rob VandenBrink
Those Look Just Like Hashes!
2013-11-30
Russ McRee
A review of Tubes, A Journey to the Center of the Internet
2013-10-30
Russ McRee
SIR v15: Five good reasons to leave Windows XP behind
2013-10-21
Johannes Ullrich
New tricks that may bring DNS spoofing back or: "Why you should enable DNSSEC even if it is a pain to do"
2013-10-18
Guy Bruneau
VMware Release Multiple Security Updates
2013-10-02
John Bambenek
Obamacare related domain registration spike, Government shutdown domain registration beginning
2013-10-01
Adrien de Beaupre
CSAM! Send us your logs!
2013-10-01
John Bambenek
*Metaspoit Releases Module to Exploit Unpatched IE Vuln CVE-2013-3893
2013-09-24
Tom Webb
IDS, NSM, and Log Management with Security Onion 12.04.3
2013-09-20
Russ McRee
Threat Level Yellow: Protection recommendations regarding Internet Explorer exploits in the wild
2013-09-18
Rob VandenBrink
Cisco DCNM Update Released
2013-09-17
John Bambenek
Microsoft Releases Out-of-Band Advisory for all Versions of Internet Explorer
2013-09-09
Johannes Ullrich
SSL is broken. So what?
2013-09-07
Guy Bruneau
Microsoft September Patch Pre-Announcement
2013-09-02
Guy Bruneau
Multiple Cisco Security Notice
2013-08-21
Rob VandenBrink
Fibre Channel Reconnaissance - Reloaded
2013-08-19
Johannes Ullrich
Running Snort on ESXi using the Distributed Switch
2013-08-19
Rob VandenBrink
ZMAP 1.02 released
2013-08-03
Deborah Hale
What Anti-virus Program Is Right For You?
2013-07-21
Guy Bruneau
Ubuntu Forums Security Breach
2013-07-19
Stephen Hall
Cyber Intelligence Tsunami
2013-07-18
Chris Mohan
Blog Spam - annoying junk or a source of intelligence?
2013-06-07
Daniel Wesemann
100% Compliant (for 65% of the systems)
2013-06-05
Richard Porter
Windows Sysinternals Updated http://technet.microsoft.com/en-us/sysinternals/default.aspx
2013-05-20
Guy Bruneau
Sysinternals Updates for Accesschk, Procdump, RAMMap and Strings http://blogs.technet.com/b/sysinternals/archive/2013/05/17/updates-accesschk-v5-11-procdump-v6-0-rammap-v1-22-strings-v2-51.aspx
2013-05-20
Johannes Ullrich
Ubuntu Package available to submit firewall logs to DShield
2013-05-20
Guy Bruneau
Safe - Tools, Tactics and Techniques
2013-05-09
Johannes Ullrich
Microsoft released a Fix-it for the Internet Explorer 8 Vulnerability http://support.microsoft.com/kb/2847140
2013-05-08
Chris Mohan
Syria drops from Internet 7th May 2013
2013-05-01
Daniel Wesemann
The cost of cleaning up
2013-04-26
Russ McRee
What is "up to date anti-virus software"?
2013-04-23
Russ McRee
Microsoft's Security Intelligence Report (SIRv14) released
2013-04-17
John Bambenek
UPDATEDx1: Boston-Related Malware Campaigns Have Begun - Now with Waco Plant Explosion Fun
2013-04-15
Rob VandenBrink
Oops - You Mean That Deleted Server was a Certificate Authority?
2013-03-27
Adam Swanger
IPv6 Focus Month: Guest Diary: Stephen Groat - IPv6 moving target defense
2013-03-25
Johannes Ullrich
IPv6 Focus Month: IPv6 over IPv4 Preference
2013-03-23
Guy Bruneau
Apple ID Two-step Verification Now Available in some Countries
2013-03-19
Johannes Ullrich
IPv6 Focus Month: The warm and fuzzy side of IPv6
2013-03-18
Johannes Ullrich
IPv6 Focus Month: What is changing with DHCP
2013-03-13
Mark Baggett
Wipe the drive! Stealthy Malware Persistence Mechanism - Part 1
2013-03-11
Richard Porter
IPv6 Focus Month: Traffic Testing, Firewalls, ACLs, pt 1
2013-03-09
Guy Bruneau
IPv6 Focus Month: IPv6 Encapsulation - Protocol 41
2013-03-08
Johannes Ullrich
IPv6 Focus Month: Filtering ICMPv6 at the Border
2013-03-06
Adam Swanger
IPv6 Focus Month: Guest Diary: Stephen Groat - Geolocation Using IPv6 Addresses
2013-03-05
Mark Hofman
IPv6 Focus Month: Device Defaults
2013-03-04
Johannes Ullrich
IPv6 Focus Month: Addresses
2013-03-02
Scott Fendley
Evernote Security Issue
2013-02-28
Daniel Wesemann
Parsing Windows Eventlogs in Powershell
2013-02-27
Adam Swanger
Guest Diary: Dylan Johnson - There's value in them there logs!
2013-02-25
Rob VandenBrink
Silent Traitors - Embedded Devices in your Datacenter
2013-02-22
Johannes Ullrich
Zendesk breach affects Tumblr/Pinterest/Twitter
2013-02-14
Adam Swanger
ISC Monthly Threat Update - February 2013 http://isc.sans.edu/podcastdetail.html?id=3121
2013-02-06
Adam Swanger
Sysinternals in particular Process Explorer update https://blogs.technet.com/b/sysinternals/?Redirected=true
2013-02-06
Johannes Ullrich
Intel Network Card (82574L) Packet of Death
2013-02-04
Adam Swanger
SAN Securing The Human Monthly Awareness Video - Advanced Persistent Threat (APT) http://www.securingthehuman.org/resources/ncsam
2013-01-17
Russ McRee
CentOS announces release of CentOS-5.9 - http://wiki.centos.org/Manuals/ReleaseNotes/CentOS5.9
2013-01-15
Rob VandenBrink
When Disabling IE6 (or Java, or whatever) is not an Option...
2013-01-13
Stephen Hall
Sysinternals Updates
2013-01-10
Adam Swanger
ISC Monthly Threat Update New Format
2013-01-09
Johannes Ullrich
New Format for Monthly Threat Update
2013-01-02
Russ McRee
EMET 3.5: The Value of Looking Through an Attacker's Eyes
2013-01-01
Johannes Ullrich
FixIt Available for Internet Explorer Vulnerability
2012-12-31
Manuel Humberto Santander Pelaez
How to determine which NAC solutions fits best to your needs
2012-12-27
John Bambenek
It's 3pm 2 days after Christmas, do you know where your unmanaged SSH keys are?
2012-12-20
Daniel Wesemann
White House strategy on security information sharing and safeguarding
2012-12-18
Dan Goldberg
Mitigating the impact of organizational change: a risk assessment
2012-12-13
Johannes Ullrich
What if Tomorrow Was the Day?
2012-12-10
Johannes Ullrich
Your CPA License has not been revoked
2012-12-06
Johannes Ullrich
How to identify if you are behind a "Transparent Proxy"
2012-12-03
John Bambenek
John McAfee Exposes His Location in Photo About His Being on Run
2012-11-29
Kevin Shortt
New Apple Security Update: APPLE-SA-2012-11-29-1 Apple TV 5.1.1
2012-11-28
Mark Hofman
McAfee releases extraDAT for W32/Autorun.worm.aaeb-h
2012-11-28
Mark Hofman
New version of wireshark is available (1.8.4), some security fixes included.
2012-11-27
Chris Mohan
Can users' phish emails be a security admin's catch of the day?
2012-11-26
John Bambenek
Online Shopping for the Holidays? Tips, News and a Fair Warning
2012-11-23
Rob VandenBrink
Risk Assessment Reloaded (thanks PCI ! )
2012-11-23
Rob VandenBrink
What's in Your Change Control Form?
2012-11-20
John Bambenek
Behind the Random NTP Bizarreness of Incorrect Year Being Set
2012-11-20
John Bambenek
Firefox v 17.0 just released, more here: http://www.mozilla.org/en-US/firefox/17.0/releasenotes/
2012-11-19
John Bambenek
MoneyGram fined $100 million for aiding wire fraud - http://krebsonsecurity.com/2012/11/moneygram-fined-100-million-for-wire-fraud/
2012-11-19
John Bambenek
New Poll: Top 5 Unresolved Security Problems of 2012
2012-11-17
Manuel Humberto Santander Pelaez
New Sysinternal Updates: AdExplorer v1.44, Contig v1.7, Coreinfo v3.2, Procdump v5.1. See http://blogs.technet.com/b/sysinternals/archive/2012/11/16/updates-adexplorer-v1-44-contig-v1-7-coreinfo-v3-2-procdump-v5-1.aspx?Redirected=true
2012-11-16
Manuel Humberto Santander Pelaez
Information Security Incidents are now a concern for colombian government
2012-11-12
John Bambenek
Request for info: Robocall Phishing Against Local/Regional Banks
2012-11-09
Mark Baggett
Remote Diagnostics with PSR
2012-11-09
Mark Baggett
Fresh batch of Microsoft patches next week
2012-11-07
Mark Baggett
Help eliminate unquoted path vulnerabilities
2012-11-07
Mark Baggett
Multiple 0-Days Reported!
2012-11-07
Mark Baggett
Cisco TACACS+ Authentication Bypass
2012-11-05
Johannes Ullrich
Reminder: Ongoing SMTP Brute Forcing Attacks
2012-11-05
Johannes Ullrich
Possible Fake-AV Ads from Doubleclick Servers
2012-11-04
Lorna Hutcheson
What's important on your network?
2012-11-02
Daniel Wesemann
The shortcomings of anti-virus software
2012-10-31
Johannes Ullrich
Cyber Security Awareness Month - Day 31 - Business Continuity and Disaster Recovery
2012-10-30
Johannes Ullrich
Hurricane Sandy Update
2012-10-30
Richard Porter
Splunk 5.0 SP-CAAAHB4 http://www.splunk.com/view/SP-CAAAHB4
2012-10-30
Mark Hofman
Cyber Security Awareness Month - Day 30 - DSD 35 mitigating controls
2012-10-29
Kevin Shortt
Cyber Security Awareness Month - Day 29 - Clear Desk: The Unacquainted Standard
2012-10-28
Tony Carothers
Firefox 16.02 Released
2012-10-26
Russ McRee
Cyber Security Awareness Month - Day 26 - Attackers use trusted domain to propagate Citadel Zeus variant
2012-10-25
Richard Porter
Cyber Security Awareness Month - Day 25 - Pro Audio & Video Packets on the Wire
2012-10-24
Russ McRee
Ongoing Windstream outage in the midwest - https://twitter.com/search?q=windstream
2012-10-24
Russ McRee
Cyber Security Awareness Month - Day 24 - A Standard for Information Security Incident Management - ISO 27035
2012-10-23
Rob VandenBrink
Cyber Security Awareness Month - Day 23: Character Encoding Standards - ASCII and Successors
2012-10-21
Johannes Ullrich
Cyber Security Awareness Month - Day 22: Connectors
2012-10-21
Lorna Hutcheson
Potential Phish for Regular Webmail Accounts
2012-10-19
Johannes Ullrich
Cyber Security Awareness Month - Day 19: Standard log formats and CEE.
2012-10-18
Rob VandenBrink
Cyber Security Awareness Month - Day 18 - Vendor Standards: The vSphere Hardening Guide
2012-10-17
Mark Hofman
Oracle Critical Patch Update October
2012-10-17
Mark Hofman
New Acrobat release (including reader) available. Version 11. Some security improvements more here -->http://blogs.adobe.com/adobereader/
2012-10-17
Rob VandenBrink
Cyber Security Awareness Month - Day 17 - A Standard for Risk Management - ISO 27005
2012-10-16
Richard Porter
CyberAwareness Month - Day 15, Standards Body Soup (pt2), Same Soup Different Cook.
2012-10-16
Johannes Ullrich
Cyber Security Awareness Month - Day 16: W3C and HTML
2012-10-14
Pedro Bueno
Cyber Security Awareness Month - Day 14 - Poor Man's File Analysis System - Part 1
2012-10-13
Guy Bruneau
New Poll - Cyber Security Awareness Month Activities 2012 - https://isc.sans.edu/poll.html
2012-10-12
Mark Hofman
Cyber Security Awareness Month - Day 12 PCI DSS
2012-10-11
Rob VandenBrink
Cyber Security Awareness Month - Day 11 - Vendor Agnostic Standards (Center for Internet Security)
2012-10-10
Kevin Shortt
Cyber Security Awareness Month - Day 10 - Standard Sudo - Part Two
2012-10-09
Johannes Ullrich
Cyber Security Awreness Month - Day 9 - Request for Comment (RFC)
2012-10-09
Johannes Ullrich
Microsoft October 2012 Black Tuesday Update - Overview
2012-10-08
Mark Hofman
Cyber Security Awareness Month - Day 8 ISO 27001
2012-10-07
Tony Carothers
Cyber Security Awareness Month - Day 7 - Rollup Review of CSAM Week 1
2012-10-06
Manuel Humberto Santander Pelaez
Cyber Security Awareness Month - Day 6 - NERC: The standard that enforces security on power SCADA
2012-10-05
Johannes Ullrich
Cyber Security Awareness Month - Day 5: Standards Body Soup, So many Flavors in the bowl.
2012-10-05
Richard Porter
VMWare Security Advisory: VMSA-2012-0014 - http://www.vmware.com/security/advisories/VMSA-2012-0014.html
2012-10-05
Richard Porter
Reports of a Distributed Injection Scan
2012-10-04
Mark Hofman
And the SHA-3 title goes to .....Keccak
2012-10-04
Johannes Ullrich
Cyber Security Awareness Month - Day 4: Crypto Standards
2012-10-03
Kevin Shortt
Cyber Security Awareness Month - Day 3 - Standard Sudo - Part One
2012-10-02
Russ McRee
Cyber Security Awareness Month - Day 2 - PCI Security Standard: Mobile Payment Acceptance Security Guidelines
2012-10-01
Johannes Ullrich
Cyber Security Awareness Month
2012-09-28
Joel Esler
Adobe certification revocation for October 4th
2012-09-26
Johannes Ullrich
Some Android phones can be reset to factory default by clicking on links
2012-09-26
Johannes Ullrich
More Java Woes
2012-09-21
Johannes Ullrich
iOS 6 Security Roundup
2012-09-20
Russ McRee
Flash Player update but no announcement, check your version http://www.adobe.com/software/flash/about/
2012-09-20
Russ McRee
Apple and Cisco Security Advisories 19 SEP 2012
2012-09-20
Russ McRee
Financial sector advisory: attacks and threats against financial institutions
2012-09-19
Russ McRee
Script kiddie scavenging with Shellbot.S
2012-09-17
Rob VandenBrink
What's on your iPad?
2012-09-14
Lenny Zeltser
Scam Report - Fake Voice Mail Email Notification Redirects to Malicious Site
2012-09-13
Mark Baggett
TCP Fuzzing with Scapy
2012-09-13
Mark Baggett
Microsoft disrupts traffic associated with the Nitol botnet
2012-09-13
Mark Baggett
More SSL trouble
2012-09-10
Johannes Ullrich
Microsoft Patch Tuesday Pre-Release
2012-09-10
Johannes Ullrich
Godaddy DDoS Attack
2012-09-10
donald smith
Blue Toad publishing co compromise lead to UDID release. http://redtape.nbcnews.com/_news/2012/09/10/13781440-exclusive-the-real-source-of-apple-device-ids-leaked-by-anonymous-last-week?lite
2012-09-06
Johannes Ullrich
SSL Requests sent to port 80 (request for help/input)
2012-09-04
Johannes Ullrich
Another round of "Spot the Exploit E-Mail"
2012-09-02
Lorna Hutcheson
Demonstrating the value of your Intrusion Detection Program and Analysts
2012-09-01
Russ McRee
Blackhole targeting Java vulnerability via fake Microsoft Services Agreement email phish
2012-08-31
Russ McRee
Not so fast: Java 7 Update 7 critical vulnerability discovered in less than 24 hours
2012-08-30
Johannes Ullrich
Editorial: The Slumlord Approach to Network Security http://isc.sans.edu/j/editorial
2012-08-29
Johannes Ullrich
"Data" URLs used for in-URL phishing
2012-08-27
Johannes Ullrich
The Good, Bad and Ugly about Assigning IPv6 Addresses
2012-08-27
Johannes Ullrich
Malware Spam harvesting Facebook Information
2012-08-26
Lorna Hutcheson
Who ya gonna contact?
2012-08-22
Adrien de Beaupre
Apple Remote Desktop update fixes no encryption issue
2012-08-22
Adrien de Beaupre
Phishing/spam via SMS
2012-08-21
Adrien de Beaupre
YYABCAFU - Yes Yet Another Bleeping Critical Adobe Flash Update
2012-08-21
Adrien de Beaupre
RuggedCom fails key management 101 on Rugged Operating System (ROS)
2012-08-20
Manuel Humberto Santander Pelaez
Do we need test procedures in our companies before implementing Antivirus signatures?
2012-08-19
Manuel Humberto Santander Pelaez
Authentication Issues between entities during protocol message exchange in SCADA Systems
2012-08-12
Tony Carothers
Layers of the Defense-in-Depth Onion
2012-08-12
Tony Carothers
Oracle Security Alert for CVE-2012-3132
2012-08-09
Mark Hofman
SQL Injection Lilupophilupop style, Part 2
2012-08-09
Mark Hofman
Zeus/Citadel variant causing issues in the Netherlands
2012-08-07
Adrien de Beaupre
Who protects small business?
2012-08-04
Kevin Liston
Vendors: More Patch-Release Options Please
2012-07-27
Daniel Wesemann
Cuckoo 0.4 is out - cool new features for malware analysis http://www.cuckoosandbox.org/
2012-07-25
Johannes Ullrich
Apple OS X 10.8 (Mountain Lion) released
2012-07-25
Johannes Ullrich
Microsoft Exchange/Sharepoint and others: Oracle Outside In Vulnerability
2012-07-24
Richard Porter
Wireshark 1.8.1 Released http://www.wireshark.org/
2012-07-24
Richard Porter
Report of spike in DNS Queries gd21.net
2012-07-21
Rick Wanner
TippingPoint DNS Version Request increase
2012-07-20
Mark Baggett
Syria Internet connection cut?
2012-07-19
Mark Baggett
Diagnosing Malware with Resource Monitor
2012-07-19
Mark Baggett
A Heap of Overflows?
2012-07-16
Richard Porter
Sysinternals Update @ http://blogs.technet.com/b/sysinternals/archive/2012/07/16/updates-handle-v3-5-process-explorer-v15-22-process-monitor-v3-03-rammap-v1-21-zoomit-v4-3.aspx
2012-07-13
Richard Porter
Yesterday (not as on the ball as Rob) at SANSFire
2012-07-13
Russ McRee
2 for 1: SANSFIRE & MSRA presentations
2012-07-13
Russ McRee
Yahoo service SQL injection vuln leads to account exposure
2012-07-12
Rick Wanner
Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctms
2012-07-12
Rick Wanner
Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Recording Server - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctrs
2012-07-12
Rick Wanner
Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-cts
2012-07-12
Rick Wanner
Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Manager - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctsman
2012-07-10
Rob VandenBrink
Today at SANSFIRE (09 July 2012) - ISC Panel Discussion on the State of the Internet
2012-07-09
Johannes Ullrich
The FBI will turn off the Internet on Monday (or not)
2012-07-09
Manuel Humberto Santander Pelaez
Internet Storm Center panel tonight at SANSFIRE 2012!
2012-07-05
Adrien de Beaupre
New OS X trojan backdoor MaControl variant reported
2012-07-05
Adrien de Beaupre
Microsoft advanced notification for July 2012 patch Tuesday
2012-07-02
Joel Esler
A rough guide to keeping your website up
2012-07-02
Dan Goldberg
Storms of June 29th 2012 in Mid Atlantic region of the USA
2012-07-02
Joel Esler
Linux & Java leap second bug
2012-06-29
Jim Clausing
Updated SysInternals tools - Autoruns, Process Explorer, Process Monitor, PSKill -- http://blogs.technet.com/b/sysinternals/archive/2012/06/28/updates-autoruns-v11-32-process-explorer-v15-21-process-monitor-v3-02-pskill-v1-15-rammap-v1-2.aspx
2012-06-28
Chris Mohan
Massive spike in BGP traffic - Possible BGP poisoning?
2012-06-25
Guy Bruneau
Issues with Windows Update Agent
2012-06-22
Kevin Liston
Updated Poll: Which Patch Delivery Schedule Works the Best for You?
2012-06-21
Raul Siles
Print Bomb? (Take 2)
2012-06-21
Russ McRee
Analysis of drive-by attack sample set
2012-06-21
Russ McRee
Wireshark 1.8.0 released 21 JUN 2012 http://www.wireshark.org/download.html
2012-06-19
Daniel Wesemann
Vulnerabilityqueerprocessbrittleness
2012-05-17
Johannes Ullrich
New IPv6 Video: IPv6 Router Advertisements https://isc.sans.edu/ipv6videos
2012-05-16
Johannes Ullrich
Avira Antivirus false positives http://forum.avira.com/wbb/index.php?page=Thread&threadID=144875
2012-05-08
Kevin Liston
Incident-response without NTP
2012-05-05
Tony Carothers
Vulnerability Assessment Program - Discussions
2012-05-02
Bojan Zdrnja
Monitoring VMWare logs
2012-04-26
Richard Porter
Define Irony: A medical device with a Virus?
2012-04-23
Russ McRee
Emergency Operations Centers & Security Incident Management: A Correlation
2012-04-18
Kevin Shortt
Sysinternals Updates - 2012 Apr 17
2012-04-13
Daniel Wesemann
Anti-virus scanning exclusions
2012-04-05
Johannes Ullrich
Evil hides everywhere: Web Application Exploits in Headers
2012-03-16
Guy Bruneau
VMware New and Updated Security Advisories
2012-03-09
Guy Bruneau
VMware New and Updated Advisories
2012-01-31
Russ McRee
OSINT tactics: parsing from FOCA for Maltego
2012-01-25
Bojan Zdrnja
pcAnywhere users – patch now!
2012-01-13
Guy Bruneau
Sysinternals Updates - http://blogs.technet.com/b/sysinternals/archive/2012/01/13/updates-autoruns-v11-21-coreinfo-v3-03-portmon-v-3-03-process-explorer-v15-12-mark-s-blog-and-mark-at-rsa-2012.aspx
2011-12-23
Daniel Wesemann
Printer Pranks
2011-11-29
John Bambenek
Hacking HP Printers for Fun and Profit
2011-11-11
Rick Wanner
Yay! More Sysinternals updates! http://technet.microsoft.com/en-us/sysinternals
2011-11-03
Richard Porter
An Apple, Inc. Sandbox to play in.
2011-10-29
Richard Porter
The Sub Critical Control? Evidence Collection
2011-10-28
Russ McRee
Critical Control 19: Data Recovery Capability
2011-10-28
Daniel Wesemann
Critical Control 20: Security Skills Assessment and Training to fill Gaps
2011-10-27
Mark Baggett
Critical Control 18: Incident Response Capabilities
2011-10-26
Rick Wanner
Critical Control 17:Penetration Tests and Red Team Exercises
2011-10-17
Rob VandenBrink
Critical Control 11: Account Monitoring and Control
2011-10-13
Guy Bruneau
Critical Control 10: Continuous Vulnerability Assessment and Remediation
2011-10-12
Kevin Shortt
Critical Control 8 - Controlled Use of Administrative Privileges
2011-10-11
Swa Frantzen
Critical Control 7 - Application Software Security
2011-10-10
Jim Clausing
Critical Control 6 - Maintenance, Monitoring, and Analysis of Security Audit Logs
2011-10-07
Mark Hofman
Critical Control 5 - Boundary Defence
2011-10-04
Rob VandenBrink
Critical Control 2 - Inventory of Authorized and Unauthorized Software
2011-10-04
Johannes Ullrich
Critical Control 3 - Secure Configurations for Hardware and Software on Laptops, Workstations and Servers
2011-10-03
Mark Hofman
Critical Control 1 - Inventory of Authorized and Unauthorized Devices
2011-10-03
Mark Baggett
What are the 20 Critical Controls?
2011-10-03
Tom Liston
Security 101 : Security Basics in 140 Characters Or Less
2011-10-02
Mark Hofman
Cyber Security Awareness Month Day 1/2 - Schedule
2011-10-02
Mark Hofman
Cyber Security Awareness Month Day 1/2 - Introduction to the controls
2011-10-01
Mark Hofman
Adobe Photoshop for Windows Vulnerability (CVE-2011-2443)
2011-09-21
Mark Hofman
October 2011 Cyber Security Awareness Month
2011-09-19
Guy Bruneau
MS Security Advisory Update - Fraudulent DigiNotar Certificates
2011-09-13
Swa Frantzen
GlobalSign back in operation
2011-09-04
Lorna Hutcheson
Several Sites Defaced
2011-08-26
Daniel Wesemann
User Agent 007
2011-08-17
Rob VandenBrink
Sysinternal updates for ProcDump v4.0, Process Monitor v2.96, Process Explorer v15.02 ==> http://blogs.technet.com/b/sysinternals/
2011-08-15
Mark Hofman
How to find unwanted files on workstations
2011-08-05
Johannes Ullrich
Microsoft Patch Tuesday Advance Notification: 13 Bulletins coming http://www.microsoft.com/technet/security/Bulletin/MS11-aug.mspx
2011-07-25
Chris Mohan
Monday morning incident handler practice
2011-07-13
Guy Bruneau
New Sguil HTTPRY Agent
2011-07-11
John Bambenek
Another Defense Contractor Hacked in AntiSec Hacktivism Spree
2011-07-09
Chris Mohan
Safer Windows Incident Response
2011-07-05
Raul Siles
Helping Developers Understand Security - Spot the Vuln
2011-07-03
Deborah Hale
Business Continuation in the Face of Disaster
2011-06-17
Richard Porter
When do you stop owning Technology?
2011-06-03
Guy Bruneau
SonyPictures Site Compromised
2011-06-02
Johannes Ullrich
Some Insight into Apple's Anti-Virus Signatures
2011-05-31
Johannes Ullrich
Apple Improving OS X Anti-Malware Feature
2011-05-20
Guy Bruneau
Sysinternals Updates, Analyzing Stuxnet Infection with Sysinternals Tools Part 3
2011-05-19
Daniel Wesemann
Fake AV Bingo
2011-05-18
Bojan Zdrnja
Android, HTTP and authentication tokens
2011-05-04
Richard Porter
Microsoft Sysinterals Update
2011-04-25
Rob VandenBrink
Sony PlayStation Network Outage - Day 5
2011-04-14
Adrien de Beaupre
Sysinternals updates, a new blog post, and webcast
2011-04-07
Chris Mohan
Being a good internet neighbour
2011-03-25
Kevin Liston
APT Tabletop Exercise
2011-03-22
Chris Mohan
Read only USB stick trick
2011-03-17
Kevin Liston
So You Got an AV Alert. Now What?
2011-03-09
Kevin Shortt
AVG Anti-Virus 2011 False Positives - Luhe.Exploit.PDF.B
2011-03-09
Chris Mohan
Possible Issue with Forefront Update KB2508823
2011-03-01
Daniel Wesemann
AV software and "sharing samples"
2011-02-25
Johannes Ullrich
Thunderbolt Security Speculations
2011-02-08
Johannes Ullrich
Tippingpoint Releases Details on Unpatched Bugs
2011-01-30
Richard Porter
The Modern Dark Ages?
2011-01-27
Robert Danford
Microsoft Security Advisory for MHTML via Internet Explorer (MS2501696/CVE-2011-0096)
2011-01-23
Richard Porter
Crime is still Crime!
2011-01-18
Daniel Wesemann
Yet another rogue anti-virus
2011-01-12
Richard Porter
Yet Another Data Broker? AOL Lifestream.
2011-01-12
Richard Porter
How Many Loyalty Cards do you Carry?
2011-01-05
Johannes Ullrich
Currently Unpatched Windows / Internet Explorer Vulnerabilities
2010-12-19
Raul Siles
Intel's new processors have a remote kill switch (Anti-Theft 3.0)
2010-12-15
Manuel Humberto Santander Pelaez
Vulnerability in the PDF distiller of the BlackBerry Attachment Service
2010-12-05
Jim Clausing
Updates to a couple of Sysinternals tools
2010-11-19
Jason Lam
Exchanging and sharing of assessment results
2010-11-11
Daniel Wesemann
Fake AV scams via Skype Chat
2010-11-01
Manuel Humberto Santander Pelaez
Checkpoint UTM-1 edge VPN boxes worldwide did an unscheduled reboot
2010-10-31
Marcus Sachs
Cyber Security Awareness Month - Day 31 - Tying it all together
2010-10-30
Guy Bruneau
Cyber Security Awareness Month - Day 30 - Role of the network team
2010-10-29
Manuel Humberto Santander Pelaez
Cyber Security Awareness Month - Day 29- Role of the office geek
2010-10-28
Rick Wanner
Cyber Security Awareness Month - Day 27 - Social Media use in the office
2010-10-28
Tony Carothers
Cyber Security Awareness Month - Day 28 - Role of the employee
2010-10-26
Pedro Bueno
Cyber Security Awareness Month - Day 26 - Sharing Office Files
2010-10-25
Kevin Shortt
Cyber Security Awareness Month - Day 25 - Using Home Computers for Work
2010-10-24
Swa Frantzen
Cyber Security Awarenes Month - Day 24 - Using work computers at home
2010-10-23
Mark Hofman
Cyber Security Awareness Month - Day 23 - The Importance of compliance
2010-10-22
Daniel Wesemann
Cyber Security Awareness Month - Day 22 - Security of removable media
2010-10-22
Manuel Humberto Santander Pelaez
Intypedia project
2010-10-21
Chris Carboni
Cyber Security Awareness Month - Day 21 - Impossible Requests from the Boss
2010-10-20
Jim Clausing
Cyber Security Awareness Month - Day 20 - Securing Mobile Devices
2010-10-19
Rob VandenBrink
Cyber Security Awareness Month - Day 19 - Remote Access Tools
2010-10-19
Rob VandenBrink
Cyber Security Awareness Month - Day 19 - Remote User VPN Tunnels - to Split or not to Split?
2010-10-19
Rob VandenBrink
Cyber Security Awareness Month - Day 19 - VPN Architectures – SSL or IPSec?
2010-10-19
Rob VandenBrink
Cyber Security Awareness Month - Day 19 - Remote User VPN Access – Are things getting too easy, or too hard?
2010-10-19
Rob VandenBrink
Cyber Security Awareness Month - Day 19 - VPN and Remote Access Tools
2010-10-18
Manuel Humberto Santander Pelaez
Cyber Security Awareness Month - Day 18 - What you should tell your boss when there's a crisis
2010-10-17
Stephen Hall
Cyber Security Awareness Month - Day 17 - What a boss should and should not have access to
2010-10-15
Marcus Sachs
Cyber Security Awareness Month - Day 15 - What Teachers Need to Know About Their Students
2010-10-15
Guy Bruneau
Cyber Security Awareness Month - Day 16 - Securing a donated computer
2010-10-14
Johannes Ullrich
Cyber Security Awareness Month - Day 14 - Securing a public computer
2010-10-13
Deborah Hale
Cyber Security Awareness Month - Day 13 - Online Bullying
2010-10-12
Scott Fendley
Cyber Security Awareness Month - Day 12 - Protecting and Managing Your Digital Identity On Social Media Sites
2010-10-11
Rick Wanner
Cyber Security Awareness Month - Day 11 - Safe Browsing for Teens
2010-10-10
Kevin Liston
Cyber Security Awareness Month - Day 10 - Safe browsing for pre-teens
2010-10-09
Kevin Shortt
Cyber Security Awareness Month - Day 9 - Disposal of an Old Computer
2010-10-08
Rick Wanner
Cyber Security Awareness Month - Day 8 - Patch Management and System Updates
2010-10-06
Rob VandenBrink
Cyber Security Awareness Month - Day 7 - Remote Access and Monitoring Tools
2010-10-06
Marcus Sachs
Cyber Security Awareness Month - Day 6 - Computer Monitoring Tools
2010-10-05
Rick Wanner
Cyber Security Awareness Month - Day 5 - Sites you should stay away from
2010-10-04
Daniel Wesemann
Cyber Security Awareness Month - Day 4 - Managing EMail
2010-10-03
Adrien de Beaupre
Cyber Security Awareness Month - Day 3 - Recognizing phishing and online scams
2010-10-02
Mark Hofman
Cyber Security Awareness Month - Day 2 - Securing the Family Network
2010-10-01
Marcus Sachs
Cyber Security Awareness Month - 2010
2010-10-01
Marcus Sachs
Cyber Security Awareness Month - Day 1 - Securing the Family PC
2010-09-26
Daniel Wesemann
Egosurfing, the corporate way
2010-09-21
Johannes Ullrich
Implementing two Factor Authentication on the Cheap
2010-09-04
Kevin Liston
Investigating Malicious Website Reports
2010-08-22
Rick Wanner
Failure of controls...Spanair crash caused by a Trojan
2010-08-19
Rob VandenBrink
Change is Good. Change is Bad. Change is Life.
2010-08-16
Raul Siles
Blind Elephant: A New Web Application Fingerprinting Tool
2010-08-08
Marcus Sachs
Thinking about Cyber Security Awareness Month in October
2010-08-05
Manuel Humberto Santander Pelaez
Adobe Acrobat Font Parsing Integer Overflow Vulnerability
2010-08-05
Rob VandenBrink
Access Controls for Network Infrastructure
2010-08-04
Tom Liston
Incident Reporting - Liston's "How-To" Guide
2010-08-03
Johannes Ullrich
When Lightning Strikes
2010-08-02
Manuel Humberto Santander Pelaez
Securing Windows Internet Kiosk
2010-07-25
Rick Wanner
Updated version of Mandiant's Web Historian
2010-07-24
Manuel Humberto Santander Pelaez
Transmiting logon information unsecured in the network
2010-07-23
Mark Hofman
Some of our favourite sysinternals tools have been updated. TCPview, Autoruns, ProcDump and Disk2vhd have changed. More here http://blogs.technet.com/b/sysinternals/archive/2010/07/22/updates-tcpview-v3-0-autoruns-v10-02-procdump-v1-81-disk2vhd-v1-61.aspx
2010-07-15
Deborah Hale
Be on the Alert
2010-07-08
Kyle Haugsness
Ubuntu privilege escalation via PAM
2010-06-18
Tom Liston
IMPORTANT INFORMATION: Distributed SSH Brute Force Attacks
2010-06-17
Deborah Hale
Internet Fraud Alert Kicks Off Today
2010-06-15
Manuel Humberto Santander Pelaez
Microsoft Windows Help and Support Center vulnerability (CVE 2010-1885) exploit in the wild
2010-06-14
Manuel Humberto Santander Pelaez
Python on a microcontroller?
2010-06-10
Deborah Hale
Microsoft Help Centre Handling of Escape Sequences May Lead to Exploit
2010-06-07
Manuel Humberto Santander Pelaez
Software Restriction Policy to keep malware away
2010-06-06
Manuel Humberto Santander Pelaez
Nice OS X exploit tutorial
2010-06-04
Johannes Ullrich
Changes to Internet Storm Center Host Name
2010-05-26
Bojan Zdrnja
Malware modularization and AV detection evasion
2010-05-22
Rick Wanner
SANS 2010 Digital Forensics Summit - APT Based Forensic Challenge
2010-05-16
Rick Wanner
Symantec triggers on World of Warcraft update
2010-04-30
Johannes Ullrich
Sharepoint XSS Vulnerability
2010-04-30
Kevin Liston
CVE-2010-0817 SharePoint XSS Scorecard
2010-04-27
Rob VandenBrink
Layer 2 Security - L2TPv3 for Disaster Recovery Sites
2010-04-20
Raul Siles
Are You Ready for a Transportation Collapse...?
2010-03-21
Chris Carboni
Responding To The Unexpected
2010-03-18
Bojan Zdrnja
Dangers of copy&paste
2010-03-10
Rob VandenBrink
Microsoft re-release of KB973811 - attacks on Extended Protection for Authentication
2010-03-07
Mari Nichols
DHS issues Cybersecurity challenge
2010-03-06
Tony Carothers
Integration and the Security of New Technologies
2010-02-22
Rob VandenBrink
New Risks in Penetration Testing
2010-02-17
Rob VandenBrink
Multiple Security Updates for ESX 3.x and ESXi 3.x
2010-02-17
Rob VandenBrink
Cisco Security Agent Security Updates: cisco-sa-20100217-csa
2010-02-15
Johannes Ullrich
Various Olympics Related Dangerous Google Searches
2010-02-10
Marcus Sachs
Datacenters and Directory Traversals
2010-02-07
Rick Wanner
Mandiant Mtrends Report
2010-02-03
Johannes Ullrich
Information Disclosure Vulnerability in Internet Explorer
2010-01-29
Adrien de Beaupre
Neo-legacy applications
2010-01-24
Pedro Bueno
Outdated client applications
2010-01-23
Lorna Hutcheson
The necessary evils: Policies, Processes and Procedures
2010-01-22
Mari Nichols
Pass-down for a Successful Incident Response
2010-01-14
Bojan Zdrnja
0-day vulnerability in Internet Explorer 6, 7 and 8
2009-12-29
Rick Wanner
What's up with port 12174? Possible Symantec server compromise?
2009-12-14
Adrien de Beaupre
Anti-forensics, COFEE vs. DECAF
2009-12-09
Swa Frantzen
ntpd upgrade to prevent spoofed looping
2009-12-03
Mark Hofman
Avast false positives
2009-11-29
Patrick Nolan
A Cloudy Weekend
2009-11-25
Jim Clausing
Updates to my GREM Gold scripts and a new script
2009-11-24
Rick Wanner
Microsoft Security Advisory 977981 - IE 6 and IE 7
2009-10-31
Rick Wanner
Cyber Security Awareness Month - Day 31, ident
2009-10-29
Kyle Haugsness
Cyber Security Awareness Month - Day 29 - dns port 53
2009-10-29
Johannes Ullrich
Help me assemble a list of "days of doom" as a followup to the ntp diary. http://jbu.me/25
2009-10-28
Johannes Ullrich
Cyber Security Awareness Month - Day 28 - ntp (123/udp)
2009-10-25
Lorna Hutcheson
Cyber Security Awareness Month - Day 25 - Port 80 and 443
2009-10-22
Adrien de Beaupre
Cyber Security Awareness Month - Day 22 port 502 TCP - Modbus
2009-10-22
Adrien de Beaupre
Sysinternals updates: Disk2vhd v1.1, ZoomIt v4.1, Coreinfo v2.0, VMMap v2.4
2009-10-19
Daniel Wesemann
Cyber Security Awareness Month - Day 19 - ICMP
2009-10-18
Mari Nichols
Computer Security Awareness Month - Day 18 - Telnet an oldie but a goodie
2009-10-16
Adrien de Beaupre
Cyber Security Awareness Month - Day 16 - Port 1521 - Oracle TNS Listener
2009-10-11
Mark Hofman
Cyber Security Awareness Month - Day 12 Ports 161/162 Simple Network Management Protocol (SNMP)
2009-10-09
Rob VandenBrink
Cyber Security Awareness Month - Day 9 - Port 3389/tcp (RDP)
2009-10-06
Adrien de Beaupre
Cyber Security Awareness Month - Day 6 ports 67&68 udp - bootp and dhcp
2009-10-05
Adrien de Beaupre
Cyber Security Awareness Month - Day 5 port 31337
2009-10-02
Stephen Hall
Cyber Security Awareness Month - Day 2 - Port 0
2009-10-02
Stephen Hall
New SysInternal fun for the weekend
2009-09-25
Lenny Zeltser
Categories of Common Malware Traits
2009-09-19
Rick Wanner
Sysinternals Tools Updates
2009-09-17
Bojan Zdrnja
Why is Rogue/Fake AV so successful?
2009-09-04
Adrien de Beaupre
Fake anti-virus
2009-08-29
Guy Bruneau
Immunet Protect - Cloud and Community Malware Protection
2009-08-19
Daniel Wesemann
Checking your protection
2009-08-18
Deborah Hale
Sysinternals Procdump Updated
2009-08-17
Adrien de Beaupre
YAMWD: Yet Another Mass Web Defacement
2009-08-13
Johannes Ullrich
CA eTrust update crashes systems
2009-07-27
Raul Siles
Filemon and Regmon are dead, long life to Procmon!
2009-07-18
Patrick Nolan
Chrome update contains Security fixes
2009-07-16
Guy Bruneau
Changes in Windows Security Center
2009-07-11
Marcus Sachs
Imageshack
2009-06-16
John Bambenek
Iran Internet Blackout: Using Twitter for Operational Intelligence
2009-06-11
Rick Wanner
MIR-ROR Motile Incident Response - Respond Objectively Remediate
2009-06-10
Rick Wanner
SysInternals Survey
2009-05-31
Tony Carothers
L0phtcrack is Back!
2009-05-25
Jim Clausing
NTPD autokey vulnerability
2009-05-19
Rick Wanner
New Version of Mandiant Highlighter
2009-05-11
Mari Nichols
Sysinternals Updates 3 Applications
2009-05-01
Adrien de Beaupre
Incident Management
2009-04-24
John Bambenek
Data Leak Prevention: Proactive Security Requirements of Breach Notification Laws
2009-04-20
Jason Lam
Digital Content on TV
2009-04-19
Mari Nichols
Providing Accurate Risk Assessments
2009-04-16
Adrien de Beaupre
Incident Response vs. Incident Handling
2009-04-16
Adrien de Beaupre
Strange Windows Event Log entry
2009-03-20
donald smith
Stealthier then a MBR rootkit, more powerful then ring 0 control, it’s the soon to be developed SMM root kit.
2009-03-13
Mark Hofman
Ubuntu users, today is a good day to patch
2009-03-10
Swa Frantzen
Browser plug-ins, transparent proxies and same origin policies
2009-03-10
Swa Frantzen
conspiracy fodder: pifts.exe
2009-02-22
Mari Nichols
The Internet Safety Act of 2009
2009-02-06
Adrien de Beaupre
Time to patch your HP printers
2009-02-05
Rick Wanner
Mandiant Memoryze review, Hilighter, other Mandiant tools!
2009-01-31
John Bambenek
Google Search Engine's Malware Detection Broken
2009-01-12
William Salusky
Downadup / Conficker - MS08-067 exploit and Windows domain account lockout
2009-01-03
Rick Wanner
Gaza<->Israel Defacements/Hacks
2008-12-28
Raul Siles
Level3 Outage?
2008-12-17
donald smith
Internet Explorer 960714 is released
2008-12-10
Bojan Zdrnja
0-day exploit for Internet Explorer in the wild
2008-12-09
Swa Frantzen
Contacting us might be hard today
2008-12-01
Jason Lam
Call for volunteers - Web Honeypot Project
2008-11-29
Pedro Bueno
Ubuntu users: Time to update!
2008-11-17
Jim Clausing
A new cheat sheet and a contest
2008-11-14
Stephen Hall
More updated tools
2008-11-12
John Bambenek
Thoughts on Security Intelligence (McColo Corp alleged spam/malware host knocked offline)
2008-11-05
donald smith
Bot net hunters get an improved tool from SRI bothunters
2008-10-31
Rick Wanner
Sprint-Cogent Peering Issue
2008-10-30
Kevin Liston
Making Intelligence Actionable: Part 2
2008-10-29
Deborah Hale
Day 29 - Should I Switch Software Vendors?
2008-10-18
Rick Wanner
Updates to SysInternals tools!
2008-10-17
Rick Wanner
Day 18 - Containing Other Incidents
2008-10-15
Rick Wanner
Day 15 - Containing the Damage From a Lost or Stolen Laptop
2008-10-12
Mari Nichols
Day 12 Containment: Gathering Evidence That Can be Used in Court
2008-10-07
Kyle Haugsness
Cogent peering problems
2008-10-01
Rick Wanner
Handler Mailbag
2008-09-21
Mari Nichols
You still have time!
2008-09-18
Bojan Zdrnja
Monitoring HTTP User-Agent fields
2008-09-15
donald smith
Fake antivirus 2009 and search engine results
2008-09-09
Swa Frantzen
wordpress upgrade
2008-07-15
Maarten Van Horenbeeck
BlackBerry PDF parsing vulnerability
2008-07-08
Swa Frantzen
Security implications in HVAC equipment
2008-07-07
Jason Lam
We need academic volunteers - Web security research
2008-06-23
donald smith
Preventing SQL injection
2008-04-22
donald smith
Symantec decomposer rar bypass allowed malicious content.
2008-04-16
William Stearns
Passer, a aassive machine and service sniffer
2008-04-07
John Bambenek
HP USB Keys Shipped with Malware for your Proliant Server
2008-03-30
Mark Hofman
Mail Anyone?
2008-03-12
Joel Esler
Don't use G-Archiver
2006-10-30
William Salusky
ToD - Configuration Management - maintaining security awareness
2006-10-05
John Bambenek
There are no more Passive Exploits
2006-09-29
Kevin Liston
A Report from the Field
2006-09-28
Swa Frantzen
Powerpoint, yet another new vulnerability
2006-09-06
Johannes Ullrich
Updated Packet Attack flash animation
2006-08-31
Swa Frantzen
NT botnet submitted
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Forums
Auditing
Diary Discussions
Forensics
General Discussions
Industry News
Network Security
Penetration Testing
Software Security
Contact Us
Contact Us
About Us
Handlers
Slack Channel
Mastodon
Twitter
Follow updates by subscribing to the handler's
diary RSS feed