Diaries by Keyword - SANS Internet Storm Center

Participate: Learn more about our honeypot network
https://isc.sans.edu/tools/honeypot/

Handler on Duty: Guy Bruneau

Threat Level: green

Date	Author	Title
2023-03-12	Guy Bruneau	AsynRAT Trojan - Bill Payment (Pago de la factura)
2023-02-04	Guy Bruneau	Assemblyline as a Malware Analysis Sandbox
2023-01-28	Didier Stevens	Sysinternals Updates: RDCMan v2.92, Sysmon v14.14, and ZoomIt v6.12
2023-01-26	Tom Webb	Live Linux IR with UAC
2023-01-17	Johannes Ullrich	Packet Tuesday: IPv6 Router Advertisements https://www.youtube.com/watch?v=uRWpB_lYIZ8
2022-12-20	Xavier Mertens	Linux File System Monitoring & Actions
2022-12-19	Xavier Mertens	Hunting for Mastodon Servers
2022-12-17	Didier Stevens	CyberChef & Entropy
2022-11-10	Xavier Mertens	Do you collect "Observables" or "IOCs"?
2022-11-02	Rob VandenBrink	Breakpoints in Burp
2022-10-30	Didier Stevens	Sysinternals Updates: Process Explorer v17.0, Handle v5.0, Process Monitor v3.92 and Sysmon v14.11
2022-10-19	Xavier Mertens	Are Internet Scanning Services Good or Bad for You?
2022-10-04	Johannes Ullrich	Credential Harvesting with Telegram API
2022-08-28	Didier Stevens	Sysinternals Updates: Sysmon v14.0 and ZoomIt v6.01
2022-08-23	Xavier Mertens	Who's Looking at Your security.txt File?
2022-07-23	Guy Bruneau	Analysis of SSH Honeypot Data with PowerBI
2022-06-17	Bojan Zdrnja	Critical vulnerability in Splunk Enterprise?s deployment server functionality
2022-06-02	Johannes Ullrich	Quick Answers in Incident Response: RECmd.exe
2022-06-01	Jan Kopriva	HTML phishing attachments - now with anti-analysis features
2022-05-23	Johannes Ullrich	Attacker Scanning for jQuery-File-Upload
2022-05-03	Rob VandenBrink	Finding the Real "Last Patched" Day (Interim Version)
2022-03-27	Didier Stevens	Video: Maldoc Cleaned by Anti-Virus
2022-03-22	Johannes Ullrich	Statement by President Biden: What you need to do (or not do)
2022-03-15	Xavier Mertens	Clean Binaries with Suspicious Behaviour
2022-03-10	Xavier Mertens	Credentials Leaks on VirusTotal
2022-02-14	Johannes Ullrich	Reminder: Decoding TLS Client Hellos to non TLS servers
2022-02-01	Xavier Mertens	Automation is Nice But Don't Replace Your Knowledge
2022-01-29	Guy Bruneau	SIEM In this Decade, Are They Better than the Last?
2021-12-31	Jan Kopriva	Do you want your Agent Tesla in the 300 MB or 8 kB package?
2021-12-30	Brad Duncan	Agent Tesla Updates SMTP Data Exfiltration Technique
2021-12-20	Jan Kopriva	PowerPoint attachments, Agent Tesla and code reuse in malware
2021-12-16	Brad Duncan	How the "Contact Forms" campaign tricks people
2021-12-06	Xavier Mertens	The Importance of Out-of-Band Networks
2021-11-18	Xavier Mertens	JavaScript Downloader Delivers Agent Tesla Trojan
2021-11-08	Xavier Mertens	(Ab)Using Security Tools & Controls for the Bad
2021-11-04	Tom Webb	Xmount for Disk Images
2021-10-31	Didier Stevens	Sysinternals: Autoruns and Sysmon updates
2021-10-20	Xavier Mertens	Thanks to COVID-19, New Types of Documents are Lost in The Wild
2021-10-18	Xavier Mertens	Malicious PowerShell Using Client Certificate Authentication
2021-09-24	Xavier Mertens	Keep an Eye on Your Users Mobile Devices (Simple Inventory)
2021-09-09	Johannes Ullrich	Updates to Our Datafeeds/API
2021-08-21	Didier Stevens	New Versions Of Sysinternals Tools
2021-08-19	Johannes Ullrich	When Lightning Strikes. What works and doesn't work.
2021-08-01	Didier Stevens	procdump Version 10.1
2021-07-08	Xavier Mertens	Using Sudo with Python For More Security Controls
2021-07-06	Xavier Mertens	Python DLL Injection Check
2021-06-30	Johannes Ullrich	CVE-2021-1675: Incomplete Patch and Leaked RCE Exploit
2021-06-30	Brad Duncan	June 2021 Forensic Contest: Answers and Analysis
2021-06-24	Xavier Mertens	Do you Like Cookies? Some are for sale!
2021-05-30	Didier Stevens	Sysinternals: Procmon, Sysmon, TcpView and Process Explorer update
2021-05-29	Guy Bruneau	Spear-phishing Email Targeting Outlook Mail Clients
2021-05-21	Xavier Mertens	Locking Kernel32.dll As Anti-Debugging Technique
2021-05-12	Jan Kopriva	Number of industrial control systems on the internet is lower then in 2020...but still far from zero
2021-05-08	Guy Bruneau	Who is Probing the Internet for Research Purposes?
2021-05-02	Didier Stevens	PuTTY And FileZilla Use The Same Fingerprint Registry Keys
2021-04-23	Xavier Mertens	Malicious PowerPoint Add-On: "Small Is Beautiful"
2021-04-22	Xavier Mertens	How Safe Are Your Docker Images?
2021-03-17	Xavier Mertens	Defenders, Know Your Operating System Like Attackers Do!
2021-03-10	Rob VandenBrink	SharpRDP - PSExec without PSExec, PSRemoting without PowerShell
2021-03-06	Xavier Mertens	Spotting the Red Team on VirusTotal!
2021-02-26	Guy Bruneau	Pretending to be an Outlook Version Update
2021-02-12	Xavier Mertens	AgentTesla Dropped Through Automatic Click in Microsoft Help File
2021-02-11	Jan Kopriva	Agent Tesla hidden in a historical anti-malware tool
2021-01-15	Guy Bruneau	Obfuscated DNS Queries
2021-01-02	Guy Bruneau	Protecting Home Office and Enterprise in 2021
2020-12-29	Jan Kopriva	Want to know what's in a folder you don't have a permission to access? Try asking your AV solution...
2020-12-08	Johannes Ullrich	December 2020 Microsoft Patch Tuesday: Exchange, Sharepoint, Dynamics and DNS Spoofing
2020-12-05	Guy Bruneau	Is IP 91.199.118.137 testing Access to aahwwx.52host.xyz?
2020-12-04	Guy Bruneau	Detecting Actors Activity with Threat Intel
2020-11-25	Xavier Mertens	Live Patching Windows API Calls Using PowerShell
2020-11-19	Xavier Mertens	PowerShell Dropper Delivering Formbook
2020-11-18	Xavier Mertens	When Security Controls Lead to Security Issues
2020-10-24	Guy Bruneau	An Alternative to Shodan, Censys with User-Agent CensysInspect/1.1
2020-10-21	Daniel Wesemann	Shipping dangerous goods
2020-10-07	Johannes Ullrich	Today, Nobody is Going to Attack You.
2020-09-30	Johannes Ullrich	Scans for FPURL.xml: Reconnaissance or Not?
2020-09-29	Xavier Mertens	Managing Remote Access for Partners & Contractors
2020-09-17	Xavier Mertens	Suspicious Endpoint Containment with OSSEC
2020-09-03	Xavier Mertens	Sandbox Evasion Using NTP
2020-08-31	Didier Stevens	Finding The Original Maldoc
2020-08-30	Johannes Ullrich	CenturyLink Outage Causing Internet Wide Problems
2020-08-29	Didier Stevens	Malicious Excel Sheet with a NULL VT Score: More Info
2020-08-24	Xavier Mertens	Tracking A Malware Campaign Through VT
2020-08-04	Johannes Ullrich	Internet Choke Points: Concentration of Authoritative Name Servers
2020-08-03	Johannes Ullrich	A Word of Caution: Helping Out People Being Stalked Online
2020-07-28	Johannes Ullrich	All I want this Tuesday: More Data
2020-06-29	Didier Stevens	Sysmon and Alternate Data Streams
2020-06-25	Johannes Ullrich	Tech Tuesday Recap / Recordings: Part 2 (Installing the Honeypot) release.
2020-06-16	Johannes Ullrich	Odd "Protest" Spam (Scam?) Targeting Atlanta Police Foundation
2020-06-04	Xavier Mertens	Anti-Debugging Technique based on Memory Protection
2020-05-23	Xavier Mertens	AgentTesla Delivered via a Malicious PowerPoint Add-In
2020-05-04	Didier Stevens	Sysmon and File Deletion
2020-04-28	Jan Kopriva	Agent Tesla delivered by the same phishing campaign for over a year
2020-04-27	Xavier Mertens	Powershell Payload Stored in a PSCredential Object
2020-03-23	Didier Stevens	Windows Zeroday Actively Exploited: Type 1 Font Parsing Remote Code Execution Vulnerability
2020-03-14	Didier Stevens	Phishing PDF With Incremental Updates.
2020-03-13	Rob VandenBrink	Not all Ethernet NICs are Created Equal - Trying to Capture Invalid Ethernet Frames
2020-03-11	Xavier Mertens	Agent Tesla Delivered via Fake Canon EOS Notification on Free OwnCloud Account
2020-02-12	Rob VandenBrink	March Patch Tuesday is Coming - the LDAP Changes will Change Your Life!
2020-01-27	Johannes Ullrich	Network Security Perspective on Coronavirus Preparedness
2020-01-25	Guy Bruneau	Is Threat Hunting the new Fad?
2020-01-23	Xavier Mertens	Complex Obfuscation VS Simple Trick
2020-01-21	Russ McRee	DeepBlueCLI: Powershell Threat Hunting
2020-01-09	Xavier Mertens	Quick Analyzis of a(nother) Maldoc
2019-11-29	Russ McRee	ISC Snapshot: Search with SauronEye
2019-11-27	Brad Duncan	Finding an Agent Tesla malware sample
2019-11-09	Guy Bruneau	Fake Netflix Update Request by Text
2019-10-19	Russell Eubanks	What Assumptions Are You Making?
2019-10-10	Rob VandenBrink	Mining Live Networks for OUI Data Oddness
2019-10-01	Johannes Ullrich	A Quick Look at Some Current Comment Spam
2019-09-19	Xavier Mertens	Agent Tesla Trojan Abusing Corporate Email Accounts
2019-09-19	Xavier Mertens	Blocklisting or Whitelisting in the Right Way
2019-09-17	Rob VandenBrink	Investigating Gaps in your Windows Event Logs
2019-08-25	Guy Bruneau	Are there any Advantages of Buying Cyber Security Insurance?
2019-07-25	Rob VandenBrink	When Users Attack! Users (and Admins) Thwarting Security Controls
2019-07-18	Rob VandenBrink	The Other Side of Critical Control 1: 802.1x Wired Network Access Controls
2019-07-17	Xavier Mertens	Analyzis of DNS TXT Records
2019-07-16	Russ McRee	Commando VM: The Complete Mandiant Offensive VM
2019-07-11	Johannes Ullrich	Remembering Mike Assante
2019-07-07	Rick Wanner	OpSec and OSInt
2019-05-20	Tom Webb	CVE-2019-0604 Attack
2019-05-19	Guy Bruneau	Is Metadata Only Approach, Good Enough for Network Traffic Analysis?
2019-05-16	Xavier Mertens	The Risk of Authenticated Vulnerability Scans
2019-04-26	Rob VandenBrink	Pillaging Passwords from Service Accounts
2019-04-25	Rob VandenBrink	Service Accounts Redux - Collecting Service Accounts with PowerShell
2019-03-27	Xavier Mertens	Running your Own Passive DNS Service
2019-02-14	Xavier Mertens	Suspicious PDF Connecting to a Remote SMB Share
2019-01-28	Bojan Zdrnja	Relaying Exchange?s NTLM authentication to domain admin (and more)
2018-12-19	Xavier Mertens	Microsoft OOB Patch for Internet Explorer: Scripting Engine Memory Corruption Vulnerability
2018-12-19	Xavier Mertens	Using OSSEC Active-Response as a DFIR Framework
2018-11-20	Xavier Mertens	Querying DShield from Cortex
2018-11-11	Pasquale Stirparo	Community contribution: joining forces or multiply solutions?
2018-10-17	Russ McRee	RedHunt Linux - Adversary Emulation, Threat Hunting & Intelligence
2018-09-20	Xavier Mertens	Hunting for Suspicious Processes with OSSEC
2018-09-05	Rob VandenBrink	Where have all my Certificates gone? (And when do they expire?)
2018-08-29	Xavier Mertens	3D Printers in The Wild, What Can Go Wrong?
2018-08-10	Remco Verhoef	Hunting SSL/TLS clients using JA3
2018-08-02	Brad Duncan	DHL-themed malspam reveals embedded malware in animated gif
2018-07-29	Guy Bruneau	Using RITA for Threat Analysis
2018-06-25	Didier Stevens	Guilty by association
2018-06-21	Xavier Mertens	Are Your Hunting Rules Still Working?
2018-06-04	Rob VandenBrink	Digging into Authenticode Certificates
2018-05-27	Guy Bruneau	Capture and Analysis of User Agents
2018-05-01	Xavier Mertens	Diving into a Simple Maldoc Generator
2018-04-27	Tom Webb	More Threat Hunting with User Agent and Drupal Exploits
2018-01-29	Didier Stevens	Comment your Packet Captures - Extra!
2018-01-28	Didier Stevens	Is this a pentest?
2018-01-13	Rick Wanner	Flaw in Intel's Active Management Technology (AMT)
2018-01-01	Didier Stevens	What is new?
2017-12-27	Guy Bruneau	What are your Security Challenges for 2018?
2017-12-19	Xavier Mertens	Example of 'MouseOver' Link in a Powerpoint File
2017-12-13	Xavier Mertens	Tracking Newly Registered Domains
2017-12-05	Tom Webb	IR using the Hive Project.
2017-12-02	Xavier Mertens	Using Bad Material for the Good
2017-11-23	Xavier Mertens	Proactive Malicious Domain Search
2017-10-30	Johannes Ullrich	Critical Patch For Oracle's Identity Manager
2017-10-18	Renato Marinho	Baselining Servers to Detect Outliers
2017-09-18	Xavier Mertens	Getting some intelligence from malspam
2017-09-17	Guy Bruneau	rockNSM as a Incident Response Package
2017-09-16	Guy Bruneau	VMware ESXi, vCenter Server, Fusion and Workstation updates resolve multiple security vulnerabilities - https://www.vmware.com/security/advisories/VMSA-2017-0015.html
2017-09-13	Rob VandenBrink	Sysinternals Update: Sysmon v6.10, Process Monitor v3.40, Autoruns v13.80, AccessChk v6.11 - https://blogs.technet.microsoft.com/sysinternals/2017/09/12/sysinternals-update-sysmon-v6-1-process-monitor-v3-4-autoruns-v13-8-accesschk-v6-11/
2017-09-06	Adrien de Beaupre	Modern Web Application Penetration Testing , Hash Length Extension Attacks
2017-09-02	Xavier Mertens	AutoIT based malware back in the wild
2017-07-24	Russell Eubanks	Trends Over Time
2017-07-18	Bojan Zdrnja	Investigation of BitTorrent Sync (v.2.0) as a P2P Cloud Service (Part 4 ? Windows Thumbnail Cache, Registry, Prefetch Files, and Link Files artefacts)
2017-07-13	Bojan Zdrnja	Investigation of BitTorrent Sync (v.2.0) as a P2P Cloud Service (Part 3 ? Physical Memory artefacts)
2017-07-12	Xavier Mertens	Backup Scripts, the FIM of the Poor
2017-07-09	Russ McRee	Adversary hunting with SOF-ELK
2017-06-17	Guy Bruneau	Mapping Use Cases to Logs. Which Logs are the Most Important to Collect?
2017-06-10	Russell Eubanks	An Occasional Look in the Rear View Mirror
2017-05-31	Pasquale Stirparo	Analysis of Competing Hypotheses, WCry and Lazarus (ACH part 2)
2017-05-28	Pasquale Stirparo	Analysis of Competing Hypotheses (ACH part 1)
2017-05-05	Xavier Mertens	HTTP Headers... the Achilles' heel of many applications
2017-04-07	Xavier Mertens	Tracking Website Defacers with HTTP Referers
2017-03-25	Russell Eubanks	Distraction as a Service
2017-03-15	Xavier Mertens	Retro Hunting!
2017-03-03	Lorna Hutcheson	BitTorrent or Something Else?
2017-02-02	Rick Wanner	Multiple vulnerabilities discovered in popular printer models
2016-12-24	Didier Stevens	Pinging All The Way
2016-11-23	Tom Webb	Mapping Attack Methodology to Controls
2016-11-22	Didier Stevens	Update:ZIP With Comment
2016-11-21	Didier Stevens	ZIP With Comment
2016-11-02	Rob VandenBrink	What Does a Pentest Look Like?
2016-10-25	Xavier Mertens	Another Day, Another Spam...
2016-10-17	Didier Stevens	Maldoc VBA Anti-Analysis: Video
2016-10-15	Didier Stevens	Maldoc VBA Anti-Analysis
2016-10-11	Xavier Mertens	WiFi Still Remains a Good Attack Vector
2016-10-08	Russell Eubanks	Unauthorized Change Detected!
2016-10-02	Guy Bruneau	Is there an Infosec Cybersecurity Talent Shortage?
2016-09-28	Xavier Mertens	SNMP Pwn3ge
2016-09-25	Pasquale Stirparo	Defining Threat Intelligence Requirements
2016-09-15	Xavier Mertens	In Need of a OTP Manager Soon?
2016-09-13	Rob VandenBrink	If it's Free, YOU are the Product
2016-09-09	Xavier Mertens	Collecting Users Credentials from Locked Devices
2016-09-02	Johannes Ullrich	Apple Patches "Trident" Vulnerabilities in OS X / Safari
2016-08-29	Russ McRee	Recommended Reading: Intrusion Detection Using Indicators of Compromise Based on Best Practices and Windows Event Logs
2016-08-24	Tom Webb	Stay on Track During IR
2016-07-31	Pasquale Stirparo	Sharing (intel) is caring... or not?
2016-07-26	Johannes Ullrich	Command and Control Channels Using "AAAA" DNS Records
2016-07-21	Didier Stevens	Practice ntds.dit File
2016-07-15	Xavier Mertens	Name All the Things!
2016-07-12	Xavier Mertens	Hunting for Malicious Files with MISP + OSSEC
2016-06-23	Russell Eubanks	An Approach to Vulnerability Management
2016-06-09	Xavier Mertens	Offensive or Defensive Security? Both!
2016-06-01	Xavier Mertens	Docker Containers Logging
2016-05-02	Rick Wanner	Lean Threat Intelligence
2016-04-29	Rob VandenBrink	Sysinternals Updated today - Updates to Sysmon, Procdump and Sigcheck. https://blogs.technet.microsoft.com/sysinternals/2016/04/28/update-sysmon-v4-procdump-v8-sigcheck-v2-51/
2016-04-02	Russell Eubanks	Why Can't We Be Friends?
2016-03-30	Xavier Mertens	What to watch with your FIM?
2016-03-21	Xavier Mertens	IP Addresses Triage
2016-03-07	Xavier Mertens	OSX Ransomware Spread via a Rogue BitTorrent Client Installer
2016-01-23	Didier Stevens	Sigcheck and VirusTotal for Offline Machine
2016-01-20	Xavier Mertens	/tmp, %TEMP%, ~/Desktop, T:\, ... A goldmine for pentesters!
2016-01-09	Xavier Mertens	Virtual Bitlocker Containers
2015-12-24	Xavier Mertens	Unity Makes Strength
2015-12-21	Daniel Wesemann	Critical Security Controls: Getting to know the unknown
2015-12-19	Russell Eubanks	VMWare Security Advisory
2015-12-05	Guy Bruneau	Are you looking to setup your own Malware Sandbox?
2015-12-04	Tom Webb	Automating Phishing Analysis using BRO
2015-11-09	John Bambenek	ICYMI: Widespread Unserialize Vulnerability in Java
2015-11-04	Richard Porter	Application Aware and Critical Control 2
2015-11-01	Guy Bruneau	Cisco Products Affected by Multiple Vulnerabilities in ntpd - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp
2015-10-27	Xavier Mertens	The "Yes, but..." syndrome
2015-10-17	Russell Eubanks	CIS Critical Security Controls - Version 6.0
2015-09-03	Xavier Mertens	Querying the DShield API from RTIR
2015-08-18	Russ McRee	Microsoft Security Bulletin MS15-093 - Critical OOB - Internet Explorer RCE
2015-08-16	Guy Bruneau	Are you a "Hunter"?
2015-08-12	Rob VandenBrink	Windows Service Accounts - Why They're Evil and Why Pentesters Love them!
2015-08-06	Didier Stevens	Sigcheck and virustotal-search
2015-07-21	Didier Stevens	Searching Through the VirusTotal Database
2015-07-18	Russell Eubanks	The Value a "Fresh Set Of Eyes" (FSOE)
2015-07-17	Didier Stevens	Process Explorer and VirusTotal
2015-07-17	Didier Stevens	Autoruns and VirusTotal
2015-07-17	Didier Stevens	Sigcheck and VirusTotal
2015-07-03	Didier Stevens	Analyzing Quarantine Files
2015-06-29	Rob VandenBrink	The Powershell Diaries 2 - Software Inventory
2015-06-28	Didier Stevens	The EICAR Test File
2015-05-29	Russell Eubanks	Trust But Verify
2015-05-27	Tom Webb	SYSINTERNALS Update(AccessChk v6.0, Autoruns v13.4, Process Monitor v3.2, VMMap v3.2)
2015-05-14	Daniel Wesemann	Oh Bloat!
2015-04-27	Richard Porter	When Prevention Fails, Incident Response Begins
2015-04-03	Didier Stevens	SSH Fingerprints Are Important
2015-03-21	Russell Eubanks	Have you seen my personal information? It has been lost. Again.
2015-03-18	Daniel Wesemann	Pass the hash!
2015-03-07	Guy Bruneau	Should it be Mandatory to have an Independent Security Audit after a Breach?
2015-02-06	Johannes Ullrich	Anthem, TurboTax and How Things "Fit Together" Sometimes
2015-01-31	Guy Bruneau	Beware of Phishing and Spam Super Bowl Fans!
2014-12-24	Rick Wanner	Incident Response at Sony
2014-12-23	John Bambenek	How I learned to stop worrying and love malware DGAs....
2014-11-04	Daniel Wesemann	20$ is 999999 Euro
2014-10-13	Lorna Hutcheson	For or Against: Port Security for Network Access Control
2014-09-27	Guy Bruneau	What has Bash and Heartbleed Taught Us?
2014-09-12	Chris Mohan	Are credential dumps worth reviewing?
2014-08-23	Guy Bruneau	NSS Labs Cyber Resilience Report
2014-08-17	Rick Wanner	Part 1: Is your home network unwittingly contributing to NTP DDOS attacks?
2014-08-17	Rick Wanner	Part 2: Is your home network unwittingly contributing to NTP DDOS attacks?
2014-08-16	Lenny Zeltser	Web Server Attack Investigation - Installing a Bot and Reverse Shell via a PHP Vulnerability
2014-08-15	Tom Webb	AppLocker Event Logs with OSSEC 2.8
2014-08-12	Adrien de Beaupre	Sysinternals updates Sysmon v1.0; Updates: Autoruns v12.01, Coreinfo v3.3, Procexp v16.03 http://blogs.technet.com/b/sysinternals/
2014-08-12	Adrien de Beaupre	Host discovery with nmap
2014-08-10	Basil Alawi S.Taher	Incident Response with Triage-ir
2014-08-06	Johannes Ullrich	Exploit Available for Symantec End Point Protection
2014-08-04	Russ McRee	Threats & Indicators: A Security Intelligence Lifecycle
2014-07-30	Rick Wanner	Symantec Endpoint Protection Privilege Escalation Zero Day
2014-07-28	Guy Bruneau	Management and Control of Mobile Device Security
2014-07-26	Chris Mohan	"Internet scanning project" scans
2014-07-06	Richard Porter	Physical Access, Point of Sale, Vegas
2014-06-24	Kevin Shortt	NTP DDoS Counts Have Dropped
2014-06-23	Russ McRee	Microsoft Interflow announced today at 26th FIRST conference
2014-06-11	Daniel Wesemann	Help your pilot fly!
2014-06-02	Rick Wanner	Using nmap to scan for DDOS reflectors
2014-05-28	Rob VandenBrink	Assessing SOAP APIs with Burp
2014-05-27	Kevin Shortt	Avast forums hacked
2014-05-01	Johannes Ullrich	Busybox Honeypot Fingerprinting and a new DVR scanner
2014-04-28	Russ McRee	Ubuntu 14.04 lockscreen bypass
2014-04-21	Daniel Wesemann	Allow us to leave!
2014-04-11	Rob VandenBrink	The Other Side of Heartbleed - Client Vulnerabilities
2014-04-05	Jim Clausing	Those strange e-mails with URLs in them can lead to Android malware
2014-04-04	Rob VandenBrink	Dealing with Disaster - A Short Malware Incident Response
2014-03-22	Guy Bruneau	How the Compromise of a User Account Lead to a Spam Incident
2014-03-13	Daniel Wesemann	Identification and authentication are hard ... finding out intention is even harder
2014-03-11	Basil Alawi S.Taher	Introduction to Memory Analysis with Mandiant Redline
2014-03-10	Basil Alawi S.Taher	Sysinternals Process Explorer v16.02, Process Monitor v3.1, PSExec v2.1 and Sigcheck v2.03 update
2014-03-02	Stephen Hall	Symantec goes yellow
2014-02-28	Daniel Wesemann	Oversharing
2014-02-26	Russ McRee	Ongoing NTP Amplification Attacks
2014-02-17	Chris Mohan	NTP reflection attacks continue
2014-02-14	Chris Mohan	SYM14-004 Symantec Endpoint Protection Management Vulnerabilities - http://www.symantec.com/business/support/index?page=content&id=TECH214866
2014-02-10	Rob VandenBrink	A Tale of Two Admins (and no Change Control)
2014-02-07	Rob VandenBrink	Hello Virustotal? It's Microsoft Calling.
2014-01-23	Chris Mohan	Learning from the breaches that happens to others Part 2
2014-01-22	Chris Mohan	Learning from the breaches that happens to others
2014-01-14	Chris Mohan	Spamming and scanning botnets - is there something I can do to block them from my site?
2014-01-04	Tom Webb	Monitoring Windows Networks Using Syslog (Part One)
2014-01-02	John Bambenek	OpenSSL.org Defaced by Attackers Gaining Access to Hypervisor
2014-01-01	Russ McRee	Six degrees of celebration: Juniper, ANT, Shodan, Maltego, Cisco, and Tails
2013-12-29	Russ McRee	OpenSSL suffers apparent defacement
2013-12-28	Russ McRee	Weekend Reading List 27 DEC
2013-12-24	Daniel Wesemann	Unfriendly crontab additions
2013-12-23	Scott Fendley	VMWare ESX/ESXi Security Advisory
2013-12-20	Daniel Wesemann	authorized key lime pie
2013-12-16	Tom Webb	The case of Minerd
2013-12-10	Rob VandenBrink	Those Look Just Like Hashes!
2013-11-30	Russ McRee	A review of Tubes, A Journey to the Center of the Internet
2013-10-30	Russ McRee	SIR v15: Five good reasons to leave Windows XP behind
2013-10-21	Johannes Ullrich	New tricks that may bring DNS spoofing back or: "Why you should enable DNSSEC even if it is a pain to do"
2013-10-18	Guy Bruneau	VMware Release Multiple Security Updates
2013-10-02	John Bambenek	Obamacare related domain registration spike, Government shutdown domain registration beginning
2013-10-01	Adrien de Beaupre	CSAM! Send us your logs!
2013-10-01	John Bambenek	*Metaspoit Releases Module to Exploit Unpatched IE Vuln CVE-2013-3893
2013-09-24	Tom Webb	IDS, NSM, and Log Management with Security Onion 12.04.3
2013-09-20	Russ McRee	Threat Level Yellow: Protection recommendations regarding Internet Explorer exploits in the wild
2013-09-18	Rob VandenBrink	Cisco DCNM Update Released
2013-09-17	John Bambenek	Microsoft Releases Out-of-Band Advisory for all Versions of Internet Explorer
2013-09-09	Johannes Ullrich	SSL is broken. So what?
2013-09-07	Guy Bruneau	Microsoft September Patch Pre-Announcement
2013-09-02	Guy Bruneau	Multiple Cisco Security Notice
2013-08-21	Rob VandenBrink	Fibre Channel Reconnaissance - Reloaded
2013-08-19	Johannes Ullrich	Running Snort on ESXi using the Distributed Switch
2013-08-19	Rob VandenBrink	ZMAP 1.02 released
2013-08-03	Deborah Hale	What Anti-virus Program Is Right For You?
2013-07-21	Guy Bruneau	Ubuntu Forums Security Breach
2013-07-19	Stephen Hall	Cyber Intelligence Tsunami
2013-07-18	Chris Mohan	Blog Spam - annoying junk or a source of intelligence?
2013-06-07	Daniel Wesemann	100% Compliant (for 65% of the systems)
2013-06-05	Richard Porter	Windows Sysinternals Updated http://technet.microsoft.com/en-us/sysinternals/default.aspx
2013-05-20	Guy Bruneau	Sysinternals Updates for Accesschk, Procdump, RAMMap and Strings http://blogs.technet.com/b/sysinternals/archive/2013/05/17/updates-accesschk-v5-11-procdump-v6-0-rammap-v1-22-strings-v2-51.aspx
2013-05-20	Johannes Ullrich	Ubuntu Package available to submit firewall logs to DShield
2013-05-20	Guy Bruneau	Safe - Tools, Tactics and Techniques
2013-05-09	Johannes Ullrich	Microsoft released a Fix-it for the Internet Explorer 8 Vulnerability http://support.microsoft.com/kb/2847140
2013-05-08	Chris Mohan	Syria drops from Internet 7th May 2013
2013-05-01	Daniel Wesemann	The cost of cleaning up
2013-04-26	Russ McRee	What is "up to date anti-virus software"?
2013-04-23	Russ McRee	Microsoft's Security Intelligence Report (SIRv14) released
2013-04-17	John Bambenek	UPDATEDx1: Boston-Related Malware Campaigns Have Begun - Now with Waco Plant Explosion Fun
2013-04-15	Rob VandenBrink	Oops - You Mean That Deleted Server was a Certificate Authority?
2013-03-27	Adam Swanger	IPv6 Focus Month: Guest Diary: Stephen Groat - IPv6 moving target defense
2013-03-25	Johannes Ullrich	IPv6 Focus Month: IPv6 over IPv4 Preference
2013-03-23	Guy Bruneau	Apple ID Two-step Verification Now Available in some Countries
2013-03-19	Johannes Ullrich	IPv6 Focus Month: The warm and fuzzy side of IPv6
2013-03-18	Johannes Ullrich	IPv6 Focus Month: What is changing with DHCP
2013-03-13	Mark Baggett	Wipe the drive! Stealthy Malware Persistence Mechanism - Part 1
2013-03-11	Richard Porter	IPv6 Focus Month: Traffic Testing, Firewalls, ACLs, pt 1
2013-03-09	Guy Bruneau	IPv6 Focus Month: IPv6 Encapsulation - Protocol 41
2013-03-08	Johannes Ullrich	IPv6 Focus Month: Filtering ICMPv6 at the Border
2013-03-06	Adam Swanger	IPv6 Focus Month: Guest Diary: Stephen Groat - Geolocation Using IPv6 Addresses
2013-03-05	Mark Hofman	IPv6 Focus Month: Device Defaults
2013-03-04	Johannes Ullrich	IPv6 Focus Month: Addresses
2013-03-02	Scott Fendley	Evernote Security Issue
2013-02-28	Daniel Wesemann	Parsing Windows Eventlogs in Powershell
2013-02-27	Adam Swanger	Guest Diary: Dylan Johnson - There's value in them there logs!
2013-02-25	Rob VandenBrink	Silent Traitors - Embedded Devices in your Datacenter
2013-02-22	Johannes Ullrich	Zendesk breach affects Tumblr/Pinterest/Twitter
2013-02-14	Adam Swanger	ISC Monthly Threat Update - February 2013 http://isc.sans.edu/podcastdetail.html?id=3121
2013-02-06	Adam Swanger	Sysinternals in particular Process Explorer update https://blogs.technet.com/b/sysinternals/?Redirected=true
2013-02-06	Johannes Ullrich	Intel Network Card (82574L) Packet of Death
2013-02-04	Adam Swanger	SAN Securing The Human Monthly Awareness Video - Advanced Persistent Threat (APT) http://www.securingthehuman.org/resources/ncsam
2013-01-17	Russ McRee	CentOS announces release of CentOS-5.9 - http://wiki.centos.org/Manuals/ReleaseNotes/CentOS5.9
2013-01-15	Rob VandenBrink	When Disabling IE6 (or Java, or whatever) is not an Option...
2013-01-13	Stephen Hall	Sysinternals Updates
2013-01-10	Adam Swanger	ISC Monthly Threat Update New Format
2013-01-09	Johannes Ullrich	New Format for Monthly Threat Update
2013-01-02	Russ McRee	EMET 3.5: The Value of Looking Through an Attacker's Eyes
2013-01-01	Johannes Ullrich	FixIt Available for Internet Explorer Vulnerability
2012-12-31	Manuel Humberto Santander Pelaez	How to determine which NAC solutions fits best to your needs
2012-12-27	John Bambenek	It's 3pm 2 days after Christmas, do you know where your unmanaged SSH keys are?
2012-12-20	Daniel Wesemann	White House strategy on security information sharing and safeguarding
2012-12-18	Dan Goldberg	Mitigating the impact of organizational change: a risk assessment
2012-12-13	Johannes Ullrich	What if Tomorrow Was the Day?
2012-12-10	Johannes Ullrich	Your CPA License has not been revoked
2012-12-06	Johannes Ullrich	How to identify if you are behind a "Transparent Proxy"
2012-12-03	John Bambenek	John McAfee Exposes His Location in Photo About His Being on Run
2012-11-29	Kevin Shortt	New Apple Security Update: APPLE-SA-2012-11-29-1 Apple TV 5.1.1
2012-11-28	Mark Hofman	McAfee releases extraDAT for W32/Autorun.worm.aaeb-h
2012-11-28	Mark Hofman	New version of wireshark is available (1.8.4), some security fixes included.
2012-11-27	Chris Mohan	Can users' phish emails be a security admin's catch of the day?
2012-11-26	John Bambenek	Online Shopping for the Holidays? Tips, News and a Fair Warning
2012-11-23	Rob VandenBrink	Risk Assessment Reloaded (thanks PCI ! )
2012-11-23	Rob VandenBrink	What's in Your Change Control Form?
2012-11-20	John Bambenek	Behind the Random NTP Bizarreness of Incorrect Year Being Set
2012-11-20	John Bambenek	Firefox v 17.0 just released, more here: http://www.mozilla.org/en-US/firefox/17.0/releasenotes/
2012-11-19	John Bambenek	MoneyGram fined $100 million for aiding wire fraud - http://krebsonsecurity.com/2012/11/moneygram-fined-100-million-for-wire-fraud/
2012-11-19	John Bambenek	New Poll: Top 5 Unresolved Security Problems of 2012
2012-11-17	Manuel Humberto Santander Pelaez	New Sysinternal Updates: AdExplorer v1.44, Contig v1.7, Coreinfo v3.2, Procdump v5.1. See http://blogs.technet.com/b/sysinternals/archive/2012/11/16/updates-adexplorer-v1-44-contig-v1-7-coreinfo-v3-2-procdump-v5-1.aspx?Redirected=true
2012-11-16	Manuel Humberto Santander Pelaez	Information Security Incidents are now a concern for colombian government
2012-11-12	John Bambenek	Request for info: Robocall Phishing Against Local/Regional Banks
2012-11-09	Mark Baggett	Remote Diagnostics with PSR
2012-11-09	Mark Baggett	Fresh batch of Microsoft patches next week
2012-11-07	Mark Baggett	Help eliminate unquoted path vulnerabilities
2012-11-07	Mark Baggett	Multiple 0-Days Reported!
2012-11-07	Mark Baggett	Cisco TACACS+ Authentication Bypass
2012-11-05	Johannes Ullrich	Reminder: Ongoing SMTP Brute Forcing Attacks
2012-11-05	Johannes Ullrich	Possible Fake-AV Ads from Doubleclick Servers
2012-11-04	Lorna Hutcheson	What's important on your network?
2012-11-02	Daniel Wesemann	The shortcomings of anti-virus software
2012-10-31	Johannes Ullrich	Cyber Security Awareness Month - Day 31 - Business Continuity and Disaster Recovery
2012-10-30	Johannes Ullrich	Hurricane Sandy Update
2012-10-30	Richard Porter	Splunk 5.0 SP-CAAAHB4 http://www.splunk.com/view/SP-CAAAHB4
2012-10-30	Mark Hofman	Cyber Security Awareness Month - Day 30 - DSD 35 mitigating controls
2012-10-29	Kevin Shortt	Cyber Security Awareness Month - Day 29 - Clear Desk: The Unacquainted Standard
2012-10-28	Tony Carothers	Firefox 16.02 Released
2012-10-26	Russ McRee	Cyber Security Awareness Month - Day 26 - Attackers use trusted domain to propagate Citadel Zeus variant
2012-10-25	Richard Porter	Cyber Security Awareness Month - Day 25 - Pro Audio & Video Packets on the Wire
2012-10-24	Russ McRee	Ongoing Windstream outage in the midwest - https://twitter.com/search?q=windstream
2012-10-24	Russ McRee	Cyber Security Awareness Month - Day 24 - A Standard for Information Security Incident Management - ISO 27035
2012-10-23	Rob VandenBrink	Cyber Security Awareness Month - Day 23: Character Encoding Standards - ASCII and Successors
2012-10-21	Johannes Ullrich	Cyber Security Awareness Month - Day 22: Connectors
2012-10-21	Lorna Hutcheson	Potential Phish for Regular Webmail Accounts
2012-10-19	Johannes Ullrich	Cyber Security Awareness Month - Day 19: Standard log formats and CEE.
2012-10-18	Rob VandenBrink	Cyber Security Awareness Month - Day 18 - Vendor Standards: The vSphere Hardening Guide
2012-10-17	Mark Hofman	Oracle Critical Patch Update October
2012-10-17	Mark Hofman	New Acrobat release (including reader) available. Version 11. Some security improvements more here -->http://blogs.adobe.com/adobereader/
2012-10-17	Rob VandenBrink	Cyber Security Awareness Month - Day 17 - A Standard for Risk Management - ISO 27005
2012-10-16	Richard Porter	CyberAwareness Month - Day 15, Standards Body Soup (pt2), Same Soup Different Cook.
2012-10-16	Johannes Ullrich	Cyber Security Awareness Month - Day 16: W3C and HTML
2012-10-14	Pedro Bueno	Cyber Security Awareness Month - Day 14 - Poor Man's File Analysis System - Part 1
2012-10-13	Guy Bruneau	New Poll - Cyber Security Awareness Month Activities 2012 - https://isc.sans.edu/poll.html
2012-10-12	Mark Hofman	Cyber Security Awareness Month - Day 12 PCI DSS
2012-10-11	Rob VandenBrink	Cyber Security Awareness Month - Day 11 - Vendor Agnostic Standards (Center for Internet Security)
2012-10-10	Kevin Shortt	Cyber Security Awareness Month - Day 10 - Standard Sudo - Part Two
2012-10-09	Johannes Ullrich	Cyber Security Awreness Month - Day 9 - Request for Comment (RFC)
2012-10-09	Johannes Ullrich	Microsoft October 2012 Black Tuesday Update - Overview
2012-10-08	Mark Hofman	Cyber Security Awareness Month - Day 8 ISO 27001
2012-10-07	Tony Carothers	Cyber Security Awareness Month - Day 7 - Rollup Review of CSAM Week 1
2012-10-06	Manuel Humberto Santander Pelaez	Cyber Security Awareness Month - Day 6 - NERC: The standard that enforces security on power SCADA
2012-10-05	Johannes Ullrich	Cyber Security Awareness Month - Day 5: Standards Body Soup, So many Flavors in the bowl.
2012-10-05	Richard Porter	VMWare Security Advisory: VMSA-2012-0014 - http://www.vmware.com/security/advisories/VMSA-2012-0014.html
2012-10-05	Richard Porter	Reports of a Distributed Injection Scan
2012-10-04	Mark Hofman	And the SHA-3 title goes to .....Keccak
2012-10-04	Johannes Ullrich	Cyber Security Awareness Month - Day 4: Crypto Standards
2012-10-03	Kevin Shortt	Cyber Security Awareness Month - Day 3 - Standard Sudo - Part One
2012-10-02	Russ McRee	Cyber Security Awareness Month - Day 2 - PCI Security Standard: Mobile Payment Acceptance Security Guidelines
2012-10-01	Johannes Ullrich	Cyber Security Awareness Month
2012-09-28	Joel Esler	Adobe certification revocation for October 4th
2012-09-26	Johannes Ullrich	Some Android phones can be reset to factory default by clicking on links
2012-09-26	Johannes Ullrich	More Java Woes
2012-09-21	Johannes Ullrich	iOS 6 Security Roundup
2012-09-20	Russ McRee	Flash Player update but no announcement, check your version http://www.adobe.com/software/flash/about/
2012-09-20	Russ McRee	Apple and Cisco Security Advisories 19 SEP 2012
2012-09-20	Russ McRee	Financial sector advisory: attacks and threats against financial institutions
2012-09-19	Russ McRee	Script kiddie scavenging with Shellbot.S
2012-09-17	Rob VandenBrink	What's on your iPad?
2012-09-14	Lenny Zeltser	Scam Report - Fake Voice Mail Email Notification Redirects to Malicious Site
2012-09-13	Mark Baggett	TCP Fuzzing with Scapy
2012-09-13	Mark Baggett	Microsoft disrupts traffic associated with the Nitol botnet
2012-09-13	Mark Baggett	More SSL trouble
2012-09-10	Johannes Ullrich	Microsoft Patch Tuesday Pre-Release
2012-09-10	Johannes Ullrich	Godaddy DDoS Attack
2012-09-10	donald smith	Blue Toad publishing co compromise lead to UDID release. http://redtape.nbcnews.com/_news/2012/09/10/13781440-exclusive-the-real-source-of-apple-device-ids-leaked-by-anonymous-last-week?lite
2012-09-06	Johannes Ullrich	SSL Requests sent to port 80 (request for help/input)
2012-09-04	Johannes Ullrich	Another round of "Spot the Exploit E-Mail"
2012-09-02	Lorna Hutcheson	Demonstrating the value of your Intrusion Detection Program and Analysts
2012-09-01	Russ McRee	Blackhole targeting Java vulnerability via fake Microsoft Services Agreement email phish
2012-08-31	Russ McRee	Not so fast: Java 7 Update 7 critical vulnerability discovered in less than 24 hours
2012-08-30	Johannes Ullrich	Editorial: The Slumlord Approach to Network Security http://isc.sans.edu/j/editorial
2012-08-29	Johannes Ullrich	"Data" URLs used for in-URL phishing
2012-08-27	Johannes Ullrich	The Good, Bad and Ugly about Assigning IPv6 Addresses
2012-08-27	Johannes Ullrich	Malware Spam harvesting Facebook Information
2012-08-26	Lorna Hutcheson	Who ya gonna contact?
2012-08-22	Adrien de Beaupre	Apple Remote Desktop update fixes no encryption issue
2012-08-22	Adrien de Beaupre	Phishing/spam via SMS
2012-08-21	Adrien de Beaupre	YYABCAFU - Yes Yet Another Bleeping Critical Adobe Flash Update
2012-08-21	Adrien de Beaupre	RuggedCom fails key management 101 on Rugged Operating System (ROS)
2012-08-20	Manuel Humberto Santander Pelaez	Do we need test procedures in our companies before implementing Antivirus signatures?
2012-08-19	Manuel Humberto Santander Pelaez	Authentication Issues between entities during protocol message exchange in SCADA Systems
2012-08-12	Tony Carothers	Layers of the Defense-in-Depth Onion
2012-08-12	Tony Carothers	Oracle Security Alert for CVE-2012-3132
2012-08-09	Mark Hofman	SQL Injection Lilupophilupop style, Part 2
2012-08-09	Mark Hofman	Zeus/Citadel variant causing issues in the Netherlands
2012-08-07	Adrien de Beaupre	Who protects small business?
2012-08-04	Kevin Liston	Vendors: More Patch-Release Options Please
2012-07-27	Daniel Wesemann	Cuckoo 0.4 is out - cool new features for malware analysis http://www.cuckoosandbox.org/
2012-07-25	Johannes Ullrich	Apple OS X 10.8 (Mountain Lion) released
2012-07-25	Johannes Ullrich	Microsoft Exchange/Sharepoint and others: Oracle Outside In Vulnerability
2012-07-24	Richard Porter	Wireshark 1.8.1 Released http://www.wireshark.org/
2012-07-24	Richard Porter	Report of spike in DNS Queries gd21.net
2012-07-21	Rick Wanner	TippingPoint DNS Version Request increase
2012-07-20	Mark Baggett	Syria Internet connection cut?
2012-07-19	Mark Baggett	Diagnosing Malware with Resource Monitor
2012-07-19	Mark Baggett	A Heap of Overflows?
2012-07-16	Richard Porter	Sysinternals Update @ http://blogs.technet.com/b/sysinternals/archive/2012/07/16/updates-handle-v3-5-process-explorer-v15-22-process-monitor-v3-03-rammap-v1-21-zoomit-v4-3.aspx
2012-07-13	Richard Porter	Yesterday (not as on the ball as Rob) at SANSFire
2012-07-13	Russ McRee	2 for 1: SANSFIRE & MSRA presentations
2012-07-13	Russ McRee	Yahoo service SQL injection vuln leads to account exposure
2012-07-12	Rick Wanner	Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctms
2012-07-12	Rick Wanner	Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Recording Server - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctrs
2012-07-12	Rick Wanner	Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-cts
2012-07-12	Rick Wanner	Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Manager - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctsman
2012-07-10	Rob VandenBrink	Today at SANSFIRE (09 July 2012) - ISC Panel Discussion on the State of the Internet
2012-07-09	Johannes Ullrich	The FBI will turn off the Internet on Monday (or not)
2012-07-09	Manuel Humberto Santander Pelaez	Internet Storm Center panel tonight at SANSFIRE 2012!
2012-07-05	Adrien de Beaupre	New OS X trojan backdoor MaControl variant reported
2012-07-05	Adrien de Beaupre	Microsoft advanced notification for July 2012 patch Tuesday
2012-07-02	Joel Esler	A rough guide to keeping your website up
2012-07-02	Dan Goldberg	Storms of June 29th 2012 in Mid Atlantic region of the USA
2012-07-02	Joel Esler	Linux & Java leap second bug
2012-06-29	Jim Clausing	Updated SysInternals tools - Autoruns, Process Explorer, Process Monitor, PSKill -- http://blogs.technet.com/b/sysinternals/archive/2012/06/28/updates-autoruns-v11-32-process-explorer-v15-21-process-monitor-v3-02-pskill-v1-15-rammap-v1-2.aspx
2012-06-28	Chris Mohan	Massive spike in BGP traffic - Possible BGP poisoning?
2012-06-25	Guy Bruneau	Issues with Windows Update Agent
2012-06-22	Kevin Liston	Updated Poll: Which Patch Delivery Schedule Works the Best for You?
2012-06-21	Raul Siles	Print Bomb? (Take 2)
2012-06-21	Russ McRee	Analysis of drive-by attack sample set
2012-06-21	Russ McRee	Wireshark 1.8.0 released 21 JUN 2012 http://www.wireshark.org/download.html
2012-06-19	Daniel Wesemann	Vulnerabilityqueerprocessbrittleness
2012-05-17	Johannes Ullrich	New IPv6 Video: IPv6 Router Advertisements https://isc.sans.edu/ipv6videos
2012-05-16	Johannes Ullrich	Avira Antivirus false positives http://forum.avira.com/wbb/index.php?page=Thread&threadID=144875
2012-05-08	Kevin Liston	Incident-response without NTP
2012-05-05	Tony Carothers	Vulnerability Assessment Program - Discussions
2012-05-02	Bojan Zdrnja	Monitoring VMWare logs
2012-04-26	Richard Porter	Define Irony: A medical device with a Virus?
2012-04-23	Russ McRee	Emergency Operations Centers & Security Incident Management: A Correlation
2012-04-18	Kevin Shortt	Sysinternals Updates - 2012 Apr 17
2012-04-13	Daniel Wesemann	Anti-virus scanning exclusions
2012-04-05	Johannes Ullrich	Evil hides everywhere: Web Application Exploits in Headers
2012-03-16	Guy Bruneau	VMware New and Updated Security Advisories
2012-03-09	Guy Bruneau	VMware New and Updated Advisories
2012-01-31	Russ McRee	OSINT tactics: parsing from FOCA for Maltego
2012-01-25	Bojan Zdrnja	pcAnywhere users – patch now!
2012-01-13	Guy Bruneau	Sysinternals Updates - http://blogs.technet.com/b/sysinternals/archive/2012/01/13/updates-autoruns-v11-21-coreinfo-v3-03-portmon-v-3-03-process-explorer-v15-12-mark-s-blog-and-mark-at-rsa-2012.aspx
2011-12-23	Daniel Wesemann	Printer Pranks
2011-11-29	John Bambenek	Hacking HP Printers for Fun and Profit
2011-11-11	Rick Wanner	Yay! More Sysinternals updates! http://technet.microsoft.com/en-us/sysinternals
2011-11-03	Richard Porter	An Apple, Inc. Sandbox to play in.
2011-10-29	Richard Porter	The Sub Critical Control? Evidence Collection
2011-10-28	Russ McRee	Critical Control 19: Data Recovery Capability
2011-10-28	Daniel Wesemann	Critical Control 20: Security Skills Assessment and Training to fill Gaps
2011-10-27	Mark Baggett	Critical Control 18: Incident Response Capabilities
2011-10-26	Rick Wanner	Critical Control 17:Penetration Tests and Red Team Exercises
2011-10-17	Rob VandenBrink	Critical Control 11: Account Monitoring and Control
2011-10-13	Guy Bruneau	Critical Control 10: Continuous Vulnerability Assessment and Remediation
2011-10-12	Kevin Shortt	Critical Control 8 - Controlled Use of Administrative Privileges
2011-10-11	Swa Frantzen	Critical Control 7 - Application Software Security
2011-10-10	Jim Clausing	Critical Control 6 - Maintenance, Monitoring, and Analysis of Security Audit Logs
2011-10-07	Mark Hofman	Critical Control 5 - Boundary Defence
2011-10-04	Rob VandenBrink	Critical Control 2 - Inventory of Authorized and Unauthorized Software
2011-10-04	Johannes Ullrich	Critical Control 3 - Secure Configurations for Hardware and Software on Laptops, Workstations and Servers
2011-10-03	Mark Hofman	Critical Control 1 - Inventory of Authorized and Unauthorized Devices
2011-10-03	Mark Baggett	What are the 20 Critical Controls?
2011-10-03	Tom Liston	Security 101 : Security Basics in 140 Characters Or Less
2011-10-02	Mark Hofman	Cyber Security Awareness Month Day 1/2 - Schedule
2011-10-02	Mark Hofman	Cyber Security Awareness Month Day 1/2 - Introduction to the controls
2011-10-01	Mark Hofman	Adobe Photoshop for Windows Vulnerability (CVE-2011-2443)
2011-09-21	Mark Hofman	October 2011 Cyber Security Awareness Month
2011-09-19	Guy Bruneau	MS Security Advisory Update - Fraudulent DigiNotar Certificates
2011-09-13	Swa Frantzen	GlobalSign back in operation
2011-09-04	Lorna Hutcheson	Several Sites Defaced
2011-08-26	Daniel Wesemann	User Agent 007
2011-08-17	Rob VandenBrink	Sysinternal updates for ProcDump v4.0, Process Monitor v2.96, Process Explorer v15.02 ==> http://blogs.technet.com/b/sysinternals/
2011-08-15	Mark Hofman	How to find unwanted files on workstations
2011-08-05	Johannes Ullrich	Microsoft Patch Tuesday Advance Notification: 13 Bulletins coming http://www.microsoft.com/technet/security/Bulletin/MS11-aug.mspx
2011-07-25	Chris Mohan	Monday morning incident handler practice
2011-07-13	Guy Bruneau	New Sguil HTTPRY Agent
2011-07-11	John Bambenek	Another Defense Contractor Hacked in AntiSec Hacktivism Spree
2011-07-09	Chris Mohan	Safer Windows Incident Response
2011-07-05	Raul Siles	Helping Developers Understand Security - Spot the Vuln
2011-07-03	Deborah Hale	Business Continuation in the Face of Disaster
2011-06-17	Richard Porter	When do you stop owning Technology?
2011-06-03	Guy Bruneau	SonyPictures Site Compromised
2011-06-02	Johannes Ullrich	Some Insight into Apple's Anti-Virus Signatures
2011-05-31	Johannes Ullrich	Apple Improving OS X Anti-Malware Feature
2011-05-20	Guy Bruneau	Sysinternals Updates, Analyzing Stuxnet Infection with Sysinternals Tools Part 3
2011-05-19	Daniel Wesemann	Fake AV Bingo
2011-05-18	Bojan Zdrnja	Android, HTTP and authentication tokens
2011-05-04	Richard Porter	Microsoft Sysinterals Update
2011-04-25	Rob VandenBrink	Sony PlayStation Network Outage - Day 5
2011-04-14	Adrien de Beaupre	Sysinternals updates, a new blog post, and webcast
2011-04-07	Chris Mohan	Being a good internet neighbour
2011-03-25	Kevin Liston	APT Tabletop Exercise
2011-03-22	Chris Mohan	Read only USB stick trick
2011-03-17	Kevin Liston	So You Got an AV Alert. Now What?
2011-03-09	Kevin Shortt	AVG Anti-Virus 2011 False Positives - Luhe.Exploit.PDF.B
2011-03-09	Chris Mohan	Possible Issue with Forefront Update KB2508823
2011-03-01	Daniel Wesemann	AV software and "sharing samples"
2011-02-25	Johannes Ullrich	Thunderbolt Security Speculations
2011-02-08	Johannes Ullrich	Tippingpoint Releases Details on Unpatched Bugs
2011-01-30	Richard Porter	The Modern Dark Ages?
2011-01-27	Robert Danford	Microsoft Security Advisory for MHTML via Internet Explorer (MS2501696/CVE-2011-0096)
2011-01-23	Richard Porter	Crime is still Crime!
2011-01-18	Daniel Wesemann	Yet another rogue anti-virus
2011-01-12	Richard Porter	Yet Another Data Broker? AOL Lifestream.
2011-01-12	Richard Porter	How Many Loyalty Cards do you Carry?
2011-01-05	Johannes Ullrich	Currently Unpatched Windows / Internet Explorer Vulnerabilities
2010-12-19	Raul Siles	Intel's new processors have a remote kill switch (Anti-Theft 3.0)
2010-12-15	Manuel Humberto Santander Pelaez	Vulnerability in the PDF distiller of the BlackBerry Attachment Service
2010-12-05	Jim Clausing	Updates to a couple of Sysinternals tools
2010-11-19	Jason Lam	Exchanging and sharing of assessment results
2010-11-11	Daniel Wesemann	Fake AV scams via Skype Chat
2010-11-01	Manuel Humberto Santander Pelaez	Checkpoint UTM-1 edge VPN boxes worldwide did an unscheduled reboot
2010-10-31	Marcus Sachs	Cyber Security Awareness Month - Day 31 - Tying it all together
2010-10-30	Guy Bruneau	Cyber Security Awareness Month - Day 30 - Role of the network team
2010-10-29	Manuel Humberto Santander Pelaez	Cyber Security Awareness Month - Day 29- Role of the office geek
2010-10-28	Rick Wanner	Cyber Security Awareness Month - Day 27 - Social Media use in the office
2010-10-28	Tony Carothers	Cyber Security Awareness Month - Day 28 - Role of the employee
2010-10-26	Pedro Bueno	Cyber Security Awareness Month - Day 26 - Sharing Office Files
2010-10-25	Kevin Shortt	Cyber Security Awareness Month - Day 25 - Using Home Computers for Work
2010-10-24	Swa Frantzen	Cyber Security Awarenes Month - Day 24 - Using work computers at home
2010-10-23	Mark Hofman	Cyber Security Awareness Month - Day 23 - The Importance of compliance
2010-10-22	Daniel Wesemann	Cyber Security Awareness Month - Day 22 - Security of removable media
2010-10-22	Manuel Humberto Santander Pelaez	Intypedia project
2010-10-21	Chris Carboni	Cyber Security Awareness Month - Day 21 - Impossible Requests from the Boss
2010-10-20	Jim Clausing	Cyber Security Awareness Month - Day 20 - Securing Mobile Devices
2010-10-19	Rob VandenBrink	Cyber Security Awareness Month - Day 19 - Remote Access Tools
2010-10-19	Rob VandenBrink	Cyber Security Awareness Month - Day 19 - Remote User VPN Tunnels - to Split or not to Split?
2010-10-19	Rob VandenBrink	Cyber Security Awareness Month - Day 19 - VPN Architectures – SSL or IPSec?
2010-10-19	Rob VandenBrink	Cyber Security Awareness Month - Day 19 - Remote User VPN Access – Are things getting too easy, or too hard?
2010-10-19	Rob VandenBrink	Cyber Security Awareness Month - Day 19 - VPN and Remote Access Tools
2010-10-18	Manuel Humberto Santander Pelaez	Cyber Security Awareness Month - Day 18 - What you should tell your boss when there's a crisis
2010-10-17	Stephen Hall	Cyber Security Awareness Month - Day 17 - What a boss should and should not have access to
2010-10-15	Marcus Sachs	Cyber Security Awareness Month - Day 15 - What Teachers Need to Know About Their Students
2010-10-15	Guy Bruneau	Cyber Security Awareness Month - Day 16 - Securing a donated computer
2010-10-14	Johannes Ullrich	Cyber Security Awareness Month - Day 14 - Securing a public computer
2010-10-13	Deborah Hale	Cyber Security Awareness Month - Day 13 - Online Bullying
2010-10-12	Scott Fendley	Cyber Security Awareness Month - Day 12 - Protecting and Managing Your Digital Identity On Social Media Sites
2010-10-11	Rick Wanner	Cyber Security Awareness Month - Day 11 - Safe Browsing for Teens
2010-10-10	Kevin Liston	Cyber Security Awareness Month - Day 10 - Safe browsing for pre-teens
2010-10-09	Kevin Shortt	Cyber Security Awareness Month - Day 9 - Disposal of an Old Computer
2010-10-08	Rick Wanner	Cyber Security Awareness Month - Day 8 - Patch Management and System Updates
2010-10-06	Rob VandenBrink	Cyber Security Awareness Month - Day 7 - Remote Access and Monitoring Tools
2010-10-06	Marcus Sachs	Cyber Security Awareness Month - Day 6 - Computer Monitoring Tools
2010-10-05	Rick Wanner	Cyber Security Awareness Month - Day 5 - Sites you should stay away from
2010-10-04	Daniel Wesemann	Cyber Security Awareness Month - Day 4 - Managing EMail
2010-10-03	Adrien de Beaupre	Cyber Security Awareness Month - Day 3 - Recognizing phishing and online scams
2010-10-02	Mark Hofman	Cyber Security Awareness Month - Day 2 - Securing the Family Network
2010-10-01	Marcus Sachs	Cyber Security Awareness Month - 2010
2010-10-01	Marcus Sachs	Cyber Security Awareness Month - Day 1 - Securing the Family PC
2010-09-26	Daniel Wesemann	Egosurfing, the corporate way
2010-09-21	Johannes Ullrich	Implementing two Factor Authentication on the Cheap
2010-09-04	Kevin Liston	Investigating Malicious Website Reports
2010-08-22	Rick Wanner	Failure of controls...Spanair crash caused by a Trojan
2010-08-19	Rob VandenBrink	Change is Good. Change is Bad. Change is Life.
2010-08-16	Raul Siles	Blind Elephant: A New Web Application Fingerprinting Tool
2010-08-08	Marcus Sachs	Thinking about Cyber Security Awareness Month in October
2010-08-05	Manuel Humberto Santander Pelaez	Adobe Acrobat Font Parsing Integer Overflow Vulnerability
2010-08-05	Rob VandenBrink	Access Controls for Network Infrastructure
2010-08-04	Tom Liston	Incident Reporting - Liston's "How-To" Guide
2010-08-03	Johannes Ullrich	When Lightning Strikes
2010-08-02	Manuel Humberto Santander Pelaez	Securing Windows Internet Kiosk
2010-07-25	Rick Wanner	Updated version of Mandiant's Web Historian
2010-07-24	Manuel Humberto Santander Pelaez	Transmiting logon information unsecured in the network
2010-07-23	Mark Hofman	Some of our favourite sysinternals tools have been updated. TCPview, Autoruns, ProcDump and Disk2vhd have changed. More here http://blogs.technet.com/b/sysinternals/archive/2010/07/22/updates-tcpview-v3-0-autoruns-v10-02-procdump-v1-81-disk2vhd-v1-61.aspx
2010-07-15	Deborah Hale	Be on the Alert
2010-07-08	Kyle Haugsness	Ubuntu privilege escalation via PAM
2010-06-18	Tom Liston	IMPORTANT INFORMATION: Distributed SSH Brute Force Attacks
2010-06-17	Deborah Hale	Internet Fraud Alert Kicks Off Today
2010-06-15	Manuel Humberto Santander Pelaez	Microsoft Windows Help and Support Center vulnerability (CVE 2010-1885) exploit in the wild
2010-06-14	Manuel Humberto Santander Pelaez	Python on a microcontroller?
2010-06-10	Deborah Hale	Microsoft Help Centre Handling of Escape Sequences May Lead to Exploit
2010-06-07	Manuel Humberto Santander Pelaez	Software Restriction Policy to keep malware away
2010-06-06	Manuel Humberto Santander Pelaez	Nice OS X exploit tutorial
2010-06-04	Johannes Ullrich	Changes to Internet Storm Center Host Name
2010-05-26	Bojan Zdrnja	Malware modularization and AV detection evasion
2010-05-22	Rick Wanner	SANS 2010 Digital Forensics Summit - APT Based Forensic Challenge
2010-05-16	Rick Wanner	Symantec triggers on World of Warcraft update
2010-04-30	Johannes Ullrich	Sharepoint XSS Vulnerability
2010-04-30	Kevin Liston	CVE-2010-0817 SharePoint XSS Scorecard
2010-04-27	Rob VandenBrink	Layer 2 Security - L2TPv3 for Disaster Recovery Sites
2010-04-20	Raul Siles	Are You Ready for a Transportation Collapse...?
2010-03-21	Chris Carboni	Responding To The Unexpected
2010-03-18	Bojan Zdrnja	Dangers of copy&paste
2010-03-10	Rob VandenBrink	Microsoft re-release of KB973811 - attacks on Extended Protection for Authentication
2010-03-07	Mari Nichols	DHS issues Cybersecurity challenge
2010-03-06	Tony Carothers	Integration and the Security of New Technologies
2010-02-22	Rob VandenBrink	New Risks in Penetration Testing
2010-02-17	Rob VandenBrink	Multiple Security Updates for ESX 3.x and ESXi 3.x
2010-02-17	Rob VandenBrink	Cisco Security Agent Security Updates: cisco-sa-20100217-csa
2010-02-15	Johannes Ullrich	Various Olympics Related Dangerous Google Searches
2010-02-10	Marcus Sachs	Datacenters and Directory Traversals
2010-02-07	Rick Wanner	Mandiant Mtrends Report
2010-02-03	Johannes Ullrich	Information Disclosure Vulnerability in Internet Explorer
2010-01-29	Adrien de Beaupre	Neo-legacy applications
2010-01-24	Pedro Bueno	Outdated client applications
2010-01-23	Lorna Hutcheson	The necessary evils: Policies, Processes and Procedures
2010-01-22	Mari Nichols	Pass-down for a Successful Incident Response
2010-01-14	Bojan Zdrnja	0-day vulnerability in Internet Explorer 6, 7 and 8
2009-12-29	Rick Wanner	What's up with port 12174? Possible Symantec server compromise?
2009-12-14	Adrien de Beaupre	Anti-forensics, COFEE vs. DECAF
2009-12-09	Swa Frantzen	ntpd upgrade to prevent spoofed looping
2009-12-03	Mark Hofman	Avast false positives
2009-11-29	Patrick Nolan	A Cloudy Weekend
2009-11-25	Jim Clausing	Updates to my GREM Gold scripts and a new script
2009-11-24	Rick Wanner	Microsoft Security Advisory 977981 - IE 6 and IE 7
2009-10-31	Rick Wanner	Cyber Security Awareness Month - Day 31, ident
2009-10-29	Kyle Haugsness	Cyber Security Awareness Month - Day 29 - dns port 53
2009-10-29	Johannes Ullrich	Help me assemble a list of "days of doom" as a followup to the ntp diary. http://jbu.me/25
2009-10-28	Johannes Ullrich	Cyber Security Awareness Month - Day 28 - ntp (123/udp)
2009-10-25	Lorna Hutcheson	Cyber Security Awareness Month - Day 25 - Port 80 and 443
2009-10-22	Adrien de Beaupre	Cyber Security Awareness Month - Day 22 port 502 TCP - Modbus
2009-10-22	Adrien de Beaupre	Sysinternals updates: Disk2vhd v1.1, ZoomIt v4.1, Coreinfo v2.0, VMMap v2.4
2009-10-19	Daniel Wesemann	Cyber Security Awareness Month - Day 19 - ICMP
2009-10-18	Mari Nichols	Computer Security Awareness Month - Day 18 - Telnet an oldie but a goodie
2009-10-16	Adrien de Beaupre	Cyber Security Awareness Month - Day 16 - Port 1521 - Oracle TNS Listener
2009-10-11	Mark Hofman	Cyber Security Awareness Month - Day 12 Ports 161/162 Simple Network Management Protocol (SNMP)
2009-10-09	Rob VandenBrink	Cyber Security Awareness Month - Day 9 - Port 3389/tcp (RDP)
2009-10-06	Adrien de Beaupre	Cyber Security Awareness Month - Day 6 ports 67&68 udp - bootp and dhcp
2009-10-05	Adrien de Beaupre	Cyber Security Awareness Month - Day 5 port 31337
2009-10-02	Stephen Hall	Cyber Security Awareness Month - Day 2 - Port 0
2009-10-02	Stephen Hall	New SysInternal fun for the weekend
2009-09-25	Lenny Zeltser	Categories of Common Malware Traits
2009-09-19	Rick Wanner	Sysinternals Tools Updates
2009-09-17	Bojan Zdrnja	Why is Rogue/Fake AV so successful?
2009-09-04	Adrien de Beaupre	Fake anti-virus
2009-08-29	Guy Bruneau	Immunet Protect - Cloud and Community Malware Protection
2009-08-19	Daniel Wesemann	Checking your protection
2009-08-18	Deborah Hale	Sysinternals Procdump Updated
2009-08-17	Adrien de Beaupre	YAMWD: Yet Another Mass Web Defacement
2009-08-13	Johannes Ullrich	CA eTrust update crashes systems
2009-07-27	Raul Siles	Filemon and Regmon are dead, long life to Procmon!
2009-07-18	Patrick Nolan	Chrome update contains Security fixes
2009-07-16	Guy Bruneau	Changes in Windows Security Center
2009-07-11	Marcus Sachs	Imageshack
2009-06-16	John Bambenek	Iran Internet Blackout: Using Twitter for Operational Intelligence
2009-06-11	Rick Wanner	MIR-ROR Motile Incident Response - Respond Objectively Remediate
2009-06-10	Rick Wanner	SysInternals Survey
2009-05-31	Tony Carothers	L0phtcrack is Back!
2009-05-25	Jim Clausing	NTPD autokey vulnerability
2009-05-19	Rick Wanner	New Version of Mandiant Highlighter
2009-05-11	Mari Nichols	Sysinternals Updates 3 Applications
2009-05-01	Adrien de Beaupre	Incident Management
2009-04-24	John Bambenek	Data Leak Prevention: Proactive Security Requirements of Breach Notification Laws
2009-04-20	Jason Lam	Digital Content on TV
2009-04-19	Mari Nichols	Providing Accurate Risk Assessments
2009-04-16	Adrien de Beaupre	Incident Response vs. Incident Handling
2009-04-16	Adrien de Beaupre	Strange Windows Event Log entry
2009-03-20	donald smith	Stealthier then a MBR rootkit, more powerful then ring 0 control, it’s the soon to be developed SMM root kit.
2009-03-13	Mark Hofman	Ubuntu users, today is a good day to patch
2009-03-10	Swa Frantzen	Browser plug-ins, transparent proxies and same origin policies
2009-03-10	Swa Frantzen	conspiracy fodder: pifts.exe
2009-02-22	Mari Nichols	The Internet Safety Act of 2009
2009-02-06	Adrien de Beaupre	Time to patch your HP printers
2009-02-05	Rick Wanner	Mandiant Memoryze review, Hilighter, other Mandiant tools!
2009-01-31	John Bambenek	Google Search Engine's Malware Detection Broken
2009-01-12	William Salusky	Downadup / Conficker - MS08-067 exploit and Windows domain account lockout
2009-01-03	Rick Wanner	Gaza<->Israel Defacements/Hacks
2008-12-28	Raul Siles	Level3 Outage?
2008-12-17	donald smith	Internet Explorer 960714 is released
2008-12-10	Bojan Zdrnja	0-day exploit for Internet Explorer in the wild
2008-12-09	Swa Frantzen	Contacting us might be hard today
2008-12-01	Jason Lam	Call for volunteers - Web Honeypot Project
2008-11-29	Pedro Bueno	Ubuntu users: Time to update!
2008-11-17	Jim Clausing	A new cheat sheet and a contest
2008-11-14	Stephen Hall	More updated tools
2008-11-12	John Bambenek	Thoughts on Security Intelligence (McColo Corp alleged spam/malware host knocked offline)
2008-11-05	donald smith	Bot net hunters get an improved tool from SRI bothunters
2008-10-31	Rick Wanner	Sprint-Cogent Peering Issue
2008-10-30	Kevin Liston	Making Intelligence Actionable: Part 2
2008-10-29	Deborah Hale	Day 29 - Should I Switch Software Vendors?
2008-10-18	Rick Wanner	Updates to SysInternals tools!
2008-10-17	Rick Wanner	Day 18 - Containing Other Incidents
2008-10-15	Rick Wanner	Day 15 - Containing the Damage From a Lost or Stolen Laptop
2008-10-12	Mari Nichols	Day 12 Containment: Gathering Evidence That Can be Used in Court
2008-10-07	Kyle Haugsness	Cogent peering problems
2008-10-01	Rick Wanner	Handler Mailbag
2008-09-21	Mari Nichols	You still have time!
2008-09-18	Bojan Zdrnja	Monitoring HTTP User-Agent fields
2008-09-15	donald smith	Fake antivirus 2009 and search engine results
2008-09-09	Swa Frantzen	wordpress upgrade
2008-07-15	Maarten Van Horenbeeck	BlackBerry PDF parsing vulnerability
2008-07-08	Swa Frantzen	Security implications in HVAC equipment
2008-07-07	Jason Lam	We need academic volunteers - Web security research
2008-06-23	donald smith	Preventing SQL injection
2008-04-22	donald smith	Symantec decomposer rar bypass allowed malicious content.
2008-04-16	William Stearns	Passer, a aassive machine and service sniffer
2008-04-07	John Bambenek	HP USB Keys Shipped with Malware for your Proliant Server
2008-03-30	Mark Hofman	Mail Anyone?
2008-03-12	Joel Esler	Don't use G-Archiver
2006-10-30	William Salusky	ToD - Configuration Management - maintaining security awareness
2006-10-05	John Bambenek	There are no more Passive Exploits
2006-09-29	Kevin Liston	A Report from the Field
2006-09-28	Swa Frantzen	Powerpoint, yet another new vulnerability
2006-09-06	Johannes Ullrich	Updated Packet Attack flash animation
2006-08-31	Swa Frantzen	NT botnet submitted