Date Author Title

PE ANALYSIS

2014-07-05Guy BruneauMalware Analysis with pedump

PE

2024-10-24/a>Johannes UllrichDevelopment Features Enabled in Prodcution
2024-10-09/a>Xavier MertensFrom Perfctl to InfoStealer
2024-09-16/a>Xavier MertensManaging PE Files With Overlays
2024-08-22/a>Johannes UllrichOpenAI Scans for Honeypots. Artificially Malicious? Action Abuse?
2024-08-14/a>Xavier MertensMultiple Malware Dropped Through MSI Package
2024-06-20/a>Guy BruneauNo Excuses, Free Tools to Help Secure Authentication in Ubuntu Linux [Guest Diary]
2024-02-29/a>Jesse La Grew[Guest Diary] Dissecting DarkGate: Modular Malware Delivery and Persistence as a Service.
2023-11-16/a>Johannes UllrichBeyond -n: Optimizing tcpdump performance
2023-06-27/a>Xavier MertensThe Importance of Malware Triage
2023-06-24/a>Guy BruneauEmail Spam with Attachment Modiloader
2023-06-19/a>Xavier MertensMalware Delivered Through .inf File
2023-05-26/a>Xavier MertensUsing DFIR Techniques To Recover From Infrastructure Outages
2023-05-16/a>Jesse La GrewSignals Defense With Faraday Bags & Flipper Zero
2023-05-14/a>Guy BruneauVMware Aria Operations addresses multiple Local Privilege Escalations and a Deserialization issue
2023-02-25/a>Didier StevensCrypto Inside a Browser
2022-11-02/a>Rob VandenBrinkBreakpoints in Burp
2022-10-17/a>Xavier MertensFileless Powershell Dropper
2022-09-22/a>Xavier MertensRAT Delivered Through FODHelper
2022-09-03/a>Didier StevensVideo: James Webb JPEG With Malware
2022-09-02/a>Didier StevensJames Webb JPEG With Malware
2022-08-22/a>Xavier Mertens32 or 64 bits Malware?
2022-07-05/a>Jan KoprivaEternalBlue 5 years after WannaCry and NotPetya
2022-06-20/a>Johannes UllrichOdd TCP Fast Open Packets. Anybody understands why?
2022-05-29/a>Didier StevensExtracting The Overlay Of A PE File
2022-05-28/a>Didier StevensHuge Signed PE File: Keeping The Signature
2022-05-26/a>Didier StevensHuge Signed PE File
2022-04-11/a>Johannes UllrichSpring: It isn't just about Spring4Shell. Spring Cloud Function Vulnerabilities are being probed too.
2022-03-30/a>Johannes UllrichJava Springtime Confusion: What Vulnerability are We Talking About
2022-03-18/a>Johannes UllrichScans for Movable Type Vulnerability (CVE-2021-20837)
2022-03-04/a>Johannes UllrichScam E-Mail Impersonating Red Cross
2022-03-03/a>Johannes UllrichAttackers Search For Exposed "LuCI" Folders: Help me understand this attack
2022-02-11/a>Xavier MertensCinaRAT Delivered Through HTML ID Attributes
2022-01-31/a>Xavier MertensBe careful with RPMSG files
2021-12-31/a>Jan KoprivaDo you want your Agent Tesla in the 300 MB or 8 kB package?
2021-12-21/a>Xavier MertensMore Undetected PowerShell Dropper
2021-10-30/a>Guy BruneauRemote Desktop Protocol (RDP) Discovery
2021-08-04/a>Yee Ching TokPivoting and Hunting for Shenanigans from a Reported Phishing Domain
2021-07-24/a>Bojan ZdrnjaActive Directory Certificate Services (ADCS - PKI) domain admin vulnerability
2021-07-20/a>Bojan ZdrnjaSummer of SAM - incorrect permissions on Windows 10/11 hives
2021-06-18/a>Daniel WesemannOpen redirects ... and why Phishers love them
2021-05-29/a>Guy BruneauSpear-phishing Email Targeting Outlook Mail Clients
2021-05-14/a>Xavier Mertens"Open" Access to Industrial Systems Interface is Also Far From Zero
2021-04-22/a>Xavier MertensHow Safe Are Your Docker Images?
2021-03-16/a>Jan Kopriva50 years of malware? Not really. 50 years of computer worms? That's a different story...
2021-03-04/a>Xavier MertensFrom VBS, PowerShell, C Sharp, Process Hollowing to RAT
2021-01-11/a>Rob VandenBrinkUsing the NVD Database and API to Keep Up with Vulnerabilities and Patches - Tool Drop: CVEScan (Part 3 of 3)
2021-01-07/a>Rob VandenBrinkUsing the NIST Database and API to Keep Up with Vulnerabilities and Patches (Part 1 of 3)
2020-12-29/a>Jan KoprivaWant to know what's in a folder you don't have a permission to access? Try asking your AV solution...
2020-11-19/a>Xavier MertensPowerShell Dropper Delivering Formbook
2020-08-25/a>Xavier MertensKeep An Eye on LOLBins
2020-08-10/a>Bojan ZdrnjaScoping web application and web service penetration tests
2020-06-30/a>Russ McReeISC Snapshot: SpectX IP Hitcount Query
2020-06-11/a>Xavier MertensAnti-Debugging JavaScript Techniques
2020-05-15/a>Rob VandenBrinkSHA3 Hashes (on Windows) - Where Art Thou?
2020-04-21/a>Russ McReeSpectX: Log Parser for DFIR
2020-03-26/a>Xavier MertensVery Large Sample as Evasion Technique?
2020-03-15/a>Guy BruneauVPN Access and Activity Monitoring
2019-12-04/a>Jan KoprivaAnalysis of a strangely poetic malware
2019-11-29/a>Russ McReeISC Snapshot: Search with SauronEye
2019-10-22/a>Bojan ZdrnjaTesting TLSv1.3 and supported ciphers
2019-08-28/a>Johannes Ullrich[Guest Diary] Open Redirect: A Small But Very Common Vulnerability
2019-08-22/a>Xavier MertensSimple Mimikatz & RDPWrapper Dropper
2019-08-21/a>Russ McReeKAPE: Kroll Artifact Parser and Extractor
2019-08-15/a>Didier StevensAnalysis of a Spearphishing Maldoc
2019-07-24/a>Xavier MertensMay People Be Considered as IOC?
2019-05-16/a>Xavier MertensThe Risk of Authenticated Vulnerability Scans
2019-04-26/a>Rob VandenBrinkPillaging Passwords from Service Accounts
2019-04-01/a>Didier StevensAnalysis of PDFs Created with OpenOffice/LibreOffice
2019-03-15/a>Remco VerhoefBinary Analysis with Jupyter and Radare2
2019-02-17/a>Didier StevensVideo: Finding Property Values in Office Documents
2019-02-16/a>Didier StevensFinding Property Values in Office Documents
2019-01-05/a>Didier StevensA Malicious JPEG? Second Example
2019-01-04/a>Didier StevensA Malicious JPEG?
2018-11-27/a>Xavier MertensMore obfuscated shell scripts: Fake MacOS Flash update
2018-11-26/a>Russ McReeViperMonkey: VBA maldoc deobfuscation
2018-11-04/a>Pasquale StirparoBeyond good ol' LaunchAgent - part 1
2018-10-26/a>Xavier MertensDissecting Malicious Office Documents with Linux
2018-10-21/a>Pasquale StirparoBeyond good ol’ LaunchAgent - part 0
2018-10-08/a>Guy BruneauLatest Release of rockNSM 2.1
2018-08-20/a>Didier StevensOpenSSH user enumeration (CVE-2018-15473)
2018-07-11/a>Remco VerhoefWell, Hello Again Peppa!
2018-06-07/a>Remco VerhoefAutomated twitter loot collection
2018-05-24/a>Xavier Mertens"Blocked" Does Not Mean "Forget It"
2018-05-07/a>Xavier MertensAdding Persistence Via Scheduled Tasks
2018-04-28/a>Rick WannerMicrosoft Security Update for Spectre V2
2018-01-28/a>Didier StevensIs this a pentest?
2018-01-10/a>Russ McReeGitHub InfoSec Threepeat: HELK, ptf, and VulnWhisperer
2018-01-08/a>Bojan ZdrnjaMeltdown and Spectre: clearing up the confusion
2017-11-25/a>Guy BruneauBenefits associated with the use of Open Source Software
2017-11-07/a>Xavier MertensInteresting VBA Dropper
2017-10-30/a>Didier StevensPE files and debug info
2017-10-08/a>Didier StevensA strange JPEG file
2017-09-10/a>Didier StevensAnalyzing JPEG files
2017-09-06/a>Adrien de BeaupreModern Web Application Penetration Testing , Hash Length Extension Attacks
2017-08-10/a>Didier StevensMaldoc Analysis with ViperMonkey
2017-07-02/a>Didier StevensPE Section Name Descriptions
2017-06-28/a>Brad DuncanPetya? I hardly know ya! - an ISC update on the 2017-06-27 ransomware outbreak
2017-05-18/a>Xavier MertensMy Little CVE Bot
2017-05-05/a>Xavier MertensHTTP Headers... the Achilles' heel of many applications
2017-04-02/a>Guy BruneauIPFire - A Household Multipurpose Security Gateway
2016-11-25/a>Xavier MertensFree Software Quick Security Checklist
2016-11-02/a>Rob VandenBrinkWhat Does a Pentest Look Like?
2016-09-28/a>Xavier MertensSNMP Pwn3ge
2016-09-04/a>Russ McReeKali Linux 2016.2 Release: https://www.kali.org/news/kali-linux-20162-release/
2016-07-28/a>Bojan ZdrnjaVerifying SSL/TLS certificates manually
2016-07-27/a>Xavier MertensCritical Xen PV guests vulnerabilities
2016-06-15/a>Richard PorterWarp Speed Ahead, L7 Open Source Packet Generator: Warp17
2016-05-21/a>Didier StevensPython Malware - Part 2
2016-05-03/a>Rick WannerOpenSSL Updates
2016-04-25/a>Guy BruneauHighlights from the 2016 HPE Annual Cyber Threat Report
2016-02-27/a>Guy BruneauOpenSSL Security Update Planned for 1 March Release
2016-02-22/a>Xavier MertensReducing False Positives with Open Data Sources
2016-02-18/a>Xavier MertensHunting for Executable Code in Windows Environments
2016-02-03/a>Xavier MertensAutomating Vulnerability Scans
2016-01-31/a>Guy BruneauOpenSSL 1.0.2 Advisory and Update
2016-01-30/a>Xavier MertensAll CVE Details at Your Fingertips
2016-01-20/a>Xavier Mertens/tmp, %TEMP%, ~/Desktop, T:\, ... A goldmine for pentesters!
2015-12-23/a>Rob VandenBrinkLibraries and Dependencies - It Really is Turtles All The Way Down!
2015-12-22/a>Rick WannerThe other Juniper vulnerability - CVE-2015-7756
2015-11-22/a>Guy BruneauOpenDNS Research Used to Predict Threat
2015-11-09/a>John BambenekICYMI: Widespread Unserialize Vulnerability in Java
2015-10-27/a>Xavier MertensThe "Yes, but..." syndrome
2015-03-17/a>Didier StevensFrom PEiD To YARA
2015-02-17/a>Rob VandenBrinkA Different Kind of Equation
2014-08-23/a>Guy BruneauNSS Labs Cyber Resilience Report
2014-08-12/a>Adrien de BeaupreHost discovery with nmap
2014-08-09/a>Adrien de BeaupreComplete application ownage via Multi-POST XSRF
2014-08-06/a>Chris MohanOpenSSL Security Advisories http://www.openssl.org/news/secadv_20140806.txt
2014-08-04/a>Russ McReeThreats & Indicators: A Security Intelligence Lifecycle
2014-07-05/a>Guy BruneauMalware Analysis with pedump
2014-06-12/a>Johannes UllrichMetasploit now includes module to exploit CVE-2014-0195 (OpenSSL DTLS Fragment Vuln.)
2014-06-05/a>Johannes UllrichCritical OpenSSL Patch Available. Patch Now!
2014-06-05/a>Johannes UllrichInternet Storm Center Briefing on OpenSSL Vulnerabilities today at 12pm ET (8am PT/4pm UTC) https://www.sans.org/webcasts/98445
2014-06-05/a>Johannes UllrichMore Details Regarding CVE-2014-0195 (DTLS arbitrary code execution)
2014-06-05/a>Johannes UllrichUpdated OpenSSL Patch Presentation
2014-04-26/a>Guy BruneauNew Project by Linux Foundation - Core Infrastructure Initiative
2014-04-21/a>Daniel WesemannOpenSSL Rampage
2014-04-21/a>Daniel WesemannFinding the bleeders
2014-04-15/a>Richard PorterVMWare Advisory VMSA-2014-0004 - Updates on OpenSSL HeartBleed http://www.vmware.com/security/advisories/VMSA-2014-0004.html
2014-04-14/a>Kevin ShorttINFOCon Green: Heartbleed - on the mend
2014-04-11/a>Johannes UllrichTonight OpenSSL Webcast #4: Client Side Issues / What to tell your kids & managers about it https://www.sans.org/webcasts/side-heartbleed-client-vulnerabilities-98135
2014-04-08/a>Guy BruneauOpenSSL CVE-2014-0160 Fixed
2014-04-08/a>Johannes Ullrich* Patch Now: OpenSSL "Heartbleed" Vulnerability
2014-04-01/a>Basil Alawi S.TaherUpgrading Your Android, Elevating My Malware
2014-01-02/a>John BambenekOpenSSL.org Defaced by Attackers Gaining Access to Hypervisor
2014-01-01/a>Russ McReeHappy New Year from the Syrian Electronic Army - Skype’s Social Media Accounts Hacked
2014-01-01/a>Russ McReeSix degrees of celebration: Juniper, ANT, Shodan, Maltego, Cisco, and Tails
2013-12-29/a>Russ McReeOpenSSL suffers apparent defacement
2013-12-21/a>Guy BruneauStrange DNS Queries - Request for Packets
2013-12-19/a>Rob VandenBrinkTarget US - Credit Card Data Breach
2013-12-16/a>Tom WebbThe case of Minerd
2013-12-01/a>Richard PorterBPF, PCAP, Binary, hex, why they matter?
2013-11-13/a>Johannes UllrichPacket Challenge for the Hivemind: What's happening with this Ethernet header?
2013-10-26/a>Guy BruneauActive Perl/Shellbot Trojan
2013-10-25/a>Rob VandenBrinkKaspersky flags TCPIP.SYS as Malware
2013-10-22/a>Richard PorterGreenbone and OpenVAS Scanner
2013-09-05/a>Rob VandenBrinkBuilding Your Own GPU Enabled Private Cloud
2013-08-21/a>Rob VandenBrinkFibre Channel Reconnaissance - Reloaded
2013-05-20/a>Guy BruneauSafe - Tools, Tactics and Techniques
2013-04-25/a>Adam SwangerGuest Diary: Dylan Johnson - A week in the life of some Perimeter Firewalls
2013-03-18/a>Kevin ShorttCisco IOS Type 4 Password Issue: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4
2013-03-13/a>Johannes UllrichIPv6 Focus Month: Kaspersky Firewall IPv6 Vulnerability
2013-02-25/a>Johannes UllrichTrustwave Trustkeeper Phish
2013-02-25/a>Johannes UllrichPunkspider enumerates web application vulnerabilities
2013-02-11/a>John BambenekOpenSSL 1.0.1e Released with Corrected fix for CVE-2013-1069, more here: http://www.openssl.org/
2013-02-04/a>Adam SwangerSAN Securing The Human Monthly Awareness Video - Advanced Persistent Threat (APT) http://www.securingthehuman.org/resources/ncsam
2013-01-15/a>Rob VandenBrinkWhen Disabling IE6 (or Java, or whatever) is not an Option...
2012-12-06/a>Johannes UllrichHow to identify if you are behind a "Transparent Proxy"
2012-12-04/a>Johannes UllrichWhere do your backup tapes go to die?
2012-11-14/a>Jim ClausingSkype account hijack vulnerability fixed
2012-09-19/a>Russ McReeScript kiddie scavenging with Shellbot.S
2012-08-17/a>Guy BruneauSuspicious eFax Spear Phishing Messages
2012-08-02/a>Guy BruneauOpera Security Update
2012-07-21/a>Rick WannerOpenDNS is looking for a few good malware people!
2012-05-06/a>Jim ClausingTool updates and Win 8
2012-05-01/a>Rob VandenBrinkAre Open SSIDs in decline?
2012-04-24/a>Russ McReeOpenSSL reissues fix for ASN1 BIO vulnerability
2012-04-19/a>Kevin ShorttOpenSSL Security Advisory - CVE-2012-2110
2012-03-27/a>Guy BruneauOpera 11.62 for Windows patch several bugs and vulnerabilities - http://www.opera.com/docs/changelogs/windows/1162/
2012-03-12/a>Guy BruneauOpenSSL Security Update
2012-01-13/a>Guy BruneauStrange DNS Queries - Request Packets/Logs
2012-01-07/a>Scott FendleyUpdated OpenDLP
2011-11-07/a>Rob VandenBrinkStuff I Learned Scripting - Evaluating a Remote SSL Certificate
2011-11-07/a>Rob VandenBrinkJuniper BGP issues causing locallized Internet Problems
2011-11-04/a>Guy BruneauDuqu Mitigation
2011-10-26/a>Rick WannerCritical Control 17:Penetration Tests and Red Team Exercises
2011-08-26/a>Daniel WesemannUser Agent 007
2011-07-19/a>Richard PorterSMS Phishing at the SANSFire 2011 Handler Dinner
2011-06-28/a>Johannes UllrichUpdate: Opera 11.50 is now available http://www.opera.com/
2011-06-04/a>Rick WannerDo you have a personal disaster recovery plan?
2011-05-31/a>Johannes UllrichSkype EasyBits Add-on
2011-05-09/a>Rick WannerSerious flaw in OpenID
2011-05-09/a>Rick WannerVUPEN Security pwns Google Chrome
2011-05-06/a>Richard PorterUnpatched Exploit: Skype for MAC
2011-04-18/a>John BambenekWordpress.com Security Breach
2011-03-16/a>Johannes UllrichAnalyzing HTTP Packet Captures
2011-02-21/a>Adrien de BeaupreKaspersky update servers unreachable
2011-02-19/a>Guy BruneauSnort Data Acquisition Library
2011-02-05/a>Guy BruneauOpenSSH Legacy Certificate Information Disclosure Vulnerability
2011-01-28/a>Guy BruneauOpenOffice Security Fixes
2011-01-27/a>Chris CarboniOpera Updates
2011-01-12/a>Richard PorterHow Many Loyalty Cards do you Carry?
2010-12-30/a>Rick WannerObvious Lessons from the Skype outage
2010-12-15/a>Johannes UllrichOpenBSD IPSec "Backdoor"
2010-11-19/a>Jason LamExchanging and sharing of assessment results
2010-11-16/a>Guy Bruneau OpenSSL TLS Extension Parsing Race Condition
2010-11-08/a>Manuel Humberto Santander PelaezNetwork Security Perimeter: How to choose the correct firewall and IPS for your environment?
2010-10-22/a>Manuel Humberto Santander PelaezIntypedia project
2010-10-12/a>Adrien de BeaupreNew version of Opera- Opera 10.63 is a recommended upgrade offering security and stability enhancements: http://www.opera.com/browser/download/
2010-09-16/a>Johannes UllrichOpenX Ad-Server Vulnerability
2010-09-09/a>Jim ClausingOpera 10.62 - security (the DLL path issue) and stability upate see http://www.opera.com/docs/changelogs/windows/1062/
2010-08-23/a>Manuel Humberto Santander PelaezFirefox plugins to perform penetration testing activities
2010-08-19/a>Daniel WesemannCasper the unfriendly ghost
2010-08-16/a>Raul SilesBlind Elephant: A New Web Application Fingerprinting Tool
2010-08-15/a>Manuel Humberto Santander PelaezOpensolaris project cancelled, replaced by Solaris 11 express
2010-08-05/a>Manuel Humberto Santander PelaezAdobe Acrobat Font Parsing Integer Overflow Vulnerability
2010-07-24/a>Manuel Humberto Santander PelaezTypes of diary: One liners vs full diary
2010-06-23/a>Scott FendleyOpera Browser Update
2010-06-06/a>Manuel Humberto Santander PelaezNice OS X exploit tutorial
2010-06-05/a>Guy BruneauOpenOffice.org 3.2.1 Fixes Bugs and Vulnerabilities
2010-06-02/a>Mark HofmanOpenSSL version 1.0.0a released. This fixes a number of security issues. Don't forget a number of commercial appliances will be using this, so look for vendor updates soon.
2010-05-22/a>Rick WannerSANS 2010 Digital Forensics Summit - APT Based Forensic Challenge
2010-04-25/a>Raul SilesManual Verification of SSL/TLS Certificate Trust Chains using Openssl
2010-04-13/a>Adrien de BeaupreWeb App Testing Tools
2010-03-29/a>Adrien de BeaupreOpenSSL V 1.0.0 released!
2010-03-24/a>Kyle HaugsnessWikipedia outage
2010-03-22/a>Guy BruneauNew Opera 10.51 available with security fixes. More information available at: http://www.opera.com/docs/changelogs/windows/1051/
2010-03-11/a>donald smithCert write up on Skype IMBot Logic and Functionality.
2010-03-05/a>Kyle HaugsnessUnpatched Opera 10.50 and below code execution vulnerability
2010-02-26/a>Rick WannerOpenSSL 0.9.8m released.
2010-02-22/a>Rob VandenBrinkMultiple Security Updates for OpenOffice ==> http://www.openoffice.org/security/bulletin.html
2010-02-22/a>Rob VandenBrinkNew Risks in Penetration Testing
2010-02-01/a>Rob VandenBrinkNMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?
2010-01-27/a>Raul SilesEuropean Union Security Challenge (Campus Party 2010)
2010-01-19/a>Jim ClausingApple Security Update 2010-001
2009-11-17/a>Guy BruneauOpenVPN Fixed OpenSSL Session Renegotiation Issue
2009-11-06/a>Andre LudwigNew version of OpenSSL released - OpenSSL 0.9.8l
2009-10-26/a>Johannes UllrichToday: ISC Login bugfix day. If you have issues logging in using OpenID, please email a copy of your OpenID URL to jullrich\at\sans.edu
2009-10-02/a>Stephen HallNew version of OpenSSH released
2009-09-01/a>Guy BruneauOpera 10 with Security Fixes
2009-07-27/a>Raul SilesNew Hacker Challenge: Prison Break - Breaking, Entering & Decoding
2009-07-09/a>Bojan ZdrnjaOpenSSH 0day FUD
2009-07-07/a>Marcus SachsOpenSSH Rumors
2009-07-03/a>Adrien de BeaupreHappy 4th of July!
2009-05-31/a>Tony CarothersL0phtcrack is Back!
2009-05-25/a>Jim ClausingMore tools for (US) Memorial Day
2009-05-01/a>Adrien de BeaupreOpenBSD 4.5
2009-04-26/a>Johannes UllrichOdd DNS Resolution for Google via OpenDNS
2009-04-21/a>Bojan ZdrnjaWeb application vulnerabilities
2009-04-07/a>Johannes UllrichCommon Apache Misconception
2009-03-03/a>Kyle HaugsnessOpera browser security updates
2009-03-01/a>Jim ClausingCool combination of tools
2009-01-08/a>Kyle HaugsnessBIND OpenSSL follow-up
2008-12-17/a>donald smithOpera 9.6.3 released with security fixes
2008-11-05/a>donald smithIf you missed President Elect Obamas speech have some malware instead
2008-10-31/a>Rick WannerSprint-Cogent Peering Issue
2008-10-30/a>Kevin ListonOpera 9.62 available - security update
2008-10-22/a>Mari NicholsOpera 9.6.1 Released
2008-10-07/a>Kyle HaugsnessCogent peering problems
2008-09-20/a>Rick WannerNew (to me) nmap Features
2008-08-20/a>Adrien de BeaupreFrom the mailbag, Opera 9.52...
2008-07-11/a>Jim ClausingHandling the load
2008-07-03/a>Bojan ZdrnjaNew Opera v9.51 fixes couple of security issues
2008-07-02/a>Jim ClausingAnother little script I threw together
2008-06-16/a>Kevin ListonOpera 9.5 is Available
2008-06-10/a>Swa FrantzenRansomware keybreaking
2008-06-09/a>Scott FendleySo Where Are Those OpenSSH Key-based Attacks?
2008-05-16/a>Daniel WesemannINFOcon back to green
2008-05-15/a>Bojan ZdrnjaDebian and Ubuntu users: fix your keys/certificates NOW
2008-05-15/a>Bojan ZdrnjaINFOCon yellow: update your Debian generated keys/certs ASAP
2008-05-13/a>Swa FrantzenOpenSSH: Predictable PRNG in debian and ubuntu Linux
2008-04-23/a>Mari NicholsWhat's New, Old and Morphing?
2008-04-14/a>John BambenekA Federal Subpoena or Just Some More Spam & Malware?
2008-04-03/a>Bojan ZdrnjaOpera fixes vulnerabilities and Microsoft announces April's fixes
2006-12-18/a>Toby KohlenbergSkype worm
2006-11-29/a>Toby KohlenbergNew Vulnerability Announcement and patches from Apple
2006-09-13/a>Swa FrantzenPHP - shared hosters, take note.

ANALYSIS

2024-10-17/a>Guy BruneauScanning Activity from Subnet 15.184.0.0/16
2024-09-25/a>Guy BruneauOSINT - Image Analysis or More Where, When, and Metadata [Guest Diary]
2024-09-18/a>Guy BruneauTime-to-Live Analysis of DShield Data with Vega-Lite
2024-09-11/a>Guy BruneauHygiene, Hygiene, Hygiene! [Guest Diary]
2024-08-27/a>Guy BruneauVega-Lite with Kibana to Parse and Display IP Activity over Time
2024-08-16/a>Jesse La Grew[Guest Diary] 7 minutes and 4 steps to a quick win: A write-up on custom tools
2024-06-13/a>Guy BruneauThe Art of JQ and Command-line Fu [Guest Diary]
2024-05-28/a>Guy BruneauIs that It? Finding the Unknown: Correlations Between Honeypot Logs & PCAPs [Guest Diary]
2024-04-29/a>Guy BruneauLinux Trojan - Xorddos with Filename eyshcjdmzg
2024-03-29/a>Xavier MertensQuick Forensics Analysis of Apache logs
2024-02-25/a>Guy BruneauUtilizing the VirusTotal API to Query Files Uploaded to DShield Honeypot [Guest Diary]
2024-02-03/a>Guy BruneauDShield Sensor Log Collection with Elasticsearch
2023-11-17/a>Jan KoprivaPhishing page with trivial anti-analysis features
2023-02-04/a>Guy BruneauAssemblyline as a Malware Analysis Sandbox
2023-01-21/a>Guy BruneauDShield Sensor JSON Log to Elasticsearch
2023-01-08/a>Guy BruneauDShield Sensor JSON Log Analysis
2022-07-29/a>Johannes UllrichPDF Analysis Intro and OpenActions Entries
2022-07-18/a>Didier StevensAdding Your Own Keywords To My PDF Tools
2022-06-01/a>Jan KoprivaHTML phishing attachments - now with anti-analysis features
2021-04-10/a>Guy BruneauBuilding an IDS Sensor with Suricata & Zeek with Logs to ELK
2021-04-06/a>Jan KoprivaMalspam with Lokibot vs. Outlook and RFCs
2021-01-30/a>Guy BruneauPacketSifter as Network Parsing and Telemetry Tool
2021-01-14/a>Bojan ZdrnjaDynamically analyzing a heavily obfuscated Excel 4 macro malicious file
2020-12-03/a>Brad DuncanTraffic Analysis Quiz: Mr Natural
2020-11-11/a>Brad DuncanTraffic Analysis Quiz: DESKTOP-FX23IK5
2020-10-01/a>Daniel WesemannMaking sense of Azure AD (AAD) activity logs
2020-09-20/a>Guy BruneauAnalysis of a Salesforce Phishing Emails
2020-06-01/a>Jim ClausingStackstrings, type 2
2020-05-02/a>Guy BruneauPhishing PDF with Unusual Hostname
2020-01-25/a>Guy BruneauIs Threat Hunting the new Fad?
2020-01-12/a>Guy BruneauELK Dashboard and Logstash parser for tcp-honeypot Logs
2019-12-29/a>Guy BruneauELK Dashboard for Pihole Logs
2019-12-07/a>Guy BruneauIntegrating Pi-hole Logs in ELK with Logstash
2019-11-23/a>Guy BruneauLocal Malware Analysis with Malice
2019-10-18/a>Xavier MertensQuick Malicious VBS Analysis
2019-06-27/a>Rob VandenBrinkFinding the Gold in a Pile of Pennies - Long Tail Analysis in PowerShell
2019-06-14/a>Jim ClausingA few Ghidra tips for IDA users, part 4 - function call graphs
2019-04-17/a>Jim ClausingA few Ghidra tips for IDA users, part 2 - strings and parameters
2019-04-08/a>Jim ClausingA few Ghidra tips for IDA users, part 1 - the decompiler/unreachable code
2019-04-03/a>Jim ClausingA few Ghidra tips for IDA users, part 0 - automatic comments for API call parameters
2019-03-31/a>Didier StevensMaldoc Analysis of the Weekend by a Reader
2019-02-27/a>Didier StevensMaldoc Analysis by a Reader
2018-11-18/a>Guy BruneauMultipurpose PCAP Analysis Tool
2018-10-21/a>Pasquale StirparoBeyond good ol’ LaunchAgent - part 0
2018-08-31/a>Jim ClausingQuickie: Using radare2 to disassemble shellcode
2018-06-01/a>Remco VerhoefBinary analysis with Radare2
2017-09-29/a>Lorna HutchesonGood Analysis = Understanding(tools + logs + normal)
2017-07-09/a>Russ McReeAdversary hunting with SOF-ELK
2017-04-28/a>Russell EubanksKNOW before NO
2017-01-28/a>Lorna HutchesonPacket Analysis - Where do you start?
2016-12-24/a>Didier StevensPinging All The Way
2016-10-30/a>Pasquale StirparoVolatility Bot: Automated Memory Analysis
2016-10-17/a>Didier StevensMaldoc VBA Anti-Analysis: Video
2016-10-15/a>Didier StevensMaldoc VBA Anti-Analysis
2016-05-14/a>Guy BruneauINetSim as a Basic Honeypot
2016-04-21/a>Daniel WesemannDecoding Pseudo-Darkleech (Part #2)
2015-05-03/a>Russ McReeVolDiff, for memory image differential analysis
2014-07-05/a>Guy BruneauMalware Analysis with pedump
2014-04-21/a>Daniel WesemannFinding the bleeders
2014-03-13/a>Daniel WesemannWeb server logs containing RS=^ ?
2014-01-14/a>Chris MohanSpamming and scanning botnets - is there something I can do to block them from my site?
2013-10-28/a>Daniel WesemannExploit cocktail (Struts, Java, Windows) going after 3-month old vulnerabilities
2013-06-18/a>Russ McReeVolatility rules...any questions?
2013-05-11/a>Lenny ZeltserExtracting Digital Signatures from Signed Malware
2013-03-09/a>Guy BruneauIPv6 Focus Month: IPv6 Encapsulation - Protocol 41
2013-02-03/a>Lorna HutchesonIs it Really an Attack?
2013-01-08/a>Jim ClausingCuckoo 0.5 is out and the world didn't end
2012-12-02/a>Guy BruneauCollecting Logs from Security Devices at Home
2012-09-19/a>Kevin ListonVolatility: 2.2 is Coming Soon
2012-09-14/a>Lenny ZeltserAnalyzing Malicious RTF Files Using OfficeMalScanner's RTFScan
2012-06-21/a>Russ McReeAnalysis of drive-by attack sample set
2012-06-04/a>Lenny ZeltserDecoding Common XOR Obfuscation in Malicious Code
2012-05-23/a>Mark BaggettIP Fragmentation Attacks
2012-03-03/a>Jim ClausingNew automated sandbox for Android malware
2012-02-07/a>Jim ClausingBook Review: Practical Packet Analysis, 2nd ed
2011-05-20/a>Guy BruneauSysinternals Updates, Analyzing Stuxnet Infection with Sysinternals Tools Part 3
2011-04-14/a>Adrien de BeaupreSysinternals updates, a new blog post, and webcast
2011-02-01/a>Lenny ZeltserThe Importance of HTTP Headers When Investigating Malicious Sites
2010-08-09/a>Jim ClausingFree/inexpensive tools for monitoring systems/networks
2010-07-21/a>Adrien de Beaupreautorun.inf and .lnk Malware (NOT 'Vulnerability in Windows Shell Could Allow Remote Code Execution' 2286198)
2010-05-26/a>Bojan ZdrnjaMalware modularization and AV detection evasion
2010-04-11/a>Marcus SachsNetwork and process forensics toolset
2010-03-26/a>Daniel WesemannGetting the EXE out of the RTF again
2010-02-13/a>Lorna HutchesonNetwork Traffic Analysis in Reverse
2010-01-14/a>Bojan ZdrnjaPDF Babushka
2010-01-07/a>Daniel WesemannStatic analysis of malicious PDFs
2010-01-07/a>Daniel WesemannStatic analysis of malicous PDFs (Part #2)
2009-11-25/a>Jim ClausingUpdates to my GREM Gold scripts and a new script
2009-11-03/a>Bojan ZdrnjaOpachki, from (and to) Russia with love
2009-09-25/a>Lenny ZeltserCategories of Common Malware Traits
2009-07-26/a>Jim ClausingNew Volatility plugins
2009-07-02/a>Daniel WesemannGetting the EXE out of the RTF
2009-04-15/a>Marcus Sachs2009 Data Breach Investigation Report
2009-03-13/a>Bojan ZdrnjaWhen web application security, Microsoft and the AV vendors all fail
2009-02-10/a>Bojan ZdrnjaMore tricks from Conficker and VM detection
2009-02-09/a>Bojan ZdrnjaSome tricks from Conficker's bag
2009-01-18/a>Daniel Wesemann3322. org
2009-01-15/a>Bojan ZdrnjaConficker's autorun and social engineering
2009-01-07/a>Bojan ZdrnjaAn Israeli patriot program or a trojan
2009-01-02/a>Rick WannerTools on my Christmas list.
2008-12-13/a>Jim ClausingFollowup from last shift and some research to do.
2008-11-17/a>Marcus SachsNew Tool: NetWitness Investigator
2008-11-17/a>Jim ClausingFinding stealth injected DLLs
2008-09-03/a>Daniel WesemannStatic analysis of Shellcode - Part 2
2008-07-07/a>Pedro BuenoBad url classification
2006-10-02/a>Jim ClausingReader's tip of the day: ratios vs. raw counts
2006-09-18/a>Jim ClausingLog analysis follow up
2006-09-09/a>Jim ClausingLog Analysis tips?
2006-09-09/a>Jim ClausingA few preliminary log analysis thoughts