Date Author Title

RED TEAM

2019-11-29Russ McReeISC Snapshot: Search with SauronEye
2019-08-21Russ McReeKAPE: Kroll Artifact Parser and Extractor
2019-07-16Russ McReeCommando VM: The Complete Mandiant Offensive VM
2019-04-05Russ McReeBeagle: Graph transforms for DFIR data & logs
2018-10-17Russ McReeRedHunt Linux - Adversary Emulation, Threat Hunting & Intelligence

RED

2024-08-26/a>Xavier MertensFrom Highly Obfuscated Batch File to XWorm and Redline
2024-08-14/a>Xavier MertensMultiple Malware Dropped Through MSI Package
2024-05-22/a>Guy BruneauAnalysis of ?redtail? File Uploads to ICS Honeypot, a Multi-Architecture Coin Miner [Guest Diary]
2024-05-15/a>Rob VandenBrinkGot MFA? If not, Now is the Time!
2024-03-10/a>Guy BruneauWhat happens when you accidentally leak your AWS API keys? [Guest Diary]
2024-03-07/a>Jesse La Grew[Guest Diary] AWS Deployment Risks - Configuration and Credential File Targeting
2023-11-15/a>Xavier MertensRedline Dropped Through MSIX Package
2023-10-29/a>Guy BruneauSpam or Phishing? Looking for Credentials & Passwords
2023-08-04/a>Xavier MertensAre Leaked Credentials Dumps Used by Attackers?
2022-10-04/a>Johannes UllrichCredential Harvesting with Telegram API
2022-09-15/a>Xavier MertensMalicious Word Document with a Frameset
2022-07-08/a>Johannes UllrichISC Website Redesign
2022-03-10/a>Xavier MertensCredentials Leaks on VirusTotal
2022-03-07/a>Johannes UllrichNo Bitcoin - No Problem: Follow Up to Last Weeks Donation Scam
2022-03-04/a>Johannes UllrichScam E-Mail Impersonating Red Cross
2022-01-20/a>Xavier MertensRedLine Stealer Delivered Through FTP
2022-01-16/a>Guy Bruneau10 Most Popular Targeted Ports in the Past 3 Weeks
2021-11-08/a>Xavier Mertens(Ab)Using Security Tools & Controls for the Bad
2021-06-18/a>Daniel WesemannOpen redirects ... and why Phishers love them
2021-05-29/a>Guy BruneauSpear-phishing Email Targeting Outlook Mail Clients
2021-03-06/a>Xavier MertensSpotting the Red Team on VirusTotal!
2020-11-18/a>Xavier MertensWhen Security Controls Lead to Security Issues
2020-07-16/a>John BambenekHunting for SigRed Exploitation
2020-07-15/a>Johannes UllrichPATCH NOW - SIGRed - CVE-2020-1350 - Microsoft DNS Server Vulnerability
2020-04-27/a>Xavier MertensPowershell Payload Stored in a PSCredential Object
2020-02-27/a>Xavier MertensOffensive Tools Are For Blue Teams Too
2020-02-25/a>Jan KoprivaQuick look at a couple of current online scam campaigns
2019-11-29/a>Russ McReeISC Snapshot: Search with SauronEye
2019-11-09/a>Guy BruneauFake Netflix Update Request by Text
2019-11-08/a>Xavier MertensMicrosoft Apps Diverted from Their Main Use
2019-08-28/a>Johannes Ullrich[Guest Diary] Open Redirect: A Small But Very Common Vulnerability
2019-08-21/a>Russ McReeKAPE: Kroll Artifact Parser and Extractor
2019-07-16/a>Russ McReeCommando VM: The Complete Mandiant Offensive VM
2019-04-05/a>Russ McReeBeagle: Graph transforms for DFIR data & logs
2018-10-17/a>Russ McReeRedHunt Linux - Adversary Emulation, Threat Hunting & Intelligence
2018-03-08/a>Xavier MertensCRIMEB4NK IRC Bot
2017-12-27/a>Guy BruneauWhat are your Security Challenges for 2018?
2016-09-09/a>Xavier MertensCollecting Users Credentials from Locked Devices
2016-06-29/a>Xavier MertensPhishing Campaign with Blurred Images
2016-01-05/a>Guy BruneauWhat are you Concerned the Most in 2016?
2015-05-23/a>Guy BruneauBusiness Value in "Big Data"
2015-03-18/a>Daniel WesemannPass the hash!
2015-01-31/a>Guy BruneauBeware of Phishing and Spam Super Bowl Fans!
2014-11-24/a>Richard PorterSomeone is using this? PoS: Compressor
2014-09-12/a>Chris MohanAre credential dumps worth reviewing?
2014-07-03/a>Johannes UllrichCredit Card Processing in 700 Words or Less
2014-06-13/a>Richard PorterA welcomed response, PF Chang's
2013-12-19/a>Rob VandenBrinkTarget US - Credit Card Data Breach
2013-09-23/a>Rob VandenBrinkHow do you spell "PSK"?
2013-07-12/a>Johannes UllrichDNS resolution is failing for Microsofts Teredo server (teredo.ipv6.microsoft.com)
2013-07-12/a>Johannes UllrichMicrosoft Teredo Server "Sunset"
2013-03-09/a>Guy BruneauIPv6 Focus Month: IPv6 Encapsulation - Protocol 41
2013-02-21/a>Pedro BuenoNBC site redirecting to Exploit kit
2011-05-03/a>Johannes UllrichAnalyzing Teredo with tshark and Wireshark
2011-01-03/a>Johannes UllrichWhat Will Matter in 2011
2010-07-24/a>Manuel Humberto Santander PelaezTransmiting logon information unsecured in the network
2010-06-15/a>Manuel Humberto Santander PelaezMastercard delivering cards with OTP device included
2010-04-22/a>John BambenekData Redaction: You're Doing it Wrong
2010-02-16/a>Jim ClausingTeredo request for packets
2010-02-16/a>Johannes UllrichTeredo "stray packet" analysis
2009-07-28/a>Adrien de BeaupreYYAMCCBA
2009-05-18/a>Rick WannerJSRedir-R/Gumblar badness

TEAM

2024-11-07/a>Xavier MertensSteam Account Checker Poisoned with Infostealer
2023-07-01/a>Russ McReeSandfly Security
2023-05-09/a>Russ McReeExploratory Data Analysis with CISSM Cyber Attacks Database - Part 2
2022-09-23/a>Xavier MertensKids Like Cookies, Malware Too!
2022-09-19/a>Russ McReeChainsaw: Hunt, search, and extract event log records
2022-06-10/a>Russ McReeEPSScall: An Exploit Prediction Scoring System App
2021-12-28/a>Russ McReeLotL Classifier tests for shells, exfil, and miners
2021-03-06/a>Xavier MertensSpotting the Red Team on VirusTotal!
2021-03-02/a>Russ McReeAdversary Simulation with Sim
2021-01-19/a>Russ McReeGordon for fast cyber reputation checks
2020-10-23/a>Russ McReeSooty: SOC Analyst's All-in-One Tool
2020-08-12/a>Russ McReeTo the Brim at the Gates of Mordor Pt. 1
2020-06-30/a>Russ McReeISC Snapshot: SpectX IP Hitcount Query
2020-04-21/a>Russ McReeSpectX: Log Parser for DFIR
2020-02-27/a>Xavier MertensOffensive Tools Are For Blue Teams Too
2020-01-21/a>Russ McReeDeepBlueCLI: Powershell Threat Hunting
2019-11-29/a>Russ McReeISC Snapshot: Search with SauronEye
2019-11-08/a>Xavier MertensMicrosoft Apps Diverted from Their Main Use
2019-10-06/a>Russ McReevisNetwork for Network Data
2019-08-21/a>Russ McReeKAPE: Kroll Artifact Parser and Extractor
2019-07-16/a>Russ McReeCommando VM: The Complete Mandiant Offensive VM
2019-04-05/a>Russ McReeBeagle: Graph transforms for DFIR data & logs
2019-02-05/a>Rob VandenBrinkMitigations against Mimikatz Style Attacks
2018-10-17/a>Russ McReeRedHunt Linux - Adversary Emulation, Threat Hunting & Intelligence
2018-06-16/a>Russ McReeAnomaly Detection & Threat Hunting with Anomalize
2012-04-23/a>Russ McReeEmergency Operations Centers & Security Incident Management: A Correlation
2011-03-25/a>Kevin ListonAPT Tabletop Exercise
2010-01-22/a>Mari NicholsPass-down for a Successful Incident Response
2010-01-14/a>Bojan ZdrnjaDRG (Dragon Research Group) Distro available for general release
2009-03-22/a>Mari NicholsDealing with Security Challenges