Date Author Title
2025-03-27Johannes UllrichSitecore "thumbnailsaccesstoken" Deserialization Scans (and some new reports) CVE-2025-27218
2025-03-26Jesse La Grew[Guest Diary] Leveraging CNNs and Entropy-Based Feature Selection to Identify Potential Malware Artifacts of Interest
2025-03-18Xavier MertensPython Bot Delivered Through DLL Side-Loading
2025-03-12Johannes UllrichScans for VMWare Hybrid Cloud Extension (HCX) API (Log4j - not brute forcing)
2025-03-12Guy BruneauFile Hashes Analysis with Power BI from Data Stored in DShield SIEM
2025-03-10Xavier MertensShellcode Encoded in UUIDs
2025-03-06Guy BruneauDShield Traffic Analysis using ELK
2025-02-27Xavier MertensNjrat Campaign Using Microsoft Dev Tunnels
2025-02-26Jesse La Grew[Guest Diary] Malware Source Servers: The Threat of Attackers Using Ephemeral Ports as Service Ports to Upload Data
2025-02-20Guy BruneauUsing ES|QL in Kibana to Queries DShield Honeypot Logs
2025-02-19Xavier MertensXWorm Cocktail: A Mix of PE data with PowerShell Code
2025-02-14Xavier MertensFake BSOD Delivered by Malicious Python Script
2025-02-13Guy BruneauDShield SIEM Docker Updates
2025-02-12Yee Ching TokAn ontology for threats, cybercrime and digital forensic investigation on Smart City Infrastructure
2025-02-06Xavier MertensThe Unbreakable Multi-Layer Anti-Debugging System
2025-02-06Johannes UllrichMy Very Personal Guidance and Strategies to Protect Network Edge Devices
2025-01-30Guy BruneauPCAPs or It Didn't Happen: Exposing an Old Netgear Vulnerability Still Active in 2025 [Guest Diary]
2025-01-29Xavier MertensFrom PowerShell to a Python Obfuscation Race!
2025-01-28Xavier MertensFileless Python InfoStealer Targeting Exodus
2025-01-23Johannes UllrichXSS Attempts via E-Mail
2025-01-17Guy BruneauLeveraging Honeypot Data for Offensive Security Operations [Guest Diary]
2025-01-16Jesse La GrewExtracting Practical Observations from Impractical Datasets
2025-01-13Johannes UllrichHikvision Password Reset Brute Forcing
2025-01-09Guy BruneauExamining Redtail Analyzing a Sophisticated Cryptomining Malware and its Advanced Tactics [Guest Diary]
2025-01-06Xavier MertensMake Malware Happy
2025-01-03Xavier MertensSwaetRAT Delivery Through Python
2025-01-02Xavier MertensGoodware Hash Sets
2024-12-27Guy BruneauPhishing for Banking Information
2024-12-24Xavier MertensMore SSH Fun!
2024-12-23Xavier MertensModiloader From Obfuscated Batch File
2024-12-20Xavier MertensChristmas "Gift" Delivered Through SSH
2024-12-18Jesse La Grew[Guest Diary] A Deep Dive into TeamTNT and Spinning YARN
2024-12-17Xavier MertensPython Delivering AnyDesk Client as RAT
2024-12-17Guy BruneauCommand Injection Exploit For PHPUnit before 4.8.28 and 5.x before 5.6.3 [Guest Diary]
2024-12-11Guy BruneauVulnerability Symbiosis: vSphere?s CVE-2024-38812 and CVE-2024-38813 [Guest Diary]
2024-11-30Xavier MertensFrom a Regular Infostealer to its Obfuscated Version
2024-11-22Xavier MertensAn Infostealer Searching for « BIP-0039 » Data
2024-11-19Xavier MertensDetecting the Presence of a Debugger in Linux
2024-11-07Xavier MertensSteam Account Checker Poisoned with Infostealer
2024-11-06Jesse La Grew[Guest Diary] Insights from August Web Traffic Surge
2024-11-05Xavier MertensPython RAT with a Nice Screensharing Feature
2024-10-15Johannes UllrichA Network Nerd's Take on Emergency Preparedness
2024-10-09Xavier MertensFrom Perfctl to InfoStealer
2024-10-03Guy BruneauKickstart Your DShield Honeypot [Guest Diary]
2024-09-25Guy BruneauOSINT - Image Analysis or More Where, When, and Metadata [Guest Diary]
2024-09-18Xavier MertensPython Infostealer Patching Windows Exodus App
2024-09-17Xavier Mertens23:59, Time to Exfiltrate!
2024-09-16Xavier MertensManaging PE Files With Overlays
2024-09-11Guy BruneauHygiene, Hygiene, Hygiene! [Guest Diary]
2024-09-04Guy Bruneau Attack Surface [Guest Diary]
2024-08-30Jesse La GrewSimulating Traffic With Scapy
2024-08-27Xavier MertensWhy Is Python so Popular to Infect Windows Hosts?
2024-08-27Guy BruneauVega-Lite with Kibana to Parse and Display IP Activity over Time
2024-08-26Xavier MertensFrom Highly Obfuscated Batch File to XWorm and Redline
2024-08-22Johannes UllrichOpenAI Scans for Honeypots. Artificially Malicious? Action Abuse?
2024-08-20Guy BruneauMapping Threats with DNSTwist and the Internet Storm Center [Guest Diary]
2024-08-19Xavier MertensDo you Like Donuts? Here is a Donut Shellcode Delivered Through PowerShell/Python
2024-08-14Xavier MertensMultiple Malware Dropped Through MSI Package
2024-08-07Guy BruneauSame Scripts, Different Day: What My DShield Honeypot Taught Me About the Importance of Security Fundamentals [Guest Diary]
2024-07-26Xavier MertensExelaStealer Delivered "From Russia With Love"
2024-07-25Xavier MertensXWorm Hidden With Process Hollowing
2024-07-24Xavier Mertens"Mouse Logger" Malicious Python Script
2024-07-16Jan Kopriva"Reply-chain phishing" with a twist
2024-07-16Guy BruneauWho You Gonna Call? AndroxGh0st Busters! [Guest Diary]
2024-07-01Johannes UllrichSSH "regreSSHion" Remote Code Execution Vulnerability in OpenSSH.
2024-06-26Guy BruneauWhat Setting Live Traps for Cybercriminals Taught Me About Security [Guest Diary]
2024-06-17Xavier MertensNew NetSupport Campaign Delivered Through MSIX Packages
2024-06-13Guy BruneauThe Art of JQ and Command-line Fu [Guest Diary]
2024-06-06Xavier MertensMalicious Python Script with a "Best Before" Date
2024-06-03Didier StevensA Wireshark Lua Dissector for Fixed Field Length Protocols
2024-05-30Xavier MertensFeeding MISP with OSSEC
2024-05-28Guy BruneauIs that It? Finding the Unknown: Correlations Between Honeypot Logs & PCAPs [Guest Diary]
2024-05-22Guy BruneauAnalysis of ?redtail? File Uploads to ICS Honeypot, a Multi-Architecture Coin Miner [Guest Diary]
2024-05-15Rob VandenBrinkGot MFA? If not, Now is the Time!
2024-05-08Xavier MertensAnalyzing Synology Disks on Linux
2024-04-29Guy BruneauLinux Trojan - Xorddos with Filename eyshcjdmzg
2024-04-25Jesse La GrewDoes it matter if iptables isn't running on my honeypot?
2024-04-11Yee Ching TokEvolution of Artificial Intelligence Systems and Ensuring Trustworthiness
2024-04-07Guy BruneauA Use Case for Adding Threat Hunting to Your Security Operations Team. Detecting Adversaries Abusing Legitimate Tools in A Customer Environment. [Guest Diary]
2024-03-31Didier StevensWireshark 4.2.4 Released
2024-03-29Xavier MertensQuick Forensics Analysis of Apache logs
2024-03-28Xavier MertensFrom JavaScript to AsyncRAT
2024-03-17Guy BruneauGamified Learning: Using Capture the Flag Challenges to Supplement Cybersecurity Training [Guest Diary]
2024-03-14Jan KoprivaIncrease in the number of phishing messages pointing to IPFS and to R2 buckets
2024-03-13Xavier MertensUsing ChatGPT to Deobfuscate Malicious Scripts
2024-03-10Guy BruneauWhat happens when you accidentally leak your AWS API keys? [Guest Diary]
2024-03-07Jesse La Grew[Guest Diary] AWS Deployment Risks - Configuration and Credential File Targeting
2024-03-03Guy BruneauCapturing DShield Packets with a LAN Tap [Guest Diary]
2024-02-29Jesse La Grew[Guest Diary] Dissecting DarkGate: Modular Malware Delivery and Persistence as a Service.
2024-02-20Xavier MertensPython InfoStealer With Dynamic Sandbox Detection
2024-02-08Xavier MertensA Python MP3 Player with Builtin Keylogger Capability
2024-02-06Jan KoprivaComputer viruses are celebrating their 40th birthday (well, 54th, really)
2024-02-05Jesse La GrewPublic Information and Email Spam
2024-01-26Xavier MertensA Batch File With Multiple Payloads
2024-01-25Xavier MertensFacebook AdsManager Targeted by a Python Infostealer
2024-01-24Johannes UllrichHow Bad User Interfaces Make Security Tools Harmful
2024-01-19Xavier MertensmacOS Python Script Replacing Wallet Applications with Rogue Apps
2024-01-07Guy BruneauSuspicious Prometei Botnet Activity
2024-01-04Jim ClausingWireshark updates
2024-01-03Jan KoprivaInteresting large and small malspam attachments from 2023
2023-12-22Xavier MertensShall We Play a Game?
2023-12-20Guy BruneauHow to Protect your Webserver from Directory Enumeration Attack ? Apache2 [Guest Diary]
2023-12-13Guy BruneauT-shooting Terraform for DShield Honeypot in Azure [Guest Diary]
2023-11-25Didier StevensWireshark 4.2.0 Released
2023-11-18Xavier MertensQuasar RAT Delivered Through Updated SharpLoader
2023-11-15Xavier MertensRedline Dropped Through MSIX Package
2023-11-09Xavier MertensVisual Examples of Code Injection
2023-11-01Xavier MertensMalware Dropped Through a ZPAQ Archive
2023-10-31Xavier MertensMultiple Layers of Anti-Sandboxing Techniques
2023-10-29Guy BruneauSpam or Phishing? Looking for Credentials & Passwords
2023-10-28Xavier MertensSize Matters for Many Security Controls
2023-10-20Yee Ching TokVMware Releases Security Patches for Fusion, Workstation and Aria Operations for Logs
2023-10-18Jesse La GrewHiding in Hex
2023-10-08Didier StevensWireshark 4.2.0 First Release Candidate
2023-10-07Jim ClausingWireshark releases 2 updates in one day. Mac users especially will want the latest.
2023-10-03Tom WebbAre Local LLMs Useful in Incident Response?
2023-09-30Xavier MertensSimple Netcat Backdoor in Python Script
2023-09-29Xavier MertensAre You Still Storing Passwords In Plain Text Files?
2023-09-07Johannes UllrichFleezeware/Scareware Advertised via Facebook Tags; Available in Apple App Store
2023-09-05Jesse La GrewCommon usernames submitted to honeypots
2023-09-02Jesse La GrewWhat is the origin of passwords submitted to honeypots?
2023-08-25Xavier MertensPython Malware Using Postgresql for C2 Communications
2023-08-23Xavier MertensMore Exotic Excel Files Dropping AgentTesla
2023-08-22Xavier MertensHave You Ever Heard of the Fernet Encryption Algorithm?
2023-08-21Xavier MertensQuick Malware Triage With Inotify Tools
2023-08-20Guy BruneauSystemBC Malware Activity
2023-08-18Xavier MertensFrom a Zalando Phishing to a RAT
2023-08-11Xavier MertensShow me All Your Windows!
2023-08-04Xavier MertensAre Leaked Credentials Dumps Used by Attackers?
2023-08-03Jan KoprivaFrom small LNK to large malicious BAT file with zero VT score
2023-07-29Xavier MertensDo Attackers Pay More Attention to IPv6?
2023-07-28Xavier MertensShellCode Hidden with Steganography
2023-07-26Xavier MertensSuspicious IP Addresses Avoided by Malware Samples
2023-06-29Brad DuncanGuLoader- or DBatLoader/ModiLoader-style infection for Remcos RAT
2023-06-27Xavier MertensThe Importance of Malware Triage
2023-06-23Xavier MertensWord Document with an Online Attached Template
2023-06-21Yee Ching TokAnalyzing a YouTube Sponsorship Phishing Mail and Malware Targeting Content Creators
2023-06-20Xavier MertensMalicious Code Can Be Anywhere
2023-06-19Xavier MertensMalware Delivered Through .inf File
2023-06-16Xavier MertensAnother RAT Delivered Through VBS
2023-05-30Brad DuncanMalspam pushes ModiLoader (DBatLoader) infection for Remcos RAT
2023-05-20Xavier MertensPhishing Kit Collecting Victim's IP Address
2023-05-17Xavier MertensIncrease in Malicious RAR SFX files
2023-05-14Guy BruneauVMware Aria Operations addresses multiple Local Privilege Escalations and a Deserialization issue
2023-05-07Didier StevensQuickly Finding Encoded Payloads in Office Documents
2023-04-29Didier StevensWireshark 4.0.5 Released
2023-04-27Johannes UllrichSANS.edu Research Journal: Volume 3
2023-04-07Xavier MertensDetecting Suspicious API Usage with YARA Rules
2023-04-04Johannes UllrichAnalyzing the efile.com Malware "efail"
2023-03-31Guy BruneauUsing Linux grep and Windows findstr to Manipulate Files
2023-03-30Xavier MertensBypassing PowerShell Strong Obfuscation
2023-03-26Didier StevensExtra: "String Obfuscation: Character Pair Reversal"
2023-03-18Xavier MertensOld Backdoor, New Obfuscation
2023-03-09Rob VandenBrinkToday I Learned .. a new thing about GREP
2023-03-01Xavier MertensPython Infostealer Targeting Gamers
2023-02-21Xavier MertensPhishing Page Branded with Your Corporate Website
2023-02-15Rob VandenBrinkDNS Recon Redux - Zone Transfers (plus a time machine) for When You Can't do a Zone Transfer
2023-02-09Xavier MertensA Backdoor with Smart Screenshot Capability
2023-02-06Johannes UllrichAPIs Used by Bots to Detect Public IP address
2023-02-04Guy BruneauAssemblyline as a Malware Analysis Sandbox
2023-02-03Jim ClausingVMware workstation 17.0.1 fixes arbitrary file deletion issue - https://www.vmware.com/security/advisories/VMSA-2023-0003.html
2023-01-26Tom WebbLive Linux IR with UAC
2023-01-25Xavier MertensA First Malicious OneNote Document
2023-01-22Didier StevensWireshark 4.0.3 Released
2023-01-16Johannes UllrichPSA: Why you must run an ad blocker when using Google
2023-01-15Johannes UllrichElon Musk Themed Crypto Scams Flooding YouTube Today
2023-01-12Russ McReeProwler v3: AWS & Azure security assessments
2023-01-06Xavier MertensAutoIT Remains Popular in the Malware Landscape
2023-01-05Brad DuncanMore Brazil malspam pushing Astaroth (Guildma) in January 2023
2023-01-02Xavier MertensNetworkMiner 2.8 Released
2022-12-21Guy BruneauDShield Sensor Setup in Azure
2022-12-18Guy BruneauInfostealer Malware with Double Extension
2022-12-07Jim ClausingWireshark 4.0.2 and 3.6.10 released
2022-11-28Johannes UllrichUkraine Themed Twitter Spam Pushing iOS Scareware
2022-11-24Xavier MertensAttackers Keep Phishing Victims Under Stress
2022-11-19Guy BruneauMcAfee Fake Antivirus Phishing Campaign is Back!
2022-11-10Xavier MertensDo you collect "Observables" or "IOCs"?
2022-11-09Xavier MertensAnother Script-Based Ransomware
2022-11-05Guy BruneauWindows Malware with VHD Extension
2022-11-04Xavier MertensRemcos Downloader with Unicode Obfuscation
2022-11-02Brad DuncanWho put the "Dark" in DarkVNC?
2022-11-02Rob VandenBrinkBreakpoints in Burp
2022-10-24Xavier MertensC2 Communications Through outlook.com
2022-10-21Brad Duncansczriptzzbn inject pushes malware for NetSupport RAT
2022-10-18Xavier MertensPython Obfuscation for Dummies
2022-10-17Xavier MertensFileless Powershell Dropper
2022-10-15Guy BruneauMalware - Covid Vaccination Supplier Declaration
2022-10-10Didier StevensWireshark: Specifying a Protocol Stack Layer in Display Filters
2022-10-08Didier StevensWireshark 4.0.0 Released
2022-10-07Xavier MertensPowershell Backdoor with DGA Capability
2022-10-07Xavier MertensCritical Fortinet Vulnerability Ahead
2022-10-04Johannes UllrichCredential Harvesting with Telegram API
2022-09-25Didier StevensDownloading Samples From Takendown Domains
2022-09-24Didier StevensMaldoc Analysis Info On MalwareBazaar
2022-09-23Xavier MertensKids Like Cookies, Malware Too!
2022-09-22Xavier MertensRAT Delivered Through FODHelper
2022-09-21Xavier MertensPhishing Campaigns Use Free Online Resources
2022-09-18Didier StevensVideo: Grep & Tail -f With Notepad++
2022-09-15Xavier MertensMalicious Word Document with a Frameset
2022-09-14Xavier MertensEasy Process Injection within Python
2022-09-11Didier StevensWireshark 3.6.8 and 4.0.0rc1 Released
2022-09-10Guy BruneauPhishing Word Documents with Suspicious URL
2022-09-05Didier StevensQuickie: Grep & Tail -f With Notepad++
2022-09-03Didier StevensVideo: James Webb JPEG With Malware
2022-09-02Didier StevensJames Webb JPEG With Malware
2022-08-31Johannes UllrichUnderscores and DNS: The Privacy Story
2022-08-30Johannes UllrichTwo things that will never die: bash scripts and IRC!
2022-08-26Guy BruneauHTTP/2 Packet Analysis with Wireshark
2022-08-22Xavier Mertens32 or 64 bits Malware?
2022-08-14Johannes UllrichRealtek SDK SIP ALG Vulnerability: A Big Deal, but not much you can do about it. CVE 2022-27255
2022-08-10Johannes UllrichAnd Here They Come Again: DNS Reflection Attacks
2022-08-03Johannes Ullrichl9explore and LeakIX Internet wide recon scans.
2022-07-30Didier StevensWireshark 3.6.7 Released
2022-07-29Johannes UllrichPDF Analysis Intro and OpenActions Entries
2022-07-26Xavier MertensHow is Your macOS Security Posture?
2022-07-25Xavier MertensPowerShell Script with Fileless Capability
2022-07-22Yee Ching TokAn Analysis of a Discerning Phishing Website
2022-07-20Xavier MertensMalicious Python Script Behaving Like a Rubber Ducky
2022-07-13Xavier MertensUsing Referers to Detect Phishing Attacks
2022-07-08Johannes UllrichISC Website Redesign
2022-06-25Xavier MertensMalicious Code Passed to PowerShell via the Clipboard
2022-06-23Xavier MertensFLOSS 2.0 Has Been Released
2022-06-22Xavier MertensMalicious PowerShell Targeting Cryptocurrency Browser Extensions
2022-06-19Didier StevensWireshark 3.6.6 Released
2022-06-16Xavier MertensHoudini is Back Delivered Through a JavaScript Dropper
2022-06-15Johannes UllrichTerraforming Honeypots. Installing DShield Sensors in the Cloud
2022-06-04Guy BruneauSpam Email Contains a Very Large ISO file
2022-06-03Xavier MertensSandbox Evasion... With Just a Filename!
2022-06-02Johannes UllrichQuick Answers in Incident Response: RECmd.exe
2022-05-31Xavier MertensFirst Exploitation of Follina Seen in the Wild
2022-05-29Didier StevensExtracting The Overlay Of A PE File
2022-05-28Didier StevensHuge Signed PE File: Keeping The Signature
2022-05-26Didier StevensHuge Signed PE File
2022-05-25Rob VandenBrinkUsing NMAP to Assess Hosts in Load Balanced Clusters
2022-05-20Xavier MertensA 'Zip Bomb' to Bypass Security Controls & Sandboxes
2022-05-19Brad DuncanBumblebee Malware from TransferXL URLs
2022-05-15Didier StevensWireshark 3.6.5 Released
2022-05-11Brad DuncanTA578 using thread-hijacked emails to push ISO files for Bumblebee malware
2022-05-07Guy BruneauPhishing PDF Received in my ISC Mailbox
2022-05-06Jan KoprivaWhat is the simplest malware in the world?
2022-05-05Brad DuncanPassword-protected Excel spreadsheet pushes Remcos RAT
2022-05-03Johannes UllrichSome Honeypot Updates
2022-04-29Rob VandenBrinkUsing Passive DNS sources for Reconnaissance and Enumeration
2022-04-27Jan KoprivaMITRE ATT&CK v11 - a small update that can help (not just) with detection engineering
2022-04-23Guy BruneauAre Roku Streaming Devices Safe from Exploitation?
2022-04-21Xavier MertensMulti-Cryptocurrency Clipboard Swapper
2022-04-06Brad DuncanWindows MetaStealer Malware
2022-04-04Johannes UllrichEmptying the Phishtank: Are WordPress sites the Mosquitoes of the Internet?
2022-03-27Didier StevensWireshark 3.6.3 Released
2022-03-26Guy BruneauIs buying Cyber Insurance a Must Now?
2022-03-25Xavier MertensXLSB Files: Because Binary is Stealthier Than XML
2022-03-24Xavier MertensMalware Delivered Through Free Sharing Tool
2022-03-23Brad DuncanArkei Variants: From Vidar to Mars Stealer
2022-03-22Johannes UllrichStatement by President Biden: What you need to do (or not do)
2022-03-15Xavier MertensClean Binaries with Suspicious Behaviour
2022-03-12Didier StevensICMP Messages: Original Datagram Field
2022-03-11Xavier MertensKeep an Eye on WebSockets
2022-03-10Xavier MertensCredentials Leaks on VirusTotal
2022-03-09Xavier MertensInfostealer in a Batch File
2022-03-07Johannes UllrichNo Bitcoin - No Problem: Follow Up to Last Weeks Donation Scam
2022-03-06Didier StevensVideo: TShark & Multiple IP Addresses
2022-03-04Johannes UllrichScam E-Mail Impersonating Red Cross
2022-02-22Xavier MertensA Good Old Equation Editor Vulnerability Delivering Malware
2022-02-19Didier StevensWireshark 3.6.2 Released
2022-02-18Xavier MertensRemcos RAT Delivered Through Double Compressed Archive
2022-02-13Guy BruneauDHL Spear Phishing to Capture Username/Password
2022-02-11Xavier MertensCinaRAT Delivered Through HTML ID Attributes
2022-02-02Johannes UllrichFinding elFinder: Who is looking for your files?
2022-01-29Guy BruneauSIEM In this Decade, Are They Better than the Last?
2022-01-20Xavier MertensRedLine Stealer Delivered Through FTP
2022-01-16Guy Bruneau10 Most Popular Targeted Ports in the Past 3 Weeks
2022-01-08Didier StevensTShark & jq
2022-01-07Xavier MertensCustom Python RAT Builder
2022-01-06Xavier MertensMalicious Python Script Targeting Chinese People
2022-01-05Xavier MertensCode Reuse In the Malware Landscape
2022-01-01Didier StevensExpect Regressions
2021-12-26Didier StevensQuicktip: TShark's Options -e and -T
2021-12-25Didier StevensTShark Tip: Extracting Field Values From Capture Files
2021-12-22Brad DuncanDecember 2021 Forensic Contest: Answers and Analysis
2021-12-21Xavier MertensMore Undetected PowerShell Dropper
2021-12-17Rob VandenBrinkDR Automation - Using Public DNS APIs
2021-12-15Xavier MertensSimple but Undetected PowerShell Backdoor
2021-12-08Brad DuncanDecember 2021 Forensic Challenge
2021-12-06Xavier MertensThe Importance of Out-of-Band Networks
2021-12-04Guy BruneauA Review of Year 2021
2021-12-03Xavier MertensThe UPX Packer Will Never Die!
2021-12-02Brad DuncanTA551 (Shathak) pushes IcedID (Bokbot)
2021-11-30Johannes UllrichHunting for PHPUnit Installed via Composer
2021-11-29Didier StevensWireshark 3.6.0 Released
2021-11-19Xavier MertensDownloader Disguised as Excel Add-In (XLL)
2021-11-18Xavier MertensJavaScript Downloader Delivers Agent Tesla Trojan
2021-11-08Xavier Mertens(Ab)Using Security Tools & Controls for the Bad
2021-11-04Brad DuncanOctober 2021 Forensic Contest: Answers and Analysis
2021-11-04Tom WebbXmount for Disk Images
2021-10-22Brad DuncanOctober 2021 Contest: Forensic Challenge
2021-10-21Brad Duncan"Stolen Images Evidence" campaign pushes Sliver-based malware
2021-10-16Guy BruneauApache is Actively Scan for CVE-2021-41773 & CVE-2021-42013
2021-10-10Didier StevensWireshark 3.4.9 Released
2021-10-01Xavier MertensNew Tool to Add to Your LOLBAS List: cvtres.exe
2021-09-23Xavier MertensExcel Recipe: Some VBA Code with a Touch of Excel4 Macro
2021-09-21Johannes UllrichA First Look at Apple's iOS 15 "Private Relay" feature.
2021-09-20Johannes Ullrich#OMIGOD Exploits Captured in the Wild. Researchers responsible for half of scans for related ports.
2021-09-16Jan KoprivaPhishing 101: why depend on one suspicious message subject when you can use many?
2021-09-09Johannes UllrichUpdates to Our Datafeeds/API
2021-09-01Brad DuncanSTRRAT: a Java-based RAT that doesn't care if you have Java
2021-08-30Xavier MertensCryptocurrency Clipboard Swapper Delivered With Love
2021-08-20Xavier MertensWaiting for the C2 to Show Up
2021-08-19Johannes UllrichWhen Lightning Strikes. What works and doesn't work.
2021-08-15Didier StevensSimple Tips For Triage Of MALWARE Bazaar's Daily Malware Batches
2021-08-13Guy BruneauScanning for Microsoft Exchange eDiscovery
2021-08-07Didier StevensMALWARE Bazaar "Download daily malware batches"
2021-08-06Xavier MertensMalicious Microsoft Word Remains A Key Infection Vector
2021-07-30Xavier MertensInfected With a .reg File
2021-07-29Xavier MertensMalicious Content Delivered Through archive.org
2021-07-25Didier StevensWireshark 3.4.7 Released
2021-07-24Xavier MertensAgent.Tesla Dropped via a .daa Image and Talking to Telegram
2021-07-16Xavier MertensMultiple BaseXX Obfuscations
2021-07-06Xavier MertensPython DLL Injection Check
2021-07-02Xavier Mertens"inception.py"... Multiple Base64 Encodings
2021-07-02Xavier MertensKaseya VSA Users Hit by Ransomware
2021-06-30Brad DuncanJune 2021 Forensic Contest: Answers and Analysis
2021-06-30Johannes UllrichCVE-2021-1675: Incomplete Patch and Leaked RCE Exploit
2021-06-25Jim ClausingIs this traffic bAD?
2021-06-21Rick WannerMitre CWE - Common Weakness Enumeration
2021-06-18Daniel WesemannNetwork Forensics on Azure VMs (Part #2)
2021-06-18Daniel WesemannOpen redirects ... and why Phishers love them
2021-06-17Daniel Wesemann Network Forensics on Azure VMs (Part #1)
2021-06-11Xavier MertensKeeping an Eye on Dangerous Python Modules
2021-06-09Jan KoprivaArchitecture, compilers and black magic, or "what else affects the ability of AVs to detect malicious files"
2021-06-04Xavier MertensRussian Dolls VBS Obfuscation
2021-06-02Jim ClausingWireshark 3.4.6 (and 3.2.14) released
2021-05-30Didier StevensSysinternals: Procmon, Sysmon, TcpView and Process Explorer update
2021-05-29Guy BruneauSpear-phishing Email Targeting Outlook Mail Clients
2021-05-28Xavier MertensMalicious PowerShell Hosted on script.google.com
2021-05-27Jan KoprivaAll your Base are...nearly equal when it comes to AV evasion, but 64-bit executables are not
2021-05-21Xavier MertensLocking Kernel32.dll As Anti-Debugging Technique
2021-05-19Brad DuncanMay 2021 Forensic Contest: Answers and Analysis
2021-05-18Xavier MertensFrom RunDLL32 to JavaScript then PowerShell
2021-05-17Daniel WesemannRansomware Defenses
2021-05-14Xavier Mertens"Open" Access to Industrial Systems Interface is Also Far From Zero
2021-05-10Johannes UllrichCorrectly Validating IP Addresses: Why encoding matters for input validation.
2021-05-08Guy BruneauWho is Probing the Internet for Research Purposes?
2021-05-07Daniel WesemannExposed Azure Storage Containers
2021-05-06Xavier MertensAlternative Ways To Perform Basic Tasks
2021-05-05Brad DuncanMay 2021 Forensic Contest
2021-05-02Didier StevensPuTTY And FileZilla Use The Same Fingerprint Registry Keys
2021-04-30Remco VerhoefQiling: A true instrumentable binary emulation framework
2021-04-29Xavier MertensFrom Python to .Net
2021-04-28Xavier MertensDeeper Analyzis of my Last Malicious PowerPoint Add-On
2021-04-25Didier StevensWireshark 3.4.5 Released
2021-04-23Xavier MertensMalicious PowerPoint Add-On: "Small Is Beautiful"
2021-04-09Xavier MertensNo Python Interpreter? This Simple RAT Installs Its Own Copy
2021-04-08Xavier MertensSimple Powershell Ransomware Creating a 7Z Archive of your Files
2021-04-06Jan KoprivaMalspam with Lokibot vs. Outlook and RFCs
2021-04-02Xavier MertensC2 Activity: Sandboxes or Real Victims?
2021-04-01Brad DuncanApril 2021 Forensic Quiz
2021-03-31Xavier MertensQuick Analysis of a Modular InfoStealer
2021-03-19Xavier MertensPastebin.com Used As a Simple C2 Channel
2021-03-18Xavier MertensSimple Python Keylogger
2021-03-17Xavier MertensDefenders, Know Your Operating System Like Attackers Do!
2021-03-16Jan Kopriva50 years of malware? Not really. 50 years of computer worms? That's a different story...
2021-03-14Didier StevensWireshark 3.4.4 Released
2021-03-06Xavier MertensSpotting the Red Team on VirusTotal!
2021-03-04Xavier MertensFrom VBS, PowerShell, C Sharp, Process Hollowing to RAT
2021-02-25Daniel WesemannForensicating Azure VMs
2021-02-24Brad DuncanMalspam pushes GuLoader for Remcos RAT
2021-02-20Didier StevensQuickie: Extracting HTTP URLs With tshark
2021-02-19Xavier MertensDynamic Data Exchange (DDE) is Back in the Wild?
2021-02-15Johannes UllrichSecuring and Optimizing Networks: Using pfSense Traffic Shaper Limiters to Combat Bufferbloat
2021-02-14Didier StevensVideo: tshark & Malware Analysis
2021-02-13Guy BruneauvSphere Replication updates address a command injection vulnerability (CVE-2021-21976) - https://www.vmware.com/security/advisories/VMSA-2021-0001.html
2021-02-13Guy BruneauUsing Logstash to Parse IPtables Firewall Logs
2021-02-12Xavier MertensAgentTesla Dropped Through Automatic Click in Microsoft Help File
2021-02-11Jan KoprivaAgent Tesla hidden in a historical anti-malware tool
2021-02-08Didier StevensQuickie: tshark & Malware Analysis
2021-02-03Brad DuncanExcel spreadsheets push SystemBC malware
2021-02-02Xavier MertensNew Example of XSL Script Processing aka "Mitre T1220"
2021-02-01Rob VandenBrinkTaking a Shot at Reverse Shell Attacks, CNC Phone Home and Data Exfil from Servers
2021-01-30Guy BruneauWireshark 3.2.11 is now available which contains Bug Fixes - https://www.wireshark.org
2021-01-22Xavier MertensAnother File Extension to Block in your MTA: .jnlp
2021-01-21Xavier MertensPowershell Dropping a REvil Ransomware
2021-01-04Jan KoprivaFrom a small BAT file to Mass Logger infostealer
2021-01-02Guy BruneauProtecting Home Office and Enterprise in 2021
2020-12-29Jan KoprivaWant to know what's in a folder you don't have a permission to access? Try asking your AV solution...
2020-12-24Xavier MertensMalicious Word Document Delivering an Octopus Backdoor
2020-12-22Xavier MertensMalware Victim Selection Through WiFi Identification
2020-12-20Didier StevensWireshark 3.4.2 Released
2020-12-16Daniel WesemannDNS Logs in Public Clouds
2020-12-15Didier StevensAnalyzing FireEye Maldocs
2020-12-13Didier StevensWireshark 3.4.1 Released
2020-12-08Johannes UllrichDecember 2020 Microsoft Patch Tuesday: Exchange, Sharepoint, Dynamics and DNS Spoofing
2020-12-05Guy BruneauIs IP 91.199.118.137 testing Access to aahwwx.52host.xyz?
2020-12-04Guy BruneauDetecting Actors Activity with Threat Intel
2020-12-03Brad DuncanTraffic Analysis Quiz: Mr Natural
2020-11-25Xavier MertensLive Patching Windows API Calls Using PowerShell
2020-11-24Johannes UllrichThe special case of TCP RST
2020-11-23Didier StevensQuick Tip: Cobalt Strike Beacon Analysis
2020-11-18Xavier MertensWhen Security Controls Lead to Security Issues
2020-11-12Daniel WesemannExposed Blob Storage in Azure
2020-11-12Daniel WesemannPreventing Exposed Azure Blob Storage
2020-11-09Xavier MertensHow Attackers Brush Up Their Malicious Scripts
2020-11-06Johannes UllrichRediscovering Limitations of Stateful Firewalls: "NAT Slipstreaming" ? Implications, Detections and Mitigations
2020-11-05Xavier MertensDid You Spot "Invoke-Expression"?
2020-10-25Didier StevensVideo: Pascal Strings
2020-10-21Daniel WesemannShipping dangerous goods
2020-10-07Johannes UllrichToday, Nobody is Going to Attack You.
2020-10-01Daniel WesemannMaking sense of Azure AD (AAD) activity logs
2020-09-30Johannes UllrichScans for FPURL.xml: Reconnaissance or Not?
2020-09-29Xavier MertensManaging Remote Access for Partners & Contractors
2020-09-27Didier StevensWireshark 3.2.7 Released
2020-09-24Xavier MertensParty in Ibiza with PowerShell
2020-09-23Xavier MertensMalicious Word Document with Dynamic Content
2020-09-18Xavier MertensA Mix of Python & VBA in a Malicious Word Document
2020-09-17Xavier MertensSuspicious Endpoint Containment with OSSEC
2020-09-15Brad DuncanTraffic Analysis Quiz: Oh No... Another Infection!
2020-09-09Johannes UllrichA First Look at macOS 11 Big Sur Network Traffic (New! Now with more GREASE!)
2020-09-04Jan KoprivaA blast from the past - XXEncoded VB6.0 Trojan
2020-09-03Xavier MertensSandbox Evasion Using NTP
2020-08-28Xavier MertensExample of Malicious DLL Injected in PowerShell
2020-08-26Xavier MertensMalicious Excel Sheet with a NULL VT Score
2020-08-24Xavier MertensTracking A Malware Campaign Through VT
2020-08-22Guy BruneauVMware App Volumes patches address Stored Cross-Site Scripting (XSS) vulnerability - https://www.vmware.com/security/advisories/VMSA-2020-0019.html
2020-08-22Guy BruneauRemote Desktop (TCP/3389) and Telnet (TCP/23), What might they have in Common?
2020-08-19Xavier MertensExample of Word Document Delivering Qakbot
2020-08-18Xavier MertensUsing API's to Track Attackers
2020-08-15Didier StevensWireshark 3.2.6 Released
2020-08-14Jan KoprivaDefinition of 'overkill' - using 130 MB executable to hide 24 kB malware
2020-08-12Russ McReeTo the Brim at the Gates of Mordor Pt. 1
2020-08-06Xavier MertensA Fork of the FTCode Powershell Ransomware
2020-08-05Brad DuncanTraffic Analysis Quiz: What's the Malware From This Infection?
2020-08-04Johannes UllrichReminder: Patch Cisco ASA / FTD Devices (CVE-2020-3452). Exploitation Continues
2020-08-04Johannes UllrichInternet Choke Points: Concentration of Authoritative Name Servers
2020-07-31Richard PorterBuilding a .freq file with Public Domain Data Sources
2020-07-24Xavier MertensCompromized Desktop Applications by Web Technologies
2020-07-16John BambenekHunting for SigRed Exploitation
2020-07-15Brad DuncanWord docs with macros for IcedID (Bokbot)
2020-07-15Johannes UllrichPATCH NOW - SIGRed - CVE-2020-1350 - Microsoft DNS Server Vulnerability
2020-07-11Guy BruneauVMware XPC Client validation privilege escalation vulnerability - https://www.vmware.com/security/advisories/VMSA-2020-0017.html
2020-07-10Brad DuncanExcel spreasheet macro kicks off Formbook infection
2020-07-08Xavier MertensIf You Want Something Done Right, You Have To Do It Yourself... Malware Too!
2020-07-04Russ McReeHappy FouRth of July from the Internet Storm Center
2020-06-19Remco VerhoefSigma rules! The generic signature format for SIEM systems.
2020-06-15Rick WannerVMWare Security Advisory - VMSA-2020-0013 - https://www.vmware.com/security/advisories/VMSA-2020-0013.html
2020-06-13Guy BruneauMirai Botnet Activity
2020-06-04Xavier MertensAnti-Debugging Technique based on Memory Protection
2020-06-01Jim ClausingStackstrings, type 2
2020-05-31Guy BruneauWindows 10 Built-in Packet Sniffer - PktMon
2020-05-29Johannes UllrichThe Impact of Researchers on Our Data
2020-05-24Didier StevensWireshark 3.2.4 Released
2020-05-23Xavier MertensAgentTesla Delivered via a Malicious PowerPoint Add-In
2020-05-21Xavier MertensMalware Triage with FLOSS: API Calls Based Behavior
2020-05-20Brad DuncanMicrosoft Word document with malicious macro pushes IcedID (Bokbot)
2020-05-19Rick WannerWireshark Release - 2.6.17, 3.0.11 and 3.2.4 - https://www.wireshark.org/news/20200519.html
2020-05-19Rick WannerVMWare Security Advisory - VMSA-2020-0010 - https://www.vmware.com/security/advisories/VMSA-2020-0010.html
2020-05-09Rick WannerVMWare vRealize Critical vulnerabilities due to SaltStack - VMSA-2020-0009
2020-05-06Xavier MertensKeeping an Eye on Malicious Files Life Time
2020-05-05Russ McReeCloud Security Features Don't Replace the Need for Personnel Security Capabilities
2020-04-27Xavier MertensPowershell Payload Stored in a PSCredential Object
2020-04-25Didier StevensMALWARE Bazaar
2020-04-24Xavier MertensMalicious Excel With a Strong Obfuscation and Sandbox Evasion
2020-04-20Didier StevensKPOT AutoIt Script: Analysis
2020-04-17Xavier MertensWeaponized RTF Document Generator & Mailer in PowerShell
2020-04-12Didier StevensReader Analysis: "Dynamic analysis technique to get decrypted KPOT Malware."
2020-04-11Didier StevensWireshark 3.2.3 Released: Mac Users Pay Attention Please
2020-04-10Scott FendleyCritical Vuln in vCenter vmdir (CVE-2020-3952)
2020-04-10Xavier MertensPowerShell Sample Extracting Payload From SSL
2020-04-03Xavier MertensObfuscated with a Simple 0x0A
2020-03-31Johannes UllrichKwampirs Targeted Attacks Involving Healthcare Sector
2020-03-27Xavier MertensMalicious JavaScript Dropping Payload in the Registry
2020-03-26Xavier MertensVery Large Sample as Evasion Technique?
2020-03-23Didier StevensKPOT Deployed via AutoIt Script
2020-03-22Didier StevensMore COVID-19 Themed Malware
2020-03-21Guy BruneauHoneypot - Scanning and Targeting Devices & Services
2020-03-19Xavier MertensCOVID-19 Themed Multistage Malware
2020-03-14Didier StevensPhishing PDF With Incremental Updates.
2020-03-11Xavier MertensAgent Tesla Delivered via Fake Canon EOS Notification on Free OwnCloud Account
2020-03-07Didier StevensWireshark 3.2.2 Released: Windows' Users Pay Attention Please
2020-03-06Xavier MertensA Safe Excel Sheet Not So Safe
2020-03-03Johannes UllrichIntroduction to EvtxEcmd (Evtx Explorer)
2020-02-27Xavier MertensOffensive Tools Are For Blue Teams Too
2020-02-25Jan KoprivaQuick look at a couple of current online scam campaigns
2020-02-21Xavier MertensQuick Analysis of an Encrypted Compound Document Format
2020-02-16Guy BruneauSOAR or not to SOAR?
2020-02-14Xavier MertensKeep an Eye on Command-Line Browsers
2020-02-07Xavier MertensSandbox Detection Tricks & Nice Obfuscation in a Single VBScript
2020-02-03Jan KoprivaAnalysis of a triple-encrypted AZORult downloader
2020-02-01Didier StevensWireshark 3.2.1 Released
2020-01-25Guy BruneauIs Threat Hunting the new Fad?
2020-01-16Jan KoprivaPicks of 2019 malware - the large, the small and the one full of null bytes
2020-01-10Xavier MertensMore Data Exfiltration
2020-01-09Xavier MertensQuick Analyzis of a(nother) Maldoc
2020-01-06Johannes UllrichIncrease in Number of Sources January 3rd and 4th: spoofed
2020-01-02Xavier MertensRansomware in Node.js
2019-12-31Johannes UllrichSome Thoughts About the Critical Citrix ADC/Gateway Vulnerability (CVE-2019-19781)
2019-12-24Brad DuncanMalspam with links to Word docs pushes IcedID (Bokbot)
2019-12-21Didier StevensWireshark 3.2.0 Released
2019-12-12Xavier MertensCode & Data Reuse in the Malware Ecosystem
2019-12-08Didier StevensWireshark 3.0.7 Released
2019-11-29Russ McReeISC Snapshot: Search with SauronEye
2019-11-23Guy BruneauLocal Malware Analysis with Malice
2019-11-22Xavier MertensAbusing Web Filters Misconfiguration for Reconnaissance
2019-11-09Guy BruneauFake Netflix Update Request by Text
2019-11-08Xavier MertensMicrosoft Apps Diverted from Their Main Use
2019-10-27Didier StevensWireshark 3.0.6 Released
2019-10-25Rob VandenBrinkMore on DNS Archeology (with PowerShell)
2019-10-18Xavier MertensQuick Malicious VBS Analysis
2019-10-03Xavier Mertens"Lost_Files" Ransomware
2019-09-26Rob VandenBrinkMining MAC Address and OUI Information
2019-09-24Xavier MertensHuge Amount of remotewebaccess.com Sites Found in Certificate Transparency Logs
2019-09-21Didier StevensWireshark 3.0.5 Release: Potential Windows Crash when Updating
2019-09-19Xavier MertensAgent Tesla Trojan Abusing Corporate Email Accounts
2019-08-30Xavier MertensMalware Dropping a Local Node.js Instance
2019-08-28Xavier MertensMalware Samples Compiling Their Next Stage on Premise
2019-08-28Johannes Ullrich[Guest Diary] Open Redirect: A Small But Very Common Vulnerability
2019-08-25Guy BruneauAre there any Advantages of Buying Cyber Security Insurance?
2019-08-22Xavier MertensSimple Mimikatz & RDPWrapper Dropper
2019-08-21Russ McReeKAPE: Kroll Artifact Parser and Extractor
2019-08-18Didier StevensVideo: Analyzing DAA Files
2019-08-16Didier StevensThe DAA File Format
2019-08-12Didier StevensMalicious .DAA Attachments
2019-07-28Didier StevensVideo: Analyzing Compressed PowerShell Scripts
2019-07-24Xavier MertensMay People Be Considered as IOC?
2019-07-18Xavier MertensMalicious PHP Script Back on Stage?
2019-07-16Russ McReeCommando VM: The Complete Mandiant Offensive VM
2019-07-11Xavier MertensRussian Dolls Malicious Script Delivering Ursnif
2019-07-02Xavier MertensMalicious Script With Multiple Payloads
2019-06-24Johannes UllrichExtensive BGP Issues Affecting Cloudflare and possibly others
2019-06-18Johannes UllrichWhat You Need To Know About TCP "SACK Panic"
2019-06-14Jim ClausingA few Ghidra tips for IDA users, part 4 - function call graphs
2019-06-10Xavier MertensInteresting JavaScript Obfuscation Example
2019-05-29Xavier MertensBehavioural Malware Analysis with Microsoft ASA
2019-05-20Tom WebbCVE-2019-0604 Attack
2019-05-16Xavier MertensThe Risk of Authenticated Vulnerability Scans
2019-05-13Xavier MertensFrom Phishing To Ransomware?
2019-05-03Jim ClausingA few Ghidra tips for IDA users, part 3 - conversion, labels, and comments
2019-05-01Xavier MertensAnother Day, Another Suspicious UDF File
2019-04-19Didier StevensAnalyzing UDF Files with Python
2019-04-17Jim ClausingA few Ghidra tips for IDA users, part 2 - strings and parameters
2019-04-17Xavier MertensMalware Sample Delivered Through UDF Image
2019-04-08Jim ClausingA few Ghidra tips for IDA users, part 1 - the decompiler/unreachable code
2019-04-05Russ McReeBeagle: Graph transforms for DFIR data & logs
2019-04-03Jim ClausingA few Ghidra tips for IDA users, part 0 - automatic comments for API call parameters
2019-04-01Didier StevensAnalysis of PDFs Created with OpenOffice/LibreOffice
2019-03-31Didier StevensMaldoc Analysis of the Weekend by a Reader
2019-03-30Didier Stevens"404" is not Malware
2019-03-29Remco VerhoefAnnotating Golang binaries with Cutter and Jupyter
2019-03-20Rob VandenBrinkUsing AD to find hosts that aren't in AD - fun with the [IPAddress] construct!
2019-03-18Didier StevensWireshark 3.0.0 and Npcap: Some Remarks
2019-03-17Didier StevensVideo: Maldoc Analysis: Excel 4.0 Macro
2019-03-16Didier StevensMaldoc: Excel 4.0 Macros
2019-03-15Remco VerhoefBinary Analysis with Jupyter and Radare2
2019-03-14Didier StevensTip: Ghidra & ZIP Files
2019-03-11Didier StevensWireshark 3.0.0 and Npcap
2019-03-10Didier StevensMalicious HTA Analysis by a Reader
2019-03-10Didier StevensQuick and Dirty Malicious HTA Analysis
2019-03-08Remco VerhoefAnalysing meterpreter payload with Ghidra
2019-03-06Johannes UllrichMarch Edition of Ouch! Newsletter: Securely Disposing Mobile Devices https://www.sans.org/security-awareness-training/resources/disposing-your-mobile-device
2019-03-05Rob VandenBrinkPowershell, Active Directory and the Windows Host Firewall
2019-02-27Didier StevensMaldoc Analysis by a Reader
2019-02-20Brad DuncanMore Russian language malspam pushing Shade (Troldesh) ransomware
2019-02-14Xavier MertensOld H-Worm Delivered Through GitHub
2019-02-14Xavier MertensSuspicious PDF Connecting to a Remote SMB Share
2019-01-30Russ McReeCR19-010: The United States vs. Huawei
2019-01-29Johannes UllrichA Not So Well Done Phish (Why Attackers need to Implement IPv6 Now! ;-) )
2019-01-28Bojan ZdrnjaRelaying Exchange?s NTLM authentication to domain admin (and more)
2019-01-22Xavier MertensDNS Firewalling with MISP
2019-01-16Brad DuncanEmotet infections and follow-up malware
2019-01-10Brad DuncanHeartbreaking Emails: "Love You" Malspam
2019-01-06Didier StevensMalicious .tar Attachments
2019-01-05Didier StevensA Malicious JPEG? Second Example
2019-01-04Didier StevensA Malicious JPEG?
2019-01-02Xavier MertensMalicious Script Leaking Data via FTP
2018-12-19Xavier MertensRestricting PowerShell Capabilities with NetSh
2018-12-19Xavier MertensMicrosoft OOB Patch for Internet Explorer: Scripting Engine Memory Corruption Vulnerability
2018-12-19Xavier MertensUsing OSSEC Active-Response as a DFIR Framework
2018-12-09Didier StevensQuickie: String Analysis is Still Useful
2018-12-08Didier StevensReader Malware Submission: MHT File Inside a ZIP File
2018-12-01Didier StevensWireshark update 2.6.5 available
2018-11-29Brad DuncanRussian language malspam pushing Shade (Troldesh) ransomware
2018-11-27Xavier MertensMore obfuscated shell scripts: Fake MacOS Flash update
2018-11-26Xavier MertensObfuscated bash script targeting QNap boxes
2018-11-22Xavier MertensDivided Payload in Multiple Pasties
2018-11-20Xavier MertensQuerying DShield from Cortex
2018-11-20Xavier MertensVMware Affected by Dell EMC Avamar Vulnerability
2018-11-14Brad DuncanDay in the life of a researcher: Finding a wave of Trickbot malspam
2018-11-11Pasquale StirparoCommunity contribution: joining forces or multiply solutions?
2018-11-06Xavier MertensMalicious Powershell Script Dissection
2018-10-23Xavier MertensDiving into Malicious AutoIT Code
2018-10-22Xavier MertensMalicious Powershell using a Decoy Picture
2018-10-21Didier StevensMSG Files: Compressed RTF
2018-10-21Pasquale StirparoBeyond good ol’ LaunchAgent - part 0
2018-10-17Russ McReeVMSA-2018-0026 VMware ESXi, Workstation & Fusion updates address out-of-bounds read vulnerability https://www.vmware.com/security/advisories/VMSA-2018-0026.html
2018-10-17Russ McReeRedHunt Linux - Adversary Emulation, Threat Hunting & Intelligence
2018-10-12Xavier MertensMore Equation Editor Exploit Waves
2018-10-05Jim ClausingA strange spam
2018-09-28Xavier MertensMore Excel DDE Code Injection
2018-09-22Didier StevensSuspicious DNS Requests ... Issued by a Firewall
2018-09-18Rob VandenBrinkUsing Certificate Transparency as an Attack / Defense Tool
2018-09-16Didier Stevens20/20 malware vision
2018-09-13Xavier MertensMalware Delivered Through MHT Files
2018-09-05Xavier MertensMalicious PowerShell Compiling C# Code on the Fly
2018-09-04Rob VandenBrinkLet's Trade: You Read My Email, I'll Read Your Password!
2018-08-31Jim ClausingQuickie: Using radare2 to disassemble shellcode
2018-08-30Xavier MertensCrypto Mining Is More Popular Than Ever!
2018-08-26Didier StevensIdentifying numeric obfuscation
2018-08-26Didier Stevens"When was this machine infected?"
2018-08-24Xavier MertensMicrosoft Publisher Files Delivering Malware
2018-08-21Xavier MertensMalicious DLL Loaded Through AutoIT
2018-08-15Brad DuncanMore malspam pushing password-protected Word docs for AZORult and Hermes Ransomware
2018-08-06Didier StevensNumeric obfuscation: another example
2018-08-04Didier StevensDealing with numeric obfuscation in malicious scripts
2018-08-02Brad DuncanDHL-themed malspam reveals embedded malware in animated gif
2018-07-29Guy BruneauUsing RITA for Threat Analysis
2018-07-27Brad DuncanMalspam with password-protected Word docs pushes Hermes ransomware
2018-07-26Xavier MertensWindows Batch File Deobfuscation
2018-07-09Renato MarinhoCriminals Don't Read Instructions or Use Strong Passwords
2018-07-03Didier StevensProgress indication for scripts on Windows
2018-06-29Remco VerhoefCrypto community target of MacOS malware
2018-06-25Didier StevensGuilty by association
2018-06-13Xavier MertensA Bunch of Compromized Wordpress Sites
2018-06-07Remco VerhoefAutomated twitter loot collection
2018-06-05Xavier MertensMalicious Post-Exploitation Batch File
2018-06-01Remco VerhoefBinary analysis with Radare2
2018-05-22Xavier MertensMalware Distributed via .slk Files
2018-05-22Xavier MertensVMware Workstation and Fusion updates address signature bypass and multiple denial-of-service vulnerabilities https://www.vmware.com/security/advisories/VMSA-2018-0013.html
2018-05-22Guy BruneauVMware updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue - https://www.vmware.com/security/advisories/VMSA-2018-0012.html
2018-05-19Xavier MertensMalicious Powershell Targeting UK Bank Customers
2018-05-09Xavier MertensNice Phishing Sample Delivering Trickbot
2018-05-07Xavier MertensAdding Persistence Via Scheduled Tasks
2018-05-01Xavier MertensDiving into a Simple Maldoc Generator
2018-04-28Rick WannerMicrosoft Security Update for Spectre V2
2018-03-08Xavier MertensCRIMEB4NK IRC Bot
2018-03-05Xavier MertensMalicious Bash Script with Multiple Features
2018-03-04Xavier MertensThe Crypto Miners Fight For CPU Cycles
2018-03-03Xavier MertensReminder: Beware of the "Cloud"
2018-02-25Didier StevensRetrieving malware over Tor on Windows
2018-02-02Xavier MertensSimple but Effective Malicious XLS Sheet
2018-01-30Kevin ListonUsing FLIR in Incident Response?
2018-01-29Didier StevensComment your Packet Captures - Extra!
2018-01-28Didier StevensIs this a pentest?
2018-01-26Xavier MertensInvestigating Microsoft BITS Activity
2018-01-25Xavier MertensRansomware as a Service
2018-01-22Didier StevensHTTPS on every port?
2018-01-18Xavier MertensComment your Packet Captures!
2018-01-12Bojan ZdrnjaThose pesky registry keys required by critical security patches
2018-01-11Xavier MertensMining or Nothing!
2018-01-10Russ McReeGitHub InfoSec Threepeat: HELK, ptf, and VulnWhisperer
2018-01-09Jim ClausingAre you watching for brute force attacks on IPv6?
2018-01-08Bojan ZdrnjaMeltdown and Spectre: clearing up the confusion
2018-01-03John BambenekPhishing to Rural America Leads to Six-figure Wire Fraud Losses
2017-12-27Guy BruneauWhat are your Security Challenges for 2018?
2017-12-20Richard PorterVMWare Security Advisory: VMSA-2017-0021: https://www.vmware.com/security/advisories/VMSA-2017-0021.html
2017-12-19Xavier MertensExample of 'MouseOver' Link in a Powerpoint File
2017-12-16Xavier MertensMicrosoft Office VBA Macro Obfuscation via Metadata
2017-12-13Xavier MertensTracking Newly Registered Domains
2017-12-05Tom WebbIR using the Hive Project.
2017-11-29Xavier MertensFileless Malicious PowerShell Sample
2017-11-25Guy BruneauBenefits associated with the use of Open Source Software
2017-11-25Guy BruneauExim Remote Code Exploit
2017-11-16Xavier MertensSuspicious Domains Tracking Dashboard
2017-11-15Xavier MertensIf you want something done right, do it yourself!
2017-11-13Guy BruneauVBE Embeded Script (info.zip)
2017-11-07Xavier MertensInteresting VBA Dropper
2017-11-03Xavier MertensSimple Analysis of an Obfuscated JAR File
2017-10-31Xavier MertensSome Powershell Malicious Code
2017-10-29Didier StevensRemember ACE files?
2017-10-24Xavier MertensBadRabbit: New ransomware wave hitting RU & UA
2017-10-15Didier StevensPeeking into .msg files
2017-10-12Xavier MertensVersion control tools aren't only for Developers
2017-10-02Xavier MertensInvestigating Security Incidents with Passive DNS
2017-09-28Xavier MertensThe easy way to analyze huge amounts of PCAP data
2017-09-24Jim ClausingForensic use of mount --bind
2017-09-22Russell EubanksWhat is the State of Your Union?
2017-09-20Renato MarinhoOngoing Ykcol (Locky) campaign
2017-09-19Jim ClausingNew tool: mac-robber.py
2017-09-18Xavier MertensGetting some intelligence from malspam
2017-09-18Johannes UllrichSANS Securingthehuman posted a follow up to their Equifax breach webcast: https://securingthehuman.sans.org/blog/2017/09/15/equifax-webcast-follow-up
2017-09-17Guy BruneaurockNSM as a Incident Response Package
2017-09-16Guy BruneauVMware ESXi, vCenter Server, Fusion and Workstation updates resolve multiple security vulnerabilities - https://www.vmware.com/security/advisories/VMSA-2017-0015.html
2017-09-09Didier StevensMalware analysis output sanitization
2017-09-05Adrien de BeaupreStruts vulnerability patch released by apache, patch now
2017-09-02Xavier MertensAutoIT based malware back in the wild
2017-09-01Brad DuncanMalspam pushing Locky ransomware tries HoeflerText notifications for Chrome and FireFox
2017-08-26Didier StevensMalware analysis: searching for dots
2017-08-25Xavier MertensMalicious AutoIT script delivered in a self-extracting RAR file
2017-08-23Xavier MertensMalicious script dropping an executable signed by Avast?
2017-08-18Guy Bruneautshark 2.4 New Feature - Command Line Export Objects
2017-08-18Renato MarinhoEngineBox Malware Supports 10+ Brazilian Banks
2017-08-17Xavier MertensMaldoc with auto-updated link
2017-08-13Didier StevensThe Good Phishing Email
2017-07-21Didier StevensMalicious .iso Attachments
2017-07-18Bojan ZdrnjaInvestigation of BitTorrent Sync (v.2.0) as a P2P Cloud Service (Part 4 ? Windows Thumbnail Cache, Registry, Prefetch Files, and Link Files artefacts)
2017-07-14Brad DuncanNemucodAES and the malspam that distributes it
2017-07-13Bojan ZdrnjaInvestigation of BitTorrent Sync (v.2.0) as a P2P Cloud Service (Part 3 ? Physical Memory artefacts)
2017-07-09Russ McReeAdversary hunting with SOF-ELK
2017-07-05Didier StevensSelecting domains with random names
2017-06-28Brad DuncanPetya? I hardly know ya! - an ISC update on the 2017-06-27 ransomware outbreak
2017-06-28Brad DuncanCatching up with Blank Slate: a malspam campaign still going strong
2017-06-22Xavier MertensObfuscating without XOR
2017-06-17Guy BruneauMapping Use Cases to Logs. Which Logs are the Most Important to Collect?
2017-06-07Johannes UllrichDeceptive Advertisements: What they do and where they come from
2017-06-06Didier StevensMalware and XOR - Part 2
2017-06-05Didier StevensMalware and XOR - Part 1
2017-05-31Pasquale StirparoAnalysis of Competing Hypotheses, WCry and Lazarus (ACH part 2)
2017-05-30Johannes UllrichFreeRadius Authentication Bypass
2017-05-28Pasquale StirparoAnalysis of Competing Hypotheses (ACH part 1)
2017-05-24Brad DuncanJaff ransomware gets a makeover
2017-05-16Russ McReeWannaCry? Do your own data analysis.
2017-05-13Guy BruneauMicrosoft Released Guidance for WannaCrypt
2017-05-12Xavier MertensMassive wave of ransomware ongoing
2017-05-06Xavier MertensThe story of the CFO and CEO...
2017-05-05Xavier MertensHTTP Headers... the Achilles' heel of many applications
2017-05-02Richard PorterDo you have Intel AMT? Then you have a problem today! Intel Active Management Technology INTEL-SA-00075
2017-04-28Xavier MertensAnother Day, Another Obfuscation Technique
2017-04-19Xavier MertensHunting for Malicious Excel Sheets
2017-04-14Rick WannerWireshark 2.2.6 available -> https://www.wireshark.org/docs/relnotes/wireshark-2.2.6.html
2017-04-13Rob VandenBrinkPacket Captures Filtered by Process
2017-04-12Brad DuncanMalspam on 2017-04-11 pushes yet another ransomware variant
2017-04-07Xavier MertensTracking Website Defacers with HTTP Referers
2017-04-05Xavier MertensWhitelists: The Holy Grail of Attackers
2017-04-02Guy BruneauIPFire - A Household Multipurpose Security Gateway
2017-03-29Xavier MertensCritical VMware vulnerabilities disclosed
2017-03-19Xavier MertensSearching for Base64-encoded PE Files
2017-03-18Xavier MertensExample of Multiple Stages Dropper
2017-03-15Xavier MertensRetro Hunting!
2017-03-12Guy BruneauHoneypot Logs and Tracking a VBE Script
2017-03-08Xavier MertensNot All Malware Samples Are Complex
2017-03-04Xavier MertensHow your pictures may affect your website reputation
2017-03-03Lorna HutchesonBitTorrent or Something Else?
2017-02-24Rick WannerCloudflare data leak...what does it mean to me?
2017-02-15Xavier MertensHow was your stay at the Hotel La Playa?
2017-02-09Brad DuncanCryptoShield Ransomware from Rig EK
2017-02-05Xavier MertensMany Malware Samples Found on Pastebin
2017-02-04Xavier MertensDetecting Undisclosed Vulnerabilities with Security Tools & Features
2017-02-02Rick WannerMultiple vulnerabilities discovered in popular printer models
2017-01-31Johannes UllrichMalicious Office files using fileless UAC bypass to drop KEYBASE malware
2017-01-31Johannes UllrichVMWare Security Advisory for AirWatch http://www.vmware.com/security/advisories/VMSA-2017-0001.html
2017-01-24Xavier MertensMalicious SVG Files in the Wild
2017-01-13Xavier MertensWho's Attacking Me?
2017-01-12Mark BaggettSystem Resource Utilization Monitor
2017-01-11Johannes UllrichJanuary 2017 Edition of Ouch! Security Awareness Newsletter Released: https://securingthehuman.sans.org/ouch
2017-01-10Johannes UllrichRealtors Be Aware: You Are a Target
2017-01-06John BambenekRansomware Operators Cold Calling UK Schools to Get Malware Through
2017-01-05John BambenekNew Year's Resolution: Build Your Own Malware Lab?
2017-01-01Didier Stevenspy2exe Decompiling - Part 1
2016-12-29Rick WannerMore on Protocol 47 denys
2016-12-29Rick WannerIncrease in Protocol 47 denys
2016-12-27Guy BruneauUsing daemonlogger as a Software Tap
2016-12-13Xavier MertensUAC Bypass in JScript Dropper
2016-11-25Xavier MertensFree Software Quick Security Checklist
2016-11-23Tom WebbVmware Patches VMSA-2016-0005.5, VMSA-2016-0018.3 and VMSA-2016-0021
2016-11-18Brad DuncanWireshark update: version 2.2.2 (stable release) and 2.0.8 (old stable release) - https://www.wireshark.org/download.html
2016-11-11Rick WannerBenevolent malware? reincarna/Linux.Wifatch
2016-11-05Xavier MertensFull Packet Capture for Dummies
2016-11-02Rob VandenBrinkWhat Does a Pentest Look Like?
2016-10-31Russ McReeSEC505 DFIR capture script: snapshot.ps1
2016-10-30Pasquale StirparoVolatility Bot: Automated Memory Analysis
2016-10-26Johannes UllrichNew VMWare Security Advisory: VMSA-2016-0017 Information Disclosure in VMWare Fusion and VMWare Tools https://www.vmware.com/security/advisories/VMSA-2016-0017.html
2016-10-25Xavier MertensAnother Day, Another Spam...
2016-10-11Xavier MertensWiFi Still Remains a Good Attack Vector
2016-10-10Didier StevensRadare2: rahash2
2016-09-30Xavier MertensAnother Day, Another Malicious Behaviour
2016-09-25Pasquale StirparoDefining Threat Intelligence Requirements
2016-09-22Rick WannerYAHDD! (Yet another HUGE data Breach!)
2016-09-13Rob VandenBrinkIf it's Free, YOU are the Product
2016-09-09Xavier MertensCollecting Users Credentials from Locked Devices
2016-09-05Xavier MertensMalware Delivered via '.pub' Files
2016-09-01Xavier MertensMaxmind.com (Ab)used As Anti-Analysis Technique
2016-08-31Deborah HaleDropbox Breach
2016-08-25Xavier MertensOut-of-Band iOS Patch Fixes 0-Day Vulnerabilities
2016-08-24Tom WebbStay on Track During IR
2016-08-24Xavier MertensExample of Targeted Attack Through a Proxy PAC File
2016-08-23Xavier MertensVoice Message Notifications Deliver Ransomware
2016-08-19Xavier MertensData Classification For the Masses
2016-08-14Guy BruneauvRealize Log Insight directory traversal vulnerability - http://www.vmware.com/security/advisories/VMSA-2016-0011.html
2016-08-11Pasquale StirparoLooking for the insider: Forensic Artifacts on iOS Messaging App
2016-08-01Daniel WesemannAre you getting I-CANNED ?
2016-07-31Pasquale StirparoSharing (intel) is caring... or not?
2016-07-27Xavier MertensAnalyze of a Linux botnet client source code
2016-07-25Didier StevensPython Malware - Part 4
2016-07-16Didier StevensPython Malware - Part 3
2016-07-12Xavier MertensHunting for Malicious Files with MISP + OSSEC
2016-07-08Mark HofmanMalware being distributed pretending to be from AU Fedcourts
2016-07-03Guy BruneauIs Data Privacy part of your Company's Culture?
2016-06-29Xavier MertensPhishing Campaign with Blurred Images
2016-06-26Rick WannerBart - a new Ransomware
2016-06-20Xavier MertensOngoing Spam Campaign Related to Swift
2016-06-18Rob VandenBrinkControlling JavaScript Malware Before it Runs
2016-06-01Xavier MertensDocker Containers Logging
2016-05-25Rick WannerVMWare Security Advisories
2016-05-22Pasquale StirparoThe strange case of WinZip MRU Registry key
2016-05-16Rick WannerAn oldie but a goodie - 419 Death Scam
2016-05-15Didier StevensPython Malware - Part 1
2016-05-13Xavier MertensMISP - Malware Information Sharing Platform
2016-05-05Xavier MertensMicrosoft BITS Used to Download Payloads
2016-05-02Rick WannerFake Chrome update for Android
2016-05-02Rick WannerLean Threat Intelligence
2016-04-28Rob VandenBrinkDNS and DHCP Recon using Powershell
2016-04-25Guy BruneauHighlights from the 2016 HPE Annual Cyber Threat Report
2016-04-21Daniel WesemannDecoding Pseudo-Darkleech (Part #2)
2016-04-21Daniel WesemannDecoding Pseudo-Darkleech (#1)
2016-04-11John BambenekTool Released to Decrypt Petya Ransomware Infected Disks
2016-04-10Didier StevensHandling Malware Samples
2016-04-02Russell EubanksWhy Can't We Be Friends?
2016-04-01John BambenekTips for Stopping Ransomware
2016-03-28Xavier MertensImproving Bash Forensics Capabilities
2016-03-13Guy BruneauA Look at the Mandiant M-Trends 2016 Report
2016-03-11Jim ClausingForensicating Docker, Part 1
2016-03-09Rob VandenBrinkA Wall Against Cryptowall? Some Tips for Preventing Ransomware
2016-03-07Xavier MertensAnother Malicious Document, Another Way to Deliver Malicious Code
2016-03-07Xavier MertensOSX Ransomware Spread via a Rogue BitTorrent Client Installer
2016-03-06Jim ClausingNovel method for slowing down Locky on Samba server using fail2ban
2016-02-27Guy BruneauWireshark Fixes Several Bugs and Vulnerabilities
2016-02-24Xavier MertensAnalyzis of a Malicious .lnk File with an Embedded Payload
2016-02-23Xavier MertensVMware VMSA-2016-0002
2016-02-18Xavier MertensHunting for Executable Code in Windows Environments
2016-02-13Guy BruneauVMware VMSA-2015-0007.3 has been Re-released
2016-02-11Tom WebbTomcat IR with XOR.DDoS
2016-01-31Guy BruneauWindows 10 and System Protection for DATA Default is OFF
2016-01-24Didier StevensObfuscated MIME Files
2016-01-20Xavier Mertens/tmp, %TEMP%, ~/Desktop, T:\, ... A goldmine for pentesters!
2016-01-15Xavier MertensJavaScript Deobfuscation Tool
2016-01-10Jim ClausingVMware security update
2016-01-06Russ McReetoolsmith #112: Red vs Blue - PowerSploit vs PowerForensics
2016-01-05Guy BruneauWhat are you Concerned the Most in 2016?
2016-01-01Didier StevensFailure Is An Option
2015-12-26Didier StevensMalfunctioning Malware
2015-12-19Russell EubanksVMWare Security Advisory
2015-12-16Xavier MertensPlaying With Sandboxes Like a Boss
2015-12-06Mark HofmanMalware SPAM a new run has started.
2015-11-22Guy BruneauOpenDNS Research Used to Predict Threat
2015-11-09John BambenekProtecting Users and Enterprises from the Mobile Malware Threat
2015-11-07Didier StevensRansomware & Entropy: Your Turn -> Solution
2015-11-04Johannes UllrichInternet Wide Scanners Wanted
2015-10-30Didier StevensRansomware & Entropy: Your Turn
2015-10-27Xavier MertensThe "Yes, but..." syndrome
2015-10-18Russell EubanksSecurity Awareness for Security Professionals
2015-10-18Didier StevensRansomware & Entropy
2015-10-17Russell EubanksCIS Critical Security Controls - Version 6.0
2015-10-12Guy BruneauCritical Vulnerability in Multiple Cisco Products - Apache Struts 2 Command Execution http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2
2015-10-09Guy BruneauAdobe Acrobat and Reader Pre-Announcement
2015-09-29Pedro BuenoTricks for DLL analysis
2015-09-28Johannes Ullrich"Transport of London" Malicious E-Mail
2015-09-23Daniel WesemannMaking our users unlearn what we taught them
2015-09-21Xavier MertensDetecting XCodeGhost Activity
2015-09-19Didier StevensDon't launch that file Adobe Reader!
2015-09-01Daniel WesemannEncryption of "data at rest" in servers
2015-08-29Tom WebbAutomating Metrics using RTIR REST API
2015-08-18Russ McReeMicrosoft Security Bulletin MS15-093 - Critical OOB - Internet Explorer RCE
2015-08-12Rob VandenBrinkWireshark 1.12.7 is released, multiple fixes. Find the release notes at: https://www.wireshark.org/docs/relnotes/wireshark-1.12.7.html and the binaries at: https://www.wireshark.org/download.html
2015-08-07Tony CarothersCritical Firefox Update Today
2015-07-17Didier StevensProcess Explorer and VirusTotal
2015-07-15Richard PorterAlways Check Your References (Cheat Sheets to the Rescue)
2015-06-29Rob VandenBrinkThe Powershell Diaries 2 - Software Inventory
2015-06-24Rob VandenBrinkThe Powershell Diaries - Finding Problem User Accounts in AD
2015-06-02Alex StanfordGuest Diary: Xavier Mertens - Playing with IP Reputation with Dshield & OSSEC
2015-05-23Guy BruneauBusiness Value in "Big Data"
2015-05-14Daniel WesemannOh Bloat!
2015-05-10Didier StevensWireshark TCP Flags: How To Install On Windows Video
2015-05-07Chris MohanSecurity Awareness? How do you keep your staff safe?
2015-05-03Russ McReeVolDiff, for memory image differential analysis
2015-04-30Brad DuncanDalexis/CTB-Locker malspam campaign
2015-04-24Basil Alawi S.TaherFileless Malware
2015-04-19Didier StevensHandling Special PDF Compression Methods
2015-04-17Didier StevensMemory Forensics Of Network Devices
2015-04-09Brad DuncanAn example of the malicious emails sometimes sent to the ISC handler addresses
2015-04-08Tom WebbIs it a breach or not?
2015-04-05Didier StevensWireshark TCP Flags
2015-04-04Didier StevensVMware Product Updates Address Critical Information Disclosure Issue In JRE
2015-03-21Russell EubanksHave you seen my personal information? It has been lost. Again.
2015-03-18Daniel WesemannNew SANS memory forensics poster
2015-03-18Daniel WesemannPass the hash!
2015-03-14Didier StevensMaldoc VBA Sandbox/Virtualization Detection
2015-03-13Guy BruneauBlind SQL Injection against WordPress SEO by Yoast
2015-03-08Brad DuncanWhat Happened to You, Asprox Botnet?
2015-03-07Guy BruneauShould it be Mandatory to have an Independent Security Audit after a Breach?
2015-02-26Johannes UllrichNew Feature: Subnet Report
2015-02-23Richard PorterSubscribing to the DShield Top 20 on a Palo Alto Networks Firewall
2015-02-19Daniel WesemannMacros? Really?!
2015-02-17Rob VandenBrinkoclHashcat 1.33 Released
2015-02-09Chris MohanBackups are part of the overall business continuity and disaster recovery plan
2015-02-03Johannes UllrichAnother Network Forensic Tool for the Toolbox - Dshell
2015-01-31Guy BruneauBeware of Phishing and Spam Super Bowl Fans!
2014-12-24Rick WannerIncident Response at Sony
2014-12-23John BambenekHow I learned to stop worrying and love malware DGAs....
2014-12-05Basil Alawi S.TaherVMware new and updated security advisories
2014-12-01Guy BruneauDo you have a Data Breach Response Plan?
2014-11-24Richard PorterSomeone is using this? PoS: Compressor
2014-11-20Johannes UllrichCritical WordPress XSS Update
2014-11-04Daniel WesemannWhois someone else?
2014-10-23Russ McReeDigest: 23 OCT 2014
2014-10-14Johannes UllrichUpdates for Firefox and Thunderbird. http://www.mozilla.org/firefox/new/
2014-10-03Johannes UllrichCSAM: The Power of Virustotal to Turn Harmless Binaries Malicious
2014-10-02Johannes UllrichWhy is your Mac all for sudden using Bing as a search engine?
2014-10-01Russ McReeVMware security advisory: VMSA-2014-0010 http://www.vmware.com/security/advisories/VMSA-2014-0010.html
2014-09-27Guy BruneauWhat has Bash and Heartbleed Taught Us?
2014-09-22Johannes UllrichFake LogMeIn Certificate Update with Bad AV Detection Rate
2014-09-19Guy BruneauAdded today in oclhashcat 131 Django [Default Auth] (PBKDF2 SHA256 Rounds Salt) Support - http://hashcat.net/hashcat/
2014-09-16Mark HofmanFreeBSD Denial of Service advisory (CVE-2004-0230)
2014-09-12Chris MohanVMware NSX and vCNS product updates address a critical information disclosure vulnerability http://www.vmware.com/security/advisories/VMSA-2014-0009.html
2014-09-12Chris MohanAre credential dumps worth reviewing?
2014-08-25Jim ClausingUDP port 1900 DDoS traffic
2014-08-23Guy BruneauNSS Labs Cyber Resilience Report
2014-08-22Richard PorterPHP 5.4.32 Released http://www.php.net/ChangeLog-5.php#5.4.32
2014-08-22Richard PorterPHP 5.5.16 is available http://www.php.net/ChangeLog-5.php#5.5.16
2014-08-14Basil Alawi S.TaherThreats to virtual environments
2014-08-12Adrien de BeaupreAdobe updates for 2014/08
2014-08-10Basil Alawi S.TaherIncident Response with Triage-ir
2014-08-09Adrien de BeaupreComplete application ownage via Multi-POST XSRF
2014-08-06Chris MohanFree Service to Help CryptoLocker Victims by FireEye and Fox-IT
2014-08-05Johannes UllrichLegal Threat Spam: Sometimes it Gets Personal
2014-08-05Johannes UllrichCenter for Internet Security Releases Benchmark for VMWare ESXi 5.5 https://benchmarks.cisecurity.org/downloads/form/index.cfm?download=esxi55.100
2014-08-04Russ McReeThreats & Indicators: A Security Intelligence Lifecycle
2014-08-01Chris MohanWireShark 1.10.9 and 1.12.0 has been released
2014-07-24Bojan ZdrnjaWindows Previous Versions against ransomware
2014-07-22Daniel WesemannIvan's Order of Magnitude
2014-07-22Daniel Wesemann WordPress brute force attack via wp.getUsersBlogs
2014-07-19Russ McReeKeeping the RATs out: the trap is sprung - Part 3
2014-07-18Russ McReeKeeping the RATs out: **it happens - Part 2
2014-07-18Russ McReeGameover Zeus reported as "returned from the dead"
2014-07-16Russ McReeKeeping the RATs out: an exercise in building IOCs - Part 1
2014-07-15Daniel WesemannAOC Cloud
2014-07-11Rob VandenBrinkEgress Filtering? What - do we have a bird problem?
2014-07-05Guy BruneauMalware Analysis with pedump
2014-07-03Johannes UllrichCredit Card Processing in 700 Words or Less
2014-07-02Johannes UllrichJuly Ouch! Security Awareness Newsletter Released. E-mail Do's and Don'ts http://www.securingthehuman.org/resources/newsletters/ouch/2014#july2014
2014-06-30Johannes UllrichShould I setup a Honeypot? [SANSFIRE]
2014-06-24Kevin ShorttNTP DDoS Counts Have Dropped
2014-06-22Russ McReeOfficeMalScanner helps identify the source of a compromise
2014-06-19Tony CarothersWordPress and Security
2014-06-13Richard PorterA welcomed response, PF Chang's
2014-06-11Daniel WesemannPay attention to Cryptowall!
2014-06-08Guy Bruneauefax Spam Containing Malware
2014-06-03Basil Alawi S.TaherAn Introduction to RSA Netwitness Investigator
2014-05-23Richard PorterHighlights from Cisco Live 2014 - The Internet of Everything
2014-05-18Russ McReesed and awk will always rock
2014-04-29Russ McReeFirefox 29.0 & Thunderbird 24.5 released: http://www.mozilla.org/security/known-vulnerabilities/
2014-04-26Guy BruneauNew Project by Linux Foundation - Core Infrastructure Initiative
2014-04-21Daniel WesemannAllow us to leave!
2014-04-15Richard PorterVMWare Advisory VMSA-2014-0004 - Updates on OpenSSL HeartBleed http://www.vmware.com/security/advisories/VMSA-2014-0004.html
2014-04-13Kevin ShorttReverse Heartbleed Testing
2014-04-11Rob VandenBrinkVMware Security Advisories / Patches released for 2 issues (NOT Heartbleed) - http://www.vmware.com/security/advisories/VMSA-2014-0003.html and http://www.vmware.com/security/advisories/VMSA-2014-0002.html
2014-04-11Guy BruneauHeartbleed Fix Available for Download for Cisco Products
2014-04-06Basil Alawi S.Taher"Power Worm" PowerShell based Malware
2014-04-05Jim ClausingThose strange e-mails with URLs in them can lead to Android malware
2014-04-04Rob VandenBrinkDealing with Disaster - A Short Malware Incident Response
2014-03-26Johannes UllrichFull Disclosure Mailing List is back: http://insecure.org/news/fulldisclosure/
2014-03-19Mark HofmanMozilla released updates for Firefox ( v 28.0), Thunderbird (v 24.4) and Firefox Extended Support Release (ESR) updates to 24.4.0 (Fixes include the issues highlighted at the pwn2own contest.)
2014-03-14Richard PorterWord Press Shenanigans? Anyone seeing strange activity today?
2014-03-12Johannes UllrichWordpress "Pingback" DDoS Attacks
2014-03-11Basil Alawi S.TaherIntroduction to Memory Analysis with Mandiant Redline
2014-03-07Tom WebbLinux Memory Dump with Rekall
2014-03-04Daniel WesemannXPired!
2014-03-04Daniel WesemannTriple Handshake Cookie Cutter
2014-03-02Stephen HallSunday Reading
2014-02-28Daniel WesemannOversharing
2014-02-28Daniel WesemannFiesta!
2014-02-22Tony CarothersCisco UCS Director Vulnerability and Update
2014-02-19Russ McReeThreat modeling in the name of security
2014-02-09Basil Alawi S.TaherMandiant Highlighter 2
2014-02-07Rob VandenBrinkHello Virustotal? It's Microsoft Calling.
2014-02-07Rob VandenBrinkNew ISO Standards on Vulnerability Handling and Disclosure
2014-02-05Johannes UllrichSANS Ouch Security Awareness Newsletter What is Malware http://www.securingthehuman.org/ouch
2014-02-04Johannes UllrichFirefox 27 Available http://www.mozilla.org/en-US/firefox/27.0/releasenotes/
2014-01-23Chris MohanLearning from the breaches that happens to others Part 2
2014-01-22Chris MohanLearning from the breaches that happens to others
2014-01-19Rick WannerAnatomy of a Malware distribution campaign
2014-01-17Russ McReeNew and updated VMWare security advisories - http://www.vmware.com/security/advisories
2014-01-11Guy Bruneautcpflow 1.4.4 and some of its most Interesting Features
2014-01-10Basil Alawi S.TaherWindows Autorun-3
2014-01-09Johannes UllrichMicrosoft Security Bulletin Advance Notification for January 2014 http://technet.microsoft.com/en-us/security/bulletin/ms14-jan
2013-12-28Russ McReeWeekend Reading List 27 DEC
2013-12-24Daniel WesemannMr Jones wants you to appear in court!
2013-12-23Rob VandenBrinkHow-To's for the Holidays - Java Whitelisting using AD Group Policy
2013-12-23Scott FendleyVMWare ESX/ESXi Security Advisory
2013-12-23Daniel WesemannCostco, BestBuy, Walmart really want to send you a package!
2013-12-21Daniel WesemannAdobe phishing underway
2013-12-19Rob VandenBrinkTarget US - Credit Card Data Breach
2013-12-18Adrien de BeaupreWireshark 1.10.4 and 1.8.12 are available
2013-12-12Basil Alawi S.TaherAcquiring Memory Images with Dumpit
2013-12-07Guy BruneauSuspected Active Rovnix Botnet Controller
2013-12-04Adrien de BeaupreVMware Security Advisory VMSA-2013-0014
2013-12-02Richard PorterReports of higher than normal SSH Attacks
2013-11-22Rick WannerPort 0 DDOS
2013-11-22Rick WannerTales of Password Reuse
2013-11-21Mark Baggett"In the end it is all PEEKS and POKES."
2013-11-20Mark BaggettSearching live memory on a running machine with winpmem
2013-11-19Mark BaggettWinpmem - Mild mannered memory aquisition tool??
2013-11-15Johannes UllrichVMWare Security Advisory: http://www.vmware.com/security/advisories/VMSA-2013-0013.html
2013-11-02Rick WannerProtecting Your Family's Computers
2013-10-31Russ McReeHappy Halloween: The Ghost Really May Be In The Machine
2013-10-30Russ McReeSIR v15: Five good reasons to leave Windows XP behind
2013-10-28Daniel WesemannExploit cocktail (Struts, Java, Windows) going after 3-month old vulnerabilities
2013-10-24Johannes UllrichFalse Positive: php.net Malware Alert
2013-10-22Richard PorterGreenbone and OpenVAS Scanner
2013-10-22John BambenekCryptolocker Update, Request for Info
2013-10-18Guy BruneauVMware Release Multiple Security Updates
2013-10-18Rob VandenBrinkCSAM - Why am I seeing DNS Requests to IANA.ORG in my Firewall Logs?
2013-10-15Rob VandenBrinkWireshark 1.11.0 Development Version Released ==> http://www.wireshark.org/download.html (1.10.2 remains the Stable version)
2013-10-05Richard PorterAdobe Breach Notification, Notifications?
2013-10-04Johannes UllrichThe Adobe Breach FAQ
2013-10-02John BambenekObamacare related domain registration spike, Government shutdown domain registration beginning
2013-10-01Adrien de BeaupreCSAM! Send us your logs!
2013-10-01John Bambenek*Metaspoit Releases Module to Exploit Unpatched IE Vuln CVE-2013-3893
2013-09-30Adrien de BeaupreTwitter DM spam/malware
2013-09-23Rob VandenBrinkHow do you spell "PSK"?
2013-09-20Russ McReeThreat Level Yellow: Protection recommendations regarding Internet Explorer exploits in the wild
2013-09-18Rob VandenBrinkCisco DCNM Update Released
2013-09-17John BambenekMicrosoft Releases Out-of-Band Advisory for all Versions of Internet Explorer
2013-09-12Daniel Wesemann37.58.73.42 / 95.156.228.69 / 195.210.43.42, anyone?
2013-09-10Swa FrantzenMore Black Tuesday workload
2013-09-10Swa FrantzenMacs need to patch too!
2013-09-07Guy BruneauMicrosoft September Patch Pre-Announcement
2013-09-02Guy BruneauMultiple Cisco Security Notice
2013-08-30Kevin ListonVMware ESXi and ESX address an NFC Protocol Unhandled Exception
2013-08-29Russ McReeSuspect Sendori software
2013-08-26Alex StanfordStop, Drop and File Carve
2013-08-25Johannes UllrichWhen does your browser send a "Referer" header (or not)?
2013-08-21Alex StanfordPsst. Your Browser Knows All Your Secrets.
2013-08-21Rob VandenBrinkFibre Channel Reconnaissance - Reloaded
2013-08-19Rob VandenBrinkNMAP 6.40 Released (www.nmap.org), Release Notes at www.nmap.org/changelog.html
2013-08-14Johannes UllrichImaging LUKS Encrypted Drives
2013-08-07Johannes UllrichNew edition of the Ouch! Security Awareness Newsletter is out: http://www.securingthehuman.org/resources/newsletters/ouch/2013
2013-08-07Johannes UllrichFirefox 23 and Mixed Active Content
2013-08-02Chris MohanVMware Security Advisory VMSA-2013-0009 - http://www.vmware.com/security/advisories/VMSA-2013-0009.html
2013-08-02Johannes UllrichFake American Express Alerts
2013-07-28Guy BruneauWireshark 1.8.9 and 1.10.1 Security Update
2013-07-27Scott FendleyDefending Against Web Server Denial of Service Attacks
2013-07-22Johannes UllrichApple Developer Site Breach
2013-07-21Guy BruneauUbuntu Forums Security Breach
2013-07-21Guy BruneauWhy use Regular Expressions?
2013-07-20Manuel Humberto Santander PelaezDo you have rogue Internet gateways in your network? Check it with nmap
2013-07-12Johannes UllrichDNS resolution is failing for Microsofts Teredo server (teredo.ipv6.microsoft.com)
2013-07-12Johannes UllrichMicrosoft Teredo Server "Sunset"
2013-07-12Rob VandenBrinkHmm - where did I save those files?
2013-07-10Johannes Ullrich.NL Registrar Compromisse
2013-07-04Russ McReeCelebrating 4th of July With a Malware PCAP Visualization
2013-06-25Bojan ZdrnjaMozilla Firefox 22 released, fixes 14 security vulnerabilities, more info at http://www.mozilla.org/en-US/firefox/22.0/releasenotes/
2013-06-18Russ McReeVolatility rules...any questions?
2013-06-17Daniel WesemannSANSFIRE 2013
2013-06-11Swa Frantzenvmware security advisory VMSA-2013-0008
2013-06-05Johannes UllrichNew version of "Ouch", the SANS Securing the Human Newsletter http://www.securingthehuman.org/resources/newsletters/ouch/2013
2013-06-05Richard PorterWireshark 1.10.0 Stable Released http://www.wireshark.org/download.html
2013-05-31Chris MohanVMware releases new and updated security advisories
2013-05-23Adrien de BeaupreWireshark 1.10.0rc2 is now available http://www.wireshark.org/download.html
2013-05-23Adrien de BeaupreMoVP II
2013-05-22Adrien de BeaupreWireshark 1.8.7 and 1.6.15 Released http://www.wireshark.org/news/20130517.html
2013-05-21Adrien de BeaupreMoore, Oklahoma tornado charitable organization scams, malware, and phishing
2013-05-17Daniel Wesemanne-netprotections.su ?
2013-05-16Daniel WesemannExtracting signatures from Apple .apps
2013-05-14Swa FrantzenFirefox & Thunderbird released
2013-05-11Lenny ZeltserExtracting Digital Signatures from Signed Malware
2013-05-09Johannes UllrichMicrosoft released a Fix-it for the Internet Explorer 8 Vulnerability http://support.microsoft.com/kb/2847140
2013-05-01Daniel WesemannThe cost of cleaning up
2013-04-25Adam SwangerSANS 2013 Forensics Survey - https://www.surveymonkey.com/s/2013SANSForensicsSurvey
2013-04-25Adam SwangerGuest Diary: Dylan Johnson - A week in the life of some Perimeter Firewalls
2013-04-18John BambenekISC Handler Lenny Zeltser's REMnux v4 Reviewed on Hak5
2013-04-10Manuel Humberto Santander PelaezMassive Google scam sent by email to Colombian domains
2013-04-04Johannes UllrichPostgresql Patches Critical Vulnerability
2013-04-03Mark HofmanFirefox 20 and Thunderbird 17.0.5 updates
2013-03-28John BambenekWhere Were You During the Great DDoS Cybergeddon of 2013?
2013-03-27Adam SwangerIPv6 Focus Month: Guest Diary: Stephen Groat - IPv6 moving target defense
2013-03-27Rob VandenBrinkSourcefire VRT Community ruleset is live
2013-03-26Daniel WesemannHow your Webhosting Account is Getting Abused
2013-03-25Johannes UllrichIPv6 Focus Month: IPv6 over IPv4 Preference
2013-03-22Mark BaggettWipe the drive! Stealthy Malware Persistence - Part 4
2013-03-20Mark BaggettWipe the drive! Stealthy Malware Persistence - Part 3
2013-03-19Johannes UllrichScam of the day: More fake CNN e-mails
2013-03-18Kevin ShorttCisco IOS Type 4 Password Issue: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4
2013-03-15Mark BaggettAVG detect legit file as virus
2013-03-14Mark BaggettWipe the drive! Stealthy Malware Persistence - Part 2
2013-03-13Johannes UllrichIPv6 Focus Month: Kaspersky Firewall IPv6 Vulnerability
2013-03-13Mark BaggettWipe the drive! Stealthy Malware Persistence Mechanism - Part 1
2013-03-09Guy BruneauIPv6 Focus Month: IPv6 Encapsulation - Protocol 41
2013-03-08Johannes UllrichIPv6 Focus Month: Filtering ICMPv6 at the Border
2013-03-07Guy BruneauWireshark Security Updates
2013-03-05Mark HofmanIPv6 Focus Month: Device Defaults
2013-03-04Johannes UllrichIPv6 Focus Month: Addresses
2013-03-02Scott FendleyEvernote Security Issue
2013-02-27Adam SwangerGuest Diary: Dylan Johnson - There's value in them there logs!
2013-02-25Johannes UllrichMass-Customized Malware Lures: Don't trust your cat!
2013-02-22Chris MohanPHP 5.4.12 and PHP 5.3.22 released http://www.php.net/ChangeLog-5.php
2013-02-22Chris MohanVMware releases new and updated security advisories
2013-02-22Johannes UllrichZendesk breach affects Tumblr/Pinterest/Twitter
2013-02-21Pedro BuenoNBC site redirecting to Exploit kit
2013-02-19Johannes UllrichFirefox 19 Release with various security fixes.
2013-02-17Guy BruneauHP ArcSight Connector Appliance and Logger Vulnerabilities
2013-02-17Guy BruneauAdobe Acrobat and Reader Security Update Planned this Week
2013-02-16Lorna HutchesonFedora RedHat Vulnerabilty Released
2013-02-14Adam SwangerISC Monthly Threat Update - February 2013 http://isc.sans.edu/podcastdetail.html?id=3121
2013-02-13Swa FrantzenMore adobe reader and acrobat (PDF) trouble
2013-02-08Johannes UllrichVMWare Advisories (ESX, Workstation, Fusion...) http://www.vmware.com/security/advisories/VMSA-2013-0002.html
2013-02-06Adam SwangerSysinternals in particular Process Explorer update https://blogs.technet.com/b/sysinternals/?Redirected=true
2013-02-06Kevin ShorttFirefox updated to 18.02 -> https://www.mozilla.org/en-US/firefox/18.0.2/releasenotes/
2013-02-04Adam SwangerSAN Securing The Human Monthly Awareness Video - Advanced Persistent Threat (APT) http://www.securingthehuman.org/resources/ncsam
2013-02-01Jim ClausingVMware vSphere security updates for the authentication service and third party libraries (see http://www.vmware.com/security/advisories/VMSA-2013-0001.html)
2013-01-27Tony CarothersHP JetDirect Vulnerabilities Discussed
2013-01-15Rob VandenBrinkWhen Disabling IE6 (or Java, or whatever) is not an Option...
2013-01-10Rob VandenBrinkWhat Else runs Telnets? Or, Pentesters Love Video Conferencing Units Too!
2013-01-10Adam SwangerISC Monthly Threat Update New Format
2013-01-09Rob VandenBrinkFirefox and Thunderbird Updates
2013-01-09Rob VandenBrinkSecurity Updates for Adobe Reader / Acrobat - http://www.adobe.com/support/security/bulletins/apsb13-02.html
2013-01-09Johannes UllrichNew Format for Monthly Threat Update
2013-01-08Richard PorterFirefox 18 Released, Security Fixes http://www.mozilla.org/security/known-vulnerabilities/firefox.html
2013-01-08Jim ClausingCuckoo 0.5 is out and the world didn't end
2013-01-08Richard PorterYahoo Web Interface Report: Compose and Send
2013-01-08Richard PorterA picture worth a 1000 barcodes?
2013-01-04Daniel WesemannBlue for Reset?
2013-01-02Russ McReeEMET 3.5: The Value of Looking Through an Attacker's Eyes
2013-01-01Johannes UllrichFixIt Available for Internet Explorer Vulnerability
2012-12-18Rob VandenBrinkAll I Want for Christmas is to Not Get Hacked !
2012-12-14Adam SwangerISC Feature of the Week: Webhoneypot: Web Server Log Project
2012-12-07Adam SwangerISC Feature of the Week: Glossary Additions
2012-12-06Johannes UllrichHow to identify if you are behind a "Transparent Proxy"
2012-12-03Kevin ListonMobile Malware: Request for Field Reports
2012-12-03John BambenekJohn McAfee Exposes His Location in Photo About His Being on Run
2012-12-01Guy BruneauFirefox 17.0.1 Bug Fixes - http://www.mozilla.org/en-US/firefox/17.0.1/releasenotes/
2012-11-29Adam SwangerISC Feature of the Week: SSH Scan Reports
2012-11-29Kevin ShorttNew Apple Security Update: APPLE-SA-2012-11-29-1 Apple TV 5.1.1
2012-11-28Mark HofmanNew version of wireshark is available (1.8.4), some security fixes included.
2012-11-28Mark HofmanMcAfee releases extraDAT for W32/Autorun.worm.aaeb-h
2012-11-27Chris MohanCan users' phish emails be a security admin's catch of the day?
2012-11-26John BambenekOnline Shopping for the Holidays? Tips, News and a Fair Warning
2012-11-22Kevin ListonGreek National Arrested on Suspicion of Theft of 9M Records on Fellow Greeks
2012-11-20John BambenekBehind the Random NTP Bizarreness of Incorrect Year Being Set
2012-11-20John BambenekFirefox v 17.0 just released, more here: http://www.mozilla.org/en-US/firefox/17.0/releasenotes/
2012-11-19John BambenekMoneyGram fined $100 million for aiding wire fraud - http://krebsonsecurity.com/2012/11/moneygram-fined-100-million-for-wire-fraud/
2012-11-19John BambenekNew Poll: Top 5 Unresolved Security Problems of 2012
2012-11-18Guy BruneauFreeBSD Project Servers Compromised - http://www.freebsd.org/news/2012-compromise.html
2012-11-17Manuel Humberto Santander PelaezNew Sysinternal Updates: AdExplorer v1.44, Contig v1.7, Coreinfo v3.2, Procdump v5.1. See http://blogs.technet.com/b/sysinternals/archive/2012/11/16/updates-adexplorer-v1-44-contig-v1-7-coreinfo-v3-2-procdump-v5-1.aspx?Redirected=true
2012-11-16Guy BruneauVMware security updates for vSphere API and ESX Service Console - http://www.vmware.com/security/advisories/VMSA-2012-0016.html
2012-11-16Manuel Humberto Santander PelaezInformation Security Incidents are now a concern for colombian government
2012-11-15Jim ClausingAnother month another password disclosure breach
2012-11-12John BambenekRequest for info: Robocall Phishing Against Local/Regional Banks
2012-11-09Mark BaggettRemote Diagnostics with PSR
2012-11-09Mark BaggettFresh batch of Microsoft patches next week
2012-11-08Daniel WesemannAdobe Patches
2012-11-07Mark BaggettHelp eliminate unquoted path vulnerabilities
2012-11-07Mark BaggettMultiple 0-Days Reported!
2012-11-07Mark BaggettCisco TACACS+ Authentication Bypass
2012-11-05Johannes UllrichReminder: Ongoing SMTP Brute Forcing Attacks
2012-11-05Johannes UllrichPossible Fake-AV Ads from Doubleclick Servers
2012-11-04Lorna HutchesonWhat's important on your network?
2012-11-02Daniel WesemannThe shortcomings of anti-virus software
2012-11-02Daniel WesemannLamiabiocasa
2012-11-01Daniel WesemannPatched your Java yet?
2012-10-31Johannes UllrichCyber Security Awareness Month - Day 31 - Business Continuity and Disaster Recovery
2012-10-30Johannes UllrichHurricane Sandy Update
2012-10-30Richard PorterSplunk 5.0 SP-CAAAHB4 http://www.splunk.com/view/SP-CAAAHB4
2012-10-30Mark HofmanCyber Security Awareness Month - Day 30 - DSD 35 mitigating controls
2012-10-29Kevin ShorttCyber Security Awareness Month - Day 29 - Clear Desk: The Unacquainted Standard
2012-10-28Tony CarothersFirefox 16.02 Released
2012-10-26Russ McReeCyber Security Awareness Month - Day 26 - Attackers use trusted domain to propagate Citadel Zeus variant
2012-10-25Richard PorterCyber Security Awareness Month - Day 25 - Pro Audio & Video Packets on the Wire
2012-10-24Russ McReeCyber Security Awareness Month - Day 24 - A Standard for Information Security Incident Management - ISO 27035
2012-10-24Russ McReeOngoing Windstream outage in the midwest - https://twitter.com/search?q=windstream
2012-10-23Rob VandenBrinkCyber Security Awareness Month - Day 23: Character Encoding Standards - ASCII and Successors
2012-10-21Johannes UllrichCyber Security Awareness Month - Day 22: Connectors
2012-10-21Lorna HutchesonPotential Phish for Regular Webmail Accounts
2012-10-19Johannes UllrichCyber Security Awareness Month - Day 19: Standard log formats and CEE.
2012-10-18Rob VandenBrinkCyber Security Awareness Month - Day 18 - Vendor Standards: The vSphere Hardening Guide
2012-10-17Mark HofmanNew Acrobat release (including reader) available. Version 11. Some security improvements more here -->http://blogs.adobe.com/adobereader/
2012-10-17Rob VandenBrinkCyber Security Awareness Month - Day 17 - A Standard for Risk Management - ISO 27005
2012-10-16Richard PorterCyberAwareness Month - Day 15, Standards Body Soup (pt2), Same Soup Different Cook.
2012-10-16Johannes UllrichCyber Security Awareness Month - Day 16: W3C and HTML
2012-10-14Pedro BuenoCyber Security Awareness Month - Day 14 - Poor Man's File Analysis System - Part 1
2012-10-13Guy BruneauNew Poll - Cyber Security Awareness Month Activities 2012 - https://isc.sans.edu/poll.html
2012-10-12Mark HofmanCyber Security Awareness Month - Day 12 PCI DSS
2012-10-11Rob VandenBrinkFirefox 16 / Thunderbird 16 updates
2012-10-11Rob VandenBrinkCyber Security Awareness Month - Day 11 - Vendor Agnostic Standards (Center for Internet Security)
2012-10-10Kevin ShorttCyber Security Awareness Month - Day 10 - Standard Sudo - Part Two
2012-10-09Johannes UllrichCyber Security Awreness Month - Day 9 - Request for Comment (RFC)
2012-10-09Johannes UllrichMicrosoft October 2012 Black Tuesday Update - Overview
2012-10-08Mark HofmanCyber Security Awareness Month - Day 8 ISO 27001
2012-10-07Tony CarothersCyber Security Awareness Month - Day 7 - Rollup Review of CSAM Week 1
2012-10-06Manuel Humberto Santander PelaezCyber Security Awareness Month - Day 6 - NERC: The standard that enforces security on power SCADA
2012-10-05Johannes UllrichCyber Security Awareness Month - Day 5: Standards Body Soup, So many Flavors in the bowl.
2012-10-05Richard PorterVMWare Security Advisory: VMSA-2012-0014 - http://www.vmware.com/security/advisories/VMSA-2012-0014.html
2012-10-05Adam SwangerISC Feature of the Week: Report Fake Tech Support Call Statistics
2012-10-05Richard PorterReports of a Distributed Injection Scan
2012-10-04Mark HofmanAnd the SHA-3 title goes to .....Keccak
2012-10-04Johannes UllrichCyber Security Awareness Month - Day 4: Crypto Standards
2012-10-03Kevin ShorttCyber Security Awareness Month - Day 3 - Standard Sudo - Part One
2012-10-02Russ McReeCyber Security Awareness Month - Day 2 - PCI Security Standard: Mobile Payment Acceptance Security Guidelines
2012-10-01Johannes UllrichCyber Security Awareness Month
2012-09-28Joel EslerAdobe certification revocation for October 4th
2012-09-27Adam SwangerISC Feature of the Week: Glossary
2012-09-26Johannes UllrichSome Android phones can be reset to factory default by clicking on links
2012-09-26Johannes UllrichMore Java Woes
2012-09-21Johannes UllrichiOS 6 Security Roundup
2012-09-21Guy BruneauStoring your Collection of Malware Samples with Malwarehouse
2012-09-20Russ McReeFlash Player update but no announcement, check your version http://www.adobe.com/software/flash/about/
2012-09-20Russ McReeApple and Cisco Security Advisories 19 SEP 2012
2012-09-20Russ McReeFinancial sector advisory: attacks and threats against financial institutions
2012-09-19Russ McReeScript kiddie scavenging with Shellbot.S
2012-09-17Rob VandenBrinkWhat's on your iPad?
2012-09-14Lenny ZeltserAnalyzing Malicious RTF Files Using OfficeMalScanner's RTFScan
2012-09-14Lenny ZeltserScam Report - Fake Voice Mail Email Notification Redirects to Malicious Site
2012-09-14Adam SwangerISC Feature of the Week: Privacy Policy
2012-09-13Mark BaggettMore SSL trouble
2012-09-13Mark BaggettTCP Fuzzing with Scapy
2012-09-13Mark BaggettMicrosoft disrupts traffic associated with the Nitol botnet
2012-09-10Johannes UllrichMicrosoft Patch Tuesday Pre-Release
2012-09-10Johannes UllrichGodaddy DDoS Attack
2012-09-10donald smithBlue Toad publishing co compromise lead to UDID release. http://redtape.nbcnews.com/_news/2012/09/10/13781440-exclusive-the-real-source-of-apple-device-ids-leaked-by-anonymous-last-week?lite
2012-09-06Johannes UllrichSSL Requests sent to port 80 (request for help/input)
2012-09-04Johannes UllrichAnother round of "Spot the Exploit E-Mail"
2012-09-02Lorna HutchesonDemonstrating the value of your Intrusion Detection Program and Analysts
2012-09-01Russ McReeBlackhole targeting Java vulnerability via fake Microsoft Services Agreement email phish
2012-08-31Johannes UllrichVMware Updates
2012-08-31Russ McReeNot so fast: Java 7 Update 7 critical vulnerability discovered in less than 24 hours
2012-08-30Bojan ZdrnjaAnalyzing outgoing network traffic (part 2)
2012-08-30Johannes UllrichEditorial: The Slumlord Approach to Network Security http://isc.sans.edu/j/editorial
2012-08-29Johannes Ullrich"Data" URLs used for in-URL phishing
2012-08-28Johannes UllrichFirefox 15 Released (includes silent future updates) http://www.mozilla.org/en-US/firefox/15.0/releasenotes/buglist.html
2012-08-27Johannes UllrichMalware Spam harvesting Facebook Information
2012-08-27Johannes UllrichThe Good, Bad and Ugly about Assigning IPv6 Addresses
2012-08-26Lorna HutchesonWho ya gonna contact?
2012-08-23Bojan ZdrnjaAnalyzing outgoing network traffic
2012-08-23Adam SwangerISC Feature of the Week: Contact Us
2012-08-22Adrien de BeaupreApple Remote Desktop update fixes no encryption issue
2012-08-22Adrien de BeauprePhishing/spam via SMS
2012-08-21Adrien de BeaupreYYABCAFU - Yes Yet Another Bleeping Critical Adobe Flash Update
2012-08-21Adrien de BeaupreRuggedCom fails key management 101 on Rugged Operating System (ROS)
2012-08-20Manuel Humberto Santander PelaezDo we need test procedures in our companies before implementing Antivirus signatures?
2012-08-19Manuel Humberto Santander PelaezAuthentication Issues between entities during protocol message exchange in SCADA Systems
2012-08-15Guy BruneauWireshark Security Update
2012-08-12Tony CarothersLayers of the Defense-in-Depth Onion
2012-08-12Tony CarothersOracle Security Alert for CVE-2012-3132
2012-08-10Adam SwangerISC Feature of the Week: Report Fake Tech Support Calls
2012-08-09Mark HofmanZeus/Citadel variant causing issues in the Netherlands
2012-08-09Mark HofmanSQL Injection Lilupophilupop style, Part 2
2012-08-07Adrien de BeaupreWho protects small business?
2012-08-04Adam SwangerISC Feature of the Week: Handler Select News Feed
2012-08-04Kevin ListonVendors: More Patch-Release Options Please
2012-07-27Daniel WesemannCuckoo 0.4 is out - cool new features for malware analysis http://www.cuckoosandbox.org/
2012-07-26Adam SwangerISC Feature of the Week: The 404Project - now with IP Mask
2012-07-25Johannes UllrichMicrosoft Exchange/Sharepoint and others: Oracle Outside In Vulnerability
2012-07-24Richard PorterWireshark 1.8.1 Released http://www.wireshark.org/
2012-07-24Richard PorterReport of spike in DNS Queries gd21.net
2012-07-21Rick WannerOpenDNS is looking for a few good malware people!
2012-07-20Mark BaggettSyria Internet connection cut?
2012-07-19Mark BaggettDiagnosing Malware with Resource Monitor
2012-07-19Mark BaggettA Heap of Overflows?
2012-07-17Jim ClausingFirefox 14.0.1, Thunderbird 14.0 out - both claim security fixes, but release notes not updated yet with security details
2012-07-16Richard PorterSysinternals Update @ http://blogs.technet.com/b/sysinternals/archive/2012/07/16/updates-handle-v3-5-process-explorer-v15-22-process-monitor-v3-03-rammap-v1-21-zoomit-v4-3.aspx
2012-07-16Jim ClausingAn analysis of the Yahoo! passwords
2012-07-14Tony CarothersUser Awareness and Education
2012-07-13Richard PorterYesterday (not as on the ball as Rob) at SANSFire
2012-07-13Russ McRee2 for 1: SANSFIRE & MSRA presentations
2012-07-13Russ McReeVMWare Security Advisory 12 JUL 2012
2012-07-13Russ McReeYahoo service SQL injection vuln leads to account exposure
2012-07-12Rick WannerCisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctms
2012-07-12Rick WannerCisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Recording Server - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctrs
2012-07-12Rick WannerCisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-cts
2012-07-12Rick WannerCisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Manager - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctsman
2012-07-12Rob VandenBrinkToday at SANSFIRE - Dude Your Car is PWND !
2012-07-12Adam SwangerISC Feature of the Week: Internet Storm Center Events
2012-07-11Rick WannerExcellent Security Education Resources
2012-07-10Rob VandenBrinkToday at SANSFIRE (09 July 2012) - ISC Panel Discussion on the State of the Internet
2012-07-09Johannes UllrichThe FBI will turn off the Internet on Monday (or not)
2012-07-09Manuel Humberto Santander PelaezInternet Storm Center panel tonight at SANSFIRE 2012!
2012-07-05Adrien de BeaupreNew OS X trojan backdoor MaControl variant reported
2012-07-02Joel EslerLinux & Java leap second bug
2012-07-02Joel EslerA rough guide to keeping your website up
2012-07-02Dan GoldbergStorms of June 29th 2012 in Mid Atlantic region of the USA
2012-06-29Jim ClausingUpdated SysInternals tools - Autoruns, Process Explorer, Process Monitor, PSKill -- http://blogs.technet.com/b/sysinternals/archive/2012/06/28/updates-autoruns-v11-32-process-explorer-v15-21-process-monitor-v3-02-pskill-v1-15-rammap-v1-2.aspx
2012-06-28Chris MohanMassive spike in BGP traffic - Possible BGP poisoning?
2012-06-28Adam SwangerISC Feature of the Week: About the Internet Storm Center
2012-06-27Swa FrantzenOnline Banking Heists
2012-06-26Daniel WesemannRun, Forest! (Update)
2012-06-25Rick WannerTargeted Malware for Industrial Espionage?
2012-06-25Swa FrantzenBelgian online banking customers hacked.
2012-06-22Adam SwangerISC Feature of the Week: Tools->ISC At-A-Glance
2012-06-22Daniel WesemannRun, Forest!
2012-06-21Raul SilesPrint Bomb? (Take 2)
2012-06-21Russ McReeAnalysis of drive-by attack sample set
2012-06-21Russ McReeWireshark 1.8.0 released 21 JUN 2012 http://www.wireshark.org/download.html
2012-06-20Raul SilesFirefox 13.0.1 Update
2012-06-19Daniel Wesemann Vulnerabilityqueerprocessbrittleness
2012-06-14Johannes UllrichVMWare Security Advisories
2012-06-06Jim ClausingFirefox, Thunderbird, and Seamonkey Security Updates
2012-06-06Jim ClausingPotential leak of 6.5+ million LinkedIn password hashes
2012-06-05Adam SwangerISC Feature of the Week: IPv6 Preparedness and Tools
2012-06-04Lenny ZeltserDecoding Common XOR Obfuscation in Malicious Code
2012-06-04Rob VandenBrinkvSphere 5.0 Hardening Guide Officially Released
2012-06-01Adam SwangerISC Feature of the Week: Country and Region Report
2012-05-31Johannes UllrichSCADA@Home: Your health is no secret no more!
2012-05-25Guy BruneauGoogle Publish Transparency Report
2012-05-25Guy BruneauVMware vMA Security Advisory VMSA-2012-0010 - http://www.vmware.com/security/advisories/VMSA-2012-0010.html
2012-05-24Adam SwangerISC Feature of the Week: Country Report
2012-05-22Johannes Ullrichnmap 6 released
2012-05-21Kevin ShorttDNS ANY Request Cannon - Need More Packets
2012-05-17Johannes UllrichDo Firewalls make sense?
2012-05-17Adam SwangerISC Feature of the Week: Tools->Information Gathering
2012-05-11Adam SwangerISC Feature of the Week: Link List
2012-05-08Bojan ZdrnjaWindows Firewall Bypass Vulnerability and NetBIOS NS
2012-05-06Jim ClausingTool updates and Win 8
2012-05-04Adam SwangerISC Feature of the Week: Data/Reports
2012-05-03Guy BruneauVMware Critical Security Issues Advisory - http://www.vmware.com/security/advisories/VMSA-2012-0009.html
2012-05-02Bojan ZdrnjaMonitoring VMWare logs
2012-04-27Adam SwangerISC Feature of the Week: Handler Created Tools
2012-04-26Richard PorterDefine Irony: A medical device with a Virus?
2012-04-25Daniel WesemannBlacole's obfuscated JavaScript
2012-04-25Daniel WesemannBlacole's shell code
2012-04-23Russ McReeEmergency Operations Centers & Security Incident Management: A Correlation
2012-04-21Guy BruneauWordPress Release Security Update
2012-04-18Adam SwangerISC Feature of the Week: Suspicious Domains
2012-04-13Daniel WesemannVMware ESX/ESXi privilege escalation vuln. advisory: http://www.vmware.com/security/advisories/VMSA-2012-0007.html
2012-04-13Adam SwangerISC Feature of the Week: Get to know the Handlers
2012-04-12Guy BruneauHP ProCurve 5400 zl Switch, Flash Cards Infected with Malware
2012-04-12Guy BruneauApple Java Updates for Mac OS X
2012-04-10Swa FrantzenAdobe April 2012 Black Tuesday Update
2012-04-09Johannes UllrichNot your Parent's Wireless Threat
2012-04-04Adam SwangerISC Feature of the Week: Diary/Infocon/Event Notifications
2012-03-27Johannes UllrichFirefox 3.6 EOL
2012-03-27Adam SwangerISC Feature of the Week: ISC Poll
2012-03-27Guy BruneauWireshark 1.6.6 and 1.4.2 Released
2012-03-25Daniel Wesemannevilcode.class
2012-03-21Adam SwangerISC Feature of the Week: Presentations and Papers
2012-03-16Guy BruneauVMware New and Updated Security Advisories
2012-03-16Russ McReeMS12-020 RDP vulnerabilities: Patch, Mitigate, Detect
2012-03-15Adam SwangerISC Feature of the Week: Infocon
2012-03-09Guy BruneauVMware New and Updated Advisories
2012-03-06Adam SwangerISC Feature of the Week: Follow us on Twitter
2012-03-03Jim ClausingNew automated sandbox for Android malware
2012-02-29Adam SwangerISC Feature of the Week: 404Project Reports
2012-02-24Guy BruneauFlashback Trojan in the Wild
2012-02-22Adam SwangerISC Feature of the Week: Handler Diaries
2012-02-20Pedro BuenoSimple Malware Research Tools
2012-02-20Rick WannerDNSChanger resolver shutdown deadline is March 8th
2012-02-15Adam SwangerISC Feature of the Week: XML Feeds
2012-02-11Mark HofmanYet another version of Firefox has been released. One security fix. More info can be found here: https://www.mozilla.org/en-US/firefox/10.0.1/releasenotes/
2012-02-07Jim ClausingBook Review: Practical Packet Analysis, 2nd ed
2012-02-07Adam SwangerISC Feature of the Week: Security Dashboard
2012-02-01Adam SwangerISC Feature of the Week: ISC Search
2012-01-31Russ McReeFirefox 10 and VMWare advisories and updates
2012-01-25Adam SwangerISC Feature of the Week: ISC Link Back
2012-01-25Bojan ZdrnjapcAnywhere users – patch now!
2012-01-18Adam SwangerISC Feature of the Week: The 404Project
2012-01-16Kevin ShorttZappos Breached
2012-01-14Daniel WesemannHello, Antony!
2012-01-13Guy BruneauSysinternals Updates - http://blogs.technet.com/b/sysinternals/archive/2012/01/13/updates-autoruns-v11-21-coreinfo-v3-03-portmon-v-3-03-process-explorer-v15-12-mark-s-blog-and-mark-at-rsa-2012.aspx
2012-01-11Adam SwangerISC Feature of the Week: Internet Storm Center / DShield API
2012-01-11Adrien de BeaupreNew wireshark released - 1.6.5 and 1.4.11 - www.wireshark.org/download.html
2012-01-06Guy BruneauJanuary 2012 Patch Tuesday Pre-release
2012-01-05Russ McReeWordPress 3.3.1 fixes 15 issues with WordPress 3.3 including XSS. Download 3.3.1 or visit Dashboard --> Updates in your site admin panel.
2012-01-03Adam SwangerISC Feature of the Week: How to Submit Firewall Logs
2011-12-28Daniel Wesemann.nl.ai ?
2011-12-26Deborah HaleBadware 2011
2011-12-25Deborah HaleMerry Christmas, Happy Holidays
2011-12-22Johannes UllrichFirefox 9 Security Fixes
2011-12-21Chris MohanFirefox 9 has been released patching known vulnerabilities http://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox9
2011-12-19Guy BruneauProcess Explorer Update 15.11 with bugfixes - http://technet.microsoft.com/en-us/sysinternals/bb896653
2011-12-10Daniel WesemannUnwanted Presents
2011-12-07Lenny ZeltserV8 as an Alternative to SpiderMonkey for JavaScript Deobfuscation
2011-11-28Tom ListonA Puzzlement...
2011-11-19Pedro BuenoDragon Research Group (DRG) announced the white paper entitled "VNC: Threats and Countermeasures" : https://dragonresearchgroup.org/insight/vnc-tac.html
2011-11-18Kevin ListonRecent VMWare security advisories
2011-11-08Swa FrantzenFirefox 8.0 released
2011-11-04Guy BruneauDuqu Mitigation
2011-11-03Guy BruneauNovember 2011 Patch Tuesday Pre-release
2011-11-02Russ McReeWireshark updates: 1.6.3 and 1.4.10 released
2011-10-29Richard PorterThe Sub Critical Control? Evidence Collection
2011-10-28Russ McReeCritical Control 19: Data Recovery Capability
2011-10-28Daniel WesemannCritical Control 20: Security Skills Assessment and Training to fill Gaps
2011-10-27Mark BaggettCritical Control 18: Incident Response Capabilities
2011-10-26Rick WannerCritical Control 17:Penetration Tests and Red Team Exercises
2011-10-26Rob VandenBrinkThe Theoretical "SSL Renegotiation" Issue gets a Whole Lot More Real !
2011-10-25Chris MohanRecurring reporting made easy?
2011-10-20Johannes UllrichEvil Printers Sending Mail
2011-10-18Rob VandenBrinkJava SE 6 Update 29 - http://www.oracle.com/technetwork/java/javase/6u29-relnotes-507960.html . Of particular interest is the Blocklist feature (introduced in 6u14) - http://www.oracle.com/technetwork/java/javase/6u14-137039.html#blocklist-jar-6u14
2011-10-17Rob VandenBrinkCritical Control 11: Account Monitoring and Control
2011-10-13Kevin ShorttVMware ESXi and ESX updates to third party libraries and ESX Service Console - http://www.vmware.com/security/advisories/VMSA-2011-0012.html
2011-10-13Guy BruneauCritical Control 10: Continuous Vulnerability Assessment and Remediation
2011-10-12Kevin ShorttCritical Control 8 - Controlled Use of Administrative Privileges
2011-10-11Swa FrantzenCritical Control 7 - Application Software Security
2011-10-10Jim ClausingCritical Control 6 - Maintenance, Monitoring, and Analysis of Security Audit Logs
2011-10-07Mark HofmanCritical Control 5 - Boundary Defence
2011-10-05Jim ClausingVMware Advisory - UDF file system handling
2011-10-04Rob VandenBrinkCritical Control 2 - Inventory of Authorized and Unauthorized Software
2011-10-04Johannes UllrichCritical Control 3 - Secure Configurations for Hardware and Software on Laptops, Workstations and Servers
2011-10-03Tom ListonSecurity 101 : Security Basics in 140 Characters Or Less
2011-10-03Mark HofmanCritical Control 1 - Inventory of Authorized and Unauthorized Devices
2011-10-03Mark BaggettWhat are the 20 Critical Controls?
2011-10-02Mark HofmanCyber Security Awareness Month Day 1/2 - Schedule
2011-10-02Mark HofmanCyber Security Awareness Month Day 1/2 - Introduction to the controls
2011-09-30Tony CarothersFirefox v. 7.0.1 Is Live
2011-09-29Daniel WesemannThe SSD dilemma
2011-09-27Jason LamFirefox 3.6.23 security update is out and so is version 7 (time to break some add-on)
2011-09-21Mark HofmanOctober 2011 Cyber Security Awareness Month
2011-09-19Guy BruneauMS Security Advisory Update - Fraudulent DigiNotar Certificates
2011-09-15Swa FrantzenDigiNotar looses their accreditation for qualified certificates
2011-09-15Johannes UllrichSeptember OUCH! awareness newsletter released - How to use social networking sites safely. http://bit.ly/ja6TMH
2011-09-09Rob VandenBrinkWireshark 1.62 (Newest Stable Release) is out !! ==> http://www.wireshark.org/download.html
2011-09-09Guy BruneauAdobe plan to release critical security updates next Tuesday for Acrobat and Reader http://www.adobe.com/support/security/bulletins/apsb11-24.html
2011-09-08Rob VandenBrinkWhen Good CA's go Bad: Other Things to Check in Your Datacenter
2011-09-07Lenny ZeltserAnalyzing Mobile Device Malware - Honeynet Forensic Challenge 9 and Some Tools
2011-09-07Lenny ZeltserGlobalSign Temporarily Stops Issuing Certificates to Investigate a Potential Breach
2011-09-06Swa FrantzenDigiNotar audit - intermediate report available
2011-09-06Guy BruneauFirefox 6.0.2 released to removed trust to DigiNotar certificate authority http://www.mozilla.org/en-US/firefox/6.0.2/releasenotes/
2011-09-01Swa FrantzenDigiNotar breach - the story so far
2011-08-31Johannes UllrichFirefox/Thunderbird 6.0.1 released to blocklist bad DigiNotar SSL certificates
2011-08-29Kevin ShorttInternet Worm in the Wild
2011-08-26Johannes UllrichSANS Virginia Beach Conference Canceled. Details: http://www.sans.org/virginia-beach-2011/
2011-08-26Johannes UllrichSome Hurricane Technology Tips
2011-08-17Johannes UllrichAugust edition of security awareness newsletter OUCH! released. Focus: Updating your Software http://t.co/ftRVetZ
2011-08-17Rob VandenBrinkPutting all of Your Eggs in One Basket - or How NOT to do Layoffs
2011-08-16Scott FendleyPhishing Scam Victim Response
2011-08-16Scott FendleyFirefox 3.6.20 Corrects Several Critical Vulnerabilities
2011-08-15Rob VandenBrink8 Years since the Eastern Seaboard Blackout - Has it Been that Long?
2011-08-14Guy BruneauFireCAT 2.0 Released
2011-08-11Guy BruneauBlackBerry Enterprise Server Critical Update
2011-08-05Johannes UllrichForensics: SIFT Kit 2.1 now available for download http://computer-forensics.sans.org/community/downloads
2011-07-25Chris MohanMonday morning incident handler practice
2011-07-15Deborah HaleWhat's in a Firewall?
2011-07-13Kevin ShorttFirefox Update 5.0.1 Available - http://www.mozilla.com/en-US/firefox/new/
2011-07-13Guy BruneauNew Sguil HTTPRY Agent
2011-07-10Raul SilesJailbreakme Takes Advantage of 0-day PDF Vuln in Apple iOS Devices
2011-07-09Chris MohanSafer Windows Incident Response
2011-07-02Pedro BuenoBootkits, they are back at full speed...
2011-06-30Guy BruneauWordPress 3.1.4 Security Update - http://wordpress.org/news/2011/06/wordpress-3-1-4/
2011-06-22Guy BruneauWordPress Forces Password Reset
2011-06-21Chris MohanStartSSL, a web authentication authority, suspend services after a security breach
2011-06-21Chris MohanAustralian government security audit report shows tough love to agencies
2011-06-21Guy BruneauFirefox 5.0 is out with support Do Not Track on Multiple Platform - http://www.mozilla.com/en-US/firefox/new/
2011-06-15Pedro BuenoHit by MacDefender, Apple Web Security (name your Mac FakeAV here)...
2011-06-15Johannes UllrichLatest issue of "Ouch!" is out http://www.securingthehuman.org/resources/newsletters/ouch
2011-06-09Richard PorterOne Browser to Rule them All?
2011-06-04Rick WannerDo you have a personal disaster recovery plan?
2011-06-03Guy BruneauRelease of Wireshark 1.6.0rc2
2011-06-01Adrien de BeaupreWireshark 1.4.7 and 1.2.17 Released - http://www.wireshark.org/news/20110531.html
2011-06-01Johannes UllrichEnabling Privacy Enhanced Addresses for IPv6
2011-05-31Chris MohanGetting the IT security word out there to the rest of the world
2011-05-30Johannes UllrichLockheed Martin and RSA Tokens
2011-05-25Daniel WesemannApple advisory on "MacDefender" malware
2011-05-25Lenny ZeltserMonitoring Social Media for Security References to Your Organization
2011-05-21Daniel WesemannWeekend reading
2011-05-19Daniel WesemannFake AV Bingo
2011-05-16Jason LamFirefox 3.5 forced upgrade coming soon
2011-05-14Guy BruneauWebsense Study Claims Canada Next Hotbed for Cybercrime Web Hosting Activity
2011-05-10Swa FrantzenBacktrack 5 released
2011-05-06Richard PorterUnpatched Exploit: Skype for MAC
2011-05-03Johannes UllrichAnalyzing Teredo with tshark and Wireshark
2011-05-03Johannes UllrichUpdate on Osama Bin Laden themed Malware
2011-05-02Johannes UllrichBin Laden Death Related Malware
2011-04-29Guy BruneauFirefox, Thunderbird and SeaMonkey Security Updates
2011-04-28Guy BruneauVMware ESXi 4.1 Security and Firmware Updates
2011-04-28Chris MohanDSL Reports advise 9,000 accounts were compromised
2011-04-26John BambenekIs the Insider Threat Really Over?
2011-04-25Rob VandenBrinkWhat's Your (IP) Address Worth?
2011-04-25Rob VandenBrinkSony PlayStation Network Outage - Day 5
2011-04-23Manuel Humberto Santander PelaezImage search can lead to malware download
2011-04-21Guy BruneauAdobe Reader and Acrobat Security Updates
2011-04-20Daniel WesemannData Breach Investigations Report published by Verizon
2011-04-18John BambenekWordpress.com Security Breach
2011-04-16Scott FendleyNew Versions of Wireshark released
2011-04-13Johannes UllrichApril issue of SANS Security Awareness Newsletter is out http://www.securingthehuman.org/resources/ouch
2011-04-10Raul SilesRecent security enhancements in web browsers (e.g. Google Chrome)
2011-04-04Mark HofmanWhen your service provider has a breach
2011-04-03Richard PorterExtreme Disclosure? Not yet but a great trend!
2011-03-25Kevin ListonAPT Tabletop Exercise
2011-03-25Rob VandenBrinkThe Recent RSA Breach - Imagining the Worst Case, And Why it Isn't Time to Panic (Yet)
2011-03-23Johannes UllrichFirefox 4 Security Features
2011-03-23Johannes UllrichFirefox 3 Updates and SSL Blocklist extension
2011-03-22Kevin ShorttAdobe Reader/Acrobat Security Update - http://www.adobe.com/support/security/bulletins/apsb11-06.html
2011-03-09Chris MohanPossible Issue with Forefront Update KB2508823
2011-03-08Jim ClausingVMware ESX/ESXi security updates released, see http://www.vmware.com/security/advisories/VMSA-2011-0004.html
2011-03-04Mark HofmanAnd a new version of Firefox (thx all) hits the road, Version 3.6.15 more details here http://www.mozilla.com/en-US/firefox/3.6.15/releasenotes/ (and I agree it was a bit quick after 3.6.14)
2011-03-02Chris MohanUpdates: Firefox 3.6.14/3.5.17, Thunderbird 3.1.8, Adobe Flash v10.2.152.32 & WireShark 1.4.4
2011-03-01Daniel WesemannAV software and "sharing samples"
2011-02-26Rick WannerFirefox 4 Beta 12 released
2011-02-14Richard PorterAnonymous Damage Control Anybody?
2011-02-09Mark HofmanAdobe Patches (shockwave, Flash, Reader & Coldfusion)
2011-02-08Chris MohanVMWare Security Advisory
2011-02-08Mark HofmanWordPress 3.0.5 (and 3.1 RC4) are out
2011-02-07Pedro BuenoThe Good , the Bad and the Unknown Online Scanners
2011-02-05Guy BruneauOpenSSH Legacy Certificate Information Disclosure Vulnerability
2011-02-01Lenny ZeltserThe Importance of HTTP Headers When Investigating Malicious Sites
2011-01-27Robert DanfordMicrosoft Security Advisory for MHTML via Internet Explorer (MS2501696/CVE-2011-0096)
2011-01-25Chris MohanReviewing our preconceptions
2011-01-24Rob VandenBrinkWhere have all the COM Ports Gone? - How enumerating COM ports led to me finding a “misplaced” Microsoft tool
2011-01-23Richard PorterCrime is still Crime!
2011-01-19Johannes UllrichMicrosoft's Secure Developer Tools
2011-01-12Richard PorterYet Another Data Broker? AOL Lifestream.
2011-01-10Manuel Humberto Santander PelaezVirusTotal VTzilla firefox/chrome plugin
2011-01-08Guy BruneauPandaLabs 2010 Annual Report
2011-01-08Guy BruneauJanuary 2011 Patch Tuesday Pre-release
2011-01-05Johannes UllrichVMWare Security Advisory VMSA-2011-0001
2011-01-05Johannes UllrichSurvey: Software Security Awareness Training
2011-01-05Johannes UllrichCurrently Unpatched Windows / Internet Explorer Vulnerabilities
2011-01-03Johannes UllrichWhat Will Matter in 2011
2010-12-30Johannes UllrichCritcal Wordpress Security Update http://wordpress.org/news/2010/12/3-0-4-update/
2010-12-29Daniel WesemannMalware Domains 2234.in, 0000002.in & co
2010-12-29Daniel WesemannBeware of strange web sites bearing gifts ...
2010-12-28John BambenekMozilla Notifies of Relatively Minor Security Breach
2010-12-21Rob VandenBrinkNetwork Reliability, Part 2 - HSRP Attacks and Defenses
2010-12-19Raul SilesIntel's new processors have a remote kill switch (Anti-Theft 3.0)
2010-12-09Mark HofmanFirefox version 3.6.13 is being pushed out, time to update (thanks Vincent). Thunderbird 3.1.7 and 3.0.11 can also be added to the list as well as SeaMonkey 2.0.11. - M
2010-12-02Kevin JohnsonSQL Injection: Wordpress 3.0.2 released
2010-11-19Jason LamExchanging and sharing of assessment results
2010-11-19Jason LamAdobe Reader X - Sandbox
2010-11-18Chris CarboniStopping the ZeroAccess Rootkit
2010-11-17Guy BruneauReference on Open Source Digital Forensics
2010-11-17Guy BruneauCisco Unified Videoconferencing Affected by Multiple Vulnerabilities
2010-11-16Guy BruneauAcrobat and Adobe Reader Security Update
2010-11-15Stephen HallMozilla Firefox 3.6.12 Remote Denial Of Service
2010-11-12Guy BruneauHoneynet Forensic Challenge - Analyzing Malicious Portable Destructive Files
2010-11-08Manuel Humberto Santander PelaezNetwork Security Perimeter: How to choose the correct firewall and IPS for your environment?
2010-11-04Johannes UllrichMicrosoft Smart Screen False Positivies
2010-11-01Manuel Humberto Santander PelaezCheckpoint UTM-1 edge VPN boxes worldwide did an unscheduled reboot
2010-10-31Marcus SachsCyber Security Awareness Month - Day 31 - Tying it all together
2010-10-30Guy BruneauCyber Security Awareness Month - Day 30 - Role of the network team
2010-10-29Manuel Humberto Santander PelaezCyber Security Awareness Month - Day 29- Role of the office geek
2010-10-28Rick WannerCyber Security Awareness Month - Day 27 - Social Media use in the office
2010-10-28Rick WannerFirefox 3.6.12 available - http://www.mozilla.com/en-US/firefox/personal.html
2010-10-28Tony CarothersCyber Security Awareness Month - Day 28 - Role of the employee
2010-10-26Pedro BuenoBe (even more) careful with public hotspots. Firesheep released yesterday. Brilliant and scary.
2010-10-26Pedro BuenoFirefox news
2010-10-26Pedro BuenoCyber Security Awareness Month - Day 26 - Sharing Office Files
2010-10-25Kevin ShorttCyber Security Awareness Month - Day 25 - Using Home Computers for Work
2010-10-24Swa FrantzenCyber Security Awarenes Month - Day 24 - Using work computers at home
2010-10-23Mark HofmanCyber Security Awareness Month - Day 23 - The Importance of compliance
2010-10-22Daniel WesemannCyber Security Awareness Month - Day 22 - Security of removable media
2010-10-21Chris CarboniCyber Security Awareness Month - Day 21 - Impossible Requests from the Boss
2010-10-20Jim ClausingCyber Security Awareness Month - Day 20 - Securing Mobile Devices
2010-10-20Jim ClausingTools updates - Oct 2010
2010-10-20Jim ClausingFirefox 3.6.11 and 3.5.14 released, includes security updates ( http://www.mozilla.com/firefox/3.6.11/releasenotes/ )
2010-10-19Rob VandenBrinkCyber Security Awareness Month - Day 19 - Remote Access Tools
2010-10-19Rob VandenBrinkCyber Security Awareness Month - Day 19 - Remote User VPN Tunnels - to Split or not to Split?
2010-10-19Rob VandenBrinkCyber Security Awareness Month - Day 19 - VPN Architectures – SSL or IPSec?
2010-10-19Rob VandenBrinkCyber Security Awareness Month - Day 19 - Remote User VPN Access – Are things getting too easy, or too hard?
2010-10-19Rob VandenBrinkCyber Security Awareness Month - Day 19 - VPN and Remote Access Tools
2010-10-18Manuel Humberto Santander PelaezCyber Security Awareness Month - Day 18 - What you should tell your boss when there's a crisis
2010-10-17Stephen HallCyber Security Awareness Month - Day 17 - What a boss should and should not have access to
2010-10-15Marcus SachsCyber Security Awareness Month - Day 15 - What Teachers Need to Know About Their Students
2010-10-15Guy BruneauCyber Security Awareness Month - Day 16 - Securing a donated computer
2010-10-14Johannes UllrichCyber Security Awareness Month - Day 14 - Securing a public computer
2010-10-13Deborah HaleCyber Security Awareness Month - Day 13 - Online Bullying
2010-10-12Scott FendleyCyber Security Awareness Month - Day 12 - Protecting and Managing Your Digital Identity On Social Media Sites
2010-10-11Rick WannerCyber Security Awareness Month - Day 11 - Safe Browsing for Teens
2010-10-11Rick WannerNew version of Wireshark available for download - 1.4.1 - http://www.wireshark.org/download.html
2010-10-10Kevin ListonCyber Security Awareness Month - Day 10 - Safe browsing for pre-teens
2010-10-09Kevin ShorttCyber Security Awareness Month - Day 9 - Disposal of an Old Computer
2010-10-08Rick WannerCyber Security Awareness Month - Day 8 - Patch Management and System Updates
2010-10-08Rick WannerPatch Tuesday Pre-release -- 16 updates
2010-10-06Rob VandenBrinkCyber Security Awareness Month - Day 7 - Remote Access and Monitoring Tools
2010-10-06Marcus SachsCyber Security Awareness Month - Day 6 - Computer Monitoring Tools
2010-10-05Rick WannerCyber Security Awareness Month - Day 5 - Sites you should stay away from
2010-10-04Daniel WesemannCyber Security Awareness Month - Day 4 - Managing EMail
2010-10-03Adrien de Beaupre Cyber Security Awareness Month - Day 3 - Recognizing phishing and online scams
2010-10-02Mark HofmanCyber Security Awareness Month - Day 2 - Securing the Family Network
2010-10-01Marcus SachsCyber Security Awareness Month - 2010
2010-10-01Marcus SachsCyber Security Awareness Month - Day 1 - Securing the Family PC
2010-09-26Daniel WesemannEgosurfing, the corporate way
2010-09-26Daniel WesemannThe wireless wiretap
2010-09-09Marcus Sachs'Here You Have' Email
2010-09-08John BambenekAdobe Acrobat/Reader 0-day in Wild, Adobe Issues Advisory
2010-09-04Kevin ListonInvestigating Malicious Website Reports
2010-08-25Pedro BuenoAdobe released security update for Shockwave player that fix several CVEs: APSB1020
2010-08-23Manuel Humberto Santander PelaezFirefox plugins to perform penetration testing activities
2010-08-18Guy BruneauAdobe out-of-cycle Updates
2010-08-16Raul SilesThe Seven Deadly Sins of Security Vulnerability Reporting
2010-08-15Manuel Humberto Santander PelaezOpensolaris project cancelled, replaced by Solaris 11 express
2010-08-13Tom ListonThe Strange Case of Doctor Jekyll and Mr. ED
2010-08-08Marcus SachsThinking about Cyber Security Awareness Month in October
2010-08-06Rob VandenBrinkFOXIT PDF Reader update to resolve iPhone/iPad Jailbreak issue ==> http://www.foxitsoftware.com/announcements/2010861227.html
2010-08-05Rob VandenBrinkAccess Controls for Network Infrastructure
2010-08-03Johannes UllrichWhen Lightning Strikes
2010-07-30Guy BruneauWireshark 1.2.10 released
2010-07-30Guy BruneauCisco Internet Streamer: Web Server Directory Traversal Vulnerability http://www.cisco.com/warp/public/707/cisco-sa-20100721-spcdn.shtml
2010-07-29Rob VandenBrinkThe 2010 Verizon Data Breach Report is Out
2010-07-29Rob VandenBrinkNoScript 2.0 released
2010-07-29Rob VandenBrinkFBI, Slovenian and Spanish Police announce more arrests of Mariposa Botnet Creator, Operators
2010-07-25Rick WannerMozilla advisory for Firefox...Upgrade to 3.6.8. http://www.mozilla.org/security/announce/2010/mfsa2010-48.html
2010-07-25Rick WannerNew Firefox Version, 3.6.8
2010-07-24Manuel Humberto Santander PelaezTransmiting logon information unsecured in the network
2010-07-23Mark HofmanFirefox 3.6.8 is out. Yes it only seems like yesterday when you installed FF 3.6.7 (it was for me). The release notes say a stability issue has been fixed in this release.
2010-07-21Adrien de BeaupreAdobe Reader Protected Mode
2010-07-21Adrien de BeaupreDell PowerEdge R410 replacement motherboard firmware contains malware
2010-07-21Adrien de Beaupreautorun.inf and .lnk Malware (NOT 'Vulnerability in Windows Shell Could Allow Remote Code Execution' 2286198)
2010-07-20Manuel Humberto Santander PelaezLowering infocon back to green
2010-07-18Manuel Humberto Santander PelaezSAGAN: An open-source event correlation system - Part 1: Installation
2010-07-14Deborah HaleSecunia Half Year Report for 2010 shows interesting trends
2010-07-13Jim ClausingForensic challenge results
2010-07-13Jim ClausingVMware Studio Security Update
2010-07-07Kevin ShorttFacebook, Facebook, What Do YOU See?
2010-07-06Rob VandenBrinkBogus Support Organizations use Live Operators to Install Malware
2010-07-04Manuel Humberto Santander PelaezMalware inside PDF Files
2010-06-27Jim ClausingFirefox 3.6.6 out - fixes issues with "crash protection"
2010-06-24Jason LamHelp your competitor - Advise them of vulnerability
2010-06-23Scott FendleyMozilla Firefox Updates
2010-06-17Deborah HaleFYI - Another bogus site
2010-06-15Manuel Humberto Santander PelaezMastercard delivering cards with OTP device included
2010-06-14Manuel Humberto Santander PelaezAnother way to get protection for application-level attacks
2010-06-14Manuel Humberto Santander PelaezRogue facebook application acting like a worm
2010-06-13Rick WannerUnRealCD compromised by Trojan
2010-06-10Deborah HaleiPad Owners Exposed
2010-06-10Deborah HaleWireshark 1.2.9 Now Available
2010-06-10Deborah HaleMicrosoft Help Centre Handling of Escape Sequences May Lead to Exploit
2010-06-07Manuel Humberto Santander PelaezSoftware Restriction Policy to keep malware away
2010-06-07Manuel Humberto Santander PelaezInternet Storm Center panel tonight at SANSFIRE
2010-06-05Guy BruneauSecurity Advisory for Flash Player, Adobe Reader and Acrobat
2010-06-04Rick WannerNew Honeynet Project Forensic Challenge
2010-06-02Mark HofmanOpenSSL version 1.0.0a released. This fixes a number of security issues. Don't forget a number of commercial appliances will be using this, so look for vendor updates soon.
2010-06-02Rob VandenBrinkNew Mac malware - OSX/Onionspy
2010-05-30Kevin ListonVMware ESX/ESXi Updates
2010-05-29G. N. WhiteRogue AV Indictment
2010-05-28Jim ClausingWireshark SMB file extraction plug-in
2010-05-26Bojan ZdrnjaMalware modularization and AV detection evasion
2010-05-23Manuel Humberto Santander Pelaeze-mail scam announcing Fidel Castro's funeral ... and nasty malware to your computer.
2010-05-22Rick WannerSANS 2010 Digital Forensics Summit - APT Based Forensic Challenge
2010-05-21Rick WannerIBM distributes malware at AusCERT!
2010-05-21Rick Wanner2010 Digital Forensics and Incident Response Summit
2010-05-19Kyle HaugsnessWordpress blog attacks... again
2010-05-12Rob VandenBrinkAdobe Shockwave Update
2010-05-10Toby KohlenbergAnother round of WordPress Attacks
2010-05-08Guy BruneauWireshark DOCSIS Dissector DoS Vulnerability
2010-05-07Rob VandenBrinkSecurity Awareness – Many Audiences, Many Messages (Part 2)
2010-05-04Rick WannerSIFT review in the ISSA Toolsmith
2010-05-02Mari NicholsZbot Social Engineering
2010-04-30Kevin ListonCVE-2010-0817 SharePoint XSS Scorecard
2010-04-30Kevin ListonThe Importance of Small Files
2010-04-30Johannes UllrichSharepoint XSS Vulnerability
2010-04-27Rob VandenBrinkLayer 2 Security - L2TPv3 for Disaster Recovery Sites
2010-04-26Raul SilesVulnerable Sites Database
2010-04-22Guy BruneauMS10-025 Security Update has been Pulled
2010-04-22John BambenekData Redaction: You're Doing it Wrong
2010-04-21Guy BruneauMcAfee DAT 5958 Update Issues
2010-04-21Guy BruneauGoogle Chrome Security Update v4.1.249.1059 Released: http://googlechromereleases.blogspot.com/2010/04/stable-update-security-fixes.html
2010-04-19Daniel WesemannLinked into scams?
2010-04-18Guy BruneauSome NetSol hosted sites breached
2010-04-13Johannes UllrichMore Legal Threat Malware E-Mail
2010-04-13Johannes UllrichApache.org Bugtracker Breach
2010-04-13Adrien de BeaupreSecurity update available for Adobe Reader and Acrobat
2010-04-11Marcus SachsNetwork and process forensics toolset
2010-04-09Mark HofmanVMware has released the following patch "VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues". Make sure you test before applying to production.
2010-04-07Rob VandenBrinkThe Many Paths to Security Awareness
2010-04-02Guy BruneauSecurity Advisory for ESX Service Console
2010-04-02Guy BruneauFirefox 3.6.3 fix for CVE-2010-1121 http://www.mozilla.org/security/announce/2010/mfsa2010-25.html
2010-04-01Jim ClausingWireshark 1.2.7 released, bug fixes, doesn't look like any security issues (http://www.wireshark.org/)
2010-03-30Pedro BuenoVMWare Security Advisories Out
2010-03-30Pedro BuenoSharing the Tools
2010-03-28Rick WannerHoneynet Project: 2010 Forensic Challenge #3
2010-03-27Guy BruneauHP-UX Running NFS/ONCplus, Inadvertently Enabled NFS
2010-03-26Daniel WesemannGetting the EXE out of the RTF again
2010-03-26Daniel WesemannSIFT2.0 SANS Investigative Forensics Toolkit released
2010-03-25Kevin ListonResponding to "Copyright Lawsuit filed against you"
2010-03-24Kyle HaugsnessWax nostalgic - commodore64 updated to present time
2010-03-21Chris CarboniResponding To The Unexpected
2010-03-20Scott FendleyFirefox 3.6.2 to be released March 30
2010-03-15Adrien de BeaupreSpamassassin Milter Plugin Remote Root Attack
2010-03-12Mark HofmanFirefox 3.6 is being pushed out to users. http://www.mozilla.com/en-US/firefox/3.6/releasenotes/
2010-03-10Rob VandenBrinkWhat's My Firewall Telling Me? (Part 4)
2010-03-10Rob VandenBrinkMicrosoft Security Advisory 981374 - Remote Code Execution Vulnerability for IE6 and IE7
2010-03-09Marcus SachsEnergizer Malware
2010-03-07Mari NicholsDHS issues Cybersecurity challenge
2010-03-05Kyle HaugsnessWhat is your firewall log telling you - responses
2010-03-05Kyle HaugsnessFalse scare email proclaiming North Korea nuclear launch against Japan
2010-03-04Daniel Wesemannsalefale-dot-com is bad
2010-03-03Johannes UllrichReports about large number of fake Amazon order confirmations
2010-03-03Daniel WesemannWhat is your firewall log telling you - Part #2
2010-02-28Mari NicholsDisasters take practice
2010-02-26Rick WannerNew version of FireBug Firefox plug-in - http://getfirebug.com/
2010-02-23Mark HofmanWhat is your firewall telling you and what is TCP249?
2010-02-22Rob VandenBrinkNew Risks in Penetration Testing
2010-02-21Patrick Nolan Looking for "more useful" malware information? Help develop the format.
2010-02-20Mari NicholsIs "Green IT" Defeating Security?
2010-02-17Rob VandenBrinkDefining Clouds - " A Cloud by any Other Name Would be a Lot Less Confusing"
2010-02-17Rob VandenBrinkMultiple Security Updates for ESX 3.x and ESXi 3.x
2010-02-16Johannes UllrichTeredo "stray packet" analysis
2010-02-16Jim ClausingTeredo request for packets
2010-02-13Lorna HutchesonNetwork Traffic Analysis in Reverse
2010-02-11Johannes UllrichMS10-015 may cause Windows XP to blue screen
2010-02-11Deborah HaleCritical Update for AD RMS
2010-02-10Marcus SachsDatacenters and Directory Traversals
2010-02-07Rick WannerMandiant Mtrends Report
2010-02-05Jim ClausingWordPress iframe injection?
2010-02-03Johannes UllrichInformation Disclosure Vulnerability in Internet Explorer
2010-02-02Johannes UllrichNew IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux)
2010-02-02Guy BruneauCisco Secure Desktop Remote XSS Vulnerability
2010-01-30Stephen HallNew and updated VMWare advisories
2010-01-26Rob VandenBrinkVMware vSphere Hardening Guide Draft posted for public review
2010-01-23Lorna HutchesonThe necessary evils: Policies, Processes and Procedures
2010-01-22Mari NicholsPass-down for a Successful Incident Response
2010-01-21Chris CarboniFirefox Upgrade Available
2010-01-19Jim ClausingForensic challenges
2010-01-14Bojan ZdrnjaPDF Babushka
2010-01-14Bojan Zdrnja0-day vulnerability in Internet Explorer 6, 7 and 8
2010-01-13Guy BruneauSun Java JRE 6 Update 18 Released
2010-01-07Daniel WesemannStatic analysis of malicious PDFs
2010-01-07Daniel WesemannStatic analysis of malicous PDFs (Part #2)
2010-01-06Guy BruneauFirefox security and stability update for version 3.5.7 and 3.0.17 available for download
2009-12-18Stephen HallWireshark 1.2.5 released - including three security fixes
2009-12-17Daniel Wesemannoverlay.xul is back
2009-12-17Daniel WesemannIn caches, danger lurks
2009-12-16Mark HofmanFirefox 3.5.6 is available, time to update.
2009-12-16Rob VandenBrinkBeware the Attack of the Christmas Greeting Cards !
2009-12-14Adrien de BeaupreAnti-forensics, COFEE vs. DECAF
2009-12-07Rick WannerCheat Sheet: Analyzing Malicious Documents
2009-12-05Guy BruneauJava JRE Buffer and Integer Overflow
2009-12-04Daniel WesemannMax Power's Malware Paradise
2009-12-02Rob VandenBrinkSPAM and Malware taking advantage of H1N1 concerns
2009-12-02Rob VandenBrinkMicrosoft Black Screen of Death - Fact of Fiction?
2009-11-30Bojan ZdrnjaDistributed Wordpress admin account cracking
2009-11-25Jim ClausingTool updates
2009-11-25Jim ClausingUpdates to my GREM Gold scripts and a new script
2009-11-24Rick WannerMicrosoft Security Advisory 977981 - IE 6 and IE 7
2009-11-21Mark HofmanVMware vCenter and ESX updates available http://lists.vmware.com/pipermail/security-announce/2009/000070.html
2009-11-18Rob VandenBrinkUsing a Cisco Router as a “Remote Collector” for tcpdump or Wireshark
2009-11-14Adrien de BeaupreMicrosoft advisory for Windows 7 / Windows Server 2008 R2 Remote SMB DoS Exploit released
2009-11-13Deborah HaleIt's Never Too Early To Start Teaching Them
2009-11-13Adrien de BeaupreTLS & SSLv3 renegotiation vulnerability explained
2009-11-12Rob VandenBrinkWindows 7 / Windows Server 2008 Remote SMB Exploit
2009-11-06Mark HofmanA new version of Firefox (3.5.5) just became available. According to the release notes they are stability improvements.
2009-11-05Swa FrantzenInsider threat: The snapnames case
2009-10-30Rob VandenBrinkNew version of NIST 800-41, Firewalls and Firewall Policy Guidelines
2009-10-29Kyle HaugsnessCyber Security Awareness Month - Day 29 - dns port 53
2009-10-28Johannes UllrichFirefox 3.5.4 released. Lots of security bug fixes. (thanks Gilbert!)
2009-10-28Johannes UllrichSniffing SSL: RFC 4366 and TLS Extensions
2009-10-28Johannes UllrichCyber Security Awareness Month - Day 28 - ntp (123/udp)
2009-10-27Rob VandenBrinkNew VMware Desktop Products Released (Workstation, Fusion, ACE)
2009-10-25Lorna HutchesonCyber Security Awareness Month - Day 25 - Port 80 and 443
2009-10-22Adrien de BeaupreCyber Security Awareness Month - Day 22 port 502 TCP - Modbus
2009-10-22Adrien de BeaupreSysinternals updates: Disk2vhd v1.1, ZoomIt v4.1, Coreinfo v2.0, VMMap v2.4
2009-10-21Pedro BuenoWordPress Hardening
2009-10-21Pedro BuenoCyber Security Awareness Month - Day 21 - Port 135
2009-10-19Daniel WesemannCyber Security Awareness Month - Day 19 - ICMP
2009-10-19Daniel WesemannBacked up, lately ?
2009-10-18Mari NicholsComputer Security Awareness Month - Day 18 - Telnet an oldie but a goodie
2009-10-17Rick WannerCyber Security Awareness Month - Day 17 - Port 22/SSH
2009-10-17Rick WannerMozilla disables Microsoft plug-ins?
2009-10-16Stephen HallVMWare updates ESX
2009-10-16Adrien de BeaupreCyber Security Awareness Month - Day 16 - Port 1521 - Oracle TNS Listener
2009-10-16Adrien de BeaupreDisable MS09-054 patch, or Firefox Plugin?
2009-10-15Deborah HaleYet another round of Viral Spam
2009-10-15Deborah HaleCyber Security Awareness Month - Day 15 - Ports 995, 465, and 993 - Secure Email
2009-10-11Mark HofmanCyber Security Awareness Month - Day 12 Ports 161/162 Simple Network Management Protocol (SNMP)
2009-10-09Rob VandenBrinkCyber Security Awareness Month - Day 9 - Port 3389/tcp (RDP)
2009-10-08Johannes UllrichFirefox Plugin Collections
2009-10-06Adrien de BeaupreCyber Security Awareness Month - Day 6 ports 67&68 udp - bootp and dhcp
2009-10-05Adrien de BeaupreCyber Security Awareness Month - Day 5 port 31337
2009-10-04Guy BruneauSamba Security Information Disclosure and DoS
2009-10-02Stephen HallCyber Security Awareness Month - Day 2 - Port 0
2009-10-02Stephen HallVMware Fusion updates to fixes a couple of bugs
2009-09-27Stephen HallUse Emerging Threats signatures? READ THIS!
2009-09-25Lenny ZeltserCategories of Common Malware Traits
2009-09-25Deborah HaleConficker Continues to Impact Networks
2009-09-25Deborah HaleMalware delivered over Google and Yahoo Ad's?
2009-09-20Mari NicholsInsider Threat and Security Awareness
2009-09-16Raul SilesWireshark 1.2.2 (and 1.0.9) is out!
2009-09-10Johannes UllrichHealthcare Spam
2009-09-10Guy BruneauFirefox 3.5.3 and 3.0.14 has been released
2009-09-07Lorna HutchesonEncrypting Data
2009-09-05Mark HofmanCritical Infrastructure and dependencies
2009-09-04Adrien de BeaupreFake anti-virus
2009-08-30Tony CarothersHow do I recover from.....?
2009-08-29Guy BruneauImmunet Protect - Cloud and Community Malware Protection
2009-08-28Adrien de BeaupreWPA with TKIP done
2009-08-26Johannes UllrichMalicious CD ROMs mailed to banks
2009-08-21Rick WannerUpdates to VMWare Products
2009-08-18Daniel WesemannForensics: Mounting partitions from full-disk 'dd' images
2009-08-13Jim ClausingNew and updated cheat sheets
2009-08-11Swa FrantzenWordpress unauthenticated administrator password reset
2009-08-04Mark HofmanFirefox Updates
2009-07-31Deborah HaleDon't forget to tell your SysAdmin Thanks
2009-07-28Adrien de BeaupreYYAMCCBA
2009-07-26Jim ClausingNew Volatility plugins
2009-07-23John BambenekMissouri Passes Breach Notification Law: Gap Still Exists for Banking Account Information
2009-07-22Chris CarboniFirefox 3.0.12 is Available
2009-07-20Stephen HallWireshark Release 1.2.1
2009-07-19Marcus SachsMozilla Comments on Firefox 3.5.1 issue
2009-07-17Stephen HallFirefox 3.5.1 has been released
2009-07-14Swa FrantzenFirefox new exploit
2009-07-11Rick WannerVMWare Security Advisories
2009-07-09John BambenekLatest Updates on Ongoing DDoS on Governmental/Commercial Websites in USA and S. Korea
2009-07-03Adrien de BeaupreAuthorize.net down
2009-07-03Adrien de BeaupreBCP/DRP
2009-07-03Adrien de BeaupreHappy 4th of July!
2009-07-02Daniel WesemannGetting the EXE out of the RTF
2009-07-02Bojan ZdrnjaCold Fusion web sites getting compromised
2009-07-01Bojan ZdrnjaNew VMWare Security Advisory
2009-06-30Chris CarboniFirefox 3.5 is available
2009-06-20Mark HofmanG'day from Sansfire2009
2009-06-20Scott FendleySituational Awareness: Spam Crisis and China
2009-06-17Guy BruneauWireshark 1.2.0 released
2009-06-16John BambenekIran Internet Blackout: Using Twitter for Operational Intelligence
2009-06-16John BambenekURL Shortening Service Cligs Hacked
2009-06-14Guy BruneauSANSFIRE 2009 Starts Tomorrow
2009-06-12Adrien de BeaupreGreen Dam
2009-06-11Rick WannerMIR-ROR Motile Incident Response - Respond Objectively Remediate
2009-06-11Rick WannerFirefox 3.0.11 is available
2009-06-06Patrick NolanARRA/HIPAA Breach Reporting Dates Approaching
2009-06-04Raul SilesMalware targetting banks ATM's
2009-06-04Raul SilesTargeted e-mail attacks asking to verify wire transfer details
2009-06-01G. N. WhiteYet another "Digital Certificate" malware campaign
2009-05-29Lorna HutchesonVMWare Patches Released
2009-05-25Jim ClausingWireshark-1.0.8 released
2009-05-20Pedro BuenoCyber Warfare and Kylin thoughts
2009-05-18Rick WannerCisco SAFE Security Reference Guide Updated
2009-05-18Rick WannerJSRedir-R/Gumblar badness
2009-05-09Patrick NolanUnusable, Unreadable, or Indecipherable? No Breach reporting required
2009-05-07Deborah HaleMalicious Content on the Web
2009-05-05Bojan ZdrnjaHealth database breached
2009-05-04Tom ListonFacebook phishing malware
2009-05-04Tom ListonAdobe Reader/Acrobat Critical Vulnerability
2009-05-01Adrien de BeaupreIncident Management
2009-04-24John BambenekData Leak Prevention: Proactive Security Requirements of Breach Notification Laws
2009-04-24Pedro BuenoDid you check your conference goodies?
2009-04-16Adrien de BeaupreIncident Response vs. Incident Handling
2009-04-15Marcus Sachs2009 Data Breach Investigation Report
2009-04-14Swa FrantzenVMware exploits - just how bad is it ?
2009-04-10Stephen HallPatches for critical VMWare vulnerability
2009-04-09Jim ClausingWireshark 1.0.7 released
2009-04-04Tony CarothersRecent VMware Updates Available
2009-03-27David GoldsmithFirefox 3.0.8 Released
2009-03-25David GoldsmithJava Runtime Environment 6.0 Update 13 Released
2009-03-19Mark HofmanBrace yourselves - IE8 reported to be released
2009-03-19Mark HofmanBrowsers Tumble at CanSecWest
2009-03-13Bojan ZdrnjaWhen web application security, Microsoft and the AV vendors all fail
2009-03-10Swa FrantzenTinyURL and security
2009-03-10Swa FrantzenBrowser plug-ins, transparent proxies and same origin policies
2009-03-08Marcus SachsBehind the Estonia Cyber Attacks
2009-03-04Deborah HaleWireshark 1.0.6 Released
2009-03-04Deborah HaleFirefox Releases version 3.0.7
2009-03-01Jim ClausingCool combination of tools
2009-02-25Andre LudwigPreview/Iphone/Linux pdf issues
2009-02-23Daniel WesemannTurf War
2009-02-23Daniel WesemannAnd the Oscar goes to...
2009-02-12Mark HofmanAustralian Bushfires
2009-02-10Bojan ZdrnjaMore tricks from Conficker and VM detection
2009-02-09Bojan ZdrnjaSome tricks from Conficker's bag
2009-02-08Mari NicholsAre we becoming desensitized to data breaches?
2009-02-06Adrien de BeaupreTime to patch your HP printers
2009-02-04Daniel WesemannFirefox 3.0.6
2009-02-04Daniel WesemannTitan Shields up!
2009-02-02Stephen HallHow do you audit your production code?
2009-01-31Swa FrantzenVMware updates
2009-01-31John BambenekGoogle Search Engine's Malware Detection Broken
2009-01-30Mark HofmanWe all "Love" USB drives
2009-01-25Rick WannerTwam?? Twammers?
2009-01-24Pedro BuenoIdentifying and Removing the iWork09 Trojan
2009-01-18Daniel Wesemann3322. org
2009-01-15Bojan ZdrnjaConficker's autorun and social engineering
2009-01-12William SaluskyDownadup / Conficker - MS08-067 exploit and Windows domain account lockout
2009-01-12William SaluskyWeb Application Firewalls (WAF) - Have you deployed WAF technology?
2009-01-07Bojan ZdrnjaAn Israeli patriot program or a trojan
2009-01-02Rick WannerTools on my Christmas list.
2008-12-28Raul SilesAT&T Wireless Outage
2008-12-25Maarten Van HorenbeeckMerry Christmas, and beware of digital hitchhikers!
2008-12-25Maarten Van HorenbeeckChristmas Ecard Malware
2008-12-17donald smithFirefox 3.0.5 fixes several security issues.
2008-12-17donald smithTeam CYMRU's Malware Hash Registry
2008-12-17donald smithInternet Explorer 960714 is released
2008-12-16donald smithCisco's Annual Security report has been released.
2008-12-12Swa FrantzenBrowser Security Handbook
2008-12-10Bojan Zdrnja0-day exploit for Internet Explorer in the wild
2008-12-05Daniel WesemannBeen updatin' your Flash player lately?
2008-12-05Daniel WesemannBaby, baby!
2008-12-04Bojan ZdrnjaRogue DHCP servers
2008-11-25Andre LudwigThe beginnings of a collaborative approach to IDS
2008-11-20Jason LamLarge quantity SQL Injection mitigation
2008-11-17Jim ClausingFinding stealth injected DLLs
2008-11-17Marcus SachsNew Tool: NetWitness Investigator
2008-11-16Maarten Van HorenbeeckDetection of Trojan control channels
2008-11-13Jim ClausingNew Firefoxen out
2008-11-12John BambenekThoughts on Security Intelligence (McColo Corp alleged spam/malware host knocked offline)
2008-11-11Swa FrantzenAcrobat continued activity in the wild
2008-11-10Stephen HallAdobe Reader Vulnerability - part 2
2008-11-08Raul SilesWPA Cracked - additional details
2008-11-06Joel EslerWPA Wi-fi Cracked (but it's not as bad as you think... yet)
2008-11-06Joel EslerWireless Poll
2008-11-04Marcus SachsCyber Security Awareness Month 2008 - Summary and Links
2008-11-03Joel EslerDay 34 -- Feeding The Lessons Learned Back to the Preparation Phase
2008-11-02Mari NicholsDay 33 - Working with Management to Improve Processes
2008-11-01Koon Yaw TanDay 32 - What Should I Make Public?
2008-10-31Rick WannerDay 31 - Legal Awareness
2008-10-30Kevin ListonDay 30 - Applying Patches and Updates
2008-10-29Deborah HaleDay 29 - Should I Switch Software Vendors?
2008-10-28Jason LamDay 28 - Avoiding Finger Pointing and the Blame Game
2008-10-27Johannes UllrichDay 27 - Validation via Vulnerability Scanning
2008-10-25Koon Yaw TanDay 25 - Finding and Removing Hidden Files and Directories
2008-10-25Rick WannerDay 26 - Restoring Systems from Backup
2008-10-24Stephen HallDay 24 - Cleaning Email Servers and Clients
2008-10-22Johannes UllrichDay 22 - Wiping Disks and Media
2008-10-22Mari NicholsF-Secure and Trend Micro Release Critical Patches
2008-10-22Chris CarboniDay 23 - Turning off Unused Services
2008-10-21Johannes UllrichWireshark 1.0.4 released
2008-10-21Johannes UllrichDay 21 - Removing Bots, Keyloggers, and Spyware
2008-10-20Raul SilesDay 20 - Eradicating a Rootkit
2008-10-19Lorna HutchesonDay 19 - Eradication: Forensic Analysis Tools - What Happened?
2008-10-17Patrick NolanDay 17 - Containing a DNS Hijacking
2008-10-17Rick WannerDay 18 - Containing Other Incidents
2008-10-16Mark HofmanDay 16 - Containing a Malware Outbreak
2008-10-15Rick WannerDay 15 - Containing the Damage From a Lost or Stolen Laptop
2008-10-14Swa FrantzenDay 14 - Containment: a Personal IdentityTheft Incident
2008-10-13Adrien de BeaupreDay 13 - Containment: Containing on Production Systems Such as a Web Server
2008-10-12Mari NicholsDay 12 Containment: Gathering Evidence That Can be Used in Court
2008-10-11Stephen HallDay 11 - Identification: Other Methods of Identifying an Incident
2008-10-10Marcus SachsDay 10 - Identification: Using Your Help Desk to Identify Security Incidents
2008-10-09Marcus SachsDay 9 - Identification: Log and Audit Analysis
2008-10-09Bojan ZdrnjaWatch that .htaccess file on your web site
2008-10-08Johannes UllrichDay 8 - Global Incident Awareness
2008-10-07Kyle HaugsnessDay 7 - Identification: Host-based Intrusion Detection Systems
2008-10-07Kyle HaugsnessGood reading and a malware challenge
2008-10-06Jim ClausingDay 6 - Network-based Intrusion Detection Systems
2008-10-06Jim ClausingNovell eDirectory advisory
2008-10-05Stephen HallDay 5 - Identification: Events versus Incidents
2008-10-04Marcus SachsDay 4 - Preparation: What Goes Into a Response Kit
2008-10-03Jason LamDay 3 - Preparation: Building Checklists
2008-10-02Marcus SachsDay 2 - Preparation: Building a Response Team
2008-10-01Marcus SachsDay 1 - Preparation: Policies, Management Support, and User Awareness
2008-09-30Marcus SachsCyber Security Awareness Month - Daily Topics
2008-09-29Daniel WesemannASPROX mutant
2008-09-26Patrick NolanFirefox v2.0.0.17 and Thunderbird v2.0.0.17 release fixes vulnerabilities
2008-09-25Jim ClausingFirefox 3.0.3 will be out probably tomorrow
2008-09-22Maarten Van HorenbeeckData exfiltration and the use of anonymity providers
2008-09-21Mari NicholsYou still have time!
2008-09-20Rick WannerNew (to me) nmap Features
2008-09-19Bojan ZdrnjaVMWare ESX(i) 3.5 security patches
2008-09-18Bojan ZdrnjaMonitoring HTTP User-Agent fields
2008-09-09Swa Frantzenwordpress upgrade
2008-09-07Lorna HutchesonMalware Analysis: Tools are only so good
2008-09-04Chris CarboniWireshark 1.0.3 released
2008-09-03Daniel WesemannStatic analysis of Shellcode
2008-09-03Daniel WesemannStatic analysis of Shellcode - Part 2
2008-09-01John BambenekThe Number of Machines Controlled by Botnets Has Jumped 4x in Last 3 Months
2008-08-17Kevin ListonVolatility 1.3 Released
2008-08-15Jim ClausingOMFW 2008 reflections
2008-08-13Adrien de BeaupreCNN switched to MSNBC
2008-08-12Johannes UllrichVMWare ESX 3.5u2 Errors
2008-08-05Daniel WesemannThe news update you never asked for
2008-08-02Maarten Van HorenbeeckA little of that human touch
2008-07-20Kevin ListonMalware Intelligence: Making it Actionable
2008-07-17Mari NicholsFirefox Releases 3.0.1 and fixes 3 security vulnerabilities
2008-07-17Mari NicholsAdobe Reader 9 Released
2008-07-17Mari NicholsMicrosoft Updates 2 DirectX Bulletins
2008-07-16Maarten Van HorenbeeckFirefox 2.0.0.16 fixes two security vulnerabilities
2008-07-15Maarten Van HorenbeeckExtracting scripts and data from suspect PDF files
2008-07-15Maarten Van HorenbeeckBot controller mimicry
2008-07-14Daniel WesemannObfuscated JavaScript Redux
2008-07-07Pedro BuenoBad url classification
2008-07-02Jim ClausingFirefox 2.0.0.15 is out
2008-06-26Daniel WesemannAutomatic wireless connections
2008-06-23donald smithPreventing SQL injection
2008-06-19William StearnsFirefox vunerability
2008-06-18Marcus SachsOlympics Part II
2008-06-16Marcus SachsFirefox 3.0 to be Released on Tuesday
2008-06-14Lorna HutchesonMalware Detection - Take the Blinders Off
2008-06-11John BambenekCitectSCADA Buffer Overflow Vulnerability
2008-06-10Swa FrantzenRansomware keybreaking
2008-06-02Jim ClausingEmergingthreats.net and ThePlanet
2008-06-01Mark HofmanFree Yahoo email account! Sign me up, Ok well maybe not.
2008-06-01Mari NicholsUpdates to VMware resolve critical security issues
2008-05-28Adrien de BeaupreAnother example of malicious SWF
2008-05-27Adrien de BeaupreMalicious swf files?
2008-05-26Marcus SachsPredictable Response
2008-05-14Bojan ZdrnjaWar of the worlds?
2008-05-08Joel EslerCOMPROMISED FILE IN VIETNAMESE LANGUAGE PACK FOR FIREFOX 2
2008-05-06Marcus SachsIndustrial Control Systems Vulnerability
2008-05-02Adrien de BeaupreHi, remember me?...
2008-04-30Bojan Zdrnja(Minor) evolution in Mac DNS changer malware
2008-04-24Maarten Van HorenbeeckTargeted attacks using malicious PDF files
2008-04-23Mari NicholsWhat's New, Old and Morphing?
2008-04-17Chris CarboniFirefox Update
2008-04-16Bojan ZdrnjaThe 10.000 web sites infection mystery solved
2008-04-16William StearnsPasser, a aassive machine and service sniffer
2008-04-15Johannes UllrichSRI Malware Threat Center
2008-04-14John BambenekA Federal Subpoena or Just Some More Spam & Malware?
2008-04-10Deborah HaleDSLReports Being Attacked Again
2008-04-08Swa FrantzenSymantec's Global Internet Security Threat Report
2008-04-07John BambenekHP USB Keys Shipped with Malware for your Proliant Server
2008-04-07John BambenekGot Kraken?
2008-04-07John BambenekKraken Technical Details: UPDATED x3
2008-04-06Daniel WesemannAdvanced obfuscated JavaScript analysis
2008-04-04Daniel Wesemannnmidahena
2008-04-03Bojan ZdrnjaVB detection: is it so difficult?
2008-04-02Adrien de BeaupreWhen is a DMG file not a DMG file
2008-04-01Joel EslerSecurity in everyday life -- A true April Fools story
2008-03-30Mark HofmanMail Anyone?
2008-03-27Maarten Van HorenbeeckGuarding the guardians: a story of PGP key ring theft
2008-03-26Raul SilesFirefox 2.0.0.13 is out
2008-03-24Raul SilesNext-generation Web browsers?
2008-03-19Raul SilesVMware updates resolve critical security issues (VMSA-2008-0005)
2008-03-13Jason LamRemote File Include spoof!?
2006-12-18Toby KohlenbergORDB Shutting down
2006-11-29Toby KohlenbergNew Adobe vulnerability
2006-11-20Joel EslerMS06-070 Remote Exploit
2006-10-05John BambenekThere are no more Passive Exploits
2006-09-09Jim ClausingNew feature at isc.sans.org
2006-08-31Swa FrantzenNT botnet submitted
2000-01-02Deborah Hale2010 A Look Back - 2011 A Look Ahead