WINDOWS VISTA |
| 2012-04-10 | Swa Frantzen | Windows Vista RIP |
| 2009-07-16 | Guy Bruneau | Changes in Windows Security Center |
WINDOWS |
| 2024-12-20/a> | Xavier Mertens | Christmas "Gift" Delivered Through SSH |
| 2023-06-29/a> | Brad Duncan | GuLoader- or DBatLoader/ModiLoader-style infection for Remcos RAT |
| 2023-03-22/a> | Didier Stevens | Windows 11 Snipping Tool Privacy Bug: Inspecting PNG Files |
| 2023-02-19/a> | Didier Stevens | "Unsupported 16-bit Application" or HTML? |
| 2023-02-09/a> | Xavier Mertens | A Backdoor with Smart Screenshot Capability |
| 2022-11-05/a> | Guy Bruneau | Windows Malware with VHD Extension |
| 2022-06-26/a> | Didier Stevens | My Paste Command |
| 2022-06-24/a> | Xavier Mertens | Python (ab)using The Windows GUI |
| 2022-04-28/a> | Johannes Ullrich | A Day of SMB: What does our SMB/RPC Honeypot see? CVE-2022-26809 |
| 2022-04-14/a> | Johannes Ullrich | An Update on CVE-2022-26809 - MSRPC Vulnerabliity - PATCH NOW |
| 2022-04-06/a> | Brad Duncan | Windows MetaStealer Malware |
| 2022-02-25/a> | Didier Stevens | Windows, Fixed IPv4 Addresses and APIPA |
| 2021-10-14/a> | Xavier Mertens | Port-Forwarding with Windows for the Win |
| 2021-07-21/a> | Johannes Ullrich | "Summer of SAM": Microsoft Releases Guidance for CVE-2021-36934 |
| 2021-07-19/a> | Rick Wanner | New Windows Print Spooler Vulnerability - CVE-2021-34481 |
| 2021-05-02/a> | Didier Stevens | PuTTY And FileZilla Use The Same Fingerprint Registry Keys |
| 2020-09-30/a> | Johannes Ullrich | Scans for FPURL.xml: Reconnaissance or Not? |
| 2020-09-02/a> | Xavier Mertens | Python and Risky Windows API Calls |
| 2020-09-01/a> | Johannes Ullrich | Exposed Windows Domain Controllers Used in CLDAP DDoS Attacks |
| 2020-08-25/a> | Xavier Mertens | Keep An Eye on LOLBins |
| 2020-06-24/a> | Jan Kopriva | Using Shell Links as zero-touch downloaders and to initiate network connections |
| 2020-03-30/a> | Jan Kopriva | Crashing explorer.exe with(out) a click |
| 2020-03-23/a> | Didier Stevens | Windows Zeroday Actively Exploited: Type 1 Font Parsing Remote Code Execution Vulnerability |
| 2020-03-16/a> | Jan Kopriva | Desktop.ini as a post-exploitation tool |
| 2020-02-18/a> | Jan Kopriva | Discovering contents of folders in Windows without permissions |
| 2020-02-17/a> | Didier Stevens | curl and SSPI |
| 2020-02-15/a> | Didier Stevens | bsdtar on Windows 10 |
| 2020-01-09/a> | Kevin Shortt | Windows 7 - End of Life |
| 2019-06-27/a> | Rob VandenBrink | Finding the Gold in a Pile of Pennies - Long Tail Analysis in PowerShell |
| 2019-06-06/a> | Xavier Mertens | Keep an Eye on Your WMI Logs |
| 2019-05-22/a> | Johannes Ullrich | An Update on the Microsoft Windows RDP "Bluekeep" Vulnerability (CVE-2019-0708) [now with pcaps] |
| 2019-03-05/a> | Rob VandenBrink | Powershell, Active Directory and the Windows Host Firewall |
| 2019-01-14/a> | Rob VandenBrink | Still Running Windows 7? Time to think about that upgrade project! |
| 2018-12-19/a> | Xavier Mertens | Restricting PowerShell Capabilities with NetSh |
| 2018-12-19/a> | Xavier Mertens | Microsoft OOB Patch for Internet Explorer: Scripting Engine Memory Corruption Vulnerability |
| 2018-06-05/a> | Xavier Mertens | Malicious Post-Exploitation Batch File |
| 2018-05-07/a> | Xavier Mertens | Adding Persistence Via Scheduled Tasks |
| 2018-05-02/a> | Russ McRee | Windows Commands Reference - An InfoSec Must Have |
| 2017-11-15/a> | Xavier Mertens | If you want something done right, do it yourself! |
| 2017-11-11/a> | Xavier Mertens | Keep An Eye on your Root Certificates |
| 2017-01-18/a> | Rob VandenBrink | Making Windows 10 a bit less "Creepy" - Common Privacy Settings |
| 2017-01-12/a> | Mark Baggett | System Resource Utilization Monitor |
| 2016-11-18/a> | Didier Stevens | VBA Shellcode and Windows 10 |
| 2016-08-29/a> | Russ McRee | Recommended Reading: Intrusion Detection Using Indicators of Compromise Based on Best Practices and Windows Event Logs |
| 2016-08-02/a> | Tom Webb | Windows 10 Anniversary Update Available |
| 2016-07-12/a> | Xavier Mertens | Hunting for Malicious Files with MISP + OSSEC |
| 2016-05-22/a> | Pasquale Stirparo | The strange case of WinZip MRU Registry key |
| 2016-05-18/a> | Russ McRee | Resources: Windows Auditing & Monitoring, Linux 2FA |
| 2016-04-15/a> | Xavier Mertens | Windows Command Line Persistence? |
| 2016-03-30/a> | Xavier Mertens | What to watch with your FIM? |
| 2016-02-18/a> | Xavier Mertens | Hunting for Executable Code in Windows Environments |
| 2016-01-31/a> | Guy Bruneau | Windows 10 and System Protection for DATA Default is OFF |
| 2015-12-09/a> | Xavier Mertens | Enforcing USB Storage Policy with PowerShell |
| 2015-08-12/a> | Rob VandenBrink | Windows Service Accounts - Why They're Evil and Why Pentesters Love them! |
| 2014-08-15/a> | Tom Webb | AppLocker Event Logs with OSSEC 2.8 |
| 2014-07-05/a> | Guy Bruneau | Java Support ends for Windows XP |
| 2014-04-06/a> | Basil Alawi S.Taher | "Power Worm" PowerShell based Malware |
| 2014-04-04/a> | Rob VandenBrink | Windows 8.1 Released |
| 2014-03-24/a> | Johannes Ullrich | New Microsoft Advisory: Unpatched Word Flaw used in Targeted Attacks |
| 2014-03-04/a> | Daniel Wesemann | XPired! |
| 2014-01-10/a> | Basil Alawi S.Taher | Windows Autorun-3 |
| 2014-01-04/a> | Tom Webb | Monitoring Windows Networks Using Syslog (Part One) |
| 2013-10-30/a> | Russ McRee | SIR v15: Five good reasons to leave Windows XP behind |
| 2013-03-19/a> | Johannes Ullrich | Windows 7 SP1 and Windows Server 2008 R2 SP1 Being "pushed" today |
| 2013-02-28/a> | Daniel Wesemann | Parsing Windows Eventlogs in Powershell |
| 2012-10-24/a> | Rob VandenBrink | Time to run Windows Update - - Microsoft Updates KB2755801 for Windows RT / IE10 / Flash Player - http://technet.microsoft.com/en-us/security/advisory/2755801 |
| 2012-07-19/a> | Mark Baggett | Diagnosing Malware with Resource Monitor |
| 2012-06-25/a> | Guy Bruneau | Issues with Windows Update Agent |
| 2012-05-08/a> | Bojan Zdrnja | Windows Firewall Bypass Vulnerability and NetBIOS NS |
| 2012-05-06/a> | Jim Clausing | Tool updates and Win 8 |
| 2012-04-10/a> | Swa Frantzen | Windows Vista RIP |
| 2011-12-21/a> | Johannes Ullrich | New Vulnerability in Windows 7 64 bit |
| 2011-07-09/a> | Chris Mohan | Safer Windows Incident Response |
| 2011-06-30/a> | Rob VandenBrink | Update for RSA Authentication Manager |
| 2011-06-01/a> | Johannes Ullrich | Enabling Privacy Enhanced Addresses for IPv6 |
| 2011-03-27/a> | Guy Bruneau | Strange Shockwave File with Surprising Attachments |
| 2011-03-15/a> | Lenny Zeltser | Limiting Exploit Capabilities by Using Windows Integrity Levels |
| 2011-02-24/a> | Johannes Ullrich | Windows 7 / 2008 R2 Service Pack 1 Problems |
| 2011-02-23/a> | Johannes Ullrich | Windows 7 Service Pack 1 out |
| 2011-02-16/a> | Jason Lam | Windows 0-day SMB mrxsmb.dll vulnerability |
| 2011-02-10/a> | Chris Mohan | Befriending Windows Security Log Events |
| 2011-01-24/a> | Rob VandenBrink | Where have all the COM Ports Gone? - How enumerating COM ports led to me finding a “misplaced” Microsoft tool |
| 2011-01-04/a> | Johannes Ullrich | Microsoft Advisory: Vulnerability in Graphics Rendering Engine |
| 2010-11-24/a> | Bojan Zdrnja | Privilege escalation 0-day in almost all Windows versions |
| 2010-08-02/a> | Manuel Humberto Santander Pelaez | Securing Windows Internet Kiosk |
| 2010-06-15/a> | Manuel Humberto Santander Pelaez | Microsoft Windows Help and Support Center vulnerability (CVE 2010-1885) exploit in the wild |
| 2010-02-11/a> | Deborah Hale | The Mysterious Blue Screen |
| 2009-11-14/a> | Adrien de Beaupre | Microsoft advisory for Windows 7 / Windows Server 2008 R2 Remote SMB DoS Exploit released |
| 2009-11-12/a> | Rob VandenBrink | Windows 7 / Windows Server 2008 Remote SMB Exploit |
| 2009-10-24/a> | Marcus Sachs | Windows 7 - How is it doing? |
| 2009-09-08/a> | Guy Bruneau | Vista/2008/Windows 7 SMB2 BSOD 0Day |
| 2009-08-26/a> | Johannes Ullrich | WSUS 3.0 SP2 released |
| 2009-07-16/a> | Guy Bruneau | Changes in Windows Security Center |
| 2009-07-02/a> | Daniel Wesemann | Time to update updating on PCs for 3rd party apps |
| 2009-04-16/a> | Adrien de Beaupre | Strange Windows Event Log entry |
| 2009-01-31/a> | Swa Frantzen | Windows 7 - not so secure ? |
| 2008-08-15/a> | Jim Clausing | OMFW 2008 reflections |
| 2008-06-12/a> | Bojan Zdrnja | Safari on Windows - not looking good |
| 2008-05-17/a> | Lorna Hutcheson | XP SP3 Issues |
| 2008-05-06/a> | John Bambenek | Windows XP Service Pack 3 Released |
| 2008-05-01/a> | Adrien de Beaupre | Windows XP SteadyState |
| 2008-04-29/a> | Bojan Zdrnja | Windows Service Pack blocker tool |
| 2008-04-16/a> | William Stearns | Windows XP Service Pack 3 - unofficial schedule: Apr 21-28 |
| 2007-01-03/a> | Toby Kohlenberg | VLC Media Player udp URL handler Format String Vulnerability |
VISTA |
| 2012-04-10/a> | Swa Frantzen | Windows Vista RIP |
| 2010-03-10/a> | Rob VandenBrink | Microsoft re-release of KB973811 - attacks on Extended Protection for Authentication |
| 2010-03-01/a> | Mark Hofman | Microsoft will drop support for Vista (without any Service Packs) on April 13 and support for XP SP2 ends July 13. (i.e. no more security updates). If you are still running these, it it time to update. |
| 2009-07-16/a> | Guy Bruneau | Changes in Windows Security Center |
| 2009-05-26/a> | Jason Lam | Vista & Win2K8 SP2 available |
| 2008-05-03/a> | Deborah Hale | Windows Vista Update Causing Loss of Audio on Some Systems |
| 2006-12-26/a> | Swa Frantzen | Vista: better security [Y/N] ? |
