Handler on Duty: Xavier Mertens
Threat Level: green
Xavier Mertens Diaries
- Christmas "Gift" Delivered Through SSH
- Python Delivering AnyDesk Client as RAT
- From a Regular Infostealer to its Obfuscated Version
- An Infostealer Searching for « BIP-0039 » Data
- Detecting the Presence of a Debugger in Linux
- Steam Account Checker Poisoned with Infostealer
- Python RAT with a Nice Screensharing Feature
- Phishing Page Delivered Through a Blob URL
- From Perfctl to InfoStealer
- macOS Sequoia: System/Network Admins, Hold On!
- Python Infostealer Patching Windows Exodus App
- 23:59, Time to Exfiltrate!
- Managing PE Files With Overlays
- Python Libraries Used for Malicious Purposes
- Live Patching DLLs with Python
- Why Is Python so Popular to Infect Windows Hosts?
- From Highly Obfuscated Batch File to XWorm and Redline
- Do you Like Donuts? Here is a Donut Shellcode Delivered Through PowerShell/Python
- Multiple Malware Dropped Through MSI Package
- ExelaStealer Delivered "From Russia With Love"
- XWorm Hidden With Process Hollowing
- "Mouse Logger" Malicious Python Script
- Kunai: Keep an Eye on your Linux Hosts Activity
- New NetSupport Campaign Delivered Through MSIX Packages
- Malicious Python Script with a "Best Before" Date
- "K1w1" InfoStealer Uses gofile.io for Exfiltration
- Feeding MISP with OSSEC
- Analyzing Synology Disks on Linux
- Malicious PDF File Used As Delivery Mechanism
- Building a Live SIFT USB with Persistence
- Quick Forensics Analysis of Apache logs
- From JavaScript to AsyncRAT
- Using ChatGPT to Deobfuscate Malicious Scripts
- Simple Anti-Sandbox Technique: Where's The Mouse?
- Python InfoStealer With Dynamic Sandbox Detection
- MSIX With Heavily Obfuscated PowerShell Script
- A Python MP3 Player with Builtin Keylogger Capability
- A Batch File With Multiple Payloads
- Facebook AdsManager Targeted by a Python Infostealer
- macOS Python Script Replacing Wallet Applications with Rogue Apps
- One File, Two Payloads
- Are you sure of your password?
- Python Keylogger Using Mailtrap.io
- Shall We Play a Game?
- An Example of RocketMQ Exploit Scanner
- CSharp Payload Phoning to a CobaltStrike Server
- Malicious Python Script with a TCL/TK GUI
- Quasar RAT Delivered Through Updated SharpLoader
- Redline Dropped Through MSIX Package
- Visual Examples of Code Injection
- Example of Phishing Campaign Project File
- Malware Dropped Through a ZPAQ Archive
- Multiple Layers of Anti-Sandboxing Techniques
- Size Matters for Many Security Controls
- Simple Netcat Backdoor in Python Script
- Are You Still Storing Passwords In Plain Text Files?
- macOS: Who?s Behind This Network Connection?
- Python Malware Using Postgresql for C2 Communications
- More Exotic Excel Files Dropping AgentTesla
- Have You Ever Heard of the Fernet Encryption Algorithm?
- Quick Malware Triage With Inotify Tools
- From a Zalando Phishing to a RAT
- Show me All Your Windows!
- Are Leaked Credentials Dumps Used by Attackers?
- Do Attackers Pay More Attention to IPv6?
- ShellCode Hidden with Steganography
- Suspicious IP Addresses Avoided by Malware Samples
- Deobfuscation of Malware Delivered Through a .bat File
- DSSuite (Didier's Toolbox) Docker Image Update
- The Importance of Malware Triage
- Word Document with an Online Attached Template
- Malicious Code Can Be Anywhere
- Malware Delivered Through .inf File
- Another RAT Delivered Through VBS
- Undetected PowerShell Backdoor Disguised as a Profile File
- Using DFIR Techniques To Recover From Infrastructure Outages
- Phishing Kit Collecting Victim's IP Address
- When the Phisher Messes Up With Encoding
- Increase in Malicious RAR SFX files
- Infostealer Embedded in a Word Document
- Increased Number of Configuration File Scans
- Quick IOC Scan With Docker
- Microsoft Netlogon: Potential Upcoming Impacts of CVE-2022-38023
- Detecting Suspicious API Usage with YARA Rules
- Bypassing PowerShell Strong Obfuscation
- From Phishing Kit To Telegram... or Not!
- Old Backdoor, New Obfuscation
- Simple Shellcode Dissection
- Overview of a Mirai Payload Generator
- Multi-Technology Script Leading to Browser Hijacking
- Python Infostealer Targeting Gamers
- Phishing Again and Again
- Phishing Page Branded with Your Corporate Website
- Obfuscated Deactivation of Script Block Logging
- A Backdoor with Smart Screenshot Capability
- A First Malicious OneNote Document
- Who's Resolving This Domain?
- AutoIT Remains Popular in the Malware Landscape
- NetworkMiner 2.8 Released
- Linux File System Monitoring & Actions
- Hunting for Mastodon Servers
- Attackers Keep Phishing Victims Under Stress
- Do you collect "Observables" or "IOCs"?
- Another Script-Based Ransomware
- Remcos Downloader with Unicode Obfuscation
- C2 Communications Through outlook.com
- Are Internet Scanning Services Good or Bad for You?
- Fileless Powershell Dropper
- Python Obfuscation for Dummies
- Critical Fortinet Vulnerability Ahead
- Powershell Backdoor with DGA Capability
- Easy Python Sandbox Detection
- Kids Like Cookies, Malware Too!
- RAT Delivered Through FODHelper
- Phishing Campaigns Use Free Online Resources
- Malicious Word Document with a Frameset
- Easy Process Injection within Python
- Paypal Phishing/Coinbase in One Image
- Who's Looking at Your security.txt File?
- 32 or 64 bits Malware?
- InfoStealer Script Based on Curl and NSudo
- How is Your macOS Security Posture?
- PowerShell Script with Fileless Capability
- Malicious Python Script Behaving Like a Rubber Ducky
- Using Referers to Detect Phishing Attacks
- Malicious Code Passed to PowerShell via the Clipboard
- Python (ab)using The Windows GUI
- FLOSS 2.0 Has Been Released
- Malicious PowerShell Targeting Cryptocurrency Browser Extensions
- Houdini is Back Delivered Through a JavaScript Dropper
- Sandbox Evasion... With Just a Filename!
- New Microsoft Office Attack Vector via "ms-msdt" Protocol Scheme (CVE-2022-30190)
- First Exploitation of Follina Seen in the Wild
- A 'Zip Bomb' to Bypass Security Controls & Sandboxes
- Use Your Browser Internal Password Vault... or Not?
- Octopus Backdoor is Back with a New Embedded Obfuscated Bat File
- Simple PDF Linking to Malicious Content
- Multi-Cryptocurrency Clipboard Swapper
- XLSB Files: Because Binary is Stealthier Than XML
- Malware Delivered Through Free Sharing Tool
- Clean Binaries with Suspicious Behaviour
- Keep an Eye on WebSockets
- Credentials Leaks on VirusTotal
- Infostealer in a Batch File
- Ukraine & Russia Situation From a Domain Names Perspective
- A Good Old Equation Editor Vulnerability Delivering Malware
- Remcos RAT Delivered Through Double Compressed Archive
- Who Are Those Bots?
- CinaRAT Delivered Through HTML ID Attributes
- Automation is Nice But Don't Replace Your Knowledge
- Be careful with RPMSG files
- Malicious ISO Embedded in an HTML Page
- Mixed VBA & Excel4 Macro In a Targeted Excel Sheet
- Obscure Wininet.dll Feature?
- RedLine Stealer Delivered Through FTP
- Custom Python RAT Builder
- Malicious Python Script Targeting Chinese People
- Code Reuse In the Malware Landscape
- A Simple Batch File That Blocks People
- McAfee Phishing Campaign with a Nice Fake Scan
- Nicely Crafted indeed.com Login Page
- More Undetected PowerShell Dropper
- Simple but Undetected PowerShell Backdoor
- Python Shellcode Injection From JSON Data
- The Importance of Out-of-Band Networks
- The UPX Packer Will Never Die!
- Info-Stealer Using webhook.site to Exfiltrate Data
- Downloader Disguised as Excel Add-In (XLL)
- JavaScript Downloader Delivers Agent Tesla Trojan
- Shadow IT Makes People More Vulnerable to Phishing
- (Ab)Using Security Tools & Controls for the Bad
- Thanks to COVID-19, New Types of Documents are Lost in The Wild
- Malicious PowerShell Using Client Certificate Authentication
- Port-Forwarding with Windows for the Win
- New Tool to Add to Your LOLBAS List: cvtres.exe
- Keep an Eye on Your Users Mobile Devices (Simple Inventory)
- Excel Recipe: Some VBA Code with a Touch of Excel4 Macro
- Malicious Calendar Subscriptions Are Back?
- Attackers Will Always Abuse Major Events in our Lifes
- Cryptocurrency Clipboard Swapper Delivered With Love
- Waiting for the C2 to Show Up
- Malicious Microsoft Word Remains A Key Infection Vector
- Infected With a .reg File
- Malicious Content Delivered Through archive.org
- Agent.Tesla Dropped via a .daa Image and Talking to Telegram
- Multiple BaseXX Obfuscations
- Using Sudo with Python For More Security Controls
- Python DLL Injection Check
- Kaseya VSA Users Hit by Ransomware
- "inception.py"... Multiple Base64 Encodings
- Do you Like Cookies? Some are for sale!
- Easy Access to the NIST RDS Database
- Sonicwall SRA 4600 Targeted By an Old Vulnerability
- Keeping an Eye on Dangerous Python Modules
- Russian Dolls VBS Obfuscation
- Malicious PowerShell Hosted on script.google.com
- Locking Kernel32.dll As Anti-Debugging Technique
- "Serverless" Phishing Campaign
- From RunDLL32 to JavaScript then PowerShell
- "Open" Access to Industrial Systems Interface is Also Far From Zero
- Alternative Ways To Perform Basic Tasks
- From Python to .Net
- Deeper Analyzis of my Last Malicious PowerPoint Add-On
- Malicious PowerPoint Add-On: "Small Is Beautiful"
- How Safe Are Your Docker Images?
- HTTPS Support for All Internal Services
- No Python Interpreter? This Simple RAT Installs Its Own Copy
- Simple Powershell Ransomware Creating a 7Z Archive of your Files
- C2 Activity: Sandboxes or Real Victims?
- Quick Analysis of a Modular InfoStealer
- Jumping into Shellcode
- Pastebin.com Used As a Simple C2 Channel
- Simple Python Keylogger
- Defenders, Know Your Operating System Like Attackers Do!
- Spotting the Red Team on VirusTotal!
- Spam Farm Spotted in the Wild
- From VBS, PowerShell, C Sharp, Process Hollowing to RAT
- Dynamic Data Exchange (DDE) is Back in the Wild?
- The new "LinkedInSecureMessage" ?
- AgentTesla Dropped Through Automatic Click in Microsoft Help File
- VBA Macro Trying to Alter the Application Menus
- New Example of XSL Script Processing aka "Mitre T1220"
- Sensitive Data Shared with Cloud Services
- Another File Extension to Block in your MTA: .jnlp
- Powershell Dropping a REvil Ransomware
- Malicious Word Document Delivering an Octopus Backdoor
- Malware Victim Selection Through WiFi Identification
- Python Backdoor Talking to a C2 Through Ngrok
- Live Patching Windows API Calls Using PowerShell
- Malicious Python Code and LittleSnitch Detection
- PowerShell Dropper Delivering Formbook
- When Security Controls Lead to Security Issues
- Old Worm But New Obfuscation Technique
- How Attackers Brush Up Their Malicious Scripts
- Did You Spot "Invoke-Expression"?
- Quick Status of the CAA DNS Record Adoption
- Mirai-alike Python Scanner
- Nicely Obfuscated Python RAT
- Analysis of a Phishing Kit
- Managing Remote Access for Partners & Contractors
- PowerShell Backdoor Launched from a ShellCode
- Some Tyler Technologies Customers Targeted with The Installation of a Bomgar Client
- Party in Ibiza with PowerShell
- Malicious Word Document with Dynamic Content
- A Mix of Python & VBA in a Malicious Word Document
- Suspicious Endpoint Containment with OSSEC
- Sandbox Evasion Using NTP
- Python and Risky Windows API Calls
- Example of Malicious DLL Injected in PowerShell
- Malicious Excel Sheet with a NULL VT Score
- Keep An Eye on LOLBins
- Tracking A Malware Campaign Through VT
- Example of Word Document Delivering Qakbot
- Using API's to Track Attackers
- A Fork of the FTCode Powershell Ransomware
- Powershell Bot with Multiple C2 Protocols
- Compromized Desktop Applications by Web Technologies
- Simple Blocklisting with MISP & pfSense
- If You Want Something Done Right, You Have To Do It Yourself... Malware Too!
- Sextortion to The Next Level
- Malicious Excel Delivering Fileless Payload
- Anti-Debugging JavaScript Techniques
- Anti-Debugging Technique based on Memory Protection
- Flashback on CVE-2019-19781
- AgentTesla Delivered via a Malicious PowerPoint Add-In
- Malware Triage with FLOSS: API Calls Based Behavior
- Using Nmap As a Lightweight Vulnerability Scanner
- Keeping an Eye on Malicious Files Life Time
- Collecting IOCs from IMAP Folder
- Powershell Payload Stored in a PSCredential Object
- Malicious Excel With a Strong Obfuscation and Sandbox Evasion
- Weaponized RTF Document Generator & Mailer in PowerShell
- PowerShell Sample Extracting Payload From SSL
- Obfuscated with a Simple 0x0A
- Malicious JavaScript Dropping Payload in the Registry
- Very Large Sample as Evasion Technique?
- COVID-19 Themed Multistage Malware
- Critical SMBv3 Vulnerability: Remote Code Execution
- Agent Tesla Delivered via Fake Canon EOS Notification on Free OwnCloud Account
- A Safe Excel Sheet Not So Safe
- Will You Put Your Password in a Survey?
- Show me Your Clipboard Data!
- Offensive Tools Are For Blue Teams Too
- Simple but Efficient VBScript Obfuscation
- Quick Analysis of an Encrypted Compound Document Format
- Keep an Eye on Command-Line Browsers
- Sandbox Detection Tricks & Nice Obfuscation in a Single VBScript
- Why Phishing Remains So Popular?
- Complex Obfuscation VS Simple Trick
- More Data Exfiltration
- Quick Analyzis of a(nother) Maldoc
- Ransomware in Node.js
- Bypassing UAC to Install a Cryptominer
- Code & Data Reuse in the Malware Ecosystem
- My Little DoH Setup
- Abusing Web Filters Misconfiguration for Reconnaissance
- Microsoft Apps Diverted from Their Main Use
- Keep an Eye on Remote Access to Mailboxes
- Generating PCAP Files from YAML
- Quick Malicious VBS Analysis
- Security Monitoring: At Network or Host Level?
- "Lost_Files" Ransomware
- New Scans for Polycom Autoconfiguration Files
- Huge Amount of remotewebaccess.com Sites Found in Certificate Transparency Logs
- Blocklisting or Whitelisting in the Right Way
- Agent Tesla Trojan Abusing Corporate Email Accounts
- Rig Exploit Kit Delivering VBScript
- Blocking Firefox DoH with Bind
- PowerShell Script with a builtin DLL
- Private IP Addresses in Malware Samples?
- Malware Dropping a Local Node.js Instance
- Malware Samples Compiling Their Next Stage on Premise
- Simple Mimikatz & RDPWrapper Dropper
- 100% JavaScript Phishing Page
- May People Be Considered as IOC?
- Malicious PHP Script Back on Stage?
- Analyzis of DNS TXT Records
- Russian Dolls Malicious Script Delivering Ursnif
- Malicious Script With Multiple Payloads
- Using a Travel Packing App for Infosec Purpose
- Interesting JavaScript Obfuscation Example
- Keep an Eye on Your WMI Logs
- Behavioural Malware Analysis with Microsoft ASA
- The Risk of Authenticated Vulnerability Scans
- From Phishing To Ransomware?
- DSSuite - A Docker Container with Didier's Tools
- Another Day, Another Suspicious UDF File
- Malware Sample Delivered Through UDF Image
- New Waves of Scans Detected by an Old Rule
- Running your Own Passive DNS Service
- New Wave of Extortion Emails: Central Intelligence Agency Case
- Keep an Eye on Disposable Email Addresses
- Simple Powershell Keyloggers are Back
- Old H-Worm Delivered Through GitHub
- Suspicious PDF Connecting to a Remote SMB Share
- Phishing Kit with JavaScript Keylogger
- Tracking Unexpected DNS Changes
- DNS Firewalling with MISP
- Malicious Script Leaking Data via FTP
- Using OSSEC Active-Response as a DFIR Framework
- Microsoft OOB Patch for Internet Explorer: Scripting Engine Memory Corruption Vulnerability
- Restricting PowerShell Capabilities with NetSh
- Phishing Attack Through Non-Delivery Notification
- More obfuscated shell scripts: Fake MacOS Flash update
- Obfuscated bash script targeting QNap boxes
- Divided Payload in Multiple Pasties
- VMware Affected by Dell EMC Avamar Vulnerability
- Querying DShield from Cortex
- The Challenge of Managing Your Digital Library
- Quickly Investigating Websites with Lookyloo
- Basic Obfuscation With Permissive Languages
- Malicious Powershell Script Dissection
- Dissecting Malicious Office Documents with Linux
- Diving into Malicious AutoIT Code
- Malicious Powershell using a Decoy Picture
- More Equation Editor Exploit Waves
- New Campaign Using Old Equation Editor Vulnerability
- "OG" Tools Remain Valuable
- More Excel DDE Code Injection
- Hunting for Suspicious Processes with OSSEC
- Malware Delivered Through MHT Files
- Crypto Mining in a Windows Headless Browser
- Malicious PowerShell Compiling C# Code on the Fly
- 3D Printers in The Wild, What Can Go Wrong?
- Crypto Mining Is More Popular Than Ever!
- Microsoft Publisher Files Delivering Malware
- Simple Phishing Through formcrafts.com
- Malicious DLL Loaded Through AutoIT
- Truncating Payloads and Anonymizing PCAP files
- Exploiting the Power of Curl
- Windows Batch File Deobfuscation
- Searching for Geographically Improbable Login Attempts
- Cryptominer Delivered Though Compromized JavaScript File
- Are Your Hunting Rules Still Working?
- PowerShell: ScriptBlock Logging... Or Not?
- Malicious JavaScript Targeting Mobile Browsers
- A Bunch of Compromized Wordpress Sites
- Converting PCAP Web Traffic to Apache Log
- Malicious Post-Exploitation Batch File
- Antivirus Evasion? Easy as 1,2,3
- "Blocked" Does Not Mean "Forget It"
- Malware Distributed via .slk Files
- Malicious Powershell Targeting UK Bank Customers
- Nice Phishing Sample Delivering Trickbot
- Adding Persistence Via Scheduled Tasks
- Diving into a Simple Maldoc Generator
- Malicious Network Traffic From /bin/bash
- The real value of an IOC?
- Webshell looking for interesting files
- A Suspicious Use of certutil.exe
- How are Your Vulnerabilities?
- Windows IRC Bot in the Wild
- Extending Hunting Capabilities in Your Network
- Automatic Hunting for Malicious Files Crossing your Network
- Surge in blackmailing?
- Administrator's Password Bad Practice
- Payload delivery via SMB
- CRIMEB4NK IRC Bot
- Malicious Bash Script with Multiple Features
- The Crypto Miners Fight For CPU Cycles
- Reminder: Beware of the "Cloud"
- Common Patterns Used in Phishing Campaigns Files
- Malware Delivered via Windows Installer Files
- Simple but Effective Malicious XLS Sheet
- Adaptive Phishing Kit
- Investigating Microsoft BITS Activity
- Ransomware as a Service
- Comment your Packet Captures!
- Mining or Nothing!
- 2017, The Flood of CVEs
- Example of 'MouseOver' Link in a Powerpoint File
- Microsoft Office VBA Macro Obfuscation via Metadata
- Tracking Newly Registered Domains
- StartSSL: Termination of Services is Now Scheduled
- Using Bad Material for the Good
- Phishing Kit (Ab)Using Cloud Services
- Apple High Sierra Uses a Passwordless Root Account
- Fileless Malicious PowerShell Sample
- Proactive Malicious Domain Search
- Top-100 Malicious IP STIX Feed
- Suspicious Domains Tracking Dashboard
- If you want something done right, do it yourself!
- Keep An Eye on your Root Certificates
- Interesting VBA Dropper
- Simple Analysis of an Obfuscated JAR File
- Some Powershell Malicious Code
- BadRabbit: New ransomware wave hitting RU & UA
- Stop relying on file extensions
- Version control tools aren't only for Developers
- Base64 All The Things!
- Investigating Security Incidents with Passive DNS
- The easy way to analyze huge amounts of PCAP data
- Getting some intelligence from malspam
- Another webshell, another backdoor!
- AutoIT based malware back in the wild
- Malicious AutoIT script delivered in a self-extracting RAR file
- Malicious script dropping an executable signed by Avast?
- Defang all the things!
- Maldoc with auto-updated link
- Analysis of a Paypal phishing kit
- Increase of phpMyAdmin scans
- TinyPot, My Small Honeypot
- Bots Searching for Keys & Config Files
- Backup Scripts, the FIM of the Poor
- A VBScript with Obfuscated Base64 Data
- Obfuscating without XOR
- Systemd Could Fallback to Google DNS?
- Phishing Campaigns Follow Trends
- Sharing Private Data with Webcast Invitations
- Critical Vulnerability in Samba from 3.5.0 onwards
- Typosquatting: Awareness and Hunting
- My Little CVE Bot
- Massive wave of ransomware ongoing
- When Bad Guys are Pwning Bad Guys...
- The story of the CFO and CEO...
- HTTP Headers... the Achilles' heel of many applications
- Another Day, Another Obfuscation Technique
- Analysis of a Maldoc with Multiple Layers of Obfuscation
- DNS Query Length... Because Size Does Matter
- Hunting for Malicious Excel Sheets
- Tracking Website Defacers with HTTP Referers
- Whitelists: The Holy Grail of Attackers
- Pro & Con of Outsourcing your SOC
- Diverting built-in features for the bad
- Critical VMware vulnerabilities disclosed
- Logical & Physical Security Correlation
- Nicely Obfuscated JavaScript Sample
- Searching for Base64-encoded PE Files
- Example of Multiple Stages Dropper
- Retro Hunting!
- The Side Effect of GeoIP Filters
- Not All Malware Samples Are Complex
- How your pictures may affect your website reputation
- Amazon S3 Outage
- Analysis of a Simple PHP Backdoor
- How was your stay at the Hotel La Playa?
- Analysis of a Suspicious Piece of JavaScript
- Many Malware Samples Found on Pastebin
- Detecting Undisclosed Vulnerabilities with Security Tools & Features
- Quick Analysis of Data Left Available by Attackers
- IOC's: Risks of False Positive Alerts Flood Ahead
- Malicious SVG Files in the Wild
- Backup Files Are Good but Can Be Evil
- Who's Attacking Me?
- Using Security Tools to Compromize a Network
- Ongoing Scans Below the Radar
- UAC Bypass in JScript Dropper
- The Passwords You Should Never Use
- Free Software Quick Security Checklist
- Example of Getting Analysts & Researchers Away
- Full Packet Capture for Dummies
- Another Day, Another Spam...
- Spam Delivered via .ICS Files
- WiFi Still Remains a Good Attack Vector
- Another Day, Another Malicious Behaviour
- SNMP Pwn3ge
- In Need of a OTP Manager Soon?
- Ongoing IMAP Scan, Anyone Else?
- Collecting Users Credentials from Locked Devices
- Malware Delivered via '.pub' Files
- Maxmind.com (Ab)used As Anti-Analysis Technique
- Out-of-Band iOS Patch Fixes 0-Day Vulnerabilities
- Example of Targeted Attack Through a Proxy PAC File
- Voice Message Notifications Deliver Ransomware
- Data Classification For the Masses
- Analyze of a Linux botnet client source code
- Critical Xen PV guests vulnerabilities
- Name All the Things!
- The Power of Web Shells
- Drupal: Patch released today to fix a highly critical RCE in contributed modules
- Hunting for Malicious Files with MISP + OSSEC
- Phishing Campaign with Blurred Images
- Ongoing Spam Campaign Related to Swift
- Using Your Password Manager to Monitor Data Leaks
- Offensive or Defensive Security? Both!
- Docker Containers Logging
- Keeping an Eye on Tor Traffic
- MISP - Malware Information Sharing Platform
- Another Day, Another Wave of Phishing Emails
- Microsoft BITS Used to Download Payloads
- Windows Command Line Persistence?
- What to watch with your FIM?
- Improving Bash Forensics Capabilities
- IP Addresses Triage
- Dockerized DShield SSH Honeypot
- SSH Honeypots (Ab)used as Proxy
- OSX Ransomware Spread via a Rogue BitTorrent Client Installer
- Another Malicious Document, Another Way to Deliver Malicious Code
- Quick Audit of *NIX Systems
- Analyzis of a Malicious .lnk File with an Embedded Payload
- VMware VMSA-2016-0002
- Reducing False Positives with Open Data Sources
- Hunting for Executable Code in Windows Environments
- More Malicious JavaScript Obfuscation
- EMET 5.5 Released
- Automating Vulnerability Scans
- All CVE Details at Your Fingertips
- Scripting Web Categorization
- /tmp, %TEMP%, ~/Desktop, T:\, ... A goldmine for pentesters!
- JavaScript Deobfuscation Tool
- Virtual Bitlocker Containers
- Hunting for Juicy Information
- Unity Makes Strength
- Playing With Sandboxes Like a Boss
- Enforcing USB Storage Policy with PowerShell
- Tracking SSL Certificates
- Automatic MIME attachments triage
- SIEM is not a product, its a process...
- Analyze of a malicious Word document with an embedded payload
- Tracking HTTP POST data with ELK
- USB cleaning device for the masses
- Victim of its own success and (ab)used by malwares
- The "Yes, but..." syndrome
- AV Phone Scan via Fake BSOD Web Pages
- Cyber Security Awareness Month... Through Proverbs
- Tracking Privileged Accounts in Windows Environments
- Detecting XCodeGhost Activity
- The Wordpress Plugins Playground
- Feeding DShield with OSSEC Logs
- Hunting for IOC's with ioc-parser
- Port Scanners: The Good and The Bad
- Querying the DShield API from RTIR
- Detecting file changes on Microsoft systems with FCIV