2025-02-06 | Xavier Mertens | The Unbreakable Multi-Layer Anti-Debugging System |
2024-11-19 | Xavier Mertens | Detecting the Presence of a Debugger in Linux |
2024-08-22 | Johannes Ullrich | OpenAI Scans for Honeypots. Artificially Malicious? Action Abuse? |
2024-06-06 | Xavier Mertens | Malicious Python Script with a "Best Before" Date |
2024-03-19 | Johannes Ullrich | Attacker Hunting Firewalls |
2024-01-24 | Johannes Ullrich | How Bad User Interfaces Make Security Tools Harmful |
2024-01-18 | Johannes Ullrich | More Scans for Ivanti Connect "Secure" VPN. Exploits Public |
2024-01-16 | Johannes Ullrich | Scans for Ivanti Connect "Secure" VPN Vulnerability (CVE-2023-46805, CVE-2024-21887) |
2023-11-17 | Jan Kopriva | Phishing page with trivial anti-analysis features |
2022-06-01 | Jan Kopriva | HTML phishing attachments - now with anti-analysis features |
2022-03-27 | Didier Stevens | Video: Maldoc Cleaned by Anti-Virus |
2021-07-06 | Xavier Mertens | Python DLL Injection Check |
2021-05-21 | Xavier Mertens | Locking Kernel32.dll As Anti-Debugging Technique |
2020-12-29 | Jan Kopriva | Want to know what's in a folder you don't have a permission to access? Try asking your AV solution... |
2020-11-25 | Xavier Mertens | Live Patching Windows API Calls Using PowerShell |
2020-11-19 | Xavier Mertens | PowerShell Dropper Delivering Formbook |
2020-08-31 | Didier Stevens | Finding The Original Maldoc |
2020-08-29 | Didier Stevens | Malicious Excel Sheet with a NULL VT Score: More Info |
2020-06-16 | Johannes Ullrich | Odd "Protest" Spam (Scam?) Targeting Atlanta Police Foundation |
2020-06-04 | Xavier Mertens | Anti-Debugging Technique based on Memory Protection |
2020-01-23 | Xavier Mertens | Complex Obfuscation VS Simple Trick |
2019-07-16 | Russ McRee | Commando VM: The Complete Mandiant Offensive VM |
2019-07-11 | Johannes Ullrich | Remembering Mike Assante |
2018-06-25 | Didier Stevens | Guilty by association |
2016-12-24 | Didier Stevens | Pinging All The Way |
2016-10-17 | Didier Stevens | Maldoc VBA Anti-Analysis: Video |
2016-10-15 | Didier Stevens | Maldoc VBA Anti-Analysis |
2015-12-05 | Guy Bruneau | Are you looking to setup your own Malware Sandbox? |
2015-07-03 | Didier Stevens | Analyzing Quarantine Files |
2015-06-28 | Didier Stevens | The EICAR Test File |
2015-02-06 | Johannes Ullrich | Anthem, TurboTax and How Things "Fit Together" Sometimes |
2014-08-06 | Johannes Ullrich | Exploit Available for Symantec End Point Protection |
2014-08-04 | Russ McRee | Threats & Indicators: A Security Intelligence Lifecycle |
2014-07-30 | Rick Wanner | Symantec Endpoint Protection Privilege Escalation Zero Day |
2014-05-27 | Kevin Shortt | Avast forums hacked |
2014-03-11 | Basil Alawi S.Taher | Introduction to Memory Analysis with Mandiant Redline |
2014-03-02 | Stephen Hall | Symantec goes yellow |
2014-02-14 | Chris Mohan | SYM14-004 Symantec Endpoint Protection Management Vulnerabilities - http://www.symantec.com/business/support/index?page=content&id=TECH214866 |
2014-01-01 | Russ McRee | Six degrees of celebration: Juniper, ANT, Shodan, Maltego, Cisco, and Tails |
2013-12-28 | Russ McRee | Weekend Reading List 27 DEC |
2013-08-03 | Deborah Hale | What Anti-virus Program Is Right For You? |
2013-06-07 | Daniel Wesemann | 100% Compliant (for 65% of the systems) |
2013-05-20 | Guy Bruneau | Safe - Tools, Tactics and Techniques |
2013-04-26 | Russ McRee | What is "up to date anti-virus software"? |
2013-04-17 | John Bambenek | UPDATEDx1: Boston-Related Malware Campaigns Have Begun - Now with Waco Plant Explosion Fun |
2012-12-10 | Johannes Ullrich | Your CPA License has not been revoked |
2012-11-02 | Daniel Wesemann | The shortcomings of anti-virus software |
2012-06-19 | Daniel Wesemann | Vulnerabilityqueerprocessbrittleness |
2012-05-16 | Johannes Ullrich | Avira Antivirus false positives http://forum.avira.com/wbb/index.php?page=Thread&threadID=144875 |
2012-04-26 | Richard Porter | Define Irony: A medical device with a Virus? |
2012-04-13 | Daniel Wesemann | Anti-virus scanning exclusions |
2012-01-25 | Bojan Zdrnja | pcAnywhere users – patch now! |
2011-08-15 | Mark Hofman | How to find unwanted files on workstations |
2011-07-11 | John Bambenek | Another Defense Contractor Hacked in AntiSec Hacktivism Spree |
2011-06-02 | Johannes Ullrich | Some Insight into Apple's Anti-Virus Signatures |
2011-05-31 | Johannes Ullrich | Apple Improving OS X Anti-Malware Feature |
2011-05-19 | Daniel Wesemann | Fake AV Bingo |
2011-03-17 | Kevin Liston | So You Got an AV Alert. Now What? |
2011-03-09 | Kevin Shortt | AVG Anti-Virus 2011 False Positives - Luhe.Exploit.PDF.B |
2011-03-01 | Daniel Wesemann | AV software and "sharing samples" |
2011-01-18 | Daniel Wesemann | Yet another rogue anti-virus |
2011-01-12 | Richard Porter | Yet Another Data Broker? AOL Lifestream. |
2010-11-11 | Daniel Wesemann | Fake AV scams via Skype Chat |
2010-07-25 | Rick Wanner | Updated version of Mandiant's Web Historian |
2010-05-26 | Bojan Zdrnja | Malware modularization and AV detection evasion |
2010-05-16 | Rick Wanner | Symantec triggers on World of Warcraft update |
2010-02-15 | Johannes Ullrich | Various Olympics Related Dangerous Google Searches |
2010-02-07 | Rick Wanner | Mandiant Mtrends Report |
2009-12-29 | Rick Wanner | What's up with port 12174? Possible Symantec server compromise? |
2009-12-14 | Adrien de Beaupre | Anti-forensics, COFEE vs. DECAF |
2009-12-03 | Mark Hofman | Avast false positives |
2009-09-25 | Lenny Zeltser | Categories of Common Malware Traits |
2009-09-17 | Bojan Zdrnja | Why is Rogue/Fake AV so successful? |
2009-09-04 | Adrien de Beaupre | Fake anti-virus |
2009-08-29 | Guy Bruneau | Immunet Protect - Cloud and Community Malware Protection |
2009-08-19 | Daniel Wesemann | Checking your protection |
2009-08-13 | Johannes Ullrich | CA eTrust update crashes systems |
2009-07-11 | Marcus Sachs | Imageshack |
2009-05-19 | Rick Wanner | New Version of Mandiant Highlighter |
2009-03-10 | Swa Frantzen | conspiracy fodder: pifts.exe |
2009-02-05 | Rick Wanner | Mandiant Memoryze review, Hilighter, other Mandiant tools! |
2008-09-15 | donald smith | Fake antivirus 2009 and search engine results |
2008-04-22 | donald smith | Symantec decomposer rar bypass allowed malicious content. |
2008-04-07 | John Bambenek | HP USB Keys Shipped with Malware for your Proliant Server |
2006-10-30 | William Salusky | ToD - Configuration Management - maintaining security awareness |