| 2025-04-16 | Guy Bruneau | RedTail, Remnux and Malware Management [Guest Diary] |
| 2024-12-17 | Guy Bruneau | Command Injection Exploit For PHPUnit before 4.8.28 and 5.x before 5.6.3 [Guest Diary] |
| 2024-07-16 | Guy Bruneau | Who You Gonna Call? AndroxGh0st Busters! [Guest Diary] |
| 2024-07-08 | Xavier Mertens | Kunai: Keep an Eye on your Linux Hosts Activity |
| 2024-05-28 | Guy Bruneau | Is that It? Finding the Unknown: Correlations Between Honeypot Logs & PCAPs [Guest Diary] |
| 2024-04-07 | Guy Bruneau | A Use Case for Adding Threat Hunting to Your Security Operations Team. Detecting Adversaries Abusing Legitimate Tools in A Customer Environment. [Guest Diary] |
| 2023-11-07 | Johannes Ullrich | What's Normal: New uses of DNS, Discovery of Designated Resolvers (DDR) |
| 2023-07-26 | Xavier Mertens | Suspicious IP Addresses Avoided by Malware Samples |
| 2023-06-24 | Guy Bruneau | Email Spam with Attachment Modiloader |
| 2023-05-20 | Xavier Mertens | Phishing Kit Collecting Victim's IP Address |
| 2023-02-06 | Johannes Ullrich | APIs Used by Bots to Detect Public IP address |
| 2022-10-17 | Xavier Mertens | Fileless Powershell Dropper |
| 2022-02-11 | Xavier Mertens | CinaRAT Delivered Through HTML ID Attributes |
| 2021-12-21 | Xavier Mertens | More Undetected PowerShell Dropper |
| 2021-09-15 | Brad Duncan | Hancitor campaign abusing Microsoft's OneDrive |
| 2021-05-10 | Johannes Ullrich | Correctly Validating IP Addresses: Why encoding matters for input validation. |
| 2021-03-05 | Xavier Mertens | Spam Farm Spotted in the Wild |
| 2021-03-04 | Xavier Mertens | From VBS, PowerShell, C Sharp, Process Hollowing to RAT |
| 2021-01-15 | Brad Duncan | Throwback Friday: An Example of Rig Exploit Kit |
| 2020-12-23 | Jim Clausing | Analysis Dridex Dropper, IoC extraction (guest diary) |
| 2020-11-19 | Xavier Mertens | PowerShell Dropper Delivering Formbook |
| 2020-09-10 | Brad Duncan | Recent Dridex activity |
| 2020-08-18 | Xavier Mertens | Using API's to Track Attackers |
| 2020-05-13 | Brad Duncan | Malspam with links to zip archives pushes Dridex malware |
| 2020-03-25 | Brad Duncan | Recent Dridex activity |
| 2019-12-22 | Didier Stevens | Extracting VBA Macros From .DWG Files |
| 2019-12-16 | Didier Stevens | Malicious .DWG Files? |
| 2019-12-04 | Jan Kopriva | Analysis of a strangely poetic malware |
| 2019-12-03 | Brad Duncan | Ursnif infection with Dridex |
| 2019-09-26 | Rob VandenBrink | Mining MAC Address and OUI Information |
| 2019-08-22 | Xavier Mertens | Simple Mimikatz & RDPWrapper Dropper |
| 2019-06-18 | Brad Duncan | Malspam with password-protected Word docs pushing Dridex |
| 2019-06-14 | Jim Clausing | A few Ghidra tips for IDA users, part 4 - function call graphs |
| 2019-05-19 | Guy Bruneau | Is Metadata Only Approach, Good Enough for Network Traffic Analysis? |
| 2019-05-03 | Jim Clausing | A few Ghidra tips for IDA users, part 3 - conversion, labels, and comments |
| 2019-04-17 | Jim Clausing | A few Ghidra tips for IDA users, part 2 - strings and parameters |
| 2019-04-08 | Jim Clausing | A few Ghidra tips for IDA users, part 1 - the decompiler/unreachable code |
| 2019-04-03 | Jim Clausing | A few Ghidra tips for IDA users, part 0 - automatic comments for API call parameters |
| 2019-03-14 | Didier Stevens | Tip: Ghidra & ZIP Files |
| 2019-03-08 | Remco Verhoef | Analysing meterpreter payload with Ghidra |
| 2018-12-13 | Xavier Mertens | Phishing Attack Through Non-Delivery Notification |
| 2018-08-01 | Johannes Ullrich | When Cameras and Routers attack Phones. Spike in CVE-2014-8361 Exploits Against Port 52869 |
| 2018-06-16 | Russ McRee | Anomaly Detection & Threat Hunting with Anomalize |
| 2018-04-27 | Tom Webb | More Threat Hunting with User Agent and Drupal Exploits |
| 2018-04-25 | Johannes Ullrich | Yet Another Drupal RCE Vulnerability |
| 2017-11-07 | Xavier Mertens | Interesting VBA Dropper |
| 2017-10-24 | Xavier Mertens | BadRabbit: New ransomware wave hitting RU & UA |
| 2017-10-06 | Johannes Ullrich | What's in a cable? The dangers of unauthorized cables |
| 2017-04-11 | Brad Duncan | Dridex malspam seen on Monday 2017-04-10 |
| 2016-08-31 | Deborah Hale | Dropbox Breach |
| 2016-07-13 | Xavier Mertens | Drupal: Patch released today to fix a highly critical RCE in contributed modules |
| 2016-07-03 | Guy Bruneau | Is Data Privacy part of your Company's Culture? |
| 2016-06-22 | Bojan Zdrnja | Security through obscurity never works |
| 2016-05-02 | Rick Wanner | Fake Chrome update for Android |
| 2015-07-28 | Rick Wanner | Android Stagefright multimedia viewer prone to remote exploitation |
| 2015-04-06 | Guy Bruneau | 'Dead Drops' Hidden USB Sticks Around the World |
| 2014-04-26 | Guy Bruneau | Android Users - Beware of Bitcoin Mining Malware |
| 2014-04-05 | Jim Clausing | Those strange e-mails with URLs in them can lead to Android malware |
| 2014-04-01 | Basil Alawi S.Taher | Upgrading Your Android, Elevating My Malware |
| 2014-02-05 | Johannes Ullrich | To Merrillville or Sochi: How Dangerous is it to travel? |
| 2014-01-16 | Kevin Shortt | Port 4028 - Interesting Activity |
| 2013-12-28 | Russ McRee | Weekend Reading List 27 DEC |
| 2013-12-28 | Bojan Zdrnja | DRG online challenge(s) |
| 2013-08-14 | Johannes Ullrich | Imaging LUKS Encrypted Drives |
| 2013-03-04 | Johannes Ullrich | IPv6 Focus Month: Addresses |
| 2012-05-18 | Johannes Ullrich | ZTE Score M Android Phone backdoor |
| 2012-04-30 | Rob VandenBrink | FCC posts Enquiry Documents on Google Wardriving |
| 2012-03-03 | Jim Clausing | New automated sandbox for Android malware |
| 2011-11-01 | Russ McRee | Honeynet Project: Android Reverse Engineering (A.R.E.) Virtual Machine released |
| 2011-09-07 | Lenny Zeltser | Analyzing Mobile Device Malware - Honeynet Forensic Challenge 9 and Some Tools |
| 2011-08-24 | Rob VandenBrink | Disaster Preparedness - Are We Shaken or Stirred? |
| 2011-08-15 | Rob VandenBrink | 8 Years since the Eastern Seaboard Blackout - Has it Been that Long? |
| 2011-06-01 | Johannes Ullrich | Enabling Privacy Enhanced Addresses for IPv6 |
| 2011-05-18 | Bojan Zdrnja | Android, HTTP and authentication tokens |
| 2011-05-01 | Deborah Hale | Droid MarketPlace Has a New App |
| 2011-04-25 | Rob VandenBrink | What's Your (IP) Address Worth? |
| 2011-03-03 | Manuel Humberto Santander Pelaez | Rogue apps inside Android Marketplace |
| 2010-12-31 | Bojan Zdrnja | Android malware enters 2011 |
| 2010-09-07 | Bojan Zdrnja | SSH password authentication insight and analysis by DRG |
| 2010-08-13 | Tom Liston | The Strange Case of Doctor Jekyll and Mr. ED |
| 2010-03-24 | Johannes Ullrich | ".sys" Directories Delivering Driveby Downloads |
| 2010-02-28 | Mari Nichols | Disasters take practice |
| 2010-01-26 | Rob VandenBrink | VMware vSphere Hardening Guide Draft posted for public review |
| 2010-01-14 | Bojan Zdrnja | DRG (Dragon Research Group) Distro available for general release |
| 2010-01-11 | Johannes Ullrich | Fake Android Application |
| 2010-01-06 | Guy Bruneau | Secure USB Flaw Exposed |
| 2009-11-13 | Deborah Hale | It's Never Too Early To Start Teaching Them |
| 2009-11-05 | Swa Frantzen | Legacy systems |
| 2009-08-26 | Johannes Ullrich | Malicious CD ROMs mailed to banks |
| 2009-07-03 | Adrien de Beaupre | BCP/DRP |
| 2008-11-25 | Andre Ludwig | Tmobile G1 handsets having DNS problems? |
| 2008-07-19 | William Salusky | A twist in fluxnet operations. Enter Hydraflux |
| 2008-06-01 | Swa Frantzen | The Planet outage - what can we all learn from it? |
