Date Author Title
2023-11-07Johannes UllrichWhat's Normal: New uses of DNS, Discovery of Designated Resolvers (DDR)
2023-07-26Xavier MertensSuspicious IP Addresses Avoided by Malware Samples
2023-06-24Guy BruneauEmail Spam with Attachment Modiloader
2023-05-20Xavier MertensPhishing Kit Collecting Victim's IP Address
2023-02-06Johannes UllrichAPIs Used by Bots to Detect Public IP address
2022-10-17Xavier MertensFileless Powershell Dropper
2022-02-11Xavier MertensCinaRAT Delivered Through HTML ID Attributes
2021-12-21Xavier MertensMore Undetected PowerShell Dropper
2021-09-15Brad DuncanHancitor campaign abusing Microsoft's OneDrive
2021-05-10Johannes UllrichCorrectly Validating IP Addresses: Why encoding matters for input validation.
2021-03-05Xavier MertensSpam Farm Spotted in the Wild
2021-03-04Xavier MertensFrom VBS, PowerShell, C Sharp, Process Hollowing to RAT
2021-01-15Brad DuncanThrowback Friday: An Example of Rig Exploit Kit
2020-12-23Jim ClausingAnalysis Dridex Dropper, IoC extraction (guest diary)
2020-11-19Xavier MertensPowerShell Dropper Delivering Formbook
2020-09-10Brad DuncanRecent Dridex activity
2020-08-18Xavier MertensUsing API's to Track Attackers
2020-05-13Brad DuncanMalspam with links to zip archives pushes Dridex malware
2020-03-25Brad DuncanRecent Dridex activity
2019-12-22Didier StevensExtracting VBA Macros From .DWG Files
2019-12-16Didier StevensMalicious .DWG Files?
2019-12-04Jan KoprivaAnalysis of a strangely poetic malware
2019-12-03Brad DuncanUrsnif infection with Dridex
2019-09-26Rob VandenBrinkMining MAC Address and OUI Information
2019-08-22Xavier MertensSimple Mimikatz & RDPWrapper Dropper
2019-06-18Brad DuncanMalspam with password-protected Word docs pushing Dridex
2019-06-14Jim ClausingA few Ghidra tips for IDA users, part 4 - function call graphs
2019-05-19Guy BruneauIs Metadata Only Approach, Good Enough for Network Traffic Analysis?
2019-05-03Jim ClausingA few Ghidra tips for IDA users, part 3 - conversion, labels, and comments
2019-04-17Jim ClausingA few Ghidra tips for IDA users, part 2 - strings and parameters
2019-04-08Jim ClausingA few Ghidra tips for IDA users, part 1 - the decompiler/unreachable code
2019-04-03Jim ClausingA few Ghidra tips for IDA users, part 0 - automatic comments for API call parameters
2019-03-14Didier StevensTip: Ghidra & ZIP Files
2019-03-08Remco VerhoefAnalysing meterpreter payload with Ghidra
2018-12-13Xavier MertensPhishing Attack Through Non-Delivery Notification
2018-08-01Johannes UllrichWhen Cameras and Routers attack Phones. Spike in CVE-2014-8361 Exploits Against Port 52869
2018-06-16Russ McReeAnomaly Detection & Threat Hunting with Anomalize
2018-04-27Tom WebbMore Threat Hunting with User Agent and Drupal Exploits
2018-04-25Johannes UllrichYet Another Drupal RCE Vulnerability
2017-11-07Xavier MertensInteresting VBA Dropper
2017-10-24Xavier MertensBadRabbit: New ransomware wave hitting RU & UA
2017-10-06Johannes UllrichWhat's in a cable? The dangers of unauthorized cables
2017-04-11Brad DuncanDridex malspam seen on Monday 2017-04-10
2016-08-31Deborah HaleDropbox Breach
2016-07-13Xavier MertensDrupal: Patch released today to fix a highly critical RCE in contributed modules
2016-07-03Guy BruneauIs Data Privacy part of your Company's Culture?
2016-06-22Bojan ZdrnjaSecurity through obscurity never works
2016-05-02Rick WannerFake Chrome update for Android
2015-07-28Rick WannerAndroid Stagefright multimedia viewer prone to remote exploitation
2015-04-06Guy Bruneau'Dead Drops' Hidden USB Sticks Around the World
2014-04-26Guy BruneauAndroid Users - Beware of Bitcoin Mining Malware
2014-04-05Jim ClausingThose strange e-mails with URLs in them can lead to Android malware
2014-04-01Basil Alawi S.TaherUpgrading Your Android, Elevating My Malware
2014-02-05Johannes UllrichTo Merrillville or Sochi: How Dangerous is it to travel?
2014-01-16Kevin ShorttPort 4028 - Interesting Activity
2013-12-28Russ McReeWeekend Reading List 27 DEC
2013-12-28Bojan ZdrnjaDRG online challenge(s)
2013-08-14Johannes UllrichImaging LUKS Encrypted Drives
2013-03-04Johannes UllrichIPv6 Focus Month: Addresses
2012-05-18Johannes UllrichZTE Score M Android Phone backdoor
2012-04-30Rob VandenBrinkFCC posts Enquiry Documents on Google Wardriving
2012-03-03Jim ClausingNew automated sandbox for Android malware
2011-11-01Russ McReeHoneynet Project: Android Reverse Engineering (A.R.E.) Virtual Machine released
2011-09-07Lenny ZeltserAnalyzing Mobile Device Malware - Honeynet Forensic Challenge 9 and Some Tools
2011-08-24Rob VandenBrinkDisaster Preparedness - Are We Shaken or Stirred?
2011-08-15Rob VandenBrink8 Years since the Eastern Seaboard Blackout - Has it Been that Long?
2011-06-01Johannes UllrichEnabling Privacy Enhanced Addresses for IPv6
2011-05-18Bojan ZdrnjaAndroid, HTTP and authentication tokens
2011-05-01Deborah HaleDroid MarketPlace Has a New App
2011-04-25Rob VandenBrinkWhat's Your (IP) Address Worth?
2011-03-03Manuel Humberto Santander PelaezRogue apps inside Android Marketplace
2010-12-31Bojan ZdrnjaAndroid malware enters 2011
2010-09-07Bojan ZdrnjaSSH password authentication insight and analysis by DRG
2010-08-13Tom ListonThe Strange Case of Doctor Jekyll and Mr. ED
2010-03-24Johannes Ullrich".sys" Directories Delivering Driveby Downloads
2010-02-28Mari NicholsDisasters take practice
2010-01-26Rob VandenBrinkVMware vSphere Hardening Guide Draft posted for public review
2010-01-14Bojan ZdrnjaDRG (Dragon Research Group) Distro available for general release
2010-01-11Johannes UllrichFake Android Application
2010-01-06Guy BruneauSecure USB Flaw Exposed
2009-11-13Deborah HaleIt's Never Too Early To Start Teaching Them
2009-11-05Swa FrantzenLegacy systems
2009-08-26Johannes UllrichMalicious CD ROMs mailed to banks
2009-07-03Adrien de BeaupreBCP/DRP
2008-11-25Andre LudwigTmobile G1 handsets having DNS problems?
2008-07-19William SaluskyA twist in fluxnet operations. Enter Hydraflux
2008-06-01Swa FrantzenThe Planet outage - what can we all learn from it?