Date Author Title
2024-02-03Guy BruneauDShield Sensor Log Collection with Elasticsearch
2023-01-04Rob VandenBrinkUpdate to RTRBK - Diff and File Dates in PowerShell
2023-01-02Xavier MertensNetworkMiner 2.8 Released
2022-10-27Tom WebbSupersizing your DUO and 365 Integration
2022-05-30Xavier MertensNew Microsoft Office Attack Vector via "ms-msdt" Protocol Scheme (CVE-2022-30190)
2022-04-17Didier StevensVideo: Office Protects You From Malicious ISO Files
2022-04-16Didier StevensOffice Protects You From Malicious ISO Files
2022-01-25Brad DuncanEmotet Stops Using 0.0.0.0 in Spambot Traffic
2021-12-19Didier StevensOffice 2021: VBA Project Version
2021-11-28Didier StevensVideo: YARA Rules for Office Maldocs
2021-11-23Didier StevensYARA Rule for OOXML Maldocs: Less False Positives
2021-11-07Didier StevensVideo: Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory
2021-11-06Didier StevensDecrypting Cobalt Strike Traffic With Keys Extracted From Process Memory
2021-10-25Didier StevensDecrypting Cobalt Strike Traffic With a "Leaked" Private Key
2021-09-08Johannes UllrichMicrosoft Offers Workaround for 0-Day Office Vulnerability (CVE-2021-40444)
2021-06-23Johannes UllrichStanding With Security Researchers Against Misuse of the DMCA
2021-04-10Guy BruneauBuilding an IDS Sensor with Suricata & Zeek with Logs to ELK
2021-02-15Johannes UllrichSecuring and Optimizing Networks: Using pfSense Traffic Shaper Limiters to Combat Bufferbloat
2020-12-12Didier StevensOffice 95 Excel 4 Macros
2020-12-03Brad DuncanTraffic Analysis Quiz: Mr Natural
2020-11-11Brad DuncanTraffic Analysis Quiz: DESKTOP-FX23IK5
2020-11-08Didier StevensQuick Tip: Extracting all VBA Code from a Maldoc
2020-09-23Xavier MertensMalicious Word Document with Dynamic Content
2020-08-20Rob VandenBrinkOffice 365 Mail Forwarding Rules (and other Mail Rules too)
2020-05-31Guy BruneauWindows 10 Built-in Packet Sniffer - PktMon
2020-04-16Johannes UllrichUsing AppLocker to Prevent Living off the Land Attacks
2020-02-21Xavier MertensQuick Analysis of an Encrypted Compound Document Format
2019-12-28Didier StevensCorrupt Office Documents
2019-12-09Didier Stevens(Lazy) Sunday Maldoc Analysis
2019-07-16Russ McReeCommando VM: The Complete Mandiant Offensive VM
2019-04-07Guy BruneauFake Office 365 Payment Information Update
2019-04-01Didier StevensAnalysis of PDFs Created with OpenOffice/LibreOffice
2018-12-13Xavier MertensPhishing Attack Through Non-Delivery Notification
2018-11-18Guy BruneauMultipurpose PCAP Analysis Tool
2018-10-10Xavier MertensNew Campaign Using Old Equation Editor Vulnerability
2018-09-04Rob VandenBrinkLet's Trade: You Read My Email, I'll Read Your Password!
2018-06-27Renato MarinhoSilently Profiling Unknown Malware Samples
2018-05-25Xavier MertensAntivirus Evasion? Easy as 1,2,3
2018-05-01Xavier MertensDiving into a Simple Maldoc Generator
2017-12-16Xavier MertensMicrosoft Office VBA Macro Obfuscation via Metadata
2017-11-15Xavier MertensIf you want something done right, do it yourself!
2017-05-24Brad DuncanJaff ransomware gets a makeover
2017-04-28Xavier MertensAnother Day, Another Obfuscation Technique
2017-02-24Rick WannerCloudflare data leak...what does it mean to me?
2017-01-31Johannes UllrichMalicious Office files using fileless UAC bypass to drop KEYBASE malware
2016-09-30Xavier MertensAnother Day, Another Malicious Behaviour
2016-07-19Didier StevensOffice Maldoc: Let's Focus on the VBA Macros Later...
2016-06-09Xavier MertensOffensive or Defensive Security? Both!
2016-05-14Guy BruneauINetSim as a Basic Honeypot
2016-01-24Didier StevensObfuscated MIME Files
2015-12-15Russ McReeSecurity Management vs Chaos: Understanding the Butterfly Effect to Manage Outcomes & Reduce Chaos
2015-05-03Russ McReeVolDiff, for memory image differential analysis
2015-03-16Johannes UllrichAutomatically Documenting Network Connections From New Devices Connected to Home Networks
2015-02-20Tom WebbFast analysis of a Tax Scam
2015-02-19Daniel WesemannMacros? Really?!
2014-07-10Rob VandenBrinkCertificate Errors in Office 365 Today
2014-06-22Russ McReeOfficeMalScanner helps identify the source of a compromise
2013-12-02Richard PorterReports of higher than normal SSH Attacks
2013-11-05Daniel WesemannTIFF images in MS-Office documents used in targeted attacks
2013-10-02John BambenekObamacare related domain registration spike, Government shutdown domain registration beginning
2013-06-05Richard PorterWireshark 1.10.0 Stable Released http://www.wireshark.org/download.html
2013-05-07Jim ClausingNGINX updates address buffer overflow (CVE-2013-2028) see http://nginx.org/en/CHANGES-1.4
2013-03-09Guy BruneauIPv6 Focus Month: IPv6 Encapsulation - Protocol 41
2013-02-03Lorna HutchesonIs it Really an Attack?
2013-01-18Russ McReeSourcefire VRT rules update addresses remote stack buffer overflow in rule 3:20275
2012-12-02Guy BruneauZero Day MySQL Buffer Overflow
2012-09-14Lenny ZeltserAnalyzing Malicious RTF Files Using OfficeMalScanner's RTFScan
2012-08-30Bojan ZdrnjaAnalyzing outgoing network traffic (part 2)
2012-08-23Bojan ZdrnjaAnalyzing outgoing network traffic
2012-06-04Lenny ZeltserDecoding Common XOR Obfuscation in Malicious Code
2011-11-10Rob VandenBrinkStuff I Learned Scripting - - Parsing XML in a One-Liner
2011-11-08Swa FrantzenFirefox 8.0 released
2011-10-01Mark HofmanHot on the heels fo FF, Thunderbird v 7.0.1 and SeaMonkey v 2.4.1 have been updated.
2011-01-28Guy BruneauOpenOffice Security Fixes
2011-01-15Jim ClausingWhat's up with port 8881?
2010-10-26Pedro BuenoCyber Security Awareness Month - Day 26 - Sharing Office Files
2010-06-06Manuel Humberto Santander PelaezNice OS X exploit tutorial
2010-06-05Guy BruneauOpenOffice.org 3.2.1 Fixes Bugs and Vulnerabilities
2010-05-19Jason LamEFF paper about browser tracking
2010-02-22Rob VandenBrinkMultiple Security Updates for OpenOffice ==> http://www.openoffice.org/security/bulletin.html
2010-02-17Rob VandenBrinkMultiple Security Updates for ESX 3.x and ESXi 3.x
2010-01-08Rob VandenBrinkMicrosoft OfficeOnline, Searching for Trust and Malware
2009-12-24Guy BruneauF5 BIG-IP ASM and PSM Remote Buffer Overflow
2009-07-16Bojan ZdrnjaOWC exploits used in SQL injection attacks
2009-07-13Adrien de BeaupreVulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution
2009-01-21Raul SilesTraffic increase for port UDP/8247
2008-11-17Marcus SachsNew Tool: NetWitness Investigator
2008-06-10Swa FrantzenLinux ASN.1 BER kernel buffer overflow
2008-04-16William StearnsPasser, a aassive machine and service sniffer