Date Author Title

MAC INFO

2021-03-12Guy BruneauMicrosoft DHCP Logs Shipped to ELK

MAC

2025-04-02/a>Guy BruneauExploring Statistical Measures to Predict URLs as Legitimate or Intrusive [Guest Diary]
2025-03-31/a>Johannes UllrichApple Patches Everything: March 31st 2025 Edition
2025-03-26/a>Jesse La Grew[Guest Diary] Leveraging CNNs and Entropy-Based Feature Selection to Identify Potential Malware Artifacts of Interest
2025-03-11/a>Johannes UllrichApple Fixes Exploited WebKit Vulnerability in iOS, MacOS, visionOS and Safari
2024-12-11/a>Johannes UllrichApple Updates Everything (iOS, iPadOS, macOS, watchOS, tvOS, visionOS)
2024-10-28/a>Johannes UllrichApple Updates Everything
2024-10-07/a>Xavier MertensmacOS Sequoia: System/Network Admins, Hold On!
2024-07-30/a>Johannes UllrichApple Patches Everything. July 2024 Edition
2024-07-10/a>Jesse La GrewFinding Honeypot Data Clusters Using DBSCAN: Part 1
2024-01-22/a>Johannes UllrichApple Updates Everything - New 0 Day in WebKit
2024-01-19/a>Xavier MertensmacOS Python Script Replacing Wallet Applications with Rogue Apps
2023-12-11/a>Johannes UllrichApple Patches Everything
2023-09-26/a>Johannes UllrichApple Releases MacOS Sonoma Including Numerous Security Patches
2023-09-11/a>Johannes UllrichApple fixes 0-Day Vulnerability in Older Operating Systems
2023-09-07/a>Johannes UllrichApple Releases iOS/iPadOS 16.6.1, macOS 13.5.2, watchOS 9.6.2 fixing two zeroday vulnerabilities
2023-08-26/a>Xavier MertensmacOS: Who?s Behind This Network Connection?
2023-06-22/a>Johannes UllrichApple Patches Exploited Vulnerabilities in iOS/iPadOS, macOS, watchOS and Safari
2023-04-07/a>Johannes UllrichApple Patching Two 0-Day Vulnerabilities in iOS and macOS
2023-03-27/a>Johannes UllrichApple Updates Everything (including Studio Display)
2022-07-26/a>Xavier MertensHow is Your macOS Security Posture?
2022-07-20/a>Johannes UllrichApple Patches Everything Day
2022-04-20/a>Brad Duncan"aa" distribution Qakbot (Qbot) infection with DarkVNC traffic
2022-03-31/a>Johannes UllrichApple Patches Actively Exploited Vulnerability in macOS, iOS and iPadOS,
2022-03-25/a>Xavier MertensXLSB Files: Because Binary is Stealthier Than XML
2022-03-14/a>Johannes UllrichApple Updates Everything: MacOS 12.3, XCode 13.3, tvOS 15.4, watchOS 8.5, iPadOS 15.4 and more
2022-02-10/a>Johannes UllrichiOS/iPadOS and MacOS Update: Single WebKit 0-Day Vulnerability Patched
2022-01-27/a>Johannes UllrichApple Patches Everything
2022-01-22/a>Xavier MertensMixed VBA & Excel4 Macro In a Targeted Excel Sheet
2021-12-28/a>Russ McReeLotL Classifier tests for shells, exfil, and miners
2021-12-20/a>Jan KoprivaPowerPoint attachments, Agent Tesla and code reuse in malware
2021-12-02/a>Brad DuncanTA551 (Shathak) pushes IcedID (Bokbot)
2021-09-23/a>Xavier MertensExcel Recipe: Some VBA Code with a Touch of Excel4 Macro
2021-09-01/a>Brad DuncanSTRRAT: a Java-based RAT that doesn't care if you have Java
2021-08-06/a>Xavier MertensMalicious Microsoft Word Remains A Key Infection Vector
2021-04-23/a>Xavier MertensMalicious PowerPoint Add-On: "Small Is Beautiful"
2021-03-12/a>Guy BruneauMicrosoft DHCP Logs Shipped to ELK
2021-03-03/a>Brad DuncanQakbot infection with Cobalt Strike
2021-02-25/a>Daniel WesemannForensicating Azure VMs
2021-02-23/a>Jan KoprivaQakbot in a response to Full Disclosure post
2021-02-05/a>Xavier MertensVBA Macro Trying to Alter the Application Menus
2021-02-03/a>Brad DuncanExcel spreadsheets push SystemBC malware
2021-02-02/a>Xavier MertensNew Example of XSL Script Processing aka "Mitre T1220"
2021-01-26/a>Brad DuncanTA551 (Shathak) Word docs push Qakbot (Qbot)
2021-01-20/a>Brad DuncanQakbot activity resumes after holiday break
2021-01-14/a>Bojan ZdrnjaDynamically analyzing a heavily obfuscated Excel 4 macro malicious file
2021-01-13/a>Brad DuncanHancitor activity resumes after a hoilday break
2020-12-22/a>Xavier MertensMalware Victim Selection Through WiFi Identification
2020-12-09/a>Brad DuncanRecent Qakbot (Qbot) activity
2020-11-20/a>Xavier MertensMalicious Python Code and LittleSnitch Detection
2020-11-09/a>Xavier MertensHow Attackers Brush Up Their Malicious Scripts
2020-10-26/a>Didier StevensExcel 4 Macros: "Abnormal Sheet Visibility"
2020-10-14/a>Brad DuncanMore TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-09-23/a>Xavier MertensMalicious Word Document with Dynamic Content
2020-09-18/a>Xavier MertensA Mix of Python & VBA in a Malicious Word Document
2020-09-10/a>Brad DuncanRecent Dridex activity
2020-09-09/a>Johannes UllrichA First Look at macOS 11 Big Sur Network Traffic (New! Now with more GREASE!)
2020-08-26/a>Xavier MertensMalicious Excel Sheet with a NULL VT Score
2020-08-19/a>Xavier MertensExample of Word Document Delivering Qakbot
2020-08-07/a>Brad DuncanTA551 (Shathak) Word docs push IcedID (Bokbot)
2020-08-06/a>Xavier MertensA Fork of the FTCode Powershell Ransomware
2020-08-03/a>Xavier MertensPowershell Bot with Multiple C2 Protocols
2020-07-15/a>Brad DuncanWord docs with macros for IcedID (Bokbot)
2020-07-11/a>Guy BruneauVMware XPC Client validation privilege escalation vulnerability - https://www.vmware.com/security/advisories/VMSA-2020-0017.html
2020-07-10/a>Brad DuncanExcel spreasheet macro kicks off Formbook infection
2020-07-04/a>Russ McReeHappy FouRth of July from the Internet Storm Center
2020-06-12/a>Xavier MertensMalicious Excel Delivering Fileless Payload
2020-06-10/a>Brad DuncanJob application-themed malspam pushes ZLoader
2020-06-01/a>Didier StevensXLMMacroDeobfuscator: An Update
2020-05-20/a>Brad DuncanMicrosoft Word document with malicious macro pushes IcedID (Bokbot)
2020-04-05/a>Guy BruneauMaldoc XLS Invoice with Excel 4 Macros
2020-03-29/a>Didier StevensObfuscated Excel 4 Macros
2020-03-18/a>Brad DuncanTrickbot gtag red5 distributed as a DLL file
2020-03-09/a>Didier StevensMalicious Spreadsheet With Data Connection and Excel 4 Macros
2020-03-06/a>Xavier MertensA Safe Excel Sheet Not So Safe
2020-02-24/a>Didier StevensMaldoc: Excel 4 Macros and VBA, Devil and Angel?
2020-02-23/a>Didier StevensMaldoc: Excel 4 Macros in OOXML Format
2020-02-21/a>Xavier MertensQuick Analysis of an Encrypted Compound Document Format
2020-01-22/a>Brad DuncanGerman language malspam pushes Ursnif
2020-01-09/a>Xavier MertensQuick Analyzis of a(nother) Maldoc
2019-12-11/a>Brad DuncanGerman language malspam pushes yet another wave of Trickbot
2019-12-04/a>Jan KoprivaAnalysis of a strangely poetic malware
2019-10-02/a>Brad DuncanA recent example of Emotet malspam
2019-09-26/a>Rob VandenBrinkMining MAC Address and OUI Information
2019-09-18/a>Brad DuncanEmotet malspam is back
2019-07-08/a>Didier StevensMachine Code? No!
2019-07-04/a>Didier StevensMachine Code?
2019-06-18/a>Brad DuncanMalspam with password-protected Word docs pushing Dridex
2019-03-17/a>Didier StevensVideo: Maldoc Analysis: Excel 4.0 Macro
2019-03-16/a>Didier StevensMaldoc: Excel 4.0 Macros
2019-03-13/a>Brad DuncanMalspam pushes Emotet with Qakbot as the follow-up malware
2019-01-24/a>Brad DuncanMalspam with Word docs uses macro to run Powershell script and steal system data
2018-12-18/a>Brad DuncanMalspam links to password-protected Word docs that push IcedID (Bokbot)
2018-11-27/a>Xavier MertensMore obfuscated shell scripts: Fake MacOS Flash update
2018-11-15/a>Brad DuncanEmotet infection with IcedID banking Trojan
2018-11-04/a>Pasquale StirparoBeyond good ol' LaunchAgent - part 1
2018-10-21/a>Pasquale StirparoBeyond good ol’ LaunchAgent - part 0
2018-08-24/a>Xavier MertensMicrosoft Publisher Files Delivering Malware
2018-06-29/a>Remco VerhoefCrypto community target of MacOS malware
2018-05-25/a>Xavier MertensAntivirus Evasion? Easy as 1,2,3
2018-05-23/a>Remco VerhoefTrack naughty and nice binaries with Google Santa
2018-05-01/a>Xavier MertensDiving into a Simple Maldoc Generator
2017-12-19/a>Xavier MertensExample of 'MouseOver' Link in a Powerpoint File
2017-12-16/a>Xavier MertensMicrosoft Office VBA Macro Obfuscation via Metadata
2017-11-15/a>Xavier MertensIf you want something done right, do it yourself!
2017-09-19/a>Jim ClausingNew tool: mac-robber.py
2017-02-26/a>Guy BruneauIt is Tax Season - Watch out for Suspicious Attachment
2016-09-30/a>Xavier MertensAnother Day, Another Malicious Behaviour
2015-02-19/a>Daniel WesemannMacros? Really?!
2014-01-24/a>Chris MohanSecurity Update for OS X for CVE-2014-1252 http://support.apple.com/kb/HT6117
2013-12-17/a>Adrien de BeaupreApple security updates Mac OS X and Safari
2013-10-22/a>Richard PorterGreenbone and OpenVAS Scanner
2013-10-02/a>John BambenekObamacare related domain registration spike, Government shutdown domain registration beginning
2013-09-10/a>Swa FrantzenMacs need to patch too!
2013-08-09/a>Kevin ShorttCopy Machines - Changing Scanned Content
2013-03-02/a>Scott FendleyApple Blocks Older Insecure Versions of Flash Player
2012-07-05/a>Adrien de BeaupreNew OS X trojan backdoor MaControl variant reported
2012-05-05/a>Tony CarothersVulnerability Exploit for Snow Leopard
2012-04-12/a>Guy BruneauApple Java Updates for Mac OS X
2012-02-24/a>Guy BruneauFlashback Trojan in the Wild
2012-02-04/a>Scott FendleyApple Security Advisory 2012-001 v1.1
2011-08-05/a>donald smithNew Mac Trojan: BASH/QHost.WB
2011-06-23/a>Jim ClausingApple Security Updates 2011-004
2011-06-15/a>Pedro BuenoHit by MacDefender, Apple Web Security (name your Mac FakeAV here)...
2011-05-26/a>Swa FrantzenMacDefender ups the ante with removing the password need for installation
2011-05-06/a>Richard PorterUnpatched Exploit: Skype for MAC
2010-11-16/a>Guy BruneauMac OS X Server v10.6.5 (10H575) Security Update: http://support.apple.com/kb/HT4452
2010-06-17/a>Deborah HaleDigital Copy Machines - Security Risk?
2010-06-15/a>Manuel Humberto Santander PelaezApple releases advisory for Mac OS X - Multiple vulnerabilities discovered
2010-03-29/a>Adrien de BeaupreAPPLE-SA-2010-03-29-1 Security Update 2010-002 / Mac OS X v10.6.3
2010-02-05/a>Jim ClausingMemory Analysis - time to move beyond XP
2010-01-12/a>Adrien de BeauprePoC for CVE-2009-0689 MacOS X 10.5/10.6 vulnerability
2009-12-07/a>Rob VandenBrinkLayer 2 Network Protections – reloaded!
2009-11-09/a>Guy BruneauApple Security Update 2009-006 for Mac OS X v10.6.2
2009-01-24/a>Pedro BuenoIdentifying and Removing the iWork09 Trojan
2008-07-17/a>Mari NicholsFirefox Releases 3.0.1 and fixes 3 security vulnerabilities
2008-04-30/a>Bojan Zdrnja(Minor) evolution in Mac DNS changer malware
2008-04-02/a>Adrien de BeaupreWhen is a DMG file not a DMG file
2006-12-12/a>Swa FrantzenMicrosoft Office 2004 - Mac OS X updated
2006-11-29/a>Toby KohlenbergNew Vulnerability Announcement and patches from Apple

INFO

2025-04-15/a>Xavier MertensOnline Services Again Abused to Exfiltrate Data
2025-01-29/a>Xavier MertensFrom PowerShell to a Python Obfuscation Race!
2025-01-28/a>Xavier MertensFileless Python InfoStealer Targeting Exodus
2024-11-30/a>Xavier MertensFrom a Regular Infostealer to its Obfuscated Version
2024-11-22/a>Xavier MertensAn Infostealer Searching for « BIP-0039 » Data
2024-11-07/a>Xavier MertensSteam Account Checker Poisoned with Infostealer
2024-10-31/a>Guy BruneauOctober 2024 Activity with Username chenzilong
2024-10-09/a>Xavier MertensFrom Perfctl to InfoStealer
2024-09-18/a>Guy BruneauTime-to-Live Analysis of DShield Data with Vega-Lite
2024-09-18/a>Xavier MertensPython Infostealer Patching Windows Exodus App
2024-08-27/a>Xavier MertensWhy Is Python so Popular to Infect Windows Hosts?
2024-05-31/a>Xavier Mertens"K1w1" InfoStealer Uses gofile.io for Exfiltration
2024-05-22/a>Rob VandenBrinkNMAP Scanning without Scanning (Part 2) - The ipinfo API
2024-02-20/a>Xavier MertensPython InfoStealer With Dynamic Sandbox Detection
2024-01-25/a>Xavier MertensFacebook AdsManager Targeted by a Python Infostealer
2023-12-22/a>Xavier MertensShall We Play a Game?
2023-09-29/a>Xavier MertensAre You Still Storing Passwords In Plain Text Files?
2023-05-04/a>Xavier MertensInfostealer Embedded in a Word Document
2023-03-12/a>Guy BruneauAsynRAT Trojan - Bill Payment (Pago de la factura)
2023-03-01/a>Xavier MertensPython Infostealer Targeting Gamers
2023-02-18/a>Guy BruneauSpear Phishing Handlers for Username/Password
2023-02-04/a>Guy BruneauAssemblyline as a Malware Analysis Sandbox
2023-01-21/a>Guy BruneauDShield Sensor JSON Log to Elasticsearch
2023-01-08/a>Guy BruneauDShield Sensor JSON Log Analysis
2022-12-21/a>Guy BruneauDShield Sensor Setup in Azure
2022-12-18/a>Guy BruneauInfostealer Malware with Double Extension
2022-08-13/a>Guy BruneauPhishing HTML Attachment as Voicemail Audio Transcription
2022-08-11/a>Xavier MertensInfoStealer Script Based on Curl and NSudo
2022-03-23/a>Brad DuncanArkei Variants: From Vidar to Mars Stealer
2022-03-09/a>Xavier MertensInfostealer in a Batch File
2022-02-13/a>Guy BruneauDHL Spear Phishing to Capture Username/Password
2021-12-21/a>Xavier MertensMore Undetected PowerShell Dropper
2021-12-14/a>Johannes UllrichLog4j: Getting ready for the long haul (CVE-2021-44228)
2021-12-01/a>Xavier MertensInfo-Stealer Using webhook.site to Exfiltrate Data
2021-05-08/a>Guy BruneauWho is Probing the Internet for Research Purposes?
2021-04-06/a>Jan KoprivaMalspam with Lokibot vs. Outlook and RFCs
2021-03-31/a>Xavier MertensQuick Analysis of a Modular InfoStealer
2021-03-12/a>Guy BruneauMicrosoft DHCP Logs Shipped to ELK
2020-12-29/a>Jan KoprivaWant to know what's in a folder you don't have a permission to access? Try asking your AV solution...
2019-11-27/a>Brad DuncanFinding an Agent Tesla malware sample
2019-10-09/a>Brad DuncanWhat data does Vidar malware steal from an infected host?
2019-01-24/a>Brad DuncanMalspam with Word docs uses macro to run Powershell script and steal system data
2018-11-11/a>Pasquale StirparoCommunity contribution: joining forces or multiply solutions?
2017-05-06/a>Xavier MertensThe story of the CFO and CEO...
2016-10-02/a>Guy BruneauIs there an Infosec Cybersecurity Talent Shortage?
2015-01-23/a>Adrien de BeaupreInfocon change to yellow for Adobe Flash issues
2014-09-26/a>Richard PorterWhy We Have Moved to InfoCon:Yellow
2014-05-22/a>Johannes UllrichDiscontinuing Support for ISC Alert Task Bar Icon
2014-04-14/a>Kevin ShorttINFOCon Green: Heartbleed - on the mend
2013-02-17/a>Guy BruneauHP ArcSight Connector Appliance and Logger Vulnerabilities
2012-03-16/a>Swa FrantzenINFOCON Yellow - Microsoft RDP - MS12-020
2012-01-19/a>Chris MohanWHOIS contacts are your friends
2012-01-13/a>Guy BruneauSysinternals Updates - http://blogs.technet.com/b/sysinternals/archive/2012/01/13/updates-autoruns-v11-21-coreinfo-v3-03-portmon-v-3-03-process-explorer-v15-12-mark-s-blog-and-mark-at-rsa-2012.aspx
2011-02-05/a>Guy BruneauOpenSSH Legacy Certificate Information Disclosure Vulnerability
2011-01-12/a>Richard PorterHow Many Loyalty Cards do you Carry?
2010-12-26/a>Manuel Humberto Santander PelaezISC infocon monitor app for OS X
2010-10-22/a>Manuel Humberto Santander PelaezIntypedia project
2010-07-24/a>Manuel Humberto Santander PelaezTransmiting logon information unsecured in the network
2010-07-20/a>Manuel Humberto Santander PelaezLowering infocon back to green
2010-06-15/a>Manuel Humberto Santander PelaeziPhone 4 Order Security Breach Exposes Private Information
2010-04-21/a>Guy BruneauGoogle Chrome Security Update v4.1.249.1059 Released: http://googlechromereleases.blogspot.com/2010/04/stable-update-security-fixes.html
2010-03-27/a>Guy BruneauHP-UX Running NFS/ONCplus, Inadvertently Enabled NFS
2010-01-17/a>Mark HofmanWhy not Yellow?
2009-11-29/a>Patrick Nolan A Cloudy Weekend
2009-10-22/a>Adrien de BeaupreSysinternals updates: Disk2vhd v1.1, ZoomIt v4.1, Coreinfo v2.0, VMMap v2.4
2009-10-04/a>Guy BruneauSamba Security Information Disclosure and DoS
2009-10-02/a>Stephen HallNew SysInternal fun for the weekend
2009-07-13/a>Adrien de Beaupre* Infocon raised to yellow for Excel Web Components ActiveX vulnerability
2009-07-10/a>Guy BruneauWordPress Fixes Multiple vulnerabilities
2009-07-07/a>Marcus Sachs* INFOCON Status - staying green
2009-06-11/a>Rick WannerMIR-ROR Motile Incident Response - Respond Objectively Remediate
2009-03-02/a>Swa FrantzenObama's leaked chopper blueprints: anything we can learn?
2008-09-11/a>David GoldsmithCookieMonster is coming to Pown (err, Town)
2008-08-12/a>Johannes UllrichUpcoming Infocon Test and new Color
2008-07-02/a>Jim ClausingAnother little script I threw together
2008-04-07/a>John BambenekHP USB Keys Shipped with Malware for your Proliant Server
2006-10-02/a>Jim ClausingBack to green, but the exploits are still running wild