Date Author Title
2024-12-18Jesse La Grew[Guest Diary] A Deep Dive into TeamTNT and Spinning YARN
2024-11-19Xavier MertensDetecting the Presence of a Debugger in Linux
2024-10-03Guy BruneauKickstart Your DShield Honeypot [Guest Diary]
2024-09-25Guy BruneauOSINT - Image Analysis or More Where, When, and Metadata [Guest Diary]
2024-09-11Guy BruneauHygiene, Hygiene, Hygiene! [Guest Diary]
2024-09-06Jesse La GrewEnrichment Data: Keeping it Fresh
2024-09-04Guy Bruneau Attack Surface [Guest Diary]
2024-08-27Guy BruneauVega-Lite with Kibana to Parse and Display IP Activity over Time
2024-08-22Johannes UllrichOpenAI Scans for Honeypots. Artificially Malicious? Action Abuse?
2024-08-20Guy BruneauMapping Threats with DNSTwist and the Internet Storm Center [Guest Diary]
2024-08-07Guy BruneauSame Scripts, Different Day: What My DShield Honeypot Taught Me About the Importance of Security Fundamentals [Guest Diary]
2024-07-16Guy BruneauWho You Gonna Call? AndroxGh0st Busters! [Guest Diary]
2024-07-08Xavier MertensKunai: Keep an Eye on your Linux Hosts Activity
2024-06-26Guy BruneauWhat Setting Live Traps for Cybercriminals Taught Me About Security [Guest Diary]
2024-06-20Guy BruneauNo Excuses, Free Tools to Help Secure Authentication in Ubuntu Linux [Guest Diary]
2024-06-13Guy BruneauThe Art of JQ and Command-line Fu [Guest Diary]
2024-06-06Xavier MertensMalicious Python Script with a "Best Before" Date
2024-05-30Xavier MertensFeeding MISP with OSSEC
2024-05-28Guy BruneauIs that It? Finding the Unknown: Correlations Between Honeypot Logs & PCAPs [Guest Diary]
2024-05-22Rob VandenBrinkNMAP Scanning without Scanning (Part 2) - The ipinfo API
2024-05-22Guy BruneauAnalysis of ?redtail? File Uploads to ICS Honeypot, a Multi-Architecture Coin Miner [Guest Diary]
2024-05-16Rob VandenBrinkWhy yq? Adventures in XML
2024-05-15Rob VandenBrinkGot MFA? If not, Now is the Time!
2024-04-29Guy BruneauLinux Trojan - Xorddos with Filename eyshcjdmzg
2024-04-22Jan KoprivaIt appears that the number of industrial devices accessible from the internet has risen by 30 thousand over the past three years
2024-04-17Xavier MertensMalicious PDF File Used As Delivery Mechanism
2024-04-16Yee Ching TokRolling Back Packages on Ubuntu/Debian
2024-04-11Yee Ching TokEvolution of Artificial Intelligence Systems and Ensuring Trustworthiness
2024-04-07Guy BruneauA Use Case for Adding Threat Hunting to Your Security Operations Team. Detecting Adversaries Abusing Legitimate Tools in A Customer Environment. [Guest Diary]
2024-03-19Johannes UllrichAttacker Hunting Firewalls
2024-03-10Guy BruneauWhat happens when you accidentally leak your AWS API keys? [Guest Diary]
2024-03-07Jesse La Grew[Guest Diary] AWS Deployment Risks - Configuration and Credential File Targeting
2024-02-27Johannes UllrichTake Downs and the Rest of Us: Do they matter?
2024-02-20Xavier MertensPython InfoStealer With Dynamic Sandbox Detection
2024-02-03Guy BruneauDShield Sensor Log Collection with Elasticsearch
2024-01-31Johannes UllrichThe Fun and Dangers of Top Level Domains (TLDs)
2024-01-26Xavier MertensA Batch File With Multiple Payloads
2024-01-24Johannes UllrichHow Bad User Interfaces Make Security Tools Harmful
2024-01-18Johannes UllrichMore Scans for Ivanti Connect "Secure" VPN. Exploits Public
2024-01-16Johannes UllrichScans for Ivanti Connect "Secure" VPN Vulnerability (CVE-2023-46805, CVE-2024-21887)
2024-01-08Jesse La GrewWhat is that User Agent?
2024-01-02Johannes UllrichFingerprinting SSH Identification Strings
2023-11-17Jan KoprivaPhishing page with trivial anti-analysis features
2023-10-29Guy BruneauSpam or Phishing? Looking for Credentials & Passwords
2023-10-03Tom WebbAre Local LLMs Useful in Incident Response?
2023-09-29Xavier MertensAre You Still Storing Passwords In Plain Text Files?
2023-08-23Xavier MertensMore Exotic Excel Files Dropping AgentTesla
2023-08-04Xavier MertensAre Leaked Credentials Dumps Used by Attackers?
2023-07-13Jesse La GrewDShield Honeypot Maintenance and Data Retention
2023-07-01Russ McReeSandfly Security
2023-06-15Yee Ching TokSupervision and Verification in Vulnerability Management
2023-05-24Jesse La GrewMore Data Enrichment for Cowrie Logs
2023-05-24Tom WebbIR Case/Alert Management
2023-05-03Xavier MertensIncreased Number of Configuration File Scans
2023-03-12Guy BruneauAsynRAT Trojan - Bill Payment (Pago de la factura)
2023-02-04Guy BruneauAssemblyline as a Malware Analysis Sandbox
2023-01-28Didier StevensSysinternals Updates: RDCMan v2.92, Sysmon v14.14, and ZoomIt v6.12
2023-01-26Tom WebbLive Linux IR with UAC
2023-01-17Johannes UllrichPacket Tuesday: IPv6 Router Advertisements https://www.youtube.com/watch?v=uRWpB_lYIZ8
2022-12-20Xavier MertensLinux File System Monitoring & Actions
2022-12-19Xavier MertensHunting for Mastodon Servers
2022-12-17Didier StevensCyberChef & Entropy
2022-11-10Xavier MertensDo you collect "Observables" or "IOCs"?
2022-11-02Rob VandenBrinkBreakpoints in Burp
2022-10-30Didier StevensSysinternals Updates: Process Explorer v17.0, Handle v5.0, Process Monitor v3.92 and Sysmon v14.11
2022-10-19Xavier MertensAre Internet Scanning Services Good or Bad for You?
2022-10-04Johannes UllrichCredential Harvesting with Telegram API
2022-08-28Didier StevensSysinternals Updates: Sysmon v14.0 and ZoomIt v6.01
2022-08-23Xavier MertensWho's Looking at Your security.txt File?
2022-07-23Guy BruneauAnalysis of SSH Honeypot Data with PowerBI
2022-06-17Bojan ZdrnjaCritical vulnerability in Splunk Enterprise?s deployment server functionality
2022-06-02Johannes UllrichQuick Answers in Incident Response: RECmd.exe
2022-06-01Jan KoprivaHTML phishing attachments - now with anti-analysis features
2022-05-23Johannes UllrichAttacker Scanning for jQuery-File-Upload
2022-05-03Rob VandenBrinkFinding the Real "Last Patched" Day (Interim Version)
2022-03-27Didier StevensVideo: Maldoc Cleaned by Anti-Virus
2022-03-22Johannes UllrichStatement by President Biden: What you need to do (or not do)
2022-03-15Xavier MertensClean Binaries with Suspicious Behaviour
2022-03-10Xavier MertensCredentials Leaks on VirusTotal
2022-02-14Johannes UllrichReminder: Decoding TLS Client Hellos to non TLS servers
2022-02-01Xavier MertensAutomation is Nice But Don't Replace Your Knowledge
2022-01-29Guy BruneauSIEM In this Decade, Are They Better than the Last?
2021-12-31Jan KoprivaDo you want your Agent Tesla in the 300 MB or 8 kB package?
2021-12-30Brad DuncanAgent Tesla Updates SMTP Data Exfiltration Technique
2021-12-20Jan KoprivaPowerPoint attachments, Agent Tesla and code reuse in malware
2021-12-16Brad DuncanHow the "Contact Forms" campaign tricks people
2021-12-06Xavier MertensThe Importance of Out-of-Band Networks
2021-11-18Xavier MertensJavaScript Downloader Delivers Agent Tesla Trojan
2021-11-08Xavier Mertens(Ab)Using Security Tools & Controls for the Bad
2021-11-04Tom WebbXmount for Disk Images
2021-10-31Didier StevensSysinternals: Autoruns and Sysmon updates
2021-10-20Xavier MertensThanks to COVID-19, New Types of Documents are Lost in The Wild
2021-10-18Xavier MertensMalicious PowerShell Using Client Certificate Authentication
2021-09-24Xavier MertensKeep an Eye on Your Users Mobile Devices (Simple Inventory)
2021-09-09Johannes UllrichUpdates to Our Datafeeds/API
2021-08-21Didier StevensNew Versions Of Sysinternals Tools
2021-08-19Johannes UllrichWhen Lightning Strikes. What works and doesn't work.
2021-08-01Didier Stevensprocdump Version 10.1
2021-07-08Xavier MertensUsing Sudo with Python For More Security Controls
2021-07-06Xavier MertensPython DLL Injection Check
2021-06-30Johannes UllrichCVE-2021-1675: Incomplete Patch and Leaked RCE Exploit
2021-06-30Brad DuncanJune 2021 Forensic Contest: Answers and Analysis
2021-06-24Xavier MertensDo you Like Cookies? Some are for sale!
2021-05-30Didier StevensSysinternals: Procmon, Sysmon, TcpView and Process Explorer update
2021-05-29Guy BruneauSpear-phishing Email Targeting Outlook Mail Clients
2021-05-21Xavier MertensLocking Kernel32.dll As Anti-Debugging Technique
2021-05-12Jan KoprivaNumber of industrial control systems on the internet is lower then in 2020...but still far from zero
2021-05-08Guy BruneauWho is Probing the Internet for Research Purposes?
2021-05-02Didier StevensPuTTY And FileZilla Use The Same Fingerprint Registry Keys
2021-04-23Xavier MertensMalicious PowerPoint Add-On: "Small Is Beautiful"
2021-04-22Xavier MertensHow Safe Are Your Docker Images?
2021-03-17Xavier MertensDefenders, Know Your Operating System Like Attackers Do!
2021-03-10Rob VandenBrinkSharpRDP - PSExec without PSExec, PSRemoting without PowerShell
2021-03-06Xavier MertensSpotting the Red Team on VirusTotal!
2021-02-26Guy BruneauPretending to be an Outlook Version Update
2021-02-12Xavier MertensAgentTesla Dropped Through Automatic Click in Microsoft Help File
2021-02-11Jan KoprivaAgent Tesla hidden in a historical anti-malware tool
2021-01-15Guy BruneauObfuscated DNS Queries
2021-01-02Guy BruneauProtecting Home Office and Enterprise in 2021
2020-12-29Jan KoprivaWant to know what's in a folder you don't have a permission to access? Try asking your AV solution...
2020-12-08Johannes UllrichDecember 2020 Microsoft Patch Tuesday: Exchange, Sharepoint, Dynamics and DNS Spoofing
2020-12-05Guy BruneauIs IP 91.199.118.137 testing Access to aahwwx.52host.xyz?
2020-12-04Guy BruneauDetecting Actors Activity with Threat Intel
2020-11-25Xavier MertensLive Patching Windows API Calls Using PowerShell
2020-11-19Xavier MertensPowerShell Dropper Delivering Formbook
2020-11-18Xavier MertensWhen Security Controls Lead to Security Issues
2020-10-24Guy BruneauAn Alternative to Shodan, Censys with User-Agent CensysInspect/1.1
2020-10-21Daniel WesemannShipping dangerous goods
2020-10-07Johannes UllrichToday, Nobody is Going to Attack You.
2020-09-30Johannes UllrichScans for FPURL.xml: Reconnaissance or Not?
2020-09-29Xavier MertensManaging Remote Access for Partners & Contractors
2020-09-17Xavier MertensSuspicious Endpoint Containment with OSSEC
2020-09-03Xavier MertensSandbox Evasion Using NTP
2020-08-31Didier StevensFinding The Original Maldoc
2020-08-30Johannes UllrichCenturyLink Outage Causing Internet Wide Problems
2020-08-29Didier StevensMalicious Excel Sheet with a NULL VT Score: More Info
2020-08-24Xavier MertensTracking A Malware Campaign Through VT
2020-08-04Johannes UllrichInternet Choke Points: Concentration of Authoritative Name Servers
2020-08-03Johannes UllrichA Word of Caution: Helping Out People Being Stalked Online
2020-07-28Johannes UllrichAll I want this Tuesday: More Data
2020-06-29Didier StevensSysmon and Alternate Data Streams
2020-06-25Johannes UllrichTech Tuesday Recap / Recordings: Part 2 (Installing the Honeypot) release.
2020-06-16Johannes UllrichOdd "Protest" Spam (Scam?) Targeting Atlanta Police Foundation
2020-06-04Xavier MertensAnti-Debugging Technique based on Memory Protection
2020-05-23Xavier MertensAgentTesla Delivered via a Malicious PowerPoint Add-In
2020-05-04Didier StevensSysmon and File Deletion
2020-04-28Jan KoprivaAgent Tesla delivered by the same phishing campaign for over a year
2020-04-27Xavier MertensPowershell Payload Stored in a PSCredential Object
2020-03-23Didier StevensWindows Zeroday Actively Exploited: Type 1 Font Parsing Remote Code Execution Vulnerability
2020-03-14Didier StevensPhishing PDF With Incremental Updates.
2020-03-13Rob VandenBrinkNot all Ethernet NICs are Created Equal - Trying to Capture Invalid Ethernet Frames
2020-03-11Xavier MertensAgent Tesla Delivered via Fake Canon EOS Notification on Free OwnCloud Account
2020-02-12Rob VandenBrinkMarch Patch Tuesday is Coming - the LDAP Changes will Change Your Life!
2020-01-27Johannes UllrichNetwork Security Perspective on Coronavirus Preparedness
2020-01-25Guy BruneauIs Threat Hunting the new Fad?
2020-01-23Xavier MertensComplex Obfuscation VS Simple Trick
2020-01-21Russ McReeDeepBlueCLI: Powershell Threat Hunting
2020-01-09Xavier MertensQuick Analyzis of a(nother) Maldoc
2019-11-29Russ McReeISC Snapshot: Search with SauronEye
2019-11-27Brad DuncanFinding an Agent Tesla malware sample
2019-11-09Guy BruneauFake Netflix Update Request by Text
2019-10-19Russell EubanksWhat Assumptions Are You Making?
2019-10-10Rob VandenBrinkMining Live Networks for OUI Data Oddness
2019-10-01Johannes UllrichA Quick Look at Some Current Comment Spam
2019-09-19Xavier MertensAgent Tesla Trojan Abusing Corporate Email Accounts
2019-09-19Xavier MertensBlocklisting or Whitelisting in the Right Way
2019-09-17Rob VandenBrinkInvestigating Gaps in your Windows Event Logs
2019-08-25Guy BruneauAre there any Advantages of Buying Cyber Security Insurance?
2019-07-25Rob VandenBrinkWhen Users Attack! Users (and Admins) Thwarting Security Controls
2019-07-18Rob VandenBrinkThe Other Side of Critical Control 1: 802.1x Wired Network Access Controls
2019-07-17Xavier MertensAnalyzis of DNS TXT Records
2019-07-16Russ McReeCommando VM: The Complete Mandiant Offensive VM
2019-07-11Johannes UllrichRemembering Mike Assante
2019-07-07Rick WannerOpSec and OSInt
2019-05-20Tom WebbCVE-2019-0604 Attack
2019-05-19Guy BruneauIs Metadata Only Approach, Good Enough for Network Traffic Analysis?
2019-05-16Xavier MertensThe Risk of Authenticated Vulnerability Scans
2019-04-26Rob VandenBrinkPillaging Passwords from Service Accounts
2019-04-25Rob VandenBrinkService Accounts Redux - Collecting Service Accounts with PowerShell
2019-03-27Xavier MertensRunning your Own Passive DNS Service
2019-02-14Xavier MertensSuspicious PDF Connecting to a Remote SMB Share
2019-01-28Bojan ZdrnjaRelaying Exchange?s NTLM authentication to domain admin (and more)
2018-12-19Xavier MertensMicrosoft OOB Patch for Internet Explorer: Scripting Engine Memory Corruption Vulnerability
2018-12-19Xavier MertensUsing OSSEC Active-Response as a DFIR Framework
2018-11-20Xavier MertensQuerying DShield from Cortex
2018-11-11Pasquale StirparoCommunity contribution: joining forces or multiply solutions?
2018-10-17Russ McReeRedHunt Linux - Adversary Emulation, Threat Hunting & Intelligence
2018-09-20Xavier MertensHunting for Suspicious Processes with OSSEC
2018-09-05Rob VandenBrinkWhere have all my Certificates gone? (And when do they expire?)
2018-08-29Xavier Mertens3D Printers in The Wild, What Can Go Wrong?
2018-08-10Remco VerhoefHunting SSL/TLS clients using JA3
2018-08-02Brad DuncanDHL-themed malspam reveals embedded malware in animated gif
2018-07-29Guy BruneauUsing RITA for Threat Analysis
2018-06-25Didier StevensGuilty by association
2018-06-21Xavier MertensAre Your Hunting Rules Still Working?
2018-06-04Rob VandenBrinkDigging into Authenticode Certificates
2018-05-27Guy BruneauCapture and Analysis of User Agents
2018-05-01Xavier MertensDiving into a Simple Maldoc Generator
2018-04-27Tom WebbMore Threat Hunting with User Agent and Drupal Exploits
2018-01-29Didier StevensComment your Packet Captures - Extra!
2018-01-28Didier StevensIs this a pentest?
2018-01-13Rick WannerFlaw in Intel's Active Management Technology (AMT)
2018-01-01Didier StevensWhat is new?
2017-12-27Guy BruneauWhat are your Security Challenges for 2018?
2017-12-19Xavier MertensExample of 'MouseOver' Link in a Powerpoint File
2017-12-13Xavier MertensTracking Newly Registered Domains
2017-12-05Tom WebbIR using the Hive Project.
2017-12-02Xavier MertensUsing Bad Material for the Good
2017-11-23Xavier MertensProactive Malicious Domain Search
2017-10-30Johannes UllrichCritical Patch For Oracle's Identity Manager
2017-10-18Renato MarinhoBaselining Servers to Detect Outliers
2017-09-18Xavier MertensGetting some intelligence from malspam
2017-09-17Guy BruneaurockNSM as a Incident Response Package
2017-09-16Guy BruneauVMware ESXi, vCenter Server, Fusion and Workstation updates resolve multiple security vulnerabilities - https://www.vmware.com/security/advisories/VMSA-2017-0015.html
2017-09-13Rob VandenBrinkSysinternals Update: Sysmon v6.10, Process Monitor v3.40, Autoruns v13.80, AccessChk v6.11 - https://blogs.technet.microsoft.com/sysinternals/2017/09/12/sysinternals-update-sysmon-v6-1-process-monitor-v3-4-autoruns-v13-8-accesschk-v6-11/
2017-09-06Adrien de BeaupreModern Web Application Penetration Testing , Hash Length Extension Attacks
2017-09-02Xavier MertensAutoIT based malware back in the wild
2017-07-24Russell EubanksTrends Over Time
2017-07-18Bojan ZdrnjaInvestigation of BitTorrent Sync (v.2.0) as a P2P Cloud Service (Part 4 ? Windows Thumbnail Cache, Registry, Prefetch Files, and Link Files artefacts)
2017-07-13Bojan ZdrnjaInvestigation of BitTorrent Sync (v.2.0) as a P2P Cloud Service (Part 3 ? Physical Memory artefacts)
2017-07-12Xavier MertensBackup Scripts, the FIM of the Poor
2017-07-09Russ McReeAdversary hunting with SOF-ELK
2017-06-17Guy BruneauMapping Use Cases to Logs. Which Logs are the Most Important to Collect?
2017-06-10Russell EubanksAn Occasional Look in the Rear View Mirror
2017-05-31Pasquale StirparoAnalysis of Competing Hypotheses, WCry and Lazarus (ACH part 2)
2017-05-28Pasquale StirparoAnalysis of Competing Hypotheses (ACH part 1)
2017-05-05Xavier MertensHTTP Headers... the Achilles' heel of many applications
2017-04-07Xavier MertensTracking Website Defacers with HTTP Referers
2017-03-25Russell EubanksDistraction as a Service
2017-03-15Xavier MertensRetro Hunting!
2017-03-03Lorna HutchesonBitTorrent or Something Else?
2017-02-02Rick WannerMultiple vulnerabilities discovered in popular printer models
2016-12-24Didier StevensPinging All The Way
2016-11-23Tom WebbMapping Attack Methodology to Controls
2016-11-22Didier StevensUpdate:ZIP With Comment
2016-11-21Didier StevensZIP With Comment
2016-11-02Rob VandenBrinkWhat Does a Pentest Look Like?
2016-10-25Xavier MertensAnother Day, Another Spam...
2016-10-17Didier StevensMaldoc VBA Anti-Analysis: Video
2016-10-15Didier StevensMaldoc VBA Anti-Analysis
2016-10-11Xavier MertensWiFi Still Remains a Good Attack Vector
2016-10-08Russell EubanksUnauthorized Change Detected!
2016-10-02Guy BruneauIs there an Infosec Cybersecurity Talent Shortage?
2016-09-28Xavier MertensSNMP Pwn3ge
2016-09-25Pasquale StirparoDefining Threat Intelligence Requirements
2016-09-15Xavier MertensIn Need of a OTP Manager Soon?
2016-09-13Rob VandenBrinkIf it's Free, YOU are the Product
2016-09-09Xavier MertensCollecting Users Credentials from Locked Devices
2016-09-02Johannes UllrichApple Patches "Trident" Vulnerabilities in OS X / Safari
2016-08-29Russ McReeRecommended Reading: Intrusion Detection Using Indicators of Compromise Based on Best Practices and Windows Event Logs
2016-08-24Tom WebbStay on Track During IR
2016-07-31Pasquale StirparoSharing (intel) is caring... or not?
2016-07-26Johannes UllrichCommand and Control Channels Using "AAAA" DNS Records
2016-07-21Didier StevensPractice ntds.dit File
2016-07-15Xavier MertensName All the Things!
2016-07-12Xavier MertensHunting for Malicious Files with MISP + OSSEC
2016-06-23Russell EubanksAn Approach to Vulnerability Management
2016-06-09Xavier MertensOffensive or Defensive Security? Both!
2016-06-01Xavier MertensDocker Containers Logging
2016-05-02Rick WannerLean Threat Intelligence
2016-04-29Rob VandenBrinkSysinternals Updated today - Updates to Sysmon, Procdump and Sigcheck. https://blogs.technet.microsoft.com/sysinternals/2016/04/28/update-sysmon-v4-procdump-v8-sigcheck-v2-51/
2016-04-02Russell EubanksWhy Can't We Be Friends?
2016-03-30Xavier MertensWhat to watch with your FIM?
2016-03-21Xavier MertensIP Addresses Triage
2016-03-07Xavier MertensOSX Ransomware Spread via a Rogue BitTorrent Client Installer
2016-01-23Didier StevensSigcheck and VirusTotal for Offline Machine
2016-01-20Xavier Mertens/tmp, %TEMP%, ~/Desktop, T:\, ... A goldmine for pentesters!
2016-01-09Xavier MertensVirtual Bitlocker Containers
2015-12-24Xavier MertensUnity Makes Strength
2015-12-21Daniel WesemannCritical Security Controls: Getting to know the unknown
2015-12-19Russell EubanksVMWare Security Advisory
2015-12-05Guy BruneauAre you looking to setup your own Malware Sandbox?
2015-12-04Tom WebbAutomating Phishing Analysis using BRO
2015-11-09John BambenekICYMI: Widespread Unserialize Vulnerability in Java
2015-11-04Richard PorterApplication Aware and Critical Control 2
2015-11-01Guy BruneauCisco Products Affected by Multiple Vulnerabilities in ntpd - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp
2015-10-27Xavier MertensThe "Yes, but..." syndrome
2015-10-17Russell EubanksCIS Critical Security Controls - Version 6.0
2015-09-03Xavier MertensQuerying the DShield API from RTIR
2015-08-18Russ McReeMicrosoft Security Bulletin MS15-093 - Critical OOB - Internet Explorer RCE
2015-08-16Guy BruneauAre you a "Hunter"?
2015-08-12Rob VandenBrinkWindows Service Accounts - Why They're Evil and Why Pentesters Love them!
2015-08-06Didier StevensSigcheck and virustotal-search
2015-07-21Didier StevensSearching Through the VirusTotal Database
2015-07-18Russell EubanksThe Value a "Fresh Set Of Eyes" (FSOE)
2015-07-17Didier StevensProcess Explorer and VirusTotal
2015-07-17Didier StevensAutoruns and VirusTotal
2015-07-17Didier StevensSigcheck and VirusTotal
2015-07-03Didier StevensAnalyzing Quarantine Files
2015-06-29Rob VandenBrinkThe Powershell Diaries 2 - Software Inventory
2015-06-28Didier StevensThe EICAR Test File
2015-05-29Russell EubanksTrust But Verify
2015-05-27Tom WebbSYSINTERNALS Update(AccessChk v6.0, Autoruns v13.4, Process Monitor v3.2, VMMap v3.2)
2015-05-14Daniel WesemannOh Bloat!
2015-04-27Richard PorterWhen Prevention Fails, Incident Response Begins
2015-04-03Didier StevensSSH Fingerprints Are Important
2015-03-21Russell EubanksHave you seen my personal information? It has been lost. Again.
2015-03-18Daniel WesemannPass the hash!
2015-03-07Guy BruneauShould it be Mandatory to have an Independent Security Audit after a Breach?
2015-02-06Johannes UllrichAnthem, TurboTax and How Things "Fit Together" Sometimes
2015-01-31Guy BruneauBeware of Phishing and Spam Super Bowl Fans!
2014-12-24Rick WannerIncident Response at Sony
2014-12-23John BambenekHow I learned to stop worrying and love malware DGAs....
2014-11-04Daniel Wesemann20$ is 999999 Euro
2014-10-13Lorna HutchesonFor or Against: Port Security for Network Access Control
2014-09-27Guy BruneauWhat has Bash and Heartbleed Taught Us?
2014-09-12Chris MohanAre credential dumps worth reviewing?
2014-08-23Guy BruneauNSS Labs Cyber Resilience Report
2014-08-17Rick WannerPart 1: Is your home network unwittingly contributing to NTP DDOS attacks?
2014-08-17Rick WannerPart 2: Is your home network unwittingly contributing to NTP DDOS attacks?
2014-08-16Lenny ZeltserWeb Server Attack Investigation - Installing a Bot and Reverse Shell via a PHP Vulnerability
2014-08-15Tom WebbAppLocker Event Logs with OSSEC 2.8
2014-08-12Adrien de BeaupreSysinternals updates Sysmon v1.0; Updates: Autoruns v12.01, Coreinfo v3.3, Procexp v16.03 http://blogs.technet.com/b/sysinternals/
2014-08-12Adrien de BeaupreHost discovery with nmap
2014-08-10Basil Alawi S.TaherIncident Response with Triage-ir
2014-08-06Johannes UllrichExploit Available for Symantec End Point Protection
2014-08-04Russ McReeThreats & Indicators: A Security Intelligence Lifecycle
2014-07-30Rick WannerSymantec Endpoint Protection Privilege Escalation Zero Day
2014-07-28Guy BruneauManagement and Control of Mobile Device Security
2014-07-26Chris Mohan"Internet scanning project" scans
2014-07-06Richard PorterPhysical Access, Point of Sale, Vegas
2014-06-24Kevin ShorttNTP DDoS Counts Have Dropped
2014-06-23Russ McReeMicrosoft Interflow announced today at 26th FIRST conference
2014-06-11Daniel WesemannHelp your pilot fly!
2014-06-02Rick WannerUsing nmap to scan for DDOS reflectors
2014-05-28Rob VandenBrinkAssessing SOAP APIs with Burp
2014-05-27Kevin ShorttAvast forums hacked
2014-05-01Johannes UllrichBusybox Honeypot Fingerprinting and a new DVR scanner
2014-04-28Russ McReeUbuntu 14.04 lockscreen bypass
2014-04-21Daniel WesemannAllow us to leave!
2014-04-11Rob VandenBrinkThe Other Side of Heartbleed - Client Vulnerabilities
2014-04-05Jim ClausingThose strange e-mails with URLs in them can lead to Android malware
2014-04-04Rob VandenBrinkDealing with Disaster - A Short Malware Incident Response
2014-03-22Guy BruneauHow the Compromise of a User Account Lead to a Spam Incident
2014-03-13Daniel WesemannIdentification and authentication are hard ... finding out intention is even harder
2014-03-11Basil Alawi S.TaherIntroduction to Memory Analysis with Mandiant Redline
2014-03-10Basil Alawi S.TaherSysinternals Process Explorer v16.02, Process Monitor v3.1, PSExec v2.1 and Sigcheck v2.03 update
2014-03-02Stephen HallSymantec goes yellow
2014-02-28Daniel WesemannOversharing
2014-02-26Russ McReeOngoing NTP Amplification Attacks
2014-02-17Chris MohanNTP reflection attacks continue
2014-02-14Chris MohanSYM14-004 Symantec Endpoint Protection Management Vulnerabilities - http://www.symantec.com/business/support/index?page=content&id=TECH214866
2014-02-10Rob VandenBrinkA Tale of Two Admins (and no Change Control)
2014-02-07Rob VandenBrinkHello Virustotal? It's Microsoft Calling.
2014-01-23Chris MohanLearning from the breaches that happens to others Part 2
2014-01-22Chris MohanLearning from the breaches that happens to others
2014-01-14Chris MohanSpamming and scanning botnets - is there something I can do to block them from my site?
2014-01-04Tom WebbMonitoring Windows Networks Using Syslog (Part One)
2014-01-02John BambenekOpenSSL.org Defaced by Attackers Gaining Access to Hypervisor
2014-01-01Russ McReeSix degrees of celebration: Juniper, ANT, Shodan, Maltego, Cisco, and Tails
2013-12-29Russ McReeOpenSSL suffers apparent defacement
2013-12-28Russ McReeWeekend Reading List 27 DEC
2013-12-24Daniel WesemannUnfriendly crontab additions
2013-12-23Scott FendleyVMWare ESX/ESXi Security Advisory
2013-12-20Daniel Wesemannauthorized key lime pie
2013-12-16Tom WebbThe case of Minerd
2013-12-10Rob VandenBrinkThose Look Just Like Hashes!
2013-11-30Russ McReeA review of Tubes, A Journey to the Center of the Internet
2013-10-30Russ McReeSIR v15: Five good reasons to leave Windows XP behind
2013-10-21Johannes UllrichNew tricks that may bring DNS spoofing back or: "Why you should enable DNSSEC even if it is a pain to do"
2013-10-18Guy BruneauVMware Release Multiple Security Updates
2013-10-02John BambenekObamacare related domain registration spike, Government shutdown domain registration beginning
2013-10-01Adrien de BeaupreCSAM! Send us your logs!
2013-10-01John Bambenek*Metaspoit Releases Module to Exploit Unpatched IE Vuln CVE-2013-3893
2013-09-24Tom WebbIDS, NSM, and Log Management with Security Onion 12.04.3
2013-09-20Russ McReeThreat Level Yellow: Protection recommendations regarding Internet Explorer exploits in the wild
2013-09-18Rob VandenBrinkCisco DCNM Update Released
2013-09-17John BambenekMicrosoft Releases Out-of-Band Advisory for all Versions of Internet Explorer
2013-09-09Johannes UllrichSSL is broken. So what?
2013-09-07Guy BruneauMicrosoft September Patch Pre-Announcement
2013-09-02Guy BruneauMultiple Cisco Security Notice
2013-08-21Rob VandenBrinkFibre Channel Reconnaissance - Reloaded
2013-08-19Johannes UllrichRunning Snort on ESXi using the Distributed Switch
2013-08-19Rob VandenBrinkZMAP 1.02 released
2013-08-03Deborah HaleWhat Anti-virus Program Is Right For You?
2013-07-21Guy BruneauUbuntu Forums Security Breach
2013-07-19Stephen HallCyber Intelligence Tsunami
2013-07-18Chris MohanBlog Spam - annoying junk or a source of intelligence?
2013-06-07Daniel Wesemann100% Compliant (for 65% of the systems)
2013-06-05Richard PorterWindows Sysinternals Updated http://technet.microsoft.com/en-us/sysinternals/default.aspx
2013-05-20Guy BruneauSysinternals Updates for Accesschk, Procdump, RAMMap and Strings http://blogs.technet.com/b/sysinternals/archive/2013/05/17/updates-accesschk-v5-11-procdump-v6-0-rammap-v1-22-strings-v2-51.aspx
2013-05-20Johannes UllrichUbuntu Package available to submit firewall logs to DShield
2013-05-20Guy BruneauSafe - Tools, Tactics and Techniques
2013-05-09Johannes UllrichMicrosoft released a Fix-it for the Internet Explorer 8 Vulnerability http://support.microsoft.com/kb/2847140
2013-05-08Chris MohanSyria drops from Internet 7th May 2013
2013-05-01Daniel WesemannThe cost of cleaning up
2013-04-26Russ McReeWhat is "up to date anti-virus software"?
2013-04-23Russ McReeMicrosoft's Security Intelligence Report (SIRv14) released
2013-04-17John BambenekUPDATEDx1: Boston-Related Malware Campaigns Have Begun - Now with Waco Plant Explosion Fun
2013-04-15Rob VandenBrinkOops - You Mean That Deleted Server was a Certificate Authority?
2013-03-27Adam SwangerIPv6 Focus Month: Guest Diary: Stephen Groat - IPv6 moving target defense
2013-03-25Johannes UllrichIPv6 Focus Month: IPv6 over IPv4 Preference
2013-03-23Guy BruneauApple ID Two-step Verification Now Available in some Countries
2013-03-19Johannes UllrichIPv6 Focus Month: The warm and fuzzy side of IPv6
2013-03-18Johannes UllrichIPv6 Focus Month: What is changing with DHCP
2013-03-13Mark BaggettWipe the drive! Stealthy Malware Persistence Mechanism - Part 1
2013-03-11Richard PorterIPv6 Focus Month: Traffic Testing, Firewalls, ACLs, pt 1
2013-03-09Guy BruneauIPv6 Focus Month: IPv6 Encapsulation - Protocol 41
2013-03-08Johannes UllrichIPv6 Focus Month: Filtering ICMPv6 at the Border
2013-03-06Adam SwangerIPv6 Focus Month: Guest Diary: Stephen Groat - Geolocation Using IPv6 Addresses
2013-03-05Mark HofmanIPv6 Focus Month: Device Defaults
2013-03-04Johannes UllrichIPv6 Focus Month: Addresses
2013-03-02Scott FendleyEvernote Security Issue
2013-02-28Daniel WesemannParsing Windows Eventlogs in Powershell
2013-02-27Adam SwangerGuest Diary: Dylan Johnson - There's value in them there logs!
2013-02-25Rob VandenBrinkSilent Traitors - Embedded Devices in your Datacenter
2013-02-22Johannes UllrichZendesk breach affects Tumblr/Pinterest/Twitter
2013-02-14Adam SwangerISC Monthly Threat Update - February 2013 http://isc.sans.edu/podcastdetail.html?id=3121
2013-02-06Adam SwangerSysinternals in particular Process Explorer update https://blogs.technet.com/b/sysinternals/?Redirected=true
2013-02-06Johannes UllrichIntel Network Card (82574L) Packet of Death
2013-02-04Adam SwangerSAN Securing The Human Monthly Awareness Video - Advanced Persistent Threat (APT) http://www.securingthehuman.org/resources/ncsam
2013-01-17Russ McReeCentOS announces release of CentOS-5.9 - http://wiki.centos.org/Manuals/ReleaseNotes/CentOS5.9
2013-01-15Rob VandenBrinkWhen Disabling IE6 (or Java, or whatever) is not an Option...
2013-01-13Stephen HallSysinternals Updates
2013-01-10Adam SwangerISC Monthly Threat Update New Format
2013-01-09Johannes UllrichNew Format for Monthly Threat Update
2013-01-02Russ McReeEMET 3.5: The Value of Looking Through an Attacker's Eyes
2013-01-01Johannes UllrichFixIt Available for Internet Explorer Vulnerability
2012-12-31Manuel Humberto Santander PelaezHow to determine which NAC solutions fits best to your needs
2012-12-27John BambenekIt's 3pm 2 days after Christmas, do you know where your unmanaged SSH keys are?
2012-12-20Daniel WesemannWhite House strategy on security information sharing and safeguarding
2012-12-18Dan GoldbergMitigating the impact of organizational change: a risk assessment
2012-12-13Johannes UllrichWhat if Tomorrow Was the Day?
2012-12-10Johannes UllrichYour CPA License has not been revoked
2012-12-06Johannes UllrichHow to identify if you are behind a "Transparent Proxy"
2012-12-03John BambenekJohn McAfee Exposes His Location in Photo About His Being on Run
2012-11-29Kevin ShorttNew Apple Security Update: APPLE-SA-2012-11-29-1 Apple TV 5.1.1
2012-11-28Mark HofmanMcAfee releases extraDAT for W32/Autorun.worm.aaeb-h
2012-11-28Mark HofmanNew version of wireshark is available (1.8.4), some security fixes included.
2012-11-27Chris MohanCan users' phish emails be a security admin's catch of the day?
2012-11-26John BambenekOnline Shopping for the Holidays? Tips, News and a Fair Warning
2012-11-23Rob VandenBrinkRisk Assessment Reloaded (thanks PCI ! )
2012-11-23Rob VandenBrinkWhat's in Your Change Control Form?
2012-11-20John BambenekBehind the Random NTP Bizarreness of Incorrect Year Being Set
2012-11-20John BambenekFirefox v 17.0 just released, more here: http://www.mozilla.org/en-US/firefox/17.0/releasenotes/
2012-11-19John BambenekNew Poll: Top 5 Unresolved Security Problems of 2012
2012-11-19John BambenekMoneyGram fined $100 million for aiding wire fraud - http://krebsonsecurity.com/2012/11/moneygram-fined-100-million-for-wire-fraud/
2012-11-17Manuel Humberto Santander PelaezNew Sysinternal Updates: AdExplorer v1.44, Contig v1.7, Coreinfo v3.2, Procdump v5.1. See http://blogs.technet.com/b/sysinternals/archive/2012/11/16/updates-adexplorer-v1-44-contig-v1-7-coreinfo-v3-2-procdump-v5-1.aspx?Redirected=true
2012-11-16Manuel Humberto Santander PelaezInformation Security Incidents are now a concern for colombian government
2012-11-12John BambenekRequest for info: Robocall Phishing Against Local/Regional Banks
2012-11-09Mark BaggettRemote Diagnostics with PSR
2012-11-09Mark BaggettFresh batch of Microsoft patches next week
2012-11-07Mark BaggettHelp eliminate unquoted path vulnerabilities
2012-11-07Mark BaggettMultiple 0-Days Reported!
2012-11-07Mark BaggettCisco TACACS+ Authentication Bypass
2012-11-05Johannes UllrichReminder: Ongoing SMTP Brute Forcing Attacks
2012-11-05Johannes UllrichPossible Fake-AV Ads from Doubleclick Servers
2012-11-04Lorna HutchesonWhat's important on your network?
2012-11-02Daniel WesemannThe shortcomings of anti-virus software
2012-10-31Johannes UllrichCyber Security Awareness Month - Day 31 - Business Continuity and Disaster Recovery
2012-10-30Richard PorterSplunk 5.0 SP-CAAAHB4 http://www.splunk.com/view/SP-CAAAHB4
2012-10-30Mark HofmanCyber Security Awareness Month - Day 30 - DSD 35 mitigating controls
2012-10-30Johannes UllrichHurricane Sandy Update
2012-10-29Kevin ShorttCyber Security Awareness Month - Day 29 - Clear Desk: The Unacquainted Standard
2012-10-28Tony CarothersFirefox 16.02 Released
2012-10-26Russ McReeCyber Security Awareness Month - Day 26 - Attackers use trusted domain to propagate Citadel Zeus variant
2012-10-25Richard PorterCyber Security Awareness Month - Day 25 - Pro Audio & Video Packets on the Wire
2012-10-24Russ McReeCyber Security Awareness Month - Day 24 - A Standard for Information Security Incident Management - ISO 27035
2012-10-24Russ McReeOngoing Windstream outage in the midwest - https://twitter.com/search?q=windstream
2012-10-23Rob VandenBrinkCyber Security Awareness Month - Day 23: Character Encoding Standards - ASCII and Successors
2012-10-21Johannes UllrichCyber Security Awareness Month - Day 22: Connectors
2012-10-21Lorna HutchesonPotential Phish for Regular Webmail Accounts
2012-10-19Johannes UllrichCyber Security Awareness Month - Day 19: Standard log formats and CEE.
2012-10-18Rob VandenBrinkCyber Security Awareness Month - Day 18 - Vendor Standards: The vSphere Hardening Guide
2012-10-17Mark HofmanOracle Critical Patch Update October
2012-10-17Mark HofmanNew Acrobat release (including reader) available. Version 11. Some security improvements more here -->http://blogs.adobe.com/adobereader/
2012-10-17Rob VandenBrinkCyber Security Awareness Month - Day 17 - A Standard for Risk Management - ISO 27005
2012-10-16Richard PorterCyberAwareness Month - Day 15, Standards Body Soup (pt2), Same Soup Different Cook.
2012-10-16Johannes UllrichCyber Security Awareness Month - Day 16: W3C and HTML
2012-10-14Pedro BuenoCyber Security Awareness Month - Day 14 - Poor Man's File Analysis System - Part 1
2012-10-13Guy BruneauNew Poll - Cyber Security Awareness Month Activities 2012 - https://isc.sans.edu/poll.html
2012-10-12Mark HofmanCyber Security Awareness Month - Day 12 PCI DSS
2012-10-11Rob VandenBrinkCyber Security Awareness Month - Day 11 - Vendor Agnostic Standards (Center for Internet Security)
2012-10-10Kevin ShorttCyber Security Awareness Month - Day 10 - Standard Sudo - Part Two
2012-10-09Johannes UllrichCyber Security Awreness Month - Day 9 - Request for Comment (RFC)
2012-10-09Johannes UllrichMicrosoft October 2012 Black Tuesday Update - Overview
2012-10-08Mark HofmanCyber Security Awareness Month - Day 8 ISO 27001
2012-10-07Tony CarothersCyber Security Awareness Month - Day 7 - Rollup Review of CSAM Week 1
2012-10-06Manuel Humberto Santander PelaezCyber Security Awareness Month - Day 6 - NERC: The standard that enforces security on power SCADA
2012-10-05Johannes UllrichCyber Security Awareness Month - Day 5: Standards Body Soup, So many Flavors in the bowl.
2012-10-05Richard PorterVMWare Security Advisory: VMSA-2012-0014 - http://www.vmware.com/security/advisories/VMSA-2012-0014.html
2012-10-05Richard PorterReports of a Distributed Injection Scan
2012-10-04Mark HofmanAnd the SHA-3 title goes to .....Keccak
2012-10-04Johannes UllrichCyber Security Awareness Month - Day 4: Crypto Standards
2012-10-03Kevin ShorttCyber Security Awareness Month - Day 3 - Standard Sudo - Part One
2012-10-02Russ McReeCyber Security Awareness Month - Day 2 - PCI Security Standard: Mobile Payment Acceptance Security Guidelines
2012-10-01Johannes UllrichCyber Security Awareness Month
2012-09-28Joel EslerAdobe certification revocation for October 4th
2012-09-26Johannes UllrichSome Android phones can be reset to factory default by clicking on links
2012-09-26Johannes UllrichMore Java Woes
2012-09-21Johannes UllrichiOS 6 Security Roundup
2012-09-20Russ McReeFlash Player update but no announcement, check your version http://www.adobe.com/software/flash/about/
2012-09-20Russ McReeApple and Cisco Security Advisories 19 SEP 2012
2012-09-20Russ McReeFinancial sector advisory: attacks and threats against financial institutions
2012-09-19Russ McReeScript kiddie scavenging with Shellbot.S
2012-09-17Rob VandenBrinkWhat's on your iPad?
2012-09-14Lenny ZeltserScam Report - Fake Voice Mail Email Notification Redirects to Malicious Site
2012-09-13Mark BaggettTCP Fuzzing with Scapy
2012-09-13Mark BaggettMicrosoft disrupts traffic associated with the Nitol botnet
2012-09-13Mark BaggettMore SSL trouble
2012-09-10Johannes UllrichMicrosoft Patch Tuesday Pre-Release
2012-09-10Johannes UllrichGodaddy DDoS Attack
2012-09-10donald smithBlue Toad publishing co compromise lead to UDID release. http://redtape.nbcnews.com/_news/2012/09/10/13781440-exclusive-the-real-source-of-apple-device-ids-leaked-by-anonymous-last-week?lite
2012-09-06Johannes UllrichSSL Requests sent to port 80 (request for help/input)
2012-09-04Johannes UllrichAnother round of "Spot the Exploit E-Mail"
2012-09-02Lorna HutchesonDemonstrating the value of your Intrusion Detection Program and Analysts
2012-09-01Russ McReeBlackhole targeting Java vulnerability via fake Microsoft Services Agreement email phish
2012-08-31Russ McReeNot so fast: Java 7 Update 7 critical vulnerability discovered in less than 24 hours
2012-08-30Johannes UllrichEditorial: The Slumlord Approach to Network Security http://isc.sans.edu/j/editorial
2012-08-29Johannes Ullrich"Data" URLs used for in-URL phishing
2012-08-27Johannes UllrichThe Good, Bad and Ugly about Assigning IPv6 Addresses
2012-08-27Johannes UllrichMalware Spam harvesting Facebook Information
2012-08-26Lorna HutchesonWho ya gonna contact?
2012-08-22Adrien de BeaupreApple Remote Desktop update fixes no encryption issue
2012-08-22Adrien de BeauprePhishing/spam via SMS
2012-08-21Adrien de BeaupreRuggedCom fails key management 101 on Rugged Operating System (ROS)
2012-08-21Adrien de BeaupreYYABCAFU - Yes Yet Another Bleeping Critical Adobe Flash Update
2012-08-20Manuel Humberto Santander PelaezDo we need test procedures in our companies before implementing Antivirus signatures?
2012-08-19Manuel Humberto Santander PelaezAuthentication Issues between entities during protocol message exchange in SCADA Systems
2012-08-12Tony CarothersLayers of the Defense-in-Depth Onion
2012-08-12Tony CarothersOracle Security Alert for CVE-2012-3132
2012-08-09Mark HofmanZeus/Citadel variant causing issues in the Netherlands
2012-08-09Mark HofmanSQL Injection Lilupophilupop style, Part 2
2012-08-07Adrien de BeaupreWho protects small business?
2012-08-04Kevin ListonVendors: More Patch-Release Options Please
2012-07-27Daniel WesemannCuckoo 0.4 is out - cool new features for malware analysis http://www.cuckoosandbox.org/
2012-07-25Johannes UllrichApple OS X 10.8 (Mountain Lion) released
2012-07-25Johannes UllrichMicrosoft Exchange/Sharepoint and others: Oracle Outside In Vulnerability
2012-07-24Richard PorterWireshark 1.8.1 Released http://www.wireshark.org/
2012-07-24Richard PorterReport of spike in DNS Queries gd21.net
2012-07-21Rick WannerTippingPoint DNS Version Request increase
2012-07-20Mark BaggettSyria Internet connection cut?
2012-07-19Mark BaggettDiagnosing Malware with Resource Monitor
2012-07-19Mark BaggettA Heap of Overflows?
2012-07-16Richard PorterSysinternals Update @ http://blogs.technet.com/b/sysinternals/archive/2012/07/16/updates-handle-v3-5-process-explorer-v15-22-process-monitor-v3-03-rammap-v1-21-zoomit-v4-3.aspx
2012-07-13Richard PorterYesterday (not as on the ball as Rob) at SANSFire
2012-07-13Russ McRee2 for 1: SANSFIRE & MSRA presentations
2012-07-13Russ McReeYahoo service SQL injection vuln leads to account exposure
2012-07-12Rick WannerCisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctms
2012-07-12Rick WannerCisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Recording Server - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctrs
2012-07-12Rick WannerCisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-cts
2012-07-12Rick WannerCisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Manager - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctsman
2012-07-10Rob VandenBrinkToday at SANSFIRE (09 July 2012) - ISC Panel Discussion on the State of the Internet
2012-07-09Johannes UllrichThe FBI will turn off the Internet on Monday (or not)
2012-07-09Manuel Humberto Santander PelaezInternet Storm Center panel tonight at SANSFIRE 2012!
2012-07-05Adrien de BeaupreNew OS X trojan backdoor MaControl variant reported
2012-07-05Adrien de BeaupreMicrosoft advanced notification for July 2012 patch Tuesday
2012-07-02Joel EslerLinux & Java leap second bug
2012-07-02Joel EslerA rough guide to keeping your website up
2012-07-02Dan GoldbergStorms of June 29th 2012 in Mid Atlantic region of the USA
2012-06-29Jim ClausingUpdated SysInternals tools - Autoruns, Process Explorer, Process Monitor, PSKill -- http://blogs.technet.com/b/sysinternals/archive/2012/06/28/updates-autoruns-v11-32-process-explorer-v15-21-process-monitor-v3-02-pskill-v1-15-rammap-v1-2.aspx
2012-06-28Chris MohanMassive spike in BGP traffic - Possible BGP poisoning?
2012-06-25Guy BruneauIssues with Windows Update Agent
2012-06-22Kevin ListonUpdated Poll: Which Patch Delivery Schedule Works the Best for You?
2012-06-21Raul SilesPrint Bomb? (Take 2)
2012-06-21Russ McReeAnalysis of drive-by attack sample set
2012-06-21Russ McReeWireshark 1.8.0 released 21 JUN 2012 http://www.wireshark.org/download.html
2012-06-19Daniel Wesemann Vulnerabilityqueerprocessbrittleness
2012-05-17Johannes UllrichNew IPv6 Video: IPv6 Router Advertisements https://isc.sans.edu/ipv6videos
2012-05-16Johannes UllrichAvira Antivirus false positives http://forum.avira.com/wbb/index.php?page=Thread&threadID=144875
2012-05-08Kevin ListonIncident-response without NTP
2012-05-05Tony CarothersVulnerability Assessment Program - Discussions
2012-05-02Bojan ZdrnjaMonitoring VMWare logs
2012-04-26Richard PorterDefine Irony: A medical device with a Virus?
2012-04-23Russ McReeEmergency Operations Centers & Security Incident Management: A Correlation
2012-04-18Kevin ShorttSysinternals Updates - 2012 Apr 17
2012-04-13Daniel WesemannAnti-virus scanning exclusions
2012-04-05Johannes UllrichEvil hides everywhere: Web Application Exploits in Headers
2012-03-16Guy BruneauVMware New and Updated Security Advisories
2012-03-09Guy BruneauVMware New and Updated Advisories
2012-01-31Russ McReeOSINT tactics: parsing from FOCA for Maltego
2012-01-25Bojan ZdrnjapcAnywhere users – patch now!
2012-01-13Guy BruneauSysinternals Updates - http://blogs.technet.com/b/sysinternals/archive/2012/01/13/updates-autoruns-v11-21-coreinfo-v3-03-portmon-v-3-03-process-explorer-v15-12-mark-s-blog-and-mark-at-rsa-2012.aspx
2011-12-23Daniel WesemannPrinter Pranks
2011-11-29John BambenekHacking HP Printers for Fun and Profit
2011-11-11Rick WannerYay! More Sysinternals updates! http://technet.microsoft.com/en-us/sysinternals
2011-11-03Richard PorterAn Apple, Inc. Sandbox to play in.
2011-10-29Richard PorterThe Sub Critical Control? Evidence Collection
2011-10-28Russ McReeCritical Control 19: Data Recovery Capability
2011-10-28Daniel WesemannCritical Control 20: Security Skills Assessment and Training to fill Gaps
2011-10-27Mark BaggettCritical Control 18: Incident Response Capabilities
2011-10-26Rick WannerCritical Control 17:Penetration Tests and Red Team Exercises
2011-10-17Rob VandenBrinkCritical Control 11: Account Monitoring and Control
2011-10-13Guy BruneauCritical Control 10: Continuous Vulnerability Assessment and Remediation
2011-10-12Kevin ShorttCritical Control 8 - Controlled Use of Administrative Privileges
2011-10-11Swa FrantzenCritical Control 7 - Application Software Security
2011-10-10Jim ClausingCritical Control 6 - Maintenance, Monitoring, and Analysis of Security Audit Logs
2011-10-07Mark HofmanCritical Control 5 - Boundary Defence
2011-10-04Rob VandenBrinkCritical Control 2 - Inventory of Authorized and Unauthorized Software
2011-10-04Johannes UllrichCritical Control 3 - Secure Configurations for Hardware and Software on Laptops, Workstations and Servers
2011-10-03Mark HofmanCritical Control 1 - Inventory of Authorized and Unauthorized Devices
2011-10-03Mark BaggettWhat are the 20 Critical Controls?
2011-10-03Tom ListonSecurity 101 : Security Basics in 140 Characters Or Less
2011-10-02Mark HofmanCyber Security Awareness Month Day 1/2 - Schedule
2011-10-02Mark HofmanCyber Security Awareness Month Day 1/2 - Introduction to the controls
2011-10-01Mark HofmanAdobe Photoshop for Windows Vulnerability (CVE-2011-2443)
2011-09-21Mark HofmanOctober 2011 Cyber Security Awareness Month
2011-09-19Guy BruneauMS Security Advisory Update - Fraudulent DigiNotar Certificates
2011-09-13Swa FrantzenGlobalSign back in operation
2011-09-04Lorna HutchesonSeveral Sites Defaced
2011-08-26Daniel WesemannUser Agent 007
2011-08-17Rob VandenBrinkSysinternal updates for ProcDump v4.0, Process Monitor v2.96, Process Explorer v15.02 ==> http://blogs.technet.com/b/sysinternals/
2011-08-15Mark HofmanHow to find unwanted files on workstations
2011-08-05Johannes UllrichMicrosoft Patch Tuesday Advance Notification: 13 Bulletins coming http://www.microsoft.com/technet/security/Bulletin/MS11-aug.mspx
2011-07-25Chris MohanMonday morning incident handler practice
2011-07-13Guy BruneauNew Sguil HTTPRY Agent
2011-07-11John BambenekAnother Defense Contractor Hacked in AntiSec Hacktivism Spree
2011-07-09Chris MohanSafer Windows Incident Response
2011-07-05Raul SilesHelping Developers Understand Security - Spot the Vuln
2011-07-03Deborah HaleBusiness Continuation in the Face of Disaster
2011-06-17Richard PorterWhen do you stop owning Technology?
2011-06-03Guy BruneauSonyPictures Site Compromised
2011-06-02Johannes UllrichSome Insight into Apple's Anti-Virus Signatures
2011-05-31Johannes UllrichApple Improving OS X Anti-Malware Feature
2011-05-20Guy BruneauSysinternals Updates, Analyzing Stuxnet Infection with Sysinternals Tools Part 3
2011-05-19Daniel WesemannFake AV Bingo
2011-05-18Bojan ZdrnjaAndroid, HTTP and authentication tokens
2011-05-04Richard PorterMicrosoft Sysinterals Update
2011-04-25Rob VandenBrinkSony PlayStation Network Outage - Day 5
2011-04-14Adrien de BeaupreSysinternals updates, a new blog post, and webcast
2011-04-07Chris MohanBeing a good internet neighbour
2011-03-25Kevin ListonAPT Tabletop Exercise
2011-03-22Chris MohanRead only USB stick trick
2011-03-17Kevin ListonSo You Got an AV Alert. Now What?
2011-03-09Kevin ShorttAVG Anti-Virus 2011 False Positives - Luhe.Exploit.PDF.B
2011-03-09Chris MohanPossible Issue with Forefront Update KB2508823
2011-03-01Daniel WesemannAV software and "sharing samples"
2011-02-25Johannes UllrichThunderbolt Security Speculations
2011-02-08Johannes UllrichTippingpoint Releases Details on Unpatched Bugs
2011-01-30Richard PorterThe Modern Dark Ages?
2011-01-27Robert DanfordMicrosoft Security Advisory for MHTML via Internet Explorer (MS2501696/CVE-2011-0096)
2011-01-23Richard PorterCrime is still Crime!
2011-01-18Daniel WesemannYet another rogue anti-virus
2011-01-12Richard PorterHow Many Loyalty Cards do you Carry?
2011-01-12Richard PorterYet Another Data Broker? AOL Lifestream.
2011-01-05Johannes UllrichCurrently Unpatched Windows / Internet Explorer Vulnerabilities
2010-12-19Raul SilesIntel's new processors have a remote kill switch (Anti-Theft 3.0)
2010-12-15Manuel Humberto Santander PelaezVulnerability in the PDF distiller of the BlackBerry Attachment Service
2010-12-05Jim ClausingUpdates to a couple of Sysinternals tools
2010-11-19Jason LamExchanging and sharing of assessment results
2010-11-11Daniel WesemannFake AV scams via Skype Chat
2010-11-01Manuel Humberto Santander PelaezCheckpoint UTM-1 edge VPN boxes worldwide did an unscheduled reboot
2010-10-31Marcus SachsCyber Security Awareness Month - Day 31 - Tying it all together
2010-10-30Guy BruneauCyber Security Awareness Month - Day 30 - Role of the network team
2010-10-29Manuel Humberto Santander PelaezCyber Security Awareness Month - Day 29- Role of the office geek
2010-10-28Rick WannerCyber Security Awareness Month - Day 27 - Social Media use in the office
2010-10-28Tony CarothersCyber Security Awareness Month - Day 28 - Role of the employee
2010-10-26Pedro BuenoCyber Security Awareness Month - Day 26 - Sharing Office Files
2010-10-25Kevin ShorttCyber Security Awareness Month - Day 25 - Using Home Computers for Work
2010-10-24Swa FrantzenCyber Security Awarenes Month - Day 24 - Using work computers at home
2010-10-23Mark HofmanCyber Security Awareness Month - Day 23 - The Importance of compliance
2010-10-22Daniel WesemannCyber Security Awareness Month - Day 22 - Security of removable media
2010-10-22Manuel Humberto Santander PelaezIntypedia project
2010-10-21Chris CarboniCyber Security Awareness Month - Day 21 - Impossible Requests from the Boss
2010-10-20Jim ClausingCyber Security Awareness Month - Day 20 - Securing Mobile Devices
2010-10-19Rob VandenBrinkCyber Security Awareness Month - Day 19 - Remote Access Tools
2010-10-19Rob VandenBrinkCyber Security Awareness Month - Day 19 - Remote User VPN Tunnels - to Split or not to Split?
2010-10-19Rob VandenBrinkCyber Security Awareness Month - Day 19 - VPN Architectures – SSL or IPSec?
2010-10-19Rob VandenBrinkCyber Security Awareness Month - Day 19 - Remote User VPN Access – Are things getting too easy, or too hard?
2010-10-19Rob VandenBrinkCyber Security Awareness Month - Day 19 - VPN and Remote Access Tools
2010-10-18Manuel Humberto Santander PelaezCyber Security Awareness Month - Day 18 - What you should tell your boss when there's a crisis
2010-10-17Stephen HallCyber Security Awareness Month - Day 17 - What a boss should and should not have access to
2010-10-15Marcus SachsCyber Security Awareness Month - Day 15 - What Teachers Need to Know About Their Students
2010-10-15Guy BruneauCyber Security Awareness Month - Day 16 - Securing a donated computer
2010-10-14Johannes UllrichCyber Security Awareness Month - Day 14 - Securing a public computer
2010-10-13Deborah HaleCyber Security Awareness Month - Day 13 - Online Bullying
2010-10-12Scott FendleyCyber Security Awareness Month - Day 12 - Protecting and Managing Your Digital Identity On Social Media Sites
2010-10-11Rick WannerCyber Security Awareness Month - Day 11 - Safe Browsing for Teens
2010-10-10Kevin ListonCyber Security Awareness Month - Day 10 - Safe browsing for pre-teens
2010-10-09Kevin ShorttCyber Security Awareness Month - Day 9 - Disposal of an Old Computer
2010-10-08Rick WannerCyber Security Awareness Month - Day 8 - Patch Management and System Updates
2010-10-06Rob VandenBrinkCyber Security Awareness Month - Day 7 - Remote Access and Monitoring Tools
2010-10-06Marcus SachsCyber Security Awareness Month - Day 6 - Computer Monitoring Tools
2010-10-05Rick WannerCyber Security Awareness Month - Day 5 - Sites you should stay away from
2010-10-04Daniel WesemannCyber Security Awareness Month - Day 4 - Managing EMail
2010-10-03Adrien de Beaupre Cyber Security Awareness Month - Day 3 - Recognizing phishing and online scams
2010-10-02Mark HofmanCyber Security Awareness Month - Day 2 - Securing the Family Network
2010-10-01Marcus SachsCyber Security Awareness Month - 2010
2010-10-01Marcus SachsCyber Security Awareness Month - Day 1 - Securing the Family PC
2010-09-26Daniel WesemannEgosurfing, the corporate way
2010-09-21Johannes UllrichImplementing two Factor Authentication on the Cheap
2010-09-04Kevin ListonInvestigating Malicious Website Reports
2010-08-22Rick WannerFailure of controls...Spanair crash caused by a Trojan
2010-08-19Rob VandenBrinkChange is Good. Change is Bad. Change is Life.
2010-08-16Raul SilesBlind Elephant: A New Web Application Fingerprinting Tool
2010-08-08Marcus SachsThinking about Cyber Security Awareness Month in October
2010-08-05Manuel Humberto Santander PelaezAdobe Acrobat Font Parsing Integer Overflow Vulnerability
2010-08-05Rob VandenBrinkAccess Controls for Network Infrastructure
2010-08-04Tom ListonIncident Reporting - Liston's "How-To" Guide
2010-08-03Johannes UllrichWhen Lightning Strikes
2010-08-02Manuel Humberto Santander PelaezSecuring Windows Internet Kiosk
2010-07-25Rick WannerUpdated version of Mandiant's Web Historian
2010-07-24Manuel Humberto Santander PelaezTransmiting logon information unsecured in the network
2010-07-23Mark HofmanSome of our favourite sysinternals tools have been updated. TCPview, Autoruns, ProcDump and Disk2vhd have changed. More here http://blogs.technet.com/b/sysinternals/archive/2010/07/22/updates-tcpview-v3-0-autoruns-v10-02-procdump-v1-81-disk2vhd-v1-61.aspx
2010-07-15Deborah HaleBe on the Alert
2010-07-08Kyle HaugsnessUbuntu privilege escalation via PAM
2010-06-18Tom ListonIMPORTANT INFORMATION: Distributed SSH Brute Force Attacks
2010-06-17Deborah HaleInternet Fraud Alert Kicks Off Today
2010-06-15Manuel Humberto Santander PelaezMicrosoft Windows Help and Support Center vulnerability (CVE 2010-1885) exploit in the wild
2010-06-14Manuel Humberto Santander PelaezPython on a microcontroller?
2010-06-10Deborah HaleMicrosoft Help Centre Handling of Escape Sequences May Lead to Exploit
2010-06-07Manuel Humberto Santander PelaezSoftware Restriction Policy to keep malware away
2010-06-06Manuel Humberto Santander PelaezNice OS X exploit tutorial
2010-06-04Johannes UllrichChanges to Internet Storm Center Host Name
2010-05-26Bojan ZdrnjaMalware modularization and AV detection evasion
2010-05-22Rick WannerSANS 2010 Digital Forensics Summit - APT Based Forensic Challenge
2010-05-16Rick WannerSymantec triggers on World of Warcraft update
2010-04-30Kevin ListonCVE-2010-0817 SharePoint XSS Scorecard
2010-04-30Johannes UllrichSharepoint XSS Vulnerability
2010-04-27Rob VandenBrinkLayer 2 Security - L2TPv3 for Disaster Recovery Sites
2010-04-20Raul SilesAre You Ready for a Transportation Collapse...?
2010-03-21Chris CarboniResponding To The Unexpected
2010-03-18Bojan ZdrnjaDangers of copy&paste
2010-03-10Rob VandenBrinkMicrosoft re-release of KB973811 - attacks on Extended Protection for Authentication
2010-03-07Mari NicholsDHS issues Cybersecurity challenge
2010-03-06Tony CarothersIntegration and the Security of New Technologies
2010-02-22Rob VandenBrinkNew Risks in Penetration Testing
2010-02-17Rob VandenBrinkMultiple Security Updates for ESX 3.x and ESXi 3.x
2010-02-17Rob VandenBrinkCisco Security Agent Security Updates: cisco-sa-20100217-csa
2010-02-15Johannes UllrichVarious Olympics Related Dangerous Google Searches
2010-02-10Marcus SachsDatacenters and Directory Traversals
2010-02-07Rick WannerMandiant Mtrends Report
2010-02-03Johannes UllrichInformation Disclosure Vulnerability in Internet Explorer
2010-01-29Adrien de BeaupreNeo-legacy applications
2010-01-24Pedro BuenoOutdated client applications
2010-01-23Lorna HutchesonThe necessary evils: Policies, Processes and Procedures
2010-01-22Mari NicholsPass-down for a Successful Incident Response
2010-01-14Bojan Zdrnja0-day vulnerability in Internet Explorer 6, 7 and 8
2009-12-29Rick WannerWhat's up with port 12174? Possible Symantec server compromise?
2009-12-14Adrien de BeaupreAnti-forensics, COFEE vs. DECAF
2009-12-09Swa Frantzenntpd upgrade to prevent spoofed looping
2009-12-03Mark HofmanAvast false positives
2009-11-29Patrick Nolan A Cloudy Weekend
2009-11-25Jim ClausingUpdates to my GREM Gold scripts and a new script
2009-11-24Rick WannerMicrosoft Security Advisory 977981 - IE 6 and IE 7
2009-10-31Rick WannerCyber Security Awareness Month - Day 31, ident
2009-10-29Kyle HaugsnessCyber Security Awareness Month - Day 29 - dns port 53
2009-10-29Johannes UllrichHelp me assemble a list of "days of doom" as a followup to the ntp diary. http://jbu.me/25
2009-10-28Johannes UllrichCyber Security Awareness Month - Day 28 - ntp (123/udp)
2009-10-25Lorna HutchesonCyber Security Awareness Month - Day 25 - Port 80 and 443
2009-10-22Adrien de BeaupreCyber Security Awareness Month - Day 22 port 502 TCP - Modbus
2009-10-22Adrien de BeaupreSysinternals updates: Disk2vhd v1.1, ZoomIt v4.1, Coreinfo v2.0, VMMap v2.4
2009-10-19Daniel WesemannCyber Security Awareness Month - Day 19 - ICMP
2009-10-18Mari NicholsComputer Security Awareness Month - Day 18 - Telnet an oldie but a goodie
2009-10-16Adrien de BeaupreCyber Security Awareness Month - Day 16 - Port 1521 - Oracle TNS Listener
2009-10-11Mark HofmanCyber Security Awareness Month - Day 12 Ports 161/162 Simple Network Management Protocol (SNMP)
2009-10-09Rob VandenBrinkCyber Security Awareness Month - Day 9 - Port 3389/tcp (RDP)
2009-10-06Adrien de BeaupreCyber Security Awareness Month - Day 6 ports 67&68 udp - bootp and dhcp
2009-10-05Adrien de BeaupreCyber Security Awareness Month - Day 5 port 31337
2009-10-02Stephen HallCyber Security Awareness Month - Day 2 - Port 0
2009-10-02Stephen HallNew SysInternal fun for the weekend
2009-09-25Lenny ZeltserCategories of Common Malware Traits
2009-09-19Rick WannerSysinternals Tools Updates
2009-09-17Bojan ZdrnjaWhy is Rogue/Fake AV so successful?
2009-09-04Adrien de BeaupreFake anti-virus
2009-08-29Guy BruneauImmunet Protect - Cloud and Community Malware Protection
2009-08-19Daniel WesemannChecking your protection
2009-08-18Deborah HaleSysinternals Procdump Updated
2009-08-17Adrien de BeaupreYAMWD: Yet Another Mass Web Defacement
2009-08-13Johannes UllrichCA eTrust update crashes systems
2009-07-27Raul SilesFilemon and Regmon are dead, long life to Procmon!
2009-07-18Patrick NolanChrome update contains Security fixes
2009-07-16Guy BruneauChanges in Windows Security Center
2009-07-11Marcus SachsImageshack
2009-06-16John BambenekIran Internet Blackout: Using Twitter for Operational Intelligence
2009-06-11Rick WannerMIR-ROR Motile Incident Response - Respond Objectively Remediate
2009-06-10Rick WannerSysInternals Survey
2009-05-31Tony CarothersL0phtcrack is Back!
2009-05-25Jim ClausingNTPD autokey vulnerability
2009-05-19Rick WannerNew Version of Mandiant Highlighter
2009-05-11Mari NicholsSysinternals Updates 3 Applications
2009-05-01Adrien de BeaupreIncident Management
2009-04-24John BambenekData Leak Prevention: Proactive Security Requirements of Breach Notification Laws
2009-04-20Jason LamDigital Content on TV
2009-04-19Mari NicholsProviding Accurate Risk Assessments
2009-04-16Adrien de BeaupreIncident Response vs. Incident Handling
2009-04-16Adrien de BeaupreStrange Windows Event Log entry
2009-03-20donald smithStealthier then a MBR rootkit, more powerful then ring 0 control, it’s the soon to be developed SMM root kit.
2009-03-13Mark HofmanUbuntu users, today is a good day to patch
2009-03-10Swa FrantzenBrowser plug-ins, transparent proxies and same origin policies
2009-03-10Swa Frantzenconspiracy fodder: pifts.exe
2009-02-22Mari NicholsThe Internet Safety Act of 2009
2009-02-06Adrien de BeaupreTime to patch your HP printers
2009-02-05Rick WannerMandiant Memoryze review, Hilighter, other Mandiant tools!
2009-01-31John BambenekGoogle Search Engine's Malware Detection Broken
2009-01-12William SaluskyDownadup / Conficker - MS08-067 exploit and Windows domain account lockout
2009-01-03Rick WannerGaza<->Israel Defacements/Hacks
2008-12-28Raul SilesLevel3 Outage?
2008-12-17donald smithInternet Explorer 960714 is released
2008-12-10Bojan Zdrnja0-day exploit for Internet Explorer in the wild
2008-12-09Swa FrantzenContacting us might be hard today
2008-12-01Jason LamCall for volunteers - Web Honeypot Project
2008-11-29Pedro BuenoUbuntu users: Time to update!
2008-11-17Jim ClausingA new cheat sheet and a contest
2008-11-14Stephen HallMore updated tools
2008-11-12John BambenekThoughts on Security Intelligence (McColo Corp alleged spam/malware host knocked offline)
2008-11-05donald smithBot net hunters get an improved tool from SRI bothunters
2008-10-31Rick WannerSprint-Cogent Peering Issue
2008-10-30Kevin ListonMaking Intelligence Actionable: Part 2
2008-10-29Deborah HaleDay 29 - Should I Switch Software Vendors?
2008-10-18Rick WannerUpdates to SysInternals tools!
2008-10-17Rick WannerDay 18 - Containing Other Incidents
2008-10-15Rick WannerDay 15 - Containing the Damage From a Lost or Stolen Laptop
2008-10-12Mari NicholsDay 12 Containment: Gathering Evidence That Can be Used in Court
2008-10-07Kyle HaugsnessCogent peering problems
2008-10-01Rick WannerHandler Mailbag
2008-09-21Mari NicholsYou still have time!
2008-09-18Bojan ZdrnjaMonitoring HTTP User-Agent fields
2008-09-15donald smithFake antivirus 2009 and search engine results
2008-09-09Swa Frantzenwordpress upgrade
2008-07-15Maarten Van HorenbeeckBlackBerry PDF parsing vulnerability
2008-07-08Swa FrantzenSecurity implications in HVAC equipment
2008-07-07Jason LamWe need academic volunteers - Web security research
2008-06-23donald smithPreventing SQL injection
2008-04-22donald smithSymantec decomposer rar bypass allowed malicious content.
2008-04-16William StearnsPasser, a aassive machine and service sniffer
2008-04-07John BambenekHP USB Keys Shipped with Malware for your Proliant Server
2008-03-30Mark HofmanMail Anyone?
2008-03-12Joel EslerDon't use G-Archiver
2006-10-30William SaluskyToD - Configuration Management - maintaining security awareness
2006-10-05John BambenekThere are no more Passive Exploits
2006-09-29Kevin ListonA Report from the Field
2006-09-28Swa FrantzenPowerpoint, yet another new vulnerability
2006-09-06Johannes UllrichUpdated Packet Attack flash animation
2006-08-31Swa FrantzenNT botnet submitted