Date Author Title
2024-03-28Xavier MertensFrom JavaScript to AsyncRAT
2023-12-23Xavier MertensPython Keylogger Using Mailtrap.io
2023-12-20Guy BruneauHow to Protect your Webserver from Directory Enumeration Attack ? Apache2 [Guest Diary]
2023-11-18Xavier MertensQuasar RAT Delivered Through Updated SharpLoader
2023-08-20Guy BruneauSystemBC Malware Activity
2023-08-18Xavier MertensFrom a Zalando Phishing to a RAT
2023-08-11Xavier MertensShow me All Your Windows!
2023-06-29Brad DuncanGuLoader- or DBatLoader/ModiLoader-style infection for Remcos RAT
2023-06-16Xavier MertensAnother RAT Delivered Through VBS
2023-05-30Brad DuncanMalspam pushes ModiLoader (DBatLoader) infection for Remcos RAT
2023-05-20Xavier MertensPhishing Kit Collecting Victim's IP Address
2023-05-19Xavier MertensWhen the Phisher Messes Up With Encoding
2023-05-14Guy BruneauVMware Aria Operations addresses multiple Local Privilege Escalations and a Deserialization issue
2023-05-07Didier StevensQuickly Finding Encoded Payloads in Office Documents
2023-05-03Xavier MertensIncreased Number of Configuration File Scans
2023-03-12Guy BruneauAsynRAT Trojan - Bill Payment (Pago de la factura)
2023-03-11Xavier MertensOverview of a Mirai Payload Generator
2022-10-21Brad Duncansczriptzzbn inject pushes malware for NetSupport RAT
2022-09-22Xavier MertensRAT Delivered Through FODHelper
2022-07-28Johannes UllrichExfiltrating Data With Bookmarks
2022-06-16Xavier MertensHoudini is Back Delivered Through a JavaScript Dropper
2022-06-04Guy BruneauSpam Email Contains a Very Large ISO file
2022-05-20Xavier MertensA 'Zip Bomb' to Bypass Security Controls & Sandboxes
2022-05-05Brad DuncanPassword-protected Excel spreadsheet pushes Remcos RAT
2022-05-03Rob VandenBrinkFinding the Real "Last Patched" Day (Interim Version)
2022-03-11Xavier MertensKeep an Eye on WebSockets
2022-03-09Xavier MertensInfostealer in a Batch File
2022-02-18Xavier MertensRemcos RAT Delivered Through Double Compressed Archive
2022-02-11Xavier MertensCinaRAT Delivered Through HTML ID Attributes
2022-01-07Xavier MertensCustom Python RAT Builder
2021-12-01Xavier MertensInfo-Stealer Using webhook.site to Exfiltrate Data
2021-11-04Brad DuncanOctober 2021 Forensic Contest: Answers and Analysis
2021-09-01Brad DuncanSTRRAT: a Java-based RAT that doesn't care if you have Java
2021-06-21Rick WannerMitre CWE - Common Weakness Enumeration
2021-04-09Xavier MertensNo Python Interpreter? This Simple RAT Installs Its Own Copy
2021-03-31Xavier MertensQuick Analysis of a Modular InfoStealer
2021-03-04Xavier MertensFrom VBS, PowerShell, C Sharp, Process Hollowing to RAT
2021-02-24Brad DuncanMalspam pushes GuLoader for Remcos RAT
2021-02-04Bojan ZdrnjaAbusing Google Chrome extension syncing for data exfiltration and C&C
2020-10-14Xavier MertensNicely Obfuscated Python RAT
2020-09-30Johannes UllrichScans for FPURL.xml: Reconnaissance or Not?
2020-09-28Xavier MertensSome Tyler Technologies Customers Targeted with The Installation of a Bomgar Client
2020-08-25Xavier MertensKeep An Eye on LOLBins
2020-08-18Xavier MertensUsing API's to Track Attackers
2020-08-10Bojan ZdrnjaScoping web application and web service penetration tests
2020-08-04Johannes UllrichInternet Choke Points: Concentration of Authoritative Name Servers
2020-05-14Rob VandenBrinkPatch Tuesday Revisited - CVE-2020-1048 isn't as "Medium" as MS Would Have You Believe
2020-04-17Xavier MertensWeaponized RTF Document Generator & Mailer in PowerShell
2020-02-05Brad DuncanFake browser update pages are "still a thing"
2020-01-10Xavier MertensMore Data Exfiltration
2019-10-29Xavier MertensGenerating PCAP Files from YAML
2019-09-27Xavier MertensNew Scans for Polycom Autoconfiguration Files
2019-09-25Brad DuncanMalspam pushing Quasar RAT
2019-09-19Xavier MertensAgent Tesla Trojan Abusing Corporate Email Accounts
2019-09-19Xavier MertensBlocklisting or Whitelisting in the Right Way
2019-04-26Rob VandenBrinkPillaging Passwords from Service Accounts
2019-04-24Rob VandenBrinkWhere have all the Domain Admins gone? Rooting out Unwanted Domain Administrators
2019-03-06Xavier MertensKeep an Eye on Disposable Email Addresses
2018-11-27Rob VandenBrinkData Exfiltration in Penetration Tests
2018-09-19Rob VandenBrinkCertificates Revisited - SSL VPN Certificates 2 Ways
2018-09-05Rob VandenBrinkWhere have all my Certificates gone? (And when do they expire?)
2018-08-24Xavier MertensMicrosoft Publisher Files Delivering Malware
2018-06-15Lorna HutchesonSMTP Strangeness - Possible C2
2018-05-19Xavier MertensMalicious Powershell Targeting UK Bank Customers
2018-05-10Bojan ZdrnjaExfiltrating data from (very) isolated environments
2017-12-13Xavier MertensTracking Newly Registered Domains
2017-11-03Xavier MertensSimple Analysis of an Obfuscated JAR File
2017-08-17Xavier MertensMaldoc with auto-updated link
2017-06-08Tom WebbSummer STEM for Kids
2017-05-10Johannes UllrichRead This If You Are Using a Script to Pull Data From This Site
2017-04-20Xavier MertensDNS Query Length... Because Size Does Matter
2016-09-04Russ McReeKali Linux 2016.2 Release: https://www.kali.org/news/kali-linux-20162-release/
2016-07-26Johannes UllrichCommand and Control Channels Using "AAAA" DNS Records
2016-06-15Richard PorterWarp Speed Ahead, L7 Open Source Packet Generator: Warp17
2016-04-02Russell EubanksWhy Can't We Be Friends?
2015-12-24Xavier MertensUnity Makes Strength
2015-11-09John BambenekProtecting Users and Enterprises from the Mobile Malware Threat
2015-09-03Xavier MertensQuerying the DShield API from RTIR
2014-08-22Richard PorterOCLHashCat 1.30 Released
2014-08-09Adrien de BeaupreComplete application ownage via Multi-POST XSRF
2014-07-19Russ McReeKeeping the RATs out: the trap is sprung - Part 3
2014-07-18Russ McReeKeeping the RATs out: **it happens - Part 2
2014-07-16Russ McReeKeeping the RATs out: an exercise in building IOCs - Part 1
2014-03-13Daniel WesemannIdentification and authentication are hard ... finding out intention is even harder
2013-06-18Russ McReeVolatility rules...any questions?
2013-04-25Adam SwangerGuest Diary: Dylan Johnson - A week in the life of some Perimeter Firewalls
2013-04-17John BambenekUPDATEDx1: Boston-Related Malware Campaigns Have Begun - Now with Waco Plant Explosion Fun
2013-04-16John BambenekFake Boston Marathon Scams Update
2013-04-15John BambenekPlease send any spam (full headers), URLs or other suspicious content scamming off Boston Marathon explosions to handlers@sans.org
2013-03-03Richard PorterUptick in MSSQL Activity
2013-02-06Johannes UllrichAre you losing system logging information (and don't know it)?
2012-10-30Mark HofmanCyber Security Awareness Month - Day 30 - DSD 35 mitigating controls
2012-05-22Johannes Ullrichnmap 6 released
2012-01-03Rick WannerAnalysis of the Stratfor Password List
2011-12-25Deborah HaleAnother Company Falls Victim
2011-10-26Rick WannerCritical Control 17:Penetration Tests and Red Team Exercises
2010-10-03Adrien de BeaupreCanada's Cyber Security Strategy released today
2010-08-23Manuel Humberto Santander PelaezFirefox plugins to perform penetration testing activities
2010-08-16Raul SilesBlind Elephant: A New Web Application Fingerprinting Tool
2010-07-08Kyle HaugsnessPirate Bay account database compromised
2010-06-06Manuel Humberto Santander PelaezNice OS X exploit tutorial
2010-04-13Adrien de BeaupreWeb App Testing Tools
2010-03-06Tony CarothersIntegration and the Security of New Technologies
2010-02-22Rob VandenBrinkNew Risks in Penetration Testing
2009-07-27Raul SilesNew Hacker Challenge: Prison Break - Breaking, Entering & Decoding
2009-04-21Bojan ZdrnjaWeb application vulnerabilities
2009-01-20Adrien de BeaupreObamamania
2008-11-25Andre LudwigThe beginnings of a collaborative approach to IDS
2008-09-20Rick WannerNew (to me) nmap Features
2008-07-18Adrien de BeaupreExit process?
2008-03-30Mark HofmanMail Anyone?