UN PEACKEEEPING |
| 2021-08-04 | Yee Ching Tok | Pivoting and Hunting for Shenanigans from a Reported Phishing Domain |
UN |
| 2025-04-02/a> | Johannes Ullrich | Surge in Scans for Juniper "t128" Default User |
| 2025-02-27/a> | Xavier Mertens | Njrat Campaign Using Microsoft Dev Tunnels |
| 2025-02-24/a> | Jim Clausing | Unfurl v2025.02 released |
| 2025-02-20/a> | Guy Bruneau | Using ES|QL in Kibana to Queries DShield Honeypot Logs |
| 2025-02-05/a> | Johannes Ullrich | Phishing via "com-" prefix domains |
| 2024-12-31/a> | Xavier Mertens | No Holiday Season for Attackers |
| 2024-12-24/a> | Xavier Mertens | More SSH Fun! |
| 2024-12-17/a> | Guy Bruneau | Command Injection Exploit For PHPUnit before 4.8.28 and 5.x before 5.6.3 [Guest Diary] |
| 2024-10-03/a> | Guy Bruneau | Kickstart Your DShield Honeypot [Guest Diary] |
| 2024-09-25/a> | Guy Bruneau | OSINT - Image Analysis or More Where, When, and Metadata [Guest Diary] |
| 2024-09-11/a> | Guy Bruneau | Hygiene, Hygiene, Hygiene! [Guest Diary] |
| 2024-09-04/a> | Guy Bruneau | Attack Surface [Guest Diary] |
| 2024-08-27/a> | Guy Bruneau | Vega-Lite with Kibana to Parse and Display IP Activity over Time |
| 2024-08-23/a> | Jesse La Grew | Pandas Errors: What encoding are my logs in? |
| 2024-08-20/a> | Guy Bruneau | Mapping Threats with DNSTwist and the Internet Storm Center [Guest Diary] |
| 2024-08-07/a> | Guy Bruneau | Same Scripts, Different Day: What My DShield Honeypot Taught Me About the Importance of Security Fundamentals [Guest Diary] |
| 2024-07-16/a> | Guy Bruneau | Who You Gonna Call? AndroxGh0st Busters! [Guest Diary] |
| 2024-07-08/a> | Xavier Mertens | Kunai: Keep an Eye on your Linux Hosts Activity |
| 2024-06-26/a> | Guy Bruneau | What Setting Live Traps for Cybercriminals Taught Me About Security [Guest Diary] |
| 2024-06-20/a> | Guy Bruneau | No Excuses, Free Tools to Help Secure Authentication in Ubuntu Linux [Guest Diary] |
| 2024-06-13/a> | Guy Bruneau | The Art of JQ and Command-line Fu [Guest Diary] |
| 2024-05-28/a> | Guy Bruneau | Is that It? Finding the Unknown: Correlations Between Honeypot Logs & PCAPs [Guest Diary] |
| 2024-05-22/a> | Guy Bruneau | Analysis of ?redtail? File Uploads to ICS Honeypot, a Multi-Architecture Coin Miner [Guest Diary] |
| 2024-04-16/a> | Yee Ching Tok | Rolling Back Packages on Ubuntu/Debian |
| 2024-04-07/a> | Guy Bruneau | A Use Case for Adding Threat Hunting to Your Security Operations Team. Detecting Adversaries Abusing Legitimate Tools in A Customer Environment. [Guest Diary] |
| 2024-02-27/a> | Johannes Ullrich | Take Downs and the Rest of Us: Do they matter? |
| 2024-02-25/a> | Guy Bruneau | Utilizing the VirusTotal API to Query Files Uploaded to DShield Honeypot [Guest Diary] |
| 2023-12-10/a> | Guy Bruneau | Honeypots: From the Skeptical Beginner to the Tactical Enthusiast |
| 2023-08-17/a> | Jesse La Grew | Command Line Parsing - Are These Really Unique Strings? |
| 2023-06-09/a> | Xavier Mertens | Undetected PowerShell Backdoor Disguised as a Profile File |
| 2023-02-21/a> | Xavier Mertens | Phishing Page Branded with Your Corporate Website |
| 2022-12-20/a> | Xavier Mertens | Linux File System Monitoring & Actions |
| 2022-12-19/a> | Xavier Mertens | Hunting for Mastodon Servers |
| 2022-11-04/a> | Xavier Mertens | Remcos Downloader with Unicode Obfuscation |
| 2022-08-31/a> | Johannes Ullrich | Underscores and DNS: The Privacy Story |
| 2022-08-23/a> | Xavier Mertens | Who's Looking at Your security.txt File? |
| 2022-07-23/a> | Guy Bruneau | Analysis of SSH Honeypot Data with PowerBI |
| 2022-06-17/a> | Bojan Zdrnja | Critical vulnerability in Splunk Enterprise?s deployment server functionality |
| 2022-06-02/a> | Johannes Ullrich | Quick Answers in Incident Response: RECmd.exe |
| 2022-04-05/a> | Johannes Ullrich | WebLogic Crypto Miner Malware Disabling Alibaba Cloud Monitoring Tools |
| 2022-03-12/a> | Didier Stevens | ICMP Messages: Original Datagram Field |
| 2022-02-18/a> | Xavier Mertens | Remcos RAT Delivered Through Double Compressed Archive |
| 2022-02-01/a> | Xavier Mertens | Automation is Nice But Don't Replace Your Knowledge |
| 2021-12-15/a> | Xavier Mertens | Simple but Undetected PowerShell Backdoor |
| 2021-11-30/a> | Johannes Ullrich | Hunting for PHPUnit Installed via Composer |
| 2021-11-04/a> | Tom Webb | Xmount for Disk Images |
| 2021-08-04/a> | Yee Ching Tok | Pivoting and Hunting for Shenanigans from a Reported Phishing Domain |
| 2021-05-18/a> | Xavier Mertens | From RunDLL32 to JavaScript then PowerShell |
| 2021-03-17/a> | Xavier Mertens | Defenders, Know Your Operating System Like Attackers Do! |
| 2021-03-05/a> | Xavier Mertens | Spam Farm Spotted in the Wild |
| 2021-01-21/a> | Xavier Mertens | Powershell Dropping a REvil Ransomware |
| 2021-01-19/a> | Russ McRee | Gordon for fast cyber reputation checks |
| 2020-08-24/a> | Xavier Mertens | Tracking A Malware Campaign Through VT |
| 2020-07-23/a> | Xavier Mertens | Simple Blocklisting with MISP & pfSense |
| 2020-06-25/a> | Johannes Ullrich | Tech Tuesday Recap / Recordings: Part 2 (Installing the Honeypot) release. |
| 2020-03-13/a> | Rob VandenBrink | Not all Ethernet NICs are Created Equal - Trying to Capture Invalid Ethernet Frames |
| 2020-01-25/a> | Guy Bruneau | Is Threat Hunting the new Fad? |
| 2020-01-21/a> | Russ McRee | DeepBlueCLI: Powershell Threat Hunting |
| 2019-10-10/a> | Rob VandenBrink | Mining Live Networks for OUI Data Oddness |
| 2019-07-17/a> | Xavier Mertens | Analyzis of DNS TXT Records |
| 2019-05-06/a> | Didier Stevens | Text and Text |
| 2019-05-01/a> | Xavier Mertens | Another Day, Another Suspicious UDF File |
| 2019-04-26/a> | Rob VandenBrink | Pillaging Passwords from Service Accounts |
| 2019-04-25/a> | Rob VandenBrink | Service Accounts Redux - Collecting Service Accounts with PowerShell |
| 2019-03-27/a> | Xavier Mertens | Running your Own Passive DNS Service |
| 2019-02-19/a> | Didier Stevens | Identifying Files: Failure Happens |
| 2019-01-27/a> | Russell Eubanks | Resolve to Be More Involved In Your Local Community - REVISITED |
| 2018-11-20/a> | Xavier Mertens | Querying DShield from Cortex |
| 2018-11-07/a> | Bojan Zdrnja | Tunneling scanners (or really anything) over SSH |
| 2018-10-17/a> | Russ McRee | RedHunt Linux - Adversary Emulation, Threat Hunting & Intelligence |
| 2018-09-20/a> | Xavier Mertens | Hunting for Suspicious Processes with OSSEC |
| 2018-08-10/a> | Remco Verhoef | Hunting SSL/TLS clients using JA3 |
| 2018-06-21/a> | Xavier Mertens | Are Your Hunting Rules Still Working? |
| 2018-04-27/a> | Tom Webb | More Threat Hunting with User Agent and Drupal Exploits |
| 2018-03-05/a> | Xavier Mertens | Malicious Bash Script with Multiple Features |
| 2017-12-02/a> | Xavier Mertens | Using Bad Material for the Good |
| 2017-11-23/a> | Xavier Mertens | Proactive Malicious Domain Search |
| 2017-10-18/a> | Renato Marinho | Baselining Servers to Detect Outliers |
| 2017-09-02/a> | Xavier Mertens | AutoIT based malware back in the wild |
| 2017-07-09/a> | Russ McRee | Adversary hunting with SOF-ELK |
| 2017-05-08/a> | Renato Marinho | Exploring a P2P Transient Botnet - From Discovery to Enumeration |
| 2017-04-16/a> | Johannes Ullrich | Tool to Detect Active Phishing Attacks Using Unicode Look-Alike Domains |
| 2017-03-15/a> | Xavier Mertens | Retro Hunting! |
| 2017-01-28/a> | Guy Bruneau | Request for Packets and Logs - TCP 5358 |
| 2016-11-24/a> | Didier Stevens | Extracting Shellcode From JavaScript |
| 2016-07-12/a> | Xavier Mertens | Hunting for Malicious Files with MISP + OSSEC |
| 2016-05-26/a> | Xavier Mertens | Keeping an Eye on Tor Traffic |
| 2016-03-30/a> | Xavier Mertens | What to watch with your FIM? |
| 2016-02-26/a> | Xavier Mertens | Quick Audit of *NIX Systems |
| 2015-12-22/a> | Rick Wanner | The other Juniper vulnerability - CVE-2015-7756 |
| 2015-12-10/a> | Rob VandenBrink | Uninstalling Problem Applications using Powershell |
| 2015-11-09/a> | John Bambenek | ICYMI: Widespread Unserialize Vulnerability in Java |
| 2015-08-16/a> | Guy Bruneau | Are you a "Hunter"? |
| 2015-08-12/a> | Rob VandenBrink | Windows Service Accounts - Why They're Evil and Why Pentesters Love them! |
| 2015-07-17/a> | Didier Stevens | Autoruns and VirusTotal |
| 2015-05-23/a> | Guy Bruneau | Business Value in "Big Data" |
| 2015-04-29/a> | Daniel Wesemann | UDP/3478 to Amazon 54.84.9.242 -- got packets? (solved) |
| 2015-02-10/a> | Mark Baggett | Detecting Mimikatz Use On Your Network |
| 2015-01-23/a> | Adrien de Beaupre | Infocon change to yellow for Adobe Flash issues |
| 2014-11-24/a> | Richard Porter | Someone is using this? PoS: Compressor |
| 2014-10-14/a> | Johannes Ullrich | Updates for Firefox and Thunderbird. http://www.mozilla.org/firefox/new/ |
| 2014-04-29/a> | Russ McRee | Firefox 29.0 & Thunderbird 24.5 released: http://www.mozilla.org/security/known-vulnerabilities/ |
| 2014-04-28/a> | Russ McRee | Ubuntu 14.04 lockscreen bypass |
| 2014-04-21/a> | Daniel Wesemann | Allow us to leave! |
| 2014-03-22/a> | Guy Bruneau | How the Compromise of a User Account Lead to a Spam Incident |
| 2014-02-18/a> | Johannes Ullrich | More Details About "TheMoon" Linksys Worm |
| 2014-01-22/a> | Chris Mohan | iTunes 11.1.4 is now available - addressing numerous CVEs |
| 2014-01-10/a> | Basil Alawi S.Taher | Windows Autorun-3 |
| 2014-01-01/a> | Russ McRee | Six degrees of celebration: Juniper, ANT, Shodan, Maltego, Cisco, and Tails |
| 2013-11-02/a> | Rick Wanner | Protecting Your Family's Computers |
| 2013-11-01/a> | Russ McRee | Secunia's PSI Country Report - Q3 2013 |
| 2013-09-18/a> | Rob VandenBrink | iTunes 11.1 released, fixes CVE-2013-1035 remote code execution vulnerability. (Look for specifics at http://support.apple.com/kb/HT1222 sometime soon) |
| 2013-09-07/a> | Guy Bruneau | Microsoft September Patch Pre-Announcement |
| 2013-07-21/a> | Guy Bruneau | Ubuntu Forums Security Breach |
| 2013-07-12/a> | Johannes Ullrich | Microsoft Teredo Server "Sunset" |
| 2013-06-21/a> | Guy Bruneau | Sysinternals Updates for Autoruns, Strings & ZoomIt http://blogs.technet.com/b/sysinternals/archive/2013/06/20/updates-autoruns-v11-61-strings-v2-52-zoomit-v4-5.aspx |
| 2013-06-20/a> | Guy Bruneau | HP iLO3/iLO4 Remote Unauthorized Access with Single-Sign-On |
| 2013-05-20/a> | Johannes Ullrich | Ubuntu Package available to submit firewall logs to DShield |
| 2013-05-14/a> | Swa Frantzen | Firefox & Thunderbird released |
| 2013-04-03/a> | Mark Hofman | Firefox 20 and Thunderbird 17.0.5 updates |
| 2013-03-28/a> | John Bambenek | Where Were You During the Great DDoS Cybergeddon of 2013? |
| 2013-02-25/a> | Johannes Ullrich | Punkspider enumerates web application vulnerabilities |
| 2013-02-20/a> | Johannes Ullrich | Update Palooza |
| 2013-01-30/a> | Richard Porter | Getting Involved with the Local Community |
| 2013-01-10/a> | Rob VandenBrink | What Else runs Telnets? Or, Pentesters Love Video Conferencing Units Too! |
| 2013-01-09/a> | Rob VandenBrink | Firefox and Thunderbird Updates |
| 2012-12-10/a> | Johannes Ullrich | Your CPA License has not been revoked |
| 2012-10-30/a> | Richard Porter | Splunk 5.0 SP-CAAAHB4 http://www.splunk.com/view/SP-CAAAHB4 |
| 2012-10-11/a> | Rob VandenBrink | Firefox 16 / Thunderbird 16 updates |
| 2012-07-25/a> | Johannes Ullrich | Apple OS X 10.8 (Mountain Lion) released |
| 2012-06-29/a> | Bojan Zdrnja | DShield for Splunk |
| 2012-06-12/a> | Scott Fendley | Apple iTunes Security Update |
| 2012-06-06/a> | Jim Clausing | Firefox, Thunderbird, and Seamonkey Security Updates |
| 2012-03-07/a> | Guy Bruneau | Reflected XSS in Splunk Web Affecting Version 4.0 to 4.3 |
| 2012-01-13/a> | Guy Bruneau | Sysinternals Updates - http://blogs.technet.com/b/sysinternals/archive/2012/01/13/updates-autoruns-v11-21-coreinfo-v3-03-portmon-v-3-03-process-explorer-v15-12-mark-s-blog-and-mark-at-rsa-2012.aspx |
| 2011-12-29/a> | Richard Porter | ASP.Net Vulnerability |
| 2011-11-08/a> | Swa Frantzen | Firefox 8.0 released |
| 2011-11-07/a> | Rob VandenBrink | Juniper BGP issues causing locallized Internet Problems |
| 2011-10-17/a> | Rob VandenBrink | Critical Control 11: Account Monitoring and Control |
| 2011-10-11/a> | Swa Frantzen | Apple iTunes 10.5 |
| 2011-10-01/a> | Mark Hofman | Hot on the heels fo FF, Thunderbird v 7.0.1 and SeaMonkey v 2.4.1 have been updated. |
| 2011-09-27/a> | donald smith | New feature in JUNOS to drop or ignore path attributes. |
| 2011-08-31/a> | Johannes Ullrich | Firefox/Thunderbird 6.0.1 released to blocklist bad DigiNotar SSL certificates |
| 2011-08-15/a> | Mark Hofman | How to find unwanted files on workstations |
| 2011-06-28/a> | Johannes Ullrich | Update: Thunderbird 5.0 released. https://www.mozilla.org/en-US/thunderbird/ |
| 2011-06-21/a> | Guy Bruneau | Firefox 5.0 is out with support Do Not Track on Multiple Platform - http://www.mozilla.com/en-US/firefox/new/ |
| 2011-04-29/a> | Guy Bruneau | Firefox, Thunderbird and SeaMonkey Security Updates |
| 2011-03-12/a> | Chris Mohan | Apple releases iTunes 10.2.1 - http://support.apple.com/kb/DL1103 |
| 2011-03-05/a> | Mark Hofman | Not surprisingly Thunderbird was also updated. Details here --> http://www.mozillamessaging.com/en-US/thunderbird/3.1.9/releasenotes/ |
| 2011-03-02/a> | Chris Mohan | iTunes 10.2 now out |
| 2011-02-25/a> | Johannes Ullrich | Thunderbolt Security Speculations |
| 2011-02-21/a> | Adrien de Beaupre | Kaspersky update servers unreachable |
| 2011-01-15/a> | Jim Clausing | What's up with port 8881? |
| 2010-11-25/a> | Bojan Zdrnja | Secunia's DNS/domain hijacked? |
| 2010-11-17/a> | Guy Bruneau | Cisco Unified Videoconferencing Affected by Multiple Vulnerabilities |
| 2010-11-12/a> | Guy Bruneau | Scripting with Unix Date |
| 2010-11-01/a> | Manuel Humberto Santander Pelaez | Checkpoint UTM-1 edge VPN boxes worldwide did an unscheduled reboot |
| 2010-10-20/a> | Jim Clausing | Thunderbird 3.1.4 and 3.0.9 released, includes security patches ( http://www.mozillamessaging.com/thunderbird/3.1.5/releasenotes/ ) |
| 2010-10-19/a> | Rob VandenBrink | Cyber Security Awareness Month - Day 19 - Remote User VPN Tunnels - to Split or not to Split? |
| 2010-08-03/a> | Johannes Ullrich | Solar activity may cause problems this week |
| 2010-07-24/a> | Manuel Humberto Santander Pelaez | Transmiting logon information unsecured in the network |
| 2010-07-20/a> | Manuel Humberto Santander Pelaez | iTunes buffer overflow vulnerability |
| 2010-07-14/a> | Deborah Hale | Secunia Half Year Report for 2010 shows interesting trends |
| 2010-07-08/a> | Kyle Haugsness | Ubuntu privilege escalation via PAM |
| 2010-07-06/a> | Rob VandenBrink | Bogus Support Organizations use Live Operators to Install Malware |
| 2010-07-05/a> | Manuel Humberto Santander Pelaez | Apple ITunes account security compromised |
| 2010-06-18/a> | Adrien de Beaupre | Thunderbird 3.05 released |
| 2010-06-13/a> | Rick Wanner | UnRealCD compromised by Trojan |
| 2010-05-19/a> | Jason Lam | EFF paper about browser tracking |
| 2010-04-09/a> | Mark Hofman | Adobe launch issue response/work around. |
| 2010-04-02/a> | Guy Bruneau | Apple QuickTime and iTunes Security Update |
| 2010-03-27/a> | Guy Bruneau | Create a Summary of IP Addresses from PCAP Files using Unix Tools |
| 2010-01-27/a> | Raul Siles | European Union Security Challenge (Campus Party 2010) |
| 2009-12-19/a> | Deborah Hale | Educationing Our Communities |
| 2009-10-02/a> | Stephen Hall | New SysInternal fun for the weekend |
| 2009-09-08/a> | Guy Bruneau | Bug Fixes in Sun SDK 5 and Java SE 6 |
| 2009-08-21/a> | Rick Wanner | Time to update...New Thunderbird version! |
| 2009-07-09/a> | John Bambenek | Latest Updates on Ongoing DDoS on Governmental/Commercial Websites in USA and S. Korea |
| 2009-06-23/a> | Bojan Zdrnja | New Thunderbird out, patches couple of vulnerabilities |
| 2009-06-16/a> | John Bambenek | Iran Internet Blackout: Using Twitter for Operational Intelligence |
| 2009-06-10/a> | Swa Frantzen | Java 6 update 14 released |
| 2009-05-11/a> | Mari Nichols | Sysinternals Updates 3 Applications |
| 2009-04-10/a> | Stephen Hall | Hosted javascript leading to .cn PDF malware |
| 2009-03-20/a> | Stephen Hall | Making the most of your runbooks |
| 2009-03-13/a> | Mark Hofman | Ubuntu users, today is a good day to patch |
| 2009-02-25/a> | donald smith | AutoRun disabling patch released |
| 2009-01-15/a> | Bojan Zdrnja | Conficker's autorun and social engineering |
| 2009-01-12/a> | William Salusky | Downadup / Conficker - MS08-067 exploit and Windows domain account lockout |
| 2008-12-31/a> | David Goldsmith | Thunderbird 2.0.0.19 Released |
| 2008-12-25/a> | Maarten Van Horenbeeck | Merry Christmas, and beware of digital hitchhikers! |
| 2008-12-01/a> | Jason Lam | Call for volunteers - Web Honeypot Project |
| 2008-11-29/a> | Pedro Bueno | Ubuntu users: Time to update! |
| 2008-11-05/a> | donald smith | Bot net hunters get an improved tool from SRI bothunters |
| 2008-10-01/a> | Rick Wanner | Handler Mailbag |
| 2008-09-26/a> | Patrick Nolan | Firefox v2.0.0.17 and Thunderbird v2.0.0.17 release fixes vulnerabilities |
| 2008-09-09/a> | Swa Frantzen | Apple updates iTunes+QuickTime |
| 2008-07-24/a> | Bojan Zdrnja | Mozilla releases Thunderbrid 2.0.0.16, fixes security vulnerabilities |
| 2008-07-11/a> | Jim Clausing | Handling the load |
| 2008-07-07/a> | Jason Lam | We need academic volunteers - Web security research |
| 2008-05-23/a> | Mike Poor | Cisco IOS Rootkit thoughts |
| 2008-05-09/a> | Joel Esler | Thunderbird 2.0.0.14 is out! |
| 2008-04-08/a> | Swa Frantzen | Symantec's Global Internet Security Threat Report |
PEACKEEEPING |
| 2021-08-04/a> | Yee Ching Tok | Pivoting and Hunting for Shenanigans from a Reported Phishing Domain |
