| 2025-03-09 | Johannes Ullrich | Commonly Probed Webshell URLs |
| 2025-02-26 | Jesse La Grew | [Guest Diary] Malware Source Servers: The Threat of Attackers Using Ephemeral Ports as Service Ports to Upload Data |
| 2024-12-26 | Jesse La Grew | Capturing Honeypot Data Beyond the Logs |
| 2024-11-06 | Jesse La Grew | [Guest Diary] Insights from August Web Traffic Surge |
| 2024-01-22 | Johannes Ullrich | Apple Updates Everything - New 0 Day in WebKit |
| 2024-01-08 | Jesse La Grew | What is that User Agent? |
| 2023-07-23 | Guy Bruneau | Install & Configure Filebeat on Raspberry Pi ARM64 to Parse DShield Sensor Logs |
| 2023-05-03 | Xavier Mertens | Increased Number of Configuration File Scans |
| 2023-04-18 | Johannes Ullrich | UDDIs are back? Attackers rediscovering old exploits. |
| 2023-02-25 | Didier Stevens | Crypto Inside a Browser |
| 2023-02-24 | Brad Duncan | URL files and WebDAV used for IcedID (Bokbot) infection |
| 2022-09-21 | Xavier Mertens | Phishing Campaigns Use Free Online Resources |
| 2022-08-23 | Xavier Mertens | Who's Looking at Your security.txt File? |
| 2022-08-17 | Johannes Ullrich | Apple Patches Two Exploited Vulnerabilities |
| 2022-08-01 | Johannes Ullrich | A Little DDoS In the Morning |
| 2022-04-05 | Johannes Ullrich | WebLogic Crypto Miner Malware Disabling Alibaba Cloud Monitoring Tools |
| 2022-03-11 | Xavier Mertens | Keep an Eye on WebSockets |
| 2022-02-07 | Johannes Ullrich | web3 phishing via self-customizing landing pages |
| 2021-12-07 | Johannes Ullrich | Webshells, Webshells everywhere! |
| 2021-12-01 | Xavier Mertens | Info-Stealer Using webhook.site to Exfiltrate Data |
| 2021-10-11 | Johannes Ullrich | Things that go "Bump" in the Night: Non HTTP Requests Hitting Web Servers |
| 2021-10-09 | Guy Bruneau | Scanning for Previous Oracle WebLogic Vulnerabilities |
| 2021-06-24 | Xavier Mertens | Do you Like Cookies? Some are for sale! |
| 2021-04-24 | Guy Bruneau | Base64 Hashes Used in Web Scanning |
| 2020-11-07 | Guy Bruneau | Cryptojacking Targeting WebLogic TCP/7001 |
| 2020-10-29 | Johannes Ullrich | PATCH NOW: CVE-2020-14882 Weblogic Actively Exploited Against Honeypots |
| 2020-08-10 | Bojan Zdrnja | Scoping web application and web service penetration tests |
| 2020-07-24 | Xavier Mertens | Compromized Desktop Applications by Web Technologies |
| 2019-11-22 | Xavier Mertens | Abusing Web Filters Misconfiguration for Reconnaissance |
| 2019-09-24 | Xavier Mertens | Huge Amount of remotewebaccess.com Sites Found in Certificate Transparency Logs |
| 2019-08-28 | Johannes Ullrich | [Guest Diary] Open Redirect: A Small But Very Common Vulnerability |
| 2019-08-01 | Johannes Ullrich | What is Listening On Port 9527/TCP? |
| 2019-06-19 | Johannes Ullrich | Critical Actively Exploited WebLogic Flaw Patched CVE-2019-2729 |
| 2019-04-28 | Johannes Ullrich | Update about Weblogic CVE-2019-2725 (Exploits Used in the Wild, Patch Status) |
| 2019-04-25 | Rob VandenBrink | Unpatched Vulnerability Alert - WebLogic Zero Day |
| 2019-02-02 | Guy Bruneau | Scanning for WebDAV PROPFIND Exploiting CVE-2017-7269 |
| 2018-11-17 | Xavier Mertens | Quickly Investigating Websites with Lookyloo |
| 2018-07-20 | Kevin Liston | Weblogic Exploit Code Made Public (CVE-2018-2893) |
| 2018-05-03 | Renato Marinho | WebLogic Exploited in the Wild (Again) |
| 2018-04-30 | Remco Verhoef | Another approach to webapplication fingerprinting |
| 2017-09-14 | Xavier Mertens | Another webshell, another backdoor! |
| 2017-07-19 | Xavier Mertens | Bots Searching for Keys & Config Files |
| 2017-06-01 | Xavier Mertens | Sharing Private Data with Webcast Invitations |
| 2017-05-12 | Xavier Mertens | When Bad Guys are Pwning Bad Guys... |
| 2017-04-07 | Xavier Mertens | Tracking Website Defacers with HTTP Referers |
| 2017-04-02 | Guy Bruneau | IPFire - A Household Multipurpose Security Gateway |
| 2017-02-28 | Xavier Mertens | Analysis of a Simple PHP Backdoor |
| 2017-01-24 | Johannes Ullrich | Critical Vulnerability in Cisco WebEx Chrome Plugin |
| 2017-01-14 | Xavier Mertens | Backup Files Are Good but Can Be Evil |
| 2016-07-13 | Xavier Mertens | The Power of Web Shells |
| 2016-01-29 | Xavier Mertens | Scripting Web Categorization |
| 2015-06-25 | Bojan Zdrnja | Web security subtleties and exploitation of combined vulnerabilities |
| 2015-04-23 | Bojan Zdrnja | When automation does not help |
| 2015-04-14 | Johannes Ullrich | Odd POST Request To Web Honeypot |
| 2014-08-16 | Lenny Zeltser | Web Server Attack Investigation - Installing a Bot and Reverse Shell via a PHP Vulnerability |
| 2014-08-09 | Adrien de Beaupre | Complete application ownage via Multi-POST XSRF |
| 2014-06-11 | Daniel Wesemann | Gimme your keys! |
| 2014-06-10 | Daniel Wesemann | Sampling Bias |
| 2014-04-24 | Rob VandenBrink | Apple IOS updates to 7.1.1, OSX Security update 2014-002, Airport Updates - http://support.apple.com/kb/HT1222, http://support.apple.com/kb/HT6208, http://support.apple.com/kb/HT6207, http://support.apple.com/kb/HT6203 |
| 2014-04-11 | Guy Bruneau | Heartbleed Fix Available for Download for Cisco Products |
| 2014-04-07 | Johannes Ullrich | Attack or Bad Link? Your Guess? |
| 2014-01-17 | Russ McRee | Massive RFI scans likely a free web app vuln scanner rather than bots |
| 2014-01-13 | Johannes Ullrich | Special Webcast today: HTML5, Risky Business or Hidden Security Toolchest? https://www.sans.org/webcasts/html5-risky-business-hidden-security-tool-chest-mobile-web-app-authentication-97650 |
| 2014-01-11 | Guy Bruneau | tcpflow 1.4.4 and some of its most Interesting Features |
| 2013-12-24 | Daniel Wesemann | Unfriendly crontab additions |
| 2013-11-02 | Rick Wanner | Protecting Your Family's Computers |
| 2013-10-04 | Pedro Bueno | CSAM: WebHosting BruteForce logs |
| 2013-09-05 | Rob VandenBrink | What's Next for IPS? |
| 2013-07-27 | Scott Fendley | Defending Against Web Server Denial of Service Attacks |
| 2013-06-25 | Bojan Zdrnja | The race for resources |
| 2013-06-10 | Johannes Ullrich | When Google isn't Google |
| 2013-04-08 | Johannes Ullrich | Cleaning Up After the Leak: Hiding exposed web content |
| 2013-03-26 | Daniel Wesemann | How your Webhosting Account is Getting Abused |
| 2013-02-25 | Johannes Ullrich | Punkspider enumerates web application vulnerabilities |
| 2013-02-22 | Johannes Ullrich | When web sites go bad: bible . org compromise |
| 2013-01-25 | Johannes Ullrich | Vulnerability Scans via Search Engines (Request for Logs) |
| 2012-10-26 | Adam Swanger | Securing the Human Special Webcast - October 30, 2012 |
| 2012-09-08 | Guy Bruneau | Webmin Input Validation Vulnerabilities |
| 2012-08-13 | Rick Wanner | Interesting scan for medical certification information... |
| 2012-07-23 | Johannes Ullrich | Most Anti-Privacy Web Browsing Tool Ever? |
| 2012-03-11 | Johannes Ullrich | An Analysis of Jester's QR Code Attack. (Guest Diary) |
| 2011-12-28 | Daniel Wesemann | Hash collisions vulnerability in web servers |
| 2011-11-01 | Russ McRee | Secure languages & frameworks |
| 2011-10-12 | Adam Swanger | We are experiencing technical issues with the webcast. The webcast will start as soon as these issues are resolved. |
| 2011-08-16 | Johannes Ullrich | What are the most dangerous web applications and how to secure them? |
| 2011-07-28 | Johannes Ullrich | Announcing: The "404 Project" |
| 2011-07-05 | Raul Siles | Helping Developers Understand Security - Spot the Vuln |
| 2011-05-17 | Johannes Ullrich | A Couple Days of Logs: Looking for the Russian Business Network |
| 2011-05-14 | Guy Bruneau | Websense Study Claims Canada Next Hotbed for Cybercrime Web Hosting Activity |
| 2011-05-11 | Swa Frantzen | Time to disable WebGL ? |
| 2011-04-10 | Raul Siles | Recent security enhancements in web browsers (e.g. Google Chrome) |
| 2011-04-01 | John Bambenek | LizaMoon Mass SQL-Injection Attack Infected at least 500k Websites |
| 2011-02-28 | Deborah Hale | Possible Botnet Scanning |
| 2011-02-01 | Lenny Zeltser | The Importance of HTTP Headers When Investigating Malicious Sites |
| 2010-12-18 | Raul Siles | Google Chrome (Stable and Beta) have been updated to 8.0.552.224 for all platforms (Chrome OS too). http://bit.ly/fW04cr |
| 2010-12-12 | Raul Siles | New trend regarding web application vulnerabilities? |
| 2010-12-02 | Kevin Johnson | Robert Hansen and our happiness |
| 2010-11-18 | Chris Carboni | All of your pages are belonging to us |
| 2010-08-16 | Raul Siles | Blind Elephant: A New Web Application Fingerprinting Tool |
| 2010-08-15 | Manuel Humberto Santander Pelaez | Python to test web application security |
| 2010-08-13 | Tom Liston | The Strange Case of Doctor Jekyll and Mr. ED |
| 2010-07-25 | Rick Wanner | Updated version of Mandiant's Web Historian |
| 2010-07-21 | Adrien de Beaupre | Update on .LNK vulnerability |
| 2010-07-20 | Manuel Humberto Santander Pelaez | LNK vulnerability now with Metasploit module implementing the WebDAV method |
| 2010-06-23 | Scott Fendley | Opera Browser Update |
| 2010-06-15 | Manuel Humberto Santander Pelaez | iPhone 4 Order Security Breach Exposes Private Information |
| 2010-04-26 | Raul Siles | Vulnerable Sites Database |
| 2010-04-13 | Adrien de Beaupre | Web App Testing Tools |
| 2010-03-24 | Johannes Ullrich | ".sys" Directories Delivering Driveby Downloads |
| 2010-03-21 | Scott Fendley | Skipfish - Web Application Security Tool |
| 2010-03-08 | Raul Siles | Samurai WTF 0.8 |
| 2010-02-06 | Guy Bruneau | Oracle WebLogic Server Security Alert |
| 2010-02-03 | Johannes Ullrich | Anatomy of a Form Spam Campaign (in progress against isc.sans.org right now) https://blogs.sans.org/appsecstreetfighter/ |
| 2010-01-29 | Johannes Ullrich | Analyzing isc.sans.org weblogs, part 2, RFI attacks |
| 2010-01-25 | William Salusky | "Bots and Spiders and Crawlers, be gone!" - or - "New Open Source WebAppSec tools, Huzzah!" |
| 2010-01-20 | Johannes Ullrich | Weathering the Storm Part 1: An analysis of our SANS ISC weblogs http://appsecstreetfighter.com |
| 2010-01-08 | Rob VandenBrink | Microsoft OfficeOnline, Searching for Trust and Malware |
| 2009-12-28 | Johannes Ullrich | 8 Basic Rules to Implement Secure File Uploads http://jbu.me/48 (inspired by IIS ; bug) |
| 2009-10-26 | Johannes Ullrich | Web honeypot Update |
| 2009-10-20 | Raul Siles | WASC 2008 Statistics |
| 2009-10-09 | Rob VandenBrink | THAWTE to discontinue free Email Certificate Services and Web of Trust Service |
| 2009-09-18 | Jason Lam | Results from Webhoneypot project |
| 2009-09-16 | Raul Siles | Review the security controls of your Web Applications... all them! |
| 2009-08-18 | Deborah Hale | Domain tcpdump.org unavailable |
| 2009-08-18 | Deborah Hale | Website compromises - what's happening? |
| 2009-08-17 | Adrien de Beaupre | YAMWD: Yet Another Mass Web Defacement |
| 2009-08-01 | Deborah Hale | Website Warnings |
| 2009-07-13 | Adrien de Beaupre | Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution |
| 2009-07-05 | Bojan Zdrnja | More on ColdFusion hacks |
| 2009-06-11 | Jason Lam | Dshield Web Honeypot going beta |
| 2009-05-27 | donald smith | WebDAV write-up |
| 2009-05-26 | Jason Lam | A new Web application security blog |
| 2009-05-24 | Raul Siles | IIS admins, help finding WebDAV remotely using nmap |
| 2009-05-21 | Adrien de Beaupre | IIS admins, help finding WebDAV |
| 2009-05-20 | Tom Liston | Web Toolz |
| 2009-05-05 | Bojan Zdrnja | Every dot matters |
| 2009-04-21 | Bojan Zdrnja | Web application vulnerabilities |
| 2009-03-26 | Mark Hofman | Webhoneypot fun |
| 2009-02-17 | Jason Lam | DShield Web Honeypot - Alpha Preview Release |
| 2009-01-12 | William Salusky | Web Application Firewalls (WAF) - Have you deployed WAF technology? |
| 2008-12-01 | Jason Lam | Call for volunteers - Web Honeypot Project |
| 2008-11-20 | Jason Lam | Large quantity SQL Injection mitigation |
| 2008-09-08 | Raul Siles | Quick Analysis of the 2007 Web Application Security Statistics |
| 2008-08-19 | Johannes Ullrich | A morning stroll through my web logs |
| 2008-08-15 | Jim Clausing | WebEx ActiveX buffer overflow |
| 2008-06-07 | Jim Clausing | Followup to 'How do you monitor your website?' |
| 2008-04-24 | donald smith | Hundreds of thousands of SQL injections |
| 2006-09-30 | Swa Frantzen | Yellow: WebViewFolderIcon setslice exploit spreading |
