WORD MACRO |
| 2020-03-18 | Brad Duncan | Trickbot gtag red5 distributed as a DLL file |
| 2019-12-11 | Brad Duncan | German language malspam pushes yet another wave of Trickbot |
| 2019-10-02 | Brad Duncan | A recent example of Emotet malspam |
| 2019-09-18 | Brad Duncan | Emotet malspam is back |
| 2018-12-18 | Brad Duncan | Malspam links to password-protected Word docs that push IcedID (Bokbot) |
| 2018-11-15 | Brad Duncan | Emotet infection with IcedID banking Trojan |
WORD |
| 2025-01-13/a> | Johannes Ullrich | Hikvision Password Reset Brute Forcing |
| 2024-11-06/a> | Jesse La Grew | [Guest Diary] Insights from August Web Traffic Surge |
| 2024-10-31/a> | Guy Bruneau | October 2024 Activity with Username chenzilong |
| 2024-10-16/a> | Johannes Ullrich | The Top 10 Not So Common SSH Usernames and Passwords |
| 2024-08-22/a> | Johannes Ullrich | OpenAI Scans for Honeypots. Artificially Malicious? Action Abuse? |
| 2024-08-07/a> | Guy Bruneau | Same Scripts, Different Day: What My DShield Honeypot Taught Me About the Importance of Security Fundamentals [Guest Diary] |
| 2024-07-13/a> | Didier Stevens | 16-bit Hash Collisions in .xls Spreadsheets |
| 2024-06-26/a> | Guy Bruneau | What Setting Live Traps for Cybercriminals Taught Me About Security [Guest Diary] |
| 2024-02-28/a> | Johannes Ullrich | Exploit Attempts for Unknown Password Reset Vulnerability |
| 2024-01-17/a> | Jesse La Grew | Number Usage in Passwords |
| 2024-01-06/a> | Xavier Mertens | Are you sure of your password? |
| 2023-10-29/a> | Guy Bruneau | Spam or Phishing? Looking for Credentials & Passwords |
| 2023-10-15/a> | Guy Bruneau | Domain Name Used as Password Captured by DShield Sensor |
| 2023-09-29/a> | Xavier Mertens | Are You Still Storing Passwords In Plain Text Files? |
| 2023-09-05/a> | Jesse La Grew | Common usernames submitted to honeypots |
| 2023-09-02/a> | Jesse La Grew | What is the origin of passwords submitted to honeypots? |
| 2023-08-10/a> | Bojan Zdrnja | Some things never change ? such as SQL Authentication ?encryption? |
| 2023-08-04/a> | Xavier Mertens | Are Leaked Credentials Dumps Used by Attackers? |
| 2023-06-23/a> | Xavier Mertens | Word Document with an Online Attached Template |
| 2023-06-05/a> | Johannes Ullrich | Brute Forcing Simple Archive Passwords |
| 2023-05-04/a> | Xavier Mertens | Infostealer Embedded in a Word Document |
| 2023-04-19/a> | Rob VandenBrink | Taking a Bite Out of Password Expiry Helpdesk Calls |
| 2023-02-18/a> | Guy Bruneau | Spear Phishing Handlers for Username/Password |
| 2022-09-16/a> | Didier Stevens | Word Maldoc With CustomXML and Renamed VBAProject.bin |
| 2022-09-15/a> | Xavier Mertens | Malicious Word Document with a Frameset |
| 2022-09-10/a> | Guy Bruneau | Phishing Word Documents with Suspicious URL |
| 2022-08-13/a> | Guy Bruneau | Phishing HTML Attachment as Voicemail Audio Transcription |
| 2022-06-12/a> | Didier Stevens | Quickie: Follina, RTF & Explorer Preview Pane |
| 2022-06-06/a> | Didier Stevens | "ms-msdt" RTF Maldoc Analysis: oledump Plugins |
| 2022-06-05/a> | Didier Stevens | Analysis Of An "ms-msdt" RTF Maldoc |
| 2022-05-30/a> | Xavier Mertens | New Microsoft Office Attack Vector via "ms-msdt" Protocol Scheme (CVE-2022-30190) |
| 2022-05-17/a> | Xavier Mertens | Use Your Browser Internal Password Vault... or Not? |
| 2022-05-09/a> | Xavier Mertens | Octopus Backdoor is Back with a New Embedded Obfuscated Bat File |
| 2022-04-24/a> | Didier Stevens | Analyzing a Phishing Word Document |
| 2022-04-04/a> | Johannes Ullrich | Emptying the Phishtank: Are WordPress sites the Mosquitoes of the Internet? |
| 2022-03-10/a> | Xavier Mertens | Credentials Leaks on VirusTotal |
| 2022-02-22/a> | Xavier Mertens | A Good Old Equation Editor Vulnerability Delivering Malware |
| 2022-02-13/a> | Guy Bruneau | DHL Spear Phishing to Capture Username/Password |
| 2022-02-02/a> | Johannes Ullrich | Finding elFinder: Who is looking for your files? |
| 2021-12-02/a> | Brad Duncan | TA551 (Shathak) pushes IcedID (Bokbot) |
| 2021-11-30/a> | Johannes Ullrich | Hunting for PHPUnit Installed via Composer |
| 2021-11-15/a> | Rob VandenBrink | Changing your AD Password Using the Clipboard - Not as Easy as You'd Think! |
| 2021-08-06/a> | Xavier Mertens | Malicious Microsoft Word Remains A Key Infection Vector |
| 2021-05-14/a> | Xavier Mertens | "Open" Access to Industrial Systems Interface is Also Far From Zero |
| 2021-04-24/a> | Guy Bruneau | Base64 Hashes Used in Web Scanning |
| 2021-02-19/a> | Xavier Mertens | Dynamic Data Exchange (DDE) is Back in the Wild? |
| 2021-02-02/a> | Xavier Mertens | New Example of XSL Script Processing aka "Mitre T1220" |
| 2021-01-28/a> | Daniel Wesemann | Emotet vs. Windows Attack Surface Reduction |
| 2021-01-26/a> | Brad Duncan | TA551 (Shathak) Word docs push Qakbot (Qbot) |
| 2021-01-24/a> | Didier Stevens | Video: Doc & RTF Malicious Document |
| 2021-01-23/a> | Didier Stevens | CyberChef: Analyzing OOXML Files for URLs |
| 2021-01-13/a> | Brad Duncan | Hancitor activity resumes after a hoilday break |
| 2021-01-10/a> | Didier Stevens | Maldoc Analysis With CyberChef |
| 2021-01-09/a> | Didier Stevens | Maldoc Strings Analysis |
| 2021-01-06/a> | Johannes Ullrich | Scans for Zyxel Backdoors are Commencing. |
| 2020-12-24/a> | Xavier Mertens | Malicious Word Document Delivering an Octopus Backdoor |
| 2020-10-14/a> | Brad Duncan | More TA551 (Shathak) Word docs push IcedID (Bokbot) |
| 2020-09-18/a> | Xavier Mertens | A Mix of Python & VBA in a Malicious Word Document |
| 2020-08-19/a> | Xavier Mertens | Example of Word Document Delivering Qakbot |
| 2020-08-07/a> | Brad Duncan | TA551 (Shathak) Word docs push IcedID (Bokbot) |
| 2020-07-26/a> | Didier Stevens | Cracking Maldoc VBA Project Passwords |
| 2020-07-15/a> | Brad Duncan | Word docs with macros for IcedID (Bokbot) |
| 2020-07-13/a> | Didier Stevens | VBA Project Passwords |
| 2020-06-10/a> | Brad Duncan | Job application-themed malspam pushes ZLoader |
| 2020-05-20/a> | Brad Duncan | Microsoft Word document with malicious macro pushes IcedID (Bokbot) |
| 2020-04-06/a> | Didier Stevens | Password Protected Malicious Excel Files |
| 2020-03-18/a> | Brad Duncan | Trickbot gtag red5 distributed as a DLL file |
| 2020-01-22/a> | Brad Duncan | German language malspam pushes Ursnif |
| 2019-12-11/a> | Brad Duncan | German language malspam pushes yet another wave of Trickbot |
| 2019-11-01/a> | Didier Stevens | Tip: Password Managers and 2FA |
| 2019-10-02/a> | Brad Duncan | A recent example of Emotet malspam |
| 2019-09-18/a> | Brad Duncan | Emotet malspam is back |
| 2019-07-18/a> | Xavier Mertens | Malicious PHP Script Back on Stage? |
| 2019-06-10/a> | Xavier Mertens | Interesting JavaScript Obfuscation Example |
| 2019-01-24/a> | Brad Duncan | Malspam with Word docs uses macro to run Powershell script and steal system data |
| 2018-12-18/a> | Brad Duncan | Malspam links to password-protected Word docs that push IcedID (Bokbot) |
| 2018-12-17/a> | Didier Stevens | Password Protected ZIP with Maldoc |
| 2018-11-15/a> | Brad Duncan | Emotet infection with IcedID banking Trojan |
| 2018-10-26/a> | Xavier Mertens | Dissecting Malicious Office Documents with Linux |
| 2018-08-22/a> | Deborah Hale | Email/password Frustration |
| 2018-07-12/a> | Johannes Ullrich | New Extortion Tricks: Now Including Your Password! |
| 2018-06-13/a> | Xavier Mertens | A Bunch of Compromized Wordpress Sites |
| 2018-01-09/a> | Jim Clausing | Are you watching for brute force attacks on IPv6? |
| 2017-11-28/a> | Xavier Mertens | Apple High Sierra Uses a Passwordless Root Account |
| 2017-11-07/a> | Xavier Mertens | Interesting VBA Dropper |
| 2017-08-17/a> | Xavier Mertens | Maldoc with auto-updated link |
| 2017-05-17/a> | Richard Porter | Wait What? We don?t have to change passwords every 90 days? |
| 2017-05-05/a> | Xavier Mertens | HTTP Headers... the Achilles' heel of many applications |
| 2017-04-26/a> | Johannes Ullrich | If there are some unexploited MSSQL Servers With Weak Passwords Left: They got you now (again) |
| 2017-04-23/a> | Didier Stevens | Malicious Documents: A Bit Of News |
| 2017-04-10/a> | Didier Stevens | Password History: Insights Shared by a Reader |
| 2017-02-07/a> | Johannes Ullrich | My Password is [taco] Using Emojis for Stronger Passwords |
| 2017-02-04/a> | Xavier Mertens | Detecting Undisclosed Vulnerabilities with Security Tools & Features |
| 2016-12-07/a> | Xavier Mertens | The Passwords You Should Never Use |
| 2016-09-15/a> | Xavier Mertens | In Need of a OTP Manager Soon? |
| 2016-07-21/a> | Didier Stevens | Practice ntds.dit File |
| 2016-06-20/a> | Xavier Mertens | Using Your Password Manager to Monitor Data Leaks |
| 2015-12-06/a> | Mark Hofman | Malware SPAM a new run has started. |
| 2015-06-26/a> | Daniel Wesemann | Cisco default credentials - again! |
| 2015-05-09/a> | Didier Stevens | Malicious Word Document: This Time The Maldoc Is A MIME File |
| 2015-03-13/a> | Guy Bruneau | Blind SQL Injection against WordPress SEO by Yoast |
| 2015-02-20/a> | Tom Webb | Fast analysis of a Tax Scam |
| 2014-11-20/a> | Johannes Ullrich | Critical WordPress XSS Update |
| 2014-09-19/a> | Guy Bruneau | Added today in oclhashcat 131 Django [Default Auth] (PBKDF2 SHA256 Rounds Salt) Support - http://hashcat.net/hashcat/ |
| 2014-08-22/a> | Richard Porter | OCLHashCat 1.30 Released |
| 2014-08-06/a> | Johannes Ullrich | All Passwords have been lost: What's next? |
| 2014-07-22/a> | Daniel Wesemann | WordPress brute force attack via wp.getUsersBlogs |
| 2014-06-19/a> | Tony Carothers | WordPress and Security |
| 2014-05-22/a> | Rob VandenBrink | Another Site Breached - Time to Change your Passwords! (If you can that is) |
| 2014-03-14/a> | Richard Porter | Word Press Shenanigans? Anyone seeing strange activity today? |
| 2014-03-12/a> | Johannes Ullrich | Wordpress "Pingback" DDoS Attacks |
| 2013-11-22/a> | Rick Wanner | Tales of Password Reuse |
| 2013-07-21/a> | Guy Bruneau | Ubuntu Forums Security Breach |
| 2013-06-11/a> | Swa Frantzen | Store passwords the right way in your application |
| 2013-05-14/a> | Jim Clausing | So what passwords are those ssh scanners trying? |
| 2013-03-18/a> | Kevin Shortt | Cisco IOS Type 4 Password Issue: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4 |
| 2013-01-18/a> | Russ McRee | Interesting reads for Friday 18 JAN 2013 |
| 2013-01-04/a> | Daniel Wesemann | Blue for Reset? |
| 2012-11-15/a> | Jim Clausing | Another month another password disclosure breach |
| 2012-07-16/a> | Jim Clausing | An analysis of the Yahoo! passwords |
| 2012-06-06/a> | Jim Clausing | Potential leak of 6.5+ million LinkedIn password hashes |
| 2012-05-22/a> | Johannes Ullrich | nmap 6 released |
| 2012-04-21/a> | Guy Bruneau | WordPress Release Security Update |
| 2012-01-05/a> | Russ McRee | WordPress 3.3.1 fixes 15 issues with WordPress 3.3 including XSS. Download 3.3.1 or visit Dashboard --> Updates in your site admin panel. |
| 2012-01-03/a> | Rick Wanner | Analysis of the Stratfor Password List |
| 2011-10-10/a> | Tom Liston | What's In A Name? |
| 2011-08-10/a> | Johannes Ullrich | Theoretical and Practical Password Entropy |
| 2011-06-30/a> | Guy Bruneau | WordPress 3.1.4 Security Update - http://wordpress.org/news/2011/06/wordpress-3-1-4/ |
| 2011-06-28/a> | Johannes Ullrich | Hashing Passwords |
| 2011-06-22/a> | Guy Bruneau | WordPress Forces Password Reset |
| 2011-05-30/a> | Johannes Ullrich | Allied Telesis Passwords Leaked |
| 2011-04-18/a> | John Bambenek | Wordpress.com Security Breach |
| 2011-02-08/a> | Mark Hofman | WordPress 3.0.5 (and 3.1 RC4) are out |
| 2010-12-30/a> | Johannes Ullrich | Critcal Wordpress Security Update http://wordpress.org/news/2010/12/3-0-4-update/ |
| 2010-12-28/a> | John Bambenek | Mozilla Notifies of Relatively Minor Security Breach |
| 2010-12-15/a> | Manuel Humberto Santander Pelaez | HP StorageWorks P2000 G3 MSA hardcoded user |
| 2010-12-13/a> | Deborah Hale | Gawker Media Breach of Security |
| 2010-12-02/a> | Kevin Johnson | SQL Injection: Wordpress 3.0.2 released |
| 2010-11-26/a> | Mark Hofman | Using password cracking as metric/indicator for the organisation's security posture |
| 2010-08-27/a> | Mark Hofman | FTP Brute Password guessing attacks |
| 2010-05-19/a> | Kyle Haugsness | Wordpress blog attacks... again |
| 2010-05-10/a> | Toby Kohlenberg | Another round of WordPress Attacks |
| 2010-03-30/a> | Pedro Bueno | Sharing the Tools |
| 2010-02-25/a> | Chris Carboni | Pass The Hash |
| 2010-02-05/a> | Jim Clausing | WordPress iframe injection? |
| 2010-02-02/a> | Johannes Ullrich | Twitter Mass Password Reset due to Phishing |
| 2009-12-04/a> | Daniel Wesemann | The economics of security advice (MSFT research paper) |
| 2009-11-30/a> | Bojan Zdrnja | Distributed Wordpress admin account cracking |
| 2009-11-02/a> | Daniel Wesemann | Password rules: Change them every 25 years |
| 2009-10-23/a> | Johannes Ullrich | Little new tool: reversing md5/sha1 hashes http://isc.sans.org/tools/reversehash.html |
| 2009-10-21/a> | Pedro Bueno | WordPress Hardening |
| 2009-08-11/a> | Swa Frantzen | Wordpress unauthenticated administrator password reset |
| 2008-11-11/a> | Swa Frantzen | Phishing for Google adwords |
| 2008-09-22/a> | Jim Clausing | Lessons learned from the Palin (and other) account hijacks |
| 2008-09-09/a> | Swa Frantzen | wordpress upgrade |
| 2008-07-17/a> | Mari Nichols | Adobe Reader 9 Released |
| 2008-07-09/a> | Johannes Ullrich | Unpatched Word Vulnerability |
| 2008-04-23/a> | Mari Nichols | What's New, Old and Morphing? |
MACRO |
| 2022-04-20/a> | Brad Duncan | "aa" distribution Qakbot (Qbot) infection with DarkVNC traffic |
| 2022-03-25/a> | Xavier Mertens | XLSB Files: Because Binary is Stealthier Than XML |
| 2022-01-22/a> | Xavier Mertens | Mixed VBA & Excel4 Macro In a Targeted Excel Sheet |
| 2021-12-20/a> | Jan Kopriva | PowerPoint attachments, Agent Tesla and code reuse in malware |
| 2021-12-02/a> | Brad Duncan | TA551 (Shathak) pushes IcedID (Bokbot) |
| 2021-09-23/a> | Xavier Mertens | Excel Recipe: Some VBA Code with a Touch of Excel4 Macro |
| 2021-09-01/a> | Brad Duncan | STRRAT: a Java-based RAT that doesn't care if you have Java |
| 2021-08-06/a> | Xavier Mertens | Malicious Microsoft Word Remains A Key Infection Vector |
| 2021-04-23/a> | Xavier Mertens | Malicious PowerPoint Add-On: "Small Is Beautiful" |
| 2021-03-03/a> | Brad Duncan | Qakbot infection with Cobalt Strike |
| 2021-02-23/a> | Jan Kopriva | Qakbot in a response to Full Disclosure post |
| 2021-02-05/a> | Xavier Mertens | VBA Macro Trying to Alter the Application Menus |
| 2021-02-03/a> | Brad Duncan | Excel spreadsheets push SystemBC malware |
| 2021-02-02/a> | Xavier Mertens | New Example of XSL Script Processing aka "Mitre T1220" |
| 2021-01-26/a> | Brad Duncan | TA551 (Shathak) Word docs push Qakbot (Qbot) |
| 2021-01-20/a> | Brad Duncan | Qakbot activity resumes after holiday break |
| 2021-01-14/a> | Bojan Zdrnja | Dynamically analyzing a heavily obfuscated Excel 4 macro malicious file |
| 2021-01-13/a> | Brad Duncan | Hancitor activity resumes after a hoilday break |
| 2020-12-09/a> | Brad Duncan | Recent Qakbot (Qbot) activity |
| 2020-11-09/a> | Xavier Mertens | How Attackers Brush Up Their Malicious Scripts |
| 2020-10-26/a> | Didier Stevens | Excel 4 Macros: "Abnormal Sheet Visibility" |
| 2020-10-14/a> | Brad Duncan | More TA551 (Shathak) Word docs push IcedID (Bokbot) |
| 2020-09-23/a> | Xavier Mertens | Malicious Word Document with Dynamic Content |
| 2020-09-18/a> | Xavier Mertens | A Mix of Python & VBA in a Malicious Word Document |
| 2020-09-10/a> | Brad Duncan | Recent Dridex activity |
| 2020-08-26/a> | Xavier Mertens | Malicious Excel Sheet with a NULL VT Score |
| 2020-08-19/a> | Xavier Mertens | Example of Word Document Delivering Qakbot |
| 2020-08-07/a> | Brad Duncan | TA551 (Shathak) Word docs push IcedID (Bokbot) |
| 2020-08-06/a> | Xavier Mertens | A Fork of the FTCode Powershell Ransomware |
| 2020-08-03/a> | Xavier Mertens | Powershell Bot with Multiple C2 Protocols |
| 2020-07-15/a> | Brad Duncan | Word docs with macros for IcedID (Bokbot) |
| 2020-07-10/a> | Brad Duncan | Excel spreasheet macro kicks off Formbook infection |
| 2020-06-12/a> | Xavier Mertens | Malicious Excel Delivering Fileless Payload |
| 2020-06-10/a> | Brad Duncan | Job application-themed malspam pushes ZLoader |
| 2020-06-01/a> | Didier Stevens | XLMMacroDeobfuscator: An Update |
| 2020-05-20/a> | Brad Duncan | Microsoft Word document with malicious macro pushes IcedID (Bokbot) |
| 2020-04-05/a> | Guy Bruneau | Maldoc XLS Invoice with Excel 4 Macros |
| 2020-03-29/a> | Didier Stevens | Obfuscated Excel 4 Macros |
| 2020-03-18/a> | Brad Duncan | Trickbot gtag red5 distributed as a DLL file |
| 2020-03-09/a> | Didier Stevens | Malicious Spreadsheet With Data Connection and Excel 4 Macros |
| 2020-03-06/a> | Xavier Mertens | A Safe Excel Sheet Not So Safe |
| 2020-02-24/a> | Didier Stevens | Maldoc: Excel 4 Macros and VBA, Devil and Angel? |
| 2020-02-23/a> | Didier Stevens | Maldoc: Excel 4 Macros in OOXML Format |
| 2020-02-21/a> | Xavier Mertens | Quick Analysis of an Encrypted Compound Document Format |
| 2020-01-22/a> | Brad Duncan | German language malspam pushes Ursnif |
| 2020-01-09/a> | Xavier Mertens | Quick Analyzis of a(nother) Maldoc |
| 2019-12-11/a> | Brad Duncan | German language malspam pushes yet another wave of Trickbot |
| 2019-12-04/a> | Jan Kopriva | Analysis of a strangely poetic malware |
| 2019-10-02/a> | Brad Duncan | A recent example of Emotet malspam |
| 2019-09-18/a> | Brad Duncan | Emotet malspam is back |
| 2019-06-18/a> | Brad Duncan | Malspam with password-protected Word docs pushing Dridex |
| 2019-03-17/a> | Didier Stevens | Video: Maldoc Analysis: Excel 4.0 Macro |
| 2019-03-16/a> | Didier Stevens | Maldoc: Excel 4.0 Macros |
| 2019-03-13/a> | Brad Duncan | Malspam pushes Emotet with Qakbot as the follow-up malware |
| 2019-01-24/a> | Brad Duncan | Malspam with Word docs uses macro to run Powershell script and steal system data |
| 2018-12-18/a> | Brad Duncan | Malspam links to password-protected Word docs that push IcedID (Bokbot) |
| 2018-11-15/a> | Brad Duncan | Emotet infection with IcedID banking Trojan |
| 2018-08-24/a> | Xavier Mertens | Microsoft Publisher Files Delivering Malware |
| 2018-05-25/a> | Xavier Mertens | Antivirus Evasion? Easy as 1,2,3 |
| 2018-05-01/a> | Xavier Mertens | Diving into a Simple Maldoc Generator |
| 2017-12-19/a> | Xavier Mertens | Example of 'MouseOver' Link in a Powerpoint File |
| 2017-12-16/a> | Xavier Mertens | Microsoft Office VBA Macro Obfuscation via Metadata |
| 2017-11-15/a> | Xavier Mertens | If you want something done right, do it yourself! |
| 2017-02-26/a> | Guy Bruneau | It is Tax Season - Watch out for Suspicious Attachment |
| 2016-09-30/a> | Xavier Mertens | Another Day, Another Malicious Behaviour |
| 2015-02-19/a> | Daniel Wesemann | Macros? Really?! |
