FAKE SITE |
| 2021-08-04 | Yee Ching Tok | Pivoting and Hunting for Shenanigans from a Reported Phishing Domain |
FAKE |
| 2024-01-24/a> | Johannes Ullrich | How Bad User Interfaces Make Security Tools Harmful |
| 2022-03-02/a> | Johannes Ullrich | The More Often Something is Repeated, the More True It Becomes: Dealing with Social Media |
| 2022-01-03/a> | Xavier Mertens | McAfee Phishing Campaign with a Nice Fake Scan |
| 2021-08-04/a> | Yee Ching Tok | Pivoting and Hunting for Shenanigans from a Reported Phishing Domain |
| 2020-04-18/a> | Guy Bruneau | Maldoc Falsely Represented as DOCX Invoice Redirecting to Fake Apple Store |
| 2020-02-05/a> | Brad Duncan | Fake browser update pages are "still a thing" |
| 2019-04-07/a> | Guy Bruneau | Fake Office 365 Payment Information Update |
| 2019-04-02/a> | Johannes Ullrich | Fake AV is Back: LaCie Network Drives Used to Spread Malware |
| 2019-03-21/a> | Xavier Mertens | New Wave of Extortion Emails: Central Intelligence Agency Case |
| 2017-07-07/a> | Renato Marinho | DDoS Extortion E-mail: Yet Another Bluff? |
| 2016-05-12/a> | Xavier Mertens | Another Day, Another Wave of Phishing Emails |
| 2015-09-28/a> | Johannes Ullrich | "Transport of London" Malicious E-Mail |
| 2014-02-21/a> | Johannes Ullrich | UPS Malware Spam Using Fake SPF Headers |
| 2013-04-29/a> | Adam Swanger | Report Fake Tech Support Calls submission form reminder |
| 2013-04-16/a> | John Bambenek | Fake Boston Marathon Scams Update |
| 2013-01-03/a> | Manuel Humberto Santander Pelaez | New year and new CA compromised |
| 2012-12-06/a> | Daniel Wesemann | Fake tech support calls - revisited |
| 2012-10-03/a> | Kevin Shortt | Fake Support Calls Reported |
| 2012-06-19/a> | Daniel Wesemann | Vulnerabilityqueerprocessbrittleness |
| 2011-07-25/a> | Bojan Zdrnja | When the FakeAV coder(s) fail |
| 2011-07-21/a> | Daniel Wesemann | Down the FakeAV rabbit hole |
| 2011-05-19/a> | Daniel Wesemann | Fake AV Bingo |
| 2011-05-04/a> | Bojan Zdrnja | More on Google image poisoning |
| 2011-01-18/a> | Daniel Wesemann | Yet another rogue anti-virus |
| 2010-11-11/a> | Daniel Wesemann | Fake AV scams via Skype Chat |
| 2010-02-27/a> | Johannes Ullrich | Search Engine Poisoning: Chile Earthquake |
| 2010-02-15/a> | Johannes Ullrich | Various Olympics Related Dangerous Google Searches |
| 2010-02-08/a> | Adrien de Beaupre | When is a 0day not a 0day? Fake OpenSSh exploit, again. |
| 2010-01-08/a> | Rob VandenBrink | Microsoft OfficeOnline, Searching for Trust and Malware |
| 2009-09-17/a> | Bojan Zdrnja | Why is Rogue/Fake AV so successful? |
| 2009-09-04/a> | Adrien de Beaupre | Fake anti-virus |
| 2009-02-06/a> | Adrien de Beaupre | Fake stimulus payments |
| 2008-09-15/a> | donald smith | Fake antivirus 2009 and search engine results |
SITE |
| 2025-03-27/a> | Johannes Ullrich | Sitecore "thumbnailsaccesstoken" Deserialization Scans (and some new reports) CVE-2025-27218 |
| 2023-12-11/a> | Rob VandenBrink | What is sitemap.xml, and Why a Pentester Should Care |
| 2021-08-04/a> | Yee Ching Tok | Pivoting and Hunting for Shenanigans from a Reported Phishing Domain |
| 2021-06-24/a> | Xavier Mertens | Do you Like Cookies? Some are for sale! |
| 2018-11-17/a> | Xavier Mertens | Quickly Investigating Websites with Lookyloo |
| 2017-07-19/a> | Xavier Mertens | Bots Searching for Keys & Config Files |
| 2017-04-07/a> | Xavier Mertens | Tracking Website Defacers with HTTP Referers |
| 2017-01-14/a> | Xavier Mertens | Backup Files Are Good but Can Be Evil |
| 2016-01-29/a> | Xavier Mertens | Scripting Web Categorization |
| 2014-08-09/a> | Adrien de Beaupre | Complete application ownage via Multi-POST XSRF |
| 2014-06-11/a> | Daniel Wesemann | Gimme your keys! |
| 2013-02-22/a> | Johannes Ullrich | When web sites go bad: bible . org compromise |
| 2013-02-11/a> | John Bambenek | Is This Chinese Registrar Really Trying to XSS Me? |
| 2013-02-04/a> | Russ McRee | An expose of a recent SANS GIAC XSS vulnerability |
| 2013-01-25/a> | Johannes Ullrich | Vulnerability Scans via Search Engines (Request for Logs) |
| 2011-08-24/a> | Rob VandenBrink | Citrix Access Gateway Cross Site Scripting vulnerability and fix ==> http://support.citrix.com/article/CTX129971 |
| 2010-08-13/a> | Tom Liston | The Strange Case of Doctor Jekyll and Mr. ED |
| 2010-04-26/a> | Raul Siles | Vulnerable Sites Database |
| 2009-08-18/a> | Deborah Hale | Domain tcpdump.org unavailable |
| 2009-08-18/a> | Deborah Hale | Website compromises - what's happening? |
| 2009-05-27/a> | donald smith | Host file black lists |
| 2009-05-05/a> | Bojan Zdrnja | Every dot matters |
| 2008-08-02/a> | Maarten Van Horenbeeck | Issues affecting sites using Sitemeter [resolved] |
| 2008-06-07/a> | Jim Clausing | Followup to 'How do you monitor your website?' |
| 2008-04-24/a> | donald smith | Hundreds of thousands of SQL injections |
