LIVING OFF THE LAND |
| 2020-04-16 | Johannes Ullrich | Using AppLocker to Prevent Living off the Land Attacks |
LIVING |
| 2020-04-16/a> | Johannes Ullrich | Using AppLocker to Prevent Living off the Land Attacks |
OFF |
| 2025-01-17/a> | Guy Bruneau | Leveraging Honeypot Data for Offensive Security Operations [Guest Diary] |
| 2022-10-27/a> | Tom Webb | Supersizing your DUO and 365 Integration |
| 2022-05-30/a> | Xavier Mertens | New Microsoft Office Attack Vector via "ms-msdt" Protocol Scheme (CVE-2022-30190) |
| 2022-04-17/a> | Didier Stevens | Video: Office Protects You From Malicious ISO Files |
| 2022-04-16/a> | Didier Stevens | Office Protects You From Malicious ISO Files |
| 2021-12-19/a> | Didier Stevens | Office 2021: VBA Project Version |
| 2021-11-28/a> | Didier Stevens | Video: YARA Rules for Office Maldocs |
| 2021-11-23/a> | Didier Stevens | YARA Rule for OOXML Maldocs: Less False Positives |
| 2021-09-08/a> | Johannes Ullrich | Microsoft Offers Workaround for 0-Day Office Vulnerability (CVE-2021-40444) |
| 2020-12-12/a> | Didier Stevens | Office 95 Excel 4 Macros |
| 2020-11-08/a> | Didier Stevens | Quick Tip: Extracting all VBA Code from a Maldoc |
| 2020-09-23/a> | Xavier Mertens | Malicious Word Document with Dynamic Content |
| 2020-08-20/a> | Rob VandenBrink | Office 365 Mail Forwarding Rules (and other Mail Rules too) |
| 2020-04-16/a> | Johannes Ullrich | Using AppLocker to Prevent Living off the Land Attacks |
| 2020-02-21/a> | Xavier Mertens | Quick Analysis of an Encrypted Compound Document Format |
| 2019-12-28/a> | Didier Stevens | Corrupt Office Documents |
| 2019-12-09/a> | Didier Stevens | (Lazy) Sunday Maldoc Analysis |
| 2019-07-16/a> | Russ McRee | Commando VM: The Complete Mandiant Offensive VM |
| 2019-04-07/a> | Guy Bruneau | Fake Office 365 Payment Information Update |
| 2019-04-01/a> | Didier Stevens | Analysis of PDFs Created with OpenOffice/LibreOffice |
| 2018-12-13/a> | Xavier Mertens | Phishing Attack Through Non-Delivery Notification |
| 2018-10-10/a> | Xavier Mertens | New Campaign Using Old Equation Editor Vulnerability |
| 2018-09-04/a> | Rob VandenBrink | Let's Trade: You Read My Email, I'll Read Your Password! |
| 2018-05-25/a> | Xavier Mertens | Antivirus Evasion? Easy as 1,2,3 |
| 2018-05-01/a> | Xavier Mertens | Diving into a Simple Maldoc Generator |
| 2017-12-16/a> | Xavier Mertens | Microsoft Office VBA Macro Obfuscation via Metadata |
| 2017-11-15/a> | Xavier Mertens | If you want something done right, do it yourself! |
| 2017-04-28/a> | Xavier Mertens | Another Day, Another Obfuscation Technique |
| 2017-01-31/a> | Johannes Ullrich | Malicious Office files using fileless UAC bypass to drop KEYBASE malware |
| 2016-09-30/a> | Xavier Mertens | Another Day, Another Malicious Behaviour |
| 2016-07-19/a> | Didier Stevens | Office Maldoc: Let's Focus on the VBA Macros Later... |
| 2016-06-09/a> | Xavier Mertens | Offensive or Defensive Security? Both! |
| 2016-01-24/a> | Didier Stevens | Obfuscated MIME Files |
| 2015-02-20/a> | Tom Webb | Fast analysis of a Tax Scam |
| 2015-02-19/a> | Daniel Wesemann | Macros? Really?! |
| 2014-07-10/a> | Rob VandenBrink | Certificate Errors in Office 365 Today |
| 2014-06-22/a> | Russ McRee | OfficeMalScanner helps identify the source of a compromise |
| 2013-11-05/a> | Daniel Wesemann | TIFF images in MS-Office documents used in targeted attacks |
| 2012-09-14/a> | Lenny Zeltser | Analyzing Malicious RTF Files Using OfficeMalScanner's RTFScan |
| 2012-06-04/a> | Lenny Zeltser | Decoding Common XOR Obfuscation in Malicious Code |
| 2011-01-28/a> | Guy Bruneau | OpenOffice Security Fixes |
| 2010-10-26/a> | Pedro Bueno | Cyber Security Awareness Month - Day 26 - Sharing Office Files |
| 2010-06-05/a> | Guy Bruneau | OpenOffice.org 3.2.1 Fixes Bugs and Vulnerabilities |
| 2010-02-22/a> | Rob VandenBrink | Multiple Security Updates for OpenOffice ==> http://www.openoffice.org/security/bulletin.html |
| 2010-01-08/a> | Rob VandenBrink | Microsoft OfficeOnline, Searching for Trust and Malware |
| 2009-07-16/a> | Bojan Zdrnja | OWC exploits used in SQL injection attacks |
| 2009-07-13/a> | Adrien de Beaupre | Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution |
THE |
| 2024-12-27/a> | Guy Bruneau | Phishing for Banking Information |
| 2024-06-20/a> | Guy Bruneau | No Excuses, Free Tools to Help Secure Authentication in Ubuntu Linux [Guest Diary] |
| 2024-03-17/a> | Guy Bruneau | Gamified Learning: Using Capture the Flag Challenges to Supplement Cybersecurity Training [Guest Diary] |
| 2023-02-16/a> | Jan Kopriva | HTML phishing attachment with browser-in-the-browser technique |
| 2022-02-05/a> | Didier Stevens | Power over Ethernet and Thermal Imaging |
| 2022-02-01/a> | Xavier Mertens | Automation is Nice But Don't Replace Your Knowledge |
| 2021-11-08/a> | Xavier Mertens | (Ab)Using Security Tools & Controls for the Bad |
| 2021-10-18/a> | Xavier Mertens | Malicious PowerShell Using Client Certificate Authentication |
| 2021-06-24/a> | Xavier Mertens | Do you Like Cookies? Some are for sale! |
| 2021-05-29/a> | Guy Bruneau | Spear-phishing Email Targeting Outlook Mail Clients |
| 2020-04-16/a> | Johannes Ullrich | Using AppLocker to Prevent Living off the Land Attacks |
| 2019-11-11/a> | Johannes Ullrich | Are We Going Back to TheMoon (and How is Liquor Involved)? |
| 2019-07-10/a> | Rob VandenBrink | Dumping File Contents in Hex (in PowerShell) |
| 2019-01-30/a> | Russ McRee | CR19-010: The United States vs. Huawei |
| 2018-11-20/a> | Xavier Mertens | Querying DShield from Cortex |
| 2018-11-11/a> | Pasquale Stirparo | Community contribution: joining forces or multiply solutions? |
| 2018-06-04/a> | Rob VandenBrink | Digging into Authenticode Certificates |
| 2017-12-05/a> | Tom Webb | IR using the Hive Project. |
| 2017-09-18/a> | Johannes Ullrich | SANS Securingthehuman posted a follow up to their Equifax breach webcast: https://securingthehuman.sans.org/blog/2017/09/15/equifax-webcast-follow-up |
| 2017-01-11/a> | Johannes Ullrich | January 2017 Edition of Ouch! Security Awareness Newsletter Released: https://securingthehuman.sans.org/ouch |
| 2016-11-02/a> | Rob VandenBrink | What Does a Pentest Look Like? |
| 2016-10-07/a> | Rick Wanner | First Hurricane Matthew related Phish |
| 2016-09-15/a> | Xavier Mertens | In Need of a OTP Manager Soon? |
| 2016-05-02/a> | Rick Wanner | Lean Threat Intelligence |
| 2015-12-15/a> | Russ McRee | Security Management vs Chaos: Understanding the Butterfly Effect to Manage Outcomes & Reduce Chaos |
| 2015-09-23/a> | Daniel Wesemann | Making our users unlearn what we taught them |
| 2015-08-16/a> | Guy Bruneau | Are you a "Hunter"? |
| 2015-02-06/a> | Johannes Ullrich | Anthem, TurboTax and How Things "Fit Together" Sometimes |
| 2014-07-02/a> | Johannes Ullrich | July Ouch! Security Awareness Newsletter Released. E-mail Do's and Don'ts http://www.securingthehuman.org/resources/newsletters/ouch/2014#july2014 |
| 2014-03-13/a> | Daniel Wesemann | Identification and authentication are hard ... finding out intention is even harder |
| 2014-02-18/a> | Johannes Ullrich | More Details About "TheMoon" Linksys Worm |
| 2014-02-05/a> | Johannes Ullrich | SANS Ouch Security Awareness Newsletter What is Malware http://www.securingthehuman.org/ouch |
| 2013-12-20/a> | Daniel Wesemann | authorized key lime pie |
| 2013-11-13/a> | Johannes Ullrich | Packet Challenge for the Hivemind: What's happening with this Ethernet header? |
| 2013-09-18/a> | Rob VandenBrink | Cisco DCNM Update Released |
| 2013-09-09/a> | Johannes Ullrich | SSL is broken. So what? |
| 2013-09-05/a> | Rob VandenBrink | Building Your Own GPU Enabled Private Cloud |
| 2013-08-09/a> | Kevin Shortt | Copy Machines - Changing Scanned Content |
| 2013-03-23/a> | Guy Bruneau | Apple ID Two-step Verification Now Available in some Countries |
| 2013-02-06/a> | Johannes Ullrich | Intel Network Card (82574L) Packet of Death |
| 2013-02-04/a> | Adam Swanger | SAN Securing The Human Monthly Awareness Video - Advanced Persistent Threat (APT) http://www.securingthehuman.org/resources/ncsam |
| 2012-10-26/a> | Adam Swanger | Securing the Human Special Webcast - October 30, 2012 |
| 2012-07-10/a> | Rob VandenBrink | Today at SANSFIRE (09 July 2012) - ISC Panel Discussion on the State of the Internet |
| 2012-07-02/a> | Dan Goldberg | Storms of June 29th 2012 in Mid Atlantic region of the USA |
| 2011-05-18/a> | Bojan Zdrnja | Android, HTTP and authentication tokens |
| 2011-04-28/a> | Chris Mohan | Gathering and use of location information fears - or is it all a bit too late |
| 2011-04-11/a> | Johannes Ullrich | Layer 2 DoS and other IPv6 Tricks |
| 2011-01-12/a> | Richard Porter | Has Big Brother gone Global? |
| 2010-12-21/a> | Rob VandenBrink | Network Reliability, Part 2 - HSRP Attacks and Defenses |
| 2010-09-21/a> | Johannes Ullrich | Implementing two Factor Authentication on the Cheap |
| 2010-07-24/a> | Manuel Humberto Santander Pelaez | Transmiting logon information unsecured in the network |
| 2010-07-21/a> | Adrien de Beaupre | Dell PowerEdge R410 replacement motherboard firmware contains malware |
| 2010-03-10/a> | Rob VandenBrink | Microsoft re-release of KB973811 - attacks on Extended Protection for Authentication |
| 2010-02-09/a> | Adrien de Beaupre | When is a 0day not a 0day? Samba symlink bad default config |
| 2009-11-11/a> | Rob VandenBrink | Layer 2 Network Protections against Man in the Middle Attacks |
| 2008-10-15/a> | Rick Wanner | Day 15 - Containing the Damage From a Lost or Stolen Laptop |
| 2006-10-05/a> | John Bambenek | There are no more Passive Exploits |
| 2006-09-29/a> | Kevin Liston | A Report from the Field |
LAND |
| 2022-08-22/a> | Xavier Mertens | 32 or 64 bits Malware? |
| 2020-04-16/a> | Johannes Ullrich | Using AppLocker to Prevent Living off the Land Attacks |
| 2010-02-06/a> | Guy Bruneau | LANDesk Management Gateway Vulnerability |
| 2008-08-09/a> | Deborah Hale | Cleveland Outage |
