Date Author Title
2024-03-17Guy BruneauGamified Learning: Using Capture the Flag Challenges to Supplement Cybersecurity Training [Guest Diary]
2024-01-07Guy BruneauSuspicious Prometei Botnet Activity
2023-11-09Xavier MertensVisual Examples of Code Injection
2023-11-08Xavier MertensExample of Phishing Campaign Project File
2023-09-18Johannes UllrichInternet Wide Multi VPN Search From Single /24 Network
2023-08-26Xavier MertensmacOS: Who?s Behind This Network Connection?
2023-06-09Xavier MertensUndetected PowerShell Backdoor Disguised as a Profile File
2023-05-24Jesse La GrewMore Data Enrichment for Cowrie Logs
2023-01-12Russ McReeProwler v3: AWS & Azure security assessments
2022-10-07Xavier MertensCritical Fortinet Vulnerability Ahead
2022-09-14Xavier MertensEasy Process Injection within Python
2022-05-30Xavier MertensNew Microsoft Office Attack Vector via "ms-msdt" Protocol Scheme (CVE-2022-30190)
2022-03-15Xavier MertensClean Binaries with Suspicious Behaviour
2021-11-14Didier StevensExternal Email System FBI Compromised: Sending Out Fake Warnings
2021-10-14Xavier MertensPort-Forwarding with Windows for the Win
2021-09-15Brad DuncanHancitor campaign abusing Microsoft's OneDrive
2021-08-09Jan KoprivaProxyShell - how many Exchange servers are affected and where are they?
2021-08-01Didier Stevensprocdump Version 10.1
2021-05-30Didier StevensSysinternals: Procmon, Sysmon, TcpView and Process Explorer update
2021-04-25Didier StevensSysinternals: Procmon and Sysmon update
2021-04-16Xavier MertensHTTPS Support for All Internal Services
2021-03-04Xavier MertensFrom VBS, PowerShell, C Sharp, Process Hollowing to RAT
2021-02-28Didier StevensMaldocs: Protection Passwords
2021-02-22Didier StevensUnprotecting Malicious Documents For Inspection
2021-01-17Didier StevensNew Release of Sysmon Adding Detection for Process Tampering
2020-09-17Xavier MertensSuspicious Endpoint Containment with OSSEC
2020-06-05Johannes UllrichCyber Security for Protests
2020-04-30Xavier MertensCollecting IOCs from IMAP Folder
2020-03-21Guy BruneauHoneypot - Scanning and Targeting Devices & Services
2020-02-16Guy BruneauSOAR or not to SOAR?
2019-09-27Xavier MertensNew Scans for Polycom Autoconfiguration Files
2019-07-18Xavier MertensMalicious PHP Script Back on Stage?
2019-06-27Rob VandenBrinkFinding the Gold in a Pile of Pennies - Long Tail Analysis in PowerShell
2019-02-17Didier StevensVideo: Finding Property Values in Office Documents
2019-02-16Didier StevensFinding Property Values in Office Documents
2018-09-20Xavier MertensHunting for Suspicious Processes with OSSEC
2018-07-03Didier StevensProgress indication for scripts on Windows
2018-06-22Lorna HutchesonXPS Attachment Used for Phishing
2018-06-13Xavier MertensA Bunch of Compromized Wordpress Sites
2017-04-02Guy BruneauIPFire - A Household Multipurpose Security Gateway
2017-03-08Richard PorterWhat is really being proxied?
2016-08-29Russ McReeRecommended Reading: Intrusion Detection Using Indicators of Compromise Based on Best Practices and Windows Event Logs
2016-08-24Xavier MertensExample of Targeted Attack Through a Proxy PAC File
2016-08-19Xavier MertensData Classification For the Masses
2016-06-15Richard PorterWarp Speed Ahead, L7 Open Source Packet Generator: Warp17
2016-03-13Xavier MertensSSH Honeypots (Ab)used as Proxy
2016-01-31Guy BruneauWindows 10 and System Protection for DATA Default is OFF
2015-07-17Didier StevensProcess Explorer and VirusTotal
2015-03-08Brad DuncanWhat Happened to You, Asprox Botnet?
2015-03-07Guy BruneauShould it be Mandatory to have an Independent Security Audit after a Breach?
2014-07-30Rick WannerSymantec Endpoint Protection Privilege Escalation Zero Day
2014-07-19Russ McReeKeeping the RATs out: the trap is sprung - Part 3
2014-07-18Russ McReeKeeping the RATs out: **it happens - Part 2
2014-07-16Russ McReeKeeping the RATs out: an exercise in building IOCs - Part 1
2014-07-08Johannes UllrichHardcoded Netgear Prosafe Switch Password
2014-04-27Tony CarothersThe Dreaded "D" Word of IT
2014-03-22Guy BruneauHow the Compromise of a User Account Lead to a Spam Incident
2014-02-27Richard PorterDDoS and BCP 38
2014-02-24Russ McReeExplicit Trusted Proxy in HTTP/2.0 or...not so much
2014-02-10Rob VandenBrinkA Tale of Two Admins (and no Change Control)
2014-02-07Rob VandenBrinkHello Virustotal? It's Microsoft Calling.
2013-05-20Guy BruneauSysinternals Updates for Accesschk, Procdump, RAMMap and Strings http://blogs.technet.com/b/sysinternals/archive/2013/05/17/updates-accesschk-v5-11-procdump-v6-0-rammap-v1-22-strings-v2-51.aspx
2013-04-14Johannes UllrichProtocol 61 Packets Follow Up
2013-03-09Guy BruneauIPv6 Focus Month: IPv6 Encapsulation - Protocol 41
2013-02-22Johannes UllrichWhen web sites go bad: bible . org compromise
2013-02-06Adam SwangerSysinternals in particular Process Explorer update https://blogs.technet.com/b/sysinternals/?Redirected=true
2012-12-06Johannes UllrichHow to identify if you are behind a "Transparent Proxy"
2012-07-02Dan GoldbergStorms of June 29th 2012 in Mid Atlantic region of the USA
2012-06-27Daniel WesemannWhat's up with port 79 ?
2012-04-26Richard PorterDefine Irony: A medical device with a Virus?
2012-04-12Guy BruneauHP ProCurve 5400 zl Switch, Flash Cards Infected with Malware
2012-03-16Russ McReeMS12-020 RDP vulnerabilities: Patch, Mitigate, Detect
2012-02-27Johannes UllrichOdd Vanishing Signatures in OS X XProtect
2012-01-13Guy BruneauSysinternals Updates - http://blogs.technet.com/b/sysinternals/archive/2012/01/13/updates-autoruns-v11-21-coreinfo-v3-03-portmon-v-3-03-process-explorer-v15-12-mark-s-blog-and-mark-at-rsa-2012.aspx
2011-12-19Guy BruneauProcess Explorer Update 15.11 with bugfixes - http://technet.microsoft.com/en-us/sysinternals/bb896653
2011-11-01Russ McReeHoneynet Project: Android Reverse Engineering (A.R.E.) Virtual Machine released
2011-09-26Jason LamMySQL.com compromised spreading malware
2011-08-14Guy BruneauTelex - A Radical New Approach to Bypass Security
2011-08-05Johannes UllrichCommon Web Attacks. A quick 404 project update
2011-07-28Johannes UllrichAnnouncing: The "404 Project"
2011-06-19Guy BruneauSega Pass Compromised - 1.29 Million Customers Data Leaked
2011-06-12Mark HofmanCloud thoughts
2011-04-18John BambenekWordpress.com Security Breach
2011-04-04Mark HofmanWhen your service provider has a breach
2011-04-02Rick WannerRSA/EMC: Anatomy of a compromise
2011-02-21Adrien de BeaupreWinamp forums compromised
2011-01-12Richard PorterHow Many Loyalty Cards do you Carry?
2010-12-13Deborah HaleGawker Media Breach of Security
2010-12-02Kevin JohnsonProFTPD distribution servers compromised
2010-07-21Adrien de BeaupreAdobe Reader Protected Mode
2010-06-04Rick WannerNew Honeynet Project Forensic Challenge
2010-03-28Rick WannerHoneynet Project: 2010 Forensic Challenge #3
2010-03-10Rob VandenBrinkMicrosoft re-release of KB973811 - attacks on Extended Protection for Authentication
2010-02-28Mari NicholsDisasters take practice
2010-02-01Rob VandenBrinkNMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?
2010-01-26Jason Lame107 CMS system website compromised
2010-01-23Lorna HutchesonThe necessary evils: Policies, Processes and Procedures
2009-12-07Rob VandenBrinkLayer 2 Network Protections – reloaded!
2009-11-11Rob VandenBrinkLayer 2 Network Protections against Man in the Middle Attacks
2009-11-05Swa FrantzenTLS Man-in-the-middle on renegotiation vulnerability made public
2009-10-30Rob VandenBrinkNew version of NIST 800-41, Firewalls and Firewall Policy Guidelines
2009-10-22Adrien de BeaupreCyber Security Awareness Month - Day 22 port 502 TCP - Modbus
2009-10-05Adrien de BeaupreTime to change your hotmail/gmail/yahoo password
2009-10-02Stephen HallNew SysInternal fun for the weekend
2009-09-19Rick WannerSysinternals Tools Updates
2009-09-07Jim ClausingRequest for packets
2009-08-30Tony CarothersHow do I recover from.....?
2009-08-29Guy BruneauImmunet Protect - Cloud and Community Malware Protection
2009-08-28Adrien de Beaupreapache.org compromised
2009-07-29Bojan ZdrnjaIncreasing number of attacks on security sites
2009-06-27Tony CarothersNew NIAP Strategy on the Horizon
2009-06-21Scott FendleyphpMyAdmin Scans
2009-03-10Swa FrantzenBrowser plug-ins, transparent proxies and same origin policies
2009-02-11Robert DanfordProFTPd SQL Authentication Vulnerability exploit activity
2008-11-16Maarten Van HorenbeeckDetection of Trojan control channels
2008-08-25John BambenekThoughts on the Best Western Compromise
2008-04-07John BambenekHP USB Keys Shipped with Malware for your Proliant Server
2006-12-18Toby KohlenbergORDB Shutting down
2006-08-17Swa FrantzenMicrosoft August 2006 Patches: STATUS