2025-02-15 | Xavier Mertens | The Danger of IP Volatility |
2024-12-24 | Xavier Mertens | More SSH Fun! |
2024-10-03 | Guy Bruneau | Kickstart Your DShield Honeypot [Guest Diary] |
2024-07-25 | Xavier Mertens | XWorm Hidden With Process Hollowing |
2024-04-15 | Johannes Ullrich | Quick Palo Alto Networks Global Protect Vulnerablity Update (CVE-2024-3400) |
2024-04-13 | Johannes Ullrich | Critical Palo Alto GlobalProtect Vulnerability Exploited (CVE-2024-3400) |
2024-03-17 | Guy Bruneau | Gamified Learning: Using Capture the Flag Challenges to Supplement Cybersecurity Training [Guest Diary] |
2024-01-07 | Guy Bruneau | Suspicious Prometei Botnet Activity |
2023-11-09 | Xavier Mertens | Visual Examples of Code Injection |
2023-11-08 | Xavier Mertens | Example of Phishing Campaign Project File |
2023-09-18 | Johannes Ullrich | Internet Wide Multi VPN Search From Single /24 Network |
2023-08-26 | Xavier Mertens | macOS: Who?s Behind This Network Connection? |
2023-06-09 | Xavier Mertens | Undetected PowerShell Backdoor Disguised as a Profile File |
2023-05-24 | Jesse La Grew | More Data Enrichment for Cowrie Logs |
2023-01-12 | Russ McRee | Prowler v3: AWS & Azure security assessments |
2022-10-07 | Xavier Mertens | Critical Fortinet Vulnerability Ahead |
2022-09-14 | Xavier Mertens | Easy Process Injection within Python |
2022-05-30 | Xavier Mertens | New Microsoft Office Attack Vector via "ms-msdt" Protocol Scheme (CVE-2022-30190) |
2022-03-15 | Xavier Mertens | Clean Binaries with Suspicious Behaviour |
2021-11-14 | Didier Stevens | External Email System FBI Compromised: Sending Out Fake Warnings |
2021-10-14 | Xavier Mertens | Port-Forwarding with Windows for the Win |
2021-09-15 | Brad Duncan | Hancitor campaign abusing Microsoft's OneDrive |
2021-08-09 | Jan Kopriva | ProxyShell - how many Exchange servers are affected and where are they? |
2021-08-01 | Didier Stevens | procdump Version 10.1 |
2021-05-30 | Didier Stevens | Sysinternals: Procmon, Sysmon, TcpView and Process Explorer update |
2021-04-25 | Didier Stevens | Sysinternals: Procmon and Sysmon update |
2021-04-16 | Xavier Mertens | HTTPS Support for All Internal Services |
2021-03-04 | Xavier Mertens | From VBS, PowerShell, C Sharp, Process Hollowing to RAT |
2021-02-28 | Didier Stevens | Maldocs: Protection Passwords |
2021-02-22 | Didier Stevens | Unprotecting Malicious Documents For Inspection |
2021-01-17 | Didier Stevens | New Release of Sysmon Adding Detection for Process Tampering |
2020-09-17 | Xavier Mertens | Suspicious Endpoint Containment with OSSEC |
2020-06-05 | Johannes Ullrich | Cyber Security for Protests |
2020-04-30 | Xavier Mertens | Collecting IOCs from IMAP Folder |
2020-03-21 | Guy Bruneau | Honeypot - Scanning and Targeting Devices & Services |
2020-02-16 | Guy Bruneau | SOAR or not to SOAR? |
2019-09-27 | Xavier Mertens | New Scans for Polycom Autoconfiguration Files |
2019-07-18 | Xavier Mertens | Malicious PHP Script Back on Stage? |
2019-06-27 | Rob VandenBrink | Finding the Gold in a Pile of Pennies - Long Tail Analysis in PowerShell |
2019-02-17 | Didier Stevens | Video: Finding Property Values in Office Documents |
2019-02-16 | Didier Stevens | Finding Property Values in Office Documents |
2018-09-20 | Xavier Mertens | Hunting for Suspicious Processes with OSSEC |
2018-07-03 | Didier Stevens | Progress indication for scripts on Windows |
2018-06-22 | Lorna Hutcheson | XPS Attachment Used for Phishing |
2018-06-13 | Xavier Mertens | A Bunch of Compromized Wordpress Sites |
2017-04-02 | Guy Bruneau | IPFire - A Household Multipurpose Security Gateway |
2017-03-08 | Richard Porter | What is really being proxied? |
2016-08-29 | Russ McRee | Recommended Reading: Intrusion Detection Using Indicators of Compromise Based on Best Practices and Windows Event Logs |
2016-08-24 | Xavier Mertens | Example of Targeted Attack Through a Proxy PAC File |
2016-08-19 | Xavier Mertens | Data Classification For the Masses |
2016-06-15 | Richard Porter | Warp Speed Ahead, L7 Open Source Packet Generator: Warp17 |
2016-03-13 | Xavier Mertens | SSH Honeypots (Ab)used as Proxy |
2016-01-31 | Guy Bruneau | Windows 10 and System Protection for DATA Default is OFF |
2015-07-17 | Didier Stevens | Process Explorer and VirusTotal |
2015-03-08 | Brad Duncan | What Happened to You, Asprox Botnet? |
2015-03-07 | Guy Bruneau | Should it be Mandatory to have an Independent Security Audit after a Breach? |
2014-07-30 | Rick Wanner | Symantec Endpoint Protection Privilege Escalation Zero Day |
2014-07-19 | Russ McRee | Keeping the RATs out: the trap is sprung - Part 3 |
2014-07-18 | Russ McRee | Keeping the RATs out: **it happens - Part 2 |
2014-07-16 | Russ McRee | Keeping the RATs out: an exercise in building IOCs - Part 1 |
2014-07-08 | Johannes Ullrich | Hardcoded Netgear Prosafe Switch Password |
2014-04-27 | Tony Carothers | The Dreaded "D" Word of IT |
2014-03-22 | Guy Bruneau | How the Compromise of a User Account Lead to a Spam Incident |
2014-02-27 | Richard Porter | DDoS and BCP 38 |
2014-02-24 | Russ McRee | Explicit Trusted Proxy in HTTP/2.0 or...not so much |
2014-02-10 | Rob VandenBrink | A Tale of Two Admins (and no Change Control) |
2014-02-07 | Rob VandenBrink | Hello Virustotal? It's Microsoft Calling. |
2013-05-20 | Guy Bruneau | Sysinternals Updates for Accesschk, Procdump, RAMMap and Strings http://blogs.technet.com/b/sysinternals/archive/2013/05/17/updates-accesschk-v5-11-procdump-v6-0-rammap-v1-22-strings-v2-51.aspx |
2013-04-14 | Johannes Ullrich | Protocol 61 Packets Follow Up |
2013-03-09 | Guy Bruneau | IPv6 Focus Month: IPv6 Encapsulation - Protocol 41 |
2013-02-22 | Johannes Ullrich | When web sites go bad: bible . org compromise |
2013-02-06 | Adam Swanger | Sysinternals in particular Process Explorer update https://blogs.technet.com/b/sysinternals/?Redirected=true |
2012-12-06 | Johannes Ullrich | How to identify if you are behind a "Transparent Proxy" |
2012-07-02 | Dan Goldberg | Storms of June 29th 2012 in Mid Atlantic region of the USA |
2012-06-27 | Daniel Wesemann | What's up with port 79 ? |
2012-04-26 | Richard Porter | Define Irony: A medical device with a Virus? |
2012-04-12 | Guy Bruneau | HP ProCurve 5400 zl Switch, Flash Cards Infected with Malware |
2012-03-16 | Russ McRee | MS12-020 RDP vulnerabilities: Patch, Mitigate, Detect |
2012-02-27 | Johannes Ullrich | Odd Vanishing Signatures in OS X XProtect |
2012-01-13 | Guy Bruneau | Sysinternals Updates - http://blogs.technet.com/b/sysinternals/archive/2012/01/13/updates-autoruns-v11-21-coreinfo-v3-03-portmon-v-3-03-process-explorer-v15-12-mark-s-blog-and-mark-at-rsa-2012.aspx |
2011-12-19 | Guy Bruneau | Process Explorer Update 15.11 with bugfixes - http://technet.microsoft.com/en-us/sysinternals/bb896653 |
2011-11-01 | Russ McRee | Honeynet Project: Android Reverse Engineering (A.R.E.) Virtual Machine released |
2011-09-26 | Jason Lam | MySQL.com compromised spreading malware |
2011-08-14 | Guy Bruneau | Telex - A Radical New Approach to Bypass Security |
2011-08-05 | Johannes Ullrich | Common Web Attacks. A quick 404 project update |
2011-07-28 | Johannes Ullrich | Announcing: The "404 Project" |
2011-06-19 | Guy Bruneau | Sega Pass Compromised - 1.29 Million Customers Data Leaked |
2011-06-12 | Mark Hofman | Cloud thoughts |
2011-04-18 | John Bambenek | Wordpress.com Security Breach |
2011-04-04 | Mark Hofman | When your service provider has a breach |
2011-04-02 | Rick Wanner | RSA/EMC: Anatomy of a compromise |
2011-02-21 | Adrien de Beaupre | Winamp forums compromised |
2011-01-12 | Richard Porter | How Many Loyalty Cards do you Carry? |
2010-12-13 | Deborah Hale | Gawker Media Breach of Security |
2010-12-02 | Kevin Johnson | ProFTPD distribution servers compromised |
2010-07-21 | Adrien de Beaupre | Adobe Reader Protected Mode |
2010-06-04 | Rick Wanner | New Honeynet Project Forensic Challenge |
2010-03-28 | Rick Wanner | Honeynet Project: 2010 Forensic Challenge #3 |
2010-03-10 | Rob VandenBrink | Microsoft re-release of KB973811 - attacks on Extended Protection for Authentication |
2010-02-28 | Mari Nichols | Disasters take practice |
2010-02-01 | Rob VandenBrink | NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care? |
2010-01-26 | Jason Lam | e107 CMS system website compromised |
2010-01-23 | Lorna Hutcheson | The necessary evils: Policies, Processes and Procedures |
2009-12-07 | Rob VandenBrink | Layer 2 Network Protections – reloaded! |
2009-11-11 | Rob VandenBrink | Layer 2 Network Protections against Man in the Middle Attacks |
2009-11-05 | Swa Frantzen | TLS Man-in-the-middle on renegotiation vulnerability made public |
2009-10-30 | Rob VandenBrink | New version of NIST 800-41, Firewalls and Firewall Policy Guidelines |
2009-10-22 | Adrien de Beaupre | Cyber Security Awareness Month - Day 22 port 502 TCP - Modbus |
2009-10-05 | Adrien de Beaupre | Time to change your hotmail/gmail/yahoo password |
2009-10-02 | Stephen Hall | New SysInternal fun for the weekend |
2009-09-19 | Rick Wanner | Sysinternals Tools Updates |
2009-09-07 | Jim Clausing | Request for packets |
2009-08-30 | Tony Carothers | How do I recover from.....? |
2009-08-29 | Guy Bruneau | Immunet Protect - Cloud and Community Malware Protection |
2009-08-28 | Adrien de Beaupre | apache.org compromised |
2009-07-29 | Bojan Zdrnja | Increasing number of attacks on security sites |
2009-06-27 | Tony Carothers | New NIAP Strategy on the Horizon |
2009-06-21 | Scott Fendley | phpMyAdmin Scans |
2009-03-10 | Swa Frantzen | Browser plug-ins, transparent proxies and same origin policies |
2009-02-11 | Robert Danford | ProFTPd SQL Authentication Vulnerability exploit activity |
2008-11-16 | Maarten Van Horenbeeck | Detection of Trojan control channels |
2008-08-25 | John Bambenek | Thoughts on the Best Western Compromise |
2008-04-07 | John Bambenek | HP USB Keys Shipped with Malware for your Proliant Server |
2006-12-18 | Toby Kohlenberg | ORDB Shutting down |
2006-08-17 | Swa Frantzen | Microsoft August 2006 Patches: STATUS |