| 2024-08-26 | Xavier Mertens | From Highly Obfuscated Batch File to XWorm and Redline |
| 2024-05-22 | Rob VandenBrink | NMAP Scanning without Scanning (Part 2) - The ipinfo API |
| 2024-03-28 | Xavier Mertens | From JavaScript to AsyncRAT |
| 2024-02-21 | Jan Kopriva | Phishing pages hosted on archive.org |
| 2024-01-12 | Xavier Mertens | One File, Two Payloads |
| 2023-11-17 | Jan Kopriva | Phishing page with trivial anti-analysis features |
| 2023-08-23 | Xavier Mertens | More Exotic Excel Files Dropping AgentTesla |
| 2023-05-20 | Xavier Mertens | Phishing Kit Collecting Victim's IP Address |
| 2022-11-04 | Xavier Mertens | Remcos Downloader with Unicode Obfuscation |
| 2022-08-11 | Xavier Mertens | InfoStealer Script Based on Curl and NSudo |
| 2022-06-16 | Xavier Mertens | Houdini is Back Delivered Through a JavaScript Dropper |
| 2022-06-01 | Jan Kopriva | HTML phishing attachments - now with anti-analysis features |
| 2022-05-09 | Xavier Mertens | Octopus Backdoor is Back with a New Embedded Obfuscated Bat File |
| 2022-01-18 | Jan Kopriva | Phishing e-mail with...an advertisement? |
| 2022-01-04 | Xavier Mertens | A Simple Batch File That Blocks People |
| 2021-11-18 | Xavier Mertens | JavaScript Downloader Delivers Agent Tesla Trojan |
| 2021-10-21 | Brad Duncan | "Stolen Images Evidence" campaign pushes Sliver-based malware |
| 2021-09-17 | Xavier Mertens | Malicious Calendar Subscriptions Are Back? |
| 2021-05-28 | Xavier Mertens | Malicious PowerShell Hosted on script.google.com |
| 2021-05-22 | Xavier Mertens | "Serverless" Phishing Campaign |
| 2021-05-18 | Xavier Mertens | From RunDLL32 to JavaScript then PowerShell |
| 2021-04-28 | Xavier Mertens | Deeper Analyzis of my Last Malicious PowerPoint Add-On |
| 2021-03-19 | Xavier Mertens | Pastebin.com Used As a Simple C2 Channel |
| 2020-11-13 | Xavier Mertens | Old Worm But New Obfuscation Technique |
| 2020-11-09 | Xavier Mertens | How Attackers Brush Up Their Malicious Scripts |
| 2020-07-24 | Xavier Mertens | Compromized Desktop Applications by Web Technologies |
| 2020-06-11 | Xavier Mertens | Anti-Debugging JavaScript Techniques |
| 2020-06-08 | Didier Stevens | Translating BASE64 Obfuscated Scripts |
| 2020-05-08 | Xavier Mertens | Using Nmap As a Lightweight Vulnerability Scanner |
| 2020-03-27 | Xavier Mertens | Malicious JavaScript Dropping Payload in the Registry |
| 2020-02-22 | Xavier Mertens | Simple but Efficient VBScript Obfuscation |
| 2020-02-07 | Xavier Mertens | Sandbox Detection Tricks & Nice Obfuscation in a Single VBScript |
| 2019-09-26 | Rob VandenBrink | Mining MAC Address and OUI Information |
| 2019-08-30 | Xavier Mertens | Malware Dropping a Local Node.js Instance |
| 2019-08-22 | Xavier Mertens | Simple Mimikatz & RDPWrapper Dropper |
| 2019-08-09 | Xavier Mertens | 100% JavaScript Phishing Page |
| 2019-06-10 | Xavier Mertens | Interesting JavaScript Obfuscation Example |
| 2019-02-21 | Xavier Mertens | Simple Powershell Keyloggers are Back |
| 2019-02-07 | Xavier Mertens | Phishing Kit with JavaScript Keylogger |
| 2018-07-13 | Xavier Mertens | Cryptominer Delivered Though Compromized JavaScript File |
| 2018-06-19 | Xavier Mertens | PowerShell: ScriptBlock Logging... Or Not? |
| 2018-06-18 | Xavier Mertens | Malicious JavaScript Targeting Mobile Browsers |
| 2018-05-01 | Xavier Mertens | Diving into a Simple Maldoc Generator |
| 2017-07-08 | Xavier Mertens | A VBScript with Obfuscated Base64 Data |
| 2017-06-22 | Xavier Mertens | Obfuscating without XOR |
| 2017-03-24 | Xavier Mertens | Nicely Obfuscated JavaScript Sample |
| 2017-03-04 | Xavier Mertens | How your pictures may affect your website reputation |
| 2017-02-12 | Xavier Mertens | Analysis of a Suspicious Piece of JavaScript |
| 2017-02-02 | Rick Wanner | Multiple vulnerabilities discovered in popular printer models |
| 2016-12-13 | Xavier Mertens | UAC Bypass in JScript Dropper |
| 2016-08-28 | Guy Bruneau | Spam with Obfuscated Javascript |
| 2016-06-18 | Rob VandenBrink | Controlling JavaScript Malware Before it Runs |
| 2016-02-20 | Didier Stevens | Locky: JavaScript Deobfuscation |
| 2016-02-07 | Xavier Mertens | More Malicious JavaScript Obfuscation |
| 2016-01-15 | Xavier Mertens | JavaScript Deobfuscation Tool |
| 2015-08-07 | Tony Carothers | Critical Firefox Update Today |
| 2015-03-12 | Johannes Ullrich | Who got the bad SSL Certificate? Using tshark to analyze the SSL handshake. |
| 2014-08-29 | Johannes Ullrich | False Positive or Not? Difficult to Analyze Javascript |
| 2014-08-12 | Adrien de Beaupre | Host discovery with nmap |
| 2014-07-02 | Johannes Ullrich | Simple Javascript Extortion Scheme Advertised via Bing |
| 2014-01-17 | Russ McRee | Massive RFI scans likely a free web app vuln scanner rather than bots |
| 2013-11-04 | Manuel Humberto Santander Pelaez | When attackers use your DNS to check for the sites you are visiting |
| 2013-08-07 | Johannes Ullrich | Firefox 23 and Mixed Active Content |
| 2013-07-20 | Manuel Humberto Santander Pelaez | Do you have rogue Internet gateways in your network? Check it with nmap |
| 2013-07-01 | Manuel Humberto Santander Pelaez | Using nmap scripts to enhance vulnerability asessment results |
| 2013-04-23 | Russ McRee | Microsoft's Security Intelligence Report (SIRv14) released |
| 2013-02-11 | John Bambenek | Is This Chinese Registrar Really Trying to XSS Me? |
| 2013-02-08 | Kevin Shortt | Is it Spam or Is it Malware? |
| 2013-02-04 | Russ McRee | An expose of a recent SANS GIAC XSS vulnerability |
| 2013-01-30 | Richard Porter | Getting Involved with the Local Community |
| 2013-01-25 | Johannes Ullrich | Vulnerability Scans via Search Engines (Request for Logs) |
| 2012-08-16 | Johannes Ullrich | A Poor Man's DNS Anomaly Detection Script |
| 2012-06-25 | Guy Bruneau | Using JSDetox to Analyze and Deobfuscate Javascript |
| 2012-05-22 | Johannes Ullrich | nmap 6 released |
| 2012-04-25 | Daniel Wesemann | Blacole's obfuscated JavaScript |
| 2012-01-22 | Johannes Ullrich | Javascript DDoS Tool Analysis |
| 2012-01-12 | Rob VandenBrink | Stuff I Learned Scripting - Fun with STDERR |
| 2012-01-03 | Bojan Zdrnja | The tale of obfuscated JavaScript continues |
| 2011-12-07 | Lenny Zeltser | V8 as an Alternative to SpiderMonkey for JavaScript Deobfuscation |
| 2011-11-10 | Rob VandenBrink | Stuff I Learned Scripting - - Parsing XML in a One-Liner |
| 2011-11-07 | Rob VandenBrink | Stuff I Learned Scripting - Evaluating a Remote SSL Certificate |
| 2011-08-24 | Rob VandenBrink | Citrix Access Gateway Cross Site Scripting vulnerability and fix ==> http://support.citrix.com/article/CTX129971 |
| 2011-06-06 | Manuel Humberto Santander Pelaez | Phishing: Same goal, same techniques and people still falling for such scams |
| 2011-04-23 | Manuel Humberto Santander Pelaez | Image search can lead to malware download |
| 2011-01-24 | Rob VandenBrink | Where have all the COM Ports Gone? - How enumerating COM ports led to me finding a “misplaced” Microsoft tool |
| 2010-12-02 | Kevin Johnson | Robert Hansen and our happiness |
| 2010-07-29 | Rob VandenBrink | NoScript 2.0 released |
| 2010-07-04 | Manuel Humberto Santander Pelaez | Malware inside PDF Files |
| 2010-03-05 | Kyle Haugsness | Javascript obfuscators used in the wild |
| 2009-05-04 | Tom Liston | Adobe Reader/Acrobat Critical Vulnerability |
| 2009-04-07 | Bojan Zdrnja | Advanced JavaScript obfuscation (or why signature scanning is a failure) |
| 2009-04-02 | Bojan Zdrnja | JavaScript insertion and log deletion attack tools |
| 2009-02-25 | Andre Ludwig | Adobe Acrobat pdf 0-day exploit, No JavaScript needed! |
| 2008-07-14 | Daniel Wesemann | Obfuscated JavaScript Redux |
| 2008-06-30 | Marcus Sachs | More SQL Injection with Fast Flux hosting |
| 2008-05-20 | Raul Siles | List of malicious domains inserted through SQL injection |
| 2008-04-29 | Bojan Zdrnja | Scripts in ASF files |
| 2008-04-06 | Daniel Wesemann | Advanced obfuscated JavaScript analysis |
| 2008-04-03 | Bojan Zdrnja | Mixed (VBScript and JavaScript) obfuscation |
