SKYPE IM BOT |
2010-03-11 | donald smith | Cert write up on Skype IMBot Logic and Functionality. |
SKYPE |
2014-01-01/a> | Russ McRee | Happy New Year from the Syrian Electronic Army - Skype’s Social Media Accounts Hacked |
2012-11-14/a> | Jim Clausing | Skype account hijack vulnerability fixed |
2011-05-31/a> | Johannes Ullrich | Skype EasyBits Add-on |
2011-05-06/a> | Richard Porter | Unpatched Exploit: Skype for MAC |
2010-12-30/a> | Rick Wanner | Obvious Lessons from the Skype outage |
2010-03-11/a> | donald smith | Cert write up on Skype IMBot Logic and Functionality. |
2008-04-23/a> | Mari Nichols | What's New, Old and Morphing? |
2006-12-18/a> | Toby Kohlenberg | Skype worm |
IM |
2025-02-12/a> | Yee Ching Tok | An ontology for threats, cybercrime and digital forensic investigation on Smart City Infrastructure |
2024-09-18/a> | Guy Bruneau | Time-to-Live Analysis of DShield Data with Vega-Lite |
2024-08-30/a> | Jesse La Grew | Simulating Traffic With Scapy |
2023-10-09/a> | Didier Stevens | ZIP's DOSTIME & DOSDATE Formats |
2023-07-07/a> | Xavier Mertens | DSSuite (Didier's Toolbox) Docker Image Update |
2023-05-30/a> | Brad Duncan | Malspam pushes ModiLoader (DBatLoader) infection for Remcos RAT |
2023-02-28/a> | Brad Duncan | BB17 distribution Qakbot (Qbot) activity |
2022-12-30/a> | Jan Kopriva | SPF and DMARC use on GOV domains in different ccTLDs |
2022-12-20/a> | Xavier Mertens | Linux File System Monitoring & Actions |
2022-10-24/a> | Xavier Mertens | C2 Communications Through outlook.com |
2022-06-26/a> | Didier Stevens | More Decoding Analysis |
2022-04-07/a> | Johannes Ullrich | What is BIMI and how is it supposed to help with Phishing. |
2022-03-04/a> | Johannes Ullrich | Scam E-Mail Impersonating Red Cross |
2022-02-05/a> | Didier Stevens | Power over Ethernet and Thermal Imaging |
2022-01-29/a> | Guy Bruneau | SIEM In this Decade, Are They Better than the Last? |
2021-12-23/a> | Johannes Ullrich | Defending Cloud IMDS Against log4shell (and more) |
2021-12-16/a> | Brad Duncan | How the "Contact Forms" campaign tricks people |
2021-11-04/a> | Tom Webb | Xmount for Disk Images |
2021-10-21/a> | Brad Duncan | "Stolen Images Evidence" campaign pushes Sliver-based malware |
2021-06-26/a> | Guy Bruneau | CVE-2019-9670: Zimbra Collaboration Suite XXE vulnerability |
2021-04-22/a> | Xavier Mertens | How Safe Are Your Docker Images? |
2021-03-02/a> | Russ McRee | Adversary Simulation with Sim |
2020-10-07/a> | Johannes Ullrich | Today, Nobody is Going to Attack You. |
2020-08-12/a> | Russ McRee | To the Brim at the Gates of Mordor Pt. 1 |
2020-04-30/a> | Xavier Mertens | Collecting IOCs from IMAP Folder |
2019-12-12/a> | Xavier Mertens | Code & Data Reuse in the Malware Ecosystem |
2019-11-02/a> | Didier Stevens | Remark on EML Attachments |
2019-10-30/a> | Xavier Mertens | Keep an Eye on Remote Access to Mailboxes |
2019-08-22/a> | Xavier Mertens | Simple Mimikatz & RDPWrapper Dropper |
2019-05-01/a> | Xavier Mertens | Another Day, Another Suspicious UDF File |
2019-04-17/a> | Xavier Mertens | Malware Sample Delivered Through UDF Image |
2019-02-05/a> | Rob VandenBrink | Mitigations against Mimikatz Style Attacks |
2019-01-09/a> | Russ McRee | gganimate: Animate YouR Security Analysis |
2018-10-31/a> | Brad Duncan | More malspam using password-protected Word docs |
2018-06-27/a> | Renato Marinho | Silently Profiling Unknown Malware Samples |
2018-05-16/a> | Mark Hofman | EFAIL, a weakness in openPGP and S\MIME |
2017-11-25/a> | Guy Bruneau | Exim Remote Code Exploit |
2017-09-19/a> | Jim Clausing | New tool: mac-robber.py |
2017-07-12/a> | Xavier Mertens | Backup Scripts, the FIM of the Poor |
2017-06-28/a> | Brad Duncan | Catching up with Blank Slate: a malspam campaign still going strong |
2017-06-17/a> | Guy Bruneau | Mapping Use Cases to Logs. Which Logs are the Most Important to Collect? |
2017-05-10/a> | Johannes Ullrich | Read This If You Are Using a Script to Pull Data From This Site |
2017-05-03/a> | Bojan Zdrnja | Powershelling with exploits |
2017-04-28/a> | Russell Eubanks | KNOW before NO |
2017-03-25/a> | Russell Eubanks | Distraction as a Service |
2017-03-11/a> | Russell Eubanks | What's On Your Not To Do List? |
2017-01-24/a> | Xavier Mertens | Malicious SVG Files in the Wild |
2016-12-11/a> | Russ McRee | Steganography in Action: Image Steganography & StegExpose |
2016-11-20/a> | Pasquale Stirparo | How many “Epoch” times? Epocalypse.py timestamp converter |
2016-11-13/a> | Guy Bruneau | Bitcoin Miner File Upload via FTP |
2016-09-10/a> | Xavier Mertens | Ongoing IMAP Scan, Anyone Else? |
2016-05-14/a> | Guy Bruneau | INetSim as a Basic Honeypot |
2016-03-30/a> | Xavier Mertens | What to watch with your FIM? |
2016-01-24/a> | Didier Stevens | Obfuscated MIME Files |
2016-01-05/a> | Guy Bruneau | What are you Concerned the Most in 2016? |
2015-12-14/a> | Russ McRee | AD Security's Unofficial Guide to Mimikatz & Command Reference |
2015-05-15/a> | Didier Stevens | Another Maldoc? I'm Afraid So... |
2015-05-09/a> | Didier Stevens | Malicious Word Document: This Time The Maldoc Is A MIME File |
2015-02-10/a> | Mark Baggett | Detecting Mimikatz Use On Your Network |
2014-01-24/a> | Johannes Ullrich | How to send mass e-mail the right way |
2013-11-05/a> | Daniel Wesemann | TIFF images in MS-Office documents used in targeted attacks |
2013-08-14/a> | Johannes Ullrich | Imaging LUKS Encrypted Drives |
2013-05-22/a> | Adrien de Beaupre | Apple QuickTime 7.7.4 for Windows updated, MANY security vulnerabilities: http://support.apple.com/kb/HT1222 |
2013-04-25/a> | Adam Swanger | Guest Diary: Dylan Johnson - A week in the life of some Perimeter Firewalls |
2013-02-06/a> | Johannes Ullrich | Are you losing system logging information (and don't know it)? |
2012-12-22/a> | Guy Bruneau | New Poll - Which of the following issues impacted the most your business in 2012? - https://isc.sans.edu/poll.html |
2012-06-22/a> | Kevin Liston | Investigator's Tool-kit: Timeline |
2012-06-15/a> | Johannes Ullrich | Authenticating E-Mail |
2012-02-07/a> | Johannes Ullrich | Secure E-Mail Access |
2011-11-11/a> | Rick Wanner | APPLE-SA-2011-11-10-2 Time Capsule and AirPort Base Station (802.11n) Firmware 7.6 update |
2011-08-04/a> | Jim Clausing | Apple release Quicktime 7.7 fixes 14 CVEs, see http://support.apple.com/kb/HT1222 |
2011-08-03/a> | Johannes Ullrich | Malicious Images: What's a QR Code |
2011-05-14/a> | Guy Bruneau | Websense Study Claims Canada Next Hotbed for Cybercrime Web Hosting Activity |
2011-05-06/a> | Richard Porter | Unpatched Exploit: Skype for MAC |
2011-04-23/a> | Manuel Humberto Santander Pelaez | Image search can lead to malware download |
2010-12-17/a> | Johannes Ullrich | Reports of Attacks against EXIM vulnerability |
2010-12-12/a> | Raul Siles | Apple Quickime 7.6.9 was released a few days ago (just in case you missed it): http://support.apple.com/kb/HT1222. Update all your web browser plugins! |
2010-12-10/a> | Mark Hofman | EXIM MTA vulnerability |
2010-11-08/a> | Manuel Humberto Santander Pelaez | Network Security Perimeter: How to choose the correct firewall and IPS for your environment? |
2010-11-07/a> | Adrien de Beaupre | Change your clocks? |
2010-09-25/a> | Rick Wanner | Guest Diary: Andrew Hunt - Visualizing the Hosting Patterns of Modern Cybercriminals |
2010-08-30/a> | Adrien de Beaupre | Apple QuickTime potential vulnerability/backdoor |
2010-08-22/a> | Manuel Humberto Santander Pelaez | SCADA: A big challenge for information security professionals |
2010-08-14/a> | Tony Carothers | Freedom of Information |
2010-08-13/a> | Guy Bruneau | QuickTime Security Updates |
2010-04-02/a> | Guy Bruneau | Apple QuickTime and iTunes Security Update |
2010-03-23/a> | John Bambenek | The Top 10 Riskiest US Cities for Cybercrime |
2010-03-11/a> | donald smith | Cert write up on Skype IMBot Logic and Functionality. |
2010-01-17/a> | Rick Wanner | Buffer overflow in Quicktime |
2009-11-05/a> | Swa Frantzen | RIM fixes random code execution vulnerability |
2009-09-12/a> | Jim Clausing | Apple Updates |
2009-09-04/a> | Adrien de Beaupre | Fake anti-virus |
2009-07-11/a> | Marcus Sachs | Imageshack |
2009-06-02/a> | Deborah Hale | Another Quicktime Update |
2009-02-14/a> | Deborah Hale | Microsoft Time Sync Appears to Down |
2009-02-06/a> | Adrien de Beaupre | Fake stimulus payments |
2008-11-02/a> | Adrien de Beaupre | Daylight saving time |
2008-09-09/a> | Swa Frantzen | Apple updates iTunes+QuickTime |
2008-07-15/a> | Maarten Van Horenbeeck | BlackBerry PDF parsing vulnerability |
2008-07-15/a> | Maarten Van Horenbeeck | Bot controller mimicry |
2008-06-10/a> | Swa Frantzen | Upgrade to QuickTime 7.5 |
2008-04-22/a> | donald smith | Maximus root kit downloads via MySpace social engineering trick. |
2008-04-03/a> | Bojan Zdrnja | A bag of vulnerabilities (and fixes) in QuickTime |
2006-12-18/a> | Toby Kohlenberg | Skype worm |
2006-09-12/a> | Swa Frantzen | Apple Quicktime 7.1.3 released |
BOT |
2024-02-18/a> | Guy Bruneau | Mirai-Mirai On The Wall... [Guest Diary] |
2024-01-07/a> | Guy Bruneau | Suspicious Prometei Botnet Activity |
2023-12-27/a> | Guy Bruneau | Unveiling the Mirai: Insights into Recent DShield Honeypot Activity [Guest Diary] |
2023-11-27/a> | Guy Bruneau | Decoding the Patterns: Analyzing DShield Honeypot Activity [Guest Diary] |
2023-11-22/a> | Guy Bruneau | CVE-2023-1389: A New Means to Expand Botnets |
2023-11-09/a> | Guy Bruneau | Routers Targeted for Gafgyt Botnet [Guest Diary] |
2023-06-22/a> | Brad Duncan | Qakbot (Qbot) activity, obama271 distribution tag |
2023-04-12/a> | Brad Duncan | Recent IcedID (Bokbot) activity |
2023-03-11/a> | Xavier Mertens | Overview of a Mirai Payload Generator |
2023-02-28/a> | Brad Duncan | BB17 distribution Qakbot (Qbot) activity |
2023-02-24/a> | Brad Duncan | URL files and WebDAV used for IcedID (Bokbot) infection |
2022-12-02/a> | Brad Duncan | obama224 distribution Qakbot tries .vhd (virtual hard disk) images |
2022-11-02/a> | Brad Duncan | Who put the "Dark" in DarkVNC? |
2022-10-16/a> | Didier Stevens | Video: Analysis of a Malicious HTML File (QBot) |
2022-10-13/a> | Didier Stevens | Analysis of a Malicious HTML File (QBot) |
2022-08-24/a> | Brad Duncan | Monster Libra (TA551/Shathak) --> IcedID (Bokbot) --> Cobalt Strike & DarkVNC |
2022-08-12/a> | Brad Duncan | Monster Libra (TA551/Shathak) pushes IcedID (Bokbot) with Dark VNC and Cobalt Strike |
2022-07-27/a> | Brad Duncan | IcedID (Bokbot) with Dark VNC and Cobalt Strike |
2022-06-30/a> | Brad Duncan | Case Study: Cobalt Strike Server Lives on After Its Domain Is Suspended |
2022-06-09/a> | Brad Duncan | TA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt) |
2022-04-20/a> | Brad Duncan | "aa" distribution Qakbot (Qbot) infection with DarkVNC traffic |
2022-03-25/a> | Xavier Mertens | XLSB Files: Because Binary is Stealthier Than XML |
2022-03-16/a> | Brad Duncan | Qakbot infection with Cobalt Strike and VNC activity |
2022-02-15/a> | Xavier Mertens | Who Are Those Bots? |
2022-02-09/a> | Brad Duncan | Example of Cobalt Strike from Emotet infection |
2022-01-25/a> | Brad Duncan | Emotet Stops Using 0.0.0.0 in Spambot Traffic |
2022-01-07/a> | Xavier Mertens | Custom Python RAT Builder |
2021-12-22/a> | Brad Duncan | December 2021 Forensic Contest: Answers and Analysis |
2021-12-16/a> | Brad Duncan | How the "Contact Forms" campaign tricks people |
2021-12-02/a> | Brad Duncan | TA551 (Shathak) pushes IcedID (Bokbot) |
2021-11-26/a> | Guy Bruneau | Searching for Exposed ASUS Routers Vulnerable to CVE-2021-20090 |
2021-11-16/a> | Brad Duncan | Emotet Returns |
2021-11-04/a> | Brad Duncan | October 2021 Forensic Contest: Answers and Analysis |
2021-10-04/a> | Johannes Ullrich | Boutique "Dark" Botnet Hunting for Crumbs |
2021-09-23/a> | Xavier Mertens | Excel Recipe: Some VBA Code with a Touch of Excel4 Macro |
2021-08-13/a> | Brad Duncan | Example of Danabot distributed through malspam |
2021-07-24/a> | Xavier Mertens | Agent.Tesla Dropped via a .daa Image and Talking to Telegram |
2021-06-30/a> | Brad Duncan | June 2021 Forensic Contest: Answers and Analysis |
2021-06-24/a> | Xavier Mertens | Do you Like Cookies? Some are for sale! |
2021-04-15/a> | Johannes Ullrich | Why and How You Should be Using an Internal Certificate Authority |
2021-04-06/a> | Jan Kopriva | Malspam with Lokibot vs. Outlook and RFCs |
2021-03-03/a> | Brad Duncan | Qakbot infection with Cobalt Strike |
2021-02-23/a> | Jan Kopriva | Qakbot in a response to Full Disclosure post |
2021-02-17/a> | Brad Duncan | Malspam pushing Trickbot gtag rob13 |
2021-01-26/a> | Brad Duncan | TA551 (Shathak) Word docs push Qakbot (Qbot) |
2021-01-20/a> | Brad Duncan | Qakbot activity resumes after holiday break |
2020-12-09/a> | Brad Duncan | Recent Qakbot (Qbot) activity |
2020-11-03/a> | Brad Duncan | Emotet -> Qakbot -> more Emotet |
2020-10-20/a> | Xavier Mertens | Mirai-alike Python Scanner |
2020-10-14/a> | Brad Duncan | More TA551 (Shathak) Word docs push IcedID (Bokbot) |
2020-08-19/a> | Xavier Mertens | Example of Word Document Delivering Qakbot |
2020-08-03/a> | Xavier Mertens | Powershell Bot with Multiple C2 Protocols |
2020-08-01/a> | Jan Kopriva | What pages do bad bots look for? |
2020-07-15/a> | Brad Duncan | Word docs with macros for IcedID (Bokbot) |
2020-06-13/a> | Guy Bruneau | Mirai Botnet Activity |
2020-05-20/a> | Brad Duncan | Microsoft Word document with malicious macro pushes IcedID (Bokbot) |
2020-04-01/a> | Brad Duncan | Qakbot malspam sent from an infected Windows host |
2020-03-21/a> | Guy Bruneau | Honeypot - Scanning and Targeting Devices & Services |
2020-03-18/a> | Brad Duncan | Trickbot gtag red5 distributed as a DLL file |
2020-01-28/a> | Brad Duncan | Emotet epoch 1 infection with Trickbot gtag mor84 |
2019-12-24/a> | Brad Duncan | Malspam with links to Word docs pushes IcedID (Bokbot) |
2019-12-18/a> | Brad Duncan | Emotet infection with spambot activity |
2019-12-11/a> | Brad Duncan | German language malspam pushes yet another wave of Trickbot |
2019-11-13/a> | Brad Duncan | An example of malspam pushing Lokibot malware, November 2019 |
2019-10-30/a> | Xavier Mertens | Keep an Eye on Remote Access to Mailboxes |
2019-09-18/a> | Brad Duncan | Emotet malspam is back |
2019-09-03/a> | Johannes Ullrich | [Guest Diary] Tricky LNK points to TrickBot |
2019-08-14/a> | Brad Duncan | Recent example of MedusaHTTP malware |
2019-08-08/a> | Johannes Ullrich | [Guest Diary] The good, the bad and the non-functional, or "how not to do an attack campaign" |
2019-07-26/a> | Kevin Shortt | DVRIP Port 34567 - Uptick |
2019-03-13/a> | Brad Duncan | Malspam pushes Emotet with Qakbot as the follow-up malware |
2019-03-06/a> | Brad Duncan | Malspam with password-protected word docs still pushing IcedID (Bokbot) with Trickbot |
2019-02-14/a> | Xavier Mertens | Old H-Worm Delivered Through GitHub |
2019-01-16/a> | Brad Duncan | Emotet infections and follow-up malware |
2019-01-10/a> | Brad Duncan | Heartbreaking Emails: "Love You" Malspam |
2018-12-23/a> | Guy Bruneau | Scanning Activity, end Goal is to add Hosts to Mirai Botnet |
2018-12-18/a> | Brad Duncan | Malspam links to password-protected Word docs that push IcedID (Bokbot) |
2018-12-05/a> | Brad Duncan | Campaign evolution: Hancitor changes its Word macros |
2018-12-04/a> | Brad Duncan | Malspam pushing Lokibot malware |
2018-11-14/a> | Brad Duncan | Day in the life of a researcher: Finding a wave of Trickbot malspam |
2018-09-26/a> | Brad Duncan | One Emotet infection leads to three follow-up malware infections |
2018-05-09/a> | Xavier Mertens | Nice Phishing Sample Delivering Trickbot |
2018-03-08/a> | Xavier Mertens | CRIMEB4NK IRC Bot |
2017-10-19/a> | Brad Duncan | HSBC-themed malspam uses ISO attachments to push Loki Bot malware |
2017-08-15/a> | Brad Duncan | Malspam pushing Trickbot banking Trojan |
2017-07-19/a> | Xavier Mertens | Bots Searching for Keys & Config Files |
2017-05-08/a> | Renato Marinho | Exploring a P2P Transient Botnet - From Discovery to Enumeration |
2016-12-31/a> | Xavier Mertens | Ongoing Scans Below the Radar |
2016-12-07/a> | Xavier Mertens | The Passwords You Should Never Use |
2016-09-10/a> | Xavier Mertens | Ongoing IMAP Scan, Anyone Else? |
2016-07-27/a> | Xavier Mertens | Analyze of a Linux botnet client source code |
2015-02-06/a> | Johannes Ullrich | Anthem, TurboTax and How Things "Fit Together" Sometimes |
2014-10-09/a> | Johannes Ullrich | CSAM: My servers started speaking IRC, and that is when I started to listen! |
2014-08-16/a> | Lenny Zeltser | Web Server Attack Investigation - Installing a Bot and Reverse Shell via a PHP Vulnerability |
2014-01-16/a> | Kevin Shortt | Port 4028 - Interesting Activity |
2013-12-07/a> | Guy Bruneau | Suspected Active Rovnix Botnet Controller |
2013-10-26/a> | Guy Bruneau | Active Perl/Shellbot Trojan |
2013-08-11/a> | Bojan Zdrnja | XATattacks (attacks on xat.com) |
2012-10-26/a> | Russ McRee | Cyber Security Awareness Month - Day 26 - Attackers use trusted domain to propagate Citadel Zeus variant |
2011-08-04/a> | Johannes Ullrich | IRC traffic on non standard ports |
2011-05-14/a> | Guy Bruneau | Websense Study Claims Canada Next Hotbed for Cybercrime Web Hosting Activity |
2011-02-28/a> | Deborah Hale | Possible Botnet Scanning |
2011-01-11/a> | Kevin Shortt | Spam Cannons on Holiday |
2010-11-18/a> | Chris Carboni | All of your pages are belonging to us |
2010-11-05/a> | Adrien de Beaupre | Bot honeypot |
2010-08-19/a> | Daniel Wesemann | Casper the unfriendly ghost |
2010-07-29/a> | Rob VandenBrink | FBI, Slovenian and Spanish Police announce more arrests of Mariposa Botnet Creator, Operators |
2010-06-14/a> | Manuel Humberto Santander Pelaez | New way of social engineering on IRC |
2010-05-07/a> | Johannes Ullrich | Stock market "wipe out" may be due to computer error |
2010-05-02/a> | Mari Nichols | Zbot Social Engineering |
2010-04-23/a> | Adrien de Beaupre | Shadowserver botnet rules |
2010-03-25/a> | Kevin Liston | Zeus wants to do your taxes |
2010-03-11/a> | donald smith | Cert write up on Skype IMBot Logic and Functionality. |
2010-02-02/a> | Johannes Ullrich | Pushdo Update |
2010-01-25/a> | William Salusky | "Bots and Spiders and Crawlers, be gone!" - or - "New Open Source WebAppSec tools, Huzzah!" |
2009-12-21/a> | Marcus Sachs | iPhone Botnet Analysis |
2009-11-13/a> | Deborah Hale | Pushdo/Cutwail Spambot - A Little Known BIG Problem |
2009-11-08/a> | Kevin Liston | FireEye takes on Ozdok and Recovery Ideas |
2009-10-10/a> | Tony Carothers | User Notification for Possible Infected Systems |
2009-09-16/a> | Raul Siles | IETF Draft for Remediation of Bots in ISP Networks |
2009-05-07/a> | Deborah Hale | Botnet hijacking reveals 70GB of stolen data |
2008-11-05/a> | donald smith | Bot net hunters get an improved tool from SRI bothunters |
2008-09-09/a> | Swa Frantzen | The complaint that's an attack |
2008-09-01/a> | John Bambenek | The Number of Machines Controlled by Botnets Has Jumped 4x in Last 3 Months |
2008-07-19/a> | William Salusky | A twist in fluxnet operations. Enter Hydraflux |
2008-07-15/a> | Maarten Van Horenbeeck | Bot controller mimicry |
2008-04-07/a> | John Bambenek | Got Kraken? |
2008-04-07/a> | John Bambenek | Kraken Technical Details: UPDATED x3 |
2006-08-31/a> | Swa Frantzen | NT botnet submitted |
2006-08-31/a> | Joel Esler | MS06-040 Worm |