XML API |
| 2022-03-18 | Johannes Ullrich | Scans for Movable Type Vulnerability (CVE-2021-20837) |
XML |
| 2024-05-16/a> | Rob VandenBrink | Why yq? Adventures in XML |
| 2023-12-11/a> | Rob VandenBrink | What is sitemap.xml, and Why a Pentester Should Care |
| 2022-09-16/a> | Didier Stevens | Word Maldoc With CustomXML and Renamed VBAProject.bin |
| 2022-09-15/a> | Xavier Mertens | Malicious Word Document with a Frameset |
| 2022-03-18/a> | Johannes Ullrich | Scans for Movable Type Vulnerability (CVE-2021-20837) |
| 2021-01-24/a> | Didier Stevens | Video: Doc & RTF Malicious Document |
| 2021-01-23/a> | Didier Stevens | CyberChef: Analyzing OOXML Files for URLs |
| 2020-10-10/a> | Didier Stevens | Open Packaging Conventions |
| 2018-10-26/a> | Xavier Mertens | Dissecting Malicious Office Documents with Linux |
| 2016-02-03/a> | Xavier Mertens | Automating Vulnerability Scans |
| 2014-03-12/a> | Johannes Ullrich | Wordpress "Pingback" DDoS Attacks |
| 2013-11-01/a> | Russ McRee | Secunia's PSI Country Report - Q3 2013 |
| 2011-11-10/a> | Rob VandenBrink | Stuff I Learned Scripting - - Parsing XML in a One-Liner |
| 2009-08-08/a> | Kevin Liston | Sun OpenSSO Enterprise/Sun Access Manager XML Vulnerabilities |
| 2009-08-08/a> | Guy Bruneau | XML Libraries Data Parsing Vulnerabilities |
| 2009-02-19/a> | Bojan Zdrnja | MS09-002, XML/DOC and initial infection vector |
| 2009-01-31/a> | Swa Frantzen | VMware updates |
| 2006-11-14/a> | Jim Clausing | MS06-071: MSXML Core Services |
| 2006-09-19/a> | Swa Frantzen | Yet another MSIE 0-day: VML |
API |
| 2025-03-10/a> | Xavier Mertens | Shellcode Encoded in UUIDs |
| 2024-08-29/a> | Xavier Mertens | Live Patching DLLs with Python |
| 2024-03-10/a> | Guy Bruneau | What happens when you accidentally leak your AWS API keys? [Guest Diary] |
| 2023-12-23/a> | Xavier Mertens | Python Keylogger Using Mailtrap.io |
| 2023-07-21/a> | Rob VandenBrink | Shodan's API For The (Recon) Win! |
| 2023-04-07/a> | Xavier Mertens | Detecting Suspicious API Usage with YARA Rules |
| 2023-02-15/a> | Rob VandenBrink | DNS Recon Redux - Zone Transfers (plus a time machine) for When You Can't do a Zone Transfer |
| 2022-12-19/a> | Xavier Mertens | Hunting for Mastodon Servers |
| 2022-06-21/a> | Johannes Ullrich | Experimental New Domain / Domain Age API |
| 2022-03-18/a> | Johannes Ullrich | Scans for Movable Type Vulnerability (CVE-2021-20837) |
| 2022-02-25/a> | Didier Stevens | Windows, Fixed IPv4 Addresses and APIPA |
| 2022-01-21/a> | Xavier Mertens | Obscure Wininet.dll Feature? |
| 2021-12-17/a> | Rob VandenBrink | DR Automation - Using Public DNS APIs |
| 2021-09-09/a> | Johannes Ullrich | Updates to Our Datafeeds/API |
| 2021-07-24/a> | Xavier Mertens | Agent.Tesla Dropped via a .daa Image and Talking to Telegram |
| 2021-06-19/a> | Xavier Mertens | Easy Access to the NIST RDS Database |
| 2021-03-17/a> | Xavier Mertens | Defenders, Know Your Operating System Like Attackers Do! |
| 2021-01-07/a> | Rob VandenBrink | Using the NIST Database and API to Keep Up with Vulnerabilities and Patches (Part 1 of 3) |
| 2020-12-22/a> | Xavier Mertens | Malware Victim Selection Through WiFi Identification |
| 2020-09-02/a> | Xavier Mertens | Python and Risky Windows API Calls |
| 2020-08-18/a> | Xavier Mertens | Using API's to Track Attackers |
| 2020-07-28/a> | Johannes Ullrich | All I want this Tuesday: More Data |
| 2020-05-29/a> | Johannes Ullrich | The Impact of Researchers on Our Data |
| 2020-05-21/a> | Xavier Mertens | Malware Triage with FLOSS: API Calls Based Behavior |
| 2020-02-29/a> | Guy Bruneau | Hazelcast IMDG Discover Scan |
| 2020-01-16/a> | Bojan Zdrnja | Summing up CVE-2020-0601, or the Let?s Decrypt vulnerability |
| 2018-11-17/a> | Xavier Mertens | Quickly Investigating Websites with Lookyloo |
| 2018-11-12/a> | Rick Wanner | Using the Neutrino ip-blocklist API to test general badness of an IP |
| 2017-11-17/a> | Xavier Mertens | Top-100 Malicious IP STIX Feed |
| 2017-09-05/a> | Adrien de Beaupre | Struts vulnerability patch released by apache, patch now |
| 2017-05-10/a> | Johannes Ullrich | Read This If You Are Using a Script to Pull Data From This Site |
| 2015-09-03/a> | Xavier Mertens | Querying the DShield API from RTIR |
| 2014-05-28/a> | Rob VandenBrink | Assessing SOAP APIs with Burp |
| 2014-01-20/a> | Rob VandenBrink | You Can Run, but You Can't Hide (SSH and other open services) |
| 2012-11-16/a> | Guy Bruneau | VMware security updates for vSphere API and ESX Service Console - http://www.vmware.com/security/advisories/VMSA-2012-0016.html |
| 2010-03-30/a> | Pedro Bueno | Sharing the Tools |
