Date Author Title

AI ANALYSIS

2026-05-06Guy BruneauAn Adaptive Cyber Analytics UI for Web Honeypot Logs [Guest Diary]

AI

2026-05-06/a>Guy BruneauAn Adaptive Cyber Analytics UI for Web Honeypot Logs [Guest Diary]
2026-05-04/a>Kenneth HartmanTeamPCP Weekly Analysis: 2026-W18 (2026-04-27 through 2026-05-03)
2026-04-29/a>Guy BruneauDanger of Libredtail [Guest Diary]
2026-04-27/a>Kenneth HartmanTeamPCP Supply Chain Campaign: Update 008 - 26-Day Pause Ends with Three Concurrent Compromises (Checkmarx KICS, Bitwarden CLI Cascade, xinference PyPI), CanisterSprawl npm Worm Identified, and Tier 1 Coverage Returns
2026-04-14/a>Guy BruneauScanning for AI Models
2026-04-08/a>Kenneth HartmanTeamPCP Supply Chain Campaign: Update 007 - Cisco Source Code Stolen via Trivy-Linked Breach, Google GTIG Tracks TeamPCP as UNC6780, and CISA KEV Deadline Arrives with No Standalone Advisory
2026-04-03/a>Kenneth HartmanTeamPCP Supply Chain Campaign: Update 006 - CERT-EU Confirms European Commission Cloud Breach, Sportradar Details Emerge, and Mandiant Quantifies Campaign at 1,000+ SaaS Environments
2026-04-01/a>Kenneth HartmanTeamPCP Supply Chain Campaign: Update 005 - First Confirmed Victim Disclosure, Post-Compromise Cloud Enumeration Documented, and Axios Attribution Narrows
2026-03-30/a>Kenneth HartmanTeamPCP Supply Chain Campaign: Update 004 - Databricks Investigating Alleged Compromise, TeamPCP Runs Dual Ransomware Operations, and AstraZeneca Data Released
2026-03-28/a>Kenneth HartmanTeamPCP Supply Chain Campaign: Update 003 - Operational Tempo Shift as Campaign Enters Monetization Phase With No New Compromises in 48 Hours
2026-03-27/a>Kenneth HartmanTeamPCP Supply Chain Campaign: Update 002 - Telnyx PyPI Compromise, Vect Ransomware Mass Affiliate Program, and First Named Victim Claim
2026-03-26/a>Kenneth HartmanTeamPCP Supply Chain Campaign: Update 001 - Checkmarx Scope Wider Than Reported, CISA KEV Entry, and Detection Tools Available
2026-02-24/a>Guy BruneauFinding Signal in the Noise: Lessons Learned Running a Honeypot with AI Assistance [Guest Diary]
2026-02-21/a>Brad DuncanJapanese-Language Phishing Emails
2026-02-18/a>Xavier MertensTracking Malware Campaigns With Reused Material
2026-02-17/a>Xavier MertensFake Incident Report Used in Phishing Campaign
2026-02-12/a>Russ McReeAI-Powered Knowledge Graph Generator & APTs
2026-02-02/a>Johannes UllrichScanning for exposed Anthropic Models
2026-01-28/a>Johannes UllrichOdd WebLogic Request. Possible CVE-2026-21962 Exploit Attempt or AI Slop?
2026-01-22/a>Xavier MertensIs AI-Generated Code Secure?
2026-01-20/a>Xavier MertensAdd Punycode to your Threat Hunting Routine
2026-01-06/a>Johannes UllrichTool Review: Tailsnitch
2025-12-10/a>Guy BruneauUsing AI Gemma 3 Locally with a Single CPU
2025-11-05/a>Johannes UllrichUpdates to Domainname API
2025-10-23/a>Guy BruneauPhishing Cloud Account for Information
2025-10-09/a>Jesse La Grew[Guest Diary] Building Better Defenses: RedTail Observations from a Honeypot
2025-08-20/a>Johannes UllrichAirtell Router Scans, and Mislabeled usernames
2025-08-13/a>Guy BruneauAI and Faster Attack Analysis [Guest Diary]
2025-08-07/a>Guy BruneauMass Internet Scanning from ASN 43350 [Guest Diary]
2025-07-31/a>Johannes UllrichScattered Spider Related Domain Names
2025-07-13/a>Johannes UllrichExperimental Suspicious Domain Feed
2025-05-28/a>Jesse La Grew[Guest Diary] Exploring a Use Case of Artificial Intelligence Assistance with Understanding an Attack
2025-05-12/a>Johannes UllrichIt Is 2025, And We Are Still Dealing With Default IoT Passwords And Stupid 2013 Router Vulnerabilities
2025-05-05/a>Johannes Ullrich"Mirai" Now Exploits Samsung MagicINFO CMS (CVE-2024-7399)
2025-04-16/a>Guy BruneauRedTail, Remnux and Malware Management [Guest Diary]
2025-03-27/a>Johannes UllrichSitecore "thumbnailsaccesstoken" Deserialization Scans (and some new reports) CVE-2025-27218
2025-02-17/a>Russ McReeModelScan - Protection Against Model Serialization Attacks
2025-02-05/a>Johannes UllrichPhishing via "com-" prefix domains
2025-01-09/a>Guy BruneauExamining Redtail Analyzing a Sophisticated Cryptomining Malware and its Advanced Tactics [Guest Diary]
2024-12-05/a>Jesse La Grew[Guest Diary] Business Email Compromise
2024-09-24/a>Johannes UllrichExploitation of RAISECOM Gateway Devices Vulnerability CVE-2024-7120
2024-08-22/a>Johannes UllrichOpenAI Scans for Honeypots. Artificially Malicious? Action Abuse?
2024-07-16/a>Jan Kopriva"Reply-chain phishing" with a twist
2024-07-08/a>Xavier MertensKunai: Keep an Eye on your Linux Hosts Activity
2024-06-17/a>Xavier MertensNew NetSupport Campaign Delivered Through MSIX Packages
2024-05-22/a>Guy BruneauAnalysis of ?redtail? File Uploads to ICS Honeypot, a Multi-Architecture Coin Miner [Guest Diary]
2024-05-08/a>Xavier MertensAnalyzing Synology Disks on Linux
2024-04-11/a>Yee Ching TokEvolution of Artificial Intelligence Systems and Ensuring Trustworthiness
2024-03-17/a>Guy BruneauGamified Learning: Using Capture the Flag Challenges to Supplement Cybersecurity Training [Guest Diary]
2024-03-13/a>Xavier MertensUsing ChatGPT to Deobfuscate Malicious Scripts
2024-02-18/a>Guy BruneauMirai-Mirai On The Wall... [Guest Diary]
2024-02-12/a>Johannes UllrichExploit against Unnamed "Bytevalue" router vulnerability included in Mirai Bot
2024-02-05/a>Jesse La GrewPublic Information and Email Spam
2023-12-31/a>Tom WebbPi-Hole Pi4 Docker Deployment
2023-12-27/a>Guy BruneauUnveiling the Mirai: Insights into Recent DShield Honeypot Activity [Guest Diary]
2023-12-23/a>Xavier MertensPython Keylogger Using Mailtrap.io
2023-11-30/a>John BambenekProphetic Post by Intern on CVE-2023-1389 Foreshadows Mirai Botnet Expansion Today
2023-11-09/a>Guy BruneauRouters Targeted for Gafgyt Botnet [Guest Diary]
2023-11-08/a>Xavier MertensExample of Phishing Campaign Project File
2023-10-18/a>Jesse La GrewHiding in Hex
2023-10-15/a>Guy BruneauDomain Name Used as Password Captured by DShield Sensor
2023-09-29/a>Xavier MertensAre You Still Storing Passwords In Plain Text Files?
2023-07-18/a>Johannes UllrichExploit Attempts for "Stagil navigation for Jira Menus & Themes" CVE-2023-26255 and CVE-2023-26256
2023-07-13/a>Jesse La GrewDShield Honeypot Maintenance and Data Retention
2023-04-04/a>Johannes UllrichAnalyzing the efile.com Malware "efail"
2023-03-12/a>Guy BruneauAsynRAT Trojan - Bill Payment (Pago de la factura)
2023-03-11/a>Xavier MertensOverview of a Mirai Payload Generator
2023-02-18/a>Guy BruneauSpear Phishing Handlers for Username/Password
2023-02-15/a>Rob VandenBrinkDNS Recon Redux - Zone Transfers (plus a time machine) for When You Can't do a Zone Transfer
2023-01-05/a>Brad DuncanMore Brazil malspam pushing Astaroth (Guildma) in January 2023
2022-12-30/a>Jan KoprivaSPF and DMARC use on GOV domains in different ccTLDs
2022-11-28/a>Johannes UllrichUkraine Themed Twitter Spam Pushing iOS Scareware
2022-10-07/a>Xavier MertensPowershell Backdoor with DGA Capability
2022-09-21/a>Xavier MertensPhishing Campaigns Use Free Online Resources
2022-09-19/a>Russ McReeChainsaw: Hunt, search, and extract event log records
2022-09-18/a>Didier StevensVideo: Grep & Tail -f With Notepad++
2022-09-05/a>Didier StevensQuickie: Grep & Tail -f With Notepad++
2022-08-13/a>Guy BruneauPhishing HTML Attachment as Voicemail Audio Transcription
2022-06-21/a>Johannes UllrichExperimental New Domain / Domain Age API
2022-05-13/a>Johannes UllrichFrom 0-Day to Mirai: 7 days of BIG-IP Exploits
2022-05-07/a>Guy BruneauPhishing PDF Received in my ISC Mailbox
2022-05-05/a>Brad DuncanPassword-protected Excel spreadsheet pushes Remcos RAT
2022-04-13/a>Jan KoprivaHow is Ukrainian internet holding up during the Russian invasion?
2022-03-29/a>Johannes UllrichMore Fake/Typosquatting Twitter Accounts Asking for Ukraine Crytocurrency Donations
2022-03-22/a>Johannes UllrichStatement by President Biden: What you need to do (or not do)
2022-03-07/a>Johannes UllrichNo Bitcoin - No Problem: Follow Up to Last Weeks Donation Scam
2022-03-04/a>Johannes UllrichScam E-Mail Impersonating Red Cross
2022-03-02/a>Johannes UllrichThe More Often Something is Repeated, the More True It Becomes: Dealing with Social Media
2022-02-24/a>Xavier MertensUkraine & Russia Situation From a Domain Names Perspective
2022-02-10/a>Johannes UllrichZyxel Network Storage Devices Hunted By Mirai Variant
2021-11-26/a>Guy BruneauSearching for Exposed ASUS Routers Vulnerable to CVE-2021-20090
2021-11-14/a>Didier StevensExternal Email System FBI Compromised: Sending Out Fake Warnings
2021-10-26/a>Yee Ching TokHunting for Phishing Sites Masquerading as Outlook Web Access
2021-10-22/a>Brad DuncanOctober 2021 Contest: Forensic Challenge
2021-09-02/a>Xavier MertensAttackers Will Always Abuse Major Events in our Lifes
2021-07-24/a>Bojan ZdrnjaActive Directory Certificate Services (ADCS - PKI) domain admin vulnerability
2021-06-15/a>Johannes UllrichMulti Perimeter Device Exploit Mirai Version Hunting For Sonicwall, DLink, Cisco and more
2021-05-29/a>Guy BruneauSpear-phishing Email Targeting Outlook Mail Clients
2021-05-22/a>Xavier Mertens"Serverless" Phishing Campaign
2021-04-22/a>Xavier MertensHow Safe Are Your Docker Images?
2021-03-05/a>Xavier MertensSpam Farm Spotted in the Wild
2021-02-26/a>Guy BruneauPretending to be an Outlook Version Update
2021-02-10/a>Brad DuncanPhishing message to the ISC handlers email distro
2020-11-18/a>Xavier MertensWhen Security Controls Lead to Security Issues
2020-10-31/a>Didier StevensMore File Selection Gaffes
2020-10-24/a>Guy BruneauAn Alternative to Shodan, Censys with User-Agent CensysInspect/1.1
2020-10-22/a>Jan KoprivaBazarLoader phishing lures: plan a Halloween party, get a bonus and be fired in the same afternoon
2020-10-20/a>Xavier MertensMirai-alike Python Scanner
2020-10-09/a>Jan KoprivaPhishing kits as far as the eye can see
2020-10-03/a>Guy BruneauScanning for SOHO Routers
2020-09-21/a>Jan KoprivaSlightly broken overlay phishing
2020-09-17/a>Xavier MertensSuspicious Endpoint Containment with OSSEC
2020-09-16/a>Johannes UllrichDo Vulnerabilities Ever Get Old? Recent "Mirai" Variant Scanning for 20 Year Old Amanda Version?
2020-08-20/a>Rob VandenBrinkOffice 365 Mail Forwarding Rules (and other Mail Rules too)
2020-06-18/a>Jan KoprivaBroken phishing accidentally exploiting Outlook zero-day
2020-06-16/a>Xavier MertensSextortion to The Next Level
2020-06-13/a>Guy BruneauMirai Botnet Activity
2020-05-27/a>Jan KoprivaFrankenstein's phishing using Google Cloud Storage
2020-04-30/a>Xavier MertensCollecting IOCs from IMAP Folder
2020-04-18/a>Guy BruneauMaldoc Falsely Represented as DOCX Invoice Redirecting to Fake Apple Store
2020-04-17/a>Xavier MertensWeaponized RTF Document Generator & Mailer in PowerShell
2020-04-13/a>Jan KoprivaLook at the same phishing campaign 3 months apart
2020-03-28/a>Didier StevensCovid19 Domain Classifier
2020-03-27/a>Johannes UllrichHelp us classify Covid19 related domains https://isc.sans.edu/covidclassifier.html (login required)
2020-03-22/a>Didier StevensMore COVID-19 Themed Malware
2020-02-27/a>Xavier MertensOffensive Tools Are For Blue Teams Too
2020-02-10/a>Jan KoprivaCurrent PayPal phishing campaign or "give me all your personal information"
2020-02-03/a>Jan KoprivaAnalysis of a triple-encrypted AZORult downloader
2020-01-16/a>Jan KoprivaPicks of 2019 malware - the large, the small and the one full of null bytes
2019-12-15/a>Didier StevensVirusTotal Email Submissions
2019-12-06/a>Jan KoprivaPhishing with a self-contained credentials-stealing webpage
2019-12-05/a>Jan KoprivaE-mail from Agent Tesla
2019-12-04/a>Jan KoprivaAnalysis of a strangely poetic malware
2019-11-26/a>Jan KoprivaLessons learned from playing a willing phish
2019-11-22/a>Xavier MertensAbusing Web Filters Misconfiguration for Reconnaissance
2019-11-19/a>Johannes UllrichCheap Chinese JAWS of DVR Exploitability on Port 60001
2019-10-31/a>Jan KoprivaEML attachments in O365 - a recipe for phishing
2019-10-30/a>Xavier MertensKeep an Eye on Remote Access to Mailboxes
2019-10-24/a>Johannes UllrichYour Supply Chain Doesn't End At Receiving: How Do You Decommission Network Equipment?
2019-10-17/a>Jan KoprivaPhishing e-mail spoofing SPF-enabled domain
2019-08-01/a>Johannes UllrichWhat is Listening On Port 9527/TCP?
2019-07-26/a>Kevin ShorttDVRIP Port 34567 - Uptick
2019-07-17/a>Xavier MertensAnalyzis of DNS TXT Records
2019-06-27/a>Rob VandenBrinkFinding the Gold in a Pile of Pennies - Long Tail Analysis in PowerShell
2019-04-24/a>Rob VandenBrinkWhere have all the Domain Admins gone? Rooting out Unwanted Domain Administrators
2019-04-13/a>Johannes UllrichConfiguring MTA-STS and TLS Reporting For Your Domain
2019-04-11/a>Johannes UllrichHow to Find Hidden Cameras in your AirBNB
2019-04-07/a>Guy BruneauFake Office 365 Payment Information Update
2019-03-27/a>Xavier MertensRunning your Own Passive DNS Service
2019-03-21/a>Xavier MertensNew Wave of Extortion Emails: Central Intelligence Agency Case
2019-03-06/a>Xavier MertensKeep an Eye on Disposable Email Addresses
2019-02-19/a>Didier StevensIdentifying Files: Failure Happens
2019-02-11/a>Didier StevensHave You Seen an Email Virus Recently?
2018-12-23/a>Guy BruneauScanning Activity, end Goal is to add Hosts to Mirai Botnet
2018-12-21/a>Lorna HutchesonPhishing Attempts That Bypass 2FA
2018-11-18/a>Guy BruneauMultipurpose PCAP Analysis Tool
2018-10-31/a>Brad DuncanMore malspam using password-protected Word docs
2018-08-23/a>Xavier MertensSimple Phishing Through formcrafts.com
2018-08-22/a>Deborah HaleEmail/password Frustration
2018-08-19/a>Didier StevensVideo: Peeking into msg files - revisited
2018-08-11/a>Didier StevensPeeking into msg files - revisited
2018-07-23/a>Didier StevensAnalyzing MSG files
2018-07-15/a>Didier StevensExtracting BTC addresses from emails
2018-06-22/a>Lorna HutchesonXPS Attachment Used for Phishing
2018-05-16/a>Mark HofmanEFAIL, a weakness in openPGP and S\MIME
2018-03-01/a>Johannes UllrichWhy Does Emperor Xi Dislike Winnie the Pooh and Scrambled Eggs?
2018-01-19/a>Jim ClausingFollowup to IPv6 brute force and IPv6 blocking
2018-01-07/a>Guy BruneauSSH Scans by Clients Types
2017-12-27/a>Guy BruneauWhat are your Security Challenges for 2018?
2017-12-13/a>Xavier MertensTracking Newly Registered Domains
2017-11-16/a>Xavier MertensSuspicious Domains Tracking Dashboard
2017-11-10/a>Bojan ZdrnjaBattling e-mail phishing
2017-10-15/a>Didier StevensPeeking into .msg files
2017-09-05/a>Johannes UllrichThe Mirai Botnet: A Look Back and Ahead At What's Next
2017-08-28/a>Johannes UllrichAn Update On DVR Malware: A DVR Torture Chamber
2017-08-14/a>Didier StevensSometimes it's just SPAM
2017-07-05/a>Didier StevensSelecting domains with random names
2017-06-02/a>Xavier MertensPhishing Campaigns Follow Trends
2017-05-20/a>Xavier MertensTyposquatting: Awareness and Hunting
2017-05-06/a>Xavier MertensThe story of the CFO and CEO...
2017-01-13/a>Xavier MertensWho's Attacking Me?
2016-12-26/a>Russ McReeCritical security update: PHPMailer 5.2.20 (CVE-2016-10045)
2016-12-19/a>John BambenekUPDATED x1: Mirai Scanning for Port 6789 Looking for New Victims / Now hitting tcp/23231
2016-12-09/a>Rick WannerMirai - now with DGA
2016-12-07/a>Xavier MertensThe Passwords You Should Never Use
2016-11-23/a>Tom WebbMapping Attack Methodology to Controls
2016-10-25/a>Xavier MertensAnother Day, Another Spam...
2016-10-23/a>Johannes UllrichISC Briefing: Large DDoS Attack Against Dyn
2016-10-02/a>Guy BruneauIs there an Infosec Cybersecurity Talent Shortage?
2016-06-29/a>Xavier MertensPhishing Campaign with Blurred Images
2016-06-01/a>Xavier MertensDocker Containers Logging
2016-03-06/a>Jim ClausingNovel method for slowing down Locky on Samba server using fail2ban
2016-01-09/a>Xavier MertensVirtual Bitlocker Containers
2015-12-28/a>Rick WannerAdobe Flash and Adobe AIR Updates - https://helpx.adobe.com/security/products/flash-player/apsb16-01.html
2015-09-08/a>Lenny ZeltserA Close Look at PayPal Overpayment Scams That Target Craigslist Sellers
2015-02-27/a>Rick WannerTails 1.3 released - https://tails.boum.org/news/version_1.3/index.en.html
2015-02-20/a>Tom WebbFast analysis of a Tax Scam
2014-09-07/a>Johannes UllrichOdd Persistent Password Bruteforcing
2014-08-12/a>Adrien de BeaupreAdobe updates for 2014/08
2014-07-09/a>Daniel WesemannWho owns your typo?
2014-06-11/a>Daniel WesemannHelp your pilot fly!
2014-03-13/a>Daniel WesemannIdentification and authentication are hard ... finding out intention is even harder
2014-01-31/a>Chris MohanAttack on Yahoo mail accounts
2014-01-30/a>Johannes UllrichNew gTLDs appearing in the root zone
2014-01-28/a>Kevin ShorttSendmail v8.14.8 released - http://www.sendmail.com/sm/open_source/download/8.14.8/?show_rs=1#RS
2014-01-24/a>Johannes UllrichHow to send mass e-mail the right way
2014-01-16/a>Kevin ShorttPort 4028 - Interesting Activity
2014-01-08/a>Kevin ShorttIntercepted Email Attempts to Steal Payments
2014-01-01/a>Russ McReeSix degrees of celebration: Juniper, ANT, Shodan, Maltego, Cisco, and Tails
2013-12-21/a>Guy BruneauStrange DNS Queries - Request for Packets
2013-10-05/a>Richard PorterAdobe Breach Notification, Notifications?
2013-08-21/a>Rob VandenBrinkFibre Channel Reconnaissance - Reloaded
2013-06-27/a>Tony CarothersRuby Update for SSL Vulnerability
2013-05-01/a>Daniel WesemannThe cost of cleaning up
2013-03-29/a>Chris MohanFake Link removal requests
2013-02-25/a>Johannes UllrichMass-Customized Malware Lures: Don't trust your cat!
2013-01-09/a>Rob VandenBrinkSQL Injection Flaw in Ruby on Rails
2013-01-09/a>Rob VandenBrinkHotmail seeing some temporary access issues
2012-08-21/a>Adrien de BeaupreRuggedCom fails key management 101 on Rugged Operating System (ROS)
2012-07-25/a>Johannes UllrichApple OS X 10.8 (Mountain Lion) released
2012-06-15/a>Johannes UllrichAuthenticating E-Mail
2012-04-30/a>Rob VandenBrinkFCC posts Enquiry Documents on Google Wardriving
2012-03-13/a>Lenny ZeltserPlease transfer this email to your CEO or appropriate person, thanks
2012-02-07/a>Johannes UllrichSecure E-Mail Access
2012-01-22/a>Lorna HutchesonMailbag - "Attacks"
2011-12-06/a>Kevin ShorttCain & Abel v4.9.43 Released - http://www.oxid.it/
2011-11-11/a>Rick WannerAPPLE-SA-2011-11-10-2 Time Capsule and AirPort Base Station (802.11n) Firmware 7.6 update
2011-11-11/a>Rick WannerAdobe Air updated to 3.1.0.4880
2011-07-25/a>Bojan ZdrnjaWhen the FakeAV coder(s) fail
2011-07-10/a>Raul SilesJailbreakme Takes Advantage of 0-day PDF Vuln in Apple iOS Devices
2011-06-08/a>Johannes UllrichSpam from compromised Hotmail accounts
2011-05-01/a>Deborah HaleAnother Potentially Malicious Email Making The Rounds
2011-04-11/a>Johannes UllrichGMail User Using 2FA Warned of Access From China
2011-02-21/a>Adrien de BeaupreWinamp forums compromised
2011-01-04/a>Johannes UllrichMicrosoft Advisory: Vulnerability in Graphics Rendering Engine
2010-12-30/a>Rick WannerSamuraiWTF Review over at ISSA Toolsmith
2010-10-22/a>Manuel Humberto Santander PelaezIntypedia project
2010-09-09/a>Marcus Sachs'Here You Have' Email
2010-08-29/a>Swa FrantzenAbandoned free email accounts
2010-08-06/a>Rob VandenBrinkFOXIT PDF Reader update to resolve iPhone/iPad Jailbreak issue ==> http://www.foxitsoftware.com/announcements/2010861227.html
2010-07-24/a>Manuel Humberto Santander PelaezTransmiting logon information unsecured in the network
2010-05-23/a>Manuel Humberto Santander Pelaeze-mail scam announcing Fidel Castro's funeral ... and nasty malware to your computer.
2010-03-08/a>Raul SilesSamurai WTF 0.8
2010-03-05/a>Kyle HaugsnessFalse scare email proclaiming North Korea nuclear launch against Japan
2010-01-14/a>Bojan ZdrnjaRogue AV exploiting Haiti earthquake
2010-01-13/a>Johannes UllrichSMS Donations Advertised via Twitter
2010-01-12/a>Johannes UllrichBaidu defaced - Domain Registrar Tampering
2010-01-12/a>Johannes UllrichHaiti Earthquake: Possible scams / malware
2009-11-13/a>Deborah HalePushdo/Cutwail Spambot - A Little Known BIG Problem
2009-11-13/a>Adrien de BeaupreConficker patch via email?
2009-11-09/a>Chris Carboni80's Flashback on Jailbroken iPhones
2009-10-15/a>Deborah HaleCyber Security Awareness Month - Day 15 - Ports 995, 465, and 993 - Secure Email
2009-10-09/a>Rob VandenBrinkTHAWTE to discontinue free Email Certificate Services and Web of Trust Service
2009-10-08/a>Johannes UllrichCyber Security Awareness Month - Day 8 - Port 25 - SMTP
2009-10-05/a>Adrien de BeaupreTime to change your hotmail/gmail/yahoo password
2009-09-01/a>Guy BruneauGmail Down
2009-07-18/a>Patrick NolanChrome update contains Security fixes
2009-05-04/a>Tom ListonFacebook phishing malware
2009-05-02/a>Rick WannerMore Swine/Mexican/H1N1 related domains
2009-04-27/a>Johannes UllrichSwine Flu (Mexican Flu) related domains
2009-04-07/a>Johannes UllrichSSH scanning from compromised mail servers
2009-02-24/a>G. N. WhiteGmail Access Issues Early This AM
2009-01-11/a>Deborah HaleThe Frustration of Phishing Attacks
2009-01-03/a>Rick WannerRAID != Backup
2008-11-30/a>Mari NicholsRejected Email Issues
2008-11-29/a>Pedro BuenoPossible Mumbai Scams?
2008-11-17/a>Jim ClausingCritical update to Adobe AIR
2008-10-17/a>Rick WannerDay 18 - Containing Other Incidents
2008-10-15/a>Rick WannerDay 15 - Containing the Damage From a Lost or Stolen Laptop
2008-10-12/a>Mari NicholsDay 12 Containment: Gathering Evidence That Can be Used in Court
2008-07-17/a>Mari NicholsAdobe Reader 9 Released
2008-05-22/a>Chris CarboniFrom the mailbag
2008-04-04/a>Daniel WesemannTax day scams
2008-03-30/a>Mark HofmanMail Anyone?
2006-11-29/a>Toby KohlenbergNew Vulnerability Announcement and patches from Apple
2006-09-21/a>Johannes UllrichApple updates Airport Drivers
2006-08-31/a>Swa FrantzenMailbag grab

ANALYSIS

2026-05-06/a>Guy BruneauAn Adaptive Cyber Analytics UI for Web Honeypot Logs [Guest Diary]
2026-04-29/a>Guy BruneauDanger of Libredtail [Guest Diary]
2026-03-18/a>Guy BruneauInteresting Message Stored in Cowrie Logs
2026-03-11/a>Guy BruneauWhen your IoT Device Logs in as Admin, It?s too Late! [Guest Diary]
2026-03-04/a>Guy BruneauDifferentiating Between a Targeted Intrusion and an Automated Opportunistic Scanning [Guest Diary]
2026-02-24/a>Guy BruneauFinding Signal in the Noise: Lessons Learned Running a Honeypot with AI Assistance [Guest Diary]
2026-01-07/a>Guy BruneauAnalysis using Gephi with DShield Sensor Data
2025-08-13/a>Guy BruneauAI and Faster Attack Analysis [Guest Diary]
2025-07-09/a>Guy BruneauSSH Tunneling in Action: direct-tcp requests [Guest Diary]
2025-07-07/a>Xavier MertensWhat's My (File)Name?
2025-04-02/a>Guy BruneauExploring Statistical Measures to Predict URLs as Legitimate or Intrusive [Guest Diary]
2025-03-06/a>Guy BruneauDShield Traffic Analysis using ELK
2025-01-09/a>Guy BruneauExamining Redtail Analyzing a Sophisticated Cryptomining Malware and its Advanced Tactics [Guest Diary]
2024-12-17/a>Guy BruneauCommand Injection Exploit For PHPUnit before 4.8.28 and 5.x before 5.6.3 [Guest Diary]
2024-12-11/a>Guy BruneauVulnerability Symbiosis: vSphere?s CVE-2024-38812 and CVE-2024-38813 [Guest Diary]
2024-10-17/a>Guy BruneauScanning Activity from Subnet 15.184.0.0/16
2024-09-25/a>Guy BruneauOSINT - Image Analysis or More Where, When, and Metadata [Guest Diary]
2024-09-18/a>Guy BruneauTime-to-Live Analysis of DShield Data with Vega-Lite
2024-09-11/a>Guy BruneauHygiene, Hygiene, Hygiene! [Guest Diary]
2024-08-27/a>Guy BruneauVega-Lite with Kibana to Parse and Display IP Activity over Time
2024-08-16/a>Jesse La Grew[Guest Diary] 7 minutes and 4 steps to a quick win: A write-up on custom tools
2024-06-13/a>Guy BruneauThe Art of JQ and Command-line Fu [Guest Diary]
2024-05-28/a>Guy BruneauIs that It? Finding the Unknown: Correlations Between Honeypot Logs & PCAPs [Guest Diary]
2024-04-29/a>Guy BruneauLinux Trojan - Xorddos with Filename eyshcjdmzg
2024-03-29/a>Xavier MertensQuick Forensics Analysis of Apache logs
2024-02-25/a>Guy BruneauUtilizing the VirusTotal API to Query Files Uploaded to DShield Honeypot [Guest Diary]
2024-02-03/a>Guy BruneauDShield Sensor Log Collection with Elasticsearch
2023-11-17/a>Jan KoprivaPhishing page with trivial anti-analysis features
2023-02-04/a>Guy BruneauAssemblyline as a Malware Analysis Sandbox
2023-01-21/a>Guy BruneauDShield Sensor JSON Log to Elasticsearch
2023-01-08/a>Guy BruneauDShield Sensor JSON Log Analysis
2022-07-29/a>Johannes UllrichPDF Analysis Intro and OpenActions Entries
2022-07-18/a>Didier StevensAdding Your Own Keywords To My PDF Tools
2022-06-01/a>Jan KoprivaHTML phishing attachments - now with anti-analysis features
2021-04-10/a>Guy BruneauBuilding an IDS Sensor with Suricata & Zeek with Logs to ELK
2021-04-06/a>Jan KoprivaMalspam with Lokibot vs. Outlook and RFCs
2021-01-30/a>Guy BruneauPacketSifter as Network Parsing and Telemetry Tool
2021-01-14/a>Bojan ZdrnjaDynamically analyzing a heavily obfuscated Excel 4 macro malicious file
2020-12-03/a>Brad DuncanTraffic Analysis Quiz: Mr Natural
2020-11-11/a>Brad DuncanTraffic Analysis Quiz: DESKTOP-FX23IK5
2020-10-01/a>Daniel WesemannMaking sense of Azure AD (AAD) activity logs
2020-09-20/a>Guy BruneauAnalysis of a Salesforce Phishing Emails
2020-06-01/a>Jim ClausingStackstrings, type 2
2020-05-02/a>Guy BruneauPhishing PDF with Unusual Hostname
2020-01-25/a>Guy BruneauIs Threat Hunting the new Fad?
2020-01-12/a>Guy BruneauELK Dashboard and Logstash parser for tcp-honeypot Logs
2019-12-29/a>Guy BruneauELK Dashboard for Pihole Logs
2019-12-07/a>Guy BruneauIntegrating Pi-hole Logs in ELK with Logstash
2019-11-23/a>Guy BruneauLocal Malware Analysis with Malice
2019-10-18/a>Xavier MertensQuick Malicious VBS Analysis
2019-06-27/a>Rob VandenBrinkFinding the Gold in a Pile of Pennies - Long Tail Analysis in PowerShell
2019-06-14/a>Jim ClausingA few Ghidra tips for IDA users, part 4 - function call graphs
2019-04-17/a>Jim ClausingA few Ghidra tips for IDA users, part 2 - strings and parameters
2019-04-08/a>Jim ClausingA few Ghidra tips for IDA users, part 1 - the decompiler/unreachable code
2019-04-03/a>Jim ClausingA few Ghidra tips for IDA users, part 0 - automatic comments for API call parameters
2019-03-31/a>Didier StevensMaldoc Analysis of the Weekend by a Reader
2019-02-27/a>Didier StevensMaldoc Analysis by a Reader
2018-11-18/a>Guy BruneauMultipurpose PCAP Analysis Tool
2018-10-21/a>Pasquale StirparoBeyond good ol’ LaunchAgent - part 0
2018-08-31/a>Jim ClausingQuickie: Using radare2 to disassemble shellcode
2018-06-01/a>Remco VerhoefBinary analysis with Radare2
2017-09-29/a>Lorna HutchesonGood Analysis = Understanding(tools + logs + normal)
2017-07-09/a>Russ McReeAdversary hunting with SOF-ELK
2017-04-28/a>Russell EubanksKNOW before NO
2017-01-28/a>Lorna HutchesonPacket Analysis - Where do you start?
2016-12-24/a>Didier StevensPinging All The Way
2016-10-30/a>Pasquale StirparoVolatility Bot: Automated Memory Analysis
2016-10-17/a>Didier StevensMaldoc VBA Anti-Analysis: Video
2016-10-15/a>Didier StevensMaldoc VBA Anti-Analysis
2016-05-14/a>Guy BruneauINetSim as a Basic Honeypot
2016-04-21/a>Daniel WesemannDecoding Pseudo-Darkleech (Part #2)
2015-05-03/a>Russ McReeVolDiff, for memory image differential analysis
2014-07-05/a>Guy BruneauMalware Analysis with pedump
2014-04-21/a>Daniel WesemannFinding the bleeders
2014-03-13/a>Daniel WesemannWeb server logs containing RS=^ ?
2014-01-14/a>Chris MohanSpamming and scanning botnets - is there something I can do to block them from my site?
2013-10-28/a>Daniel WesemannExploit cocktail (Struts, Java, Windows) going after 3-month old vulnerabilities
2013-06-18/a>Russ McReeVolatility rules...any questions?
2013-05-11/a>Lenny ZeltserExtracting Digital Signatures from Signed Malware
2013-03-09/a>Guy BruneauIPv6 Focus Month: IPv6 Encapsulation - Protocol 41
2013-02-03/a>Lorna HutchesonIs it Really an Attack?
2013-01-08/a>Jim ClausingCuckoo 0.5 is out and the world didn't end
2012-12-02/a>Guy BruneauCollecting Logs from Security Devices at Home
2012-09-19/a>Kevin ListonVolatility: 2.2 is Coming Soon
2012-09-14/a>Lenny ZeltserAnalyzing Malicious RTF Files Using OfficeMalScanner's RTFScan
2012-06-21/a>Russ McReeAnalysis of drive-by attack sample set
2012-06-04/a>Lenny ZeltserDecoding Common XOR Obfuscation in Malicious Code
2012-05-23/a>Mark BaggettIP Fragmentation Attacks
2012-03-03/a>Jim ClausingNew automated sandbox for Android malware
2012-02-07/a>Jim ClausingBook Review: Practical Packet Analysis, 2nd ed
2011-05-20/a>Guy BruneauSysinternals Updates, Analyzing Stuxnet Infection with Sysinternals Tools Part 3
2011-04-14/a>Adrien de BeaupreSysinternals updates, a new blog post, and webcast
2011-02-01/a>Lenny ZeltserThe Importance of HTTP Headers When Investigating Malicious Sites
2010-08-09/a>Jim ClausingFree/inexpensive tools for monitoring systems/networks
2010-07-21/a>Adrien de Beaupreautorun.inf and .lnk Malware (NOT 'Vulnerability in Windows Shell Could Allow Remote Code Execution' 2286198)
2010-05-26/a>Bojan ZdrnjaMalware modularization and AV detection evasion
2010-04-11/a>Marcus SachsNetwork and process forensics toolset
2010-03-26/a>Daniel WesemannGetting the EXE out of the RTF again
2010-02-13/a>Lorna HutchesonNetwork Traffic Analysis in Reverse
2010-01-14/a>Bojan ZdrnjaPDF Babushka
2010-01-07/a>Daniel WesemannStatic analysis of malicious PDFs
2010-01-07/a>Daniel WesemannStatic analysis of malicous PDFs (Part #2)
2009-11-25/a>Jim ClausingUpdates to my GREM Gold scripts and a new script
2009-11-03/a>Bojan ZdrnjaOpachki, from (and to) Russia with love
2009-09-25/a>Lenny ZeltserCategories of Common Malware Traits
2009-07-26/a>Jim ClausingNew Volatility plugins
2009-07-02/a>Daniel WesemannGetting the EXE out of the RTF
2009-04-15/a>Marcus Sachs2009 Data Breach Investigation Report
2009-03-13/a>Bojan ZdrnjaWhen web application security, Microsoft and the AV vendors all fail
2009-02-10/a>Bojan ZdrnjaMore tricks from Conficker and VM detection
2009-02-09/a>Bojan ZdrnjaSome tricks from Conficker's bag
2009-01-18/a>Daniel Wesemann3322. org
2009-01-15/a>Bojan ZdrnjaConficker's autorun and social engineering
2009-01-07/a>Bojan ZdrnjaAn Israeli patriot program or a trojan
2009-01-02/a>Rick WannerTools on my Christmas list.
2008-12-13/a>Jim ClausingFollowup from last shift and some research to do.
2008-11-17/a>Marcus SachsNew Tool: NetWitness Investigator
2008-11-17/a>Jim ClausingFinding stealth injected DLLs
2008-09-03/a>Daniel WesemannStatic analysis of Shellcode - Part 2
2008-07-07/a>Pedro BuenoBad url classification
2006-10-02/a>Jim ClausingReader's tip of the day: ratios vs. raw counts
2006-09-18/a>Jim ClausingLog analysis follow up
2006-09-09/a>Jim ClausingLog Analysis tips?
2006-09-09/a>Jim ClausingA few preliminary log analysis thoughts