Date Author Title
2024-12-23Xavier MertensModiloader From Obfuscated Batch File
2024-03-06Bojan ZdrnjaScanning and abusing the QUIC protocol
2023-06-29Brad DuncanGuLoader- or DBatLoader/ModiLoader-style infection for Remcos RAT
2023-06-19Xavier MertensMalware Delivered Through .inf File
2023-05-30Brad DuncanMalspam pushes ModiLoader (DBatLoader) infection for Remcos RAT
2022-06-03Xavier MertensSandbox Evasion... With Just a Filename!
2022-03-18Johannes UllrichScans for Movable Type Vulnerability (CVE-2021-20837)
2022-03-12Didier StevensICMP Messages: Original Datagram Field
2021-05-30Didier StevensSysinternals: Procmon, Sysmon, TcpView and Process Explorer update
2021-04-25Didier StevensSysinternals: Procmon and Sysmon update
2021-04-16Xavier MertensHTTPS Support for All Internal Services
2020-04-30Xavier MertensCollecting IOCs from IMAP Folder
2020-03-03Johannes UllrichIntroduction to EvtxEcmd (Evtx Explorer)
2019-04-04Xavier MertensNew Waves of Scans Detected by an Old Rule
2019-01-02Xavier MertensMalicious Script Leaking Data via FTP
2018-05-10Bojan ZdrnjaExfiltrating data from (very) isolated environments
2016-04-15Xavier MertensWindows Command Line Persistence?
2014-04-27Tony CarothersThe Dreaded "D" Word of IT
2014-04-01Johannes Ullrichcmd.so Synology Scanner Also Found on Routers
2014-02-04Johannes UllrichOdd ICMP Echo Request Payload
2013-10-04Pedro BuenoCSAM: WebHosting BruteForce logs
2013-09-19Bojan ZdrnjaArrays in requests, PHP and DedeCMS
2013-03-08Johannes UllrichIPv6 Focus Month: Filtering ICMPv6 at the Border
2011-11-10Rob VandenBrinkStuff I Learned Scripting - - Parsing XML in a One-Liner