| 2025-03-10 | Xavier Mertens | Shellcode Encoded in UUIDs |
| 2024-08-29 | Xavier Mertens | Live Patching DLLs with Python |
| 2024-08-22 | Johannes Ullrich | OpenAI Scans for Honeypots. Artificially Malicious? Action Abuse? |
| 2024-05-22 | Rob VandenBrink | NMAP Scanning without Scanning (Part 2) - The ipinfo API |
| 2024-03-29 | Xavier Mertens | Quick Forensics Analysis of Apache logs |
| 2024-03-10 | Guy Bruneau | What happens when you accidentally leak your AWS API keys? [Guest Diary] |
| 2023-12-31 | Tom Webb | Pi-Hole Pi4 Docker Deployment |
| 2023-12-23 | Xavier Mertens | Python Keylogger Using Mailtrap.io |
| 2023-12-15 | Xavier Mertens | CSharp Payload Phoning to a CobaltStrike Server |
| 2023-07-21 | Rob VandenBrink | Shodan's API For The (Recon) Win! |
| 2023-04-07 | Xavier Mertens | Detecting Suspicious API Usage with YARA Rules |
| 2023-03-25 | Guy Bruneau | Microsoft Released an Update for Windows Snipping Tool Vulnerability |
| 2023-03-22 | Didier Stevens | Windows 11 Snipping Tool Privacy Bug: Inspecting PNG Files |
| 2023-02-15 | Rob VandenBrink | DNS Recon Redux - Zone Transfers (plus a time machine) for When You Can't do a Zone Transfer |
| 2022-12-19 | Xavier Mertens | Hunting for Mastodon Servers |
| 2022-08-30 | Johannes Ullrich | Two things that will never die: bash scripts and IRC! |
| 2022-06-21 | Johannes Ullrich | Experimental New Domain / Domain Age API |
| 2022-05-24 | Yee Ching Tok | ctx Python Library Updated with "Extra" Features |
| 2022-05-03 | Johannes Ullrich | Some Honeypot Updates |
| 2022-03-18 | Johannes Ullrich | Scans for Movable Type Vulnerability (CVE-2021-20837) |
| 2022-03-10 | Xavier Mertens | Credentials Leaks on VirusTotal |
| 2022-02-25 | Didier Stevens | Windows, Fixed IPv4 Addresses and APIPA |
| 2022-01-21 | Xavier Mertens | Obscure Wininet.dll Feature? |
| 2021-12-17 | Rob VandenBrink | DR Automation - Using Public DNS APIs |
| 2021-09-09 | Johannes Ullrich | Updates to Our Datafeeds/API |
| 2021-08-04 | Yee Ching Tok | Pivoting and Hunting for Shenanigans from a Reported Phishing Domain |
| 2021-07-24 | Xavier Mertens | Agent.Tesla Dropped via a .daa Image and Talking to Telegram |
| 2021-06-19 | Xavier Mertens | Easy Access to the NIST RDS Database |
| 2021-06-11 | Xavier Mertens | Keeping an Eye on Dangerous Python Modules |
| 2021-06-09 | Jan Kopriva | Architecture, compilers and black magic, or "what else affects the ability of AVs to detect malicious files" |
| 2021-05-08 | Guy Bruneau | Who is Probing the Internet for Research Purposes? |
| 2021-05-06 | Xavier Mertens | Alternative Ways To Perform Basic Tasks |
| 2021-03-17 | Xavier Mertens | Defenders, Know Your Operating System Like Attackers Do! |
| 2021-03-11 | Johannes Ullrich | Piktochart - Phishing with Infographics |
| 2021-01-07 | Rob VandenBrink | Using the NIST Database and API to Keep Up with Vulnerabilities and Patches (Part 1 of 3) |
| 2020-12-22 | Xavier Mertens | Malware Victim Selection Through WiFi Identification |
| 2020-12-05 | Guy Bruneau | Is IP 91.199.118.137 testing Access to aahwwx.52host.xyz? |
| 2020-09-02 | Xavier Mertens | Python and Risky Windows API Calls |
| 2020-08-18 | Xavier Mertens | Using API's to Track Attackers |
| 2020-07-28 | Johannes Ullrich | All I want this Tuesday: More Data |
| 2020-06-25 | Johannes Ullrich | Tech Tuesday Recap / Recordings: Part 2 (Installing the Honeypot) release. |
| 2020-06-20 | Tom Webb | Pi Zero HoneyPot |
| 2020-05-29 | Johannes Ullrich | The Impact of Researchers on Our Data |
| 2020-05-21 | Xavier Mertens | Malware Triage with FLOSS: API Calls Based Behavior |
| 2020-03-31 | Johannes Ullrich | Kwampirs Targeted Attacks Involving Healthcare Sector |
| 2020-02-29 | Guy Bruneau | Hazelcast IMDG Discover Scan |
| 2020-02-17 | Didier Stevens | curl and SSPI |
| 2020-01-16 | Bojan Zdrnja | Summing up CVE-2020-0601, or the Let?s Decrypt vulnerability |
| 2019-12-29 | Guy Bruneau | ELK Dashboard for Pihole Logs |
| 2019-12-07 | Guy Bruneau | Integrating Pi-hole Logs in ELK with Logstash |
| 2019-11-25 | Xavier Mertens | My Little DoH Setup |
| 2019-08-28 | Xavier Mertens | Malware Samples Compiling Their Next Stage on Premise |
| 2019-06-25 | Brad Duncan | Rig Exploit Kit sends Pitou.B Trojan |
| 2019-05-16 | Xavier Mertens | The Risk of Authenticated Vulnerability Scans |
| 2019-03-15 | Remco Verhoef | Binary Analysis with Jupyter and Radare2 |
| 2019-02-26 | Russ McRee | Ad Blocking With Pi Hole |
| 2019-01-21 | Didier Stevens | Suspicious GET Request: Do You Know What This Is? |
| 2019-01-10 | Brad Duncan | Heartbreaking Emails: "Love You" Malspam |
| 2018-11-18 | Guy Bruneau | Multipurpose PCAP Analysis Tool |
| 2018-11-17 | Xavier Mertens | Quickly Investigating Websites with Lookyloo |
| 2018-11-12 | Rick Wanner | Using the Neutrino ip-blocklist API to test general badness of an IP |
| 2018-09-05 | Xavier Mertens | Malicious PowerShell Compiling C# Code on the Fly |
| 2018-07-21 | Didier Stevens | BTC pickpockets are back |
| 2017-11-17 | Xavier Mertens | Top-100 Malicious IP STIX Feed |
| 2017-10-06 | Johannes Ullrich | What's in a cable? The dangers of unauthorized cables |
| 2017-09-05 | Adrien de Beaupre | Struts vulnerability patch released by apache, patch now |
| 2017-08-03 | Johannes Ullrich | Using a Raspberry Pi honeypot to contribute data to DShield/ISC |
| 2017-05-10 | Johannes Ullrich | Read This If You Are Using a Script to Pull Data From This Site |
| 2017-05-08 | Renato Marinho | Exploring a P2P Transient Botnet - From Discovery to Enumeration |
| 2017-01-10 | Johannes Ullrich | Port 37777 "MapTable" Requests |
| 2017-01-07 | Xavier Mertens | Using Security Tools to Compromize a Network |
| 2016-08-22 | Russ McRee | Red Team Tools Updates: hashcat and SpiderFoot |
| 2015-09-03 | Xavier Mertens | Querying the DShield API from RTIR |
| 2015-03-26 | Daniel Wesemann | Pin-up on your Smartphone! |
| 2014-05-28 | Rob VandenBrink | Assessing SOAP APIs with Burp |
| 2014-04-01 | Basil Alawi S.Taher | Upgrading Your Android, Elevating My Malware |
| 2014-03-12 | Johannes Ullrich | Wordpress "Pingback" DDoS Attacks |
| 2014-02-18 | Johannes Ullrich | More Details About "TheMoon" Linksys Worm |
| 2014-02-10 | Rob VandenBrink | Isn't it About Time to Get Moving on Chip and PIN? |
| 2014-02-04 | Johannes Ullrich | Odd ICMP Echo Request Payload |
| 2014-01-20 | Rob VandenBrink | You Can Run, but You Can't Hide (SSH and other open services) |
| 2013-12-19 | Rob VandenBrink | Target US - Credit Card Data Breach |
| 2013-12-12 | Basil Alawi S.Taher | Acquiring Memory Images with Dumpit |
| 2013-12-01 | Richard Porter | BPF, PCAP, Binary, hex, why they matter? |
| 2013-11-04 | Manuel Humberto Santander Pelaez | When attackers use your DNS to check for the sites you are visiting |
| 2013-10-25 | Rob VandenBrink | Kaspersky flags TCPIP.SYS as Malware |
| 2013-03-27 | Adam Swanger | IPv6 Focus Month: Guest Diary: Stephen Groat - IPv6 moving target defense |
| 2013-02-25 | Johannes Ullrich | Punkspider enumerates web application vulnerabilities |
| 2013-02-22 | Johannes Ullrich | Zendesk breach affects Tumblr/Pinterest/Twitter |
| 2012-11-26 | John Bambenek | Online Shopping for the Holidays? Tips, News and a Fair Warning |
| 2012-11-16 | Guy Bruneau | VMware security updates for vSphere API and ESX Service Console - http://www.vmware.com/security/advisories/VMSA-2012-0016.html |
| 2012-07-21 | Rick Wanner | TippingPoint DNS Version Request increase |
| 2012-06-25 | Rick Wanner | Targeted Malware for Industrial Espionage? |
| 2011-12-07 | Lenny Zeltser | V8 as an Alternative to SpiderMonkey for JavaScript Deobfuscation |
| 2011-09-29 | Daniel Wesemann | The SSD dilemma |
| 2011-08-13 | Rick Wanner | MoonSols Dumpit released...for free! |
| 2011-08-08 | Rob VandenBrink | Ping is Bad (Sometimes) |
| 2011-06-09 | Richard Porter | One Browser to Rule them All? |
| 2011-05-01 | Deborah Hale | Another Potentially Malicious Email Making The Rounds |
| 2011-02-08 | Johannes Ullrich | Tippingpoint Releases Details on Unpatched Bugs |
| 2010-12-25 | Manuel Humberto Santander Pelaez | An interesting vulnerability playground to learn application vulnerabilities |
| 2010-12-02 | Kevin Johnson | Robert Hansen and our happiness |
| 2010-11-18 | Chris Carboni | All of your pages are belonging to us |
| 2010-07-21 | Adrien de Beaupre | Update on .LNK vulnerability |
| 2010-07-08 | Kyle Haugsness | Pirate Bay account database compromised |
| 2010-06-29 | Johannes Ullrich | How to be a better spy: Cyber security lessons from the recent russian spy arrests |
| 2010-06-14 | Manuel Humberto Santander Pelaez | Another way to get protection for application-level attacks |
| 2010-03-30 | Pedro Bueno | Sharing the Tools |
| 2010-02-10 | Johannes Ullrich | Twitpic, EXIF and GPS: I Know Where You Did it Last Summer |
| 2010-01-25 | William Salusky | "Bots and Spiders and Crawlers, be gone!" - or - "New Open Source WebAppSec tools, Huzzah!" |
| 2009-08-21 | Rick Wanner | Interesting malware...affecting the Delphi Compiler? |
| 2009-03-10 | Swa Frantzen | conspiracy fodder: pifts.exe |
| 2008-10-01 | Rick Wanner | Handler Mailbag |
| 2008-07-14 | Daniel Wesemann | Obfuscated JavaScript Redux |
| 2008-06-18 | Marcus Sachs | Olympics Part II |
