Date Author Title
2025-03-27Johannes UllrichSitecore "thumbnailsaccesstoken" Deserialization Scans (and some new reports) CVE-2025-27218
2025-02-17Russ McReeModelScan - Protection Against Model Serialization Attacks
2025-02-05Johannes UllrichPhishing via "com-" prefix domains
2025-01-09Guy BruneauExamining Redtail Analyzing a Sophisticated Cryptomining Malware and its Advanced Tactics [Guest Diary]
2024-12-05Jesse La Grew[Guest Diary] Business Email Compromise
2024-09-24Johannes UllrichExploitation of RAISECOM Gateway Devices Vulnerability CVE-2024-7120
2024-08-22Johannes UllrichOpenAI Scans for Honeypots. Artificially Malicious? Action Abuse?
2024-07-16Jan Kopriva"Reply-chain phishing" with a twist
2024-07-08Xavier MertensKunai: Keep an Eye on your Linux Hosts Activity
2024-06-17Xavier MertensNew NetSupport Campaign Delivered Through MSIX Packages
2024-05-22Guy BruneauAnalysis of ?redtail? File Uploads to ICS Honeypot, a Multi-Architecture Coin Miner [Guest Diary]
2024-05-08Xavier MertensAnalyzing Synology Disks on Linux
2024-04-11Yee Ching TokEvolution of Artificial Intelligence Systems and Ensuring Trustworthiness
2024-03-17Guy BruneauGamified Learning: Using Capture the Flag Challenges to Supplement Cybersecurity Training [Guest Diary]
2024-03-13Xavier MertensUsing ChatGPT to Deobfuscate Malicious Scripts
2024-02-18Guy BruneauMirai-Mirai On The Wall... [Guest Diary]
2024-02-12Johannes UllrichExploit against Unnamed "Bytevalue" router vulnerability included in Mirai Bot
2024-02-05Jesse La GrewPublic Information and Email Spam
2023-12-31Tom WebbPi-Hole Pi4 Docker Deployment
2023-12-27Guy BruneauUnveiling the Mirai: Insights into Recent DShield Honeypot Activity [Guest Diary]
2023-12-23Xavier MertensPython Keylogger Using Mailtrap.io
2023-11-30John BambenekProphetic Post by Intern on CVE-2023-1389 Foreshadows Mirai Botnet Expansion Today
2023-11-09Guy BruneauRouters Targeted for Gafgyt Botnet [Guest Diary]
2023-11-08Xavier MertensExample of Phishing Campaign Project File
2023-10-18Jesse La GrewHiding in Hex
2023-10-15Guy BruneauDomain Name Used as Password Captured by DShield Sensor
2023-09-29Xavier MertensAre You Still Storing Passwords In Plain Text Files?
2023-07-18Johannes UllrichExploit Attempts for "Stagil navigation for Jira Menus & Themes" CVE-2023-26255 and CVE-2023-26256
2023-07-13Jesse La GrewDShield Honeypot Maintenance and Data Retention
2023-04-04Johannes UllrichAnalyzing the efile.com Malware "efail"
2023-03-12Guy BruneauAsynRAT Trojan - Bill Payment (Pago de la factura)
2023-03-11Xavier MertensOverview of a Mirai Payload Generator
2023-02-18Guy BruneauSpear Phishing Handlers for Username/Password
2023-02-15Rob VandenBrinkDNS Recon Redux - Zone Transfers (plus a time machine) for When You Can't do a Zone Transfer
2023-01-05Brad DuncanMore Brazil malspam pushing Astaroth (Guildma) in January 2023
2022-12-30Jan KoprivaSPF and DMARC use on GOV domains in different ccTLDs
2022-11-28Johannes UllrichUkraine Themed Twitter Spam Pushing iOS Scareware
2022-10-07Xavier MertensPowershell Backdoor with DGA Capability
2022-09-21Xavier MertensPhishing Campaigns Use Free Online Resources
2022-09-19Russ McReeChainsaw: Hunt, search, and extract event log records
2022-09-18Didier StevensVideo: Grep & Tail -f With Notepad++
2022-09-05Didier StevensQuickie: Grep & Tail -f With Notepad++
2022-08-13Guy BruneauPhishing HTML Attachment as Voicemail Audio Transcription
2022-06-21Johannes UllrichExperimental New Domain / Domain Age API
2022-05-13Johannes UllrichFrom 0-Day to Mirai: 7 days of BIG-IP Exploits
2022-05-07Guy BruneauPhishing PDF Received in my ISC Mailbox
2022-05-05Brad DuncanPassword-protected Excel spreadsheet pushes Remcos RAT
2022-04-13Jan KoprivaHow is Ukrainian internet holding up during the Russian invasion?
2022-03-29Johannes UllrichMore Fake/Typosquatting Twitter Accounts Asking for Ukraine Crytocurrency Donations
2022-03-22Johannes UllrichStatement by President Biden: What you need to do (or not do)
2022-03-07Johannes UllrichNo Bitcoin - No Problem: Follow Up to Last Weeks Donation Scam
2022-03-04Johannes UllrichScam E-Mail Impersonating Red Cross
2022-03-02Johannes UllrichThe More Often Something is Repeated, the More True It Becomes: Dealing with Social Media
2022-02-24Xavier MertensUkraine & Russia Situation From a Domain Names Perspective
2022-02-10Johannes UllrichZyxel Network Storage Devices Hunted By Mirai Variant
2021-11-26Guy BruneauSearching for Exposed ASUS Routers Vulnerable to CVE-2021-20090
2021-11-14Didier StevensExternal Email System FBI Compromised: Sending Out Fake Warnings
2021-10-26Yee Ching TokHunting for Phishing Sites Masquerading as Outlook Web Access
2021-10-22Brad DuncanOctober 2021 Contest: Forensic Challenge
2021-09-02Xavier MertensAttackers Will Always Abuse Major Events in our Lifes
2021-07-24Bojan ZdrnjaActive Directory Certificate Services (ADCS - PKI) domain admin vulnerability
2021-06-15Johannes UllrichMulti Perimeter Device Exploit Mirai Version Hunting For Sonicwall, DLink, Cisco and more
2021-05-29Guy BruneauSpear-phishing Email Targeting Outlook Mail Clients
2021-05-22Xavier Mertens"Serverless" Phishing Campaign
2021-04-22Xavier MertensHow Safe Are Your Docker Images?
2021-03-05Xavier MertensSpam Farm Spotted in the Wild
2021-02-26Guy BruneauPretending to be an Outlook Version Update
2021-02-10Brad DuncanPhishing message to the ISC handlers email distro
2020-11-18Xavier MertensWhen Security Controls Lead to Security Issues
2020-10-31Didier StevensMore File Selection Gaffes
2020-10-24Guy BruneauAn Alternative to Shodan, Censys with User-Agent CensysInspect/1.1
2020-10-22Jan KoprivaBazarLoader phishing lures: plan a Halloween party, get a bonus and be fired in the same afternoon
2020-10-20Xavier MertensMirai-alike Python Scanner
2020-10-09Jan KoprivaPhishing kits as far as the eye can see
2020-10-03Guy BruneauScanning for SOHO Routers
2020-09-21Jan KoprivaSlightly broken overlay phishing
2020-09-17Xavier MertensSuspicious Endpoint Containment with OSSEC
2020-09-16Johannes UllrichDo Vulnerabilities Ever Get Old? Recent "Mirai" Variant Scanning for 20 Year Old Amanda Version?
2020-08-20Rob VandenBrinkOffice 365 Mail Forwarding Rules (and other Mail Rules too)
2020-06-18Jan KoprivaBroken phishing accidentally exploiting Outlook zero-day
2020-06-16Xavier MertensSextortion to The Next Level
2020-06-13Guy BruneauMirai Botnet Activity
2020-05-27Jan KoprivaFrankenstein's phishing using Google Cloud Storage
2020-04-30Xavier MertensCollecting IOCs from IMAP Folder
2020-04-18Guy BruneauMaldoc Falsely Represented as DOCX Invoice Redirecting to Fake Apple Store
2020-04-17Xavier MertensWeaponized RTF Document Generator & Mailer in PowerShell
2020-04-13Jan KoprivaLook at the same phishing campaign 3 months apart
2020-03-28Didier StevensCovid19 Domain Classifier
2020-03-27Johannes UllrichHelp us classify Covid19 related domains https://isc.sans.edu/covidclassifier.html (login required)
2020-03-22Didier StevensMore COVID-19 Themed Malware
2020-02-27Xavier MertensOffensive Tools Are For Blue Teams Too
2020-02-10Jan KoprivaCurrent PayPal phishing campaign or "give me all your personal information"
2020-02-03Jan KoprivaAnalysis of a triple-encrypted AZORult downloader
2020-01-16Jan KoprivaPicks of 2019 malware - the large, the small and the one full of null bytes
2019-12-15Didier StevensVirusTotal Email Submissions
2019-12-06Jan KoprivaPhishing with a self-contained credentials-stealing webpage
2019-12-05Jan KoprivaE-mail from Agent Tesla
2019-12-04Jan KoprivaAnalysis of a strangely poetic malware
2019-11-26Jan KoprivaLessons learned from playing a willing phish
2019-11-22Xavier MertensAbusing Web Filters Misconfiguration for Reconnaissance
2019-11-19Johannes UllrichCheap Chinese JAWS of DVR Exploitability on Port 60001
2019-10-31Jan KoprivaEML attachments in O365 - a recipe for phishing
2019-10-30Xavier MertensKeep an Eye on Remote Access to Mailboxes
2019-10-24Johannes UllrichYour Supply Chain Doesn't End At Receiving: How Do You Decommission Network Equipment?
2019-10-17Jan KoprivaPhishing e-mail spoofing SPF-enabled domain
2019-08-01Johannes UllrichWhat is Listening On Port 9527/TCP?
2019-07-26Kevin ShorttDVRIP Port 34567 - Uptick
2019-07-17Xavier MertensAnalyzis of DNS TXT Records
2019-06-27Rob VandenBrinkFinding the Gold in a Pile of Pennies - Long Tail Analysis in PowerShell
2019-04-24Rob VandenBrinkWhere have all the Domain Admins gone? Rooting out Unwanted Domain Administrators
2019-04-13Johannes UllrichConfiguring MTA-STS and TLS Reporting For Your Domain
2019-04-11Johannes UllrichHow to Find Hidden Cameras in your AirBNB
2019-04-07Guy BruneauFake Office 365 Payment Information Update
2019-03-27Xavier MertensRunning your Own Passive DNS Service
2019-03-21Xavier MertensNew Wave of Extortion Emails: Central Intelligence Agency Case
2019-03-06Xavier MertensKeep an Eye on Disposable Email Addresses
2019-02-19Didier StevensIdentifying Files: Failure Happens
2019-02-11Didier StevensHave You Seen an Email Virus Recently?
2018-12-23Guy BruneauScanning Activity, end Goal is to add Hosts to Mirai Botnet
2018-12-21Lorna HutchesonPhishing Attempts That Bypass 2FA
2018-11-18Guy BruneauMultipurpose PCAP Analysis Tool
2018-10-31Brad DuncanMore malspam using password-protected Word docs
2018-08-23Xavier MertensSimple Phishing Through formcrafts.com
2018-08-22Deborah HaleEmail/password Frustration
2018-08-19Didier StevensVideo: Peeking into msg files - revisited
2018-08-11Didier StevensPeeking into msg files - revisited
2018-07-23Didier StevensAnalyzing MSG files
2018-07-15Didier StevensExtracting BTC addresses from emails
2018-06-22Lorna HutchesonXPS Attachment Used for Phishing
2018-05-16Mark HofmanEFAIL, a weakness in openPGP and S\MIME
2018-03-01Johannes UllrichWhy Does Emperor Xi Dislike Winnie the Pooh and Scrambled Eggs?
2018-01-19Jim ClausingFollowup to IPv6 brute force and IPv6 blocking
2018-01-07Guy BruneauSSH Scans by Clients Types
2017-12-27Guy BruneauWhat are your Security Challenges for 2018?
2017-12-13Xavier MertensTracking Newly Registered Domains
2017-11-16Xavier MertensSuspicious Domains Tracking Dashboard
2017-11-10Bojan ZdrnjaBattling e-mail phishing
2017-10-15Didier StevensPeeking into .msg files
2017-09-05Johannes UllrichThe Mirai Botnet: A Look Back and Ahead At What's Next
2017-08-28Johannes UllrichAn Update On DVR Malware: A DVR Torture Chamber
2017-08-14Didier StevensSometimes it's just SPAM
2017-07-05Didier StevensSelecting domains with random names
2017-06-02Xavier MertensPhishing Campaigns Follow Trends
2017-05-20Xavier MertensTyposquatting: Awareness and Hunting
2017-05-06Xavier MertensThe story of the CFO and CEO...
2017-01-13Xavier MertensWho's Attacking Me?
2016-12-26Russ McReeCritical security update: PHPMailer 5.2.20 (CVE-2016-10045)
2016-12-19John BambenekUPDATED x1: Mirai Scanning for Port 6789 Looking for New Victims / Now hitting tcp/23231
2016-12-09Rick WannerMirai - now with DGA
2016-12-07Xavier MertensThe Passwords You Should Never Use
2016-11-23Tom WebbMapping Attack Methodology to Controls
2016-10-25Xavier MertensAnother Day, Another Spam...
2016-10-23Johannes UllrichISC Briefing: Large DDoS Attack Against Dyn
2016-10-02Guy BruneauIs there an Infosec Cybersecurity Talent Shortage?
2016-06-29Xavier MertensPhishing Campaign with Blurred Images
2016-06-01Xavier MertensDocker Containers Logging
2016-03-06Jim ClausingNovel method for slowing down Locky on Samba server using fail2ban
2016-01-09Xavier MertensVirtual Bitlocker Containers
2015-12-28Rick WannerAdobe Flash and Adobe AIR Updates - https://helpx.adobe.com/security/products/flash-player/apsb16-01.html
2015-09-08Lenny ZeltserA Close Look at PayPal Overpayment Scams That Target Craigslist Sellers
2015-02-27Rick WannerTails 1.3 released - https://tails.boum.org/news/version_1.3/index.en.html
2015-02-20Tom WebbFast analysis of a Tax Scam
2014-09-07Johannes UllrichOdd Persistent Password Bruteforcing
2014-08-12Adrien de BeaupreAdobe updates for 2014/08
2014-07-09Daniel WesemannWho owns your typo?
2014-06-11Daniel WesemannHelp your pilot fly!
2014-03-13Daniel WesemannIdentification and authentication are hard ... finding out intention is even harder
2014-01-31Chris MohanAttack on Yahoo mail accounts
2014-01-30Johannes UllrichNew gTLDs appearing in the root zone
2014-01-28Kevin ShorttSendmail v8.14.8 released - http://www.sendmail.com/sm/open_source/download/8.14.8/?show_rs=1#RS
2014-01-24Johannes UllrichHow to send mass e-mail the right way
2014-01-16Kevin ShorttPort 4028 - Interesting Activity
2014-01-08Kevin ShorttIntercepted Email Attempts to Steal Payments
2014-01-01Russ McReeSix degrees of celebration: Juniper, ANT, Shodan, Maltego, Cisco, and Tails
2013-12-21Guy BruneauStrange DNS Queries - Request for Packets
2013-10-05Richard PorterAdobe Breach Notification, Notifications?
2013-08-21Rob VandenBrinkFibre Channel Reconnaissance - Reloaded
2013-06-27Tony CarothersRuby Update for SSL Vulnerability
2013-05-01Daniel WesemannThe cost of cleaning up
2013-03-29Chris MohanFake Link removal requests
2013-02-25Johannes UllrichMass-Customized Malware Lures: Don't trust your cat!
2013-01-09Rob VandenBrinkHotmail seeing some temporary access issues
2013-01-09Rob VandenBrinkSQL Injection Flaw in Ruby on Rails
2012-08-21Adrien de BeaupreRuggedCom fails key management 101 on Rugged Operating System (ROS)
2012-07-25Johannes UllrichApple OS X 10.8 (Mountain Lion) released
2012-06-15Johannes UllrichAuthenticating E-Mail
2012-04-30Rob VandenBrinkFCC posts Enquiry Documents on Google Wardriving
2012-03-13Lenny ZeltserPlease transfer this email to your CEO or appropriate person, thanks
2012-02-07Johannes UllrichSecure E-Mail Access
2012-01-22Lorna HutchesonMailbag - "Attacks"
2011-12-06Kevin ShorttCain & Abel v4.9.43 Released - http://www.oxid.it/
2011-11-11Rick WannerAPPLE-SA-2011-11-10-2 Time Capsule and AirPort Base Station (802.11n) Firmware 7.6 update
2011-11-11Rick WannerAdobe Air updated to 3.1.0.4880
2011-07-25Bojan ZdrnjaWhen the FakeAV coder(s) fail
2011-07-10Raul SilesJailbreakme Takes Advantage of 0-day PDF Vuln in Apple iOS Devices
2011-06-08Johannes UllrichSpam from compromised Hotmail accounts
2011-05-01Deborah HaleAnother Potentially Malicious Email Making The Rounds
2011-04-11Johannes UllrichGMail User Using 2FA Warned of Access From China
2011-02-21Adrien de BeaupreWinamp forums compromised
2011-01-04Johannes UllrichMicrosoft Advisory: Vulnerability in Graphics Rendering Engine
2010-12-30Rick WannerSamuraiWTF Review over at ISSA Toolsmith
2010-10-22Manuel Humberto Santander PelaezIntypedia project
2010-09-09Marcus Sachs'Here You Have' Email
2010-08-29Swa FrantzenAbandoned free email accounts
2010-08-06Rob VandenBrinkFOXIT PDF Reader update to resolve iPhone/iPad Jailbreak issue ==> http://www.foxitsoftware.com/announcements/2010861227.html
2010-07-24Manuel Humberto Santander PelaezTransmiting logon information unsecured in the network
2010-05-23Manuel Humberto Santander Pelaeze-mail scam announcing Fidel Castro's funeral ... and nasty malware to your computer.
2010-03-08Raul SilesSamurai WTF 0.8
2010-03-05Kyle HaugsnessFalse scare email proclaiming North Korea nuclear launch against Japan
2010-01-14Bojan ZdrnjaRogue AV exploiting Haiti earthquake
2010-01-13Johannes UllrichSMS Donations Advertised via Twitter
2010-01-12Johannes UllrichBaidu defaced - Domain Registrar Tampering
2010-01-12Johannes UllrichHaiti Earthquake: Possible scams / malware
2009-11-13Adrien de BeaupreConficker patch via email?
2009-11-13Deborah HalePushdo/Cutwail Spambot - A Little Known BIG Problem
2009-11-09Chris Carboni80's Flashback on Jailbroken iPhones
2009-10-15Deborah HaleCyber Security Awareness Month - Day 15 - Ports 995, 465, and 993 - Secure Email
2009-10-09Rob VandenBrinkTHAWTE to discontinue free Email Certificate Services and Web of Trust Service
2009-10-08Johannes UllrichCyber Security Awareness Month - Day 8 - Port 25 - SMTP
2009-10-05Adrien de BeaupreTime to change your hotmail/gmail/yahoo password
2009-09-01Guy BruneauGmail Down
2009-07-18Patrick NolanChrome update contains Security fixes
2009-05-04Tom ListonFacebook phishing malware
2009-05-02Rick WannerMore Swine/Mexican/H1N1 related domains
2009-04-27Johannes UllrichSwine Flu (Mexican Flu) related domains
2009-04-07Johannes UllrichSSH scanning from compromised mail servers
2009-02-24G. N. WhiteGmail Access Issues Early This AM
2009-01-11Deborah HaleThe Frustration of Phishing Attacks
2009-01-03Rick WannerRAID != Backup
2008-11-30Mari NicholsRejected Email Issues
2008-11-29Pedro BuenoPossible Mumbai Scams?
2008-11-17Jim ClausingCritical update to Adobe AIR
2008-10-17Rick WannerDay 18 - Containing Other Incidents
2008-10-15Rick WannerDay 15 - Containing the Damage From a Lost or Stolen Laptop
2008-10-12Mari NicholsDay 12 Containment: Gathering Evidence That Can be Used in Court
2008-07-17Mari NicholsAdobe Reader 9 Released
2008-05-22Chris CarboniFrom the mailbag
2008-04-04Daniel WesemannTax day scams
2008-03-30Mark HofmanMail Anyone?
2006-11-29Toby KohlenbergNew Vulnerability Announcement and patches from Apple
2006-09-21Johannes UllrichApple updates Airport Drivers
2006-08-31Swa FrantzenMailbag grab