Date Author Title

PORT SCAN

2022-10-31Rob VandenBrinkNMAP without NMAP - Port Testing and Scanning with PowerShell
2022-10-19Xavier MertensAre Internet Scanning Services Good or Bad for You?
2016-02-02Johannes UllrichTargeted IPv6 Scans Using pool.ntp.org .
2010-11-24Jim ClausingHelp with odd port scans

PORT

2024-06-17/a>Xavier MertensNew NetSupport Campaign Delivered Through MSIX Packages
2024-04-25/a>Jesse La GrewDoes it matter if iptables isn't running on my honeypot?
2023-08-18/a>Xavier MertensFrom a Zalando Phishing to a RAT
2022-10-31/a>Rob VandenBrinkNMAP without NMAP - Port Testing and Scanning with PowerShell
2022-10-21/a>Brad Duncansczriptzzbn inject pushes malware for NetSupport RAT
2022-10-19/a>Xavier MertensAre Internet Scanning Services Good or Bad for You?
2022-01-02/a>Guy BruneauExchange Server - Email Trapped in Transport Queues
2021-10-14/a>Xavier MertensPort-Forwarding with Windows for the Win
2021-06-03/a>Jim ClausingStrange goings on with port 37
2021-02-25/a>Jim ClausingSo where did those Satori attacks come from?
2021-02-16/a>Jim ClausingMore weirdness on TCP port 26
2020-10-24/a>Guy BruneauAn Alternative to Shodan, Censys with User-Agent CensysInspect/1.1
2020-02-05/a>Brad DuncanFake browser update pages are "still a thing"
2019-11-19/a>Johannes UllrichCheap Chinese JAWS of DVR Exploitability on Port 60001
2019-08-01/a>Johannes UllrichWhat is Listening On Port 9527/TCP?
2019-07-26/a>Kevin ShorttDVRIP Port 34567 - Uptick
2019-03-09/a>Guy BruneauA Comparison Study of SSH Port Activity - TCP 22 & 2222
2018-12-16/a>Guy BruneauRandom Port Scan for Open RDP Backdoor
2018-01-09/a>Jim ClausingWhat is going on with port 3333?
2017-09-22/a>Russell EubanksWhat is the State of Your Union?
2017-09-05/a>Johannes UllrichThe Mirai Botnet: A Look Back and Ahead At What's Next
2017-08-18/a>Guy Bruneautshark 2.4 New Feature - Command Line Export Objects
2017-06-16/a>Lorna HutchesonWhat is going on with Port 83?
2017-04-22/a>Jim ClausingWTF tcp port 81
2017-01-28/a>Guy BruneauRequest for Packets and Logs - TCP 5358
2017-01-10/a>Johannes UllrichPort 37777 "MapTable" Requests
2016-05-26/a>Xavier MertensKeeping an Eye on Tor Traffic
2016-04-25/a>Guy BruneauHighlights from the 2016 HPE Annual Cyber Threat Report
2016-02-02/a>Johannes UllrichTargeted IPv6 Scans Using pool.ntp.org .
2015-09-28/a>Johannes Ullrich"Transport of London" Malicious E-Mail
2015-06-27/a>Guy BruneauIs Windows XP still around in your Network a year after Support Ended?
2015-04-08/a>Tom WebbIs it a breach or not?
2014-10-13/a>Lorna HutchesonFor or Against: Port Security for Network Access Control
2014-09-15/a>Johannes UllrichGoogle DNS Server IP Address Spoofed for SNMP reflective Attacks
2014-07-05/a>Guy BruneauJava Support ends for Windows XP
2014-06-11/a>Daniel WesemannHelp your pilot fly!
2014-05-23/a>Richard PorterHighlights from Cisco Live 2014 - The Internet of Everything
2014-03-26/a>Johannes UllrichLet's Finally "Nail" This Port 5000 Traffic - Synology owners needed.
2014-03-13/a>Daniel WesemannIdentification and authentication are hard ... finding out intention is even harder
2014-03-06/a>Mark BaggettPort 5000 traffic and snort signature
2014-01-22/a>Chris MohanLearning from the breaches that happens to others
2014-01-11/a>Guy Bruneautcpflow 1.4.4 and some of its most Interesting Features
2014-01-02/a>Johannes UllrichScans Increase for New Linksys Backdoor (32764/TCP)
2013-11-25/a>Johannes UllrichMore Bad Port 0 Traffic
2013-11-22/a>Rick WannerPort 0 DDOS
2013-10-30/a>Russ McReeSIR v15: Five good reasons to leave Windows XP behind
2013-05-19/a>Kevin ShorttPort 51616 - Got Packets?
2013-03-03/a>Richard PorterUptick in MSSQL Activity
2013-01-08/a>Richard PorterYahoo Web Interface Report: Compose and Send
2012-12-06/a>Daniel WesemannFake tech support calls - revisited
2012-10-03/a>Kevin ShorttFake Support Calls Reported
2012-01-27/a>Mark HofmanCISCO Ironport C & M Series telnet vulnerability
2012-01-13/a>Guy BruneauSysinternals Updates - http://blogs.technet.com/b/sysinternals/archive/2012/01/13/updates-autoruns-v11-21-coreinfo-v3-03-portmon-v-3-03-process-explorer-v15-12-mark-s-blog-and-mark-at-rsa-2012.aspx
2011-11-11/a>Rick WannerAPPLE-SA-2011-11-10-2 Time Capsule and AirPort Base Station (802.11n) Firmware 7.6 update
2011-10-25/a>Chris MohanRecurring reporting made easy?
2011-08-25/a>Kevin ShorttIncreased Traffic on Port 3389
2011-06-29/a>Johannes UllrichRandom SSL Tips and Tricks
2011-06-21/a>Chris MohanAustralian government security audit report shows tough love to agencies
2011-05-23/a>Mark HofmanMicrosoft Support Scam (again)
2011-04-20/a>Daniel WesemannData Breach Investigations Report published by Verizon
2011-01-25/a>Chris MohanReviewing our preconceptions
2011-01-24/a>Rob VandenBrinkWhere have all the COM Ports Gone? - How enumerating COM ports led to me finding a “misplaced” Microsoft tool
2011-01-15/a>Jim ClausingWhat's up with port 8881?
2011-01-08/a>Guy BruneauPandaLabs 2010 Annual Report
2010-11-24/a>Jim ClausingHelp with odd port scans
2010-08-16/a>Raul SilesThe Seven Deadly Sins of Security Vulnerability Reporting
2010-07-29/a>Rob VandenBrinkThe 2010 Verizon Data Breach Report is Out
2010-07-06/a>Rob VandenBrinkBogus Support Organizations use Live Operators to Install Malware
2010-06-15/a>Manuel Humberto Santander PelaezMicrosoft Windows Help and Support Center vulnerability (CVE 2010-1885) exploit in the wild
2010-04-20/a>Raul SilesAre You Ready for a Transportation Collapse...?
2010-03-01/a>Mark HofmanMicrosoft will drop support for Vista (without any Service Packs) on April 13 and support for XP SP2 ends July 13. (i.e. no more security updates). If you are still running these, it it time to update.
2010-02-03/a>Rob VandenBrinkSupport for Legacy Browsers
2010-01-09/a>G. N. WhiteWhat's Up With All The Port Scanning Using TCP/6000 As A Source Port?
2009-10-28/a>Johannes UllrichCyber Security Awareness Month - Day 28 - ntp (123/udp)
2009-10-25/a>Lorna HutchesonCyber Security Awareness Month - Day 25 - Port 80 and 443
2009-10-21/a>Pedro BuenoCyber Security Awareness Month - Day 21 - Port 135
2009-10-17/a>Rick WannerCyber Security Awareness Month - Day 17 - Port 22/SSH
2009-10-15/a>Deborah HaleCyber Security Awareness Month - Day 15 - Ports 995, 465, and 993 - Secure Email
2009-10-11/a>Mark HofmanCyber Security Awareness Month - Day 12 Ports 161/162 Simple Network Management Protocol (SNMP)
2009-10-08/a>Johannes UllrichCyber Security Awareness Month - Day 8 - Port 25 - SMTP
2009-05-02/a>Rick WannerSignificant increase in port 2967 traffic
2009-04-15/a>Marcus Sachs2009 Data Breach Investigation Report
2009-01-21/a>Raul SilesTraffic increase for port UDP/8247
2008-12-16/a>donald smithCisco's Annual Security report has been released.
2008-08-02/a>Maarten Van HorenbeeckA little of that human touch
2008-07-02/a>Jim ClausingThe scoop on the spike in UDP port 7 traffic
2008-05-26/a>Marcus SachsPort 1533 on the Rise
2008-04-27/a>Marcus SachsWhat's With Port 20329?
2008-04-10/a>Deborah HaleDSLReports Being Attacked Again
2008-04-08/a>Swa FrantzenSymantec's Global Internet Security Threat Report
2006-11-29/a>Toby KohlenbergNew Vulnerability Announcement and patches from Apple
2006-09-21/a>Johannes UllrichApple updates Airport Drivers

SCAN

2024-09-13/a>Jesse La GrewFinding Honeypot Data Clusters Using DBSCAN: Part 2
2024-08-29/a>Xavier MertensLive Patching DLLs with Python
2024-08-22/a>Johannes UllrichOpenAI Scans for Honeypots. Artificially Malicious? Action Abuse?
2024-07-16/a>Guy BruneauWho You Gonna Call? AndroxGh0st Busters! [Guest Diary]
2024-07-10/a>Jesse La GrewFinding Honeypot Data Clusters Using DBSCAN: Part 1
2024-03-06/a>Bojan ZdrnjaScanning and abusing the QUIC protocol
2023-12-16/a>Xavier MertensAn Example of RocketMQ Exploit Scanner
2023-12-06/a>Jan KoprivaWhose packet is it anyway: a new RFC for attribution of internet probes
2023-09-23/a>Guy BruneauScanning for Laravel - a PHP Framework for Web Artisants
2023-08-20/a>Guy BruneauSystemBC Malware Activity
2023-05-03/a>Xavier MertensIncreased Number of Configuration File Scans
2023-04-28/a>Xavier MertensQuick IOC Scan With Docker
2022-10-31/a>Rob VandenBrinkNMAP without NMAP - Port Testing and Scanning with PowerShell
2022-10-19/a>Xavier MertensAre Internet Scanning Services Good or Bad for You?
2022-08-26/a>Guy BruneauHTTP/2 Packet Analysis with Wireshark
2022-07-23/a>Guy BruneauAnalysis of SSH Honeypot Data with PowerBI
2022-03-20/a>Didier StevensMGLNDD_* Scans
2022-02-15/a>Xavier MertensWho Are Those Bots?
2022-01-16/a>Guy Bruneau10 Most Popular Targeted Ports in the Past 3 Weeks
2021-10-30/a>Guy BruneauRemote Desktop Protocol (RDP) Discovery
2021-10-09/a>Guy BruneauScanning for Previous Oracle WebLogic Vulnerabilities
2021-09-02/a>Xavier MertensAttackers Will Always Abuse Major Events in our Lifes
2021-08-13/a>Guy BruneauScanning for Microsoft Exchange eDiscovery
2021-07-10/a>Guy BruneauScanning for Microsoft Secure Socket Tunneling Protocol
2021-06-26/a>Guy BruneauCVE-2019-9670: Zimbra Collaboration Suite XXE vulnerability
2021-06-12/a>Guy BruneauFortinet Targeted for Unpatched SSL VPN Discovery Activity
2021-05-31/a>Rick WannerQuick and dirty Python: nmap
2021-05-08/a>Guy BruneauWho is Probing the Internet for Research Purposes?
2021-05-04/a>Rick WannerQuick and dirty Python: masscan
2021-04-24/a>Guy BruneauBase64 Hashes Used in Web Scanning
2021-02-13/a>Guy BruneauUsing Logstash to Parse IPtables Firewall Logs
2021-01-11/a>Rob VandenBrinkUsing the NVD Database and API to Keep Up with Vulnerabilities and Patches - Tool Drop: CVEScan (Part 3 of 3)
2020-12-05/a>Guy BruneauIs IP 91.199.118.137 testing Access to aahwwx.52host.xyz?
2020-12-04/a>Guy BruneauDetecting Actors Activity with Threat Intel
2020-10-24/a>Guy BruneauAn Alternative to Shodan, Censys with User-Agent CensysInspect/1.1
2020-10-20/a>Xavier MertensMirai-alike Python Scanner
2020-10-03/a>Guy BruneauScanning for SOHO Routers
2020-08-22/a>Guy BruneauRemote Desktop (TCP/3389) and Telnet (TCP/23), What might they have in Common?
2020-08-08/a>Guy BruneauScanning Activity Include Netcat Listener
2020-07-19/a>Guy BruneauScanning Activity for ZeroShell Unauthenticated Access
2020-07-11/a>Guy BruneauScanning Home Internet Facing Devices to Exploit
2020-06-13/a>Guy BruneauMirai Botnet Activity
2020-05-16/a>Guy BruneauScanning for Outlook Web Access (OWA) & Microsoft Exchange Control Panel (ECP)
2020-05-08/a>Xavier MertensUsing Nmap As a Lightweight Vulnerability Scanner
2020-04-07/a>Johannes UllrichIncrease in RDP Scanning
2020-03-21/a>Guy BruneauHoneypot - Scanning and Targeting Devices & Services
2020-02-29/a>Guy BruneauHazelcast IMDG Discover Scan
2019-11-23/a>Guy BruneauLocal Malware Analysis with Malice
2019-11-05/a>Rick WannerBluekeep exploitation causing Bluekeep vulnerability scan to fail
2019-11-03/a>Didier StevensYou Too? "Unusual Activity with Double Base64 Encoding"
2019-10-30/a>Xavier MertensKeep an Eye on Remote Access to Mailboxes
2019-10-20/a>Guy BruneauScanning Activity for NVMS-9000 Digital Video Recorder
2019-09-27/a>Xavier MertensNew Scans for Polycom Autoconfiguration Files
2019-09-07/a>Guy BruneauUnidentified Scanning Activity
2019-05-16/a>Xavier MertensThe Risk of Authenticated Vulnerability Scans
2019-04-04/a>Xavier MertensNew Waves of Scans Detected by an Old Rule
2019-03-09/a>Guy BruneauA Comparison Study of SSH Port Activity - TCP 22 & 2222
2019-03-08/a>Remco VerhoefAnalysing meterpreter payload with Ghidra
2019-02-18/a>Didier StevensKnow What You Are Logging
2019-02-02/a>Guy BruneauScanning for WebDAV PROPFIND Exploiting CVE-2017-7269
2018-12-23/a>Guy BruneauScanning Activity, end Goal is to add Hosts to Mirai Botnet
2018-12-16/a>Guy BruneauRandom Port Scan for Open RDP Backdoor
2018-07-02/a>Guy BruneauHello Peppa! - PHP Scans
2018-05-06/a>Guy BruneauScans Attempting to use PowerShell to Download PHP Script
2018-04-30/a>Remco VerhoefAnother approach to webapplication fingerprinting
2018-01-07/a>Guy BruneauSSH Scans by Clients Types
2017-11-13/a>Guy Bruneaujsonrpc Scanning for root account
2017-07-19/a>Xavier MertensBots Searching for Keys & Config Files
2017-05-18/a>Xavier MertensMy Little CVE Bot
2017-04-22/a>Jim ClausingWTF tcp port 81
2017-01-14/a>Xavier MertensBackup Files Are Good but Can Be Evil
2017-01-13/a>Xavier MertensWho's Attacking Me?
2016-12-31/a>Xavier MertensOngoing Scans Below the Radar
2016-09-10/a>Xavier MertensOngoing IMAP Scan, Anyone Else?
2016-05-26/a>Xavier MertensKeeping an Eye on Tor Traffic
2016-02-03/a>Xavier MertensAutomating Vulnerability Scans
2016-02-02/a>Johannes UllrichTargeted IPv6 Scans Using pool.ntp.org .
2015-11-04/a>Johannes UllrichInternet Wide Scanners Wanted
2015-04-23/a>Bojan ZdrnjaWhen automation does not help
2014-09-19/a>Guy BruneauWeb Scan looking for /info/whitelist.pac
2014-07-26/a>Chris Mohan"Internet scanning project" scans
2014-06-22/a>Russ McReeOfficeMalScanner helps identify the source of a compromise
2014-06-11/a>Daniel WesemannGimme your keys!
2014-03-06/a>Mark BaggettPort 5000 traffic and snort signature
2014-02-15/a>Rob VandenBrinkMore on HNAP - What is it, How to Use it, How to Find it
2014-02-14/a>Chris MohanScanning activity for /siemens/bootstrapping/JnlpBrowser/Development/
2014-02-13/a>Johannes UllrichLinksys Worm ("TheMoon") Captured
2014-02-12/a>Johannes UllrichSuspected Mass Exploit Against Linksys E1000 / E1200 Routers
2014-01-31/a>Chris MohanLooking for packets from three particular subnets
2014-01-17/a>Russ McReeMassive RFI scans likely a free web app vuln scanner rather than bots
2014-01-09/a>Bojan ZdrnjaMassive PHP RFI scans
2013-12-19/a>Rob VandenBrinkPassive Scanning Two Ways - How-Tos for the Holidays
2013-12-09/a>Rob VandenBrinkScanning without Scanning
2013-10-22/a>Richard PorterGreenbone and OpenVAS Scanner
2013-10-17/a>Adrien de BeaupreInternet wide DNS scanning
2013-10-12/a>Richard PorterReported Spike in tcp/5901 and tcp/5900
2013-08-19/a>Rob VandenBrinkZMAP 1.02 released
2013-07-01/a>Manuel Humberto Santander PelaezUsing nmap scripts to enhance vulnerability asessment results
2013-03-03/a>Richard PorterUptick in MSSQL Activity
2013-02-03/a>Lorna HutchesonIs it Really an Attack?
2012-11-30/a>Daniel WesemannNmap 6.25 released - lots of new goodies, see http://nmap.org/changelog.html
2012-08-13/a>Rick WannerInteresting scan for medical certification information...
2012-06-27/a>Daniel WesemannWhat's up with port 79 ?
2011-07-17/a>Mark HofmanSSH Brute Force
2011-02-28/a>Deborah HalePossible Botnet Scanning
2011-02-07/a>Pedro BuenoThe Good , the Bad and the Unknown Online Scanners
2010-11-24/a>Jim ClausingHelp with odd port scans
2010-08-10/a>Daniel WesemannSSH - new brute force tool?
2010-02-01/a>Rob VandenBrinkNMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?
2010-01-09/a>G. N. WhiteWhat's Up With All The Port Scanning Using TCP/6000 As A Source Port?
2009-06-26/a>Mark HofmanPHPMYADMIN scans
2009-06-24/a>Kyle HaugsnessTCP scanning increase for 4899
2009-02-01/a>Chris CarboniScanning for Trixbox vulnerabilities
2009-01-30/a>Mark HofmanRequest for info - Scan and webmail
2009-01-12/a>William SaluskyWeb Application Firewalls (WAF) - Have you deployed WAF technology?