Date Author Title
2024-10-15Johannes UllrichA Network Nerd's Take on Emergency Preparedness
2024-07-08Xavier MertensKunai: Keep an Eye on your Linux Hosts Activity
2024-06-20Guy BruneauNo Excuses, Free Tools to Help Secure Authentication in Ubuntu Linux [Guest Diary]
2024-06-03Didier StevensA Wireshark Lua Dissector for Fixed Field Length Protocols
2024-05-08Xavier MertensAnalyzing Synology Disks on Linux
2024-02-20Xavier MertensPython InfoStealer With Dynamic Sandbox Detection
2024-02-05Jesse La GrewPublic Information and Email Spam
2023-12-20Guy BruneauHow to Protect your Webserver from Directory Enumeration Attack ? Apache2 [Guest Diary]
2023-05-26Xavier MertensUsing DFIR Techniques To Recover From Infrastructure Outages
2023-03-11Xavier MertensOverview of a Mirai Payload Generator
2023-02-04Guy BruneauAssemblyline as a Malware Analysis Sandbox
2022-12-20Xavier MertensLinux File System Monitoring & Actions
2022-05-07Guy BruneauPhishing PDF Received in my ISC Mailbox
2022-02-22Xavier MertensA Good Old Equation Editor Vulnerability Delivering Malware
2021-10-16Guy BruneauApache is Actively Scan for CVE-2021-41773 & CVE-2021-42013
2021-09-24Xavier MertensKeep an Eye on Your Users Mobile Devices (Simple Inventory)
2021-09-15Brad DuncanHancitor campaign abusing Microsoft's OneDrive
2021-07-28Jan KoprivaA sextortion e-mail from...IT support?!
2021-07-09Brad DuncanHancitor tries XLL as initial malware file
2021-06-30Brad DuncanJune 2021 Forensic Contest: Answers and Analysis
2021-06-25Jim ClausingIs this traffic bAD?
2021-05-07Daniel WesemannExposed Azure Storage Containers
2021-02-25Jim ClausingSo where did those Satori attacks come from?
2021-02-16Jim ClausingMore weirdness on TCP port 26
2021-01-13Brad DuncanHancitor activity resumes after a hoilday break
2020-12-06Didier Stevensoledump's Indicators (video)
2020-12-05Guy BruneauIs IP 91.199.118.137 testing Access to aahwwx.52host.xyz?
2020-12-04Guy BruneauDetecting Actors Activity with Threat Intel
2020-11-29Didier StevensQuick Tip: Using JARM With a SOCKS Proxy
2020-11-12Daniel WesemannExposed Blob Storage in Azure
2020-11-12Daniel WesemannPreventing Exposed Azure Blob Storage
2020-10-01Daniel WesemannMaking sense of Azure AD (AAD) activity logs
2020-09-29Xavier MertensManaging Remote Access for Partners & Contractors
2020-07-20Rick WannerSextortion Update: The Final Final Chapter
2020-07-19Guy BruneauScanning Activity for ZeroShell Unauthenticated Access
2020-06-16Xavier MertensSextortion to The Next Level
2020-06-13Guy BruneauMirai Botnet Activity
2020-04-17Xavier MertensWeaponized RTF Document Generator & Mailer in PowerShell
2020-03-15Guy BruneauVPN Access and Activity Monitoring
2020-03-12Brad DuncanHancitor distributed through coronavirus-themed malspam
2019-12-31Johannes UllrichSome Thoughts About the Critical Citrix ADC/Gateway Vulnerability (CVE-2019-19781)
2019-11-20Brad DuncanHancitor infection with Pony, Evil Pony, Ursnif, and Cobalt Strike
2019-10-29Xavier MertensGenerating PCAP Files from YAML
2019-10-16Xavier MertensSecurity Monitoring: At Network or Host Level?
2019-09-22Didier StevensVideo: Encrypted Sextortion PDFs
2019-09-16Didier StevensEncrypted Sextortion PDFs
2019-08-05Rick WannerSextortion: Follow the Money - The Final Chapter
2019-07-26Kevin ShorttDVRIP Port 34567 - Uptick
2019-04-24Rob VandenBrinkWhere have all the Domain Admins gone? Rooting out Unwanted Domain Administrators
2019-03-24Didier StevensDecoding QR Codes with Python
2019-03-21Xavier MertensNew Wave of Extortion Emails: Central Intelligence Agency Case
2019-02-25Didier StevensSextortion Email Variant: With QR Code
2019-02-24Guy BruneauPacket Editor and Builder by Colasoft
2019-02-06Brad DuncanHancitor malspam and infection traffic from Tuesday 2019-02-05
2019-02-01Rick WannerSextortion: Follow the Money Part 3 - The cashout begins!
2019-01-31Xavier MertensTracking Unexpected DNS Changes
2019-01-18John BambenekSextortion Bitcoin on the Move
2018-12-14Rick WannerBombstortion?? Boomstortion??
2018-12-05Brad DuncanCampaign evolution: Hancitor changes its Word macros
2018-11-19Xavier MertensThe Challenge of Managing Your Digital Library
2018-11-14Brad DuncanDay in the life of a researcher: Finding a wave of Trickbot malspam
2018-10-30Brad DuncanCampaign evolution: Hancitor malspam starts pushing Ursnif this week
2018-10-12Xavier MertensMore Equation Editor Exploit Waves
2018-10-10Xavier MertensNew Campaign Using Old Equation Editor Vulnerability
2018-08-13Didier StevensNew Extortion Tricks: Now Including Your (Partial) Phone Number!
2018-07-12Johannes UllrichNew Extortion Tricks: Now Including Your Password!
2018-07-03Didier StevensProgress indication for scripts on Windows
2018-06-07Remco VerhoefAutomated twitter loot collection
2018-03-03Xavier MertensReminder: Beware of the "Cloud"
2018-02-25Didier StevensRetrieving malware over Tor on Windows
2017-10-17Brad DuncanHancitor malspam uses DDE attack
2017-07-18Bojan ZdrnjaInvestigation of BitTorrent Sync (v.2.0) as a P2P Cloud Service (Part 4 ? Windows Thumbnail Cache, Registry, Prefetch Files, and Link Files artefacts)
2017-07-13Bojan ZdrnjaInvestigation of BitTorrent Sync (v.2.0) as a P2P Cloud Service (Part 3 ? Physical Memory artefacts)
2017-07-07Renato MarinhoDDoS Extortion E-mail: Yet Another Bluff?
2017-06-17Guy BruneauMapping Use Cases to Logs. Which Logs are the Most Important to Collect?
2017-04-20Xavier MertensDNS Query Length... Because Size Does Matter
2017-04-10Didier StevensPassword History: Insights Shared by a Reader
2017-03-15Xavier MertensRetro Hunting!
2017-03-03Lorna HutchesonBitTorrent or Something Else?
2017-02-10Brad DuncanHancitor/Pony malspam
2017-01-10Johannes UllrichRealtors Be Aware: You Are a Target
2016-12-05Didier StevensHancitor Maldoc Videos
2016-11-02Rob VandenBrinkWhat Does a Pentest Look Like?
2016-08-29Russ McReeRecommended Reading: Intrusion Detection Using Indicators of Compromise Based on Best Practices and Windows Event Logs
2016-06-15Richard PorterWarp Speed Ahead, L7 Open Source Packet Generator: Warp17
2016-05-26Xavier MertensKeeping an Eye on Tor Traffic
2016-05-18Russ McReeResources: Windows Auditing & Monitoring, Linux 2FA
2016-04-15Xavier MertensWindows Command Line Persistence?
2016-03-30Xavier MertensWhat to watch with your FIM?
2016-03-13Guy BruneauA Look at the Mandiant M-Trends 2016 Report
2016-03-07Xavier MertensOSX Ransomware Spread via a Rogue BitTorrent Client Installer
2016-01-31Guy BruneauWindows 10 and System Protection for DATA Default is OFF
2015-12-29Daniel WesemannNew Years Resolutions
2015-12-12Russell EubanksWhat Signs Are You Missing?
2015-07-17Didier StevensAutoruns and VirusTotal
2015-06-29Rob VandenBrinkThe Powershell Diaries 2 - Software Inventory
2015-06-24Rob VandenBrinkThe Powershell Diaries - Finding Problem User Accounts in AD
2015-05-10Didier StevensWireshark TCP Flags: How To Install On Windows Video
2015-04-05Didier StevensWireshark TCP Flags
2015-02-27Rick WannerTor Browser Version 4.0.4 released - https://blog.torproject.org/blog/tor-browser-404-released
2014-09-27Guy BruneauWhat has Bash and Heartbleed Taught Us?
2014-08-22Richard PorterOCLHashCat 1.30 Released
2014-07-02Johannes UllrichSimple Javascript Extortion Scheme Advertised via Bing
2014-05-18Russ McReesed and awk will always rock
2014-04-21Daniel WesemannAllow us to leave!
2014-03-17Johannes UllrichScans for FCKEditor File Manager
2014-02-28Daniel WesemannOversharing
2014-02-22Tony CarothersCisco UCS Director Vulnerability and Update
2014-01-10Basil Alawi S.TaherWindows Autorun-3
2013-12-23Rob VandenBrinkHow-To's for the Holidays - Java Whitelisting using AD Group Policy
2013-08-30Kevin ListonTor Use Uptick
2013-08-02Johannes UllrichScans for Open File Uploads into CKEditor
2013-06-21Guy BruneauSysinternals Updates for Autoruns, Strings & ZoomIt http://blogs.technet.com/b/sysinternals/archive/2013/06/20/updates-autoruns-v11-61-strings-v2-52-zoomit-v4-5.aspx
2013-05-21Adrien de BeaupreMoore, Oklahoma tornado charitable organization scams, malware, and phishing
2013-03-23Guy BruneauApple ID Two-step Verification Now Available in some Countries
2013-03-09Guy BruneauIPv6 Focus Month: IPv6 Encapsulation - Protocol 41
2013-03-06Adam SwangerIPv6 Focus Month: Guest Diary: Stephen Groat - Geolocation Using IPv6 Addresses
2013-02-17Guy BruneauHP ArcSight Connector Appliance and Logger Vulnerabilities
2013-01-07Adam SwangerPlease consider participating in our 2013 ISC StormCast survey at http://www.surveymonkey.com/s/stormcast
2012-09-21Guy BruneauStoring your Collection of Malware Samples with Malwarehouse
2012-09-02Lorna HutchesonDemonstrating the value of your Intrusion Detection Program and Analysts
2012-08-30Bojan ZdrnjaAnalyzing outgoing network traffic (part 2)
2012-08-23Bojan ZdrnjaAnalyzing outgoing network traffic
2012-05-22Johannes UllrichWhen factors collapse and two factor authentication becomes one.
2012-01-13Guy BruneauSysinternals Updates - http://blogs.technet.com/b/sysinternals/archive/2012/01/13/updates-autoruns-v11-21-coreinfo-v3-03-portmon-v-3-03-process-explorer-v15-12-mark-s-blog-and-mark-at-rsa-2012.aspx
2011-10-17Rob VandenBrinkCritical Control 11: Account Monitoring and Control
2011-09-05Bojan ZdrnjaBitcoin – crypto currency of future or heaven for criminals?
2011-06-07Johannes UllrichRSA Offers to Replace Tokens
2011-05-22Kevin ShorttFacebook goes two-factor
2011-02-11Kevin Johnson Two-Factor Auth: Can we just Google the response?
2010-12-15Manuel Humberto Santander PelaezHP StorageWorks P2000 G3 MSA hardcoded user
2010-09-21Johannes UllrichImplementing two Factor Authentication on the Cheap
2010-08-03Johannes UllrichSolar activity may cause problems this week
2010-07-25Rick WannerUpdated version of Mandiant's Web Historian
2010-07-04Manuel Humberto Santander PelaezInteresting analysis of the PHP SplObjectStorage Vulnerability
2010-06-18Johannes UllrichPlease take a second and rate the daily podcast (Stormcast): http://www.surveymonkey.com/s/stormcast
2010-04-06Daniel WesemannApplication Logs
2010-02-11Deborah HaleCritical Update for AD RMS
2009-10-02Stephen HallNew SysInternal fun for the weekend
2009-09-19Rick WannerSysinternals Tools Updates
2009-07-03Adrien de BeaupreFCKEditor advisory
2009-05-11Mari NicholsSysinternals Updates 3 Applications
2009-02-25donald smithAutoRun disabling patch released
2009-01-15Bojan ZdrnjaConficker's autorun and social engineering
2008-12-25Maarten Van HorenbeeckMerry Christmas, and beware of digital hitchhikers!
2008-10-06Jim ClausingNovell eDirectory advisory
2008-07-04Kevin ListonStorm Botnet Celebrates Birthday With Fireworks
2008-06-07Jim ClausingFollowup to 'How do you monitor your website?'
2008-06-02donald smithNew Stormworm download site
2008-05-26Marcus SachsPredictable Response
2008-03-31Stephen HallStorming into April on Fools Day
2006-10-17Arrigo TriulziHacking Tor, the anonymity onion routing network
2006-09-10Lenny ZeltserEarly Discussions of Computer Security in the Media