Date Author Title

BIND 9

2012-07-30Guy BruneauBIND 9 Security Updates
2012-06-06Jim ClausingBIND 9 Update - DoS or information disclosure vulnerability
2011-11-16Jason LamPotential 0-day on Bind 9

BIND

2021-07-31/a>Guy BruneauUnsolicited DNS Queries
2019-11-25/a>Xavier MertensMy Little DoH Setup
2019-07-13/a>Guy BruneauGuidance to Protect DNS Against Hijacking & Scanning for Version.BIND Still a Thing
2014-06-12/a>Guy BruneauBIND Security Update for CVE-2014-3859
2013-07-26/a>Scott FendleyISC BIND DoS
2013-06-05/a>Richard PorterBIND 9 Update fixing CVE-2013-3919
2012-07-30/a>Guy BruneauBIND 9 Security Updates
2012-06-06/a>Jim ClausingBIND 9 Update - DoS or information disclosure vulnerability
2011-12-05/a>Stephen HallISC describe DNS crash bug analysis
2011-11-16/a>Jason LamPotential 0-day on Bind 9
2011-07-05/a>Raul SilesTwo DoS remotely exploitable vulnerabilities affect BIND 9: http://www.isc.org/advisories/bind Updgrade to 9.8.0-P4.
2011-06-28/a>Johannes UllrichDNSSEC Tips
2011-05-09/a>Johannes UllrichPatch for BIND 9.8.0 DoS Vulnerability
2011-02-23/a>Manuel Humberto Santander PelaezBind DOS vulnerability (CVE-2011-0414)
2010-07-29/a>Rob VandenBrinkNoScript 2.0 released
2010-02-17/a>Rob VandenBrinkMultiple Security Updates for ESX 3.x and ESXi 3.x
2009-12-15/a>Johannes UllrichImportant BIND name server updates - DNSSEC
2009-11-24/a>John BambenekBIND Security Advisory (DNSSEC only)
2009-07-29/a>Bojan ZdrnjaBIND 9 DoS attacks in the wild
2009-01-08/a>Kyle HaugsnessBIND OpenSSL follow-up
2009-01-07/a>William SaluskyBIND 9.x security patch - resolves potentially new DNS poisoning vector
2008-08-14/a>Johannes UllrichDNSSEC for DShield.org
2008-08-02/a>Swa FrantzenBIND: -P2 patches are released
2008-07-08/a>Johannes UllrichMulitple Vendors DNS Spoofing Vulnerability

9

2025-04-02/a>Guy BruneauExploring Statistical Measures to Predict URLs as Legitimate or Intrusive [Guest Diary]
2024-09-25/a>Guy BruneauOSINT - Image Analysis or More Where, When, and Metadata [Guest Diary]
2023-11-30/a>John BambenekProphetic Post by Intern on CVE-2023-1389 Foreshadows Mirai Botnet Expansion Today
2023-11-22/a>Guy BruneauCVE-2023-1389: A New Means to Expand Botnets
2023-07-12/a>Brad DuncanLoader activity for Formbook "QM18"
2022-08-03/a>Johannes Ullrichl9explore and LeakIX Internet wide recon scans.
2022-06-09/a>Brad DuncanTA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt)
2022-04-28/a>Johannes UllrichA Day of SMB: What does our SMB/RPC Honeypot see? CVE-2022-26809
2022-04-14/a>Johannes UllrichAn Update on CVE-2022-26809 - MSRPC Vulnerabliity - PATCH NOW
2022-01-12/a>Johannes UllrichA Quick CVE-2022-21907 FAQ
2022-01-02/a>Guy BruneauExchange Server - Email Trapped in Transport Queues
2021-11-26/a>Guy BruneauSearching for Exposed ASUS Routers Vulnerable to CVE-2021-20090
2021-09-16/a>Jan KoprivaPhishing 101: why depend on one suspicious message subject when you can use many?
2021-06-26/a>Guy BruneauCVE-2019-9670: Zimbra Collaboration Suite XXE vulnerability
2020-12-18/a>Jan KoprivaA slightly optimistic tale of how patching went for CVE-2019-19781
2020-12-12/a>Didier StevensOffice 95 Excel 4 Macros
2020-10-28/a>Jan KoprivaSMBGhost - the critical vulnerability many seem to have forgotten to patch
2020-07-22/a>Rick WannerA few IoCs related to CVE-2020-5902
2020-07-21/a>Jan KoprivaCouple of interesting Covid-19 related stats
2020-07-06/a>Johannes UllrichSummary of CVE-2020-5902 F5 BIG-IP RCE Vulnerability Exploits
2020-05-01/a>Jim ClausingAttack traffic on TCP port 9673
2020-04-29/a>Johannes UllrichPrivacy Preserving Protocols to Trace Covid19 Exposure
2020-04-17/a>Xavier MertensWeaponized RTF Document Generator & Mailer in PowerShell
2020-04-03/a>Xavier MertensObfuscated with a Simple 0x0A
2020-03-28/a>Didier StevensCovid19 Domain Classifier
2020-03-27/a>Johannes UllrichHelp us classify Covid19 related domains https://isc.sans.edu/covidclassifier.html (login required)
2020-03-24/a>Russ McReeAnother Critical COVID-19 Shortage: Digital Security
2020-03-19/a>Xavier MertensCOVID-19 Themed Multistage Malware
2020-01-13/a>Didier StevensCitrix ADC Exploits: Overview of Observed Payloads
2020-01-11/a>Johannes UllrichCitrix ADC Exploits are Public and Heavily Used. Attempts to Install Backdoor
2020-01-07/a>Johannes UllrichA Quick Update on Scanning for CVE-2019-19781 (Citrix ADC / Gateway Vulnerability)
2019-10-20/a>Guy BruneauScanning Activity for NVMS-9000 Digital Video Recorder
2019-08-01/a>Johannes UllrichWhat is Listening On Port 9527/TCP?
2019-06-19/a>Johannes UllrichCritical Actively Exploited WebLogic Flaw Patched CVE-2019-2729
2019-05-22/a>Johannes UllrichAn Update on the Microsoft Windows RDP "Bluekeep" Vulnerability (CVE-2019-0708) [now with pcaps]
2019-04-28/a>Johannes UllrichUpdate about Weblogic CVE-2019-2725 (Exploits Used in the Wild, Patch Status)
2019-03-30/a>Didier Stevens"404" is not Malware
2019-03-09/a>Guy BruneauA Comparison Study of SSH Port Activity - TCP 22 & 2222
2019-02-02/a>Guy BruneauScanning for WebDAV PROPFIND Exploiting CVE-2017-7269
2018-05-22/a>Guy BruneauVMware updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue - https://www.vmware.com/security/advisories/VMSA-2018-0012.html
2017-08-24/a>Bojan ZdrnjaFree Bitcoins? Why not?
2016-05-16/a>Rick WannerAn oldie but a goodie - 419 Death Scam
2016-02-28/a>Guy BruneauRFC 6598 - Carrier Grade NAT
2016-01-25/a>Rob VandenBrinkAssessing Remote Certificates with Powershell
2014-06-12/a>Johannes UllrichMetasploit now includes module to exploit CVE-2014-0195 (OpenSSL DTLS Fragment Vuln.)
2014-02-07/a>Rob VandenBrinkNew ISO Standards on Vulnerability Handling and Disclosure
2013-11-09/a>Guy BruneauIE Zero-Day Vulnerability Exploiting msvcrt.dll
2013-10-01/a>John Bambenek*Metaspoit Releases Module to Exploit Unpatched IE Vuln CVE-2013-3893
2013-09-20/a>Russ McReeThreat Level Yellow: Protection recommendations regarding Internet Explorer exploits in the wild
2013-09-18/a>Rob VandenBrinkCisco DCNM Update Released
2013-06-05/a>Richard PorterBIND 9 Update fixing CVE-2013-3919
2013-02-19/a>Johannes UllrichAPT1, Unit 61398 and are state sponsored attacks real
2013-02-11/a>John BambenekOpenSSL 1.0.1e Released with Corrected fix for CVE-2013-1069, more here: http://www.openssl.org/
2013-01-10/a>Rob VandenBrinkWhat Else runs Telnets? Or, Pentesters Love Video Conferencing Units Too!
2013-01-04/a>Guy Bruneau"FixIt" Patch for CVE-2012-4792 Bypassed
2012-09-17/a>Rob VandenBrinkIE Zero Day is "For Real"
2012-07-30/a>Guy BruneauBIND 9 Security Updates
2012-06-25/a>Guy BruneauIssues with Windows Update Agent
2012-06-06/a>Jim ClausingBIND 9 Update - DoS or information disclosure vulnerability
2012-05-25/a>Guy BruneauTechnical Analysis of Flash Player CVE-2012-0779
2012-05-16/a>Johannes UllrichReserved IP Address Space Reminder
2012-05-05/a>Tony CarothersVulnerability Exploit for Snow Leopard
2011-11-16/a>Jason LamPotential 0-day on Bind 9
2011-08-29/a>Kevin ShorttInternet Worm in the Wild
2011-08-25/a>Kevin ShorttIncreased Traffic on Port 3389
2011-08-03/a>Johannes UllrichPort 3389 / terminal services scans
2011-04-28/a>Chris MohanGathering and use of location information fears - or is it all a bit too late
2011-04-21/a>Guy BruneauSilverlight Update Available
2010-10-19/a>Rob VandenBrinkCyber Security Awareness Month - Day 19 - Remote Access Tools
2010-10-19/a>Rob VandenBrinkCyber Security Awareness Month - Day 19 - Remote User VPN Tunnels - to Split or not to Split?
2010-10-19/a>Rob VandenBrinkCyber Security Awareness Month - Day 19 - VPN Architectures – SSL or IPSec?
2010-10-19/a>Rob VandenBrinkCyber Security Awareness Month - Day 19 - Remote User VPN Access – Are things getting too easy, or too hard?
2010-10-19/a>Rob VandenBrinkCyber Security Awareness Month - Day 19 - VPN and Remote Access Tools
2010-07-29/a>Rob VandenBrinkSnort 2.8.6.1 and Snort 2.9 Beta Released
2010-07-26/a>Guy BruneauSophosLabs Released Free Tool to Validate Microsoft Shortcut
2010-07-24/a>Manuel Humberto Santander PelaezGnuPG gpgsm bug
2010-07-20/a>Manuel Humberto Santander PelaezLNK vulnerability now with Metasploit module implementing the WebDAV method
2010-07-20/a>Manuel Humberto Santander PelaeziTunes buffer overflow vulnerability
2010-03-10/a>Rob VandenBrinkMicrosoft re-release of KB973811 - attacks on Extended Protection for Authentication
2010-02-23/a>Mark HofmanWhat is your firewall telling you and what is TCP249?
2010-01-19/a>Jim ClausingThe IE saga continues, out-of-cycle patch coming soon
2010-01-15/a>Kevin ListonExploit code available for CVE-2010-0249
2010-01-12/a>Adrien de BeauprePoC for CVE-2009-0689 MacOS X 10.5/10.6 vulnerability
2010-01-04/a>Bojan ZdrnjaSophisticated, targeted malicious PDF documents exploiting CVE-2009-4324
2009-10-31/a>Rick WannerCyber Security Awareness Month - Day 31, ident
2009-10-30/a>Rob VandenBrinkCyber Security Awareness Month - Day 30 - The "Common" IPSEC VPN Protocols - IKE / ISAKMP (500/udp), ESP (IP Protocol 50), NAT-T-IKE (500/udp, 4500/udp), PPTP (tcp/1723), GRE (IP Protocol 47)
2009-10-29/a>Kyle HaugsnessCyber Security Awareness Month - Day 29 - dns port 53
2009-10-25/a>Lorna HutchesonCyber Security Awareness Month - Day 25 - Port 80 and 443
2009-10-22/a>Adrien de BeaupreCyber Security Awareness Month - Day 22 port 502 TCP - Modbus
2009-10-19/a>Daniel WesemannCyber Security Awareness Month - Day 19 - ICMP
2009-10-17/a>Rick WannerCyber Security Awareness Month - Day 17 - Port 22/SSH
2009-10-16/a>Adrien de BeaupreCyber Security Awareness Month - Day 16 - Port 1521 - Oracle TNS Listener
2009-10-15/a>Deborah HaleCyber Security Awareness Month - Day 15 - Ports 995, 465, and 993 - Secure Email
2009-10-09/a>Rob VandenBrinkCyber Security Awareness Month - Day 9 - Port 3389/tcp (RDP)
2009-10-06/a>Adrien de BeaupreCyber Security Awareness Month - Day 6 ports 67&68 udp - bootp and dhcp
2009-10-05/a>Adrien de BeaupreCyber Security Awareness Month - Day 5 port 31337
2009-08-18/a>Bojan ZdrnjaMS09-039 exploit in the wild?
2009-06-20/a>Mark HofmanG'day from Sansfire2009
2009-06-14/a>Guy BruneauSANSFIRE 2009 Starts Tomorrow
2009-05-28/a>Stephen HallMicrosoft DirectShow vulnerability
2009-05-27/a>donald smithWebDAV write-up
2009-05-02/a>Rick WannerSignificant increase in port 2967 traffic
2009-04-23/a>Kyle HaugsnessPossible MS09-013 activity
2009-02-19/a>Bojan ZdrnjaMS09-002, XML/DOC and initial infection vector
2009-02-17/a>Bojan ZdrnjaMS09-002 exploit in the wild
2009-01-13/a>Johannes UllrichJanuary Black Tuesday Overview
2008-09-15/a>donald smithFake antivirus 2009 and search engine results
2008-07-17/a>Mari NicholsAdobe Reader 9 Released
2008-07-17/a>Mari NicholsMicrosoft Updates 2 DirectX Bulletins
2008-04-27/a>Marcus SachsWhat's With Port 20329?
2006-09-19/a>Swa FrantzenYet another MSIE 0-day: VML
2006-09-15/a>Swa FrantzenMSIE DirectAnimation ActiveX 0-day update