Internet Storm Center
Sign In
Sign Up
Handler on Duty:
Didier Stevens
Threat Level:
green
Date
Author
Title
WORD DOC
2020-07-15
Brad Duncan
Word docs with macros for IcedID (Bokbot)
2020-05-20
Brad Duncan
Microsoft Word document with malicious macro pushes IcedID (Bokbot)
2020-01-22
Brad Duncan
German language malspam pushes Ursnif
WORD
2024-11-06/a>
Jesse La Grew
[Guest Diary] Insights from August Web Traffic Surge
2024-10-31/a>
Guy Bruneau
October 2024 Activity with Username chenzilong
2024-10-16/a>
Johannes Ullrich
The Top 10 Not So Common SSH Usernames and Passwords
2024-08-22/a>
Johannes Ullrich
OpenAI Scans for Honeypots. Artificially Malicious? Action Abuse?
2024-08-07/a>
Guy Bruneau
Same Scripts, Different Day: What My DShield Honeypot Taught Me About the Importance of Security Fundamentals [Guest Diary]
2024-07-13/a>
Didier Stevens
16-bit Hash Collisions in .xls Spreadsheets
2024-06-26/a>
Guy Bruneau
What Setting Live Traps for Cybercriminals Taught Me About Security [Guest Diary]
2024-02-28/a>
Johannes Ullrich
Exploit Attempts for Unknown Password Reset Vulnerability
2024-01-17/a>
Jesse La Grew
Number Usage in Passwords
2024-01-06/a>
Xavier Mertens
Are you sure of your password?
2023-10-29/a>
Guy Bruneau
Spam or Phishing? Looking for Credentials & Passwords
2023-10-15/a>
Guy Bruneau
Domain Name Used as Password Captured by DShield Sensor
2023-09-29/a>
Xavier Mertens
Are You Still Storing Passwords In Plain Text Files?
2023-09-05/a>
Jesse La Grew
Common usernames submitted to honeypots
2023-09-02/a>
Jesse La Grew
What is the origin of passwords submitted to honeypots?
2023-08-10/a>
Bojan Zdrnja
Some things never change ? such as SQL Authentication ?encryption?
2023-08-04/a>
Xavier Mertens
Are Leaked Credentials Dumps Used by Attackers?
2023-06-23/a>
Xavier Mertens
Word Document with an Online Attached Template
2023-06-05/a>
Johannes Ullrich
Brute Forcing Simple Archive Passwords
2023-05-04/a>
Xavier Mertens
Infostealer Embedded in a Word Document
2023-04-19/a>
Rob VandenBrink
Taking a Bite Out of Password Expiry Helpdesk Calls
2023-02-18/a>
Guy Bruneau
Spear Phishing Handlers for Username/Password
2022-09-16/a>
Didier Stevens
Word Maldoc With CustomXML and Renamed VBAProject.bin
2022-09-15/a>
Xavier Mertens
Malicious Word Document with a Frameset
2022-09-10/a>
Guy Bruneau
Phishing Word Documents with Suspicious URL
2022-08-13/a>
Guy Bruneau
Phishing HTML Attachment as Voicemail Audio Transcription
2022-06-12/a>
Didier Stevens
Quickie: Follina, RTF & Explorer Preview Pane
2022-06-06/a>
Didier Stevens
"ms-msdt" RTF Maldoc Analysis: oledump Plugins
2022-06-05/a>
Didier Stevens
Analysis Of An "ms-msdt" RTF Maldoc
2022-05-30/a>
Xavier Mertens
New Microsoft Office Attack Vector via "ms-msdt" Protocol Scheme (CVE-2022-30190)
2022-05-17/a>
Xavier Mertens
Use Your Browser Internal Password Vault... or Not?
2022-05-09/a>
Xavier Mertens
Octopus Backdoor is Back with a New Embedded Obfuscated Bat File
2022-04-24/a>
Didier Stevens
Analyzing a Phishing Word Document
2022-04-04/a>
Johannes Ullrich
Emptying the Phishtank: Are WordPress sites the Mosquitoes of the Internet?
2022-03-10/a>
Xavier Mertens
Credentials Leaks on VirusTotal
2022-02-22/a>
Xavier Mertens
A Good Old Equation Editor Vulnerability Delivering Malware
2022-02-13/a>
Guy Bruneau
DHL Spear Phishing to Capture Username/Password
2022-02-02/a>
Johannes Ullrich
Finding elFinder: Who is looking for your files?
2021-12-02/a>
Brad Duncan
TA551 (Shathak) pushes IcedID (Bokbot)
2021-11-30/a>
Johannes Ullrich
Hunting for PHPUnit Installed via Composer
2021-11-15/a>
Rob VandenBrink
Changing your AD Password Using the Clipboard - Not as Easy as You'd Think!
2021-08-06/a>
Xavier Mertens
Malicious Microsoft Word Remains A Key Infection Vector
2021-05-14/a>
Xavier Mertens
"Open" Access to Industrial Systems Interface is Also Far From Zero
2021-04-24/a>
Guy Bruneau
Base64 Hashes Used in Web Scanning
2021-02-19/a>
Xavier Mertens
Dynamic Data Exchange (DDE) is Back in the Wild?
2021-02-02/a>
Xavier Mertens
New Example of XSL Script Processing aka "Mitre T1220"
2021-01-28/a>
Daniel Wesemann
Emotet vs. Windows Attack Surface Reduction
2021-01-26/a>
Brad Duncan
TA551 (Shathak) Word docs push Qakbot (Qbot)
2021-01-24/a>
Didier Stevens
Video: Doc & RTF Malicious Document
2021-01-23/a>
Didier Stevens
CyberChef: Analyzing OOXML Files for URLs
2021-01-13/a>
Brad Duncan
Hancitor activity resumes after a hoilday break
2021-01-10/a>
Didier Stevens
Maldoc Analysis With CyberChef
2021-01-09/a>
Didier Stevens
Maldoc Strings Analysis
2021-01-06/a>
Johannes Ullrich
Scans for Zyxel Backdoors are Commencing.
2020-12-24/a>
Xavier Mertens
Malicious Word Document Delivering an Octopus Backdoor
2020-10-14/a>
Brad Duncan
More TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-09-18/a>
Xavier Mertens
A Mix of Python & VBA in a Malicious Word Document
2020-08-19/a>
Xavier Mertens
Example of Word Document Delivering Qakbot
2020-08-07/a>
Brad Duncan
TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-07-26/a>
Didier Stevens
Cracking Maldoc VBA Project Passwords
2020-07-15/a>
Brad Duncan
Word docs with macros for IcedID (Bokbot)
2020-07-13/a>
Didier Stevens
VBA Project Passwords
2020-06-10/a>
Brad Duncan
Job application-themed malspam pushes ZLoader
2020-05-20/a>
Brad Duncan
Microsoft Word document with malicious macro pushes IcedID (Bokbot)
2020-04-06/a>
Didier Stevens
Password Protected Malicious Excel Files
2020-03-18/a>
Brad Duncan
Trickbot gtag red5 distributed as a DLL file
2020-01-22/a>
Brad Duncan
German language malspam pushes Ursnif
2019-12-11/a>
Brad Duncan
German language malspam pushes yet another wave of Trickbot
2019-11-01/a>
Didier Stevens
Tip: Password Managers and 2FA
2019-10-02/a>
Brad Duncan
A recent example of Emotet malspam
2019-09-18/a>
Brad Duncan
Emotet malspam is back
2019-07-18/a>
Xavier Mertens
Malicious PHP Script Back on Stage?
2019-06-10/a>
Xavier Mertens
Interesting JavaScript Obfuscation Example
2019-01-24/a>
Brad Duncan
Malspam with Word docs uses macro to run Powershell script and steal system data
2018-12-18/a>
Brad Duncan
Malspam links to password-protected Word docs that push IcedID (Bokbot)
2018-12-17/a>
Didier Stevens
Password Protected ZIP with Maldoc
2018-11-15/a>
Brad Duncan
Emotet infection with IcedID banking Trojan
2018-10-26/a>
Xavier Mertens
Dissecting Malicious Office Documents with Linux
2018-08-22/a>
Deborah Hale
Email/password Frustration
2018-07-12/a>
Johannes Ullrich
New Extortion Tricks: Now Including Your Password!
2018-06-13/a>
Xavier Mertens
A Bunch of Compromized Wordpress Sites
2018-01-09/a>
Jim Clausing
Are you watching for brute force attacks on IPv6?
2017-11-28/a>
Xavier Mertens
Apple High Sierra Uses a Passwordless Root Account
2017-11-07/a>
Xavier Mertens
Interesting VBA Dropper
2017-08-17/a>
Xavier Mertens
Maldoc with auto-updated link
2017-05-17/a>
Richard Porter
Wait What? We don?t have to change passwords every 90 days?
2017-05-05/a>
Xavier Mertens
HTTP Headers... the Achilles' heel of many applications
2017-04-26/a>
Johannes Ullrich
If there are some unexploited MSSQL Servers With Weak Passwords Left: They got you now (again)
2017-04-23/a>
Didier Stevens
Malicious Documents: A Bit Of News
2017-04-10/a>
Didier Stevens
Password History: Insights Shared by a Reader
2017-02-07/a>
Johannes Ullrich
My Password is [taco] Using Emojis for Stronger Passwords
2017-02-04/a>
Xavier Mertens
Detecting Undisclosed Vulnerabilities with Security Tools & Features
2016-12-07/a>
Xavier Mertens
The Passwords You Should Never Use
2016-09-15/a>
Xavier Mertens
In Need of a OTP Manager Soon?
2016-07-21/a>
Didier Stevens
Practice ntds.dit File
2016-06-20/a>
Xavier Mertens
Using Your Password Manager to Monitor Data Leaks
2015-12-06/a>
Mark Hofman
Malware SPAM a new run has started.
2015-06-26/a>
Daniel Wesemann
Cisco default credentials - again!
2015-05-09/a>
Didier Stevens
Malicious Word Document: This Time The Maldoc Is A MIME File
2015-03-13/a>
Guy Bruneau
Blind SQL Injection against WordPress SEO by Yoast
2015-02-20/a>
Tom Webb
Fast analysis of a Tax Scam
2014-11-20/a>
Johannes Ullrich
Critical WordPress XSS Update
2014-09-19/a>
Guy Bruneau
Added today in oclhashcat 131 Django [Default Auth] (PBKDF2 SHA256 Rounds Salt) Support - http://hashcat.net/hashcat/
2014-08-22/a>
Richard Porter
OCLHashCat 1.30 Released
2014-08-06/a>
Johannes Ullrich
All Passwords have been lost: What's next?
2014-07-22/a>
Daniel Wesemann
WordPress brute force attack via wp.getUsersBlogs
2014-06-19/a>
Tony Carothers
WordPress and Security
2014-05-22/a>
Rob VandenBrink
Another Site Breached - Time to Change your Passwords! (If you can that is)
2014-03-14/a>
Richard Porter
Word Press Shenanigans? Anyone seeing strange activity today?
2014-03-12/a>
Johannes Ullrich
Wordpress "Pingback" DDoS Attacks
2013-11-22/a>
Rick Wanner
Tales of Password Reuse
2013-07-21/a>
Guy Bruneau
Ubuntu Forums Security Breach
2013-06-11/a>
Swa Frantzen
Store passwords the right way in your application
2013-05-14/a>
Jim Clausing
So what passwords are those ssh scanners trying?
2013-03-18/a>
Kevin Shortt
Cisco IOS Type 4 Password Issue: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4
2013-01-18/a>
Russ McRee
Interesting reads for Friday 18 JAN 2013
2013-01-04/a>
Daniel Wesemann
Blue for Reset?
2012-11-15/a>
Jim Clausing
Another month another password disclosure breach
2012-07-16/a>
Jim Clausing
An analysis of the Yahoo! passwords
2012-06-06/a>
Jim Clausing
Potential leak of 6.5+ million LinkedIn password hashes
2012-05-22/a>
Johannes Ullrich
nmap 6 released
2012-04-21/a>
Guy Bruneau
WordPress Release Security Update
2012-01-05/a>
Russ McRee
WordPress 3.3.1 fixes 15 issues with WordPress 3.3 including XSS. Download 3.3.1 or visit Dashboard --> Updates in your site admin panel.
2012-01-03/a>
Rick Wanner
Analysis of the Stratfor Password List
2011-10-10/a>
Tom Liston
What's In A Name?
2011-08-10/a>
Johannes Ullrich
Theoretical and Practical Password Entropy
2011-06-30/a>
Guy Bruneau
WordPress 3.1.4 Security Update - http://wordpress.org/news/2011/06/wordpress-3-1-4/
2011-06-28/a>
Johannes Ullrich
Hashing Passwords
2011-06-22/a>
Guy Bruneau
WordPress Forces Password Reset
2011-05-30/a>
Johannes Ullrich
Allied Telesis Passwords Leaked
2011-04-18/a>
John Bambenek
Wordpress.com Security Breach
2011-02-08/a>
Mark Hofman
WordPress 3.0.5 (and 3.1 RC4) are out
2010-12-30/a>
Johannes Ullrich
Critcal Wordpress Security Update http://wordpress.org/news/2010/12/3-0-4-update/
2010-12-28/a>
John Bambenek
Mozilla Notifies of Relatively Minor Security Breach
2010-12-15/a>
Manuel Humberto Santander Pelaez
HP StorageWorks P2000 G3 MSA hardcoded user
2010-12-13/a>
Deborah Hale
Gawker Media Breach of Security
2010-12-02/a>
Kevin Johnson
SQL Injection: Wordpress 3.0.2 released
2010-11-26/a>
Mark Hofman
Using password cracking as metric/indicator for the organisation's security posture
2010-08-27/a>
Mark Hofman
FTP Brute Password guessing attacks
2010-05-19/a>
Kyle Haugsness
Wordpress blog attacks... again
2010-05-10/a>
Toby Kohlenberg
Another round of WordPress Attacks
2010-03-30/a>
Pedro Bueno
Sharing the Tools
2010-02-25/a>
Chris Carboni
Pass The Hash
2010-02-05/a>
Jim Clausing
WordPress iframe injection?
2010-02-02/a>
Johannes Ullrich
Twitter Mass Password Reset due to Phishing
2009-12-04/a>
Daniel Wesemann
The economics of security advice (MSFT research paper)
2009-11-30/a>
Bojan Zdrnja
Distributed Wordpress admin account cracking
2009-11-02/a>
Daniel Wesemann
Password rules: Change them every 25 years
2009-10-23/a>
Johannes Ullrich
Little new tool: reversing md5/sha1 hashes http://isc.sans.org/tools/reversehash.html
2009-10-21/a>
Pedro Bueno
WordPress Hardening
2009-08-11/a>
Swa Frantzen
Wordpress unauthenticated administrator password reset
2008-11-11/a>
Swa Frantzen
Phishing for Google adwords
2008-09-22/a>
Jim Clausing
Lessons learned from the Palin (and other) account hijacks
2008-09-09/a>
Swa Frantzen
wordpress upgrade
2008-07-17/a>
Mari Nichols
Adobe Reader 9 Released
2008-07-09/a>
Johannes Ullrich
Unpatched Word Vulnerability
2008-04-23/a>
Mari Nichols
What's New, Old and Morphing?
DOC
2024-10-02/a>
Jim Clausing
Security related Docker containers
2024-03-29/a>
Xavier Mertens
Quick Forensics Analysis of Apache logs
2023-12-31/a>
Tom Webb
Pi-Hole Pi4 Docker Deployment
2023-08-12/a>
Guy Bruneau
DShield Sensor Monitoring with a Docker ELK Stack [Guest Diary]
2023-07-07/a>
Xavier Mertens
DSSuite (Didier's Toolbox) Docker Image Update
2023-05-07/a>
Didier Stevens
Quickly Finding Encoded Payloads in Office Documents
2023-04-28/a>
Xavier Mertens
Quick IOC Scan With Docker
2023-02-05/a>
Didier Stevens
Video: Analyzing Malicious OneNote Documents
2023-02-01/a>
Didier Stevens
Detecting (Malicious) OneNote Files
2022-09-24/a>
Didier Stevens
Maldoc Analysis Info On MalwareBazaar
2022-09-16/a>
Didier Stevens
Word Maldoc With CustomXML and Renamed VBAProject.bin
2022-09-10/a>
Guy Bruneau
Phishing Word Documents with Suspicious URL
2022-09-09/a>
Didier Stevens
Maldoc With Decoy BASE64
2022-09-04/a>
Didier Stevens
Video: VBA Maldoc & UTF7 (APT-C-35)
2022-08-29/a>
Didier Stevens
Update: VBA Maldoc & UTF7 (APT-C-35)
2022-08-16/a>
Didier Stevens
VBA Maldoc & UTF7 (APT-C-35)
2022-07-10/a>
Guy Bruneau
Excel 4 Emotet Maldoc Analysis using CyberChef
2022-06-12/a>
Didier Stevens
Quickie: Follina, RTF & Explorer Preview Pane
2022-06-06/a>
Didier Stevens
"ms-msdt" RTF Maldoc Analysis: oledump Plugins
2022-06-05/a>
Didier Stevens
Analysis Of An "ms-msdt" RTF Maldoc
2022-05-02/a>
Didier Stevens
Detecting VSTO Office Files With ExifTool
2022-04-24/a>
Didier Stevens
Analyzing a Phishing Word Document
2022-04-17/a>
Didier Stevens
Video: Office Protects You From Malicious ISO Files
2022-04-16/a>
Didier Stevens
Office Protects You From Malicious ISO Files
2022-04-10/a>
Didier Stevens
Video: Method For String Extraction Filtering
2022-04-09/a>
Didier Stevens
Method For String Extraction Filtering
2022-03-30/a>
Didier Stevens
Quickie: Parsing XLSB Documents
2022-03-27/a>
Didier Stevens
Video: Maldoc Cleaned by Anti-Virus
2021-11-28/a>
Didier Stevens
Video: YARA Rules for Office Maldocs
2021-11-23/a>
Didier Stevens
YARA Rule for OOXML Maldocs: Less False Positives
2021-11-14/a>
Didier Stevens
Video: Obfuscated Maldoc: Reversed BASE64
2021-10-20/a>
Xavier Mertens
Thanks to COVID-19, New Types of Documents are Lost in The Wild
2021-10-03/a>
Didier Stevens
Video: CVE-2021-40444 Maldocs: Extracting URLs
2021-09-25/a>
Didier Stevens
Strings Analysis: VBA & Excel4 Maldoc
2021-09-25/a>
Didier Stevens
Video: Strings Analysis: VBA & Excel4 Maldoc
2021-09-22/a>
Didier Stevens
An XML-Obfuscated Office Document (CVE-2021-40444)
2021-09-19/a>
Didier Stevens
Video: Simple Analysis Of A CVE-2021-40444 .docx Document
2021-09-18/a>
Didier Stevens
Simple Analysis Of A CVE-2021-40444 .docx Document
2021-06-28/a>
Didier Stevens
CFBF Files Strings Analysis
2021-04-22/a>
Xavier Mertens
How Safe Are Your Docker Images?
2021-02-28/a>
Didier Stevens
Maldocs: Protection Passwords
2021-02-23/a>
Jan Kopriva
Qakbot in a response to Full Disclosure post
2021-02-22/a>
Didier Stevens
Unprotecting Malicious Documents For Inspection
2021-02-21/a>
Didier Stevens
DDE and oledump
2021-01-26/a>
Brad Duncan
TA551 (Shathak) Word docs push Qakbot (Qbot)
2021-01-24/a>
Didier Stevens
Video: Doc & RTF Malicious Document
2021-01-23/a>
Didier Stevens
CyberChef: Analyzing OOXML Files for URLs
2021-01-18/a>
Didier Stevens
Doc & RTF Malicious Document
2021-01-10/a>
Didier Stevens
Maldoc Analysis With CyberChef
2021-01-09/a>
Didier Stevens
Maldoc Strings Analysis
2020-12-24/a>
Xavier Mertens
Malicious Word Document Delivering an Octopus Backdoor
2020-12-15/a>
Didier Stevens
Analyzing FireEye Maldocs
2020-11-22/a>
Didier Stevens
Quick Tip: Extracting all VBA Code from a Maldoc - JSON Format
2020-10-31/a>
Didier Stevens
More File Selection Gaffes
2020-10-26/a>
Didier Stevens
Excel 4 Macros: "Abnormal Sheet Visibility"
2020-10-14/a>
Brad Duncan
More TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-08-31/a>
Didier Stevens
Finding The Original Maldoc
2020-08-29/a>
Didier Stevens
Malicious Excel Sheet with a NULL VT Score: More Info
2020-08-19/a>
Xavier Mertens
Example of Word Document Delivering Qakbot
2020-08-16/a>
Didier Stevens
Small Challenge: A Simple Word Maldoc - Part 3
2020-08-07/a>
Brad Duncan
TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-08-02/a>
Didier Stevens
Small Challenge: A Simple Word Maldoc
2020-07-15/a>
Brad Duncan
Word docs with macros for IcedID (Bokbot)
2020-07-12/a>
Didier Stevens
Maldoc: VBA Purging Example
2020-06-12/a>
Xavier Mertens
Malicious Excel Delivering Fileless Payload
2020-06-01/a>
Didier Stevens
XLMMacroDeobfuscator: An Update
2020-05-24/a>
Didier Stevens
Zloader Maldoc Analysis With xlm-deobfuscator
2020-05-20/a>
Brad Duncan
Microsoft Word document with malicious macro pushes IcedID (Bokbot)
2020-04-30/a>
Xavier Mertens
Collecting IOCs from IMAP Folder
2020-04-26/a>
Didier Stevens
Video: Malformed .docm File
2020-04-18/a>
Guy Bruneau
Maldoc Falsely Represented as DOCX Invoice Redirecting to Fake Apple Store
2020-04-06/a>
Didier Stevens
Password Protected Malicious Excel Files
2020-04-05/a>
Guy Bruneau
Maldoc XLS Invoice with Excel 4 Macros
2020-04-04/a>
Didier Stevens
New Bypass Technique or Corrupt Word Document?
2020-03-29/a>
Didier Stevens
Obfuscated Excel 4 Macros
2020-03-09/a>
Didier Stevens
Malicious Spreadsheet With Data Connection and Excel 4 Macros
2020-02-24/a>
Didier Stevens
Maldoc: Excel 4 Macros and VBA, Devil and Angel?
2020-02-23/a>
Didier Stevens
Maldoc: Excel 4 Macros in OOXML Format
2020-01-22/a>
Brad Duncan
German language malspam pushes Ursnif
2020-01-09/a>
Xavier Mertens
Quick Analyzis of a(nother) Maldoc
2019-12-22/a>
Didier Stevens
Extracting VBA Macros From .DWG Files
2019-12-16/a>
Didier Stevens
Malicious .DWG Files?
2019-12-14/a>
Didier Stevens
(Lazy) Sunday Maldoc Analysis: A Bit More ...
2019-12-09/a>
Didier Stevens
(Lazy) Sunday Maldoc Analysis
2019-08-15/a>
Didier Stevens
Analysis of a Spearphishing Maldoc
2019-07-28/a>
Didier Stevens
Video: Analyzing Compressed PowerShell Scripts
2019-07-06/a>
Didier Stevens
Malicious XSL Files
2019-07-05/a>
Didier Stevens
A "Stream O" Maldoc
2019-07-01/a>
Didier Stevens
Maldoc: Payloads in User Forms
2019-05-28/a>
Didier Stevens
Office Document & BASE64? PowerShell!
2019-05-10/a>
Xavier Mertens
DSSuite - A Docker Container with Didier's Tools
2019-05-01/a>
Didier Stevens
VBA Office Document: Which Version?
2019-04-27/a>
Didier Stevens
Quick Tip for Dissecting CVE-2017-11882 Exploits
2019-04-23/a>
Didier Stevens
Malicious VBA Office Document Without Source Code
2019-03-31/a>
Didier Stevens
Maldoc Analysis of the Weekend by a Reader
2019-03-25/a>
Didier Stevens
"VelvetSweatshop" Maldocs: Shellcode Analysis
2019-03-23/a>
Didier Stevens
"VelvetSweatshop" Maldocs
2019-03-17/a>
Didier Stevens
Video: Maldoc Analysis: Excel 4.0 Macro
2019-03-16/a>
Didier Stevens
Maldoc: Excel 4.0 Macros
2019-02-27/a>
Didier Stevens
Maldoc Analysis by a Reader
2019-02-17/a>
Didier Stevens
Video: Finding Property Values in Office Documents
2019-02-16/a>
Didier Stevens
Finding Property Values in Office Documents
2019-02-11/a>
Didier Stevens
Have You Seen an Email Virus Recently?
2019-02-10/a>
Didier Stevens
Video: Maldoc Analysis of the Weekend
2019-02-09/a>
Didier Stevens
Maldoc Analysis of the Weekend
2019-01-26/a>
Didier Stevens
Video: Analyzing Encrypted Malicious Office Documents
2019-01-11/a>
Didier Stevens
Quick Maldoc Analysis
2019-01-07/a>
Didier Stevens
Analyzing Encrypted Malicious Office Documents
2019-01-02/a>
Didier Stevens
Maldoc with Nonfunctional Shellcode
2018-12-29/a>
Didier Stevens
Video: De-DOSfuscation Example
2018-12-17/a>
Didier Stevens
Password Protected ZIP with Maldoc
2018-12-12/a>
Didier Stevens
Yet Another DOSfuscation Sample
2018-12-07/a>
Remco Verhoef
A Dive into malicious Docker Containers
2018-12-03/a>
Didier Stevens
Word maldoc: yet another place to hide a command
2018-11-26/a>
Russ McRee
ViperMonkey: VBA maldoc deobfuscation
2018-11-23/a>
Didier Stevens
Video: Dissecting a CVE-2017-11882 Exploit
2018-11-10/a>
Didier Stevens
Video: CyberChef: BASE64/XOR Recipe
2018-11-02/a>
Didier Stevens
TriJklcj2HIUCheDES decryption failed?
2018-10-16/a>
Didier Stevens
CyberChef: BASE64/XOR Recipe
2018-10-13/a>
Didier Stevens
Maldoc: Once More It's XOR
2018-10-01/a>
Didier Stevens
Decoding Custom Substitution Encodings with translate.py
2018-09-30/a>
Didier Stevens
When DOSfuscation Helps...
2018-08-25/a>
Didier Stevens
Microsoft Publisher malware: static analysis
2018-08-05/a>
Didier Stevens
Video: Maldoc analysis with standard Linux tools
2018-07-30/a>
Didier Stevens
Malicious Word documents using DOSfuscation
2018-06-17/a>
Didier Stevens
Encrypted Office Documents
2018-05-01/a>
Xavier Mertens
Diving into a Simple Maldoc Generator
2018-02-02/a>
Xavier Mertens
Simple but Effective Malicious XLS Sheet
2018-01-28/a>
Didier Stevens
Is this a pentest?
2018-01-20/a>
Didier Stevens
An RTF phish
2018-01-02/a>
Didier Stevens
PDF documents & URLs: video
2017-12-31/a>
Didier Stevens
Analyzing TNEF files
2017-12-25/a>
Didier Stevens
Dealing with obfuscated RTF files
2017-12-24/a>
Didier Stevens
PDF documents & URLs: update
2017-12-23/a>
Didier Stevens
Encrypted PDFs
2017-12-19/a>
Xavier Mertens
Example of 'MouseOver' Link in a Powerpoint File
2017-12-18/a>
Didier Stevens
Phish or scam? - Part 2
2017-12-17/a>
Didier Stevens
Phish or scam? - Part 1
2017-12-09/a>
Didier Stevens
Sometimes it's a dud
2017-11-06/a>
Didier Stevens
Metasploit's Maldoc
2017-11-05/a>
Didier Stevens
Extracting the text from PDF documents
2017-11-04/a>
Didier Stevens
PDF documents & URLs
2017-09-28/a>
Xavier Mertens
The easy way to analyze huge amounts of PCAP data
2017-09-10/a>
Didier Stevens
It is a resume - Part 3
2017-08-20/a>
Didier Stevens
It's Not An Invoice ...
2017-08-17/a>
Xavier Mertens
Maldoc with auto-updated link
2017-08-10/a>
Didier Stevens
Maldoc Analysis with ViperMonkey
2017-07-29/a>
Didier Stevens
Maldoc Submitted and Analyzed
2017-07-28/a>
Didier Stevens
Static Analysis of Emotet Maldoc
2017-07-15/a>
Didier Stevens
Office maldoc + .lnk
2017-07-10/a>
Didier Stevens
Basic Office maldoc analysis
2017-05-03/a>
Bojan Zdrnja
OAUTH phishing against Google Docs ? beware!
2017-04-28/a>
Xavier Mertens
Another Day, Another Obfuscation Technique
2017-04-23/a>
Didier Stevens
Malicious Documents: A Bit Of News
2017-04-21/a>
Xavier Mertens
Analysis of a Maldoc with Multiple Layers of Obfuscation
2017-03-05/a>
Didier Stevens
Another example of maldoc string obfuscation, with extra bonus: UAC bypass
2017-02-26/a>
Didier Stevens
CRA Maldoc Analysis
2016-12-24/a>
Didier Stevens
Pinging All The Way
2016-12-10/a>
Didier Stevens
Sleeping VBS Really Wants To Sleep
2016-12-05/a>
Didier Stevens
Hancitor Maldoc Videos
2016-11-18/a>
Didier Stevens
VBA Shellcode and Windows 10
2016-11-12/a>
Didier Stevens
VBA Shellcode and EMET
2016-11-05/a>
Xavier Mertens
Full Packet Capture for Dummies
2016-10-17/a>
Didier Stevens
Maldoc VBA Anti-Analysis: Video
2016-10-16/a>
Didier Stevens
Analyzing Office Maldocs With Decoder.xls
2016-10-15/a>
Didier Stevens
Maldoc VBA Anti-Analysis
2016-10-13/a>
Jim Clausing
New tool: docker-mount.py
2016-09-26/a>
Didier Stevens
VBA and P-code
2016-09-13/a>
Rob VandenBrink
If it's Free, YOU are the Product
2016-08-06/a>
Didier Stevens
rtfdump
2016-07-30/a>
Didier Stevens
rtfobj
2016-07-29/a>
Didier Stevens
Malicious RTF Files
2016-07-19/a>
Didier Stevens
Office Maldoc: Let's Focus on the VBA Macros Later...
2016-06-01/a>
Xavier Mertens
Docker Containers Logging
2016-03-29/a>
Didier Stevens
VBE: Encoded VBS Script
2016-03-15/a>
Xavier Mertens
Dockerized DShield SSH Honeypot
2016-03-11/a>
Jim Clausing
Forensicating Docker, Part 1
2016-02-21/a>
Didier Stevens
Tip: Quick Analysis of Office Maldoc
2016-01-11/a>
Didier Stevens
BlackEnergy .XLS Dropper
2015-12-26/a>
Didier Stevens
Malfunctioning Malware
2015-11-21/a>
Didier Stevens
Maldoc Social Engineering Trick
2015-09-19/a>
Didier Stevens
Don't launch that file Adobe Reader!
2015-08-28/a>
Didier Stevens
Test File: PDF With Embedded DOC Dropping EICAR
2015-08-26/a>
Didier Stevens
PDF + maldoc1 = maldoc2
2015-05-15/a>
Didier Stevens
Another Maldoc? I'm Afraid So...
2015-05-09/a>
Didier Stevens
Malicious Word Document: This Time The Maldoc Is A MIME File
2015-04-10/a>
Didier Stevens
The Kill Chain: Now With Pastebin
2015-03-30/a>
Didier Stevens
YARA Rules For Shellcode
2015-03-14/a>
Didier Stevens
Maldoc VBA Sandbox/Virtualization Detection
2015-02-20/a>
Tom Webb
Fast analysis of a Tax Scam
2013-05-20/a>
Guy Bruneau
Safe - Tools, Tactics and Techniques
2010-10-26/a>
Pedro Bueno
Cyber Security Awareness Month - Day 26 - Sharing Office Files
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Contact Us
Contact Us
About Us
Handlers
About Us
Slack Channel
Mastodon
Bluesky
X
Make the web a better place by
sharing the SANS Internet Storm Center
with others