| 02/08/2010 |
My Blackhat DC Paper, Slides, and Video are available |
Tom Cross |
| 01/15/2010 |
The Google Attacks |
Tom Cross |
| 01/14/2010 |
My talk at the upcoming Blackhat DC conference |
Tom Cross |
| 12/18/2009 |
A New Years Resolution - Find out how your corporate domain name is managed. |
Tom Cross |
| 12/17/2009 |
Reflecting on NTLM Reflection |
Takehiro Takahashi |
| 12/09/2009 |
Blackhat Demo Explained |
Chris Valasek |
| 11/25/2009 |
No Thanks Koobface |
Jon Larimer |
| 11/23/2009 |
Internet Explorer CSS 0day likely to take off |
Robert Freeman |
| 11/12/2009 |
Stealing Cookies with SSL Renegotiation |
Tom Cross |
| 11/06/2009 |
...and while we're talking about MITM... |
Tom Cross |
| 11/06/2009 |
You can relax about the SSL break, mostly. |
Tom Cross |
| 10/19/2009 |
Gumblar Reloaded |
John Kuhn and Ryan McNulty with a little help from Holly Stewart |
| 10/09/2009 |
Yes, Phishing is Back |
Ralf Iffert and Holly Stewart |
| 09/09/2009 |
SockStress Vulnerabilities Patched |
Tom Cross |
| 09/09/2009 |
SMB 0-Day |
Chris Valasek |
| 08/28/2009 |
Key findings in the Mid-Year Trend and Risk Report |
Holly Stewart |
| 08/12/2009 |
Challenges With The ISC Bind Vulnerability |
Daniel Hanley, Takehiro Takahashi, and David Gibson |
| 07/28/2009 |
Recent Microsoft Collaboration |
Kris Lamb |
| 07/28/2009 |
Required Reading for our Blackhat Talk |
John McDonald |
| 07/20/2009 |
A second Blackhat '09 talk |
Chris Valasek |
| 07/17/2009 |
Upcoming Blackhat '09 Talk |
Mark Dowd |
| 06/26/2009 |
Spam & Phishing, A Reflection Of The Times |
Dan Holden |
| 06/12/2009 |
Adobe Vulnerabilities |
Mark Dowd |
| 06/09/2009 |
A VB Runtime Bug and Critical Section Lock Exploitation |
Robert Freeman |
| 06/08/2009 |
Conficker SQL Injection connection or coincidence? |
Jennifer Szkatulski, John Kuhn, and Ryan McNulty |
| 05/08/2009 |
SQL Injection Lessons from X-Force Emergency Response Service Investigations |
Harlan Carvey |
| 05/05/2009 |
No Sleep for Conficker on Cinco de Mayo |
Holly Stewart |
| 05/04/2009 |
Image spam - reborn and trying to rejuvinate YOUR health! |
Ralf Iffert & Holly Stewart |
| 04/09/2009 |
Updated Stats for Conficker.C |
Hollly Stewart |
| 04/02/2009 |
Counting Confickers |
Holly Stewart |
| 04/01/2009 |
Conficker 'round the world |
John Kuhn |
| 04/01/2009 |
April Fools in July? |
Holly Stewart |
| 03/30/2009 |
Who is watching your Conficker? |
Holly Stewart |
| 03/25/2009 |
Why Chicks Dig IE8 |
Mark Dowd |
| 03/21/2009 |
Blinkered Thoughts on 'Smart Grid' Security |
Gunter Ollmann |
| 03/19/2009 |
Cyberheists & Keyloggers |
Gunter Ollmann |
| 03/17/2009 |
Adobe JBIG2... going big? |
John Kuhn and Holly Stewart |
| 03/06/2009 |
RSA 2009 - Security Ergonomics & back-office anti-fraud protection techniques |
Gunter Ollmann |
| 02/23/2009 |
Adobe Reader Woes, Again |
Jennifer Szkatulski, John Kuhn, and Holly Stewart |
| 02/17/2009 |
Top-10 Vulnerability Discoverers of All Time (as well as 2008) - Who's in Pole Position? |
Gunter Ollmann |
| 02/12/2009 |
Anti-virus Vendors Succumbing to SQL Injection |
Gunter Ollmann |
| 02/02/2009 |
2008 Annual Security Trend and Risk Report Now Available - and a Great Read too! |
Gunter Ollmann |
| 01/30/2009 |
Preview of the 2008 X-Force Trend and Risk Report |
Holly Stewart |
| 01/29/2009 |
Thoughts on Conficker |
Tom Cross |
| 01/26/2009 |
Social Network Denial of Service (SDoS)? |
Gunter Ollmann |
| 01/20/2009 |
Largest Data Breach So Far? Heartland Payment Systems |
Gunter Ollmann |
| 01/09/2009 |
Week of (everyone else's) Security Predictions 2009 - Day 5 |
Gunter Ollmann |
| 01/08/2009 |
Week of (everyone else's) Security Predictions 2009 - Day 4 |
Gunter Ollmann |
| 01/07/2009 |
Week of (everyone else's) Security Predictions 2009 - Day 3 |
Gunter Ollmann |
| 01/06/2009 |
Week of (everyone else's) Security Predictions 2009 - Day 2 |
Gunter Ollmann |
| 01/05/2009 |
Week of (everyone else’s) Security Predictions 2009 – Day 1 |
Gunter Ollmann |
| 12/15/2008 |
Going Nuclear - Cyber-threats for Nuclear Power Plants |
Gunter Ollmann |
| 12/12/2008 |
Apparently Hackers Have Been Helping to Destroy the Amazon Rainforest |
Gunter Ollmann |
| 12/05/2008 |
Spam - Back Up to 50% Capacity |
Carsten Hagemann |
| 12/04/2008 |
Infected Advertising - Wrongful Delegation of Malware Responsibility |
Gunter Ollmann |
| 12/01/2008 |
Making the Web more secure and a bit greener too? |
Gunter Ollmann |
| 11/26/2008 |
What You May Have Missed About CVE-2008-0017: A Firefox NULL Dereference Bug |
Justin Schuh |
| 11/25/2008 |
McColo Takedown: Changes in International Spam Distribution and Asprox Botnet Activity |
Ralf Iffert, John Kuhn, and Holly Stewart |
| 11/24/2008 |
From Virus to Parasite – The Parasitic Era of Malware |
Gunter Ollmann |
| 11/16/2008 |
CSI 2008 – Web Security, Cloud Computing and the Man-in-the-browser |
Gunter Ollmann |
| 11/10/2008 |
The Scoop on the X-Force TrendMicro Advisories |
David Dewey |
| 11/05/2008 |
Stopping PDF Malware At The Network |
John Kuhn |
| 11/04/2008 |
How do you continue to do business with malware infected customers? |
Gunter Ollmann |
| 10/29/2008 |
Beating the Man-in-the-browser with a ZTIC |
Gunter Ollmann |
| 10/27/2008 |
Tougher times for exploit developers, but more at risk |
Gunter Ollmann |
| 10/23/2008 |
Microsoft publishes great technical information |
Tom Cross |
| 10/01/2008 |
Conference Time – OWASP and VB2008 |
Gunter Ollmann |
| 09/22/2008 |
Disgruntled Job Losers and their Insider Threat |
Gunter Ollmann |
| 09/22/2008 |
Has your webmail been hacked? |
Andi Baritchi |
| 09/19/2008 |
Protecting your Webmail - Updated (Twice) |
Tom Cross |
| 09/08/2008 |
Recovering (someone else’s) Email Password |
Gunter Ollmann |
| 09/02/2008 |
Internal Security Expertise - Have you got the balance right? |
Gunter Ollmann |
| 08/29/2008 |
Hackers Prepare UK Supermarket Sweep |
Gunter Ollmann |
| 08/28/2008 |
OWASP 2008 - “Multidisciplinary Bank Attacks” |
Gunter Ollmann |
| 08/10/2008 |
Web Browser Incompatibilities |
Gunter Ollmann |
| 08/04/2008 |
Blackhat & DefCon - Las Vegas 2008 |
Gunter Ollmann |
| 08/01/2008 |
A Quick Note on Sun's SNMPXDMI Agent
|
Jamie Licitra
|
| 07/28/2008 |
Mid-Year Threat Report |
Holly Stewart |
| 07/25/2008 |
Meaningless Malware Counting? |
Gunter Ollmann |
| 07/25/2008 |
Responding to the DNS vulnerability and attacks |
Tom Cross |
| 07/22/2008 |
Kaminsky DNS attack leaked |
Tom Cross |
| 07/18/2008 |
Cyberspying |
Gunter Ollmann |
| 07/14/2008 |
More on DNS Cache Poisoning and Network Address Translation |
Tom Cross |
| 07/14/2008 |
Strategic Security – Cloud-based MSS |
Gunter Ollmann |
| 07/10/2008 |
(UPDATED) DNS Cache Poisoning and Network Address Translation |
Tom Cross |
| 07/07/2008 |
Trojans on the up |
Gunter Ollmann |
| 07/02/2008 |
637 million Excuses |
Gunter Ollmann |
| 07/01/2008 |
637 million Users Vulnerable to Attack |
Gunter Ollmann |
| 06/12/2008 |
Strategic Security – Embedding it |
Gunter Ollmann |
| 06/11/2008 |
CanSecWest Follow-Up: MJPEG Vulnerability |
Mark Dowd |
| 06/10/2008 |
Why you must run Windows Update after every component installation |
Chris Valasek |
| 06/09/2008 |
DIY Credit Card - Chips and Smart Cards |
Gunter Ollmann |
| 06/03/2008 |
DIY Credit Cards |
Gunter Ollmann |
| 05/28/2008 |
Global Innovation Outlook - Security and Society |
Gunter Ollmann |
| 04/29/2008 |
I'm Feeling Lucky |
Robert Freeman |
| 04/24/2008 |
Are you Feeling Lucky? |
Gunter Ollmann |
| 04/23/2008 |
More on Automatic Patch Based Exploit Generation |
Tom Cross |
| 04/22/2008 |
"Automatic Patch-Based Exploit Generation is Possible" - So say we all. |
Gunter Ollmann |
| 04/14/2008 |
CAPTCHA's and Mechanical Turks |
Gunter Ollmann |
| 04/11/2008 |
Flash |
Mark Dowd |
| 04/01/2008 |
A Second-order of XSS |
Gunter Ollmann |
| 03/29/2008 |
The Cost of Networking @ Blackhat |
Gunter Ollmann |
| 03/28/2008 |
Apple Crumble @ Blackhat |
Gunter Ollmann |
| 03/25/2008 |
Excel exploit (MS08-014) in the wild |
Robert Freeman |
| 03/16/2008 |
Security Ergonomics |
Gunter Ollmann |
| 03/14/2008 |
Xensploit: A recipe for attention |
Kevin Skapinetz |
| 03/13/2008 |
Mass Attack - March Madness? |
Gunter Ollmann |
| 02/29/2008 |
Timely Disclosure? |
Mark Dowd |
| 02/29/2008 |
Chip and PIN Tampering |
Gunter Ollmann |
| 02/25/2008 |
Evolving Beyond CAPTCHA |
Gunter Ollmann |
| 02/12/2008 |
Remotely Exploitable Trends in 2007 |
Gunter Ollmann |
| 02/11/2008 |
The Vulnerability Disclosure Rate in 2007 |
Gunter Ollmann |
| 02/08/2008 |
2007 X-Force Report Preview - Malcode Trends |
Kris Lamb |
| 02/07/2008 |
2007 X-Force Report Preview - Web Content Trends |
Kris Lamb |
| 02/06/2008 |
2007 X-Force Report Preview - Spam and Phishing Trends |
Kris Lamb |
| 02/05/2008 |
2007 X-Force Report Preview - Browser Exploitation Trends |
Kris Lamb |
| 02/05/2008 |
2007 X-Force Report Preview - Vulnerability Trends |
Kris Lamb |
| 01/17/2008 |
Protection Problems with MS08-001 |
Holly Stewart |
| 01/08/2008 |
Vulnerabilities in MS TCP/IP - MS08-001 |
Chris Valasek |
| 11/30/2007 |
Phishers test the water with shorter hooks |
Ralf Iffert |
| 11/26/2007 |
Do Not Call List—R.I.P. |
Dan Ingevaldson |
| 11/20/2007 |
Placing a Value on Passwords |
Gunter Ollmann |
| 11/12/2007 |
Psst... wanna buy some credit cards? |
Gunter Ollmann |
| 11/09/2007 |
Jihad 3.0 Analysis |
Mark Yason and Chris Valasek |
| 10/23/2007 |
PDF Spam 2.0 |
Ralf Iffert |
| 10/22/2007 |
XSOX.NAME and Proxy Bots |
Gunter Ollmann |
| 10/19/2007 |
Heard any good spam lately? |
Ralf Iffert |
| 10/16/2007 |
RFID Worms - Fact or Fiction? |
Gunter Ollmann |
| 10/15/2007 |
Anti-malware’s backward brother |
Gunter Ollmann |
| 10/04/2007 |
There's a Storm Coming |
Will Irace |
| 10/01/2007 |
Phishing Tsunami Passes |
Gunter Ollmann |
| 09/21/2007 |
Virtualization and Security |
Kris Lamb |
| 09/20/2007 |
Charitable Donations on Your Behalf |
Gunter Ollmann |
| 09/17/2007 |
The Low and Slow threat |
Dan Holden |
| 09/17/2007 |
Phishing on the Fly |
Gunter Ollmann |
| 09/12/2007 |
Ultimate Data Storage - Microfiche? |
Gunter Ollmann |
| 08/30/2007 |
The Short Path to Deniability |
Gunter Ollmann |
| 08/22/2007 |
Who's funding Pirate Bay this week? |
Gunter Ollmann |
| 08/20/2007 |
The End of One-man-show Phishing Attacks? |
Gunter Ollmann |
| 08/19/2007 |
Old Threats Never Die |
Gunter Ollmann |
| 08/15/2007 |
International Money Mule Recruitment – Part II - The Recruitment Site |
Gunter Ollmann |
| 08/15/2007 |
CLPWN |
Gunter Ollmann |
| 08/14/2007 |
International Money Mule Recruitment – Part I – The FAQ |
Gunter Ollmann |
| 08/10/2007 |
Cisco IOS IPv6 Routing Header Information Leak |
Tom Cross |
| 08/10/2007 |
Demand More |
Jon Amato |
| 08/08/2007 |
Social Network Hacking |
Gunter Ollmann |
| 08/07/2007 |
Black Hat 2007 |
Jean Paul Ballerini |
| 08/04/2007 |
Vulnerability Brokers |
Gunter Ollmann |
| 07/31/2007 |
The Mule Trade |
Gunter Ollmann |
| 07/26/2007 |
Behavioral Detection and ATM Theft |
Mark Vincent Yason |
| 07/24/2007 |
Top-10 Vulnerable Vendors |
Gunter Ollmann |
| 07/17/2007 |
PDF: The new spam frontier? |
Ralf Iffert |
| 07/11/2007 |
Phishing under the Microscope |
Gunter Ollmann |
| 07/04/2007 |
Heisenberg Uncertainty |
Gunter Ollmann |
| 07/01/2007 |
Firewall Spring Cleaning |
Gunter Ollmann |
| 06/28/2007 |
Spear Phishing and Whaling |
Gunter Ollmann |
| 06/24/2007 |
Web Browser Exploitation |
Gunter Ollmann |
| 06/20/2007 |
Reflecting on an “Italian Job” |
Robert Freeman |
| 06/18/2007 |
Busy Week for Phishing Kits |
Gunter Ollmann |
| 06/15/2007 |
SCH and Yahoo! Webcam ActiveX control vulnerabilities |
Mark Vincent Yason |
| 06/13/2007 |
Disclosure vs. Ethics |
Gunter Ollmann |
| 06/08/2007 |
Intellectual Weapons |
Tom Cross |
| 06/06/2007 |
Phishing Kits Classified |
Gunter Ollmann |
| 05/30/2007 |
Who do you trust? |
Dan Holden |
| 05/29/2007 |
Counting Vulnerabilities |
Gunter Ollmann |
| 05/24/2007 |
A Slowdown in Vulnerability Disclosure? |
Gunter Ollmann |
| 05/23/2007 |
The Vishing Guide
|
Gunter Ollmann
|
| 05/23/2007 |
x-Morphic Attack Engines
|
Gunter Ollmann
|
| 05/11/2007 |
X-Force Protection Engines |
Dan Holden |
| 03/19/2007 |
Microsoft Vista Vulnerability Ranking |
Gunter Ollmann |
| 03/08/2007 |
No new security patches from Microsoft for March |
Tom Cross |
| 02/21/2007 |
Stopping Botnet C&C on the Wire |
Gunter Ollmann
|
| 02/19/2007 |
Targeted or Personalized Attacks?
|
Gunter Ollmann
|
| 02/13/2007 |
February Microsoft Updates |
Tom Cross |
| 01/30/2007 |
ProfileWatcher on MySpace
|
Mark Vincent Yason |
| 01/14/2007 |
Violent Crime, CSI and Vulnerability Disclosure |
Gunter Ollmann |
| 01/09/2007 |
More on Key Management |
Tom Cross |
| 01/09/2007 |
January Microsoft Updates |
Tom Cross |
| 01/08/2007 |
Uptick in QQPlayer Exploit in the Wild |
Robert Freeman |
| 01/05/2007 |
Thoughts on Key Management |
Robert Freeman |
| 01/05/2007 |
Some Interesting Crypto Morsels |
Tom Cross |
| 01/04/2007 |
Serious PDF Cross Site Scripting Vulnerability |
Tom Cross |
| 01/02/2007 |
The End of 2006 - A Record 7247 Vulnerabilities! |
Gunter Ollmann |
| 12/18/2006 |
7000 new vulnerabilities so far |
Gunter Ollmann |
| 12/14/2006 |
From Botnet to Malnet |
Gunter Ollmann |
| 12/13/2006 |
10 Years of Flash! |
Gunter Ollmann |
| 12/12/2006 |
December Microsoft Patches |
Tom Cross |
| 12/11/2006 |
HTML Tag used to Obfuscate Exploit |
Robert Freeman |
| 11/14/2006 |
November Microsoft Patches |
Tom Cross |
| 11/10/2006 |
Google protecting the unwary |
Gunter Ollmann |
| 11/03/2006 |
New IE 0day Identified |
Robert Freeman |
| 11/02/2006 |
Software Developers Targeted by Web Exploit |
Robert Freeman |
| 10/26/2006 |
The Eavesdropper's Dilemma |
Tom Cross |
| 10/24/2006 |
A Surge of Redirection to a known IE ActiveX Exploit |
Robert Freeman |
| 10/19/2006 |
Browser Wars - Part 42? |
Gunter Ollmann |
| 10/18/2006 |
Webcams and Security - A match made in ...? |
Gunter Ollmann |
| 10/12/2006 |
Fuzzing Lays at the Heart of 2006 Vulnerability Increases |
Gunter Ollmann |
| 10/03/2006 |
Vulnerability Avalanche |
Gunter Ollmann |
