Navigation
index
Daniel Cid v2020
»
Papers and articles
¶
All My Sucuri posts are also available here:
http://blog.sucuri.net/author/dcid
Doing some notes (aka blog):
http://dcid.me/notes/
2017
¶
2017/Mar -
GoDaddy+= Sucuri: Building a Security Platform For Every Website Owner
(ext)
2017/Feb -
WordPress REST API Vulnerability Abused in Defacement Campaigns
(ext)
2016
¶
2016/Oct -
Joomla Exploits in the Wild Against CVE-2016-8870 and CVE-2016-8869
(ext)
2016/Oct -
Security Through Confusion – The FUD Factor
(ext)
2016/Sep -
SSH Brute Force Compromises Leading to DDoS
(ext)
2016/Sep -
Product Update: Sucuri Firewall in Tokyo, Japan
(ext)
2016/Sep -
IoT Home Router Botnet Leveraged in Large DDoS Attack
(ext)
2016/Aug -
IPv4 vs IPv6 Performance Comparison
(ext)
2016/Jul -
PCI for SMB – Requirement 2- Do Not Use Defaults
(ext)
2016/Jul -
Realstatistics Malware Campaign Leads To Ransomware
(ext)
2016/Jun -
Large CCTV Botnet Leveraged in DDoS Attacks
(ext)
2016/May -
PCI for SMB: Requirement 1- Install and Maintain a Firewall
(ext)
2016/May -
Hacked Website Report – 2016/Q1
(ext)
2016/May -
Analyzing ImageTragick Exploits in the Wild
(ext)
2016/Apr -
Sucuri Firewall: Free LetsEncrypt SSL Certs for Everyone
(ext)
2016/Mar -
Ask Sucuri: How Does Sucuri Clean a Website?
(ext)
2016/Mar -
Server Security: Indicators of Compromised Behavior with OSSEC
(ext)
2016/Feb -
Investigating a Compromised Server with Rootcheck
(ext)
2016/Feb -
WordPress Sites Leveraged in Layer 7 DDoS Campaigns
(ext)
2016/Feb -
Server Security: Import WordPress Events to OSSEC
(ext)
2016/Jan -
Server Security: OSSEC Integrates Slack and PagerDuty
(ext)
2015
¶
2015/Dec -
Server Security: OSSEC Updated With GeoIP Support
(ext)
2015/Nov -
Sucuri += HTTP/2 — Announcing HTTP/2 Support
(ext)
2015/Oct -
Joomla SQL Injection Attacks in the Wild
(ext)
2015/Oct -
Brute Force Amplification Attacks Against WordPress XMLRPC
(ext)
2015/Sep -
WordPress Malware – Active VisitorTracker Campaign
(ext)
2015/Sep -
WordPress Brute Force Attacks – 2015 Threat Landscape
(ext)
2015/Sep -
Analyzing Popular Layer 7 Application DDoS Attacks
(ext)
2015/Aug -
Ask Sucuri: How Did My WordPress Website Get Hacked? – A Tutorial
(ext)
2015/May -
Introducing Free Global Website Performance Tool
(ext)
2015/Apr -
Magento Shoplift (SUPEE-5344) Exploits in the Wild
(ext)
2015/Apr -
Critical Magento Shoplift Vulnerability (SUPEE-5344) – Patch Immediately.
(ext)
2015/Mar -
Intro to E-Commerce and PCI Compliance – Part I
(ext)
2015/Feb -
Vulnerability Disclosures – A Note To Developers
(ext)
2015/Jan -
DDoS from China – Facebook, WordPress and Twitter Users Receiving Sucuri Error Pages
(ext)
2015/Jan -
Serious Vulnerability in VBSEO
(ext)
2014
¶
2014/Dec -
RevSlider Vulnerability Leads To Massive WordPress SoakSoak Compromise
2014/Oct -
Highly Critical SQL Injection Vulnerability Patched in Drupal Core
(ext)
2014/Oct -
WordPress Websites Continue to Get Hacked via MailPoet Plugin Vulnerability
(ext)
2014/Sep -
Anatomy of 2,000 Compromised Web Servers used in DDoS Attack
(ext)
2014/Sep -
Slider Revolution Plugin Critical Vulnerability Being Exploited
(ext)
2014/Jul -
New Brute Force Attacks Exploiting XMLRPC in WordPress
(ext)
2014/Jun -
SPAM Hack Targets WordPress Core Install Directories
(ext)
2014/Mar -
JCE Joomla Extension Attacks in the Wild
(ext)
2014/Mar -
More Than 162,000 WordPress Sites Used for Distributed Denial of Service Attack
(ext)
2014/Feb -
Sucuri CloudProxy Website Firewall Improvements
(ext)
2014/Feb -
PHP Backdoors: Hidden With Clever Use of Extract Function
(ext)
2014/Jan -
Website Mesh Networks Distributing Malware
(ext)
2013
¶
2013/Oct -
Backdoor Evasion Using Encrypted Content
(ext)
2013/Jun -
New Apache Module Injection
(ext)
2013/Jun -
Apache PHP Injection to JavaScript Files
(ext)
2013/Apr -
Apache Binary Backdoors on Cpanel-based servers
(ext)
2013/Apr -
The WordPress Brute Force Attack Timeline
(ext)
2013/Apr -
When the metadata matters more than the data itself - Comment spam detection
2013/Mar -
2012 Web Malware Trends Report Summary
(ext)
2013/Feb -
Payday Loan Spam affecting Thousands of Sites
(ext)
2013/Jan -
Server Compromises – Understanding Apache Module iFrame Injections and Secure Shell Backdoor
(ext)
2012
¶
2012/Sep -
Compromised Websites Hosting Calls to Java Exploit
(ext)
2012/Aug -
WordPress and Server Hardening – Taking Security to Another Level
(ext)
2012/Jul -
Analysis of Yahoo Voice Password Leak – 453,441 Passwords Exposed
(ext)
2012/Jul -
Distributed Malware Network Outbreak Using Stats.php
(ext)
2012/Apr -
Setting up OSSEC - Step by step
2012/Mar -
A little tale about web site cross contamination
(ext)
2012/Mar -
Ask Sucuri: Talk More About Web-Based Malware
(ext)
2011
¶
2011/Sep -
ASK Sucuri: What about the backdoors?
(ext)
2011/Aug -
Timthumb.php Security Vulnerability – Just the Tip of the Iceberg
(ext)
2011/Jun -
Phishing phone calls – Onlinesupport.com
(ext)
2011/Mar -
Good passwords
2011/Mar -
Brute force attacks against WordPress sites
(ext)
2011/Feb -
Blocking repeated offenders with OSSEC
2010
¶
2010/Oct -
Contributing to Open Source Projects
2010/Jun -
Cleaning SPAM from your WordPress blog
(ext)
2010/Feb -
Removing Malware from a WordPress blog – Case Study
(ext)
2010/Feb -
Colombia Government sites hacked (and spreading malware)
(ext)
2010/Jan -
Using OSSEC for the forensic analysis of log files
(ext)
2010/Jan -
Honeypot analysis – Looking at SSH scans
(ext)
2010/Jan -
Fingerprinting web applications
2007
¶
2007/Jul -
Attacking Log analysis tools (log injection)
2007/Jan -
Chinese hacking and desinformation warfare
2006
¶
2006/May -
Log Analysis for Intrusion Detection
2004
¶
2004/Feb -
Primeiros passos no roteador Cisco - PDF (Cisco routers in pt-br)
2003
¶
2003/Dec -
8 steps to secure your Cisco router - PDF
2003/Oct -
Setting up a VPN with the the Cisco PIX firewall - PDF
2003/Jun -
Introduction to the Cisco PIX Firewall - PDF
Quick Links
About me
Daily notes (blog)
Security Texts
Projects and Research
About Sucuri
CleanBrowsing
OSSEC HIDS
Rootcheck
Old OSSEC Blog
Social
Email / PGP key
@danielcid on Twitter
Linkedin
My Projects
Sucuri
(My company)
CleanBrowsing
OSSEC
(the HIDS)
Gudado
(Uptime Monitor)
URLFind
(Crawler)
Ddecode
(PHP decoder)
Quick search
Enter search terms or a module, class or function name.
Navigation
index
Daniel Cid v2020
»