Papers and articles

• All My Sucuri posts are also available here: http://blog.sucuri.net/author/dcid
• Doing some notes (aka blog): http://dcid.me/notes/

2017

• 2017/Mar - GoDaddy+= Sucuri: Building a Security Platform For Every Website Owner (ext)
• 2017/Feb - WordPress REST API Vulnerability Abused in Defacement Campaigns (ext)

2016

• 2016/Oct - Joomla Exploits in the Wild Against CVE-2016-8870 and CVE-2016-8869 (ext)
• 2016/Oct - Security Through Confusion – The FUD Factor (ext)
• 2016/Sep - SSH Brute Force Compromises Leading to DDoS (ext)
• 2016/Sep - Product Update: Sucuri Firewall in Tokyo, Japan (ext)
• 2016/Sep - IoT Home Router Botnet Leveraged in Large DDoS Attack (ext)
• 2016/Aug - IPv4 vs IPv6 Performance Comparison (ext)
• 2016/Jul - PCI for SMB – Requirement 2- Do Not Use Defaults (ext)
• 2016/Jul - Realstatistics Malware Campaign Leads To Ransomware (ext)
• 2016/Jun - Large CCTV Botnet Leveraged in DDoS Attacks (ext)
• 2016/May - PCI for SMB: Requirement 1- Install and Maintain a Firewall (ext)
• 2016/May - Hacked Website Report – 2016/Q1 (ext)
• 2016/May - Analyzing ImageTragick Exploits in the Wild (ext)
• 2016/Apr - Sucuri Firewall: Free LetsEncrypt SSL Certs for Everyone (ext)
• 2016/Mar - Ask Sucuri: How Does Sucuri Clean a Website? (ext)
• 2016/Mar - Server Security: Indicators of Compromised Behavior with OSSEC (ext)
• 2016/Feb - Investigating a Compromised Server with Rootcheck (ext)
• 2016/Feb - WordPress Sites Leveraged in Layer 7 DDoS Campaigns (ext)
• 2016/Feb - Server Security: Import WordPress Events to OSSEC (ext)
• 2016/Jan - Server Security: OSSEC Integrates Slack and PagerDuty (ext)

2015

• 2015/Dec - Server Security: OSSEC Updated With GeoIP Support (ext)
• 2015/Nov - Sucuri += HTTP/2 — Announcing HTTP/2 Support (ext)
• 2015/Oct - Joomla SQL Injection Attacks in the Wild (ext)
• 2015/Oct - Brute Force Amplification Attacks Against WordPress XMLRPC (ext)
• 2015/Sep - WordPress Malware – Active VisitorTracker Campaign (ext)
• 2015/Sep - WordPress Brute Force Attacks – 2015 Threat Landscape (ext)
• 2015/Sep - Analyzing Popular Layer 7 Application DDoS Attacks (ext)
• 2015/Aug - Ask Sucuri: How Did My WordPress Website Get Hacked? – A Tutorial (ext)
• 2015/May - Introducing Free Global Website Performance Tool (ext)
• 2015/Apr - Magento Shoplift (SUPEE-5344) Exploits in the Wild (ext)
• 2015/Apr - Critical Magento Shoplift Vulnerability (SUPEE-5344) – Patch Immediately. (ext)
• 2015/Mar - Intro to E-Commerce and PCI Compliance – Part I (ext)
• 2015/Feb - Vulnerability Disclosures – A Note To Developers (ext)
• 2015/Jan - DDoS from China – Facebook, WordPress and Twitter Users Receiving Sucuri Error Pages (ext)
• 2015/Jan - Serious Vulnerability in VBSEO (ext)

2014

• 2014/Dec - RevSlider Vulnerability Leads To Massive WordPress SoakSoak Compromise
• 2014/Oct - Highly Critical SQL Injection Vulnerability Patched in Drupal Core (ext)
• 2014/Oct - WordPress Websites Continue to Get Hacked via MailPoet Plugin Vulnerability (ext)
• 2014/Sep - Anatomy of 2,000 Compromised Web Servers used in DDoS Attack (ext)
• 2014/Sep - Slider Revolution Plugin Critical Vulnerability Being Exploited (ext)
• 2014/Jul - New Brute Force Attacks Exploiting XMLRPC in WordPress (ext)
• 2014/Jun - SPAM Hack Targets WordPress Core Install Directories (ext)
• 2014/Mar - JCE Joomla Extension Attacks in the Wild (ext)
• 2014/Mar - More Than 162,000 WordPress Sites Used for Distributed Denial of Service Attack (ext)
• 2014/Feb - Sucuri CloudProxy Website Firewall Improvements (ext)
• 2014/Feb - PHP Backdoors: Hidden With Clever Use of Extract Function (ext)
• 2014/Jan - Website Mesh Networks Distributing Malware (ext)

2013

• 2013/Oct - Backdoor Evasion Using Encrypted Content (ext)
• 2013/Jun - New Apache Module Injection (ext)
• 2013/Jun - Apache PHP Injection to JavaScript Files (ext)
• 2013/Apr - Apache Binary Backdoors on Cpanel-based servers (ext)
• 2013/Apr - The WordPress Brute Force Attack Timeline (ext)
• 2013/Apr - When the metadata matters more than the data itself - Comment spam detection
• 2013/Mar - 2012 Web Malware Trends Report Summary (ext)
• 2013/Feb - Payday Loan Spam affecting Thousands of Sites (ext)
• 2013/Jan - Server Compromises – Understanding Apache Module iFrame Injections and Secure Shell Backdoor (ext)

2012

• 2012/Sep - Compromised Websites Hosting Calls to Java Exploit (ext)
• 2012/Aug - WordPress and Server Hardening – Taking Security to Another Level (ext)
• 2012/Jul - Analysis of Yahoo Voice Password Leak – 453,441 Passwords Exposed (ext)
• 2012/Jul - Distributed Malware Network Outbreak Using Stats.php (ext)
• 2012/Apr - Setting up OSSEC - Step by step
• 2012/Mar - A little tale about web site cross contamination (ext)
• 2012/Mar - Ask Sucuri: Talk More About Web-Based Malware (ext)

2011

• 2011/Sep - ASK Sucuri: What about the backdoors? (ext)
• 2011/Aug - Timthumb.php Security Vulnerability – Just the Tip of the Iceberg (ext)
• 2011/Jun - Phishing phone calls – Onlinesupport.com (ext)
• 2011/Mar - Good passwords
• 2011/Mar - Brute force attacks against WordPress sites (ext)
• 2011/Feb - Blocking repeated offenders with OSSEC

2010

• 2010/Oct - Contributing to Open Source Projects
• 2010/Jun - Cleaning SPAM from your WordPress blog (ext)
• 2010/Feb - Removing Malware from a WordPress blog – Case Study (ext)
• 2010/Feb - Colombia Government sites hacked (and spreading malware) (ext)
• 2010/Jan - Using OSSEC for the forensic analysis of log files (ext)
• 2010/Jan - Honeypot analysis – Looking at SSH scans (ext)
• 2010/Jan - Fingerprinting web applications

2007

• 2007/Jul - Attacking Log analysis tools (log injection)
• 2007/Jan - Chinese hacking and desinformation warfare

2006

• 2006/May - Log Analysis for Intrusion Detection

2004

• 2004/Feb - Primeiros passos no roteador Cisco - PDF (Cisco routers in pt-br)

2003

• 2003/Dec - 8 steps to secure your Cisco router - PDF
• 2003/Oct - Setting up a VPN with the the Cisco PIX firewall - PDF
• 2003/Jun - Introduction to the Cisco PIX Firewall - PDF