My research papers/articles

Here’s a master list of articles and papers I’ve written over the last decade.

Wire-Wire - A West African Cyber Threat (With James Bettke)
DCEPT: An Open-Source Honeytoken Tripwire (With James Bettke)
BGP Hijacking for Cryptocurrency Profit
Cryptocurrency-Stealing Malware Landscape (With Pat Litke)
Secrets of the Comfoo Masters (With Don Jackson)
Chasing APT
The Sin Digoo Affair
HTran and the Advanced Persistent Threat
Spambot Evolution 2011
Vecebot Trojan Analysis
BigBoss Check Counterfeiting Ring Exposé
BlackEnergy Version 2 Analysis
FFSearcher Firefox/IE Search Hijacker Analysis
Virut Encryption Analysis
Downadup/Conficker Worm Removal
Spam Botnets to Watch in 2009
Rogue Antivirus Dissected Part 1
Rogue Antivirus Dissected Part 2
The Return of Warezov
The Coreflood Report
Coreflood Removal for the Network Administrator
Coreflood/AFcore Trojan Analysis
Danmec/Asprox SQL Injection Attack Tool Analysis
Top Spam Botnets Exposed
Ozdok/Mega-D Trojan Analysis
Pushdo - Analysis of a Modern Malware Distribution System
Inside the “Ron Paul” Spam Botnet
HTTP DDoS Attack Mitigation Using Tarpitting
BBB Phishing Trojan Analysis
Storm Worm DDoS Attack
Rustock DDoS Attack
Speeding up Digg in Konqueror
Manually Unpacking a Morphine-Packed DLL with OllyDbg
Unpacking with OllyBonE
SpamThru Statistics
SpamThru Trojan Analysis
Mocbot/MS06-040 IRC Bot Analysis
Arhiveus Ransomware Trojan Analysis
Cryzip Ransomware Trojan Analysis
BlackWorm Statistics
BlackWorm Analysis
Key Dates in Past and Present Sober Variants
Slapper v2.0 - XML-RPC/Awstats Worm Analysis
Myfip Intellectual Property Theft Worm Analysis
Pay-per-Click Hijacking
Binary Difference Analysis via Phase Cancellation (OpenOffice presentation)
Dipnet/Oddbob Worm Analysis
Honeynet Project Scan of the Month 33 Analysis
Win32.Grams Account Siphoner Analysis
I-Worm.Baba Analysis
Akak Trojan Analysis
Zindos Worm Analysis
Submithook BHO Analysis
Berbew Trojan Analysis
Bobax Trojan Analysis
Dabber Worm Analysis
Sasser Worm Analysis
Witty Worm Analysis
Phatbot Analysis
BitTorrent and the Legitimate Use of P2P
MyDoom.C/Doomjuice.A Analysis
Sinit P2P Trojan Analysis
Autoproxy Trojan Analysis
Sobig.f Examined
Reverse-Proxy Spam Trojan - Migmaf
Sobig.e - Evolution of the Worm
Windows-Update Trojan
Popup Spam on port 1026
AdSubtract Proxy ACL Bypass Vulnerability
WebDav Exploits Exposed
Sobig.a and the Spam You Received Today
Register Article
ATD OpenSSL Mass Exploiter Analysis
DNS Cache Poisoning: The Next Generation
Alien Autopsy: Reverse Engineering Win32 Trojans on Linux
Slashdot Article
Reverse Engineering Hostile Code
Exposing the Underground: Adventures of an Open Proxy Server
Managed Security Services and the Incident-Handling Process (With Steven Drew)
Milkit: An Innovator of Old Technology (With Mike Wisener)
Predicting the Next Outbreak (With Steven Drew)
Detecting and Containing IRC-Controlled Trojans: When Firewalls, AV, and IDS Are Not Enough (With Corey Merchant)