Xavier – WindowsTechs.com

Hack.lu 2023 Wrap-Up

Posted on October 19, 2023 by Xavier

[Edit: Sorry for the “bullet-point” style, it was a lot of details to compile in this blog post] We were back at the Alvisse Parc Hotel after a break of four years! In 2022, only a light CTI summit was organized (see my wrap-up), but this year, hack.lu was back

The post Hack.lu 2023 Wrap-Up appeared first on /dev/random.

Continue reading Hack.lu 2023 Wrap-Up→

[SANS ISC] macOS: Who’s Behind This Network Connection?

Posted on August 26, 2023 by Xavier

Today, I published the following diary on isc.sans.edu: “macOS: Who’s Behind This Network Connection?“: When you must investigate suspicious behavior or work on an actual incident, you could be asked to determine who’s behind a network connection. From a pure network point of view, your firewall or any network security

The post [SANS ISC] macOS: Who’s Behind This Network Connection? appeared first on /dev/random.

Continue reading [SANS ISC] macOS: Who’s Behind This Network Connection?→

[SANS ISC] Python Malware Using Postgresql for C2 Communications

Posted on August 25, 2023 by Xavier

Today, I published the following diary on isc.sans.edu: “Python Malware Using Postgresql for C2 Communications“: For modern malware, having access to its C2 (Command and control) is a crucial point. There are many ways to connect to a C2 server using tons of protocols, but today, HTTP remains very common

The post [SANS ISC] Python Malware Using Postgresql for C2 Communications appeared first on /dev/random.

Continue reading [SANS ISC] Python Malware Using Postgresql for C2 Communications→

[SANS ISC] More Exotic Excel Files Dropping AgentTesla

Posted on August 23, 2023 by Xavier

Today, I published the following diary on isc.sans.edu: “More Exotic Excel Files Dropping AgentTesla”: Excel is an excellent target for attackers. The Microsoft Office suite is installed on millions of computers, and people trust these files. If we have the classic xls, xls, xlsm file extensions, Excel supports many others!

The post [SANS ISC] More Exotic Excel Files Dropping AgentTesla appeared first on /dev/random.

Continue reading [SANS ISC] More Exotic Excel Files Dropping AgentTesla→

[SANS ISC] Have You Ever Heard of the Fernet Encryption Algorithm?

Posted on August 22, 2023 by Xavier

Today, I published the following diary on isc.sans.edu: “Have You Ever Heard of the Fernet Encryption Algorithm?“: In cryptography, there is a gold rule that states to not develop your own algorithm because… it will be probably weak and broken! They are strong algorithms (like AES) that do a great job

The post [SANS ISC] Have You Ever Heard of the Fernet Encryption Algorithm? appeared first on /dev/random.

Continue reading [SANS ISC] Have You Ever Heard of the Fernet Encryption Algorithm?→

[SANS ISC] Quick Malware Triage With Inotify Tools

Posted on August 21, 2023 by Xavier

Today, I published the following diary on isc.sans.edu: “Quick Malware Triage With Inotify Tools“: When you handle a lot of malicious files, you must have a process and tools in place to speedup the analysis. It’s impossible to investigate all files and a key point is to find interesting files

The post [SANS ISC] Quick Malware Triage With Inotify Tools appeared first on /dev/random.

Continue reading [SANS ISC] Quick Malware Triage With Inotify Tools→

[SANS ISC] From a Zalando Phishing to a RAT

Posted on August 18, 2023 by Xavier

Today, I published the following diary on isc.sans.edu: “From a Zalando Phishing to a RAT“: Phishing remains a lucrative threat. We get daily emails from well-known brands (like DHL, PayPal, Netflix, Microsoft, Dropbox, Apple, etc). Recently, I received a bunch of phishing emails targeting Zalando customers. Zalando is a German

The post [SANS ISC] From a Zalando Phishing to a RAT appeared first on /dev/random.

Continue reading [SANS ISC] From a Zalando Phishing to a RAT→

[SANS ISC] Show me All Your Windows!

Posted on August 11, 2023 by Xavier

Today, I published the following diary on isc.sans.edu: “Show me All Your Windows!“: It’s a key point for attackers to implement anti-debugging and anti-analysis techniques. Anti-debugging means the malware will try to detect if it’s being debugged (executed in a debugger or its execution is slower than expected). Anti-analysis refers

The post [SANS ISC] Show me All Your Windows! appeared first on /dev/random.

Continue reading [SANS ISC] Show me All Your Windows!→

[SANS ISC] Are Leaked Credentials Dumps Used by Attackers?

Posted on August 4, 2023 by Xavier

Today, I published the following diary on isc.sans.edu: “Are Leaked Credentials Dumps Used by Attackers?“: Leaked credentials are a common thread for a while. Popular services like “Have I Been Pwned” help everyone know if some emails and passwords have been leaked. This is a classic problem: One day, you create an account

The post [SANS ISC] Are Leaked Credentials Dumps Used by Attackers? appeared first on /dev/random.

Continue reading [SANS ISC] Are Leaked Credentials Dumps Used by Attackers?→

[SANS ISC] Do Attackers Pay More Attention to IPv6?

Posted on July 29, 2023 by Xavier

Today, I published the following diary on isc.sans.edu: “Do Attackers Pay More Attention to IPv6?“: IPv6 has always been a hot topic! Available for years, many ISP’s deployed IPv6 up to their residential customers. In Belgium, we were for a long time, the top-one country with IPv6 deployment because all

The post [SANS ISC] Do Attackers Pay More Attention to IPv6? appeared first on /dev/random.

Continue reading [SANS ISC] Do Attackers Pay More Attention to IPv6?→