Xavier – Page 11 – WindowsTechs.com

[SANS ISC] Simple Python Keylogger

Posted on March 18, 2021 by Xavier

I published the following diary on isc.sans.edu: “Simple Python Keylogger“: A keylogger is one of the core features implemented by many malware to exfiltrate interesting data and learn about the victim. Besides the fact that interesting keystrokes can reveal sensitive information (usernames, passwords, IP addresses, hostnames, …), just by having a look at

The post [SANS ISC] Simple Python Keylogger appeared first on /dev/random.

Continue reading [SANS ISC] Simple Python Keylogger→

[SANS ISC] Defenders, Know Your Operating System Like Attackers Do!

Posted on March 17, 2021 by Xavier

I published the following diary on isc.sans.edu: “Defenders, Know Your Operating System Like Attackers Do!“: Not a technical diary today but more a reflection… When I’m teaching FOR610, I always remind students to “RTFM” or “Read the F… Manual”. I mean to not hesitate to have a look at the

The post [SANS ISC] Defenders, Know Your Operating System Like Attackers Do! appeared first on /dev/random.

Continue reading [SANS ISC] Defenders, Know Your Operating System Like Attackers Do!→

[SANS ISC] Spotting the Red Team on VirusTotal!

Posted on March 6, 2021 by Xavier

I published the following diary on isc.sans.edu: “Spotting the Red Team on VirusTotal!“: Many security researchers like to use the VirusTotal platform. The provided services are amazing: You can immediately have a clear overview of the dangerousness level of a file but… VirusTotal remains a cloud service. It means that, once you uploaded a

The post [SANS ISC] Spotting the Red Team on VirusTotal! appeared first on /dev/random.

Continue reading [SANS ISC] Spotting the Red Team on VirusTotal!→

[ISC SANS] Spam Farm Spotted in the Wild

Posted on March 5, 2021 by Xavier

I published the following diary on isc.sans.edu: “Spam Farm Spotted in the Wild: If there is a place where you can always find juicy information, it’s your spam folder! Yes, I like spam and I don’t delete my spam before having a look at it for hunting purposes. Besides emails flagged as spam, NDR or

The post [ISC SANS] Spam Farm Spotted in the Wild appeared first on /dev/random.

Continue reading [ISC SANS] Spam Farm Spotted in the Wild→

[SANS ISC] From VBS, PowerShell, C Sharp, Process Hollowing to RAT

Posted on March 4, 2021 by Xavier

I published the following diary on isc.sans.edu: “From VBS, PowerShell, C Sharp, Process Hollowing to RAT“: VBS files are interesting to deliver malicious content to a victim’s computer because they look like simple text files. I found an interesting sample that behaves like a dropper. But it looks also like Russian

The post [SANS ISC] From VBS, PowerShell, C Sharp, Process Hollowing to RAT appeared first on /dev/random.

Continue reading [SANS ISC] From VBS, PowerShell, C Sharp, Process Hollowing to RAT→

Next OSSEC Training Scheduled @ 44Con

Posted on March 2, 2021 by Xavier

If you follow me, you probably already know that I’m a big fan of OSSEC. I would like to thank 44Con for accepting my next training! If you are interested in learning cool stuff about OSSEC and how to integrate it with third-party tools/sources, this one is for you! OSSEC

The post Next OSSEC Training Scheduled @ 44Con appeared first on /dev/random.

Continue reading Next OSSEC Training Scheduled @ 44Con→

[SANS ISC] Dynamic Data Exchange (DDE) is Back in the Wild?

Posted on February 19, 2021 by Xavier

I published the following diary on isc.sans.edu: “Dynamic Data Exchange (DDE) is Back in the Wild?‘”: DDE or “Dynamic Data Exchange” is a Microsoft technology for interprocess communication used in early versions of Windows and OS/2. DDE allows programs to manipulate objects provided by other programs, and respond to user actions affecting those objects. FOr a while,

The post [SANS ISC] Dynamic Data Exchange (DDE) is Back in the Wild? appeared first on /dev/random.

Continue reading [SANS ISC] Dynamic Data Exchange (DDE) is Back in the Wild?→

myMail Manages Your Mailbox… in a Strange Way!

Posted on February 19, 2021 by Xavier

myMail is a popular (10M+ downloads!) alternative email client for mobile devices. Available for iOS and Android, it is a powerful email client compatible with most of the mail providers (POP3/IMAP, Gmail, Yahoo!, Outlook, and even ActiveSync). Recently, I was involved in an incident that was related to a malicious

The post myMail Manages Your Mailbox… in a Strange Way! appeared first on /dev/random.

Continue reading myMail Manages Your Mailbox… in a Strange Way!→

[SANS ISC] Agent Tesla Dropped Through Automatic Click in Microsoft Help File

Posted on February 12, 2021 by Xavier

I published the following diary on isc.sans.edu: “Agent Tesla Dropped Through Automatic Click in Microsoft Help File‘”: Attackers have plenty of resources to infect our systems. If some files may look suspicious because the extension is less common (like .xsl files), others look really safe and make the victim confident

The post [SANS ISC] Agent Tesla Dropped Through Automatic Click in Microsoft Help File appeared first on /dev/random.

Continue reading [SANS ISC] Agent Tesla Dropped Through Automatic Click in Microsoft Help File→

Network Flows Visualization With Nanoleaf Light Panels

Posted on February 5, 2021 by Xavier

I’m a fan of the Nanoleaf light panels! I use them in my office all the time. They provide a great daylight color while I’m in a Webex or training, they react to my music or give a relaxing atmosphere (while you need to concentrate on important stuff). Years ago,

The post Network Flows Visualization With Nanoleaf Light Panels appeared first on /dev/random.

Continue reading Network Flows Visualization With Nanoleaf Light Panels→