Xavier – Page 14 – WindowsTechs.com

[SANS ISC] Quick Status of the CAA DNS Record Adoption

Posted on October 30, 2020 by Xavier

I published the following diary on isc.sans.edu: “Quick Status of the CAA DNS Record Adoption“: In 2017, we already published a guest diary about “CAA” or “Certification Authority Authorization”. I was curious about the status of this technique and the adoption level in 2020. Has it been adopted massively since

The post [SANS ISC] Quick Status of the CAA DNS Record Adoption appeared first on /dev/random.

Continue reading [SANS ISC] Quick Status of the CAA DNS Record Adoption→

To Automate or To Reduce the Noise?

Posted on October 30, 2020 by Xavier

If you follow my blog for a while, you probably noticed that I’m not really active with new content. Most articles are published through the SANS ISC Website but it does not mean I don’t have content to publish. It’s just a question of time like many of us! Recently,

The post To Automate or To Reduce the Noise? appeared first on /dev/random.

Continue reading To Automate or To Reduce the Noise?→

[SANS ISC] Mirai-alike Python Scanner

Posted on October 20, 2020 by Xavier

I published the following diary on isc.sans.edu: “Mirai-alike Python Scanner“: Last week, I found an interesting Python script that behaves like a Mirai bot. It scans for vulnerable devices exposing their telnet (TCP/23) interface in the wild, then tries to connect using a dictionary of credentials. The script has been uploaded to

The post [SANS ISC] Mirai-alike Python Scanner appeared first on /dev/random.

Continue reading [SANS ISC] Mirai-alike Python Scanner→

[SANS ISC] Nicely Obfuscated Python RAT

Posted on October 15, 2020 by Xavier

I published the following diary on isc.sans.edu: “Nicely Obfuscated Python RAT“: While hunting, I found an interesting Python script. It matched one of my YARA rules due to the interesting list of imports but the content itself was nicely obfuscated. The script SHA256 hash is c5c8b428060bcacf2f654d1b4d9d062dfeb98294cad4e12204ee4aa6e2c93a0b and the current VT score

The post [SANS ISC] Nicely Obfuscated Python RAT appeared first on /dev/random.

Continue reading [SANS ISC] Nicely Obfuscated Python RAT→

[SANS ISC] Analysis of a Phishing Kit

Posted on October 2, 2020 by Xavier

I published the following diary on isc.sans.edu: “Analysis of a Phishing Kit“:

Sometimes, attackers make mistakes and allow security researchers to access interesting resources. This time, it’s another phishing kit that was left i… Continue reading [SANS ISC] Analysis of a Phishing Kit→

[SANS ISC] Managing Remote Access for Partners & Contractors

Posted on September 29, 2020 by Xavier

I published the following diary on isc.sans.edu: “Managing Remote Access for Partners & Contractors“: Yesterday, I wrote a quick diary about a potential security issue that some Tyler customers faced. Some people reacted to my diary with interesting comments in our forums. Two of them were interesting and deserve some

The post [SANS ISC] Managing Remote Access for Partners & Contractors appeared first on /dev/random.

Continue reading [SANS ISC] Managing Remote Access for Partners & Contractors→

[SANS ISC] PowerShell Backdoor Launched from a ShellCode

Posted on September 28, 2020 by Xavier

I published the following diary on isc.sans.edu: “PowerShell Backdoor Launched from a ShellCode“: When you need to perform malicious actions on a victim’s computer, the Internet is full of resources that can be reused, forked, slightly changed to meet your requirements. After all, why reinvent the wheel if some pieces

The post [SANS ISC] PowerShell Backdoor Launched from a ShellCode appeared first on /dev/random.

Continue reading [SANS ISC] PowerShell Backdoor Launched from a ShellCode→

[SANS ISC] Party in Ibiza with PowerShell

Posted on September 24, 2020 by Xavier

I published the following diary on isc.sans.edu: “Party in Ibiza with PowerShell“: Today, I would like to talk about PowerShell ISE or “Integration Scripting Environment”. This tool is installed by default on all Windows computers (besides the classic PowerShell interpreter). From a malware analysis point of view, ISE offers a key feature:

The post [SANS ISC] Party in Ibiza with PowerShell appeared first on /dev/random.

Continue reading [SANS ISC] Party in Ibiza with PowerShell→

[SANS ISC] Malicious Word Document with Dynamic Content

Posted on September 23, 2020 by Xavier

I published the following diary on isc.sans.edu: “Malicious Word Document with Dynamic Content“: Here is another malicious Word document that I spotted while hunting. “Another one?” may ask some of our readers. Indeed but malicious documents remain a very common infection vector and you learn a lot when you analyze

The post [SANS ISC] Malicious Word Document with Dynamic Content appeared first on /dev/random.

Continue reading [SANS ISC] Malicious Word Document with Dynamic Content→

[SANS ISC] A Mix of Python & VBA in a Malicious Word Document

Posted on September 18, 2020 by Xavier

I published the following diary on isc.sans.edu: “A Mix of Python & VBA in a Malicious Word Document“: A few days ago, Didier wrote an interesting diary about embedded objects into an Office document. I had a discussion about an interesting OLE file that I found. Because it used the same

The post [SANS ISC] A Mix of Python & VBA in a Malicious Word Document appeared first on /dev/random.

Continue reading [SANS ISC] A Mix of Python & VBA in a Malicious Word Document→