Collaborate Disseminate
The popular web conference platform Zoom has been in the storm for a few weeks. With the COVID19 pandemic, more and more people are working from home and the demand for web conference tools has been growing. Vulnerabilities have been discovered in the Zoom client and, based on the fact
[The post Finding Zoom Meeting Details in the Wild has been first published on /dev/random]
I published the following diary on isc.sans.edu: “Weaponized RTF Document Generator & Mailer in PowerShell“: Another piece of malicious PowerShell script that I found while hunting. Like many malicious activities that occur in those days, it is related to the COVID19 pandemic. Its purpose of simple: It checks if Outlook
[The post [SANS ISC] Weaponized RTF Document Generator & Mailer in PowerShell has been first published on /dev/random]
Continue reading [SANS ISC] Weaponized RTF Document Generator & Mailer in PowerShell
I published the following diary on isc.sans.edu: “PowerShell Sample Extracting Payload From SSL“: Another diary, another technique to fetch a malicious payload and execute it on the victim host. I spotted this piece of Powershell code this morning while reviewing my hunting results. It implements a very interesting technique. As usual,
[The post [SANS ISC] PowerShell Sample Extracting Payload From SSL has been first published on /dev/random]
Continue reading [SANS ISC] PowerShell Sample Extracting Payload From SSL
One of my sources of threat intelligence is a bunch of honeypots that I’m operating here and there. They are facing the wild Internet and, as you can imagine, they get hit by many “attackers”. But are they really bad people? Of course, the Internet is full of bots tracking
[The post Hey Scanners, Say “Cheese!” has been first published on /dev/random]
Bad guys are always trying to use “exotic” file extensions to deliver their malicious payloads. If common dangerous extensions are often blocked by mail security gateways, there exists plenty of less common extensions. These days, with the COVID19 pandemic, we are facing a peak of phishing and scams trying to
[The post Handling Malware Delivered Into .daa Files has been first published on /dev/random]
I published the following diary on isc.sans.edu: “Obfuscated with a Simple 0x0A“: With the current Coronavirus pandemic, we continue to see more and more malicious activity around this topic. Today, we got a report from a reader who found a nice malicious Word document part of a Coronavirus phishing campaign. I
[The post [SANS ISC] Obfuscated with a Simple 0x0A has been first published on /dev/random]
I published the following diary on isc.sans.edu: “Malicious JavaScript Dropping Payload in the Registry“: When we speak about “fileless” malware, it means that the malware does not use the standard filesystem to store temporary files or payloads. But they need to write data somewhere in the system for persistence or
[The post [SANS ISC] Malicious JavaScript Dropping Payload in the Registry has been first published on /dev/random]
Continue reading [SANS ISC] Malicious JavaScript Dropping Payload in the Registry
I published the following diary on isc.sans.edu: “Very Large Sample as Evasion Technique?“: Security controls have a major requirement: they can’t (or at least they try to not) interfere with normal operations of the protected system. It is known that antivirus products do not scan very large files (or just
[The post [SANS ISC] Very Large Sample as Evasion Technique? has been first published on /dev/random]
Continue reading [SANS ISC] Very Large Sample as Evasion Technique?
If you planned to attend some security conferences in the coming weeks, there are risks to have them canceled… Normally, I should be now in Germany to attend TROOPERS… Canceled! SAS2020 (“Security Analyst Summit”)… Canceled! FIRST TC Amsterdam… Canceled! And more will probably be added to the long list. And,
[The post InfoSec Conferences Canceled? We’ve Hours Of Recordings! has been first published on /dev/random]
Continue reading InfoSec Conferences Canceled? We’ve Hours Of Recordings!
I published the following diary on isc.sans.edu: “COVID-19 Themed Multistage Malware“: More and more countries are closing their borders and ask citizens to stay at home. The COVID-19 virus is everywhere and also used in campaigns to lure more victims who are looking for information about the pandemic. I found
[The post [SANS ISC] COVID-19 Themed Multistage Malware has been first published on /dev/random]
Continue reading [SANS ISC] COVID-19 Themed Multistage Malware