Xavier – Page 2 – WindowsTechs.com

[SANS ISC] ShellCode Hidden with Steganography

Posted on July 28, 2023 by Xavier

Today, I published the following diary on isc.sans.edu: “ShellCode Hidden with Steganography“: When hunting, I’m often surprised by the interesting pieces of code that you may discover… Attackers (or pentesters/redteamers) like to share scripts on VT to evaluate the detection rates against many antivirus products. Sometimes, you find something cool stuffs.

The post [SANS ISC] ShellCode Hidden with Steganography appeared first on /dev/random.

Continue reading [SANS ISC] ShellCode Hidden with Steganography→

[SANS ISC] Suspicious IP Addresses Avoided by Malware Samples

Posted on July 26, 2023 by Xavier

Today, I published the following diary on isc.sans.edu: “Suspicious IP Addresses Avoided by Malware Samples“: Modern malware samples implement a lot of anti-debugging and anti-analysis techniques. The idea is to slow down the malware analyst’s job or, more simply, to bypass security solutions like sandboxes. These days, I see more and more malware

The post [SANS ISC] Suspicious IP Addresses Avoided by Malware Samples appeared first on /dev/random.

Continue reading [SANS ISC] Suspicious IP Addresses Avoided by Malware Samples→

[SANS ISC] Deobfuscation of Malware Delivered Through a .bat File

Posted on July 20, 2023 by Xavier

Today, I published the following diary on isc.sans.edu: “Deobfuscation of Malware Delivered Through a .bat File“: I found a phishing email that delivered a RAR archive (password protected). Inside the archive, there was a simple .bat file (SHA256: 57ebd5a707eb69dd719d461e1fbd14f98a42c6c3dcb8505e4669c55762810e70) with the following name: “SRI DISTRITAL – DPTO DE COBRO -SRI

The post [SANS ISC] Deobfuscation of Malware Delivered Through a .bat File appeared first on /dev/random.

Continue reading [SANS ISC] Deobfuscation of Malware Delivered Through a .bat File→

Pass The Salt 2023 Wrap-Up

Posted on July 5, 2023 by Xavier

I’m back from Lille, France, where I attended the sixth edition of the conference called “Pass The Salt“. This event focuses on security but around free software. Vendors are not welcome to promote their solutions! Christophe from the crew introduced the event. Basically, it remains the same: a lot of

The post Pass The Salt 2023 Wrap-Up appeared first on /dev/random.

Continue reading Pass The Salt 2023 Wrap-Up→

[SANS ISC] The Importance of Malware Triage

Posted on June 27, 2023 by Xavier

Today, I published the following diary on isc.sans.edu: “The Importance of Malware Triage“: When dealing with malware analysis, you like to get “fresh meat”. Just for hunting purposes or when investigating incidents in your organization, it’s essential to have a triage process to reduce the noise and focus on really

The post [SANS ISC] The Importance of Malware Triage appeared first on /dev/random.

Continue reading [SANS ISC] The Importance of Malware Triage→

BSides Athens 2023 Wrap-Up

Posted on June 25, 2023 by Xavier

A quick wrap-up of the last edition of BSides Athens that occurred yesterday, Saturday 24th. I really like this event for multiple reasons. First, the atmosphere, I’ve plenty of Greek friends and I like this country… and food! This was already the 8th edition and full in person! They reached

The post BSides Athens 2023 Wrap-Up appeared first on /dev/random.

Continue reading BSides Athens 2023 Wrap-Up→

[SANS ISC] Malicious Code Can Be Anywhere

Posted on June 20, 2023 by Xavier

Today, I published the following diary on isc.sans.edu: “Malicious Code Can Be Anywhere“: My Python hunting rules reported some interesting/suspicious files. The files are named with a “.ma” extension. Some of them have very low VT scores. For example, the one with a SHA256 dc16115d165a8692e6f3186afd28694ddf2efe7fd3e673bd90690f2ae7d59136 has a score of 15/59.

The post [SANS ISC] Malicious Code Can Be Anywhere appeared first on /dev/random.

Continue reading [SANS ISC] Malicious Code Can Be Anywhere→

[SANS ISC] Malware Delivered Through .inf File

Posted on June 19, 2023 by Xavier

Today, I published the following diary on isc.sans.edu: “Malware Delivered Through .inf File“: Microsoft has used “.inf” files for a while. They are simple text files and contain setup information in a driver package. They describe what must be performed to install a driver package on a device. When you

The post [SANS ISC] Malware Delivered Through .inf File appeared first on /dev/random.

Continue reading [SANS ISC] Malware Delivered Through .inf File→

[SANS ISC] Undetected PowerShell Backdoor Disguised as a Profile File

Posted on June 10, 2023 by Xavier

Yesterday, I published the following diary on isc.sans.edu: “Undetected PowerShell Backdoor Disguised as a Profile File“: PowerShell remains an excellent way to compromise computers. Many PowerShell scripts found in the wild are usually obfuscated. Most of the time, this helps to have the script detected by fewer antivirus vendors. Yesterday,

The post [SANS ISC] Undetected PowerShell Backdoor Disguised as a Profile File appeared first on /dev/random.

Continue reading [SANS ISC] Undetected PowerShell Backdoor Disguised as a Profile File→

Botconf 2023 Wrap-Up Day #3

Posted on April 15, 2023 by Xavier

It’s already the third and last day… Always a strange atmosphere after the gala dinner, and people are always joining late. It’s also challenging to be the first speakers! Ronan Mouchoux and François Moerman presented «From Words to Intelligence: Leveraging the Cyber Operation Constraint Principle, Natural Language Understanding, and Association

The post Botconf 2023 Wrap-Up Day #3 appeared first on /dev/random.

Continue reading Botconf 2023 Wrap-Up Day #3→