Author Archives: Xavier

[SANS ISC] Keep an Eye on Command-Line Browsers

Posted on by

I published the following diary on isc.sans.edu: “Keep an Eye on Command-Line Browsers“: For a few weeks, I’m searching for suspicious files that make use of a command line browser like curl.exe or wget.exe in Windows environment. Wait, you were not aware of this? Just open a cmd.exe and type

[The post [SANS ISC] Keep an Eye on Command-Line Browsers has been first published on /dev/random]

Continue reading [SANS ISC] Keep an Eye on Command-Line Browsers

[SANS ISC] Sandbox Detection Tricks & Nice Obfuscation in a Single VBScript

Posted on by

I published the following diary on isc.sans.edu: “Sandbox Detection Tricks & Nice Obfuscation in a Single VBScript“: I found an interesting VBScript sample that is a perfect textbook case for training or learning purposes. It implements a nice obfuscation technique as well as many classic sandbox detection mechanisms. The script

[The post [SANS ISC] Sandbox Detection Tricks & Nice Obfuscation in a Single VBScript has been first published on /dev/random]

Continue reading [SANS ISC] Sandbox Detection Tricks & Nice Obfuscation in a Single VBScript

CoRIIN 2020 Wrap-Up

Posted on by

I’m just back from Lille (France) where is organized the “FIC” or “International Cybersecurity Forum” today and tomorrow. This event is very popular for some people but not technical at all. Basically, you find all the vendors in one big place trying to convince you that their solution, based on

[The post CoRIIN 2020 Wrap-Up has been first published on /dev/random]

Continue reading CoRIIN 2020 Wrap-Up

[SANS ISC] Why Phishing Remains So Popular?

Posted on by

I published the following diary on isc.sans.edu: “Why Phishing Remains So Popular?“: Probably, some phishing emails get delivered into your mailbox every day and you ask yourself: “Why do they continue to spam us with so many emails? We are aware of phishing and it will not affect my organization!”

[The post [SANS ISC] Why Phishing Remains So Popular? has been first published on /dev/random]

Continue reading [SANS ISC] Why Phishing Remains So Popular?

[SANS ISC] Complex Obfuscation VS Simple Trick

Posted on by

I published the following diary on isc.sans.edu: “Complex Obfuscation VS Simple Trick“: Today, I would like to make a comparison between two techniques applied to malicious code to try to bypass AV detection. The Emotet malware family does not need to be presented. Very active for years, new waves of

[The post [SANS ISC] Complex Obfuscation VS Simple Trick has been first published on /dev/random]

Continue reading [SANS ISC] Complex Obfuscation VS Simple Trick

[SANS ISC] Code & Data Reuse in the Malware Ecosystem

Posted on by

I published the following diary on isc.sans.edu: “Code & Data Reuse in the Malware Ecosystem“: In the past, I already had the opportunity to give some “security awareness” sessions to developers. One topic that was always debated is the reuse of existing code. Indeed, for a developer, it’s tempting to

[The post [SANS ISC] Code & Data Reuse in the Malware Ecosystem has been first published on /dev/random]

Continue reading [SANS ISC] Code & Data Reuse in the Malware Ecosystem

BotConf 2019 Wrap-Up Day #3

Posted on by

It’s a classic issue for BotConf attendees, the last day is always a little bit stronger due to the social event organized every Thursday night. This year, we are in the French area where good wines are produced and the event took place at the “Cité du Vin”. The night

[The post BotConf 2019 Wrap-Up Day #3 has been first published on /dev/random]

Continue reading BotConf 2019 Wrap-Up Day #3

BotConf 2019 Wrap-Up Day #2

Posted on by

The second day is over. Here is my daily wrap-up. Today was a national strike day in France and a lot of problems were expected with public transports. However, the organization provided buses to help attendees to travel between the city center and the venue. Great service as always 😉

[The post BotConf 2019 Wrap-Up Day #2 has been first published on /dev/random]

Continue reading BotConf 2019 Wrap-Up Day #2

BotConf 2019 Wrap-Up Day #1

Posted on by

Hello from Bordeaux, France where I’m attending the 7th edition (already!) of the BotConf security conference dedicated to fighting against botnets. After Nantes, Nancy, Paris, Lyon, Montpellier, Toulouse and now Bordeaux, their “tour de France” is almost completed. What will be the next location? I attended all the previous editions

[The post BotConf 2019 Wrap-Up Day #1 has been first published on /dev/random]

Continue reading BotConf 2019 Wrap-Up Day #1

DeepSec 2019 Wrap-Up Day #2

Posted on by

Here we go for the second wrap-up! DeepSec is over, flying back tomorrow to Belgium. My first choice today was to attend: “How To Create a Botnet of GSM-devices” by Aleksandr Kolchanov. Don’t forget that GSM devices are not only “phones”. Aleksandr covered nice devices like alarm systems, electric sockets,

[The post DeepSec 2019 Wrap-Up Day #2 has been first published on /dev/random]

Continue reading DeepSec 2019 Wrap-Up Day #2