Collaborate Disseminate
And we are still in Strasbourg! The second day started with « From GhostNet to PseudoManuscrypt » by Jorge Rodriguez & Souhail Hammou. PseudoManuscrypt is a recent RAT spotted by Kaspersky in July 2021. It is widely distributed by fake applications, websites and malware loaders. It’s a fork of Gh0st RAT. This
The post Botconf 2023 Wrap-Up Day #2 appeared first on /dev/random.
It has been a while since I posted my last wrap-up. With the COVID break, many conferences have been canceled or postponed. But Botconf, one of my favorites, has been scheduled for a long time in my (busy) planning. This edition is located in Strasbourg. I arrived yesterday afternoon to
The post Botconf 2023 Wrap-Up Day #1 appeared first on /dev/random.
I published the following diary on isc.sans.edu: “A Backdoor with Smart Screenshot Capability“: Today, everything is “smart” or “intelligent”. We have smartphones, smart cars, smart doorbells, etc. Being “smart” means performing actions depending on the context, the environment, or user actions. For a while, backdoors and trojans have implemented screenshot
The post [SANS ISC] A Backdoor with Smart Screenshot Capability appeared first on /dev/random.
Continue reading [SANS ISC] A Backdoor with Smart Screenshot Capability
Twenty years ago… I decided to start a blog to share my thoughts! That’s why I called it “/dev/random”. How was the Internet twenty years ago? Well, they were good things and bad ones… With the years, the blog content evolved, and I wrote a lot of technical stuff related
The post This Blog Has 20 Years! appeared first on /dev/random.
I published the following diary on isc.sans.edu: “A First Malicious OneNote Document“: Attackers are always trying to find new ways to deliver malware to victims. They recently started sending Microsoft OneNote files in massive phishing campaigns. OneNote files (ending the extension “.one”) are handled automatically by computers that have the
The post [SANS ISC] A First Malicious OneNote Document appeared first on /dev/random.
Continue reading [SANS ISC] A First Malicious OneNote Document
I published the following diary on isc.sans.edu: “Do you collect “Observables” or “IOCs”?“: Indicators of Compromise, or IOCs, are key elements in blue team activities. IOCs are mainly small pieces of technical information that have been collected during investigations, threat hunting activities or malware analysis. About the last example, the malware analyst’s goal
The post [SANS ISC] Do you collect “Observables” or “IOCs”? appeared first on /dev/random.
Continue reading [SANS ISC] Do you collect “Observables” or “IOCs”?
I published the following diary on isc.sans.edu: “Another Script-Based Ransomware“: In the past, I already found some script-based ransomware samples written in Python or Powershell. The last one I found was only a “proof-of-concept” (my guess) but it demonstrates how easy such malware can be developed and how they remain
The post [SANS ISC] Another Script-Based Ransomware appeared first on /dev/random.
It has been a while since I did not take time to write a security conference wrap-up. With all these COVID restrictions, we were stuck at home for a while. Still today, some events remain postponed and, worse, canceled! The energy crisis in Europe does not help, some venues are
The post CTI-Summit 2022 Luxembourg Wrap-Up appeared first on /dev/random.
I published the following diary on isc.sans.edu: “Malicious Python Script Behaving Like a Rubber Ducky“: Last week, it was SANSFIRE in Washington where I presented a SANS@Night talk about malicious Python scripts in Windows environment. I’m still looking for more fresh meat and, yesterday, I found another interesting one. Do you
The post [SANS ISC] Malicious Python Script Behaving Like a Rubber Ducky appeared first on /dev/random.
Continue reading [SANS ISC] Malicious Python Script Behaving Like a Rubber Ducky
Conferences are back! After Botconf in April, that’s Pass-The-Salt that is organized this week in Lille, France. After the two years break, the formula did not change: same location, free, presentations around security, and free software! And, most important, the same atmosphere. The first day started in the afternoon and
The post Pass-The-Salt 2022 Wrap-Up appeared first on /dev/random.