Xavier – Page 4 – WindowsTechs.com

[SANS ISC] Malicious PowerShell Targeting Cryptocurrency Browser Extensions

Posted on June 22, 2022 by Xavier

I published the following diary on isc.sans.edu: “Malicious PowerShell Targeting Cryptocurrency Browser Extensions“: While hunting, I found an interesting PowerShell script. After a quick check, my first conclusion was that it is again a simple info stealer. After reading the code more carefully, the conclusion was different: It targets crypto-currency browser

The post [SANS ISC] Malicious PowerShell Targeting Cryptocurrency Browser Extensions appeared first on /dev/random.

Continue reading [SANS ISC] Malicious PowerShell Targeting Cryptocurrency Browser Extensions→

[SANS ISC] Houdini is Back Delivered Through a JavaScript Dropper

Posted on June 16, 2022 by Xavier

I published the following diary on isc.sans.edu: “Houdini is Back Delivered Through a JavaScript Dropper“: Houdini is a very old RAT that was discovered years ago. The first mention I found back is from 2013! Houdini is a simple remote access tool written in Visual Basic Script. The script is not very interesting

The post [SANS ISC] Houdini is Back Delivered Through a JavaScript Dropper appeared first on /dev/random.

Continue reading [SANS ISC] Houdini is Back Delivered Through a JavaScript Dropper→

[SANS ISC] Sandbox Evasion… With Just a Filename!

Posted on June 3, 2022 by Xavier

I published the following diary on isc.sans.edu: “Sandbox Evasion… With Just a Filename!“: Today, many sandbox solutions are available and deployed by most organizations to detonate malicious files and analyze their behavior. The main problem with some sandboxes is the filename used to submit the sample. The file can be

The post [SANS ISC] Sandbox Evasion… With Just a Filename! appeared first on /dev/random.

Continue reading [SANS ISC] Sandbox Evasion… With Just a Filename!→

[SANS ISC] A ‘Zip Bomb’ to Bypass Security Controls & Sandboxes

Posted on May 20, 2022 by Xavier

I published the following diary on isc.sans.edu: “A ‘Zip Bomb’ to Bypass Security Controls & Sandboxes“: Yesterday, I analyzed a malicious archive for a customer. It was delivered to the mailbox of a user who, hopefully, was security-aware and reported it. The payload passed through the different security layers based on big

The post [SANS ISC] A ‘Zip Bomb’ to Bypass Security Controls & Sandboxes appeared first on /dev/random.

Continue reading [SANS ISC] A ‘Zip Bomb’ to Bypass Security Controls & Sandboxes→

[SANS ISC] Use Your Browser Internal Password Vault… or Not?

Posted on May 17, 2022 by Xavier

I published the following diary on isc.sans.edu: “Use Your Browser Internal Password Vault… or Not?“: Passwords… a so hot topic! Recently big players (Microsoft, Apple & Google) announced that they would like to suppress (or, at least, reduce) the use of classic passwords. In the meantime, they remain the most common

The post [SANS ISC] Use Your Browser Internal Password Vault… or Not? appeared first on /dev/random.

Continue reading [SANS ISC] Use Your Browser Internal Password Vault… or Not?→

Botconf Day 3 Wrap-Up

Posted on April 29, 2022 by Xavier

Here we go with day 3! In the morning, there are always fewer people due to the short night. The gala dinner is always a key activity during Botconf! The last day started with “Jumping the air-gap: 15 years of nation-state efforts” presented by Alexis Dorais-Joncas and Facundo Munoz. Does

The post Botconf Day 3 Wrap-Up appeared first on /dev/random.

Continue reading Botconf Day 3 Wrap-Up→

Botconf Day 2 Wrap-Up

Posted on April 28, 2022 by Xavier

The second day is already over. Here is my recap of the talks. The first one was “Identifying malware campaigns on a budget” by Max “Libra” Kersten and Rens Van Der Linden. The idea was to search for malicious activity without spending too much money. Read: “using as few resources

The post Botconf Day 2 Wrap-Up appeared first on /dev/random.

Continue reading Botconf Day 2 Wrap-Up→

Botconf Day 1 Wrap-Up

Posted on April 27, 2022 by Xavier

Incredible! Here is my first wrap-up for two years! Now that the COVID seems under control, it’s so good to be back at conferences and meet a lot of good friends. Like most of the events, Botconf was canceled, postponed, uncertain until the COVID situation was better and, finally, it

The post Botconf Day 1 Wrap-Up appeared first on /dev/random.

Continue reading Botconf Day 1 Wrap-Up→

[SANS ISC] Simple PDF Linking to Malicious Content

Posted on April 25, 2022 by Xavier

I published the following diary on isc.sans.edu: “Simple PDF Linking to Malicious Content“: Last week, I found an interesting piece of phishing based on a PDF file. Today, most of the PDF files that are delivered to end-user are not malicious, I mean that they don’t contain an exploit to

The post [SANS ISC] Simple PDF Linking to Malicious Content appeared first on /dev/random.

Continue reading [SANS ISC] Simple PDF Linking to Malicious Content→

[SANS ISC] XLSB Files: Because Binary is Stealthier Than XML

Posted on March 25, 2022 by Xavier

I published the following diary on isc.sans.edu: “XLSB Files: Because Binary is Stealthier Than XML“: In one of his last diaries, Brad mentioned an Excel sheet named with a .xlsb extension. Now, it was my turn to find one… What’s the magic behind this file extension? “XLS” means that we

The post [SANS ISC] XLSB Files: Because Binary is Stealthier Than XML appeared first on /dev/random.

Continue reading [SANS ISC] XLSB Files: Because Binary is Stealthier Than XML→