Author Archives: Xavier

[SANS ISC] Clean Binaries with Suspicious Behaviour

Posted on by

I published the following diary on isc.sans.edu: “Clean Binaries with Suspicious Behaviour“: EDR or “Endpoint Detection & Response” is a key element of many networks today. An agent is installed on all endpoints to track suspicious/malicious activity and (try to) block it. Behavioral monitoring is also a key element in

The post [SANS ISC] Clean Binaries with Suspicious Behaviour appeared first on /dev/random.

Continue reading [SANS ISC] Clean Binaries with Suspicious Behaviour

In-Person Infosec Conferences Are Back

Posted on by

Yes! Infosec conferences are back with in-person events! If we were able to attend virtual events from our sofa during the last two years, it’s much more fun to meet people “IRL” and have good times! Let’s hope that the pandemic will remain behind us. I should restart publishing some

The post In-Person Infosec Conferences Are Back appeared first on /dev/random.

Continue reading In-Person Infosec Conferences Are Back

[SANS ISC] Keep an Eye on WebSockets

Posted on by

I published the following diary on isc.sans.edu: “Keep an Eye on WebSockets“: It has been a while that I did not spot WebSockets used by malware. Yesterday I discovered an interesting piece of Powershell. Very small and almost undetected according to its Virustotal score (2/54). A quick reminder for those

The post [SANS ISC] Keep an Eye on WebSockets appeared first on /dev/random.

Continue reading [SANS ISC] Keep an Eye on WebSockets

[SANS ISC] Credentials Leaks on VirusTotal

Posted on by

I published the following diary on isc.sans.edu: “Credentials Leaks on VirusTotal“: A few weeks ago, researchers published some information about stolen credentials that were posted on Virustotal. I’m keeping an eye on VT for my customers and searching for data related to them. For example, I looking for their domain name(s)

The post [SANS ISC] Credentials Leaks on VirusTotal appeared first on /dev/random.

Continue reading [SANS ISC] Credentials Leaks on VirusTotal

[SANS ISC] Infostealer in a Batch File

Posted on by

I published the following diary on isc.sans.edu: “Infostealer in a Batch File“: It’s pretty common to see malicious content delivered as email attachments. Every day, my mailboxes are flooded with malicious content… which is great from a research point of view. Am I the only one to be happy when I see

The post [SANS ISC] Infostealer in a Batch File appeared first on /dev/random.

Continue reading [SANS ISC] Infostealer in a Batch File

[SANS ISC] Ukraine & Russia Situation From a Domain Names Perspective

Posted on by

I published the following diary on isc.sans.edu: “Ukraine & Russia Situation From a Domain Names Perspective“: For a few days, the eyes of the world are on the situation between Russia and Ukraine. Today, operations are also organized in the “cyber” dimension (besides the classic ones – land, air, sea,

The post [SANS ISC] Ukraine & Russia Situation From a Domain Names Perspective appeared first on /dev/random.

Continue reading [SANS ISC] Ukraine & Russia Situation From a Domain Names Perspective

Europol & Interpol Phishing Ahead?

Posted on by

When you keep an eye on newly registered domains, they are some of them that attract your eyes immediately. Some domains related to Europol, the European Union’s law enforcement agency, and Interpol have been recently registered. Domain Registration Date Registrar europol-belgique.com 2022-02-15 Google euro-interpol.com 2022-02-08 WebNic europol-be.com 2022-02-15 Ligne Web

The post Europol & Interpol Phishing Ahead? appeared first on /dev/random.

Continue reading Europol & Interpol Phishing Ahead?

[SANS ISC] A Good Old Equation Editor Vulnerability Delivering Malware

Posted on by

I published the following diary on isc.sans.edu: “A Good Old Equation Editor Vulnerability Delivering Malware“: Here is another sample demonstrating how attackers still rely on good old vulnerabilities…  In 2017, Microsoft Office suffered from a critical vulnerability that affected its Equation Editor tool, known as CVE-2017-11882. It’s a memory corruption

The post [SANS ISC] A Good Old Equation Editor Vulnerability Delivering Malware appeared first on /dev/random.

Continue reading [SANS ISC] A Good Old Equation Editor Vulnerability Delivering Malware

[SANS ISC] Remcos RAT Delivered Through Double Compressed Archive

Posted on by

I published the following diary on isc.sans.edu: “Remcos RAT Delivered Through Double Compressed Archive“: One of our readers shared an interesting sample received via email. Like him, if you get access to interesting/suspicious data, please share it with us (if you’re authorized of course). We are always looking for fresh

The post [SANS ISC] Remcos RAT Delivered Through Double Compressed Archive appeared first on /dev/random.

Continue reading [SANS ISC] Remcos RAT Delivered Through Double Compressed Archive

[SANS ISC] Who Are Those Bots?

Posted on by

I published the following diary on isc.sans.edu: “Who Are Those Bots?“: I’m operating a mail server for multiple domains. This server is regularly targeted by bots that launch brute-force attacks to try to steal credentials. They try a list of common usernames but they also try targeted ones based on

The post [SANS ISC] Who Are Those Bots? appeared first on /dev/random.

Continue reading [SANS ISC] Who Are Those Bots?