Xavier – Page 7 – WindowsTechs.com

[SANS ISC] Simple but Undetected PowerShell Backdoor

Posted on December 15, 2021 by Xavier

I published the following diary on isc.sans.edu: “Simple but Undetected PowerShell Backdoor“: For a while, most security people agree on the fact that antivirus products are not enough for effective protection against malicious code. If they can block many threats, some of them remain undetected by classic technologies. Here is

The post [SANS ISC] Simple but Undetected PowerShell Backdoor appeared first on /dev/random.

Continue reading [SANS ISC] Simple but Undetected PowerShell Backdoor→

[SANS ISC] Python Shellcode Injection From JSON Data

Posted on December 10, 2021 by Xavier

I published the following diary on isc.sans.edu: “Python Shellcode Injection From JSON Data“: My hunting rules detected a niece piece of Python code. It’s interesting to see how the code is simple, not deeply obfuscated, and with a very low VT score: 2/56!. I see more and more malicious Python code

The post [SANS ISC] Python Shellcode Injection From JSON Data appeared first on /dev/random.

Continue reading [SANS ISC] Python Shellcode Injection From JSON Data→

[SANS ISC] The UPX Packer Will Never Die!

Posted on December 3, 2021 by Xavier

I published the following diary on isc.sans.edu: “The UPX Packer Will Never Die!“: Today, many malware samples that you can find in the wild are “packed”. The process of packing an executable file is not new and does not mean that it is de-facto malicious. Many developers decide to pack

The post [SANS ISC] The UPX Packer Will Never Die! appeared first on /dev/random.

Continue reading [SANS ISC] The UPX Packer Will Never Die!→

[SANS ISC] Info-Stealer Using webhook.site to Exfiltrate Data

Posted on December 1, 2021 by Xavier

I published the following diary on isc.sans.edu: “Info-Stealer Using webhook.site to Exfiltrate Data“: We already reported multiple times that, when you offer an online (cloud) service, there are a lot of chances that it will be abused for malicious purposes. I spotted an info-stealer that exfiltrates data through webhook.site. Today, many

The post [SANS ISC] Info-Stealer Using webhook.site to Exfiltrate Data appeared first on /dev/random.

Continue reading [SANS ISC] Info-Stealer Using webhook.site to Exfiltrate Data→

Tor IP Renewal For The Win

Posted on November 30, 2021 by Xavier

I’m using Tor for so long that I can’t remember! The main reasons to use it are to access some websites while preserving my anonymity (after all that’s the main purpose of Tor) but also to access dangerous resources like command & control servers or sites delivering malicious content. The

The post Tor IP Renewal For The Win appeared first on /dev/random.

Continue reading Tor IP Renewal For The Win→

Portable Malware Analyzis Lab

Posted on November 17, 2021 by Xavier

Short tutorial about the installation of a malware analyzis lab on Proxmox.

The post Portable Malware Analyzis Lab appeared first on /dev/random.

Continue reading Portable Malware Analyzis Lab→

[SANS ISC] Shadow IT Makes People More Vulnerable to Phishing

Posted on November 10, 2021 by Xavier

I published the following diary on isc.sans.edu: “Shadow IT Makes People More Vulnerable to Phishing“: Shadow IT is a real problem in many organizations. Behind this term, we speak about pieces of hardware or software that are installed by users without the approval of the IT department. In many cases,

The post [SANS ISC] Shadow IT Makes People More Vulnerable to Phishing appeared first on /dev/random.

Continue reading [SANS ISC] Shadow IT Makes People More Vulnerable to Phishing→

[SANS ISC] (Ab)Using Security Tools & Controls for the Bad

Posted on November 8, 2021 by Xavier

I published the following diary on isc.sans.edu: “(Ab)Using Security Tools & Controls for the Bad“: As security practitioners, we give daily advice to our customers to increase the security level of their infrastructures. Install this tool, enable this feature, disable this function, etc. When enabled, these techniques can also be

The post [SANS ISC] (Ab)Using Security Tools & Controls for the Bad appeared first on /dev/random.

Continue reading [SANS ISC] (Ab)Using Security Tools & Controls for the Bad→

[SANS ISC] Keep an Eye on Your Users Mobile Devices (Simple Inventory)

Posted on September 24, 2021 by Xavier

I published the following diary on isc.sans.edu: “Keep an Eye on Your Users Mobile Devices (Simple Inventory)“: Today, smartphones are everywhere and became our best friends for many tasks. Probably your users already access their corporate mailbox via a mobile device. If it’s not yet the case, you probably have

The post [SANS ISC] Keep an Eye on Your Users Mobile Devices (Simple Inventory) appeared first on /dev/random.

Continue reading [SANS ISC] Keep an Eye on Your Users Mobile Devices (Simple Inventory)→

[SANS ISC] Excel Recipe: Some VBA Code with a Touch of Excel4 Macro

Posted on September 23, 2021 by Xavier

I published the following diary on isc.sans.edu: “Excel Recipe: Some VBA Code with a Touch of Excel4 Macro“: Microsoft Excel supports two types of macros. The legacy format is known as “Excel4 macro” and the new (but already used for a while) is based on VBA. We already cover both

The post [SANS ISC] Excel Recipe: Some VBA Code with a Touch of Excel4 Macro appeared first on /dev/random.

Continue reading [SANS ISC] Excel Recipe: Some VBA Code with a Touch of Excel4 Macro→