Collaborate Disseminate
I published the following diary on isc.sans.edu: “Obscure Wininet.dll Feature?“: The Internet Storm Center relies on a group of Handlers who are volunteers and offer some free time to the community besides our daily job. Sometimes, we share information between us about an incident or a problem that we are facing and
The post [SANS ISC] Obscure Wininet.dll Feature? appeared first on /dev/random.
It isn’t news that [s0lly] likes to do ray tracing using Microsoft Excel. However, he recently updated his set up to use functions in a C XLL — a DLL, …read more Continue reading Excel Ray Tracing with Help from C
Recently, X-Force Red released a tool called Windows Feature Hunter, which identifies targets for dynamic link library (DLL) side-loading on a Windows system using Frida. To provide a defensive counter-measure perspective for DLL side-loading, X-Force Incident Response has released SideLoaderHunter, which is a system profiling script and Sysmon configuration designed to identify evidence of side-loading […]
The post Hunting for Evidence of DLL Side-Loading With PowerShell and Sysmon appeared first on Security Intelligence.
Continue reading Hunting for Evidence of DLL Side-Loading With PowerShell and Sysmon
I published the following diary on isc.sans.edu: “Locking Kernel32.dll As Anti-Debugging Technique“: For bad guys, the implementation of techniques to prevent Security Analysts to perform their job is key! The idea is to make our life more difficult (read: “frustrating”). There are plenty of techniques that can be implemented but
The post [SANS ISC] Locking Kernel32.dll As Anti-Debugging Technique appeared first on /dev/random.
Continue reading [SANS ISC] Locking Kernel32.dll As Anti-Debugging Technique
I published the following diary on isc.sans.edu: “Quick Analysis of a Modular InfoStealer“: This morning, an interesting phishing email landed in my spam trap. The mail was redacted in Spanish and, as usual, asked the recipient to urgently process the attached document. The filename was “AVISO.001” (This extension is used by multi-volume
The post [SANS ISC] Quick Analysis of a Modular InfoStealer appeared first on /dev/random.
Continue reading [SANS ISC] Quick Analysis of a Modular InfoStealer
I published the following diary on isc.sans.edu: “Example of Malicious DLL Injected in PowerShell“: For a while, PowerShell remains one of the favorite languages for attackers. Installed by default (and almost impossible to get rid of it), powerful, perfectly integrated with the core operating system. It’s very easy to develop
The post [SANS ISC] Example of Malicious DLL Injected in PowerShell appeared first on /dev/random.
Continue reading [SANS ISC] Example of Malicious DLL Injected in PowerShell
Users of Dell SupportAssist should patch their software immediately to fix a software bug that could lead to arbitrary code execution. Continue reading Dell fixes privilege elevation bug in support software
A new method to bypass Controlled Folder Access via Windows Registry Editor has been discovered to work flawlessly. Microsoft has recenty added a feature, known as Controlled Folder Access. The feature has been used in order to stop modifications of…… Continue reading Windows Ransomware Protection Can Be Hacked Easily
All the random was written right out of that random number generator, investigators found when they spotted a fishy DLL. Continue reading Forensics uncover how brothers rigged the lottery