SANS Internet Storm Center – Page 2

[SANS ISC] ShellCode Hidden with Steganography

Posted on July 28, 2023 by Xavier

Today, I published the following diary on isc.sans.edu: “ShellCode Hidden with Steganography“: When hunting, I’m often surprised by the interesting pieces of code that you may discover… Attackers (or pentesters/redteamers) like to share scripts on VT to evaluate the detection rates against many antivirus products. Sometimes, you find something cool stuffs.

The post [SANS ISC] ShellCode Hidden with Steganography appeared first on /dev/random.

Continue reading [SANS ISC] ShellCode Hidden with Steganography→

[SANS ISC] Suspicious IP Addresses Avoided by Malware Samples

Posted on July 26, 2023 by Xavier

Today, I published the following diary on isc.sans.edu: “Suspicious IP Addresses Avoided by Malware Samples“: Modern malware samples implement a lot of anti-debugging and anti-analysis techniques. The idea is to slow down the malware analyst’s job or, more simply, to bypass security solutions like sandboxes. These days, I see more and more malware

The post [SANS ISC] Suspicious IP Addresses Avoided by Malware Samples appeared first on /dev/random.

Continue reading [SANS ISC] Suspicious IP Addresses Avoided by Malware Samples→

[SANS ISC] Deobfuscation of Malware Delivered Through a .bat File

Posted on July 20, 2023 by Xavier

Today, I published the following diary on isc.sans.edu: “Deobfuscation of Malware Delivered Through a .bat File“: I found a phishing email that delivered a RAR archive (password protected). Inside the archive, there was a simple .bat file (SHA256: 57ebd5a707eb69dd719d461e1fbd14f98a42c6c3dcb8505e4669c55762810e70) with the following name: “SRI DISTRITAL – DPTO DE COBRO -SRI

The post [SANS ISC] Deobfuscation of Malware Delivered Through a .bat File appeared first on /dev/random.

Continue reading [SANS ISC] Deobfuscation of Malware Delivered Through a .bat File→

[SANS ISC] The Importance of Malware Triage

Posted on June 27, 2023 by Xavier

Today, I published the following diary on isc.sans.edu: “The Importance of Malware Triage“: When dealing with malware analysis, you like to get “fresh meat”. Just for hunting purposes or when investigating incidents in your organization, it’s essential to have a triage process to reduce the noise and focus on really

The post [SANS ISC] The Importance of Malware Triage appeared first on /dev/random.

Continue reading [SANS ISC] The Importance of Malware Triage→

[SANS ISC] Malicious Code Can Be Anywhere

Posted on June 20, 2023 by Xavier

Today, I published the following diary on isc.sans.edu: “Malicious Code Can Be Anywhere“: My Python hunting rules reported some interesting/suspicious files. The files are named with a “.ma” extension. Some of them have very low VT scores. For example, the one with a SHA256 dc16115d165a8692e6f3186afd28694ddf2efe7fd3e673bd90690f2ae7d59136 has a score of 15/59.

The post [SANS ISC] Malicious Code Can Be Anywhere appeared first on /dev/random.

Continue reading [SANS ISC] Malicious Code Can Be Anywhere→

[SANS ISC] Malware Delivered Through .inf File

Posted on June 19, 2023 by Xavier

Today, I published the following diary on isc.sans.edu: “Malware Delivered Through .inf File“: Microsoft has used “.inf” files for a while. They are simple text files and contain setup information in a driver package. They describe what must be performed to install a driver package on a device. When you

The post [SANS ISC] Malware Delivered Through .inf File appeared first on /dev/random.

Continue reading [SANS ISC] Malware Delivered Through .inf File→

[SANS ISC] Undetected PowerShell Backdoor Disguised as a Profile File

Posted on June 10, 2023 by Xavier

Yesterday, I published the following diary on isc.sans.edu: “Undetected PowerShell Backdoor Disguised as a Profile File“: PowerShell remains an excellent way to compromise computers. Many PowerShell scripts found in the wild are usually obfuscated. Most of the time, this helps to have the script detected by fewer antivirus vendors. Yesterday,

The post [SANS ISC] Undetected PowerShell Backdoor Disguised as a Profile File appeared first on /dev/random.

Continue reading [SANS ISC] Undetected PowerShell Backdoor Disguised as a Profile File→

Microsoft Patch Tuesday, May 2023 Edition

Posted on May 10, 2023 by BrianKrebs

Microsoft today released software updates to fix at least four dozen security holes in its Windows operating systems and other software, including patches for two zero-day vulnerabilities that are already being exploited in active attacks. Continue reading Microsoft Patch Tuesday, May 2023 Edition→

Microsoft Patch Tuesday, February 2023 Edition

Posted on February 14, 2023 by BrianKrebs

Microsoft is sending the world a whole bunch of love today, in the form of patches to plug dozens of security holes in its Windows operating systems and other software. This year’s special Valentine’s Day Patch Tuesday includes fixes for a whopping three different “zero-day” vulnerabilities that are already being used in active attacks. Continue reading Microsoft Patch Tuesday, February 2023 Edition→

[SANS ISC] A Backdoor with Smart Screenshot Capability

Posted on February 9, 2023 by Xavier

I published the following diary on isc.sans.edu: “A Backdoor with Smart Screenshot Capability“: Today, everything is “smart” or “intelligent”. We have smartphones, smart cars, smart doorbells, etc. Being “smart” means performing actions depending on the context, the environment, or user actions. For a while, backdoors and trojans have implemented screenshot

The post [SANS ISC] A Backdoor with Smart Screenshot Capability appeared first on /dev/random.

Continue reading [SANS ISC] A Backdoor with Smart Screenshot Capability→