[SANS ISC] Using Sudo with Python For More Security Controls

I published the following diary on isc.sans.edu: “Using Sudo with Python For More Security Controls“: I’m a big fan of the Sudo command. This tool, available on every UNIX flavor, allows system administrators to provide access to certain users/groups to certain commands as root or another user. This is performed with a

The post [SANS ISC] Using Sudo with Python For More Security Controls appeared first on /dev/random.

Continue reading [SANS ISC] Using Sudo with Python For More Security Controls

[SANS ISC] Python DLL Injection Check

I published the following diary on isc.sans.edu: “Python DLL Injection Check“: They are many security tools that inject DLL into processes running on a Windows system. The classic examples are anti-virus products. They like to inject plenty of code that, combined with API hooking, implements security checks. If DLLs are

The post [SANS ISC] Python DLL Injection Check appeared first on /dev/random.

Continue reading [SANS ISC] Python DLL Injection Check

[SANS ISC] Keeping an Eye on Dangerous Python Modules

I published the following diary on isc.sans.edu: “Keeping an Eye on Dangerous Python Modules“: With Python getting more and more popular, especially on Microsoft Operating systems, it’s common to find malicious Python scripts today. I already covered some of them in previous diaries. I like this language because it is very

The post [SANS ISC] Keeping an Eye on Dangerous Python Modules appeared first on /dev/random.

Continue reading [SANS ISC] Keeping an Eye on Dangerous Python Modules

[SANS ISC] Russian Dolls VBS Obfuscation

I published the following diary on isc.sans.edu: “Russian Dolls VBS Obfuscation“: We received an interesting sample from one of our readers (thanks Henry!) and we like this. If you find something interesting, we are always looking for fresh meat! Henry’s sample was delivered in a password-protected ZIP archive and the

The post [SANS ISC] Russian Dolls VBS Obfuscation appeared first on /dev/random.

Continue reading [SANS ISC] Russian Dolls VBS Obfuscation

[SANS ISC] Malicious PowerShell Hosted on script.google.com

I published the following diary on isc.sans.edu: “Malicious PowerShell Hosted on script.google.com“: Google has an incredible portfolio of services. Besides the classic ones, there are less known services and… they could be very useful for attackers too. One of them is Google Apps Script. Google describes it like this: “Apps

The post [SANS ISC] Malicious PowerShell Hosted on script.google.com appeared first on /dev/random.

Continue reading [SANS ISC] Malicious PowerShell Hosted on script.google.com

[SANS ISC] “Serverless” Phishing Campaign

I published the following diary on isc.sans.edu: “‘Serverless’ Phishing Campaign“: The Internet is full of code snippets and free resources that you can embed in your projects. SmtpJS is one of those small projects that are very interesting for developers but also bad guys. It’s the first time that I spot

The post [SANS ISC] “Serverless” Phishing Campaign appeared first on /dev/random.

Continue reading [SANS ISC] “Serverless” Phishing Campaign

[SANS ISC] Locking Kernel32.dll As Anti-Debugging Technique

I published the following diary on isc.sans.edu: “Locking Kernel32.dll As Anti-Debugging Technique“: For bad guys, the implementation of techniques to prevent Security Analysts to perform their job is key! The idea is to make our life more difficult (read: “frustrating”). There are plenty of techniques that can be implemented but

The post [SANS ISC] Locking Kernel32.dll As Anti-Debugging Technique appeared first on /dev/random.

Continue reading [SANS ISC] Locking Kernel32.dll As Anti-Debugging Technique

[SANS ISC] From RunDLL32 to JavaScript then PowerShell

I published the following diary on isc.sans.edu: “From RunDLL32 to JavaScript then PowerShell“: I spotted an interesting script on VT a few days ago and it deserves a quick diary because it uses a nice way to execute JavaScript on the targeted system. The technique used in this case is

The post [SANS ISC] From RunDLL32 to JavaScript then PowerShell appeared first on /dev/random.

Continue reading [SANS ISC] From RunDLL32 to JavaScript then PowerShell

[SANS ISC] “Open” Access to Industrial Systems Interface is Also Far From Zero

I published the following diary on isc.sans.edu: “‘Open’ Access to Industrial Systems Interface is Also Far From Zero“: Jan’s last diary about the recent attack against the US pipeline was in perfect timing with the quick research I was preparing for a few weeks. If core components of industrial systems

The post [SANS ISC] “Open” Access to Industrial Systems Interface is Also Far From Zero appeared first on /dev/random.

Continue reading [SANS ISC] “Open” Access to Industrial Systems Interface is Also Far From Zero

[SANS ISC] Alternative Ways To Perform Basic Tasks

I published the following diary on isc.sans.edu: “Alternative Ways To Perform Basic Tasks“: I like to spot techniques used by malware developers to perform basic tasks. We know the LOLBins that are pre-installed tools used to perform malicious activities. Many LOLBins are used, for example, to download some content from

The post [SANS ISC] Alternative Ways To Perform Basic Tasks appeared first on /dev/random.

Continue reading [SANS ISC] Alternative Ways To Perform Basic Tasks