SANS ISC – Page 6 – WindowsTechs.com

[SANS ISC] Code Reuse In the Malware Landscape

Posted on January 5, 2022 by Xavier

I published the following diary on isc.sans.edu: “Code Reuse In the Malware Landscape“: Code re-use is classic behavior for many developers and this looks legit: Why reinvent the wheel if you can find some pieces of code that do what you are trying to achieve? If you publish a nice

The post [SANS ISC] Code Reuse In the Malware Landscape appeared first on /dev/random.

Continue reading [SANS ISC] Code Reuse In the Malware Landscape→

[SANS ISC] A Simple Batch File That Blocks People

Posted on January 4, 2022 by Xavier

I published the following diary on isc.sans.edu: “A Simple Batch File That Blocks People“: I found another script that performs malicious actions. It’s a simple batch file (.bat) that is not obfuscated but it has a very low VT score (1/53). The file hash is cc8ae359b629bc40ec6151ddffae21ec8cbfbcf7ca7bda9b3d9687ca05b1d584. The file is detected by

The post [SANS ISC] A Simple Batch File That Blocks People appeared first on /dev/random.

Continue reading [SANS ISC] A Simple Batch File That Blocks People→

[SANS ISC] McAfee Phishing Campaign with a Nice Fake Scan

Posted on January 3, 2022 by Xavier

I published the following diary on isc.sans.edu: “McAfee Phishing Campaign with a Nice Fake Scan“:

I spotted this interesting phishing campaign that (ab)uses the McAfee antivirus to make people scared. It starts with a classic email tha… Continue reading [SANS ISC] McAfee Phishing Campaign with a Nice Fake Scan→

[SANS ISC] More Undetected PowerShell Dropper

Posted on December 21, 2021 by Xavier

I published the following diary on isc.sans.edu: “More Undetected PowerShell Dropper“: Last week, I published a diary about a PowerShell backdoor running below the radar with a VT score of 0! This time, it’s a dropper with multiple obfuscation techniques in place. It is also important to mention that the injection technique used is similar

The post [SANS ISC] More Undetected PowerShell Dropper appeared first on /dev/random.

Continue reading [SANS ISC] More Undetected PowerShell Dropper→

[SANS ISC] Simple but Undetected PowerShell Backdoor

Posted on December 15, 2021 by Xavier

I published the following diary on isc.sans.edu: “Simple but Undetected PowerShell Backdoor“: For a while, most security people agree on the fact that antivirus products are not enough for effective protection against malicious code. If they can block many threats, some of them remain undetected by classic technologies. Here is

The post [SANS ISC] Simple but Undetected PowerShell Backdoor appeared first on /dev/random.

Continue reading [SANS ISC] Simple but Undetected PowerShell Backdoor→

Log4Shell: A new fix, details of active attacks, and risk mitigation recommendations

Posted on December 15, 2021 by Zeljka Zorz

Due to the extraordinary widespread use of the open-source Apache Log4j library, the saga of the Log4Shell (CVE-2021-44228) vulnerability is nowhere near finished. As Dr. Johannes Ullrich, Dean of Research at the SANS Technology Institute, recently not… Continue reading Log4Shell: A new fix, details of active attacks, and risk mitigation recommendations→

Log4Shell update: Attack surface, attacks in the wild, mitigation and remediation

Posted on December 13, 2021 by Zeljka Zorz

Several days have passed since the dramatic reveal of CVE-2021-44228 (aka Log4Shell), an easily exploitable (without authentication) RCE flaw in Apache Log4j, a popular open-source Java-based logging utility that’s seemingly used by most enterpri… Continue reading Log4Shell update: Attack surface, attacks in the wild, mitigation and remediation→

[SANS ISC] Python Shellcode Injection From JSON Data

Posted on December 10, 2021 by Xavier

I published the following diary on isc.sans.edu: “Python Shellcode Injection From JSON Data“: My hunting rules detected a niece piece of Python code. It’s interesting to see how the code is simple, not deeply obfuscated, and with a very low VT score: 2/56!. I see more and more malicious Python code

The post [SANS ISC] Python Shellcode Injection From JSON Data appeared first on /dev/random.

Continue reading [SANS ISC] Python Shellcode Injection From JSON Data→

[SANS ISC] The UPX Packer Will Never Die!

Posted on December 3, 2021 by Xavier

I published the following diary on isc.sans.edu: “The UPX Packer Will Never Die!“: Today, many malware samples that you can find in the wild are “packed”. The process of packing an executable file is not new and does not mean that it is de-facto malicious. Many developers decide to pack

The post [SANS ISC] The UPX Packer Will Never Die! appeared first on /dev/random.

Continue reading [SANS ISC] The UPX Packer Will Never Die!→

[SANS ISC] Info-Stealer Using webhook.site to Exfiltrate Data

Posted on December 1, 2021 by Xavier

I published the following diary on isc.sans.edu: “Info-Stealer Using webhook.site to Exfiltrate Data“: We already reported multiple times that, when you offer an online (cloud) service, there are a lot of chances that it will be abused for malicious purposes. I spotted an info-stealer that exfiltrates data through webhook.site. Today, many

The post [SANS ISC] Info-Stealer Using webhook.site to Exfiltrate Data appeared first on /dev/random.

Continue reading [SANS ISC] Info-Stealer Using webhook.site to Exfiltrate Data→