SANS ISC – Page 8 – WindowsTechs.com

[SANS ISC] Infected With a .reg File

Posted on July 30, 2021 by Xavier

I published the following diary on isc.sans.edu: “Infected With a .reg File“: Yesterday, I reported a piece of malware that uses archive.org to fetch its next stage. Today, I spotted another file that is also interesting: A Windows Registry file (with a “.reg” extension). Such files are text files created by exporting values

The post [SANS ISC] Infected With a .reg File appeared first on /dev/random.

Continue reading [SANS ISC] Infected With a .reg File→

[SANS ISC] Malicious Content Delivered Through archive.org

Posted on July 29, 2021 by Xavier

I published the following diary on isc.sans.edu: “Malicious Content Delivered Through archive.org“: archive.org, also known as the “way back machine” is a very popular Internet site that allows you to travel back in time and browse old versions of a website (like the ISC website). It works like regular search engines and

The post [SANS ISC] Malicious Content Delivered Through archive.org appeared first on /dev/random.

Continue reading [SANS ISC] Malicious Content Delivered Through archive.org→

[SANS ISC] Using Sudo with Python For More Security Controls

Posted on July 8, 2021 by Xavier

I published the following diary on isc.sans.edu: “Using Sudo with Python For More Security Controls“: I’m a big fan of the Sudo command. This tool, available on every UNIX flavor, allows system administrators to provide access to certain users/groups to certain commands as root or another user. This is performed with a

The post [SANS ISC] Using Sudo with Python For More Security Controls appeared first on /dev/random.

Continue reading [SANS ISC] Using Sudo with Python For More Security Controls→

[SANS ISC] Python DLL Injection Check

Posted on July 7, 2021 by Xavier

I published the following diary on isc.sans.edu: “Python DLL Injection Check“: They are many security tools that inject DLL into processes running on a Windows system. The classic examples are anti-virus products. They like to inject plenty of code that, combined with API hooking, implements security checks. If DLLs are

The post [SANS ISC] Python DLL Injection Check appeared first on /dev/random.

Continue reading [SANS ISC] Python DLL Injection Check→

[SANS ISC] Keeping an Eye on Dangerous Python Modules

Posted on June 11, 2021 by Xavier

I published the following diary on isc.sans.edu: “Keeping an Eye on Dangerous Python Modules“: With Python getting more and more popular, especially on Microsoft Operating systems, it’s common to find malicious Python scripts today. I already covered some of them in previous diaries. I like this language because it is very

The post [SANS ISC] Keeping an Eye on Dangerous Python Modules appeared first on /dev/random.

Continue reading [SANS ISC] Keeping an Eye on Dangerous Python Modules→

[SANS ISC] Russian Dolls VBS Obfuscation

Posted on June 4, 2021 by Xavier

I published the following diary on isc.sans.edu: “Russian Dolls VBS Obfuscation“: We received an interesting sample from one of our readers (thanks Henry!) and we like this. If you find something interesting, we are always looking for fresh meat! Henry’s sample was delivered in a password-protected ZIP archive and the

The post [SANS ISC] Russian Dolls VBS Obfuscation appeared first on /dev/random.

Continue reading [SANS ISC] Russian Dolls VBS Obfuscation→

[SANS ISC] Malicious PowerShell Hosted on script.google.com

Posted on May 28, 2021 by Xavier

I published the following diary on isc.sans.edu: “Malicious PowerShell Hosted on script.google.com“: Google has an incredible portfolio of services. Besides the classic ones, there are less known services and… they could be very useful for attackers too. One of them is Google Apps Script. Google describes it like this: “Apps

The post [SANS ISC] Malicious PowerShell Hosted on script.google.com appeared first on /dev/random.

Continue reading [SANS ISC] Malicious PowerShell Hosted on script.google.com→

[SANS ISC] “Serverless” Phishing Campaign

Posted on May 22, 2021 by Xavier

I published the following diary on isc.sans.edu: “‘Serverless’ Phishing Campaign“: The Internet is full of code snippets and free resources that you can embed in your projects. SmtpJS is one of those small projects that are very interesting for developers but also bad guys. It’s the first time that I spot

The post [SANS ISC] “Serverless” Phishing Campaign appeared first on /dev/random.

Continue reading [SANS ISC] “Serverless” Phishing Campaign→

[SANS ISC] Locking Kernel32.dll As Anti-Debugging Technique

Posted on May 21, 2021 by Xavier

I published the following diary on isc.sans.edu: “Locking Kernel32.dll As Anti-Debugging Technique“: For bad guys, the implementation of techniques to prevent Security Analysts to perform their job is key! The idea is to make our life more difficult (read: “frustrating”). There are plenty of techniques that can be implemented but

The post [SANS ISC] Locking Kernel32.dll As Anti-Debugging Technique appeared first on /dev/random.

Continue reading [SANS ISC] Locking Kernel32.dll As Anti-Debugging Technique→

[SANS ISC] From RunDLL32 to JavaScript then PowerShell

Posted on May 18, 2021 by Xavier

I published the following diary on isc.sans.edu: “From RunDLL32 to JavaScript then PowerShell“: I spotted an interesting script on VT a few days ago and it deserves a quick diary because it uses a nice way to execute JavaScript on the targeted system. The technique used in this case is

The post [SANS ISC] From RunDLL32 to JavaScript then PowerShell appeared first on /dev/random.

Continue reading [SANS ISC] From RunDLL32 to JavaScript then PowerShell→