[SANS ISC] RedLine Stealer Delivered Through FTP

I published the following diary on isc.sans.edu: “RedLine Stealer Delivered Through FTP“: Here is a piece of malicious Python script that injects a RedLine stealer into its own process. Process injection is a common attacker’s technique these days (for a long time already). The difference, in this case, is that

The post [SANS ISC] RedLine Stealer Delivered Through FTP appeared first on /dev/random.

Continue reading [SANS ISC] RedLine Stealer Delivered Through FTP

[SANS ISC] Malicious Python Script Targeting Chinese People

I published the following diary on isc.sans.edu: “Malicious Python Script Targeting Chinese People“: This week I found a lot of interesting scripts as this is my fourth diary in a row! I spotted a Python script that targets Chinese people. The script has a very low VT score (2/56) (SHA256:aaec7f4829445c89237694a654a731ee5a52fae9486b1d2bce5767d1ec30c7fb).

The post [SANS ISC] Malicious Python Script Targeting Chinese People appeared first on /dev/random.

Continue reading [SANS ISC] Malicious Python Script Targeting Chinese People

Linux X86 Assembly – How To Make Payload Extraction Easier

Overview In the last blog post of the X86 Linux assembly series, we focused on how to make our Hello World payload friendly for use as a payload in exploits.  However, we didn’t cover how to extract the payload itself for use in exploits.  Sure you cou… Continue reading Linux X86 Assembly – How To Make Payload Extraction Easier