VBScript – WindowsTechs.com

[SANS ISC] Simple but Efficient VBScript Obfuscation

Posted on February 22, 2020 by Xavier

I published the following diary on isc.sans.edu: “Simple but Efficient VBScript Obfuscation“: Today, it’s easy to guess if a piece of code is malicious or not. Many security solutions automatically detonate it into a sandbox by security solutions. This remains quick and (most of the time still) efficient to have a first

[The post [SANS ISC] Simple but Efficient VBScript Obfuscation has been first published on /dev/random]

Continue reading [SANS ISC] Simple but Efficient VBScript Obfuscation→

[SANS ISC] Sandbox Detection Tricks & Nice Obfuscation in a Single VBScript

Posted on February 7, 2020 by Xavier

I published the following diary on isc.sans.edu: “Sandbox Detection Tricks & Nice Obfuscation in a Single VBScript“: I found an interesting VBScript sample that is a perfect textbook case for training or learning purposes. It implements a nice obfuscation technique as well as many classic sandbox detection mechanisms. The script

[The post [SANS ISC] Sandbox Detection Tricks & Nice Obfuscation in a Single VBScript has been first published on /dev/random]

Continue reading [SANS ISC] Sandbox Detection Tricks & Nice Obfuscation in a Single VBScript→

[SANS ISC] Rig Exploit Kit Delivering VBScript

Posted on September 13, 2019 by Xavier

I published the following diary on isc.sans.edu: “Rig Exploit Kit Delivering VBScript“: I detected the following suspicious traffic on a corporate network. It was based on multiples infection stages and looked interesting enough to publish a diary about it. This is also a good reminder that, just by surfing the

[The post [SANS ISC] Rig Exploit Kit Delivering VBScript has been first published on /dev/random]

Continue reading [SANS ISC] Rig Exploit Kit Delivering VBScript→

What does this VBS do? Pulled from malicious doc [on hold]

Posted on August 30, 2019 by Jesse Cleary

Linked doc is just copy/paste of code. Far too much to paste here.

74 pages of what to me is just undecipherable. Any way I can hope to translate this? I’m desperate too know what it tries to do.

https://docs.google.com/doc… Continue reading What does this VBS do? Pulled from malicious doc [on hold]→

Microsoft puts another nail in VBScript coffin

Posted on August 8, 2019 by Danny Bradbury

Listen up, VBScript fans: your favourite scripting language’s days are numbered. Continue reading Microsoft puts another nail in VBScript coffin→

How to reverse this VB code

Posted on June 8, 2019 by Robotix

I have a vb or a c# file am confused what language anyway here is what we need

from the file as functions (PHP fan :p).

public static object StringParser(object d, object p)
{
ASCIIEncoding asciiencoding = new … Continue reading How to reverse this VB code→

Latest Qbot Variant Evades Detection, Infects Thousands

Posted on April 24, 2019 by Tom Spring

Ever-changing Qbot trojan has been spotted in a fresh campaign with a new “context aware” delivery technique. Continue reading Latest Qbot Variant Evades Detection, Infects Thousands→

Unterminated String Constant VBSCRIPT [on hold]

Posted on April 6, 2019 by Anciety

I’m having trouble with a vbs script im trying to make to run multiple commands after each other. This is the code:

Set oShell = Wscript.CreateObject(“Wscript.Shell”)
oShell.Run ”
cd “C:\Program Files\windows nt” &
TIME… Continue reading Unterminated String Constant VBSCRIPT [on hold]→

One line .vbs windows reverse shell

Posted on March 3, 2019 by evilcode1

I used msfvenom to generate cmd reverse shell, but I need to run without creating .vbs file on the disk. How can I do that with mshta?

mshta vbscript:Execute(“MsgBox(“”amessage””,64,””atitle””)(window.close)”)

My code:

Fu… Continue reading One line .vbs windows reverse shell→