HackDig : Dig high-quality web security articles for hackers

[SANS ISC] Malicious Word Document with Dynamic Content

I published the following diary on isc.sans.edu: “Malicious Word Document with Dynamic Content“: Here is another malicious Word document that I spotted while hunting. “Another one?” may ask some of our readers. Indeed but malicious documents remain a very common infection vector and you learn a lot when you analyze them. I was rece
Publish At:2020-09-30 11:51 | Read:137 | Comments:0 | Tags:Malware SANS Internet Storm Center Security Office PowerShel

[SANS ISC] Party in Ibiza with PowerShell

I published the following diary on isc.sans.edu: “Party in Ibiza with PowerShell“: Today, I would like to talk about PowerShell ISE or “Integration Scripting Environment”. This tool is installed by default on all Windows computers (besides the classic PowerShell interpreter). From a malware analysis point of view, ISE offers a key
Publish At:2020-09-30 11:51 | Read:96 | Comments:0 | Tags:Malware PowerShell SANS Internet Storm Center Security Obfus

[SANS ISC] Suspicious Endpoint Containment with OSSEC

I published the following diary on isc.sans.edu: “Suspicious Endpoint Containment with OSSEC“: When a host is compromised/infected on your network, an important step in the Incident Handling process is the “containment” to prevent further infections.  To place the device into a restricted environment is definitively better than power
Publish At:2020-09-17 08:05 | Read:173 | Comments:0 | Tags:OSSEC SANS Internet Storm Center Security Incident SANS ISC

[SANS ISC] Example of Malicious DLL Injected in PowerShell

I published the following diary on isc.sans.edu: “Example of Malicious DLL Injected in PowerShell“: For a while, PowerShell remains one of the favorite languages for attackers. Installed by default (and almost impossible to get rid of it), powerful, perfectly integrated with the core operating system. It’s very easy to develop specific P
Publish At:2020-08-28 14:15 | Read:337 | Comments:0 | Tags:Malware SANS Internet Storm Center Security DLL PowerShell S

[SANS ISC] Keep An Eye on LOLBins

I published the following diary on isc.sans.edu: “Keep An Eye on LOLBins“: Don’t misread, I won’t talk about “lolcats” today but “LOLBins” or “Living Off The Land Binaries”. All operating systems provide a rich toolbox to achieve multiple day-to-day tasks like maintenance of the certificates, ins
Publish At:2020-08-25 11:55 | Read:618 | Comments:0 | Tags:Malware SANS Internet Storm Center Security LOLBins Operatin

[SANS ISC] Compromized Desktop Applications by Web Technologies

I published the following diary on isc.sans.edu: “Compromized Desktop Applications by Web Technologies”: For a long time now, it has been said that “the new operating system is the browser”. Today, we do everything in our browsers, we connect to the office, we process emails, documents, we chat, we perform our system maintenances,
Publish At:2020-07-25 14:17 | Read:560 | Comments:0 | Tags:SANS Internet Storm Center Security Compromized JavaScript M

[SANS ISC] Simple Blacklisting with MISP & pfSense

I published the following diary on isc.sans.edu: “Simple Blacklisting with MISP & pfSense“: Here is an example of a simple but effective blacklist system that I’m using on my pfSense firewalls. pfSense is a very modular firewall that can be expanded with many packages. About blacklists, there is a well-known one called pfBlocklist. P
Publish At:2020-07-23 08:09 | Read:503 | Comments:0 | Tags:SANS Internet Storm Center Security Blacklist IOC MISP pfSen

[SANS ISC] Sextortion to The Next Level

I published the following diary on isc.sans.edu: “Sextortion to The Next Level“: For a long time, our mailboxes are flooded with emails from “hackers” (note the quotes) who pretend to have infected our computers with malware. The scenario is always the same: They successfully collected sensitive pieces of evidence about us (usually, men visiti
Publish At:2020-06-16 15:54 | Read:349 | Comments:0 | Tags:OSINT SANS Internet Storm Center Security SANS ISC

[SANS ISC] Anti-Debugging JavaScript Techniques

I published the following diary on isc.sans.edu: “Anti-Debugging JavaScript Techniques“: For developers who write malicious programs, it’s important to make their code not easy to be read and executed in a sandbox. Like most languages, there are many ways to make the life of malware analysts mode difficult (or more exciting, depending on the s
Publish At:2020-06-11 08:30 | Read:324 | Comments:0 | Tags:Malware SANS Internet Storm Center Security SANS ISC

[SANS ISC] Anti-Debugging Technique based on Memory Protection

I published the following diary on isc.sans.edu: “Anti-Debugging Technique based on Memory Protection“: Many modern malware samples implement defensive techniques. First of all, we have to distinguish sandbox-evasion and anti-debugging techniques. Today, sandboxes are an easy and quick way to categorize samples based on their behavior. Malware
Publish At:2020-06-04 06:38 | Read:443 | Comments:0 | Tags:Malware SANS Internet Storm Center Security

[SANS ISC] AgentTesla Delivered via a Malicious PowerPoint Add-In

I published the following diary on isc.sans.edu: “AgentTesla Delivered via a Malicious PowerPoint Add-In“: Attackers are always trying to find new ways to deliver malicious code to their victims. Microsoft Word and Excel are documents that can be easily weaponized by adding malicious VBA macros. Today, they are one of the most common technique
Publish At:2020-05-24 06:01 | Read:504 | Comments:0 | Tags:Malware SANS Internet Storm Center Security AgentTesla Power

[SANS ISC] Using Nmap As a Lightweight Vulnerability Scanner

I published the following diary on isc.sans.edu: “Using Nmap As a Lightweight Vulnerability Scanner“: Yesterday, Bojan wrote a nice diary about the power of the Nmap scripting language (based on LUA). The well-known port scanner can be extended with plenty of scripts that are launched depending on the detected ports. When I read Bojan’s
Publish At:2020-05-18 13:07 | Read:564 | Comments:0 | Tags:SANS Internet Storm Center Security SANS ISC Vulnerability

[SANS ISC] Malicious Excel With a Strong Obfuscation and Sandbox Evasion

I published the following diary on isc.sans.edu: “Malicious Excel With a Strong Obfuscation and Sandbox Evasion“: For a few weeks, we see a bunch of Excel documents spread in the wild with Macro V4. But VBA macros remain a classic way to drop the next stage of the attack on the victim’s computer. The attacker has many ways to fetch the next st
Publish At:2020-05-03 06:24 | Read:542 | Comments:0 | Tags:Malware SANS Internet Storm Center Security Evasion Obfuscat

[SANS ISC] Malicious JavaScript Dropping Payload in the Registry

I published the following diary on isc.sans.edu: “Malicious JavaScript Dropping Payload in the Registry“: When we speak about “fileless” malware, it means that the malware does not use the standard filesystem to store temporary files or payloads. But they need to write data somewhere in the system for persistence or during the infe
Publish At:2020-03-27 11:30 | Read:1909 | Comments:0 | Tags:Malware SANS Internet Storm Center Security SANS ISC

[SANS ISC] Very Large Sample as Evasion Technique?

I published the following diary on isc.sans.edu: “Very Large Sample as Evasion Technique?“: Security controls have a major requirement: they can’t (or at least they try to not) interfere with normal operations of the protected system. It is known that antivirus products do not scan very large files (or just the first x bytes) for perform
Publish At:2020-03-26 08:57 | Read:791 | Comments:0 | Tags:Malware SANS Internet Storm Center Security SANS ISC

Tools

Tag Cloud