HackDig : Dig high-quality web security articles for hacker

[SANS ISC] Simple but Efficient VBScript Obfuscation

I published the following diary on isc.sans.edu: “Simple but Efficient VBScript Obfuscation“: Today, it’s easy to guess if a piece of code is malicious or not. Many security solutions automatically detonate it into a sandbox by security solutions. This remains quick and (most of the time still) efficient to have a first idea about the code beh
Publish At:2020-02-22 10:05 | Read:116 | Comments:0 | Tags:Malware SANS Internet Storm Center Security Obfuscation SANS

[SANS ISC] Sandbox Detection Tricks & Nice Obfuscation in a Single VBScript

I published the following diary on isc.sans.edu: “Sandbox Detection Tricks & Nice Obfuscation in a Single VBScript“: I found an interesting VBScript sample that is a perfect textbook case for training or learning purposes. It implements a nice obfuscation technique as well as many classic sandbox detection mechanisms. The script is a dropp
Publish At:2020-02-07 16:20 | Read:237 | Comments:0 | Tags:Malware SANS Internet Storm Center Obfuscation SANS ISC VBSc

[SANS ISC] Why Phishing Remains So Popular?

I published the following diary on isc.sans.edu: “Why Phishing Remains So Popular?“: Probably, some phishing emails get delivered into your mailbox every day and you ask yourself: “Why do they continue to spam us with so many emails? We are aware of phishing and it will not affect my organization!” First of all, emails remain a
Publish At:2020-01-24 15:20 | Read:366 | Comments:0 | Tags:SANS Internet Storm Center Security Social Engineering Phish

[SANS ISC] Complex Obfuscation VS Simple Trick

I published the following diary on isc.sans.edu: “Complex Obfuscation VS Simple Trick“: Today, I would like to make a comparison between two techniques applied to malicious code to try to bypass AV detection. The Emotet malware family does not need to be presented. Very active for years, new waves of attacks are always fired using different in
Publish At:2020-01-23 08:20 | Read:364 | Comments:0 | Tags:Malware SANS Internet Storm Center Security Emotet Maldoc Ob

[SANS ISC] Code & Data Reuse in the Malware Ecosystem

I published the following diary on isc.sans.edu: “Code & Data Reuse in the Malware Ecosystem“: In the past, I already had the opportunity to give some “security awareness” sessions to developers. One topic that was always debated is the reuse of existing code. Indeed, for a developer, it’s tempting to not reinvent the whe
Publish At:2019-12-12 08:20 | Read:462 | Comments:0 | Tags:SANS Internet Storm Center Security SANS ISC

[SANS ISC] Keep an Eye on Remote Access to Mailboxes

I published the following diary on isc.sans.edu: “Generating PCAP Files from YAML“: BEC or “Business Email Compromize” is a trending thread for a while. The idea is simple: a corporate mailbox (usually from a C-level member) is compromized to send legitimate emails to other employees or partners. That’s the very first st
Publish At:2019-11-12 03:20 | Read:581 | Comments:0 | Tags:SANS Internet Storm Center Security BEC Email SANS ISC

[SANS ISC] Microsoft Apps Diverted from Their Main Use

I published the following diary on isc.sans.edu: “Microsoft Apps Diverted from Their Main Use“: This week, the CERT.eu organized its yearly conference in Brussels. Across many interesting presentations, one of them covered what they called the “cat’n’mouse” game that Blue and Red teams are playing continuously. When the Blue team h
Publish At:2019-11-12 03:20 | Read:481 | Comments:0 | Tags:SANS Internet Storm Center Security Microsoft Office SANS IS

[SANS ISC] Quick Malicious VBS Analysis

I published the following diary on isc.sans.edu: “Quick Malicious VBS Analysis“: Let’s have a look at a VBS sample found yesterday. It started as usual with a phishing email that contained a link to a malicious ZIP archive. This technique is more and more common to deliver the first stage via a URL because it reduces the risk to have the
Publish At:2019-10-18 08:20 | Read:1533 | Comments:0 | Tags:Malware SANS Internet Storm Center Security SANS ISC

[SANS ISC] Huge Amount of remotewebaccess.com Sites Found in Certificate Transparency Logs

I published the following diary on isc.sans.edu: “Huge Amount of remotewebaccess.com Sites Found in Certificate Transparency Logs“: I’m keeping an eye on the certificate transparency logs using automated scripts. The goal is to track domain names (and their variations) of my customers, sensitive services in Belgium, key Internet players
Publish At:2019-09-24 09:25 | Read:709 | Comments:0 | Tags:SANS Internet Storm Center Security remotewebaccess.Com SANS

[SANS ISC] Agent Tesla Trojan Abusing Corporate Email Accounts

I published the following diary on isc.sans.edu: “Agent Tesla Trojan Abusing Corporate Email Accounts“: The trojan ‘Agent Tesla’ is not brand new, discovered in 2018, it is written in VisualBasic and has plenty of interesting features. Just have a look at the MITRE ATT&CK overview of its TTP. I found a sample of Agent Tesla spr
Publish At:2019-09-19 15:55 | Read:551 | Comments:0 | Tags:Malware SANS Internet Storm Center Security Agent Tesla SANS

[SANS ISC] Simple Analysis of an Obfuscated JAR File

I published the following diary on isc.sans.org: “Simple Analysis of an Obfuscated JAR File“. Yesterday, I found in my spam trap a file named ‘0.19238000 1509447305.zip’ (SHA256: 7bddf3bf47293b4ad8ae64b8b770e0805402b487a4d025e31ef586e9a52add91). The ZIP archive contained a Java archive named ‘0.19238000 1509447305.jar’ (SHA256: b161c7
Publish At:2017-11-03 16:40 | Read:4788 | Comments:0 | Tags:Malware SANS Internet Storm Center Security Java JRAT SANS I

[SANS ISC] Stop relying on file extensions

I published the following diary on isc.sans.org: “Stop relying on file extensions“. Yesterday, I found an interesting file in my spam trap. It was called ‘16509878451.XLAM’. To be honest, I was not aware of this extension and I found this on the web: “A file with the XLAM file extension is an Excel Macro-Enabled Add-In file that’
Publish At:2017-10-24 21:20 | Read:4390 | Comments:0 | Tags:SANS Internet Storm Center Security SANS ISC YARA

[SANS ISC] Investigating Security Incidents with Passive DNS

I published the following diary on isc.sans.org: “Investigating Security Incidents with Passive DNS“. Sometimes when you need to investigate a security incident or to check for suspicious activity, you become frustrated because the online resource that you’re trying to reach has already been cleaned. We cannot blame system administrators and webm
Publish At:2017-10-02 23:20 | Read:4429 | Comments:0 | Tags:Incident Management SANS Internet Storm Center Security Pass

[SANS ISC] The easy way to analyze huge amounts of PCAP data

I published the following diary on isc.sans.org: “The easy way to analyze huge amounts of PCAP data“. When you are investigating a security incident, there are chances that, at a certain point, you will have to dive into network traffic analysis. If you’re lucky, you’ll have access to a network capture. Approximatively one year ago, I wrote a qui
Publish At:2017-09-28 08:00 | Read:2910 | Comments:0 | Tags:Docker SANS Internet Storm Center Security Moloch network pc

[SANS ISC] Getting some intelligence from malspam

I published the following diary on isc.sans.org: “Getting some intelligence from malspam“. Many of us are receiving a lot of malspam every day. By “malspam”, I mean spam messages that contain a malicious document. This is one of the classic infection vectors today and aggressive campaigns are started every week. Usually, most of them
Publish At:2017-09-18 08:05 | Read:2612 | Comments:0 | Tags:Malware Security Splunk Intelligence SANS ISC

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud