[SANS ISC] Python and Risky Windows API Calls

I published the following diary on isc.sans.edu: “Python and Risky Windows API Calls“:

The Windows API is full of calls that are usually good indicators to guess the behavior of a script. In a previous diary, I wrote about some examples of “API call groups” that are clearly used together to achieve malicious activities. If it is often used in PowerShell scripts, here is an interesting sample in Python that uses the same technique. It calls directly Windows API though ‘ctypes’… [Read more]

One comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.