I published the following diary on isc.sans.edu: “Sandbox Evasion Using NTP“:
I’m still hunting for interesting (read: “malicious”) Python samples. By reading my previous diaries, you know that I like to find how attackers implement obfuscation and evasion techniques. Like yesterday, I found a Python sample that creates a thread to run a malicious shellcode[1]. But before processing the shellcode, it performs suspicious network traffic… [Read more]
One comment