[SANS ISC] Sandbox Evasion Using NTP

I published the following diary on isc.sans.edu: “Sandbox Evasion Using NTP“:

I’m still hunting for interesting (read: “malicious”) Python samples. By reading my previous diaries, you know that I like to find how attackers implement obfuscation and evasion techniques. Like yesterday, I found a Python sample that creates a thread to run a malicious shellcode[1]. But before processing the shellcode, it performs suspicious network traffic… [Read more]

One comment

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.