[SANS ISC] Python Shellcode Injection From JSON Data

I published the following diary on isc.sans.edu: “Python Shellcode Injection From JSON Data“:

My hunting rules detected a niece piece of Python code. It’s interesting to see how the code is simple, not deeply obfuscated, and with a very low VT score: 2/56!. I see more and more malicious Python code targeting the Windows environments. Thanks to the library ctypes, Python is able to use any native API calls provided by DLLs.

The script is very simple, so here is the full code… [Read more]

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.