[SANS ISC] Analysis of a Phishing Kit

I published the following diary on isc.sans.edu: “Analysis of a Phishing Kit“: Sometimes, attackers make mistakes and allow security researchers to access interesting resources. This time, it’s another phishing kit that was left in the wild on the compromised server. The file is called ‘2019Amex.zip’ (SHA256:269ab3970ef8997a61b1b14eebe5a2beb1348b2dcc5358ccd4314ad19a41daf5)… [Read more]

[SANS ISC] Party in Ibiza with PowerShell

I published the following diary on isc.sans.edu: “Party in Ibiza with PowerShell“: Today, I would like to talk about PowerShell ISE or “Integration Scripting Environment”. This tool is installed by default on all Windows computers (besides the classic PowerShell interpreter). From a malware analysis point of view, ISE offers a key feature:

[SANS ISC] Suspicious Endpoint Containment with OSSEC

I published the following diary on isc.sans.edu: “Suspicious Endpoint Containment with OSSEC“: When a host is compromised/infected on your network, an important step in the Incident Handling process is the “containment” to prevent further infections.  To place the device into a restricted environment is definitively better than powering off the system

1 2 3 4 26