[SANS ISC] Malware Triage with FLOSS: API Calls Based Behavior

I published the following diary on isc.sans.edu: “Malware Triage with FLOSS: API Calls Based Behavior“: Malware triage is a key component of your hunting process. When you collect suspicious files from multiple sources, you need a tool to automatically process them to extract useful information. To achieve this task, I’m using

SANS ISC

[SANS ISC] Powershell Payload Stored in a PSCredential Object

I published the following diary on isc.sans.edu: “Powershell Payload Stored in a PSCredential Object“: An interesting obfuscation technique to store a malicious payload in a PowerShell script: In a PSCredential object! The PSCredential class can be used to manage credentials in a centralized way. Just have a look at this example. First, let’s encrypt

1 2 3 4 5 25