SANS ISC

[SANS ISC] Malicious Script Leaking Data via FTP

I published the following diary on isc.sans.edu: “Malicious Script Leaking Data via FTP”: The last day of 2018, I found an interesting Windows cmd script which was uploaded from India (SHA256: dff5fe50aae9268ae43b76729e7bb966ff4ab2be1bd940515cbfc0f0ac6b65ef) with a very low VT score. The script is not obfuscated and contains a long list of commands based on

SANS ISC

[SANS ISC] Basic Obfuscation With Permissive Languages

I published the following diary on isc.sans.edu: “Basic Obfuscation With Permissive Languages”: For attackers, obfuscation is key to keep their malicious code below the radar. Code is obfuscated for two main reasons: defeat automatic detection by AV solutions or tools like YARA (which still rely mainly on signatures) and make the code

1 2 3 10