A few weeks ago I posted a diary on the ISC SANS website about a script to automate the extraction and analyze of MIME attachments in emails. Being the happy owner of an old domain (15y), this domain is present in all spammer’s mailing lists. I’m receiving a lot of
Category: Malware
When Security Makes Users Asleep!
It’s a fact, in industries or on building sites, professional people make mistakes or, worse, get injured. Why? Because their attention is reduced at a certain point. When you’re doing the same job all day long, you get tired and lack of concentration. The same can apply in information security! For a long
Deobfuscating Malicious VBA Macro with a Few Lines of Python
Just a quick post about a problem that security analysts are facing daily… For a while, malicious Office documents are delivered with OLE objects containing VBA macros. Bad guys are always using obfuscation techniques to make the analysis more difficult and (try to) bypass basic filters. This makes the analysis
Malicious MS Word Document not Detected by AV Software
[This blogpost has also been published as a guest diary on isc.sans.org] Like everybody, I’m receiving a lot of spam everyday but… I like it! All unsocilited received messages are stored in a dedicated folder for two purposes: An automatic processing via my tool mime2vt A manual review at regular interval
Botconf 2014 Wrap-Up Day #1
Botconf is back for a second edition! If the first one was held last year in Nantes, botnet fighters from many countries are back in Nancy to discuss again about… botnets! As the name says, Botconf is a security conference which focus only on botnets. This is a very interesting topic because
Offline Malware Analysis with Host-Only VirtualBox Networks
Following the presentation that I made at the RMLL 2014 last week, I slightly changed my malware analysis setup. The goal is to make it fully operational “offline“. Indeed, today we are always “on“, Internet is everywhere and it’s easy to get a pipe. However, sometimes it’s better to not send packets
Book Review: Cuckoo Malware Analysis
I’m a Cuckoo user for a long time therefore it was a good opportunity to read the book “Cuckoo Malware Analysis” and write a quick review (The book is published by Packt Publishing). For the readers who don’t know what Cuckoo is, here is a brief introduction… Malwares are a
BotConf 2013 Wrap-Up Day #2
I’m back in Belgium after driving a few hours back to Belgium and it’s time to give you my wrap-up of the second day. After a short night, we were back at the Chamber of Commerce in Nantes. The venue was located closed to the “Maillé-Brézé“, an old French military
BotConf 2013 Wrap-Up Day #1
I’m in Nantes (France) for two days to attend a new conference: Botconf. As the name says, this event is dedicated to botnets and malwares. The goal is to present talks about those malicious network of computers, how to detect them, how to fight them and, finally, eradicate them. I
Apkscan: Live Android Malware Analysis
Mobile devices are more and more seen as nice targets from attackers’ point of view. Which is easily understandable: the market is exploding and people still don’t realize that a mobile device is not only a mobile “phone” but a mobile “computer” with an operating system, I/Os and… applications! The