I published the following diary on isc.sans.org: “Using Security Tools to Compromize a Network“. One of our daily tasks is to assess and improve the security of our customers or colleagues. To achieve this use security tools (linked to processes). With the time, we are all building our personal toolbox
A quick blog post about a malicious VBScript macro that I analysed… Bad guys have always plenty of ideas to obfuscate their code. The macro was delivered via a classic phishing email with an attached zip archive that contained a Windows .lnk file. The link containing a simple call to
I published the following diary on isc.sans.org: “UAC Bypass in JScript Dropper“. Yesterday, one of our readers sent us a malicious piece of JScript: doc2016044457899656.pdf.js.js. It’s always interesting to have a look at samples coming from alternate sources because they may slightly differ from what we usually receive on a
It’s over! The 4th edition of Botconf just finished and I’m in the train back to Belgium writing the daily wrap-up. Yesterday, the reception was organized in a very nice place (the “Chapelle de la Trinitéâ€). Awesome place, awesome food, interesting chats as usual. To allow people to recover smoothly,
The second is over, so here is my daily wrap-up! After some welcomed coffee cups, it started sharp at 9AM with Christiaan Beek who spoke about Ransomware: “Ransomware & Beyondâ€. When I read the title, my first reaction was “What can be said in a conference like Botconf about ransomware?”.
This is already the fourth edition of the Botconf security conference, fully dedicated to fighting malware and botnets. Since the first edition, the event location changed every year and it allowed me to visit nice cities in France. After Nantes, Nancy and Paris, the conference invaded Lyon. I arrived yesterday in
I published the following diary on isc.sans.org: “Example of Getting Analysts & Researchers Away“. It is well-known that bad guys implement pieces of code to defeat security analysts and researchers. Modern malware’s have VM evasion techniques to detect as soon as possible if they are executed in a sandbox environment. The same applies
I published the following diary on isc.sans.org: “Full Packet Capture for Dummies” When a security incident occurred and must be investigated, the Incident Handler’s Holy Grail is a network capture file. It contains all communications between the hosts on the network. These metadata are already in goldmine: source and destination
The third day is already over! I’m just back at home so it’s time for a last quick wrap-up before recovering before BruCON which is organized next week! Damien Cauquil started the first batch of talks with a presentation of his new framework: “BTLEJuice: the Bluetooth Smart Man In The Middle
I published the following diary on isc.sans.org: “Spam Delivered via .ICS Files“. Yesterday, I received a few interesting emails in my honeypot. I set up catch-all email addresses for domains that are well known by spammers. I’m capturing emails and extracting MIME attachments for further analysis. Today, my honeypot received three
