I published the following diary on isc.sans.edu: “Show me Your Clipboard Data!“: Thanks to one of our readers who submitted this interesting piece of phishing. Personally, I was not aware of this technique which is interesting to bypass common anti-spam filter and reputation systems. The idea is to create a
I published the following diary on isc.sans.edu: “Show me Your Clipboard Data!“: Yesterday I’ve read an article about the clipboard on iPhones and how it can disclose sensitive information about the device owner. At the end of the article, the author gave a reference to an iPhone app that discloses
I published the following diary on isc.sans.edu: “Offensive Tools Are For Blue Teams Too“: Many offensive tools can be very useful for defenders too. Indeed, if they can help to gather more visibility about the environment that must be protected, why not use them? More information you get, more you
The “diff” command is a very nice tools in *NIX environments to compare the content of two files. But there are some situations where diff is a pain to use. The classic case is when you need to compare many files from different directory trees (by example two different releases
I published the following diary on isc.sans.edu: “Simple but Efficient VBScript Obfuscation“: Today, it’s easy to guess if a piece of code is malicious or not. Many security solutions automatically detonate it into a sandbox by security solutions. This remains quick and (most of the time still) efficient to have a first
I published the following diary on isc.sans.edu: “Quick Analysis of an Encrypted Compound Document Format“: We like when our readers share interesting samples! Even if we have our own sources to hunt for malicious content, it’s always interesting to get fresh meat from third parties. Robert shared an interesting Microsoft Word
For a few months, I’m writing less often on this blog, except to publish my conference wrap-up’s and cross-posting my SANS Internet Storm Center diaries. But today, I decided to write a quick post after spending a few hours to debug a problem with my mail server… It started with
I published the following diary on isc.sans.edu: “Keep an Eye on Command-Line Browsers“: For a few weeks, I’m searching for suspicious files that make use of a command line browser like curl.exe or wget.exe in Windows environment. Wait, you were not aware of this? Just open a cmd.exe and type
I published the following diary on isc.sans.edu: “Sandbox Detection Tricks & Nice Obfuscation in a Single VBScript“: I found an interesting VBScript sample that is a perfect textbook case for training or learning purposes. It implements a nice obfuscation technique as well as many classic sandbox detection mechanisms. The script
I’m just back from Lille (France) where is organized the “FIC” or “International Cybersecurity Forum” today and tomorrow. This event is very popular for some people but not technical at all. Basically, you find all the vendors in one big place trying to convince you that their solution, based on
