I published the following diary on isc.sans.edu: “From Phishing To Ransomware?“: On Friday, one of our readers reported a phishing attempt to us (thanks to him!). Usually, those emails are simply part of classic phishing waves and try to steal credentials from victims but, this time, it was not a
I published the following diary on isc.sans.edu: “DSSuite – A Docker Container with Didier’s Tools“: If you follow us and read our daily diaries, you probably already know some famous tools developed by Didier (like oledump.py, translate.py and many more). Didier is using them all the time to analyze malicious
I published the following diary on isc.sans.edu: “Another Day, Another Suspicious UDF File“: In my last diary, I explained that I found a malcious UDF image used to deliver a piece of malware. After this, I created a YARA rule on VT to try to spot more UDF files in
I published the following diary on isc.sans.edu: “Malware Sample Delivered Through UDF Image“: I found an interesting phishing email which was delivered with a malicious attachment: an UDF image (.img). UDF means “Universal Disk Format†and, as said by Wikipedia], is an open vendor-neutral file system for computer data storage. It
I published the following diary on isc.sans.edu: “New Waves of Scans Detected by an Old Rule“: Who remembers the famous ShellShock (CVE-2014-6271)? This bug affected the bash shell in 2014 and was critical due to the facts that it was easy to exploit and that bash is a widespread shell
I published the following diary on isc.sans.edu: “Running your Own Passive DNS Service“: Passive DNS is not new but remains a very interesting component to have in your hunting arsenal. As defined by CIRCL, a passive DNS is “a database storing historical DNS records from various resources. The historical data
I’m in Washington, waiting for my flight back to Belgium. I just attended the 2019 edition of the OSSEC Conference, well more precisely, close to Washington in Herndon, VA. This was my first one and I’ve been honoured to be invited to speak at the event. OSSEC is a very
I published the following diary on isc.sans.edu: “New Wave of Extortion Emails: Central Intelligence Agency Case“: The extortion attempts haved moved to another step recently. After the “sextortion†emails that are propagating for a while, attackers started to flood people with a new type of fake emails and their imaginnation is endless… I
I published the following diary on isc.sans.edu: “Keep an Eye on Disposable Email Addresses“: In many organisations, emails still remain a classic infection path today. The good old email is still today a common communication channel to exchange information with people outside of the security perimeter. Many security controls are
I published the following diary on isc.sans.edu: “Simple Powershell Keyloggers are Back”: Powershell is a very nice language in Windows environments. With only a few lines of code, we can implement nice features… for the good or the bad! While hunting, I found a bunch of malicious Powershell scripts that
