And we are still in Strasbourg! The second day started with « From GhostNet to PseudoManuscrypt » by Jorge Rodriguez & Souhail Hammou. PseudoManuscrypt is a recent RAT spotted by Kaspersky in July 2021. It is widely distributed by fake applications, websites and malware loaders. It’s a fork of Gh0st RAT. This
It has been a while since I posted my last wrap-up. With the COVID break, many conferences have been canceled or postponed. But Botconf, one of my favorites, has been scheduled for a long time in my (busy) planning. This edition is located in Strasbourg. I arrived yesterday afternoon to
I published the following diary on isc.sans.edu: “A Backdoor with Smart Screenshot Capability“: Today, everything is “smart” or “intelligent”. We have smartphones, smart cars, smart doorbells, etc. Being “smart” means performing actions depending on the context, the environment, or user actions. For a while, backdoors and trojans have implemented screenshot
Twenty years ago… I decided to start a blog to share my thoughts! That’s why I called it “/dev/random”. How was the Internet twenty years ago? Well, they were good things and bad ones… With the years, the blog content evolved, and I wrote a lot of technical stuff related
I published the following diary on isc.sans.edu: “A First Malicious OneNote Document“: Attackers are always trying to find new ways to deliver malware to victims. They recently started sending Microsoft OneNote files in massive phishing campaigns. OneNote files (ending the extension “.one”) are handled automatically by computers that have the
I published the following diary on isc.sans.edu: “Do you collect “Observables” or “IOCs”?“: Indicators of Compromise, or IOCs, are key elements in blue team activities. IOCs are mainly small pieces of technical information that have been collected during investigations, threat hunting activities or malware analysis. About the last example, the malware analyst’s goal
I published the following diary on isc.sans.edu: “Another Script-Based Ransomware“: In the past, I already found some script-based ransomware samples written in Python or Powershell. The last one I found was only a “proof-of-concept” (my guess) but it demonstrates how easy such malware can be developed and how they remain
It has been a while since I did not take time to write a security conference wrap-up. With all these COVID restrictions, we were stuck at home for a while. Still today, some events remain postponed and, worse, canceled! The energy crisis in Europe does not help, some venues are
I published the following diary on isc.sans.edu: “Malicious Python Script Behaving Like a Rubber Ducky“: Last week, it was SANSFIRE in Washington where I presented a SANS@Night talk about malicious Python scripts in Windows environment. I’m still looking for more fresh meat and, yesterday, I found another interesting one. Do you
Conferences are back! After Botconf in April, that’s Pass-The-Salt that is organized this week in Lille, France. After the two years break, the formula did not change: same location, free, presentations around security, and free software! And, most important, the same atmosphere. The first day started in the afternoon and
