I published the following diary on isc.sans.edu: “Offensive Tools Are For Blue Teams Too“: Many offensive tools can be very useful for defenders too. Indeed, if they can help to gather more visibility about the environment that must be protected, why not use them? More information you get, more you
The “diff” command is a very nice tools in *NIX environments to compare the content of two files. But there are some situations where diff is a pain to use. The classic case is when you need to compare many files from different directory trees (by example two different releases
I published the following diary on isc.sans.edu: “Simple but Efficient VBScript Obfuscation“: Today, it’s easy to guess if a piece of code is malicious or not. Many security solutions automatically detonate it into a sandbox by security solutions. This remains quick and (most of the time still) efficient to have a first
I published the following diary on isc.sans.edu: “Quick Analysis of an Encrypted Compound Document Format“: We like when our readers share interesting samples! Even if we have our own sources to hunt for malicious content, it’s always interesting to get fresh meat from third parties. Robert shared an interesting Microsoft Word
For a few months, I’m writing less often on this blog, except to publish my conference wrap-up’s and cross-posting my SANS Internet Storm Center diaries. But today, I decided to write a quick post after spending a few hours to debug a problem with my mail server… It started with
I published the following diary on isc.sans.edu: “Keep an Eye on Command-Line Browsers“: For a few weeks, I’m searching for suspicious files that make use of a command line browser like curl.exe or wget.exe in Windows environment. Wait, you were not aware of this? Just open a cmd.exe and type
I published the following diary on isc.sans.edu: “Sandbox Detection Tricks & Nice Obfuscation in a Single VBScript“: I found an interesting VBScript sample that is a perfect textbook case for training or learning purposes. It implements a nice obfuscation technique as well as many classic sandbox detection mechanisms. The script
I’m just back from Lille (France) where is organized the “FIC” or “International Cybersecurity Forum” today and tomorrow. This event is very popular for some people but not technical at all. Basically, you find all the vendors in one big place trying to convince you that their solution, based on
I published the following diary on isc.sans.edu: “Why Phishing Remains So Popular?“: Probably, some phishing emails get delivered into your mailbox every day and you ask yourself: “Why do they continue to spam us with so many emails? We are aware of phishing and it will not affect my organization!”
I published the following diary on isc.sans.edu: “Complex Obfuscation VS Simple Trick“: Today, I would like to make a comparison between two techniques applied to malicious code to try to bypass AV detection. The Emotet malware family does not need to be presented. Very active for years, new waves of
