Skip to content
/dev/random

/dev/random

"If the enemy leaves a door open, you must rush in." – Sun Tzu

  • About Me
    • About Me
    • Online Presentations
    • PGP Public Key
  • Disclaimer
  • Tools
    • alerts2afterglow
    • hoover
    • inotes.py
    • known_hosts_bruteforcer
    • pastemon
    • oplb
    • ossec_dashboard
    • ossec2dshield
    • twittermon
    • rrhunter
    • syslog2loggly

Tag: C2

[SANS ISC] Python Malware Using Postgresql for C2 Communications

August 25, 2023 Malware, Python, SANS Internet Storm Center, Security Leave a comment

Today, I published the following diary on isc.sans.edu: “Python Malware Using Postgresql for C2 Communications“: For modern malware, having access to its C2 (Command and control) is a crucial point. There are many ways to connect to a C2 server using tons of protocols, but today, HTTP remains very common

Continue reading »

[SANS ISC] Waiting for the C2 to Show Up

August 20, 2021 Malware, SANS Internet Storm Center, Security Leave a comment

published the following diary on isc.sans.edu: “Waiting for the C2 to Show Up“: Keep this in mind: “Patience is key”. Sometimes when you are working on a malware sample, you depend on online resources. I’m working on a classic case: a Powershell script decodes then injects a shellcode into a process. There

Continue reading »

[SANS ISC] C2 Activity: Sandboxes or Real Victims?

April 2, 2021 Malware, SANS Internet Storm Center, Security Leave a comment

I published the following diary on isc.sans.edu: “C2 Activity: Sandboxes or Real Victims?“: In my last diary, I mentioned that I was able to access screenshots exfiltrated by the malware sample. During the first analysis, there were approximately 460 JPEG files available. I continued to keep an eye on the

Continue reading »

[SANS ISC] Pastebin.com Used As a Simple C2 Channel

March 19, 2021 SANS Internet Storm Center, Security Leave a comment

I published the following diary on isc.sans.edu: “Pastebin.com Used As a Simple C2 Channel“: With the growing threat of ransomware attacks, they are other malicious activities that have less attention today but they remain active. Think about crypto-miners. Yes, attackers continue to mine Monero on compromised systems. I spotted an interesting

Continue reading »

[SANS ISC] Powershell Bot with Multiple C2 Protocols

August 3, 2020 Malware, SANS Internet Storm Center, Security One comment

I published the following diary on isc.sans.edu: “Powershell Bot with Multiple C2 Protocols“: I spotted another interesting Powershell script. It’s a bot and is delivered through a VBA macro that spawns an instance of msbuild.exe This Windows tool is often used to compile/execute malicious on the fly (I already wrote a diary about this

Continue reading »

Upcoming Events

Here is a list of events that I will attend and cover via Twitter and wrap-ups. Ping me if you want to meet! The list is regularly updated.

SANS Munich 2023

Recent Articles

  • Hack.lu 2023 Wrap-Up
  • [SANS ISC] macOS: Who’s Behind This Network Connection?
  • [SANS ISC] Python Malware Using Postgresql for C2 Communications
  • [SANS ISC] More Exotic Excel Files Dropping AgentTesla
  • [SANS ISC] Have You Ever Heard of the Fernet Encryption Algorithm?

Time Machine

Recent Tweets

  • Error: Could not authenticate you.

RSS NVD Vulnerabilities Feed

Copyright Xavier Mertens © 2003-2023 | Powered by Xameco.
This website uses cookies to improve your experience. By using our services, you agree to our use of cookies. Accept Learn more
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT