I published the following diary on isc.sans.org: “Surge in blackmailing?“: What’s happening with blackmails? For those who don’t know the word, it is a piece of mail sent to a victim to ask money in return for not revealing compromising information about him/her. For a few days, we noticed a peak
I published the following diary on isc.sans.org: “Administrator’s Password Bad Practice“: Just a quick reminder about some bad practices while handling Windows Administrator credentials. I’m constantly changing my hunting filters on VT. A few days ago, I started to search for files/scripts that use the Microsoft SysInternals tool psexec. For system administrators,
I published the following diary on isc.sans.org: “Payload delivery via SMB“: This weekend, while reviewing the collected data for the last days, I found an interesting way to drop a payload to the victim. This is not brand new and the attack surface is (in my humble opinion) very restricted
I published the following diary on isc.sans.org: “CRIMEB4NK IRC Bot“: Yesterday, I got my hands on the source code of an IRC bot written in Perl. Yes, IRC (“Internet Relay Chat”) is still alive! If the chat protocol is less used today to handle communications between malware and their C2 servers, it
I published the following diary on isc.sans.org: “Malicious Bash Script with Multiple Features“: It’s not common to find a complex malicious bash script. Usually, bash scripts are used to download a malicious executable and start it. This one has been spotted by @michalmalik who twitted about it. I had a
I published the following diary on isc.sans.org: “The Crypto Miners Fight For CPU Cycles“: I found an interesting piece of Powershell code yesterday. The purpose is to download and execute a crypto miner but the code also implements a detection mechanism to find other miners, security tools or greedy processes
I published the following diary on isc.sans.org: “Beware of the “Cloud”“: Today, when you buy a product, there are chances that it will be “connected†and use cloud services for, at least, one of its features. I’d like to tell you a bad story that I had this week. Just
I published the following diary on isc.sans.org: “Common Patterns Used in Phishing Campaigns Files“: Phishing campaigns remain a common way to infect computers. Every day, I’m receiving plenty of malicious documents pretending to be sent from banks, suppliers, major Internet actors, etc. All those emails and their payloads are indexed
I published the following diary on isc.sans.org: “Malware Delivered via Windows Installer Files“: For some days, I collected a few samples of malicious MSI files. MSI files are Windows installer files that users can execute to install software on a Microsoft Windows system. Of course, you can replace “software†with “malwareâ€. MSI
I published the following diary on isc.sans.org: “Adaptive Phishing Kit“: Phishing kits are everywhere! If your server is compromised today, they are chances that it will be used to mine cryptocurrency, to deliver malware payloads or to host a phishing kit. Phishing remains a common attack scenario to collect valid
