I published the following diary on isc.sans.edu: “Shadow IT Makes People More Vulnerable to Phishing“: Shadow IT is a real problem in many organizations. Behind this term, we speak about pieces of hardware or software that are installed by users without the approval of the IT department. In many cases,
I published the following diary on isc.sans.edu: “Attackers Will Always Abuse Major Events in our Lifes“: All major events in our daily life are potential sources of revenue for attackers. When elections or major sports events are organized, attackers will surf on these waves and try to make some profit or
published the following diary on isc.sans.edu: “Waiting for the C2 to Show Up“: Keep this in mind: “Patience is key”. Sometimes when you are working on a malware sample, you depend on online resources. I’m working on a classic case: a Powershell script decodes then injects a shellcode into a process. There
Dear IoT manufacturers, Yes, I admit: I like your products and my Geekness does not help! I like to play with them. If some are “gadgets” that finally land in a drawer amongst others with cables and connectors, some of them are really useful and I use them daily. You
I published the following diary on isc.sans.edu: “New Example of XSL Script Processing aka ‘Mitre T1220‘”: Last week, Brad posted a diary about TA551. A few days later, one of our readers submitted another sample belonging to the same campaign. Brad had a look at the traffic so I decided
It’s very tempting and, honestly, I’m doing it from time to time… I search for pictures on the Internet and use them in my documents! Why it could be dangerous in some cases? Let’s put aside copyright issues (yes, some pictures might not be free of use) but focus on
A few weeks ago I wrote an ISC diary about a piece of malicious code that used ngrok.io to communicate with the C2 server. Just a quick reminder about this service: it provides a kind of reverse-proxy for servers or applications that people need to publish on the Internet. I
I published the following diary on isc.sans.edu: “When Security Controls Lead to Security Issues“: The job of security professionals is to protect customers’ assets and, even more, today, customers’ data. The security landscape is full of solutions that help to improve security by detecting (and blocking) threats knocking on the
I published the following diary on isc.sans.edu: “Suspicious Endpoint Containment with OSSEC“: When a host is compromised/infected on your network, an important step in the Incident Handling process is the “containment” to prevent further infections. To place the device into a restricted environment is definitively better than powering off the system
I published the following diary on isc.sans.edu: “Example of Malicious DLL Injected in PowerShell“: For a while, PowerShell remains one of the favorite languages for attackers. Installed by default (and almost impossible to get rid of it), powerful, perfectly integrated with the core operating system. It’s very easy to develop
