A quick blog post about a module that I wrote to interconnect the malware analysis framework Viper and the malware analysis platform A1000 from ReversingLabs. The module can perform two actions at the moment: to submit a new sample for analysis and to retrieve the analysis results (categorization): viper sample.exe
TheHive is a great incident response platform which has the wind in its sails for a while. More and more organization are already using it or are strongly considering to deploy it in a near future. TheHive is tightly integrated with MISP to push/pull IOC’s. Such tool must be fed with
A few days ago, I wrote a diary for the SANS ISC about a ransomware as a service found on the Darknet. Today, I found an occurrence of “RaaSberry” which is a known platform. It is available in the wild for a few months. The service is available through Tor and looks professional.
I published the following diary on isc.sans.org: “Adaptive Phishing Kit“: Phishing kits are everywhere! If your server is compromised today, they are chances that it will be used to mine cryptocurrency, to deliver malware payloads or to host a phishing kit. Phishing remains a common attack scenario to collect valid
A security conference does not need to be “big” to be interesting. Size doesn’t matter with security conferences ;-). I’m in Lille, France where I attended the conference called “CoRIIN“. This event is held in French and means “Conférence sur la réponse aux incidents et l’investigation numérique” or “Incident Response
I published the following diary on isc.sans.org: “Comment your Packet Captures!“: When you are investigating a security incident, a key element is to take notes and to document as much as possible. There is no “best†way to take notes, some people use electronic solutions while others are using good
I published the following diary on isc.sans.org: “Mining or Nothing!“: Cryptocurrencies mining has been a trending attack for a few weeks. Our idling CPUs are now targeted by bad guys who are looked to generate some extra revenue by abusing our resources. Other fellow handlers already posted diaries about this topic.
If you own a website, you already know that servers are visited all day long by bots and crawlers with multiple intents, sometimes good but also sometimes bad. An interesting field in web server logs is the “user-agent”. The RFC 2616 describes the User-Agent field used in HTTP requests:
More a file format is used in a malware infection chain, more files of this type will be flagged as suspicious, analyzed or blocked by security controls. That’s why attackers are constantly looking for new ways to infect computers and use more exotic file formats. Like fashion is in a
I published the following diary on isc.sans.org: “Example of ‘MouseOver’ Link in a Powerpoint File“: I really like Microsoft Office documents…Â They offer so many features that can be (ab)used to make them virtual bombs. Yesterday, I found a simple one but nicely prepared Powerpoint presentation: Payment_copy.ppsx (SHA256:7d6f3eb45c03a8c2fca4685e9f2d4e05c5fc564c3c81926a5305b6fa6808ac3f). It was still
