I published the following diary on isc.sans.org: “Base64 All The Things!“. Here is an interesting maldoc sample captured with my spam trap. The attached file is “PO# 36-14673.DOC†and has a score of 6 on VT. The file contains Open XML data that refers to an invoice.. [Read more]
I published the following diary on isc.sans.org: “Another Day, Another Malicious Behaviour“. Every day, we are spammed with thousands of malicious emails and attackers always try to find new ways to bypass the security controls. Yesterday, I detected a suspicious HTTP GET request: … [Read more]
Just a quick post about a problem that security analysts are facing daily… For a while, malicious Office documents are delivered with OLE objects containing VBA macros. Bad guys are always using obfuscation techniques to make the analysis more difficult and (try to) bypass basic filters. This makes the analysis
[This blogpost has also been published as a guest diary on isc.sans.org] Like everybody, I’m receiving a lot of spam everyday but… I like it! All unsocilited received messages are stored in a dedicated folder for two purposes: An automatic processing via my tool mime2vt A manual review at regular interval
