From JavaScript to AsyncRAT, (Thu, Mar 28th)
It has been a while since I found an interesting piece of JavaScript. This one was pretty well obfuscated. It was called “_Rechnung_01941085434_PDF.js” (Invoice in…
It has been a while since I found an interesting piece of JavaScript. This one was pretty well obfuscated. It was called “_Rechnung_01941085434_PDF.js” (Invoice in…
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Today, I noticed in our “first seen URL” list, two URLs I didn’t immediately recognize: /webtools/control/ProgramExport;/ /webtools/control/xmlrpc;/ These two URLs appear to be associated with…
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
During a recent Linux forensic engagement, a colleague asked if there was anyway to tell what packages were installed on a victim image. As we…
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.