-
Example of “Modular” Malware, (Wed, May 7th)
Developers (of malware as well as goodware) don’t have to reinvent the wheel all the time. Why rewrite a piece of code that was development by someone else? In the same way, all operating systems provide API calls (or system calls) to interact with the hardware (open a file, display a pixel, send a packet…
-
ISC Stormcast For Wednesday, May 7th, 2025 https://isc.sans.edu/podcastdetail/9440, (Wed, May 7th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Python InfoStealer with Embedded Phishing Webserver, (Tue, May 6th)
Infostealers are everywhere for a while now. If this kind of malware is not aggressive, their impact can be much more impacting to the victim. Attackers need always more and more data to be sold or reused in deeper scenarios. A lot of infostealers are similar and have the following capabilities: Antidebugging and anti-VM capabilities…
-
ISC Stormcast For Tuesday, May 6th, 2025 https://isc.sans.edu/podcastdetail/9438, (Tue, May 6th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
“Mirai” Now Exploits Samsung MaginINFO CMS (CVE-2024-7399), (Mon, May 5th)
Last August, Samsung patched an arbitrary file upload vulnerability that could lead to remote code execution [1]. The announcement was very sparse and did not even include affected systems: SVP-AUG-2024 SVE-2024-50018(CVE-2024-7399) Weakness : Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server allows attackers to write arbitrary file as…
-
ISC Stormcast For Monday, May 5th, 2025 https://isc.sans.edu/podcastdetail/9436, (Mon, May 5th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Steganography Challenge, (Sat, May 3rd)
If you are interested in experimenting with steganography and my tools, I propose the following challenge. This GitHub project is for a steganography tool. It has a PNG image of a stegosaurus with an encoded message. The challenge is to use my tools to decode the message. The steganographic algortihm is a bit different than…
-
ISC Stormcast For Friday, May 2nd, 2025 https://isc.sans.edu/podcastdetail/9434, (Fri, May 2nd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Steganography Analysis With pngdump.py: Bitstreams, (Thu, May 1st)
A friend asked me if my pngdump.py tool can extract individual bits from an image (cfr. diary entry “Steganography Analysis With pngdump.py“). It can not. But another tool can: format-bytes.py. In the diary entry I mentioned, a PE file is embedded inside a PNG file according to a steganographic method: all the bytes of a…
-
ISC Stormcast For Thursday, May 1st, 2025 https://isc.sans.edu/podcastdetail/9432, (Thu, May 1st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
