-
ISC Stormcast For Tuesday, November 26th, 2024 https://isc.sans.edu/podcastdetail/9232, (Tue, Nov 26th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
The strange case of disappearing Russian servers, (Mon, Nov 25th)
Few months ago, I noticed that something strange was happening with the number of servers seen by Shodan in Russia… In order to identify any unusual changes on the internet that might be worth a closer look, I have put together a simple script few years ago. It periodically goes over data that was gathered…
-
Quick & Dirty Obfuscated JavaScript Analysis, (Sun, Nov 24th)
As mentioned in diary entry “Increase In Phishing SVG Attachments“, I have a phishing SVG sample with heavily obfuscated JavaScript. As I didn’t want to spend time doing static analysis, I did a quick dynamic analysis instead. TL;DR: I open the SVG file in a VM disconnected from the Internet, and use Edge’s developer tools…
-
Decrypting a PDF With a User Password, (Sat, Nov 23rd)
In diary entry “Analyzing an Encrypted Phishing PDF“, I decrypted a phishing PDF document. Because the PDF was encrypted for DRM (owner password), I didn’t have to provide a password. What happens if you try this with a PDF encrypted for confidentiality (user password), where a password is needed to open the document? The PDF…
-
Wireshark 4.4.2 Released, (Sat, Nov 23rd)
Wireshark release 4.4.2 fixes 2 vulnerabilities and 33 bugs. Didier Stevens Senior handler blog.DidierStevens.com (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
An Infostealer Searching for « BIP-0039 » Data, (Fri, Nov 22nd)
I like obfuscation techniques implemented by malware developers. If their primary purpose is to defeat security controls and automatic scanners, they are a great starting point for malware analysts. Indeed, if some data or actions have been obfuscated, that means that they can disclose interesting TTP’s. When reviewing a malicious Python script, I found this piece…
-
ISC Stormcast For Friday, November 22nd, 2024 https://isc.sans.edu/podcastdetail/9230, (Fri, Nov 22nd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
ISC Stormcast For Thursday, November 21st, 2024 https://isc.sans.edu/podcastdetail/9228, (Thu, Nov 21st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Increase In Phishing SVG Attachments, (Thu, Nov 21st)
There is an increase in SVG attachments used in phishing emails (Scalable Vector Graphics, an XML-based vector image format). I took a look at the some samples mentioned in the Bleeping Computer article, and searched more samples on VirusTotal. These samples contain HTML & JavaScript code to display a blurry Excel PNG image, and a…
-
ISC Stormcast For Wednesday, November 20th, 2024 https://isc.sans.edu/podcastdetail/9226, (Wed, Nov 20th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
