When a host is compromised/infected on your network, an important step in the Incident Handling process is the “containment” to prevent further infections. To place the device into a restricted environment is definitively...
Read MoreWe always say how network security is changing every day. Take a long lunch, and you may miss a critical exploit. But sometimes, time appears to stand still. We just passed 1.6 Billion seconds in the Unix Epoch. Back when the...
Read MoreIntroduction Today’s diary is another traffic analysis quiz (here’s the previous one) where you try to identify the malware based on a pcap of traffic from an infected Windows host. Download the pcap for...
Read MoreMore than 10 years ago, a first RFC was published describing the “.well-known” directory for web servers. The idea is pretty simple: Provide a standard location for files that are mostly intended for signaling and...
Read MoreWhen doing pentestings, the establishment of backdoors is vital to be able to carry out lateral movements in the network or to reach the stage of action on objectives. This is usually accomplished by inviting someone to click on...
Read MoreThis month we got patches for 129 vulnerabilities. Of these, 23 are critical and none of them was previously disclosed or is being exploited according to Microsoft. Amongst the critical ones, there is a remote code execution...
Read MoreIn the next couple of months, Apple will likely release its next major update to macOS, “Big Sur” or also called macOS 11. I was able to install the most recent beta version of the operating system in a virtual...
Read MoreIntroduction For the past month or so, I hadn’t had any luck finding active malspam campaigns pushing Dridex malware. That changed starting this week, and I’ve since found several examples. Today’s diary...
Read MoreA reader asked about another malicious file, thinking it is an intentionally corrupt ZIP file. If you follow the steps I showed in diary entry “Office: About OLE and ZIP Files”, you will see that it is not a corrupt...
Read MoreA reader asked if a particular Emotet sample was a malformed ZIP file. It is not, and I will explain why you might think it is in this diary entry. I create an example Word document, and save it as a .doc file (OLE file). When I...
Read MoreWhile going over what my e-mail malware quarantine caught during this week, I found a message which made me feel rather nostalgic. Among the usual maldocs, ZIPs and ACEs, there was also an e mail carrying an XXE file in its...
Read MoreI’m still hunting for interesting (read: “malicious”) Python samples. By reading my previous diaries, you know that I like to find how attackers implement obfuscation and evasion techniques. Like yesterday, I...
Read More